Linux Kernel  3.7.1
 All Data Structures Namespaces Files Functions Variables Typedefs Enumerations Enumerator Macros Groups Pages
tty_io.c
Go to the documentation of this file.
1 /*
2  * Copyright (C) 1991, 1992 Linus Torvalds
3  */
4 
5 /*
6  * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
7  * or rs-channels. It also implements echoing, cooked mode etc.
8  *
9  * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
10  *
11  * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
12  * tty_struct and tty_queue structures. Previously there was an array
13  * of 256 tty_struct's which was statically allocated, and the
14  * tty_queue structures were allocated at boot time. Both are now
15  * dynamically allocated only when the tty is open.
16  *
17  * Also restructured routines so that there is more of a separation
18  * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
19  * the low-level tty routines (serial.c, pty.c, console.c). This
20  * makes for cleaner and more compact code. -TYT, 9/17/92
21  *
22  * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
23  * which can be dynamically activated and de-activated by the line
24  * discipline handling modules (like SLIP).
25  *
26  * NOTE: pay no attention to the line discipline code (yet); its
27  * interface is still subject to change in this version...
28  * -- TYT, 1/31/92
29  *
30  * Added functionality to the OPOST tty handling. No delays, but all
31  * other bits should be there.
32  * -- Nick Holloway <[email protected]>, 27th May 1993.
33  *
34  * Rewrote canonical mode and added more termios flags.
35  * -- [email protected] (J. Cowley), 13Jan94
36  *
37  * Reorganized FASYNC support so mouse code can share it.
38  * -- [email protected], 9Sep95
39  *
40  * New TIOCLINUX variants added.
41  * -- [email protected], 19-Nov-95
42  *
43  * Restrict vt switching via ioctl()
44  * -- [email protected], 5-Dec-95
45  *
46  * Move console and virtual terminal code to more appropriate files,
47  * implement CONFIG_VT and generalize console device interface.
48  * -- Marko Kohtala <[email protected]>, March 97
49  *
50  * Rewrote tty_init_dev and tty_release_dev to eliminate races.
51  * -- Bill Hawes <[email protected]>, June 97
52  *
53  * Added devfs support.
54  * -- C. Scott Ananian <[email protected]>, 13-Jan-1998
55  *
56  * Added support for a Unix98-style ptmx device.
57  * -- C. Scott Ananian <[email protected]>, 14-Jan-1998
58  *
59  * Reduced memory usage for older ARM systems
60  * -- Russell King <[email protected]>
61  *
62  * Move do_SAK() into process context. Less stack use in devfs functions.
63  * alloc_tty_struct() always uses kmalloc()
64  * -- Andrew Morton <[email protected]> 17Mar01
65  */
66 
67 #include <linux/types.h>
68 #include <linux/major.h>
69 #include <linux/errno.h>
70 #include <linux/signal.h>
71 #include <linux/fcntl.h>
72 #include <linux/sched.h>
73 #include <linux/interrupt.h>
74 #include <linux/tty.h>
75 #include <linux/tty_driver.h>
76 #include <linux/tty_flip.h>
77 #include <linux/devpts_fs.h>
78 #include <linux/file.h>
79 #include <linux/fdtable.h>
80 #include <linux/console.h>
81 #include <linux/timer.h>
82 #include <linux/ctype.h>
83 #include <linux/kd.h>
84 #include <linux/mm.h>
85 #include <linux/string.h>
86 #include <linux/slab.h>
87 #include <linux/poll.h>
88 #include <linux/proc_fs.h>
89 #include <linux/init.h>
90 #include <linux/module.h>
91 #include <linux/device.h>
92 #include <linux/wait.h>
93 #include <linux/bitops.h>
94 #include <linux/delay.h>
95 #include <linux/seq_file.h>
96 #include <linux/serial.h>
97 #include <linux/ratelimit.h>
98 
99 #include <linux/uaccess.h>
100 
101 #include <linux/kbd_kern.h>
102 #include <linux/vt_kern.h>
103 #include <linux/selection.h>
104 
105 #include <linux/kmod.h>
106 #include <linux/nsproxy.h>
107 
108 #undef TTY_DEBUG_HANGUP
109 
110 #define TTY_PARANOIA_CHECK 1
111 #define CHECK_TTY_COUNT 1
112 
113 struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
114  .c_iflag = ICRNL | IXON,
115  .c_oflag = OPOST | ONLCR,
116  .c_cflag = B38400 | CS8 | CREAD | HUPCL,
117  .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
118  ECHOCTL | ECHOKE | IEXTEN,
119  .c_cc = INIT_C_CC,
120  .c_ispeed = 38400,
121  .c_ospeed = 38400
122 };
123 
124 EXPORT_SYMBOL(tty_std_termios);
125 
126 /* This list gets poked at by procfs and various bits of boot up code. This
127  could do with some rationalisation such as pulling the tty proc function
128  into this file */
129 
130 LIST_HEAD(tty_drivers); /* linked list of tty drivers */
131 
132 /* Mutex to protect creating and releasing a tty. This is shared with
133  vt.c for deeply disgusting hack reasons */
134 DEFINE_MUTEX(tty_mutex);
135 EXPORT_SYMBOL(tty_mutex);
136 
137 /* Spinlock to protect the tty->tty_files list */
138 DEFINE_SPINLOCK(tty_files_lock);
139 
140 static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
141 static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
142 ssize_t redirected_tty_write(struct file *, const char __user *,
143  size_t, loff_t *);
144 static unsigned int tty_poll(struct file *, poll_table *);
145 static int tty_open(struct inode *, struct file *);
146 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
147 #ifdef CONFIG_COMPAT
148 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
149  unsigned long arg);
150 #else
151 #define tty_compat_ioctl NULL
152 #endif
153 static int __tty_fasync(int fd, struct file *filp, int on);
154 static int tty_fasync(int fd, struct file *filp, int on);
155 static void release_tty(struct tty_struct *tty, int idx);
156 static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
157 static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
158 
169 {
170  return kzalloc(sizeof(struct tty_struct), GFP_KERNEL);
171 }
172 
182 void free_tty_struct(struct tty_struct *tty)
183 {
184  if (!tty)
185  return;
186  if (tty->dev)
187  put_device(tty->dev);
188  kfree(tty->write_buf);
189  tty_buffer_free_all(tty);
190  tty->magic = 0xDEADDEAD;
191  kfree(tty);
192 }
193 
194 static inline struct tty_struct *file_tty(struct file *file)
195 {
196  return ((struct tty_file_private *)file->private_data)->tty;
197 }
198 
199 int tty_alloc_file(struct file *file)
200 {
201  struct tty_file_private *priv;
202 
203  priv = kmalloc(sizeof(*priv), GFP_KERNEL);
204  if (!priv)
205  return -ENOMEM;
206 
207  file->private_data = priv;
208 
209  return 0;
210 }
211 
212 /* Associate a new file with the tty structure */
213 void tty_add_file(struct tty_struct *tty, struct file *file)
214 {
215  struct tty_file_private *priv = file->private_data;
216 
217  priv->tty = tty;
218  priv->file = file;
219 
220  spin_lock(&tty_files_lock);
221  list_add(&priv->list, &tty->tty_files);
222  spin_unlock(&tty_files_lock);
223 }
224 
231 void tty_free_file(struct file *file)
232 {
233  struct tty_file_private *priv = file->private_data;
234 
235  file->private_data = NULL;
236  kfree(priv);
237 }
238 
239 /* Delete file from its tty */
240 void tty_del_file(struct file *file)
241 {
242  struct tty_file_private *priv = file->private_data;
243 
244  spin_lock(&tty_files_lock);
245  list_del(&priv->list);
246  spin_unlock(&tty_files_lock);
247  tty_free_file(file);
248 }
249 
250 
251 #define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
252 
264 char *tty_name(struct tty_struct *tty, char *buf)
265 {
266  if (!tty) /* Hmm. NULL pointer. That's fun. */
267  strcpy(buf, "NULL tty");
268  else
269  strcpy(buf, tty->name);
270  return buf;
271 }
272 
274 
276  const char *routine)
277 {
278 #ifdef TTY_PARANOIA_CHECK
279  if (!tty) {
281  "null TTY for (%d:%d) in %s\n",
282  imajor(inode), iminor(inode), routine);
283  return 1;
284  }
285  if (tty->magic != TTY_MAGIC) {
287  "bad magic number for tty struct (%d:%d) in %s\n",
288  imajor(inode), iminor(inode), routine);
289  return 1;
290  }
291 #endif
292  return 0;
293 }
294 
295 static int check_tty_count(struct tty_struct *tty, const char *routine)
296 {
297 #ifdef CHECK_TTY_COUNT
298  struct list_head *p;
299  int count = 0;
300 
301  spin_lock(&tty_files_lock);
302  list_for_each(p, &tty->tty_files) {
303  count++;
304  }
305  spin_unlock(&tty_files_lock);
306  if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
307  tty->driver->subtype == PTY_TYPE_SLAVE &&
308  tty->link && tty->link->count)
309  count++;
310  if (tty->count != count) {
311  printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
312  "!= #fd's(%d) in %s\n",
313  tty->name, tty->count, count, routine);
314  return count;
315  }
316 #endif
317  return 0;
318 }
319 
331 static struct tty_driver *get_tty_driver(dev_t device, int *index)
332 {
333  struct tty_driver *p;
334 
336  dev_t base = MKDEV(p->major, p->minor_start);
337  if (device < base || device >= base + p->num)
338  continue;
339  *index = device - base;
340  return tty_driver_kref_get(p);
341  }
342  return NULL;
343 }
344 
345 #ifdef CONFIG_CONSOLE_POLL
346 
356 struct tty_driver *tty_find_polling_driver(char *name, int *line)
357 {
358  struct tty_driver *p, *res = NULL;
359  int tty_line = 0;
360  int len;
361  char *str, *stp;
362 
363  for (str = name; *str; str++)
364  if ((*str >= '0' && *str <= '9') || *str == ',')
365  break;
366  if (!*str)
367  return NULL;
368 
369  len = str - name;
370  tty_line = simple_strtoul(str, &str, 10);
371 
372  mutex_lock(&tty_mutex);
373  /* Search through the tty devices to look for a match */
375  if (strncmp(name, p->name, len) != 0)
376  continue;
377  stp = str;
378  if (*stp == ',')
379  stp++;
380  if (*stp == '\0')
381  stp = NULL;
382 
383  if (tty_line >= 0 && tty_line < p->num && p->ops &&
384  p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) {
385  res = tty_driver_kref_get(p);
386  *line = tty_line;
387  break;
388  }
389  }
390  mutex_unlock(&tty_mutex);
391 
392  return res;
393 }
395 #endif
396 
408 int tty_check_change(struct tty_struct *tty)
409 {
410  unsigned long flags;
411  int ret = 0;
412 
413  if (current->signal->tty != tty)
414  return 0;
415 
416  spin_lock_irqsave(&tty->ctrl_lock, flags);
417 
418  if (!tty->pgrp) {
419  printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n");
420  goto out_unlock;
421  }
422  if (task_pgrp(current) == tty->pgrp)
423  goto out_unlock;
424  spin_unlock_irqrestore(&tty->ctrl_lock, flags);
425  if (is_ignored(SIGTTOU))
426  goto out;
427  if (is_current_pgrp_orphaned()) {
428  ret = -EIO;
429  goto out;
430  }
431  kill_pgrp(task_pgrp(current), SIGTTOU, 1);
432  set_thread_flag(TIF_SIGPENDING);
433  ret = -ERESTARTSYS;
434 out:
435  return ret;
436 out_unlock:
437  spin_unlock_irqrestore(&tty->ctrl_lock, flags);
438  return ret;
439 }
440 
442 
443 static ssize_t hung_up_tty_read(struct file *file, char __user *buf,
444  size_t count, loff_t *ppos)
445 {
446  return 0;
447 }
448 
449 static ssize_t hung_up_tty_write(struct file *file, const char __user *buf,
450  size_t count, loff_t *ppos)
451 {
452  return -EIO;
453 }
454 
455 /* No kernel lock held - none needed ;) */
456 static unsigned int hung_up_tty_poll(struct file *filp, poll_table *wait)
457 {
459 }
460 
461 static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
462  unsigned long arg)
463 {
464  return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
465 }
466 
467 static long hung_up_tty_compat_ioctl(struct file *file,
468  unsigned int cmd, unsigned long arg)
469 {
470  return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
471 }
472 
473 static const struct file_operations tty_fops = {
474  .llseek = no_llseek,
475  .read = tty_read,
476  .write = tty_write,
477  .poll = tty_poll,
478  .unlocked_ioctl = tty_ioctl,
479  .compat_ioctl = tty_compat_ioctl,
480  .open = tty_open,
481  .release = tty_release,
482  .fasync = tty_fasync,
483 };
484 
485 static const struct file_operations console_fops = {
486  .llseek = no_llseek,
487  .read = tty_read,
488  .write = redirected_tty_write,
489  .poll = tty_poll,
490  .unlocked_ioctl = tty_ioctl,
491  .compat_ioctl = tty_compat_ioctl,
492  .open = tty_open,
493  .release = tty_release,
494  .fasync = tty_fasync,
495 };
496 
497 static const struct file_operations hung_up_tty_fops = {
498  .llseek = no_llseek,
499  .read = hung_up_tty_read,
500  .write = hung_up_tty_write,
501  .poll = hung_up_tty_poll,
502  .unlocked_ioctl = hung_up_tty_ioctl,
503  .compat_ioctl = hung_up_tty_compat_ioctl,
504  .release = tty_release,
505 };
506 
507 static DEFINE_SPINLOCK(redirect_lock);
508 static struct file *redirect;
509 
519 void tty_wakeup(struct tty_struct *tty)
520 {
521  struct tty_ldisc *ld;
522 
523  if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
524  ld = tty_ldisc_ref(tty);
525  if (ld) {
526  if (ld->ops->write_wakeup)
527  ld->ops->write_wakeup(tty);
528  tty_ldisc_deref(ld);
529  }
530  }
532 }
533 
535 
558 void __tty_hangup(struct tty_struct *tty)
559 {
560  struct file *cons_filp = NULL;
561  struct file *filp, *f = NULL;
562  struct task_struct *p;
563  struct tty_file_private *priv;
564  int closecount = 0, n;
565  unsigned long flags;
566  int refs = 0;
567 
568  if (!tty)
569  return;
570 
571 
572  spin_lock(&redirect_lock);
573  if (redirect && file_tty(redirect) == tty) {
574  f = redirect;
575  redirect = NULL;
576  }
577  spin_unlock(&redirect_lock);
578 
579  tty_lock(tty);
580 
581  /* some functions below drop BTM, so we need this bit */
582  set_bit(TTY_HUPPING, &tty->flags);
583 
584  /* inuse_filps is protected by the single tty lock,
585  this really needs to change if we want to flush the
586  workqueue with the lock held */
587  check_tty_count(tty, "tty_hangup");
588 
589  spin_lock(&tty_files_lock);
590  /* This breaks for file handles being sent over AF_UNIX sockets ? */
591  list_for_each_entry(priv, &tty->tty_files, list) {
592  filp = priv->file;
593  if (filp->f_op->write == redirected_tty_write)
594  cons_filp = filp;
595  if (filp->f_op->write != tty_write)
596  continue;
597  closecount++;
598  __tty_fasync(-1, filp, 0); /* can't block */
599  filp->f_op = &hung_up_tty_fops;
600  }
601  spin_unlock(&tty_files_lock);
602 
603  /*
604  * it drops BTM and thus races with reopen
605  * we protect the race by TTY_HUPPING
606  */
607  tty_ldisc_hangup(tty);
608 
610  if (tty->session) {
612  spin_lock_irq(&p->sighand->siglock);
613  if (p->signal->tty == tty) {
614  p->signal->tty = NULL;
615  /* We defer the dereferences outside fo
616  the tasklist lock */
617  refs++;
618  }
619  if (!p->signal->leader) {
620  spin_unlock_irq(&p->sighand->siglock);
621  continue;
622  }
625  put_pid(p->signal->tty_old_pgrp); /* A noop */
626  spin_lock_irqsave(&tty->ctrl_lock, flags);
627  if (tty->pgrp)
628  p->signal->tty_old_pgrp = get_pid(tty->pgrp);
629  spin_unlock_irqrestore(&tty->ctrl_lock, flags);
630  spin_unlock_irq(&p->sighand->siglock);
632  }
634 
635  spin_lock_irqsave(&tty->ctrl_lock, flags);
636  clear_bit(TTY_THROTTLED, &tty->flags);
637  clear_bit(TTY_PUSH, &tty->flags);
639  put_pid(tty->session);
640  put_pid(tty->pgrp);
641  tty->session = NULL;
642  tty->pgrp = NULL;
643  tty->ctrl_status = 0;
644  spin_unlock_irqrestore(&tty->ctrl_lock, flags);
645 
646  /* Account for the p->signal references we killed */
647  while (refs--)
648  tty_kref_put(tty);
649 
650  /*
651  * If one of the devices matches a console pointer, we
652  * cannot just call hangup() because that will cause
653  * tty->count and state->count to go out of sync.
654  * So we just call close() the right number of times.
655  */
656  if (cons_filp) {
657  if (tty->ops->close)
658  for (n = 0; n < closecount; n++)
659  tty->ops->close(tty, cons_filp);
660  } else if (tty->ops->hangup)
661  (tty->ops->hangup)(tty);
662  /*
663  * We don't want to have driver/ldisc interactions beyond
664  * the ones we did here. The driver layer expects no
665  * calls after ->hangup() from the ldisc side. However we
666  * can't yet guarantee all that.
667  */
668  set_bit(TTY_HUPPED, &tty->flags);
669  clear_bit(TTY_HUPPING, &tty->flags);
670  tty_ldisc_enable(tty);
671 
672  tty_unlock(tty);
673 
674  if (f)
675  fput(f);
676 }
677 
678 static void do_tty_hangup(struct work_struct *work)
679 {
680  struct tty_struct *tty =
681  container_of(work, struct tty_struct, hangup_work);
682 
683  __tty_hangup(tty);
684 }
685 
694 void tty_hangup(struct tty_struct *tty)
695 {
696 #ifdef TTY_DEBUG_HANGUP
697  char buf[64];
698  printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
699 #endif
700  schedule_work(&tty->hangup_work);
701 }
702 
704 
714 void tty_vhangup(struct tty_struct *tty)
715 {
716 #ifdef TTY_DEBUG_HANGUP
717  char buf[64];
718 
719  printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
720 #endif
721  __tty_hangup(tty);
722 }
723 
725 
726 
734 {
735  struct tty_struct *tty;
736 
737  tty = get_current_tty();
738  if (tty) {
739  tty_vhangup(tty);
740  tty_kref_put(tty);
741  }
742 }
743 
752 int tty_hung_up_p(struct file *filp)
753 {
754  return (filp->f_op == &hung_up_tty_fops);
755 }
756 
758 
759 static void session_clear_tty(struct pid *session)
760 {
761  struct task_struct *p;
762  do_each_pid_task(session, PIDTYPE_SID, p) {
763  proc_clear_tty(p);
764  } while_each_pid_task(session, PIDTYPE_SID, p);
765 }
766 
792 void disassociate_ctty(int on_exit)
793 {
794  struct tty_struct *tty;
795 
796  if (!current->signal->leader)
797  return;
798 
799  tty = get_current_tty();
800  if (tty) {
801  struct pid *tty_pgrp = get_pid(tty->pgrp);
802  if (on_exit) {
803  if (tty->driver->type != TTY_DRIVER_TYPE_PTY)
804  tty_vhangup(tty);
805  }
806  tty_kref_put(tty);
807  if (tty_pgrp) {
808  kill_pgrp(tty_pgrp, SIGHUP, on_exit);
809  if (!on_exit)
810  kill_pgrp(tty_pgrp, SIGCONT, on_exit);
811  put_pid(tty_pgrp);
812  }
813  } else if (on_exit) {
814  struct pid *old_pgrp;
815  spin_lock_irq(&current->sighand->siglock);
816  old_pgrp = current->signal->tty_old_pgrp;
817  current->signal->tty_old_pgrp = NULL;
818  spin_unlock_irq(&current->sighand->siglock);
819  if (old_pgrp) {
820  kill_pgrp(old_pgrp, SIGHUP, on_exit);
821  kill_pgrp(old_pgrp, SIGCONT, on_exit);
822  put_pid(old_pgrp);
823  }
824  return;
825  }
826 
827  spin_lock_irq(&current->sighand->siglock);
828  put_pid(current->signal->tty_old_pgrp);
829  current->signal->tty_old_pgrp = NULL;
830  spin_unlock_irq(&current->sighand->siglock);
831 
832  tty = get_current_tty();
833  if (tty) {
834  unsigned long flags;
835  spin_lock_irqsave(&tty->ctrl_lock, flags);
836  put_pid(tty->session);
837  put_pid(tty->pgrp);
838  tty->session = NULL;
839  tty->pgrp = NULL;
840  spin_unlock_irqrestore(&tty->ctrl_lock, flags);
841  tty_kref_put(tty);
842  } else {
843 #ifdef TTY_DEBUG_HANGUP
844  printk(KERN_DEBUG "error attempted to write to tty [0x%p]"
845  " = NULL", tty);
846 #endif
847  }
848 
849  /* Now clear signal->tty under the lock */
851  session_clear_tty(task_session(current));
853 }
854 
859 void no_tty(void)
860 {
861  /* FIXME: Review locking here. The tty_lock never covered any race
862  between a new association and proc_clear_tty but possible we need
863  to protect against this anyway */
864  struct task_struct *tsk = current;
866  proc_clear_tty(tsk);
867 }
868 
869 
888 void stop_tty(struct tty_struct *tty)
889 {
890  unsigned long flags;
891  spin_lock_irqsave(&tty->ctrl_lock, flags);
892  if (tty->stopped) {
893  spin_unlock_irqrestore(&tty->ctrl_lock, flags);
894  return;
895  }
896  tty->stopped = 1;
897  if (tty->link && tty->link->packet) {
898  tty->ctrl_status &= ~TIOCPKT_START;
899  tty->ctrl_status |= TIOCPKT_STOP;
900  wake_up_interruptible_poll(&tty->link->read_wait, POLLIN);
901  }
902  spin_unlock_irqrestore(&tty->ctrl_lock, flags);
903  if (tty->ops->stop)
904  (tty->ops->stop)(tty);
905 }
906 
908 
922 void start_tty(struct tty_struct *tty)
923 {
924  unsigned long flags;
925  spin_lock_irqsave(&tty->ctrl_lock, flags);
926  if (!tty->stopped || tty->flow_stopped) {
927  spin_unlock_irqrestore(&tty->ctrl_lock, flags);
928  return;
929  }
930  tty->stopped = 0;
931  if (tty->link && tty->link->packet) {
932  tty->ctrl_status &= ~TIOCPKT_STOP;
933  tty->ctrl_status |= TIOCPKT_START;
934  wake_up_interruptible_poll(&tty->link->read_wait, POLLIN);
935  }
936  spin_unlock_irqrestore(&tty->ctrl_lock, flags);
937  if (tty->ops->start)
938  (tty->ops->start)(tty);
939  /* If we have a running line discipline it may need kicking */
940  tty_wakeup(tty);
941 }
942 
944 
960 static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
961  loff_t *ppos)
962 {
963  int i;
964  struct inode *inode = file->f_path.dentry->d_inode;
965  struct tty_struct *tty = file_tty(file);
966  struct tty_ldisc *ld;
967 
968  if (tty_paranoia_check(tty, inode, "tty_read"))
969  return -EIO;
970  if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
971  return -EIO;
972 
973  /* We want to wait for the line discipline to sort out in this
974  situation */
975  ld = tty_ldisc_ref_wait(tty);
976  if (ld->ops->read)
977  i = (ld->ops->read)(tty, file, buf, count);
978  else
979  i = -EIO;
980  tty_ldisc_deref(ld);
981  if (i > 0)
982  inode->i_atime = current_fs_time(inode->i_sb);
983  return i;
984 }
985 
986 void tty_write_unlock(struct tty_struct *tty)
988 {
991 }
992 
993 int tty_write_lock(struct tty_struct *tty, int ndelay)
995 {
996  if (!mutex_trylock(&tty->atomic_write_lock)) {
997  if (ndelay)
998  return -EAGAIN;
1000  return -ERESTARTSYS;
1001  }
1002  return 0;
1003 }
1004 
1005 /*
1006  * Split writes up in sane blocksizes to avoid
1007  * denial-of-service type attacks
1008  */
1009 static inline ssize_t do_tty_write(
1010  ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1011  struct tty_struct *tty,
1012  struct file *file,
1013  const char __user *buf,
1014  size_t count)
1015 {
1016  ssize_t ret, written = 0;
1017  unsigned int chunk;
1018 
1019  ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
1020  if (ret < 0)
1021  return ret;
1022 
1023  /*
1024  * We chunk up writes into a temporary buffer. This
1025  * simplifies low-level drivers immensely, since they
1026  * don't have locking issues and user mode accesses.
1027  *
1028  * But if TTY_NO_WRITE_SPLIT is set, we should use a
1029  * big chunk-size..
1030  *
1031  * The default chunk-size is 2kB, because the NTTY
1032  * layer has problems with bigger chunks. It will
1033  * claim to be able to handle more characters than
1034  * it actually does.
1035  *
1036  * FIXME: This can probably go away now except that 64K chunks
1037  * are too likely to fail unless switched to vmalloc...
1038  */
1039  chunk = 2048;
1040  if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1041  chunk = 65536;
1042  if (count < chunk)
1043  chunk = count;
1044 
1045  /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1046  if (tty->write_cnt < chunk) {
1047  unsigned char *buf_chunk;
1048 
1049  if (chunk < 1024)
1050  chunk = 1024;
1051 
1052  buf_chunk = kmalloc(chunk, GFP_KERNEL);
1053  if (!buf_chunk) {
1054  ret = -ENOMEM;
1055  goto out;
1056  }
1057  kfree(tty->write_buf);
1058  tty->write_cnt = chunk;
1059  tty->write_buf = buf_chunk;
1060  }
1061 
1062  /* Do the write .. */
1063  for (;;) {
1064  size_t size = count;
1065  if (size > chunk)
1066  size = chunk;
1067  ret = -EFAULT;
1068  if (copy_from_user(tty->write_buf, buf, size))
1069  break;
1070  ret = write(tty, file, tty->write_buf, size);
1071  if (ret <= 0)
1072  break;
1073  written += ret;
1074  buf += ret;
1075  count -= ret;
1076  if (!count)
1077  break;
1078  ret = -ERESTARTSYS;
1079  if (signal_pending(current))
1080  break;
1081  cond_resched();
1082  }
1083  if (written) {
1084  struct inode *inode = file->f_path.dentry->d_inode;
1085  inode->i_mtime = current_fs_time(inode->i_sb);
1086  ret = written;
1087  }
1088 out:
1089  tty_write_unlock(tty);
1090  return ret;
1091 }
1092 
1105 void tty_write_message(struct tty_struct *tty, char *msg)
1106 {
1107  if (tty) {
1109  tty_lock(tty);
1110  if (tty->ops->write && !test_bit(TTY_CLOSING, &tty->flags)) {
1111  tty_unlock(tty);
1112  tty->ops->write(tty, msg, strlen(msg));
1113  } else
1114  tty_unlock(tty);
1115  tty_write_unlock(tty);
1116  }
1117  return;
1118 }
1119 
1120 
1137 static ssize_t tty_write(struct file *file, const char __user *buf,
1138  size_t count, loff_t *ppos)
1139 {
1140  struct inode *inode = file->f_path.dentry->d_inode;
1141  struct tty_struct *tty = file_tty(file);
1142  struct tty_ldisc *ld;
1143  ssize_t ret;
1144 
1145  if (tty_paranoia_check(tty, inode, "tty_write"))
1146  return -EIO;
1147  if (!tty || !tty->ops->write ||
1148  (test_bit(TTY_IO_ERROR, &tty->flags)))
1149  return -EIO;
1150  /* Short term debug to catch buggy drivers */
1151  if (tty->ops->write_room == NULL)
1152  printk(KERN_ERR "tty driver %s lacks a write_room method.\n",
1153  tty->driver->name);
1154  ld = tty_ldisc_ref_wait(tty);
1155  if (!ld->ops->write)
1156  ret = -EIO;
1157  else
1158  ret = do_tty_write(ld->ops->write, tty, file, buf, count);
1159  tty_ldisc_deref(ld);
1160  return ret;
1161 }
1162 
1163 ssize_t redirected_tty_write(struct file *file, const char __user *buf,
1164  size_t count, loff_t *ppos)
1165 {
1166  struct file *p = NULL;
1167 
1168  spin_lock(&redirect_lock);
1169  if (redirect)
1170  p = get_file(redirect);
1171  spin_unlock(&redirect_lock);
1172 
1173  if (p) {
1174  ssize_t res;
1175  res = vfs_write(p, buf, count, &p->f_pos);
1176  fput(p);
1177  return res;
1178  }
1179  return tty_write(file, buf, count, ppos);
1180 }
1181 
1182 static char ptychar[] = "pqrstuvwxyzabcde";
1183 
1195 static void pty_line_name(struct tty_driver *driver, int index, char *p)
1196 {
1197  int i = index + driver->name_base;
1198  /* ->name is initialized to "ttyp", but "tty" is expected */
1199  sprintf(p, "%s%c%x",
1200  driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1201  ptychar[i >> 4 & 0xf], i & 0xf);
1202 }
1203 
1215 static void tty_line_name(struct tty_driver *driver, int index, char *p)
1216 {
1217  if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE)
1218  strcpy(p, driver->name);
1219  else
1220  sprintf(p, "%s%d", driver->name, index + driver->name_base);
1221 }
1222 
1234 static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver,
1235  struct inode *inode, int idx)
1236 {
1237  if (driver->ops->lookup)
1238  return driver->ops->lookup(driver, inode, idx);
1239 
1240  return driver->ttys[idx];
1241 }
1242 
1252 {
1253  struct ktermios *tp;
1254  int idx = tty->index;
1255 
1256  if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1257  tty->termios = tty->driver->init_termios;
1258  else {
1259  /* Check for lazy saved data */
1260  tp = tty->driver->termios[idx];
1261  if (tp != NULL)
1262  tty->termios = *tp;
1263  else
1264  tty->termios = tty->driver->init_termios;
1265  }
1266  /* Compatibility until drivers always set this */
1267  tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios);
1268  tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios);
1269  return 0;
1270 }
1272 
1273 int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty)
1274 {
1275  int ret = tty_init_termios(tty);
1276  if (ret)
1277  return ret;
1278 
1279  tty_driver_kref_get(driver);
1280  tty->count++;
1281  driver->ttys[tty->index] = tty;
1282  return 0;
1283 }
1285 
1298 static int tty_driver_install_tty(struct tty_driver *driver,
1299  struct tty_struct *tty)
1300 {
1301  return driver->ops->install ? driver->ops->install(driver, tty) :
1302  tty_standard_install(driver, tty);
1303 }
1304 
1315 void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty)
1316 {
1317  if (driver->ops->remove)
1318  driver->ops->remove(driver, tty);
1319  else
1320  driver->ttys[tty->index] = NULL;
1321 }
1322 
1323 /*
1324  * tty_reopen() - fast re-open of an open tty
1325  * @tty - the tty to open
1326  *
1327  * Return 0 on success, -errno on error.
1328  *
1329  * Locking: tty_mutex must be held from the time the tty was found
1330  * till this open completes.
1331  */
1332 static int tty_reopen(struct tty_struct *tty)
1333 {
1334  struct tty_driver *driver = tty->driver;
1335 
1336  if (test_bit(TTY_CLOSING, &tty->flags) ||
1337  test_bit(TTY_HUPPING, &tty->flags) ||
1339  return -EIO;
1340 
1341  if (driver->type == TTY_DRIVER_TYPE_PTY &&
1342  driver->subtype == PTY_TYPE_MASTER) {
1343  /*
1344  * special case for PTY masters: only one open permitted,
1345  * and the slave side open count is incremented as well.
1346  */
1347  if (tty->count)
1348  return -EIO;
1349 
1350  tty->link->count++;
1351  }
1352  tty->count++;
1353 
1354  mutex_lock(&tty->ldisc_mutex);
1355  WARN_ON(!test_bit(TTY_LDISC, &tty->flags));
1356  mutex_unlock(&tty->ldisc_mutex);
1357 
1358  return 0;
1359 }
1360 
1385 struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx)
1386 {
1387  struct tty_struct *tty;
1388  int retval;
1389 
1390  /*
1391  * First time open is complex, especially for PTY devices.
1392  * This code guarantees that either everything succeeds and the
1393  * TTY is ready for operation, or else the table slots are vacated
1394  * and the allocated memory released. (Except that the termios
1395  * and locked termios may be retained.)
1396  */
1397 
1398  if (!try_module_get(driver->owner))
1399  return ERR_PTR(-ENODEV);
1400 
1401  tty = alloc_tty_struct();
1402  if (!tty) {
1403  retval = -ENOMEM;
1404  goto err_module_put;
1405  }
1406  initialize_tty_struct(tty, driver, idx);
1407 
1408  tty_lock(tty);
1409  retval = tty_driver_install_tty(driver, tty);
1410  if (retval < 0)
1411  goto err_deinit_tty;
1412 
1413  if (!tty->port)
1414  tty->port = driver->ports[idx];
1415 
1416  WARN_RATELIMIT(!tty->port,
1417  "%s: %s driver does not set tty->port. This will crash the kernel later. Fix the driver!\n",
1418  __func__, tty->driver->name);
1419 
1420  /*
1421  * Structures all installed ... call the ldisc open routines.
1422  * If we fail here just call release_tty to clean up. No need
1423  * to decrement the use counts, as release_tty doesn't care.
1424  */
1425  retval = tty_ldisc_setup(tty, tty->link);
1426  if (retval)
1427  goto err_release_tty;
1428  /* Return the tty locked so that it cannot vanish under the caller */
1429  return tty;
1430 
1431 err_deinit_tty:
1432  tty_unlock(tty);
1434  free_tty_struct(tty);
1435 err_module_put:
1436  module_put(driver->owner);
1437  return ERR_PTR(retval);
1438 
1439  /* call the tty release_tty routine to clean out this slot */
1440 err_release_tty:
1441  tty_unlock(tty);
1442  printk_ratelimited(KERN_INFO "tty_init_dev: ldisc open failed, "
1443  "clearing slot %d\n", idx);
1444  release_tty(tty, idx);
1445  return ERR_PTR(retval);
1446 }
1447 
1448 void tty_free_termios(struct tty_struct *tty)
1449 {
1450  struct ktermios *tp;
1451  int idx = tty->index;
1452 
1453  /* If the port is going to reset then it has no termios to save */
1454  if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1455  return;
1456 
1457  /* Stash the termios data */
1458  tp = tty->driver->termios[idx];
1459  if (tp == NULL) {
1460  tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
1461  if (tp == NULL) {
1462  pr_warn("tty: no memory to save termios state.\n");
1463  return;
1464  }
1465  tty->driver->termios[idx] = tp;
1466  }
1467  *tp = tty->termios;
1468 }
1470 
1471 
1487 static void release_one_tty(struct work_struct *work)
1488 {
1489  struct tty_struct *tty =
1490  container_of(work, struct tty_struct, hangup_work);
1491  struct tty_driver *driver = tty->driver;
1492 
1493  if (tty->ops->cleanup)
1494  tty->ops->cleanup(tty);
1495 
1496  tty->magic = 0;
1497  tty_driver_kref_put(driver);
1498  module_put(driver->owner);
1499 
1500  spin_lock(&tty_files_lock);
1501  list_del_init(&tty->tty_files);
1502  spin_unlock(&tty_files_lock);
1503 
1504  put_pid(tty->pgrp);
1505  put_pid(tty->session);
1506  free_tty_struct(tty);
1507 }
1508 
1509 static void queue_release_one_tty(struct kref *kref)
1510 {
1511  struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
1512 
1513  /* The hangup queue is now free so we can reuse it rather than
1514  waste a chunk of memory for each port */
1515  INIT_WORK(&tty->hangup_work, release_one_tty);
1516  schedule_work(&tty->hangup_work);
1517 }
1518 
1527 void tty_kref_put(struct tty_struct *tty)
1528 {
1529  if (tty)
1530  kref_put(&tty->kref, queue_release_one_tty);
1531 }
1533 
1546 static void release_tty(struct tty_struct *tty, int idx)
1547 {
1548  /* This should always be true but check for the moment */
1549  WARN_ON(tty->index != idx);
1550  WARN_ON(!mutex_is_locked(&tty_mutex));
1551  if (tty->ops->shutdown)
1552  tty->ops->shutdown(tty);
1553  tty_free_termios(tty);
1554  tty_driver_remove_tty(tty->driver, tty);
1555 
1556  if (tty->link)
1557  tty_kref_put(tty->link);
1558  tty_kref_put(tty);
1559 }
1560 
1570 static int tty_release_checks(struct tty_struct *tty, struct tty_struct *o_tty,
1571  int idx)
1572 {
1573 #ifdef TTY_PARANOIA_CHECK
1574  if (idx < 0 || idx >= tty->driver->num) {
1575  printk(KERN_DEBUG "%s: bad idx when trying to free (%s)\n",
1576  __func__, tty->name);
1577  return -1;
1578  }
1579 
1580  /* not much to check for devpts */
1581  if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)
1582  return 0;
1583 
1584  if (tty != tty->driver->ttys[idx]) {
1585  printk(KERN_DEBUG "%s: driver.table[%d] not tty for (%s)\n",
1586  __func__, idx, tty->name);
1587  return -1;
1588  }
1589  if (tty->driver->other) {
1590  if (o_tty != tty->driver->other->ttys[idx]) {
1591  printk(KERN_DEBUG "%s: other->table[%d] not o_tty for (%s)\n",
1592  __func__, idx, tty->name);
1593  return -1;
1594  }
1595  if (o_tty->link != tty) {
1596  printk(KERN_DEBUG "%s: bad pty pointers\n", __func__);
1597  return -1;
1598  }
1599  }
1600 #endif
1601  return 0;
1602 }
1603 
1623 int tty_release(struct inode *inode, struct file *filp)
1624 {
1625  struct tty_struct *tty = file_tty(filp);
1626  struct tty_struct *o_tty;
1627  int pty_master, tty_closing, o_tty_closing, do_sleep;
1628  int devpts;
1629  int idx;
1630  char buf[64];
1631 
1632  if (tty_paranoia_check(tty, inode, __func__))
1633  return 0;
1634 
1635  tty_lock(tty);
1636  check_tty_count(tty, __func__);
1637 
1638  __tty_fasync(-1, filp, 0);
1639 
1640  idx = tty->index;
1641  pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1642  tty->driver->subtype == PTY_TYPE_MASTER);
1643  devpts = (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) != 0;
1644  /* Review: parallel close */
1645  o_tty = tty->link;
1646 
1647  if (tty_release_checks(tty, o_tty, idx)) {
1648  tty_unlock(tty);
1649  return 0;
1650  }
1651 
1652 #ifdef TTY_DEBUG_HANGUP
1653  printk(KERN_DEBUG "%s: %s (tty count=%d)...\n", __func__,
1654  tty_name(tty, buf), tty->count);
1655 #endif
1656 
1657  if (tty->ops->close)
1658  tty->ops->close(tty, filp);
1659 
1660  tty_unlock(tty);
1661  /*
1662  * Sanity check: if tty->count is going to zero, there shouldn't be
1663  * any waiters on tty->read_wait or tty->write_wait. We test the
1664  * wait queues and kick everyone out _before_ actually starting to
1665  * close. This ensures that we won't block while releasing the tty
1666  * structure.
1667  *
1668  * The test for the o_tty closing is necessary, since the master and
1669  * slave sides may close in any order. If the slave side closes out
1670  * first, its count will be one, since the master side holds an open.
1671  * Thus this test wouldn't be triggered at the time the slave closes,
1672  * so we do it now.
1673  *
1674  * Note that it's possible for the tty to be opened again while we're
1675  * flushing out waiters. By recalculating the closing flags before
1676  * each iteration we avoid any problems.
1677  */
1678  while (1) {
1679  /* Guard against races with tty->count changes elsewhere and
1680  opens on /dev/tty */
1681 
1683  tty_lock_pair(tty, o_tty);
1684  tty_closing = tty->count <= 1;
1685  o_tty_closing = o_tty &&
1686  (o_tty->count <= (pty_master ? 1 : 0));
1687  do_sleep = 0;
1688 
1689  if (tty_closing) {
1690  if (waitqueue_active(&tty->read_wait)) {
1691  wake_up_poll(&tty->read_wait, POLLIN);
1692  do_sleep++;
1693  }
1694  if (waitqueue_active(&tty->write_wait)) {
1696  do_sleep++;
1697  }
1698  }
1699  if (o_tty_closing) {
1700  if (waitqueue_active(&o_tty->read_wait)) {
1701  wake_up_poll(&o_tty->read_wait, POLLIN);
1702  do_sleep++;
1703  }
1704  if (waitqueue_active(&o_tty->write_wait)) {
1705  wake_up_poll(&o_tty->write_wait, POLLOUT);
1706  do_sleep++;
1707  }
1708  }
1709  if (!do_sleep)
1710  break;
1711 
1712  printk(KERN_WARNING "%s: %s: read/write wait queue active!\n",
1713  __func__, tty_name(tty, buf));
1714  tty_unlock_pair(tty, o_tty);
1716  schedule();
1717  }
1718 
1719  /*
1720  * The closing flags are now consistent with the open counts on
1721  * both sides, and we've completed the last operation that could
1722  * block, so it's safe to proceed with closing.
1723  *
1724  * We must *not* drop the tty_mutex until we ensure that a further
1725  * entry into tty_open can not pick up this tty.
1726  */
1727  if (pty_master) {
1728  if (--o_tty->count < 0) {
1729  printk(KERN_WARNING "%s: bad pty slave count (%d) for %s\n",
1730  __func__, o_tty->count, tty_name(o_tty, buf));
1731  o_tty->count = 0;
1732  }
1733  }
1734  if (--tty->count < 0) {
1735  printk(KERN_WARNING "%s: bad tty->count (%d) for %s\n",
1736  __func__, tty->count, tty_name(tty, buf));
1737  tty->count = 0;
1738  }
1739 
1740  /*
1741  * We've decremented tty->count, so we need to remove this file
1742  * descriptor off the tty->tty_files list; this serves two
1743  * purposes:
1744  * - check_tty_count sees the correct number of file descriptors
1745  * associated with this tty.
1746  * - do_tty_hangup no longer sees this file descriptor as
1747  * something that needs to be handled for hangups.
1748  */
1749  tty_del_file(filp);
1750 
1751  /*
1752  * Perform some housekeeping before deciding whether to return.
1753  *
1754  * Set the TTY_CLOSING flag if this was the last open. In the
1755  * case of a pty we may have to wait around for the other side
1756  * to close, and TTY_CLOSING makes sure we can't be reopened.
1757  */
1758  if (tty_closing)
1759  set_bit(TTY_CLOSING, &tty->flags);
1760  if (o_tty_closing)
1761  set_bit(TTY_CLOSING, &o_tty->flags);
1762 
1763  /*
1764  * If _either_ side is closing, make sure there aren't any
1765  * processes that still think tty or o_tty is their controlling
1766  * tty.
1767  */
1768  if (tty_closing || o_tty_closing) {
1770  session_clear_tty(tty->session);
1771  if (o_tty)
1772  session_clear_tty(o_tty->session);
1774  }
1775 
1777  tty_unlock_pair(tty, o_tty);
1778  /* At this point the TTY_CLOSING flag should ensure a dead tty
1779  cannot be re-opened by a racing opener */
1780 
1781  /* check whether both sides are closing ... */
1782  if (!tty_closing || (o_tty && !o_tty_closing))
1783  return 0;
1784 
1785 #ifdef TTY_DEBUG_HANGUP
1786  printk(KERN_DEBUG "%s: freeing tty structure...\n", __func__);
1787 #endif
1788  /*
1789  * Ask the line discipline code to release its structures
1790  */
1791  tty_ldisc_release(tty, o_tty);
1792  /*
1793  * The release_tty function takes care of the details of clearing
1794  * the slots and preserving the termios structure. The tty_unlock_pair
1795  * should be safe as we keep a kref while the tty is locked (so the
1796  * unlock never unlocks a freed tty).
1797  */
1799  release_tty(tty, idx);
1801 
1802  /* Make this pty number available for reallocation */
1803  if (devpts)
1804  devpts_kill_index(inode, idx);
1805  return 0;
1806 }
1807 
1820 static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp)
1821 {
1822  struct tty_struct *tty;
1823 
1824  if (device != MKDEV(TTYAUX_MAJOR, 0))
1825  return NULL;
1826 
1827  tty = get_current_tty();
1828  if (!tty)
1829  return ERR_PTR(-ENXIO);
1830 
1831  filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
1832  /* noctty = 1; */
1833  tty_kref_put(tty);
1834  /* FIXME: we put a reference and return a TTY! */
1835  /* This is only safe because the caller holds tty_mutex */
1836  return tty;
1837 }
1838 
1852 static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp,
1853  int *noctty, int *index)
1854 {
1855  struct tty_driver *driver;
1856 
1857  switch (device) {
1858 #ifdef CONFIG_VT
1859  case MKDEV(TTY_MAJOR, 0): {
1860  extern struct tty_driver *console_driver;
1861  driver = tty_driver_kref_get(console_driver);
1862  *index = fg_console;
1863  *noctty = 1;
1864  break;
1865  }
1866 #endif
1867  case MKDEV(TTYAUX_MAJOR, 1): {
1868  struct tty_driver *console_driver = console_device(index);
1869  if (console_driver) {
1870  driver = tty_driver_kref_get(console_driver);
1871  if (driver) {
1872  /* Don't let /dev/console block */
1873  filp->f_flags |= O_NONBLOCK;
1874  *noctty = 1;
1875  break;
1876  }
1877  }
1878  return ERR_PTR(-ENODEV);
1879  }
1880  default:
1881  driver = get_tty_driver(device, index);
1882  if (!driver)
1883  return ERR_PTR(-ENODEV);
1884  break;
1885  }
1886  return driver;
1887 }
1888 
1913 static int tty_open(struct inode *inode, struct file *filp)
1914 {
1915  struct tty_struct *tty;
1916  int noctty, retval;
1917  struct tty_driver *driver = NULL;
1918  int index;
1919  dev_t device = inode->i_rdev;
1920  unsigned saved_flags = filp->f_flags;
1921 
1922  nonseekable_open(inode, filp);
1923 
1924 retry_open:
1925  retval = tty_alloc_file(filp);
1926  if (retval)
1927  return -ENOMEM;
1928 
1929  noctty = filp->f_flags & O_NOCTTY;
1930  index = -1;
1931  retval = 0;
1932 
1933  mutex_lock(&tty_mutex);
1934  /* This is protected by the tty_mutex */
1935  tty = tty_open_current_tty(device, filp);
1936  if (IS_ERR(tty)) {
1937  retval = PTR_ERR(tty);
1938  goto err_unlock;
1939  } else if (!tty) {
1940  driver = tty_lookup_driver(device, filp, &noctty, &index);
1941  if (IS_ERR(driver)) {
1942  retval = PTR_ERR(driver);
1943  goto err_unlock;
1944  }
1945 
1946  /* check whether we're reopening an existing tty */
1947  tty = tty_driver_lookup_tty(driver, inode, index);
1948  if (IS_ERR(tty)) {
1949  retval = PTR_ERR(tty);
1950  goto err_unlock;
1951  }
1952  }
1953 
1954  if (tty) {
1955  tty_lock(tty);
1956  retval = tty_reopen(tty);
1957  if (retval < 0) {
1958  tty_unlock(tty);
1959  tty = ERR_PTR(retval);
1960  }
1961  } else /* Returns with the tty_lock held for now */
1962  tty = tty_init_dev(driver, index);
1963 
1964  mutex_unlock(&tty_mutex);
1965  if (driver)
1966  tty_driver_kref_put(driver);
1967  if (IS_ERR(tty)) {
1968  retval = PTR_ERR(tty);
1969  goto err_file;
1970  }
1971 
1972  tty_add_file(tty, filp);
1973 
1974  check_tty_count(tty, __func__);
1975  if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1976  tty->driver->subtype == PTY_TYPE_MASTER)
1977  noctty = 1;
1978 #ifdef TTY_DEBUG_HANGUP
1979  printk(KERN_DEBUG "%s: opening %s...\n", __func__, tty->name);
1980 #endif
1981  if (tty->ops->open)
1982  retval = tty->ops->open(tty, filp);
1983  else
1984  retval = -ENODEV;
1985  filp->f_flags = saved_flags;
1986 
1987  if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) &&
1989  retval = -EBUSY;
1990 
1991  if (retval) {
1992 #ifdef TTY_DEBUG_HANGUP
1993  printk(KERN_DEBUG "%s: error %d in opening %s...\n", __func__,
1994  retval, tty->name);
1995 #endif
1996  tty_unlock(tty); /* need to call tty_release without BTM */
1997  tty_release(inode, filp);
1998  if (retval != -ERESTARTSYS)
1999  return retval;
2000 
2001  if (signal_pending(current))
2002  return retval;
2003 
2004  schedule();
2005  /*
2006  * Need to reset f_op in case a hangup happened.
2007  */
2008  if (filp->f_op == &hung_up_tty_fops)
2009  filp->f_op = &tty_fops;
2010  goto retry_open;
2011  }
2012  tty_unlock(tty);
2013 
2014 
2015  mutex_lock(&tty_mutex);
2016  tty_lock(tty);
2017  spin_lock_irq(&current->sighand->siglock);
2018  if (!noctty &&
2019  current->signal->leader &&
2020  !current->signal->tty &&
2021  tty->session == NULL)
2022  __proc_set_tty(current, tty);
2023  spin_unlock_irq(&current->sighand->siglock);
2024  tty_unlock(tty);
2025  mutex_unlock(&tty_mutex);
2026  return 0;
2027 err_unlock:
2028  mutex_unlock(&tty_mutex);
2029  /* after locks to avoid deadlock */
2030  if (!IS_ERR_OR_NULL(driver))
2031  tty_driver_kref_put(driver);
2032 err_file:
2033  tty_free_file(filp);
2034  return retval;
2035 }
2036 
2037 
2038 
2051 static unsigned int tty_poll(struct file *filp, poll_table *wait)
2052 {
2053  struct tty_struct *tty = file_tty(filp);
2054  struct tty_ldisc *ld;
2055  int ret = 0;
2056 
2057  if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_poll"))
2058  return 0;
2059 
2060  ld = tty_ldisc_ref_wait(tty);
2061  if (ld->ops->poll)
2062  ret = (ld->ops->poll)(tty, filp, wait);
2063  tty_ldisc_deref(ld);
2064  return ret;
2065 }
2066 
2067 static int __tty_fasync(int fd, struct file *filp, int on)
2068 {
2069  struct tty_struct *tty = file_tty(filp);
2070  unsigned long flags;
2071  int retval = 0;
2072 
2073  if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_fasync"))
2074  goto out;
2075 
2076  retval = fasync_helper(fd, filp, on, &tty->fasync);
2077  if (retval <= 0)
2078  goto out;
2079 
2080  if (on) {
2081  enum pid_type type;
2082  struct pid *pid;
2083  if (!waitqueue_active(&tty->read_wait))
2084  tty->minimum_to_wake = 1;
2085  spin_lock_irqsave(&tty->ctrl_lock, flags);
2086  if (tty->pgrp) {
2087  pid = tty->pgrp;
2088  type = PIDTYPE_PGID;
2089  } else {
2090  pid = task_pid(current);
2091  type = PIDTYPE_PID;
2092  }
2093  get_pid(pid);
2094  spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2095  retval = __f_setown(filp, pid, type, 0);
2096  put_pid(pid);
2097  if (retval)
2098  goto out;
2099  } else {
2100  if (!tty->fasync && !waitqueue_active(&tty->read_wait))
2102  }
2103  retval = 0;
2104 out:
2105  return retval;
2106 }
2107 
2108 static int tty_fasync(int fd, struct file *filp, int on)
2109 {
2110  struct tty_struct *tty = file_tty(filp);
2111  int retval;
2112 
2113  tty_lock(tty);
2114  retval = __tty_fasync(fd, filp, on);
2115  tty_unlock(tty);
2116 
2117  return retval;
2118 }
2119 
2137 static int tiocsti(struct tty_struct *tty, char __user *p)
2138 {
2139  char ch, mbz = 0;
2140  struct tty_ldisc *ld;
2141 
2142  if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2143  return -EPERM;
2144  if (get_user(ch, p))
2145  return -EFAULT;
2146  tty_audit_tiocsti(tty, ch);
2147  ld = tty_ldisc_ref_wait(tty);
2148  ld->ops->receive_buf(tty, &ch, &mbz, 1);
2149  tty_ldisc_deref(ld);
2150  return 0;
2151 }
2152 
2164 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2165 {
2166  int err;
2167 
2168  mutex_lock(&tty->termios_mutex);
2169  err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2170  mutex_unlock(&tty->termios_mutex);
2171 
2172  return err ? -EFAULT: 0;
2173 }
2174 
2185 int tty_do_resize(struct tty_struct *tty, struct winsize *ws)
2186 {
2187  struct pid *pgrp;
2188  unsigned long flags;
2189 
2190  /* Lock the tty */
2191  mutex_lock(&tty->termios_mutex);
2192  if (!memcmp(ws, &tty->winsize, sizeof(*ws)))
2193  goto done;
2194  /* Get the PID values and reference them so we can
2195  avoid holding the tty ctrl lock while sending signals */
2196  spin_lock_irqsave(&tty->ctrl_lock, flags);
2197  pgrp = get_pid(tty->pgrp);
2198  spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2199 
2200  if (pgrp)
2201  kill_pgrp(pgrp, SIGWINCH, 1);
2202  put_pid(pgrp);
2203 
2204  tty->winsize = *ws;
2205 done:
2206  mutex_unlock(&tty->termios_mutex);
2207  return 0;
2208 }
2209 
2225 static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg)
2226 {
2227  struct winsize tmp_ws;
2228  if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2229  return -EFAULT;
2230 
2231  if (tty->ops->resize)
2232  return tty->ops->resize(tty, &tmp_ws);
2233  else
2234  return tty_do_resize(tty, &tmp_ws);
2235 }
2236 
2246 static int tioccons(struct file *file)
2247 {
2248  if (!capable(CAP_SYS_ADMIN))
2249  return -EPERM;
2250  if (file->f_op->write == redirected_tty_write) {
2251  struct file *f;
2252  spin_lock(&redirect_lock);
2253  f = redirect;
2254  redirect = NULL;
2255  spin_unlock(&redirect_lock);
2256  if (f)
2257  fput(f);
2258  return 0;
2259  }
2260  spin_lock(&redirect_lock);
2261  if (redirect) {
2262  spin_unlock(&redirect_lock);
2263  return -EBUSY;
2264  }
2265  redirect = get_file(file);
2266  spin_unlock(&redirect_lock);
2267  return 0;
2268 }
2269 
2282 static int fionbio(struct file *file, int __user *p)
2283 {
2284  int nonblock;
2285 
2286  if (get_user(nonblock, p))
2287  return -EFAULT;
2288 
2289  spin_lock(&file->f_lock);
2290  if (nonblock)
2291  file->f_flags |= O_NONBLOCK;
2292  else
2293  file->f_flags &= ~O_NONBLOCK;
2294  spin_unlock(&file->f_lock);
2295  return 0;
2296 }
2297 
2312 static int tiocsctty(struct tty_struct *tty, int arg)
2313 {
2314  int ret = 0;
2315  if (current->signal->leader && (task_session(current) == tty->session))
2316  return ret;
2317 
2318  mutex_lock(&tty_mutex);
2319  /*
2320  * The process must be a session leader and
2321  * not have a controlling tty already.
2322  */
2323  if (!current->signal->leader || current->signal->tty) {
2324  ret = -EPERM;
2325  goto unlock;
2326  }
2327 
2328  if (tty->session) {
2329  /*
2330  * This tty is already the controlling
2331  * tty for another session group!
2332  */
2333  if (arg == 1 && capable(CAP_SYS_ADMIN)) {
2334  /*
2335  * Steal it away
2336  */
2337  read_lock(&tasklist_lock);
2338  session_clear_tty(tty->session);
2339  read_unlock(&tasklist_lock);
2340  } else {
2341  ret = -EPERM;
2342  goto unlock;
2343  }
2344  }
2345  proc_set_tty(current, tty);
2346 unlock:
2347  mutex_unlock(&tty_mutex);
2348  return ret;
2349 }
2350 
2359 struct pid *tty_get_pgrp(struct tty_struct *tty)
2360 {
2361  unsigned long flags;
2362  struct pid *pgrp;
2363 
2364  spin_lock_irqsave(&tty->ctrl_lock, flags);
2365  pgrp = get_pid(tty->pgrp);
2366  spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2367 
2368  return pgrp;
2369 }
2371 
2384 static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2385 {
2386  struct pid *pid;
2387  int ret;
2388  /*
2389  * (tty == real_tty) is a cheap way of
2390  * testing if the tty is NOT a master pty.
2391  */
2392  if (tty == real_tty && current->signal->tty != real_tty)
2393  return -ENOTTY;
2394  pid = tty_get_pgrp(real_tty);
2395  ret = put_user(pid_vnr(pid), p);
2396  put_pid(pid);
2397  return ret;
2398 }
2399 
2412 static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2413 {
2414  struct pid *pgrp;
2415  pid_t pgrp_nr;
2416  int retval = tty_check_change(real_tty);
2417  unsigned long flags;
2418 
2419  if (retval == -EIO)
2420  return -ENOTTY;
2421  if (retval)
2422  return retval;
2423  if (!current->signal->tty ||
2424  (current->signal->tty != real_tty) ||
2425  (real_tty->session != task_session(current)))
2426  return -ENOTTY;
2427  if (get_user(pgrp_nr, p))
2428  return -EFAULT;
2429  if (pgrp_nr < 0)
2430  return -EINVAL;
2431  rcu_read_lock();
2432  pgrp = find_vpid(pgrp_nr);
2433  retval = -ESRCH;
2434  if (!pgrp)
2435  goto out_unlock;
2436  retval = -EPERM;
2437  if (session_of_pgrp(pgrp) != task_session(current))
2438  goto out_unlock;
2439  retval = 0;
2440  spin_lock_irqsave(&tty->ctrl_lock, flags);
2441  put_pid(real_tty->pgrp);
2442  real_tty->pgrp = get_pid(pgrp);
2443  spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2444 out_unlock:
2445  rcu_read_unlock();
2446  return retval;
2447 }
2448 
2461 static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2462 {
2463  /*
2464  * (tty == real_tty) is a cheap way of
2465  * testing if the tty is NOT a master pty.
2466  */
2467  if (tty == real_tty && current->signal->tty != real_tty)
2468  return -ENOTTY;
2469  if (!real_tty->session)
2470  return -ENOTTY;
2471  return put_user(pid_vnr(real_tty->session), p);
2472 }
2473 
2484 static int tiocsetd(struct tty_struct *tty, int __user *p)
2485 {
2486  int ldisc;
2487  int ret;
2488 
2489  if (get_user(ldisc, p))
2490  return -EFAULT;
2491 
2492  ret = tty_set_ldisc(tty, ldisc);
2493 
2494  return ret;
2495 }
2496 
2510 static int send_break(struct tty_struct *tty, unsigned int duration)
2511 {
2512  int retval;
2513 
2514  if (tty->ops->break_ctl == NULL)
2515  return 0;
2516 
2517  if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
2518  retval = tty->ops->break_ctl(tty, duration);
2519  else {
2520  /* Do the work ourselves */
2521  if (tty_write_lock(tty, 0) < 0)
2522  return -EINTR;
2523  retval = tty->ops->break_ctl(tty, -1);
2524  if (retval)
2525  goto out;
2526  if (!signal_pending(current))
2527  msleep_interruptible(duration);
2528  retval = tty->ops->break_ctl(tty, 0);
2529 out:
2530  tty_write_unlock(tty);
2531  if (signal_pending(current))
2532  retval = -EINTR;
2533  }
2534  return retval;
2535 }
2536 
2549 static int tty_tiocmget(struct tty_struct *tty, int __user *p)
2550 {
2551  int retval = -EINVAL;
2552 
2553  if (tty->ops->tiocmget) {
2554  retval = tty->ops->tiocmget(tty);
2555 
2556  if (retval >= 0)
2557  retval = put_user(retval, p);
2558  }
2559  return retval;
2560 }
2561 
2574 static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd,
2575  unsigned __user *p)
2576 {
2577  int retval;
2578  unsigned int set, clear, val;
2579 
2580  if (tty->ops->tiocmset == NULL)
2581  return -EINVAL;
2582 
2583  retval = get_user(val, p);
2584  if (retval)
2585  return retval;
2586  set = clear = 0;
2587  switch (cmd) {
2588  case TIOCMBIS:
2589  set = val;
2590  break;
2591  case TIOCMBIC:
2592  clear = val;
2593  break;
2594  case TIOCMSET:
2595  set = val;
2596  clear = ~val;
2597  break;
2598  }
2601  return tty->ops->tiocmset(tty, set, clear);
2602 }
2603 
2604 static int tty_tiocgicount(struct tty_struct *tty, void __user *arg)
2605 {
2606  int retval = -EINVAL;
2607  struct serial_icounter_struct icount;
2608  memset(&icount, 0, sizeof(icount));
2609  if (tty->ops->get_icount)
2610  retval = tty->ops->get_icount(tty, &icount);
2611  if (retval != 0)
2612  return retval;
2613  if (copy_to_user(arg, &icount, sizeof(icount)))
2614  return -EFAULT;
2615  return 0;
2616 }
2617 
2619 {
2620  if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2621  tty->driver->subtype == PTY_TYPE_MASTER)
2622  tty = tty->link;
2623  return tty;
2624 }
2626 
2628 {
2629  if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2630  tty->driver->subtype == PTY_TYPE_MASTER)
2631  return tty;
2632  return tty->link;
2633 }
2635 
2636 /*
2637  * Split this up, as gcc can choke on it otherwise..
2638  */
2639 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2640 {
2641  struct tty_struct *tty = file_tty(file);
2642  struct tty_struct *real_tty;
2643  void __user *p = (void __user *)arg;
2644  int retval;
2645  struct tty_ldisc *ld;
2646  struct inode *inode = file->f_dentry->d_inode;
2647 
2648  if (tty_paranoia_check(tty, inode, "tty_ioctl"))
2649  return -EINVAL;
2650 
2651  real_tty = tty_pair_get_tty(tty);
2652 
2653  /*
2654  * Factor out some common prep work
2655  */
2656  switch (cmd) {
2657  case TIOCSETD:
2658  case TIOCSBRK:
2659  case TIOCCBRK:
2660  case TCSBRK:
2661  case TCSBRKP:
2662  retval = tty_check_change(tty);
2663  if (retval)
2664  return retval;
2665  if (cmd != TIOCCBRK) {
2666  tty_wait_until_sent(tty, 0);
2667  if (signal_pending(current))
2668  return -EINTR;
2669  }
2670  break;
2671  }
2672 
2673  /*
2674  * Now do the stuff.
2675  */
2676  switch (cmd) {
2677  case TIOCSTI:
2678  return tiocsti(tty, p);
2679  case TIOCGWINSZ:
2680  return tiocgwinsz(real_tty, p);
2681  case TIOCSWINSZ:
2682  return tiocswinsz(real_tty, p);
2683  case TIOCCONS:
2684  return real_tty != tty ? -EINVAL : tioccons(file);
2685  case FIONBIO:
2686  return fionbio(file, p);
2687  case TIOCEXCL:
2688  set_bit(TTY_EXCLUSIVE, &tty->flags);
2689  return 0;
2690  case TIOCNXCL:
2691  clear_bit(TTY_EXCLUSIVE, &tty->flags);
2692  return 0;
2693  case TIOCNOTTY:
2694  if (current->signal->tty != tty)
2695  return -ENOTTY;
2696  no_tty();
2697  return 0;
2698  case TIOCSCTTY:
2699  return tiocsctty(tty, arg);
2700  case TIOCGPGRP:
2701  return tiocgpgrp(tty, real_tty, p);
2702  case TIOCSPGRP:
2703  return tiocspgrp(tty, real_tty, p);
2704  case TIOCGSID:
2705  return tiocgsid(tty, real_tty, p);
2706  case TIOCGETD:
2707  return put_user(tty->ldisc->ops->num, (int __user *)p);
2708  case TIOCSETD:
2709  return tiocsetd(tty, p);
2710  case TIOCVHANGUP:
2711  if (!capable(CAP_SYS_ADMIN))
2712  return -EPERM;
2713  tty_vhangup(tty);
2714  return 0;
2715  case TIOCGDEV:
2716  {
2717  unsigned int ret = new_encode_dev(tty_devnum(real_tty));
2718  return put_user(ret, (unsigned int __user *)p);
2719  }
2720  /*
2721  * Break handling
2722  */
2723  case TIOCSBRK: /* Turn break on, unconditionally */
2724  if (tty->ops->break_ctl)
2725  return tty->ops->break_ctl(tty, -1);
2726  return 0;
2727  case TIOCCBRK: /* Turn break off, unconditionally */
2728  if (tty->ops->break_ctl)
2729  return tty->ops->break_ctl(tty, 0);
2730  return 0;
2731  case TCSBRK: /* SVID version: non-zero arg --> no break */
2732  /* non-zero arg means wait for all output data
2733  * to be sent (performed above) but don't send break.
2734  * This is used by the tcdrain() termios function.
2735  */
2736  if (!arg)
2737  return send_break(tty, 250);
2738  return 0;
2739  case TCSBRKP: /* support for POSIX tcsendbreak() */
2740  return send_break(tty, arg ? arg*100 : 250);
2741 
2742  case TIOCMGET:
2743  return tty_tiocmget(tty, p);
2744  case TIOCMSET:
2745  case TIOCMBIC:
2746  case TIOCMBIS:
2747  return tty_tiocmset(tty, cmd, p);
2748  case TIOCGICOUNT:
2749  retval = tty_tiocgicount(tty, p);
2750  /* For the moment allow fall through to the old method */
2751  if (retval != -EINVAL)
2752  return retval;
2753  break;
2754  case TCFLSH:
2755  switch (arg) {
2756  case TCIFLUSH:
2757  case TCIOFLUSH:
2758  /* flush tty buffer and allow ldisc to process ioctl */
2759  tty_buffer_flush(tty);
2760  break;
2761  }
2762  break;
2763  }
2764  if (tty->ops->ioctl) {
2765  retval = (tty->ops->ioctl)(tty, cmd, arg);
2766  if (retval != -ENOIOCTLCMD)
2767  return retval;
2768  }
2769  ld = tty_ldisc_ref_wait(tty);
2770  retval = -EINVAL;
2771  if (ld->ops->ioctl) {
2772  retval = ld->ops->ioctl(tty, file, cmd, arg);
2773  if (retval == -ENOIOCTLCMD)
2774  retval = -ENOTTY;
2775  }
2776  tty_ldisc_deref(ld);
2777  return retval;
2778 }
2779 
2780 #ifdef CONFIG_COMPAT
2781 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
2782  unsigned long arg)
2783 {
2784  struct inode *inode = file->f_dentry->d_inode;
2785  struct tty_struct *tty = file_tty(file);
2786  struct tty_ldisc *ld;
2787  int retval = -ENOIOCTLCMD;
2788 
2789  if (tty_paranoia_check(tty, inode, "tty_ioctl"))
2790  return -EINVAL;
2791 
2792  if (tty->ops->compat_ioctl) {
2793  retval = (tty->ops->compat_ioctl)(tty, cmd, arg);
2794  if (retval != -ENOIOCTLCMD)
2795  return retval;
2796  }
2797 
2798  ld = tty_ldisc_ref_wait(tty);
2799  if (ld->ops->compat_ioctl)
2800  retval = ld->ops->compat_ioctl(tty, file, cmd, arg);
2801  else
2802  retval = n_tty_compat_ioctl_helper(tty, file, cmd, arg);
2803  tty_ldisc_deref(ld);
2804 
2805  return retval;
2806 }
2807 #endif
2808 
2809 static int this_tty(const void *t, struct file *file, unsigned fd)
2810 {
2811  if (likely(file->f_op->read != tty_read))
2812  return 0;
2813  return file_tty(file) != t ? 0 : fd + 1;
2814 }
2815 
2816 /*
2817  * This implements the "Secure Attention Key" --- the idea is to
2818  * prevent trojan horses by killing all processes associated with this
2819  * tty when the user hits the "Secure Attention Key". Required for
2820  * super-paranoid applications --- see the Orange Book for more details.
2821  *
2822  * This code could be nicer; ideally it should send a HUP, wait a few
2823  * seconds, then send a INT, and then a KILL signal. But you then
2824  * have to coordinate with the init process, since all processes associated
2825  * with the current tty must be dead before the new getty is allowed
2826  * to spawn.
2827  *
2828  * Now, if it would be correct ;-/ The current code has a nasty hole -
2829  * it doesn't catch files in flight. We may send the descriptor to ourselves
2830  * via AF_UNIX socket, close it and later fetch from socket. FIXME.
2831  *
2832  * Nasty bug: do_SAK is being called in interrupt context. This can
2833  * deadlock. We punt it up to process context. AKPM - 16Mar2001
2834  */
2835 void __do_SAK(struct tty_struct *tty)
2836 {
2837 #ifdef TTY_SOFT_SAK
2838  tty_hangup(tty);
2839 #else
2840  struct task_struct *g, *p;
2841  struct pid *session;
2842  int i;
2843 
2844  if (!tty)
2845  return;
2846  session = tty->session;
2847 
2848  tty_ldisc_flush(tty);
2849 
2851 
2853  /* Kill the entire session */
2854  do_each_pid_task(session, PIDTYPE_SID, p) {
2855  printk(KERN_NOTICE "SAK: killed process %d"
2856  " (%s): task_session(p)==tty->session\n",
2857  task_pid_nr(p), p->comm);
2858  send_sig(SIGKILL, p, 1);
2859  } while_each_pid_task(session, PIDTYPE_SID, p);
2860  /* Now kill any processes that happen to have the
2861  * tty open.
2862  */
2863  do_each_thread(g, p) {
2864  if (p->signal->tty == tty) {
2865  printk(KERN_NOTICE "SAK: killed process %d"
2866  " (%s): task_session(p)==tty->session\n",
2867  task_pid_nr(p), p->comm);
2868  send_sig(SIGKILL, p, 1);
2869  continue;
2870  }
2871  task_lock(p);
2872  i = iterate_fd(p->files, 0, this_tty, tty);
2873  if (i != 0) {
2874  printk(KERN_NOTICE "SAK: killed process %d"
2875  " (%s): fd#%d opened to the tty\n",
2876  task_pid_nr(p), p->comm, i - 1);
2877  force_sig(SIGKILL, p);
2878  }
2879  task_unlock(p);
2880  } while_each_thread(g, p);
2882 #endif
2883 }
2884 
2885 static void do_SAK_work(struct work_struct *work)
2886 {
2887  struct tty_struct *tty =
2888  container_of(work, struct tty_struct, SAK_work);
2889  __do_SAK(tty);
2890 }
2891 
2892 /*
2893  * The tq handling here is a little racy - tty->SAK_work may already be queued.
2894  * Fortunately we don't need to worry, because if ->SAK_work is already queued,
2895  * the values which we write to it will be identical to the values which it
2896  * already has. --akpm
2897  */
2898 void do_SAK(struct tty_struct *tty)
2899 {
2900  if (!tty)
2901  return;
2902  schedule_work(&tty->SAK_work);
2903 }
2904 
2906 
2907 static int dev_match_devt(struct device *dev, void *data)
2908 {
2909  dev_t *devt = data;
2910  return dev->devt == *devt;
2911 }
2912 
2913 /* Must put_device() after it's unused! */
2914 static struct device *tty_get_device(struct tty_struct *tty)
2915 {
2916  dev_t devt = tty_devnum(tty);
2917  return class_find_device(tty_class, NULL, &devt, dev_match_devt);
2918 }
2919 
2920 
2932  struct tty_driver *driver, int idx)
2933 {
2934  memset(tty, 0, sizeof(struct tty_struct));
2935  kref_init(&tty->kref);
2936  tty->magic = TTY_MAGIC;
2937  tty_ldisc_init(tty);
2938  tty->session = NULL;
2939  tty->pgrp = NULL;
2940  tty->overrun_time = jiffies;
2941  tty_buffer_init(tty);
2942  mutex_init(&tty->legacy_mutex);
2943  mutex_init(&tty->termios_mutex);
2944  mutex_init(&tty->ldisc_mutex);
2947  INIT_WORK(&tty->hangup_work, do_tty_hangup);
2950  mutex_init(&tty->output_lock);
2951  mutex_init(&tty->echo_lock);
2952  spin_lock_init(&tty->read_lock);
2953  spin_lock_init(&tty->ctrl_lock);
2954  INIT_LIST_HEAD(&tty->tty_files);
2955  INIT_WORK(&tty->SAK_work, do_SAK_work);
2956 
2957  tty->driver = driver;
2958  tty->ops = driver->ops;
2959  tty->index = idx;
2960  tty_line_name(driver, idx, tty->name);
2961  tty->dev = tty_get_device(tty);
2962 }
2963 
2974 {
2975  tty_ldisc_deinit(tty);
2976 }
2977 
2990 int tty_put_char(struct tty_struct *tty, unsigned char ch)
2991 {
2992  if (tty->ops->put_char)
2993  return tty->ops->put_char(tty, ch);
2994  return tty->ops->write(tty, &ch, 1);
2995 }
2997 
2999 
3000 static int tty_cdev_add(struct tty_driver *driver, dev_t dev,
3001  unsigned int index, unsigned int count)
3002 {
3003  /* init here, since reused cdevs cause crashes */
3004  cdev_init(&driver->cdevs[index], &tty_fops);
3005  driver->cdevs[index].owner = driver->owner;
3006  return cdev_add(&driver->cdevs[index], dev, count);
3007 }
3008 
3028 struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3029  struct device *device)
3030 {
3031  return tty_register_device_attr(driver, index, device, NULL, NULL);
3032 }
3034 
3035 static void tty_device_create_release(struct device *dev)
3036 {
3037  pr_debug("device: '%s': %s\n", dev_name(dev), __func__);
3038  kfree(dev);
3039 }
3040 
3061 struct device *tty_register_device_attr(struct tty_driver *driver,
3062  unsigned index, struct device *device,
3063  void *drvdata,
3064  const struct attribute_group **attr_grp)
3065 {
3066  char name[64];
3067  dev_t devt = MKDEV(driver->major, driver->minor_start) + index;
3068  struct device *dev = NULL;
3069  int retval = -ENODEV;
3070  bool cdev = false;
3071 
3072  if (index >= driver->num) {
3073  printk(KERN_ERR "Attempt to register invalid tty line number "
3074  " (%d).\n", index);
3075  return ERR_PTR(-EINVAL);
3076  }
3077 
3078  if (driver->type == TTY_DRIVER_TYPE_PTY)
3079  pty_line_name(driver, index, name);
3080  else
3081  tty_line_name(driver, index, name);
3082 
3083  if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3084  retval = tty_cdev_add(driver, devt, index, 1);
3085  if (retval)
3086  goto error;
3087  cdev = true;
3088  }
3089 
3090  dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3091  if (!dev) {
3092  retval = -ENOMEM;
3093  goto error;
3094  }
3095 
3096  dev->devt = devt;
3097  dev->class = tty_class;
3098  dev->parent = device;
3099  dev->release = tty_device_create_release;
3100  dev_set_name(dev, "%s", name);
3101  dev->groups = attr_grp;
3102  dev_set_drvdata(dev, drvdata);
3103 
3104  retval = device_register(dev);
3105  if (retval)
3106  goto error;
3107 
3108  return dev;
3109 
3110 error:
3111  put_device(dev);
3112  if (cdev)
3113  cdev_del(&driver->cdevs[index]);
3114  return ERR_PTR(retval);
3115 }
3117 
3129 void tty_unregister_device(struct tty_driver *driver, unsigned index)
3130 {
3131  device_destroy(tty_class,
3132  MKDEV(driver->major, driver->minor_start) + index);
3133  if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC))
3134  cdev_del(&driver->cdevs[index]);
3135 }
3137 
3147 struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner,
3148  unsigned long flags)
3149 {
3150  struct tty_driver *driver;
3151  unsigned int cdevs = 1;
3152  int err;
3153 
3154  if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1))
3155  return ERR_PTR(-EINVAL);
3156 
3157  driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL);
3158  if (!driver)
3159  return ERR_PTR(-ENOMEM);
3160 
3161  kref_init(&driver->kref);
3162  driver->magic = TTY_DRIVER_MAGIC;
3163  driver->num = lines;
3164  driver->owner = owner;
3165  driver->flags = flags;
3166 
3167  if (!(flags & TTY_DRIVER_DEVPTS_MEM)) {
3168  driver->ttys = kcalloc(lines, sizeof(*driver->ttys),
3169  GFP_KERNEL);
3170  driver->termios = kcalloc(lines, sizeof(*driver->termios),
3171  GFP_KERNEL);
3172  if (!driver->ttys || !driver->termios) {
3173  err = -ENOMEM;
3174  goto err_free_all;
3175  }
3176  }
3177 
3178  if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3179  driver->ports = kcalloc(lines, sizeof(*driver->ports),
3180  GFP_KERNEL);
3181  if (!driver->ports) {
3182  err = -ENOMEM;
3183  goto err_free_all;
3184  }
3185  cdevs = lines;
3186  }
3187 
3188  driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL);
3189  if (!driver->cdevs) {
3190  err = -ENOMEM;
3191  goto err_free_all;
3192  }
3193 
3194  return driver;
3195 err_free_all:
3196  kfree(driver->ports);
3197  kfree(driver->ttys);
3198  kfree(driver->termios);
3199  kfree(driver);
3200  return ERR_PTR(err);
3201 }
3203 
3204 static void destruct_tty_driver(struct kref *kref)
3205 {
3206  struct tty_driver *driver = container_of(kref, struct tty_driver, kref);
3207  int i;
3208  struct ktermios *tp;
3209 
3210  if (driver->flags & TTY_DRIVER_INSTALLED) {
3211  /*
3212  * Free the termios and termios_locked structures because
3213  * we don't want to get memory leaks when modular tty
3214  * drivers are removed from the kernel.
3215  */
3216  for (i = 0; i < driver->num; i++) {
3217  tp = driver->termios[i];
3218  if (tp) {
3219  driver->termios[i] = NULL;
3220  kfree(tp);
3221  }
3222  if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3223  tty_unregister_device(driver, i);
3224  }
3226  if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)
3227  cdev_del(&driver->cdevs[0]);
3228  }
3229  kfree(driver->cdevs);
3230  kfree(driver->ports);
3231  kfree(driver->termios);
3232  kfree(driver->ttys);
3233  kfree(driver);
3234 }
3235 
3236 void tty_driver_kref_put(struct tty_driver *driver)
3237 {
3238  kref_put(&driver->kref, destruct_tty_driver);
3239 }
3241 
3242 void tty_set_operations(struct tty_driver *driver,
3243  const struct tty_operations *op)
3244 {
3245  driver->ops = op;
3246 };
3248 
3250 {
3252 }
3254 
3255 /*
3256  * Called by a tty driver to register itself.
3257  */
3258 int tty_register_driver(struct tty_driver *driver)
3259 {
3260  int error;
3261  int i;
3262  dev_t dev;
3263  struct device *d;
3264 
3265  if (!driver->major) {
3266  error = alloc_chrdev_region(&dev, driver->minor_start,
3267  driver->num, driver->name);
3268  if (!error) {
3269  driver->major = MAJOR(dev);
3270  driver->minor_start = MINOR(dev);
3271  }
3272  } else {
3273  dev = MKDEV(driver->major, driver->minor_start);
3274  error = register_chrdev_region(dev, driver->num, driver->name);
3275  }
3276  if (error < 0)
3277  goto err;
3278 
3279  if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) {
3280  error = tty_cdev_add(driver, dev, 0, driver->num);
3281  if (error)
3282  goto err_unreg_char;
3283  }
3284 
3286  list_add(&driver->tty_drivers, &tty_drivers);
3288 
3289  if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
3290  for (i = 0; i < driver->num; i++) {
3291  d = tty_register_device(driver, i, NULL);
3292  if (IS_ERR(d)) {
3293  error = PTR_ERR(d);
3294  goto err_unreg_devs;
3295  }
3296  }
3297  }
3298  proc_tty_register_driver(driver);
3299  driver->flags |= TTY_DRIVER_INSTALLED;
3300  return 0;
3301 
3302 err_unreg_devs:
3303  for (i--; i >= 0; i--)
3304  tty_unregister_device(driver, i);
3305 
3307  list_del(&driver->tty_drivers);
3309 
3310 err_unreg_char:
3311  unregister_chrdev_region(dev, driver->num);
3312 err:
3313  return error;
3314 }
3316 
3317 /*
3318  * Called by a tty driver to unregister itself.
3319  */
3321 {
3322 #if 0
3323  /* FIXME */
3324  if (driver->refcount)
3325  return -EBUSY;
3326 #endif
3327  unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3328  driver->num);
3330  list_del(&driver->tty_drivers);
3332  return 0;
3333 }
3334 
3336 
3338 {
3339  return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3340 }
3342 
3344 {
3345  unsigned long flags;
3346  struct tty_struct *tty;
3347  spin_lock_irqsave(&p->sighand->siglock, flags);
3348  tty = p->signal->tty;
3349  p->signal->tty = NULL;
3350  spin_unlock_irqrestore(&p->sighand->siglock, flags);
3351  tty_kref_put(tty);
3352 }
3353 
3354 /* Called under the sighand lock */
3355 
3356 static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
3357 {
3358  if (tty) {
3359  unsigned long flags;
3360  /* We should not have a session or pgrp to put here but.... */
3361  spin_lock_irqsave(&tty->ctrl_lock, flags);
3362  put_pid(tty->session);
3363  put_pid(tty->pgrp);
3364  tty->pgrp = get_pid(task_pgrp(tsk));
3365  spin_unlock_irqrestore(&tty->ctrl_lock, flags);
3366  tty->session = get_pid(task_session(tsk));
3367  if (tsk->signal->tty) {
3368  printk(KERN_DEBUG "tty not NULL!!\n");
3369  tty_kref_put(tsk->signal->tty);
3370  }
3371  }
3372  put_pid(tsk->signal->tty_old_pgrp);
3373  tsk->signal->tty = tty_kref_get(tty);
3374  tsk->signal->tty_old_pgrp = NULL;
3375 }
3376 
3377 static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
3378 {
3379  spin_lock_irq(&tsk->sighand->siglock);
3380  __proc_set_tty(tsk, tty);
3381  spin_unlock_irq(&tsk->sighand->siglock);
3382 }
3383 
3385 {
3386  struct tty_struct *tty;
3387  unsigned long flags;
3388 
3389  spin_lock_irqsave(&current->sighand->siglock, flags);
3390  tty = tty_kref_get(current->signal->tty);
3391  spin_unlock_irqrestore(&current->sighand->siglock, flags);
3392  return tty;
3393 }
3395 
3397 {
3398  *fops = tty_fops;
3399 }
3400 
3401 /*
3402  * Initialize the console device. This is called *early*, so
3403  * we can't necessarily depend on lots of kernel help here.
3404  * Just do some early initializations, and do the complex setup
3405  * later.
3406  */
3408 {
3409  initcall_t *call;
3410 
3411  /* Setup the default TTY line discipline. */
3412  tty_ldisc_begin();
3413 
3414  /*
3415  * set up the console device so that later boot sequences can
3416  * inform about problems etc..
3417  */
3418  call = __con_initcall_start;
3419  while (call < __con_initcall_end) {
3420  (*call)();
3421  call++;
3422  }
3423 }
3424 
3425 static char *tty_devnode(struct device *dev, umode_t *mode)
3426 {
3427  if (!mode)
3428  return NULL;
3429  if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) ||
3430  dev->devt == MKDEV(TTYAUX_MAJOR, 2))
3431  *mode = 0666;
3432  return NULL;
3433 }
3434 
3435 static int __init tty_class_init(void)
3436 {
3437  tty_class = class_create(THIS_MODULE, "tty");
3438  if (IS_ERR(tty_class))
3439  return PTR_ERR(tty_class);
3440  tty_class->devnode = tty_devnode;
3441  return 0;
3442 }
3443 
3444 postcore_initcall(tty_class_init);
3445 
3446 /* 3/2004 jmc: why do these devices exist? */
3447 static struct cdev tty_cdev, console_cdev;
3448 
3449 static ssize_t show_cons_active(struct device *dev,
3450  struct device_attribute *attr, char *buf)
3451 {
3452  struct console *cs[16];
3453  int i = 0;
3454  struct console *c;
3455  ssize_t count = 0;
3456 
3457  console_lock();
3458  for_each_console(c) {
3459  if (!c->device)
3460  continue;
3461  if (!c->write)
3462  continue;
3463  if ((c->flags & CON_ENABLED) == 0)
3464  continue;
3465  cs[i++] = c;
3466  if (i >= ARRAY_SIZE(cs))
3467  break;
3468  }
3469  while (i--)
3470  count += sprintf(buf + count, "%s%d%c",
3471  cs[i]->name, cs[i]->index, i ? ' ':'\n');
3472  console_unlock();
3473 
3474  return count;
3475 }
3476 static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL);
3477 
3478 static struct device *consdev;
3479 
3481 {
3482  if (consdev)
3483  sysfs_notify(&consdev->kobj, NULL, "active");
3484 }
3485 
3486 /*
3487  * Ok, now we can initialize the rest of the tty devices and can count
3488  * on memory allocations, interrupts etc..
3489  */
3490 int __init tty_init(void)
3491 {
3492  cdev_init(&tty_cdev, &tty_fops);
3493  if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3494  register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3495  panic("Couldn't register /dev/tty driver\n");
3496  device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty");
3497 
3498  cdev_init(&console_cdev, &console_fops);
3499  if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3500  register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3501  panic("Couldn't register /dev/console driver\n");
3502  consdev = device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), NULL,
3503  "console");
3504  if (IS_ERR(consdev))
3505  consdev = NULL;
3506  else
3507  WARN_ON(device_create_file(consdev, &dev_attr_active) < 0);
3508 
3509 #ifdef CONFIG_VT
3510  vty_init(&console_fops);
3511 #endif
3512  return 0;
3513 }
3514