Line data Source code
1 : // SPDX-License-Identifier: GPL-2.0
2 : /*
3 : * Copyright (C) 1991, 1992 Linus Torvalds
4 : */
5 :
6 : /*
7 : * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
8 : * or rs-channels. It also implements echoing, cooked mode etc.
9 : *
10 : * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
11 : *
12 : * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
13 : * tty_struct and tty_queue structures. Previously there was an array
14 : * of 256 tty_struct's which was statically allocated, and the
15 : * tty_queue structures were allocated at boot time. Both are now
16 : * dynamically allocated only when the tty is open.
17 : *
18 : * Also restructured routines so that there is more of a separation
19 : * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
20 : * the low-level tty routines (serial.c, pty.c, console.c). This
21 : * makes for cleaner and more compact code. -TYT, 9/17/92
22 : *
23 : * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
24 : * which can be dynamically activated and de-activated by the line
25 : * discipline handling modules (like SLIP).
26 : *
27 : * NOTE: pay no attention to the line discipline code (yet); its
28 : * interface is still subject to change in this version...
29 : * -- TYT, 1/31/92
30 : *
31 : * Added functionality to the OPOST tty handling. No delays, but all
32 : * other bits should be there.
33 : * -- Nick Holloway <[email protected]>, 27th May 1993.
34 : *
35 : * Rewrote canonical mode and added more termios flags.
36 : * -- [email protected] (J. Cowley), 13Jan94
37 : *
38 : * Reorganized FASYNC support so mouse code can share it.
39 : * -- [email protected], 9Sep95
40 : *
41 : * New TIOCLINUX variants added.
42 : * -- [email protected], 19-Nov-95
43 : *
44 : * Restrict vt switching via ioctl()
45 : * -- [email protected], 5-Dec-95
46 : *
47 : * Move console and virtual terminal code to more appropriate files,
48 : * implement CONFIG_VT and generalize console device interface.
49 : * -- Marko Kohtala <[email protected]>, March 97
50 : *
51 : * Rewrote tty_init_dev and tty_release_dev to eliminate races.
52 : * -- Bill Hawes <[email protected]>, June 97
53 : *
54 : * Added devfs support.
55 : * -- C. Scott Ananian <[email protected]>, 13-Jan-1998
56 : *
57 : * Added support for a Unix98-style ptmx device.
58 : * -- C. Scott Ananian <[email protected]>, 14-Jan-1998
59 : *
60 : * Reduced memory usage for older ARM systems
61 : * -- Russell King <[email protected]>
62 : *
63 : * Move do_SAK() into process context. Less stack use in devfs functions.
64 : * alloc_tty_struct() always uses kmalloc()
65 : * -- Andrew Morton <[email protected]> 17Mar01
66 : */
67 :
68 : #include <linux/types.h>
69 : #include <linux/major.h>
70 : #include <linux/errno.h>
71 : #include <linux/signal.h>
72 : #include <linux/fcntl.h>
73 : #include <linux/sched/signal.h>
74 : #include <linux/sched/task.h>
75 : #include <linux/interrupt.h>
76 : #include <linux/tty.h>
77 : #include <linux/tty_driver.h>
78 : #include <linux/tty_flip.h>
79 : #include <linux/devpts_fs.h>
80 : #include <linux/file.h>
81 : #include <linux/fdtable.h>
82 : #include <linux/console.h>
83 : #include <linux/timer.h>
84 : #include <linux/ctype.h>
85 : #include <linux/kd.h>
86 : #include <linux/mm.h>
87 : #include <linux/string.h>
88 : #include <linux/slab.h>
89 : #include <linux/poll.h>
90 : #include <linux/ppp-ioctl.h>
91 : #include <linux/proc_fs.h>
92 : #include <linux/init.h>
93 : #include <linux/module.h>
94 : #include <linux/device.h>
95 : #include <linux/wait.h>
96 : #include <linux/bitops.h>
97 : #include <linux/delay.h>
98 : #include <linux/seq_file.h>
99 : #include <linux/serial.h>
100 : #include <linux/ratelimit.h>
101 : #include <linux/compat.h>
102 : #include <linux/uaccess.h>
103 : #include <linux/termios_internal.h>
104 : #include <linux/fs.h>
105 :
106 : #include <linux/kbd_kern.h>
107 : #include <linux/vt_kern.h>
108 : #include <linux/selection.h>
109 :
110 : #include <linux/kmod.h>
111 : #include <linux/nsproxy.h>
112 : #include "tty.h"
113 :
114 : #undef TTY_DEBUG_HANGUP
115 : #ifdef TTY_DEBUG_HANGUP
116 : # define tty_debug_hangup(tty, f, args...) tty_debug(tty, f, ##args)
117 : #else
118 : # define tty_debug_hangup(tty, f, args...) do { } while (0)
119 : #endif
120 :
121 : #define TTY_PARANOIA_CHECK 1
122 : #define CHECK_TTY_COUNT 1
123 :
124 : struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
125 : .c_iflag = ICRNL | IXON,
126 : .c_oflag = OPOST | ONLCR,
127 : .c_cflag = B38400 | CS8 | CREAD | HUPCL,
128 : .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
129 : ECHOCTL | ECHOKE | IEXTEN,
130 : .c_cc = INIT_C_CC,
131 : .c_ispeed = 38400,
132 : .c_ospeed = 38400,
133 : /* .c_line = N_TTY, */
134 : };
135 : EXPORT_SYMBOL(tty_std_termios);
136 :
137 : /* This list gets poked at by procfs and various bits of boot up code. This
138 : * could do with some rationalisation such as pulling the tty proc function
139 : * into this file.
140 : */
141 :
142 : LIST_HEAD(tty_drivers); /* linked list of tty drivers */
143 :
144 : /* Mutex to protect creating and releasing a tty */
145 : DEFINE_MUTEX(tty_mutex);
146 :
147 : static ssize_t tty_read(struct kiocb *, struct iov_iter *);
148 : static ssize_t tty_write(struct kiocb *, struct iov_iter *);
149 : static __poll_t tty_poll(struct file *, poll_table *);
150 : static int tty_open(struct inode *, struct file *);
151 : #ifdef CONFIG_COMPAT
152 : static long tty_compat_ioctl(struct file *file, unsigned int cmd,
153 : unsigned long arg);
154 : #else
155 : #define tty_compat_ioctl NULL
156 : #endif
157 : static int __tty_fasync(int fd, struct file *filp, int on);
158 : static int tty_fasync(int fd, struct file *filp, int on);
159 : static void release_tty(struct tty_struct *tty, int idx);
160 :
161 : /**
162 : * free_tty_struct - free a disused tty
163 : * @tty: tty struct to free
164 : *
165 : * Free the write buffers, tty queue and tty memory itself.
166 : *
167 : * Locking: none. Must be called after tty is definitely unused
168 : */
169 6 : static void free_tty_struct(struct tty_struct *tty)
170 : {
171 6 : tty_ldisc_deinit(tty);
172 6 : put_device(tty->dev);
173 6 : kvfree(tty->write_buf);
174 6 : kfree(tty);
175 6 : }
176 :
177 184 : static inline struct tty_struct *file_tty(struct file *file)
178 : {
179 184 : return ((struct tty_file_private *)file->private_data)->tty;
180 : }
181 :
182 6 : int tty_alloc_file(struct file *file)
183 : {
184 6 : struct tty_file_private *priv;
185 :
186 6 : priv = kmalloc(sizeof(*priv), GFP_KERNEL);
187 6 : if (!priv)
188 0 : return -ENOMEM;
189 :
190 6 : file->private_data = priv;
191 :
192 6 : return 0;
193 6 : }
194 :
195 : /* Associate a new file with the tty structure */
196 6 : void tty_add_file(struct tty_struct *tty, struct file *file)
197 : {
198 6 : struct tty_file_private *priv = file->private_data;
199 :
200 6 : priv->tty = tty;
201 6 : priv->file = file;
202 :
203 6 : spin_lock(&tty->files_lock);
204 6 : list_add(&priv->list, &tty->tty_files);
205 6 : spin_unlock(&tty->files_lock);
206 6 : }
207 :
208 : /**
209 : * tty_free_file - free file->private_data
210 : * @file: to free private_data of
211 : *
212 : * This shall be used only for fail path handling when tty_add_file was not
213 : * called yet.
214 : */
215 6 : void tty_free_file(struct file *file)
216 : {
217 6 : struct tty_file_private *priv = file->private_data;
218 :
219 6 : file->private_data = NULL;
220 6 : kfree(priv);
221 6 : }
222 :
223 : /* Delete file from its tty */
224 6 : static void tty_del_file(struct file *file)
225 : {
226 6 : struct tty_file_private *priv = file->private_data;
227 6 : struct tty_struct *tty = priv->tty;
228 :
229 6 : spin_lock(&tty->files_lock);
230 6 : list_del(&priv->list);
231 6 : spin_unlock(&tty->files_lock);
232 6 : tty_free_file(file);
233 6 : }
234 :
235 : /**
236 : * tty_name - return tty naming
237 : * @tty: tty structure
238 : *
239 : * Convert a tty structure into a name. The name reflects the kernel naming
240 : * policy and if udev is in use may not reflect user space
241 : *
242 : * Locking: none
243 : */
244 0 : const char *tty_name(const struct tty_struct *tty)
245 : {
246 0 : if (!tty) /* Hmm. NULL pointer. That's fun. */
247 0 : return "NULL tty";
248 0 : return tty->name;
249 0 : }
250 : EXPORT_SYMBOL(tty_name);
251 :
252 0 : const char *tty_driver_name(const struct tty_struct *tty)
253 : {
254 0 : if (!tty || !tty->driver)
255 0 : return "";
256 0 : return tty->driver->name;
257 0 : }
258 :
259 178 : static int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
260 : const char *routine)
261 : {
262 : #ifdef TTY_PARANOIA_CHECK
263 178 : if (!tty) {
264 0 : pr_warn("(%d:%d): %s: NULL tty\n",
265 : imajor(inode), iminor(inode), routine);
266 0 : return 1;
267 : }
268 : #endif
269 178 : return 0;
270 178 : }
271 :
272 : /* Caller must hold tty_lock */
273 12 : static void check_tty_count(struct tty_struct *tty, const char *routine)
274 : {
275 : #ifdef CHECK_TTY_COUNT
276 12 : struct list_head *p;
277 12 : int count = 0, kopen_count = 0;
278 :
279 24 : scoped_guard(spinlock, &tty->files_lock)
280 24 : list_for_each(p, &tty->tty_files)
281 12 : count++;
282 :
283 12 : if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
284 0 : tty->driver->subtype == PTY_TYPE_SLAVE &&
285 0 : tty->link && tty->link->count)
286 0 : count++;
287 12 : if (tty_port_kopened(tty->port))
288 0 : kopen_count++;
289 12 : if (tty->count != (count + kopen_count)) {
290 0 : tty_warn(tty, "%s: tty->count(%d) != (#fd's(%d) + #kopen's(%d))\n",
291 : routine, tty->count, count, kopen_count);
292 0 : }
293 : #endif
294 12 : }
295 :
296 : /**
297 : * get_tty_driver - find device of a tty
298 : * @device: device identifier
299 : * @index: returns the index of the tty
300 : *
301 : * This routine returns a tty driver structure, given a device number and also
302 : * passes back the index number.
303 : *
304 : * Locking: caller must hold tty_mutex
305 : */
306 6 : static struct tty_driver *get_tty_driver(dev_t device, int *index)
307 : {
308 6 : struct tty_driver *p;
309 :
310 8 : list_for_each_entry(p, &tty_drivers, tty_drivers) {
311 8 : dev_t base = MKDEV(p->major, p->minor_start);
312 :
313 8 : if (device < base || device >= base + p->num)
314 2 : continue;
315 6 : *index = device - base;
316 6 : return tty_driver_kref_get(p);
317 8 : }
318 0 : return NULL;
319 6 : }
320 :
321 : /**
322 : * tty_dev_name_to_number - return dev_t for device name
323 : * @name: user space name of device under /dev
324 : * @number: pointer to dev_t that this function will populate
325 : *
326 : * This function converts device names like ttyS0 or ttyUSB1 into dev_t like
327 : * (4, 64) or (188, 1). If no corresponding driver is registered then the
328 : * function returns -%ENODEV.
329 : *
330 : * Locking: this acquires tty_mutex to protect the tty_drivers list from
331 : * being modified while we are traversing it, and makes sure to
332 : * release it before exiting.
333 : */
334 0 : int tty_dev_name_to_number(const char *name, dev_t *number)
335 : {
336 0 : struct tty_driver *p;
337 0 : int ret;
338 0 : int index, prefix_length = 0;
339 0 : const char *str;
340 :
341 0 : for (str = name; *str && !isdigit(*str); str++)
342 : ;
343 :
344 0 : if (!*str)
345 0 : return -EINVAL;
346 :
347 0 : ret = kstrtoint(str, 10, &index);
348 0 : if (ret)
349 0 : return ret;
350 :
351 0 : prefix_length = str - name;
352 :
353 0 : guard(mutex)(&tty_mutex);
354 :
355 0 : list_for_each_entry(p, &tty_drivers, tty_drivers)
356 0 : if (prefix_length == strlen(p->name) && strncmp(name,
357 0 : p->name, prefix_length) == 0) {
358 0 : if (index < p->num) {
359 0 : *number = MKDEV(p->major, p->minor_start + index);
360 0 : return 0;
361 : }
362 0 : }
363 :
364 0 : return -ENODEV;
365 0 : }
366 : EXPORT_SYMBOL_GPL(tty_dev_name_to_number);
367 :
368 : #ifdef CONFIG_CONSOLE_POLL
369 :
370 : /**
371 : * tty_find_polling_driver - find device of a polled tty
372 : * @name: name string to match
373 : * @line: pointer to resulting tty line nr
374 : *
375 : * This routine returns a tty driver structure, given a name and the condition
376 : * that the tty driver is capable of polled operation.
377 : */
378 : struct tty_driver *tty_find_polling_driver(char *name, int *line)
379 : {
380 : struct tty_driver *p;
381 : int tty_line = 0;
382 : int len;
383 : char *str, *stp;
384 :
385 : for (str = name; *str; str++)
386 : if ((*str >= '0' && *str <= '9') || *str == ',')
387 : break;
388 : if (!*str)
389 : return NULL;
390 :
391 : len = str - name;
392 : tty_line = simple_strtoul(str, &str, 10);
393 :
394 : guard(mutex)(&tty_mutex);
395 :
396 : /* Search through the tty devices to look for a match */
397 : list_for_each_entry(p, &tty_drivers, tty_drivers) {
398 : if (!len || strncmp(name, p->name, len) != 0)
399 : continue;
400 : stp = str;
401 : if (*stp == ',')
402 : stp++;
403 : if (*stp == '\0')
404 : stp = NULL;
405 :
406 : if (tty_line >= 0 && tty_line < p->num && p->ops &&
407 : p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) {
408 : *line = tty_line;
409 : return tty_driver_kref_get(p);
410 : }
411 : }
412 :
413 : return NULL;
414 : }
415 : EXPORT_SYMBOL_GPL(tty_find_polling_driver);
416 : #endif
417 :
418 0 : static ssize_t hung_up_tty_read(struct kiocb *iocb, struct iov_iter *to)
419 : {
420 0 : return 0;
421 : }
422 :
423 0 : static ssize_t hung_up_tty_write(struct kiocb *iocb, struct iov_iter *from)
424 : {
425 0 : return -EIO;
426 : }
427 :
428 : /* No kernel lock held - none needed ;) */
429 0 : static __poll_t hung_up_tty_poll(struct file *filp, poll_table *wait)
430 : {
431 0 : return EPOLLIN | EPOLLOUT | EPOLLERR | EPOLLHUP | EPOLLRDNORM | EPOLLWRNORM;
432 : }
433 :
434 0 : static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
435 : unsigned long arg)
436 : {
437 0 : return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
438 : }
439 :
440 0 : static long hung_up_tty_compat_ioctl(struct file *file,
441 : unsigned int cmd, unsigned long arg)
442 : {
443 0 : return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
444 : }
445 :
446 0 : static int hung_up_tty_fasync(int fd, struct file *file, int on)
447 : {
448 0 : return -ENOTTY;
449 : }
450 :
451 0 : static void tty_show_fdinfo(struct seq_file *m, struct file *file)
452 : {
453 0 : struct tty_struct *tty = file_tty(file);
454 :
455 0 : if (tty && tty->ops && tty->ops->show_fdinfo)
456 0 : tty->ops->show_fdinfo(tty, m);
457 0 : }
458 :
459 : static const struct file_operations tty_fops = {
460 : .read_iter = tty_read,
461 : .write_iter = tty_write,
462 : .splice_read = copy_splice_read,
463 : .splice_write = iter_file_splice_write,
464 : .poll = tty_poll,
465 : .unlocked_ioctl = tty_ioctl,
466 : .compat_ioctl = tty_compat_ioctl,
467 : .open = tty_open,
468 : .release = tty_release,
469 : .fasync = tty_fasync,
470 : .show_fdinfo = tty_show_fdinfo,
471 : };
472 :
473 : static const struct file_operations console_fops = {
474 : .read_iter = tty_read,
475 : .write_iter = redirected_tty_write,
476 : .splice_read = copy_splice_read,
477 : .splice_write = iter_file_splice_write,
478 : .poll = tty_poll,
479 : .unlocked_ioctl = tty_ioctl,
480 : .compat_ioctl = tty_compat_ioctl,
481 : .open = tty_open,
482 : .release = tty_release,
483 : .fasync = tty_fasync,
484 : };
485 :
486 : static const struct file_operations hung_up_tty_fops = {
487 : .read_iter = hung_up_tty_read,
488 : .write_iter = hung_up_tty_write,
489 : .poll = hung_up_tty_poll,
490 : .unlocked_ioctl = hung_up_tty_ioctl,
491 : .compat_ioctl = hung_up_tty_compat_ioctl,
492 : .release = tty_release,
493 : .fasync = hung_up_tty_fasync,
494 : };
495 :
496 : static DEFINE_SPINLOCK(redirect_lock);
497 : static struct file *redirect;
498 :
499 : /**
500 : * tty_wakeup - request more data
501 : * @tty: terminal
502 : *
503 : * Internal and external helper for wakeups of tty. This function informs the
504 : * line discipline if present that the driver is ready to receive more output
505 : * data.
506 : */
507 103 : void tty_wakeup(struct tty_struct *tty)
508 : {
509 103 : struct tty_ldisc *ld;
510 :
511 103 : if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
512 0 : ld = tty_ldisc_ref(tty);
513 0 : if (ld) {
514 0 : if (ld->ops->write_wakeup)
515 0 : ld->ops->write_wakeup(tty);
516 0 : tty_ldisc_deref(ld);
517 0 : }
518 0 : }
519 103 : wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT);
520 103 : }
521 : EXPORT_SYMBOL_GPL(tty_wakeup);
522 :
523 : /**
524 : * tty_release_redirect - Release a redirect on a pty if present
525 : * @tty: tty device
526 : *
527 : * This is available to the pty code so if the master closes, if the slave is a
528 : * redirect it can release the redirect.
529 : */
530 0 : static struct file *tty_release_redirect(struct tty_struct *tty)
531 : {
532 0 : guard(spinlock)(&redirect_lock);
533 :
534 0 : if (redirect && file_tty(redirect) == tty) {
535 0 : struct file *f = redirect;
536 0 : redirect = NULL;
537 0 : return f;
538 0 : }
539 :
540 0 : return NULL;
541 0 : }
542 :
543 : /**
544 : * __tty_hangup - actual handler for hangup events
545 : * @tty: tty device
546 : * @exit_session: if non-zero, signal all foreground group processes
547 : *
548 : * This can be called by a "kworker" kernel thread. That is process synchronous
549 : * but doesn't hold any locks, so we need to make sure we have the appropriate
550 : * locks for what we're doing.
551 : *
552 : * The hangup event clears any pending redirections onto the hung up device. It
553 : * ensures future writes will error and it does the needed line discipline
554 : * hangup and signal delivery. The tty object itself remains intact.
555 : *
556 : * Locking:
557 : * * BTM
558 : *
559 : * * redirect lock for undoing redirection
560 : * * file list lock for manipulating list of ttys
561 : * * tty_ldiscs_lock from called functions
562 : * * termios_rwsem resetting termios data
563 : * * tasklist_lock to walk task list for hangup event
564 : *
565 : * * ->siglock to protect ->signal/->sighand
566 : *
567 : */
568 0 : static void __tty_hangup(struct tty_struct *tty, int exit_session)
569 : {
570 0 : struct file *cons_filp = NULL;
571 0 : struct file *filp, *f;
572 0 : struct tty_file_private *priv;
573 0 : int closecount = 0, n;
574 0 : int refs;
575 :
576 0 : if (!tty)
577 0 : return;
578 :
579 0 : f = tty_release_redirect(tty);
580 :
581 0 : tty_lock(tty);
582 :
583 0 : if (test_bit(TTY_HUPPED, &tty->flags)) {
584 0 : tty_unlock(tty);
585 0 : return;
586 : }
587 :
588 : /*
589 : * Some console devices aren't actually hung up for technical and
590 : * historical reasons, which can lead to indefinite interruptible
591 : * sleep in n_tty_read(). The following explicitly tells
592 : * n_tty_read() to abort readers.
593 : */
594 0 : set_bit(TTY_HUPPING, &tty->flags);
595 :
596 : /* inuse_filps is protected by the single tty lock,
597 : * this really needs to change if we want to flush the
598 : * workqueue with the lock held.
599 : */
600 0 : check_tty_count(tty, "tty_hangup");
601 :
602 0 : spin_lock(&tty->files_lock);
603 : /* This breaks for file handles being sent over AF_UNIX sockets ? */
604 0 : list_for_each_entry(priv, &tty->tty_files, list) {
605 0 : filp = priv->file;
606 0 : if (filp->f_op->write_iter == redirected_tty_write)
607 0 : cons_filp = filp;
608 0 : if (filp->f_op->write_iter != tty_write)
609 0 : continue;
610 0 : closecount++;
611 0 : __tty_fasync(-1, filp, 0); /* can't block */
612 0 : filp->f_op = &hung_up_tty_fops;
613 0 : }
614 0 : spin_unlock(&tty->files_lock);
615 :
616 0 : refs = tty_signal_session_leader(tty, exit_session);
617 : /* Account for the p->signal references we killed */
618 0 : while (refs--)
619 0 : tty_kref_put(tty);
620 :
621 0 : tty_ldisc_hangup(tty, cons_filp != NULL);
622 :
623 0 : spin_lock_irq(&tty->ctrl.lock);
624 0 : clear_bit(TTY_THROTTLED, &tty->flags);
625 0 : clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
626 0 : put_pid(tty->ctrl.session);
627 0 : put_pid(tty->ctrl.pgrp);
628 0 : tty->ctrl.session = NULL;
629 0 : tty->ctrl.pgrp = NULL;
630 0 : tty->ctrl.pktstatus = 0;
631 0 : spin_unlock_irq(&tty->ctrl.lock);
632 :
633 : /*
634 : * If one of the devices matches a console pointer, we
635 : * cannot just call hangup() because that will cause
636 : * tty->count and state->count to go out of sync.
637 : * So we just call close() the right number of times.
638 : */
639 0 : if (cons_filp) {
640 0 : if (tty->ops->close)
641 0 : for (n = 0; n < closecount; n++)
642 0 : tty->ops->close(tty, cons_filp);
643 0 : } else if (tty->ops->hangup)
644 0 : tty->ops->hangup(tty);
645 : /*
646 : * We don't want to have driver/ldisc interactions beyond the ones
647 : * we did here. The driver layer expects no calls after ->hangup()
648 : * from the ldisc side, which is now guaranteed.
649 : */
650 0 : set_bit(TTY_HUPPED, &tty->flags);
651 0 : clear_bit(TTY_HUPPING, &tty->flags);
652 0 : tty_unlock(tty);
653 :
654 0 : if (f)
655 0 : fput(f);
656 0 : }
657 :
658 0 : static void do_tty_hangup(struct work_struct *work)
659 : {
660 0 : struct tty_struct *tty =
661 0 : container_of(work, struct tty_struct, hangup_work);
662 :
663 0 : __tty_hangup(tty, 0);
664 0 : }
665 :
666 : /**
667 : * tty_hangup - trigger a hangup event
668 : * @tty: tty to hangup
669 : *
670 : * A carrier loss (virtual or otherwise) has occurred on @tty. Schedule a
671 : * hangup sequence to run after this event.
672 : */
673 0 : void tty_hangup(struct tty_struct *tty)
674 : {
675 0 : tty_debug_hangup(tty, "hangup\n");
676 0 : schedule_work(&tty->hangup_work);
677 0 : }
678 : EXPORT_SYMBOL(tty_hangup);
679 :
680 : /**
681 : * tty_vhangup - process vhangup
682 : * @tty: tty to hangup
683 : *
684 : * The user has asked via system call for the terminal to be hung up. We do
685 : * this synchronously so that when the syscall returns the process is complete.
686 : * That guarantee is necessary for security reasons.
687 : */
688 0 : void tty_vhangup(struct tty_struct *tty)
689 : {
690 0 : tty_debug_hangup(tty, "vhangup\n");
691 0 : __tty_hangup(tty, 0);
692 0 : }
693 : EXPORT_SYMBOL(tty_vhangup);
694 :
695 :
696 : /**
697 : * tty_vhangup_self - process vhangup for own ctty
698 : *
699 : * Perform a vhangup on the current controlling tty
700 : */
701 0 : void tty_vhangup_self(void)
702 : {
703 0 : struct tty_struct *tty;
704 :
705 0 : tty = get_current_tty();
706 0 : if (tty) {
707 0 : tty_vhangup(tty);
708 0 : tty_kref_put(tty);
709 0 : }
710 0 : }
711 :
712 : /**
713 : * tty_vhangup_session - hangup session leader exit
714 : * @tty: tty to hangup
715 : *
716 : * The session leader is exiting and hanging up its controlling terminal.
717 : * Every process in the foreground process group is signalled %SIGHUP.
718 : *
719 : * We do this synchronously so that when the syscall returns the process is
720 : * complete. That guarantee is necessary for security reasons.
721 : */
722 0 : void tty_vhangup_session(struct tty_struct *tty)
723 : {
724 0 : tty_debug_hangup(tty, "session hangup\n");
725 0 : __tty_hangup(tty, 1);
726 0 : }
727 :
728 : /**
729 : * tty_hung_up_p - was tty hung up
730 : * @filp: file pointer of tty
731 : *
732 : * Return: true if the tty has been subject to a vhangup or a carrier loss
733 : */
734 148 : int tty_hung_up_p(struct file *filp)
735 : {
736 148 : return (filp && filp->f_op == &hung_up_tty_fops);
737 : }
738 : EXPORT_SYMBOL(tty_hung_up_p);
739 :
740 0 : void __stop_tty(struct tty_struct *tty)
741 : {
742 0 : if (tty->flow.stopped)
743 0 : return;
744 0 : tty->flow.stopped = true;
745 0 : if (tty->ops->stop)
746 0 : tty->ops->stop(tty);
747 0 : }
748 :
749 : /**
750 : * stop_tty - propagate flow control
751 : * @tty: tty to stop
752 : *
753 : * Perform flow control to the driver. May be called on an already stopped
754 : * device and will not re-call the &tty_driver->stop() method.
755 : *
756 : * This functionality is used by both the line disciplines for halting incoming
757 : * flow and by the driver. It may therefore be called from any context, may be
758 : * under the tty %atomic_write_lock but not always.
759 : *
760 : * Locking:
761 : * flow.lock
762 : */
763 0 : void stop_tty(struct tty_struct *tty)
764 : {
765 0 : guard(spinlock_irqsave)(&tty->flow.lock);
766 0 : __stop_tty(tty);
767 0 : }
768 : EXPORT_SYMBOL(stop_tty);
769 :
770 0 : void __start_tty(struct tty_struct *tty)
771 : {
772 0 : if (!tty->flow.stopped || tty->flow.tco_stopped)
773 0 : return;
774 0 : tty->flow.stopped = false;
775 0 : if (tty->ops->start)
776 0 : tty->ops->start(tty);
777 0 : tty_wakeup(tty);
778 0 : }
779 :
780 : /**
781 : * start_tty - propagate flow control
782 : * @tty: tty to start
783 : *
784 : * Start a tty that has been stopped if at all possible. If @tty was previously
785 : * stopped and is now being started, the &tty_driver->start() method is invoked
786 : * and the line discipline woken.
787 : *
788 : * Locking:
789 : * flow.lock
790 : */
791 0 : void start_tty(struct tty_struct *tty)
792 : {
793 0 : guard(spinlock_irqsave)(&tty->flow.lock);
794 0 : __start_tty(tty);
795 0 : }
796 : EXPORT_SYMBOL(start_tty);
797 :
798 56 : static void tty_update_time(struct tty_struct *tty, bool mtime)
799 : {
800 56 : time64_t sec = ktime_get_real_seconds();
801 56 : struct tty_file_private *priv;
802 :
803 56 : guard(spinlock)(&tty->files_lock);
804 :
805 138 : list_for_each_entry(priv, &tty->tty_files, list) {
806 82 : struct inode *inode = file_inode(priv->file);
807 82 : struct timespec64 time = mtime ? inode_get_mtime(inode) : inode_get_atime(inode);
808 :
809 : /*
810 : * We only care if the two values differ in anything other than the
811 : * lower three bits (i.e every 8 seconds). If so, then we can update
812 : * the time of the tty device, otherwise it could be construded as a
813 : * security leak to let userspace know the exact timing of the tty.
814 : */
815 82 : if ((sec ^ time.tv_sec) & ~7) {
816 11 : if (mtime)
817 9 : inode_set_mtime(inode, sec, 0);
818 : else
819 2 : inode_set_atime(inode, sec, 0);
820 11 : }
821 82 : }
822 56 : }
823 :
824 : /*
825 : * Iterate on the ldisc ->read() function until we've gotten all
826 : * the data the ldisc has for us.
827 : *
828 : * The "cookie" is something that the ldisc read function can fill
829 : * in to let us know that there is more data to be had.
830 : *
831 : * We promise to continue to call the ldisc until it stops returning
832 : * data or clears the cookie. The cookie may be something that the
833 : * ldisc maintains state for and needs to free.
834 : */
835 12 : static ssize_t iterate_tty_read(struct tty_ldisc *ld, struct tty_struct *tty,
836 : struct file *file, struct iov_iter *to)
837 : {
838 12 : void *cookie = NULL;
839 12 : unsigned long offset = 0;
840 12 : ssize_t retval = 0;
841 12 : size_t copied, count = iov_iter_count(to);
842 12 : u8 kernel_buf[64];
843 :
844 12 : do {
845 25 : ssize_t size = min(count, sizeof(kernel_buf));
846 :
847 25 : size = ld->ops->read(tty, file, kernel_buf, size, &cookie, offset);
848 25 : if (!size)
849 0 : break;
850 :
851 25 : if (size < 0) {
852 : /* Did we have an earlier error (ie -EFAULT)? */
853 0 : if (retval)
854 0 : break;
855 0 : retval = size;
856 :
857 : /*
858 : * -EOVERFLOW means we didn't have enough space
859 : * for a whole packet, and we shouldn't return
860 : * a partial result.
861 : */
862 0 : if (retval == -EOVERFLOW)
863 0 : offset = 0;
864 0 : break;
865 : }
866 :
867 25 : copied = copy_to_iter(kernel_buf, size, to);
868 25 : offset += copied;
869 25 : count -= copied;
870 :
871 : /*
872 : * If the user copy failed, we still need to do another ->read()
873 : * call if we had a cookie to let the ldisc clear up.
874 : *
875 : * But make sure size is zeroed.
876 : */
877 25 : if (unlikely(copied != size)) {
878 0 : count = 0;
879 0 : retval = -EFAULT;
880 0 : }
881 25 : } while (cookie);
882 :
883 : /* We always clear tty buffer in case they contained passwords */
884 12 : memzero_explicit(kernel_buf, sizeof(kernel_buf));
885 12 : return offset ? offset : retval;
886 12 : }
887 :
888 :
889 : /**
890 : * tty_read - read method for tty device files
891 : * @iocb: kernel I/O control block
892 : * @to: destination for the data read
893 : *
894 : * Perform the read system call function on this terminal device. Checks
895 : * for hung up devices before calling the line discipline method.
896 : *
897 : * Locking:
898 : * Locks the line discipline internally while needed. Multiple read calls
899 : * may be outstanding in parallel.
900 : */
901 12 : static ssize_t tty_read(struct kiocb *iocb, struct iov_iter *to)
902 : {
903 12 : struct file *file = iocb->ki_filp;
904 12 : struct inode *inode = file_inode(file);
905 12 : struct tty_struct *tty = file_tty(file);
906 12 : struct tty_ldisc *ld;
907 12 : ssize_t ret;
908 :
909 12 : if (tty_paranoia_check(tty, inode, "tty_read"))
910 0 : return -EIO;
911 12 : if (!tty || tty_io_error(tty))
912 0 : return -EIO;
913 :
914 : /* We want to wait for the line discipline to sort out in this
915 : * situation.
916 : */
917 12 : ld = tty_ldisc_ref_wait(tty);
918 12 : if (!ld)
919 0 : return hung_up_tty_read(iocb, to);
920 12 : ret = -EIO;
921 12 : if (ld->ops->read)
922 12 : ret = iterate_tty_read(ld, tty, file, to);
923 12 : tty_ldisc_deref(ld);
924 :
925 12 : if (ret > 0)
926 12 : tty_update_time(tty, false);
927 :
928 12 : return ret;
929 12 : }
930 :
931 44 : void tty_write_unlock(struct tty_struct *tty)
932 : {
933 44 : mutex_unlock(&tty->atomic_write_lock);
934 44 : wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT);
935 44 : }
936 :
937 43 : int tty_write_lock(struct tty_struct *tty, bool ndelay)
938 : {
939 43 : if (!mutex_trylock(&tty->atomic_write_lock)) {
940 0 : if (ndelay)
941 0 : return -EAGAIN;
942 0 : if (mutex_lock_interruptible(&tty->atomic_write_lock))
943 0 : return -ERESTARTSYS;
944 0 : }
945 43 : return 0;
946 43 : }
947 :
948 : /*
949 : * Split writes up in sane blocksizes to avoid
950 : * denial-of-service type attacks
951 : */
952 44 : static ssize_t iterate_tty_write(struct tty_ldisc *ld, struct tty_struct *tty,
953 : struct file *file, struct iov_iter *from)
954 : {
955 44 : size_t chunk, count = iov_iter_count(from);
956 44 : ssize_t ret, written = 0;
957 :
958 44 : ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
959 44 : if (ret < 0)
960 0 : return ret;
961 :
962 : /*
963 : * We chunk up writes into a temporary buffer. This
964 : * simplifies low-level drivers immensely, since they
965 : * don't have locking issues and user mode accesses.
966 : *
967 : * But if TTY_NO_WRITE_SPLIT is set, we should use a
968 : * big chunk-size..
969 : *
970 : * The default chunk-size is 2kB, because the NTTY
971 : * layer has problems with bigger chunks. It will
972 : * claim to be able to handle more characters than
973 : * it actually does.
974 : */
975 44 : chunk = 2048;
976 44 : if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
977 0 : chunk = 65536;
978 44 : if (count < chunk)
979 43 : chunk = count;
980 :
981 : /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
982 44 : if (tty->write_cnt < chunk) {
983 3 : u8 *buf_chunk;
984 :
985 3 : if (chunk < 1024)
986 3 : chunk = 1024;
987 :
988 3 : buf_chunk = kvmalloc(chunk, GFP_KERNEL | __GFP_RETRY_MAYFAIL);
989 3 : if (!buf_chunk) {
990 0 : ret = -ENOMEM;
991 0 : goto out;
992 : }
993 3 : kvfree(tty->write_buf);
994 3 : tty->write_cnt = chunk;
995 3 : tty->write_buf = buf_chunk;
996 3 : }
997 :
998 : /* Do the write .. */
999 45 : for (;;) {
1000 45 : size_t size = min(chunk, count);
1001 :
1002 45 : ret = -EFAULT;
1003 45 : if (copy_from_iter(tty->write_buf, size, from) != size)
1004 0 : break;
1005 :
1006 45 : ret = ld->ops->write(tty, file, tty->write_buf, size);
1007 45 : if (ret <= 0)
1008 0 : break;
1009 :
1010 45 : written += ret;
1011 45 : if (ret > size)
1012 0 : break;
1013 :
1014 : /* FIXME! Have Al check this! */
1015 45 : if (ret != size)
1016 0 : iov_iter_revert(from, size-ret);
1017 :
1018 45 : count -= ret;
1019 45 : if (!count)
1020 44 : break;
1021 1 : ret = -ERESTARTSYS;
1022 1 : if (signal_pending(current))
1023 0 : break;
1024 1 : cond_resched();
1025 45 : }
1026 88 : if (written) {
1027 44 : tty_update_time(tty, true);
1028 44 : ret = written;
1029 44 : }
1030 : out:
1031 44 : tty_write_unlock(tty);
1032 44 : return ret;
1033 44 : }
1034 :
1035 : #ifdef CONFIG_PRINT_QUOTA_WARNING
1036 : /**
1037 : * tty_write_message - write a message to a certain tty, not just the console.
1038 : * @tty: the destination tty_struct
1039 : * @msg: the message to write
1040 : *
1041 : * This is used for messages that need to be redirected to a specific tty. We
1042 : * don't put it into the syslog queue right now maybe in the future if really
1043 : * needed.
1044 : *
1045 : * We must still hold the BTM and test the CLOSING flag for the moment.
1046 : *
1047 : * This function is DEPRECATED, do not use in new code.
1048 : */
1049 : void tty_write_message(struct tty_struct *tty, char *msg)
1050 : {
1051 : if (tty) {
1052 : mutex_lock(&tty->atomic_write_lock);
1053 : tty_lock(tty);
1054 : if (tty->ops->write && tty->count > 0)
1055 : tty->ops->write(tty, msg, strlen(msg));
1056 : tty_unlock(tty);
1057 : tty_write_unlock(tty);
1058 : }
1059 : }
1060 : #endif
1061 :
1062 43 : static ssize_t file_tty_write(struct file *file, struct kiocb *iocb, struct iov_iter *from)
1063 : {
1064 43 : struct tty_struct *tty = file_tty(file);
1065 43 : struct tty_ldisc *ld;
1066 43 : ssize_t ret;
1067 :
1068 43 : if (tty_paranoia_check(tty, file_inode(file), "tty_write"))
1069 0 : return -EIO;
1070 43 : if (!tty || !tty->ops->write || tty_io_error(tty))
1071 0 : return -EIO;
1072 : /* Short term debug to catch buggy drivers */
1073 43 : if (tty->ops->write_room == NULL)
1074 0 : tty_err(tty, "missing write_room method\n");
1075 43 : ld = tty_ldisc_ref_wait(tty);
1076 43 : if (!ld)
1077 0 : return hung_up_tty_write(iocb, from);
1078 43 : if (!ld->ops->write)
1079 0 : ret = -EIO;
1080 : else
1081 43 : ret = iterate_tty_write(ld, tty, file, from);
1082 43 : tty_ldisc_deref(ld);
1083 43 : return ret;
1084 43 : }
1085 :
1086 : /**
1087 : * tty_write - write method for tty device file
1088 : * @iocb: kernel I/O control block
1089 : * @from: iov_iter with data to write
1090 : *
1091 : * Write data to a tty device via the line discipline.
1092 : *
1093 : * Locking:
1094 : * Locks the line discipline as required
1095 : * Writes to the tty driver are serialized by the atomic_write_lock
1096 : * and are then processed in chunks to the device. The line
1097 : * discipline write method will not be invoked in parallel for
1098 : * each device.
1099 : */
1100 43 : static ssize_t tty_write(struct kiocb *iocb, struct iov_iter *from)
1101 : {
1102 43 : return file_tty_write(iocb->ki_filp, iocb, from);
1103 : }
1104 :
1105 0 : ssize_t redirected_tty_write(struct kiocb *iocb, struct iov_iter *iter)
1106 : {
1107 0 : struct file *p = NULL;
1108 :
1109 0 : spin_lock(&redirect_lock);
1110 0 : if (redirect)
1111 0 : p = get_file(redirect);
1112 0 : spin_unlock(&redirect_lock);
1113 :
1114 : /*
1115 : * We know the redirected tty is just another tty, we can
1116 : * call file_tty_write() directly with that file pointer.
1117 : */
1118 0 : if (p) {
1119 0 : ssize_t res;
1120 :
1121 0 : res = file_tty_write(p, iocb, iter);
1122 0 : fput(p);
1123 0 : return res;
1124 0 : }
1125 0 : return tty_write(iocb, iter);
1126 0 : }
1127 :
1128 : /**
1129 : * tty_send_xchar - send priority character
1130 : * @tty: the tty to send to
1131 : * @ch: xchar to send
1132 : *
1133 : * Send a high priority character to the tty even if stopped.
1134 : *
1135 : * Locking: none for xchar method, write ordering for write method.
1136 : */
1137 0 : int tty_send_xchar(struct tty_struct *tty, u8 ch)
1138 : {
1139 0 : bool was_stopped = tty->flow.stopped;
1140 :
1141 0 : if (tty->ops->send_xchar) {
1142 0 : down_read(&tty->termios_rwsem);
1143 0 : tty->ops->send_xchar(tty, ch);
1144 0 : up_read(&tty->termios_rwsem);
1145 0 : return 0;
1146 : }
1147 :
1148 0 : if (tty_write_lock(tty, false) < 0)
1149 0 : return -ERESTARTSYS;
1150 :
1151 0 : down_read(&tty->termios_rwsem);
1152 0 : if (was_stopped)
1153 0 : start_tty(tty);
1154 0 : tty->ops->write(tty, &ch, 1);
1155 0 : if (was_stopped)
1156 0 : stop_tty(tty);
1157 0 : up_read(&tty->termios_rwsem);
1158 0 : tty_write_unlock(tty);
1159 0 : return 0;
1160 0 : }
1161 :
1162 : /**
1163 : * pty_line_name - generate name for a pty
1164 : * @driver: the tty driver in use
1165 : * @index: the minor number
1166 : * @p: output buffer of at least 6 bytes
1167 : *
1168 : * Generate a name from a @driver reference and write it to the output buffer
1169 : * @p.
1170 : *
1171 : * Locking: None
1172 : */
1173 0 : static void pty_line_name(struct tty_driver *driver, int index, char *p)
1174 : {
1175 : static const char ptychar[] = "pqrstuvwxyzabcde";
1176 0 : int i = index + driver->name_base;
1177 : /* ->name is initialized to "ttyp", but "tty" is expected */
1178 0 : sprintf(p, "%s%c%x",
1179 0 : driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1180 0 : ptychar[i >> 4 & 0xf], i & 0xf);
1181 0 : }
1182 :
1183 : /**
1184 : * tty_line_name - generate name for a tty
1185 : * @driver: the tty driver in use
1186 : * @index: the minor number
1187 : * @p: output buffer of at least 7 bytes
1188 : *
1189 : * Generate a name from a @driver reference and write it to the output buffer
1190 : * @p.
1191 : *
1192 : * Locking: None
1193 : */
1194 7 : static ssize_t tty_line_name(struct tty_driver *driver, int index, char *p)
1195 : {
1196 7 : if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE)
1197 7 : return sprintf(p, "%s", driver->name);
1198 : else
1199 0 : return sprintf(p, "%s%d", driver->name,
1200 0 : index + driver->name_base);
1201 7 : }
1202 :
1203 : /**
1204 : * tty_driver_lookup_tty() - find an existing tty, if any
1205 : * @driver: the driver for the tty
1206 : * @file: file object
1207 : * @idx: the minor number
1208 : *
1209 : * Return: the tty, if found. If not found, return %NULL or ERR_PTR() if the
1210 : * driver lookup() method returns an error.
1211 : *
1212 : * Locking: tty_mutex must be held. If the tty is found, bump the tty kref.
1213 : */
1214 6 : static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver,
1215 : struct file *file, int idx)
1216 : {
1217 6 : struct tty_struct *tty;
1218 :
1219 6 : if (driver->ops->lookup) {
1220 0 : if (!file)
1221 0 : tty = ERR_PTR(-EIO);
1222 : else
1223 0 : tty = driver->ops->lookup(driver, file, idx);
1224 0 : } else {
1225 6 : if (idx >= driver->num)
1226 0 : return ERR_PTR(-EINVAL);
1227 6 : tty = driver->ttys[idx];
1228 : }
1229 6 : if (!IS_ERR(tty))
1230 6 : tty_kref_get(tty);
1231 6 : return tty;
1232 6 : }
1233 :
1234 : /**
1235 : * tty_init_termios - helper for termios setup
1236 : * @tty: the tty to set up
1237 : *
1238 : * Initialise the termios structure for this tty. This runs under the
1239 : * %tty_mutex currently so we can be relaxed about ordering.
1240 : */
1241 6 : void tty_init_termios(struct tty_struct *tty)
1242 : {
1243 6 : struct ktermios *tp;
1244 6 : int idx = tty->index;
1245 :
1246 6 : if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1247 6 : tty->termios = tty->driver->init_termios;
1248 : else {
1249 : /* Check for lazy saved data */
1250 0 : tp = tty->driver->termios[idx];
1251 0 : if (tp != NULL) {
1252 0 : tty->termios = *tp;
1253 0 : tty->termios.c_line = tty->driver->init_termios.c_line;
1254 0 : } else
1255 0 : tty->termios = tty->driver->init_termios;
1256 : }
1257 : /* Compatibility until drivers always set this */
1258 6 : tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios);
1259 6 : tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios);
1260 6 : }
1261 : EXPORT_SYMBOL_GPL(tty_init_termios);
1262 :
1263 : /**
1264 : * tty_standard_install - usual tty->ops->install
1265 : * @driver: the driver for the tty
1266 : * @tty: the tty
1267 : *
1268 : * If the @driver overrides @tty->ops->install, it still can call this function
1269 : * to perform the standard install operations.
1270 : */
1271 6 : int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty)
1272 : {
1273 6 : tty_init_termios(tty);
1274 6 : tty_driver_kref_get(driver);
1275 6 : tty->count++;
1276 6 : driver->ttys[tty->index] = tty;
1277 6 : return 0;
1278 : }
1279 : EXPORT_SYMBOL_GPL(tty_standard_install);
1280 :
1281 : /**
1282 : * tty_driver_install_tty() - install a tty entry in the driver
1283 : * @driver: the driver for the tty
1284 : * @tty: the tty
1285 : *
1286 : * Install a tty object into the driver tables. The @tty->index field will be
1287 : * set by the time this is called. This method is responsible for ensuring any
1288 : * need additional structures are allocated and configured.
1289 : *
1290 : * Locking: tty_mutex for now
1291 : */
1292 6 : static int tty_driver_install_tty(struct tty_driver *driver,
1293 : struct tty_struct *tty)
1294 : {
1295 6 : return driver->ops->install ? driver->ops->install(driver, tty) :
1296 6 : tty_standard_install(driver, tty);
1297 : }
1298 :
1299 : /**
1300 : * tty_driver_remove_tty() - remove a tty from the driver tables
1301 : * @driver: the driver for the tty
1302 : * @tty: tty to remove
1303 : *
1304 : * Remove a tty object from the driver tables. The tty->index field will be set
1305 : * by the time this is called.
1306 : *
1307 : * Locking: tty_mutex for now
1308 : */
1309 6 : static void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty)
1310 : {
1311 6 : if (driver->ops->remove)
1312 0 : driver->ops->remove(driver, tty);
1313 : else
1314 6 : driver->ttys[tty->index] = NULL;
1315 6 : }
1316 :
1317 : /**
1318 : * tty_reopen() - fast re-open of an open tty
1319 : * @tty: the tty to open
1320 : *
1321 : * Re-opens on master ptys are not allowed and return -%EIO.
1322 : *
1323 : * Locking: Caller must hold tty_lock
1324 : * Return: 0 on success, -errno on error.
1325 : */
1326 0 : static int tty_reopen(struct tty_struct *tty)
1327 : {
1328 0 : struct tty_driver *driver = tty->driver;
1329 0 : struct tty_ldisc *ld;
1330 0 : int retval = 0;
1331 :
1332 0 : if (driver->type == TTY_DRIVER_TYPE_PTY &&
1333 0 : driver->subtype == PTY_TYPE_MASTER)
1334 0 : return -EIO;
1335 :
1336 0 : if (!tty->count)
1337 0 : return -EAGAIN;
1338 :
1339 0 : if (test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN))
1340 0 : return -EBUSY;
1341 :
1342 0 : ld = tty_ldisc_ref_wait(tty);
1343 0 : if (ld) {
1344 0 : tty_ldisc_deref(ld);
1345 0 : } else {
1346 0 : retval = tty_ldisc_lock(tty, 5 * HZ);
1347 0 : if (retval)
1348 0 : return retval;
1349 :
1350 0 : if (!tty->ldisc)
1351 0 : retval = tty_ldisc_reinit(tty, tty->termios.c_line);
1352 0 : tty_ldisc_unlock(tty);
1353 : }
1354 :
1355 0 : if (retval == 0)
1356 0 : tty->count++;
1357 :
1358 0 : return retval;
1359 0 : }
1360 :
1361 : /**
1362 : * tty_init_dev - initialise a tty device
1363 : * @driver: tty driver we are opening a device on
1364 : * @idx: device index
1365 : *
1366 : * Prepare a tty device. This may not be a "new" clean device but could also be
1367 : * an active device. The pty drivers require special handling because of this.
1368 : *
1369 : * Locking:
1370 : * The function is called under the tty_mutex, which protects us from the
1371 : * tty struct or driver itself going away.
1372 : *
1373 : * On exit the tty device has the line discipline attached and a reference
1374 : * count of 1. If a pair was created for pty/tty use and the other was a pty
1375 : * master then it too has a reference count of 1.
1376 : *
1377 : * WSH 06/09/97: Rewritten to remove races and properly clean up after a failed
1378 : * open. The new code protects the open with a mutex, so it's really quite
1379 : * straightforward. The mutex locking can probably be relaxed for the (most
1380 : * common) case of reopening a tty.
1381 : *
1382 : * Return: new tty structure
1383 : */
1384 6 : struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx)
1385 : {
1386 6 : struct tty_struct *tty;
1387 6 : int retval;
1388 :
1389 : /*
1390 : * First time open is complex, especially for PTY devices.
1391 : * This code guarantees that either everything succeeds and the
1392 : * TTY is ready for operation, or else the table slots are vacated
1393 : * and the allocated memory released. (Except that the termios
1394 : * may be retained.)
1395 : */
1396 :
1397 6 : if (!try_module_get(driver->owner))
1398 0 : return ERR_PTR(-ENODEV);
1399 :
1400 6 : tty = alloc_tty_struct(driver, idx);
1401 6 : if (!tty) {
1402 0 : retval = -ENOMEM;
1403 0 : goto err_module_put;
1404 : }
1405 :
1406 6 : tty_lock(tty);
1407 6 : retval = tty_driver_install_tty(driver, tty);
1408 6 : if (retval < 0)
1409 0 : goto err_free_tty;
1410 :
1411 6 : if (!tty->port)
1412 6 : tty->port = driver->ports[idx];
1413 :
1414 6 : if (WARN_RATELIMIT(!tty->port,
1415 : "%s: %s driver does not set tty->port. This would crash the kernel. Fix the driver!\n",
1416 : __func__, tty->driver->name)) {
1417 0 : retval = -EINVAL;
1418 0 : goto err_release_lock;
1419 : }
1420 :
1421 6 : retval = tty_ldisc_lock(tty, 5 * HZ);
1422 6 : if (retval)
1423 0 : goto err_release_lock;
1424 6 : tty->port->itty = tty;
1425 :
1426 : /*
1427 : * Structures all installed ... call the ldisc open routines.
1428 : * If we fail here just call release_tty to clean up. No need
1429 : * to decrement the use counts, as release_tty doesn't care.
1430 : */
1431 6 : retval = tty_ldisc_setup(tty, tty->link);
1432 6 : if (retval)
1433 0 : goto err_release_tty;
1434 6 : tty_ldisc_unlock(tty);
1435 : /* Return the tty locked so that it cannot vanish under the caller */
1436 6 : return tty;
1437 :
1438 : err_free_tty:
1439 0 : tty_unlock(tty);
1440 0 : free_tty_struct(tty);
1441 : err_module_put:
1442 0 : module_put(driver->owner);
1443 0 : return ERR_PTR(retval);
1444 :
1445 : /* call the tty release_tty routine to clean out this slot */
1446 : err_release_tty:
1447 0 : tty_ldisc_unlock(tty);
1448 0 : tty_info_ratelimited(tty, "ldisc open failed (%d), clearing slot %d\n",
1449 : retval, idx);
1450 : err_release_lock:
1451 0 : tty_unlock(tty);
1452 0 : release_tty(tty, idx);
1453 0 : return ERR_PTR(retval);
1454 6 : }
1455 :
1456 : /**
1457 : * tty_save_termios() - save tty termios data in driver table
1458 : * @tty: tty whose termios data to save
1459 : *
1460 : * Locking: Caller guarantees serialisation with tty_init_termios().
1461 : */
1462 6 : void tty_save_termios(struct tty_struct *tty)
1463 : {
1464 6 : struct ktermios *tp;
1465 6 : int idx = tty->index;
1466 :
1467 : /* If the port is going to reset then it has no termios to save */
1468 6 : if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1469 6 : return;
1470 :
1471 : /* Stash the termios data */
1472 0 : tp = tty->driver->termios[idx];
1473 0 : if (tp == NULL) {
1474 0 : tp = kmalloc(sizeof(*tp), GFP_KERNEL);
1475 0 : if (tp == NULL)
1476 0 : return;
1477 0 : tty->driver->termios[idx] = tp;
1478 0 : }
1479 0 : *tp = tty->termios;
1480 6 : }
1481 : EXPORT_SYMBOL_GPL(tty_save_termios);
1482 :
1483 : /**
1484 : * tty_flush_works - flush all works of a tty/pty pair
1485 : * @tty: tty device to flush works for (or either end of a pty pair)
1486 : *
1487 : * Sync flush all works belonging to @tty (and the 'other' tty).
1488 : */
1489 6 : static void tty_flush_works(struct tty_struct *tty)
1490 : {
1491 6 : flush_work(&tty->SAK_work);
1492 6 : flush_work(&tty->hangup_work);
1493 6 : if (tty->link) {
1494 0 : flush_work(&tty->link->SAK_work);
1495 0 : flush_work(&tty->link->hangup_work);
1496 0 : }
1497 6 : }
1498 :
1499 : /**
1500 : * release_one_tty - release tty structure memory
1501 : * @work: work of tty we are obliterating
1502 : *
1503 : * Releases memory associated with a tty structure, and clears out the
1504 : * driver table slots. This function is called when a device is no longer
1505 : * in use. It also gets called when setup of a device fails.
1506 : *
1507 : * Locking:
1508 : * takes the file list lock internally when working on the list of ttys
1509 : * that the driver keeps.
1510 : *
1511 : * This method gets called from a work queue so that the driver private
1512 : * cleanup ops can sleep (needed for USB at least)
1513 : */
1514 6 : static void release_one_tty(struct work_struct *work)
1515 : {
1516 12 : struct tty_struct *tty =
1517 6 : container_of(work, struct tty_struct, hangup_work);
1518 6 : struct tty_driver *driver = tty->driver;
1519 6 : struct module *owner = driver->owner;
1520 :
1521 6 : if (tty->ops->cleanup)
1522 0 : tty->ops->cleanup(tty);
1523 :
1524 6 : tty_driver_kref_put(driver);
1525 6 : module_put(owner);
1526 :
1527 6 : spin_lock(&tty->files_lock);
1528 6 : list_del_init(&tty->tty_files);
1529 6 : spin_unlock(&tty->files_lock);
1530 :
1531 6 : put_pid(tty->ctrl.pgrp);
1532 6 : put_pid(tty->ctrl.session);
1533 6 : free_tty_struct(tty);
1534 6 : }
1535 :
1536 6 : static void queue_release_one_tty(struct kref *kref)
1537 : {
1538 6 : struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
1539 :
1540 : /* The hangup queue is now free so we can reuse it rather than
1541 : * waste a chunk of memory for each port.
1542 : */
1543 6 : INIT_WORK(&tty->hangup_work, release_one_tty);
1544 6 : schedule_work(&tty->hangup_work);
1545 6 : }
1546 :
1547 : /**
1548 : * tty_kref_put - release a tty kref
1549 : * @tty: tty device
1550 : *
1551 : * Release a reference to the @tty device and if need be let the kref layer
1552 : * destruct the object for us.
1553 : */
1554 156 : void tty_kref_put(struct tty_struct *tty)
1555 : {
1556 156 : if (tty)
1557 127 : kref_put(&tty->kref, queue_release_one_tty);
1558 156 : }
1559 : EXPORT_SYMBOL(tty_kref_put);
1560 :
1561 : /**
1562 : * release_tty - release tty structure memory
1563 : * @tty: tty device release
1564 : * @idx: index of the tty device release
1565 : *
1566 : * Release both @tty and a possible linked partner (think pty pair),
1567 : * and decrement the refcount of the backing module.
1568 : *
1569 : * Locking:
1570 : * tty_mutex
1571 : * takes the file list lock internally when working on the list of ttys
1572 : * that the driver keeps.
1573 : */
1574 6 : static void release_tty(struct tty_struct *tty, int idx)
1575 : {
1576 : /* This should always be true but check for the moment */
1577 6 : WARN_ON(tty->index != idx);
1578 6 : WARN_ON(!mutex_is_locked(&tty_mutex));
1579 6 : if (tty->ops->shutdown)
1580 0 : tty->ops->shutdown(tty);
1581 6 : tty_save_termios(tty);
1582 6 : tty_driver_remove_tty(tty->driver, tty);
1583 6 : if (tty->port)
1584 6 : tty->port->itty = NULL;
1585 6 : if (tty->link)
1586 0 : tty->link->port->itty = NULL;
1587 6 : if (tty->port)
1588 6 : tty_buffer_cancel_work(tty->port);
1589 6 : if (tty->link)
1590 0 : tty_buffer_cancel_work(tty->link->port);
1591 :
1592 6 : tty_kref_put(tty->link);
1593 6 : tty_kref_put(tty);
1594 6 : }
1595 :
1596 : /**
1597 : * tty_release_checks - check a tty before real release
1598 : * @tty: tty to check
1599 : * @idx: index of the tty
1600 : *
1601 : * Performs some paranoid checking before true release of the @tty. This is a
1602 : * no-op unless %TTY_PARANOIA_CHECK is defined.
1603 : */
1604 6 : static int tty_release_checks(struct tty_struct *tty, int idx)
1605 : {
1606 : #ifdef TTY_PARANOIA_CHECK
1607 6 : if (idx < 0 || idx >= tty->driver->num) {
1608 0 : tty_debug(tty, "bad idx %d\n", idx);
1609 0 : return -1;
1610 : }
1611 :
1612 : /* not much to check for devpts */
1613 6 : if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)
1614 0 : return 0;
1615 :
1616 6 : if (tty != tty->driver->ttys[idx]) {
1617 0 : tty_debug(tty, "bad driver table[%d] = %p\n",
1618 : idx, tty->driver->ttys[idx]);
1619 0 : return -1;
1620 : }
1621 6 : if (tty->driver->other) {
1622 0 : struct tty_struct *o_tty = tty->link;
1623 :
1624 0 : if (o_tty != tty->driver->other->ttys[idx]) {
1625 0 : tty_debug(tty, "bad other table[%d] = %p\n",
1626 : idx, tty->driver->other->ttys[idx]);
1627 0 : return -1;
1628 : }
1629 0 : if (o_tty->link != tty) {
1630 0 : tty_debug(tty, "bad link = %p\n", o_tty->link);
1631 0 : return -1;
1632 : }
1633 0 : }
1634 : #endif
1635 6 : return 0;
1636 6 : }
1637 :
1638 : /**
1639 : * tty_kclose - closes tty opened by tty_kopen
1640 : * @tty: tty device
1641 : *
1642 : * Performs the final steps to release and free a tty device. It is the same as
1643 : * tty_release_struct() except that it also resets %TTY_PORT_KOPENED flag on
1644 : * @tty->port.
1645 : */
1646 0 : void tty_kclose(struct tty_struct *tty)
1647 : {
1648 : /*
1649 : * Ask the line discipline code to release its structures
1650 : */
1651 0 : tty_ldisc_release(tty);
1652 :
1653 : /* Wait for pending work before tty destruction commences */
1654 0 : tty_flush_works(tty);
1655 :
1656 0 : tty_debug_hangup(tty, "freeing structure\n");
1657 : /*
1658 : * The release_tty function takes care of the details of clearing
1659 : * the slots and preserving the termios structure.
1660 : */
1661 0 : mutex_lock(&tty_mutex);
1662 0 : tty_port_set_kopened(tty->port, 0);
1663 0 : release_tty(tty, tty->index);
1664 0 : mutex_unlock(&tty_mutex);
1665 0 : }
1666 : EXPORT_SYMBOL_GPL(tty_kclose);
1667 :
1668 : /**
1669 : * tty_release_struct - release a tty struct
1670 : * @tty: tty device
1671 : * @idx: index of the tty
1672 : *
1673 : * Performs the final steps to release and free a tty device. It is roughly the
1674 : * reverse of tty_init_dev().
1675 : */
1676 6 : void tty_release_struct(struct tty_struct *tty, int idx)
1677 : {
1678 : /*
1679 : * Ask the line discipline code to release its structures
1680 : */
1681 6 : tty_ldisc_release(tty);
1682 :
1683 : /* Wait for pending work before tty destruction commmences */
1684 6 : tty_flush_works(tty);
1685 :
1686 6 : tty_debug_hangup(tty, "freeing structure\n");
1687 : /*
1688 : * The release_tty function takes care of the details of clearing
1689 : * the slots and preserving the termios structure.
1690 : */
1691 6 : mutex_lock(&tty_mutex);
1692 6 : release_tty(tty, idx);
1693 6 : mutex_unlock(&tty_mutex);
1694 6 : }
1695 : EXPORT_SYMBOL_GPL(tty_release_struct);
1696 :
1697 : /**
1698 : * tty_release - vfs callback for close
1699 : * @inode: inode of tty
1700 : * @filp: file pointer for handle to tty
1701 : *
1702 : * Called the last time each file handle is closed that references this tty.
1703 : * There may however be several such references.
1704 : *
1705 : * Locking:
1706 : * Takes BKL. See tty_release_dev().
1707 : *
1708 : * Even releasing the tty structures is a tricky business. We have to be very
1709 : * careful that the structures are all released at the same time, as interrupts
1710 : * might otherwise get the wrong pointers.
1711 : *
1712 : * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1713 : * lead to double frees or releasing memory still in use.
1714 : */
1715 6 : int tty_release(struct inode *inode, struct file *filp)
1716 : {
1717 6 : struct tty_struct *tty = file_tty(filp);
1718 6 : struct tty_struct *o_tty = NULL;
1719 6 : int do_sleep, final;
1720 6 : int idx;
1721 6 : long timeout = 0;
1722 6 : int once = 1;
1723 :
1724 6 : if (tty_paranoia_check(tty, inode, __func__))
1725 0 : return 0;
1726 :
1727 6 : tty_lock(tty);
1728 6 : check_tty_count(tty, __func__);
1729 :
1730 6 : __tty_fasync(-1, filp, 0);
1731 :
1732 6 : idx = tty->index;
1733 6 : if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1734 0 : tty->driver->subtype == PTY_TYPE_MASTER)
1735 0 : o_tty = tty->link;
1736 :
1737 6 : if (tty_release_checks(tty, idx)) {
1738 0 : tty_unlock(tty);
1739 0 : return 0;
1740 : }
1741 :
1742 6 : tty_debug_hangup(tty, "releasing (count=%d)\n", tty->count);
1743 :
1744 6 : if (tty->ops->close)
1745 6 : tty->ops->close(tty, filp);
1746 :
1747 : /* If tty is pty master, lock the slave pty (stable lock order) */
1748 6 : tty_lock_slave(o_tty);
1749 :
1750 : /*
1751 : * Sanity check: if tty->count is going to zero, there shouldn't be
1752 : * any waiters on tty->read_wait or tty->write_wait. We test the
1753 : * wait queues and kick everyone out _before_ actually starting to
1754 : * close. This ensures that we won't block while releasing the tty
1755 : * structure.
1756 : *
1757 : * The test for the o_tty closing is necessary, since the master and
1758 : * slave sides may close in any order. If the slave side closes out
1759 : * first, its count will be one, since the master side holds an open.
1760 : * Thus this test wouldn't be triggered at the time the slave closed,
1761 : * so we do it now.
1762 : */
1763 6 : while (1) {
1764 6 : do_sleep = 0;
1765 :
1766 6 : if (tty->count <= 1) {
1767 6 : if (waitqueue_active(&tty->read_wait)) {
1768 0 : wake_up_poll(&tty->read_wait, EPOLLIN);
1769 0 : do_sleep++;
1770 0 : }
1771 6 : if (waitqueue_active(&tty->write_wait)) {
1772 0 : wake_up_poll(&tty->write_wait, EPOLLOUT);
1773 0 : do_sleep++;
1774 0 : }
1775 6 : }
1776 6 : if (o_tty && o_tty->count <= 1) {
1777 0 : if (waitqueue_active(&o_tty->read_wait)) {
1778 0 : wake_up_poll(&o_tty->read_wait, EPOLLIN);
1779 0 : do_sleep++;
1780 0 : }
1781 0 : if (waitqueue_active(&o_tty->write_wait)) {
1782 0 : wake_up_poll(&o_tty->write_wait, EPOLLOUT);
1783 0 : do_sleep++;
1784 0 : }
1785 0 : }
1786 6 : if (!do_sleep)
1787 6 : break;
1788 :
1789 0 : if (once) {
1790 0 : once = 0;
1791 0 : tty_warn(tty, "read/write wait queue active!\n");
1792 0 : }
1793 0 : schedule_timeout_killable(timeout);
1794 0 : if (timeout < 120 * HZ)
1795 0 : timeout = 2 * timeout + 1;
1796 : else
1797 0 : timeout = MAX_SCHEDULE_TIMEOUT;
1798 : }
1799 :
1800 6 : if (o_tty) {
1801 0 : if (--o_tty->count < 0) {
1802 0 : tty_warn(tty, "bad slave count (%d)\n", o_tty->count);
1803 0 : o_tty->count = 0;
1804 0 : }
1805 0 : }
1806 6 : if (--tty->count < 0) {
1807 0 : tty_warn(tty, "bad tty->count (%d)\n", tty->count);
1808 0 : tty->count = 0;
1809 0 : }
1810 :
1811 : /*
1812 : * We've decremented tty->count, so we need to remove this file
1813 : * descriptor off the tty->tty_files list; this serves two
1814 : * purposes:
1815 : * - check_tty_count sees the correct number of file descriptors
1816 : * associated with this tty.
1817 : * - do_tty_hangup no longer sees this file descriptor as
1818 : * something that needs to be handled for hangups.
1819 : */
1820 6 : tty_del_file(filp);
1821 :
1822 : /*
1823 : * Perform some housekeeping before deciding whether to return.
1824 : *
1825 : * If _either_ side is closing, make sure there aren't any
1826 : * processes that still think tty or o_tty is their controlling
1827 : * tty.
1828 : */
1829 6 : if (!tty->count) {
1830 6 : read_lock(&tasklist_lock);
1831 6 : session_clear_tty(tty->ctrl.session);
1832 6 : if (o_tty)
1833 0 : session_clear_tty(o_tty->ctrl.session);
1834 6 : read_unlock(&tasklist_lock);
1835 6 : }
1836 :
1837 : /* check whether both sides are closing ... */
1838 6 : final = !tty->count && !(o_tty && o_tty->count);
1839 :
1840 6 : tty_unlock_slave(o_tty);
1841 6 : tty_unlock(tty);
1842 :
1843 : /* At this point, the tty->count == 0 should ensure a dead tty
1844 : * cannot be re-opened by a racing opener.
1845 : */
1846 :
1847 6 : if (!final)
1848 0 : return 0;
1849 :
1850 6 : tty_debug_hangup(tty, "final close\n");
1851 :
1852 6 : tty_release_struct(tty, idx);
1853 6 : return 0;
1854 6 : }
1855 :
1856 : /**
1857 : * tty_open_current_tty - get locked tty of current task
1858 : * @device: device number
1859 : * @filp: file pointer to tty
1860 : * @return: locked tty of the current task iff @device is /dev/tty
1861 : *
1862 : * Performs a re-open of the current task's controlling tty.
1863 : *
1864 : * We cannot return driver and index like for the other nodes because devpts
1865 : * will not work then. It expects inodes to be from devpts FS.
1866 : */
1867 6 : static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp)
1868 : {
1869 6 : struct tty_struct *tty;
1870 6 : int retval;
1871 :
1872 6 : if (device != MKDEV(TTYAUX_MAJOR, 0))
1873 6 : return NULL;
1874 :
1875 0 : tty = get_current_tty();
1876 0 : if (!tty)
1877 0 : return ERR_PTR(-ENXIO);
1878 :
1879 0 : filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
1880 : /* noctty = 1; */
1881 0 : tty_lock(tty);
1882 0 : tty_kref_put(tty); /* safe to drop the kref now */
1883 :
1884 0 : retval = tty_reopen(tty);
1885 0 : if (retval < 0) {
1886 0 : tty_unlock(tty);
1887 0 : tty = ERR_PTR(retval);
1888 0 : }
1889 0 : return tty;
1890 6 : }
1891 :
1892 : /**
1893 : * tty_lookup_driver - lookup a tty driver for a given device file
1894 : * @device: device number
1895 : * @filp: file pointer to tty
1896 : * @index: index for the device in the @return driver
1897 : *
1898 : * If returned value is not erroneous, the caller is responsible to decrement
1899 : * the refcount by tty_driver_kref_put().
1900 : *
1901 : * Locking: %tty_mutex protects get_tty_driver()
1902 : *
1903 : * Return: driver for this inode (with increased refcount)
1904 : */
1905 6 : static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp,
1906 : int *index)
1907 : {
1908 6 : struct tty_driver *driver = NULL;
1909 :
1910 6 : switch (device) {
1911 : #ifdef CONFIG_VT
1912 : case MKDEV(TTY_MAJOR, 0): {
1913 : extern struct tty_driver *console_driver;
1914 :
1915 0 : driver = tty_driver_kref_get(console_driver);
1916 0 : *index = fg_console;
1917 0 : break;
1918 : }
1919 : #endif
1920 : case MKDEV(TTYAUX_MAJOR, 1): {
1921 0 : struct tty_driver *console_driver = console_device(index);
1922 :
1923 0 : if (console_driver) {
1924 0 : driver = tty_driver_kref_get(console_driver);
1925 0 : if (driver && filp) {
1926 : /* Don't let /dev/console block */
1927 0 : filp->f_flags |= O_NONBLOCK;
1928 0 : break;
1929 : }
1930 0 : }
1931 0 : if (driver)
1932 0 : tty_driver_kref_put(driver);
1933 0 : return ERR_PTR(-ENODEV);
1934 0 : }
1935 : default:
1936 6 : driver = get_tty_driver(device, index);
1937 6 : if (!driver)
1938 0 : return ERR_PTR(-ENODEV);
1939 6 : break;
1940 : }
1941 6 : return driver;
1942 6 : }
1943 :
1944 0 : static struct tty_struct *tty_kopen(dev_t device, int shared)
1945 : {
1946 0 : struct tty_struct *tty;
1947 0 : struct tty_driver *driver;
1948 0 : int index = -1;
1949 :
1950 0 : mutex_lock(&tty_mutex);
1951 0 : driver = tty_lookup_driver(device, NULL, &index);
1952 0 : if (IS_ERR(driver)) {
1953 0 : mutex_unlock(&tty_mutex);
1954 0 : return ERR_CAST(driver);
1955 : }
1956 :
1957 : /* check whether we're reopening an existing tty */
1958 0 : tty = tty_driver_lookup_tty(driver, NULL, index);
1959 0 : if (IS_ERR(tty) || shared)
1960 0 : goto out;
1961 :
1962 0 : if (tty) {
1963 : /* drop kref from tty_driver_lookup_tty() */
1964 0 : tty_kref_put(tty);
1965 0 : tty = ERR_PTR(-EBUSY);
1966 0 : } else { /* tty_init_dev returns tty with the tty_lock held */
1967 0 : tty = tty_init_dev(driver, index);
1968 0 : if (IS_ERR(tty))
1969 0 : goto out;
1970 0 : tty_port_set_kopened(tty->port, 1);
1971 : }
1972 : out:
1973 0 : mutex_unlock(&tty_mutex);
1974 0 : tty_driver_kref_put(driver);
1975 0 : return tty;
1976 0 : }
1977 :
1978 : /**
1979 : * tty_kopen_exclusive - open a tty device for kernel
1980 : * @device: dev_t of device to open
1981 : *
1982 : * Opens tty exclusively for kernel. Performs the driver lookup, makes sure
1983 : * it's not already opened and performs the first-time tty initialization.
1984 : *
1985 : * Claims the global %tty_mutex to serialize:
1986 : * * concurrent first-time tty initialization
1987 : * * concurrent tty driver removal w/ lookup
1988 : * * concurrent tty removal from driver table
1989 : *
1990 : * Return: the locked initialized &tty_struct
1991 : */
1992 0 : struct tty_struct *tty_kopen_exclusive(dev_t device)
1993 : {
1994 0 : return tty_kopen(device, 0);
1995 : }
1996 : EXPORT_SYMBOL_GPL(tty_kopen_exclusive);
1997 :
1998 : /**
1999 : * tty_kopen_shared - open a tty device for shared in-kernel use
2000 : * @device: dev_t of device to open
2001 : *
2002 : * Opens an already existing tty for in-kernel use. Compared to
2003 : * tty_kopen_exclusive() above it doesn't ensure to be the only user.
2004 : *
2005 : * Locking: identical to tty_kopen() above.
2006 : */
2007 0 : struct tty_struct *tty_kopen_shared(dev_t device)
2008 : {
2009 0 : return tty_kopen(device, 1);
2010 : }
2011 : EXPORT_SYMBOL_GPL(tty_kopen_shared);
2012 :
2013 : /**
2014 : * tty_open_by_driver - open a tty device
2015 : * @device: dev_t of device to open
2016 : * @filp: file pointer to tty
2017 : *
2018 : * Performs the driver lookup, checks for a reopen, or otherwise performs the
2019 : * first-time tty initialization.
2020 : *
2021 : *
2022 : * Claims the global tty_mutex to serialize:
2023 : * * concurrent first-time tty initialization
2024 : * * concurrent tty driver removal w/ lookup
2025 : * * concurrent tty removal from driver table
2026 : *
2027 : * Return: the locked initialized or re-opened &tty_struct
2028 : */
2029 6 : static struct tty_struct *tty_open_by_driver(dev_t device,
2030 : struct file *filp)
2031 : {
2032 6 : struct tty_struct *tty;
2033 6 : struct tty_driver *driver = NULL;
2034 6 : int index = -1;
2035 6 : int retval;
2036 :
2037 6 : mutex_lock(&tty_mutex);
2038 6 : driver = tty_lookup_driver(device, filp, &index);
2039 6 : if (IS_ERR(driver)) {
2040 0 : mutex_unlock(&tty_mutex);
2041 0 : return ERR_CAST(driver);
2042 : }
2043 :
2044 : /* check whether we're reopening an existing tty */
2045 6 : tty = tty_driver_lookup_tty(driver, filp, index);
2046 6 : if (IS_ERR(tty)) {
2047 0 : mutex_unlock(&tty_mutex);
2048 0 : goto out;
2049 : }
2050 :
2051 12 : if (tty) {
2052 0 : if (tty_port_kopened(tty->port)) {
2053 0 : tty_kref_put(tty);
2054 0 : mutex_unlock(&tty_mutex);
2055 0 : tty = ERR_PTR(-EBUSY);
2056 0 : goto out;
2057 : }
2058 0 : mutex_unlock(&tty_mutex);
2059 0 : retval = tty_lock_interruptible(tty);
2060 0 : tty_kref_put(tty); /* drop kref from tty_driver_lookup_tty() */
2061 0 : if (retval) {
2062 0 : if (retval == -EINTR)
2063 0 : retval = -ERESTARTSYS;
2064 0 : tty = ERR_PTR(retval);
2065 0 : goto out;
2066 : }
2067 0 : retval = tty_reopen(tty);
2068 0 : if (retval < 0) {
2069 0 : tty_unlock(tty);
2070 0 : tty = ERR_PTR(retval);
2071 0 : }
2072 0 : } else { /* Returns with the tty_lock held for now */
2073 6 : tty = tty_init_dev(driver, index);
2074 6 : mutex_unlock(&tty_mutex);
2075 : }
2076 : out:
2077 6 : tty_driver_kref_put(driver);
2078 6 : return tty;
2079 6 : }
2080 :
2081 : /**
2082 : * tty_open - open a tty device
2083 : * @inode: inode of device file
2084 : * @filp: file pointer to tty
2085 : *
2086 : * tty_open() and tty_release() keep up the tty count that contains the number
2087 : * of opens done on a tty. We cannot use the inode-count, as different inodes
2088 : * might point to the same tty.
2089 : *
2090 : * Open-counting is needed for pty masters, as well as for keeping track of
2091 : * serial lines: DTR is dropped when the last close happens.
2092 : * (This is not done solely through tty->count, now. - Ted 1/27/92)
2093 : *
2094 : * The termios state of a pty is reset on the first open so that settings don't
2095 : * persist across reuse.
2096 : *
2097 : * Locking:
2098 : * * %tty_mutex protects tty, tty_lookup_driver() and tty_init_dev().
2099 : * * @tty->count should protect the rest.
2100 : * * ->siglock protects ->signal/->sighand
2101 : *
2102 : * Note: the tty_unlock/lock cases without a ref are only safe due to %tty_mutex
2103 : */
2104 6 : static int tty_open(struct inode *inode, struct file *filp)
2105 : {
2106 6 : struct tty_struct *tty;
2107 6 : int noctty, retval;
2108 6 : dev_t device = inode->i_rdev;
2109 6 : unsigned saved_flags = filp->f_flags;
2110 :
2111 6 : nonseekable_open(inode, filp);
2112 :
2113 : retry_open:
2114 6 : retval = tty_alloc_file(filp);
2115 6 : if (retval)
2116 0 : return -ENOMEM;
2117 :
2118 6 : tty = tty_open_current_tty(device, filp);
2119 6 : if (!tty)
2120 6 : tty = tty_open_by_driver(device, filp);
2121 :
2122 6 : if (IS_ERR(tty)) {
2123 0 : tty_free_file(filp);
2124 0 : retval = PTR_ERR(tty);
2125 0 : if (retval != -EAGAIN || signal_pending(current))
2126 0 : return retval;
2127 0 : schedule();
2128 0 : goto retry_open;
2129 : }
2130 :
2131 6 : tty_add_file(tty, filp);
2132 :
2133 6 : check_tty_count(tty, __func__);
2134 6 : tty_debug_hangup(tty, "opening (count=%d)\n", tty->count);
2135 :
2136 6 : if (tty->ops->open)
2137 6 : retval = tty->ops->open(tty, filp);
2138 : else
2139 0 : retval = -ENODEV;
2140 6 : filp->f_flags = saved_flags;
2141 :
2142 6 : if (retval) {
2143 0 : tty_debug_hangup(tty, "open error %d, releasing\n", retval);
2144 :
2145 0 : tty_unlock(tty); /* need to call tty_release without BTM */
2146 0 : tty_release(inode, filp);
2147 0 : if (retval != -ERESTARTSYS)
2148 0 : return retval;
2149 :
2150 0 : if (signal_pending(current))
2151 0 : return retval;
2152 :
2153 0 : schedule();
2154 : /*
2155 : * Need to reset f_op in case a hangup happened.
2156 : */
2157 0 : if (tty_hung_up_p(filp))
2158 0 : filp->f_op = &tty_fops;
2159 0 : goto retry_open;
2160 : }
2161 6 : clear_bit(TTY_HUPPED, &tty->flags);
2162 :
2163 12 : noctty = (filp->f_flags & O_NOCTTY) ||
2164 6 : (IS_ENABLED(CONFIG_VT) && device == MKDEV(TTY_MAJOR, 0)) ||
2165 12 : device == MKDEV(TTYAUX_MAJOR, 1) ||
2166 6 : (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2167 0 : tty->driver->subtype == PTY_TYPE_MASTER);
2168 6 : if (!noctty)
2169 6 : tty_open_proc_set_tty(filp, tty);
2170 6 : tty_unlock(tty);
2171 6 : return 0;
2172 6 : }
2173 :
2174 :
2175 : /**
2176 : * tty_poll - check tty status
2177 : * @filp: file being polled
2178 : * @wait: poll wait structures to update
2179 : *
2180 : * Call the line discipline polling method to obtain the poll status of the
2181 : * device.
2182 : *
2183 : * Locking: locks called line discipline but ldisc poll method may be
2184 : * re-entered freely by other callers.
2185 : */
2186 85 : static __poll_t tty_poll(struct file *filp, poll_table *wait)
2187 : {
2188 85 : struct tty_struct *tty = file_tty(filp);
2189 85 : struct tty_ldisc *ld;
2190 85 : __poll_t ret = 0;
2191 :
2192 85 : if (tty_paranoia_check(tty, file_inode(filp), "tty_poll"))
2193 0 : return 0;
2194 :
2195 85 : ld = tty_ldisc_ref_wait(tty);
2196 85 : if (!ld)
2197 0 : return hung_up_tty_poll(filp, wait);
2198 85 : if (ld->ops->poll)
2199 84 : ret = ld->ops->poll(tty, filp, wait);
2200 85 : tty_ldisc_deref(ld);
2201 85 : return ret;
2202 85 : }
2203 :
2204 6 : static int __tty_fasync(int fd, struct file *filp, int on)
2205 : {
2206 6 : struct tty_struct *tty = file_tty(filp);
2207 6 : unsigned long flags;
2208 6 : int retval = 0;
2209 :
2210 6 : if (tty_paranoia_check(tty, file_inode(filp), "tty_fasync"))
2211 0 : goto out;
2212 :
2213 6 : if (on) {
2214 0 : retval = file_f_owner_allocate(filp);
2215 0 : if (retval)
2216 0 : goto out;
2217 0 : }
2218 :
2219 6 : retval = fasync_helper(fd, filp, on, &tty->fasync);
2220 6 : if (retval <= 0)
2221 6 : goto out;
2222 :
2223 0 : if (on) {
2224 0 : enum pid_type type;
2225 0 : struct pid *pid;
2226 :
2227 0 : spin_lock_irqsave(&tty->ctrl.lock, flags);
2228 0 : if (tty->ctrl.pgrp) {
2229 0 : pid = tty->ctrl.pgrp;
2230 0 : type = PIDTYPE_PGID;
2231 0 : } else {
2232 0 : pid = task_pid(current);
2233 0 : type = PIDTYPE_TGID;
2234 : }
2235 0 : get_pid(pid);
2236 0 : spin_unlock_irqrestore(&tty->ctrl.lock, flags);
2237 0 : __f_setown(filp, pid, type, 0);
2238 0 : put_pid(pid);
2239 0 : retval = 0;
2240 0 : }
2241 : out:
2242 12 : return retval;
2243 6 : }
2244 :
2245 0 : static int tty_fasync(int fd, struct file *filp, int on)
2246 : {
2247 0 : struct tty_struct *tty = file_tty(filp);
2248 0 : int retval = -ENOTTY;
2249 :
2250 0 : tty_lock(tty);
2251 0 : if (!tty_hung_up_p(filp))
2252 0 : retval = __tty_fasync(fd, filp, on);
2253 0 : tty_unlock(tty);
2254 :
2255 0 : return retval;
2256 0 : }
2257 :
2258 : static bool tty_legacy_tiocsti __read_mostly = IS_ENABLED(CONFIG_LEGACY_TIOCSTI);
2259 : /**
2260 : * tiocsti - fake input character
2261 : * @tty: tty to fake input into
2262 : * @p: pointer to character
2263 : *
2264 : * Fake input to a tty device. Does the necessary locking and input management.
2265 : *
2266 : * FIXME: does not honour flow control ??
2267 : *
2268 : * Locking:
2269 : * * Called functions take tty_ldiscs_lock
2270 : * * current->signal->tty check is safe without locks
2271 : */
2272 0 : static int tiocsti(struct tty_struct *tty, u8 __user *p)
2273 : {
2274 0 : struct tty_ldisc *ld;
2275 0 : u8 ch;
2276 :
2277 0 : if (!tty_legacy_tiocsti && !capable(CAP_SYS_ADMIN))
2278 0 : return -EIO;
2279 :
2280 0 : if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2281 0 : return -EPERM;
2282 0 : if (get_user(ch, p))
2283 0 : return -EFAULT;
2284 0 : tty_audit_tiocsti(tty, ch);
2285 0 : ld = tty_ldisc_ref_wait(tty);
2286 0 : if (!ld)
2287 0 : return -EIO;
2288 0 : tty_buffer_lock_exclusive(tty->port);
2289 0 : if (ld->ops->receive_buf)
2290 0 : ld->ops->receive_buf(tty, &ch, NULL, 1);
2291 0 : tty_buffer_unlock_exclusive(tty->port);
2292 0 : tty_ldisc_deref(ld);
2293 0 : return 0;
2294 0 : }
2295 :
2296 : /**
2297 : * tiocgwinsz - implement window query ioctl
2298 : * @tty: tty
2299 : * @arg: user buffer for result
2300 : *
2301 : * Copies the kernel idea of the window size into the user buffer.
2302 : *
2303 : * Locking: @tty->winsize_mutex is taken to ensure the winsize data is
2304 : * consistent.
2305 : */
2306 8 : static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2307 : {
2308 8 : guard(mutex)(&tty->winsize_mutex);
2309 :
2310 8 : if (copy_to_user(arg, &tty->winsize, sizeof(*arg)))
2311 0 : return -EFAULT;
2312 :
2313 8 : return 0;
2314 8 : }
2315 :
2316 : /**
2317 : * tty_do_resize - resize event
2318 : * @tty: tty being resized
2319 : * @ws: new dimensions
2320 : *
2321 : * Update the termios variables and send the necessary signals to peform a
2322 : * terminal resize correctly.
2323 : */
2324 0 : int tty_do_resize(struct tty_struct *tty, struct winsize *ws)
2325 : {
2326 0 : struct pid *pgrp;
2327 :
2328 0 : guard(mutex)(&tty->winsize_mutex);
2329 :
2330 0 : if (!memcmp(ws, &tty->winsize, sizeof(*ws)))
2331 0 : return 0;
2332 :
2333 : /* Signal the foreground process group */
2334 0 : pgrp = tty_get_pgrp(tty);
2335 0 : if (pgrp)
2336 0 : kill_pgrp(pgrp, SIGWINCH, 1);
2337 0 : put_pid(pgrp);
2338 :
2339 0 : tty->winsize = *ws;
2340 :
2341 0 : return 0;
2342 0 : }
2343 : EXPORT_SYMBOL(tty_do_resize);
2344 :
2345 : /**
2346 : * tiocswinsz - implement window size set ioctl
2347 : * @tty: tty side of tty
2348 : * @arg: user buffer for result
2349 : *
2350 : * Copies the user idea of the window size to the kernel. Traditionally this is
2351 : * just advisory information but for the Linux console it actually has driver
2352 : * level meaning and triggers a VC resize.
2353 : *
2354 : * Locking:
2355 : * Driver dependent. The default do_resize method takes the tty termios
2356 : * mutex and ctrl.lock. The console takes its own lock then calls into the
2357 : * default method.
2358 : */
2359 0 : static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg)
2360 : {
2361 0 : struct winsize tmp_ws;
2362 :
2363 0 : if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2364 0 : return -EFAULT;
2365 :
2366 0 : if (tty->ops->resize)
2367 0 : return tty->ops->resize(tty, &tmp_ws);
2368 : else
2369 0 : return tty_do_resize(tty, &tmp_ws);
2370 0 : }
2371 :
2372 : /**
2373 : * tioccons - allow admin to move logical console
2374 : * @file: the file to become console
2375 : *
2376 : * Allow the administrator to move the redirected console device.
2377 : *
2378 : * Locking: uses redirect_lock to guard the redirect information
2379 : */
2380 0 : static int tioccons(struct file *file)
2381 : {
2382 0 : if (!capable(CAP_SYS_ADMIN))
2383 0 : return -EPERM;
2384 0 : if (file->f_op->write_iter == redirected_tty_write) {
2385 0 : struct file *f;
2386 :
2387 0 : spin_lock(&redirect_lock);
2388 0 : f = redirect;
2389 0 : redirect = NULL;
2390 0 : spin_unlock(&redirect_lock);
2391 0 : if (f)
2392 0 : fput(f);
2393 0 : return 0;
2394 0 : }
2395 0 : if (file->f_op->write_iter != tty_write)
2396 0 : return -ENOTTY;
2397 0 : if (!(file->f_mode & FMODE_WRITE))
2398 0 : return -EBADF;
2399 0 : if (!(file->f_mode & FMODE_CAN_WRITE))
2400 0 : return -EINVAL;
2401 :
2402 0 : guard(spinlock)(&redirect_lock);
2403 :
2404 0 : if (redirect)
2405 0 : return -EBUSY;
2406 :
2407 0 : redirect = get_file(file);
2408 :
2409 0 : return 0;
2410 0 : }
2411 :
2412 : /**
2413 : * tiocsetd - set line discipline
2414 : * @tty: tty device
2415 : * @p: pointer to user data
2416 : *
2417 : * Set the line discipline according to user request.
2418 : *
2419 : * Locking: see tty_set_ldisc(), this function is just a helper
2420 : */
2421 0 : static int tiocsetd(struct tty_struct *tty, int __user *p)
2422 : {
2423 0 : int disc;
2424 0 : int ret;
2425 :
2426 0 : if (get_user(disc, p))
2427 0 : return -EFAULT;
2428 :
2429 0 : ret = tty_set_ldisc(tty, disc);
2430 :
2431 0 : return ret;
2432 0 : }
2433 :
2434 : /**
2435 : * tiocgetd - get line discipline
2436 : * @tty: tty device
2437 : * @p: pointer to user data
2438 : *
2439 : * Retrieves the line discipline id directly from the ldisc.
2440 : *
2441 : * Locking: waits for ldisc reference (in case the line discipline is changing
2442 : * or the @tty is being hungup)
2443 : */
2444 0 : static int tiocgetd(struct tty_struct *tty, int __user *p)
2445 : {
2446 0 : struct tty_ldisc *ld;
2447 0 : int ret;
2448 :
2449 0 : ld = tty_ldisc_ref_wait(tty);
2450 0 : if (!ld)
2451 0 : return -EIO;
2452 0 : ret = put_user(ld->ops->num, p);
2453 0 : tty_ldisc_deref(ld);
2454 0 : return ret;
2455 0 : }
2456 :
2457 : /**
2458 : * send_break - performed time break
2459 : * @tty: device to break on
2460 : * @duration: timeout in mS
2461 : *
2462 : * Perform a timed break on hardware that lacks its own driver level timed
2463 : * break functionality.
2464 : *
2465 : * Locking:
2466 : * @tty->atomic_write_lock serializes
2467 : */
2468 0 : static int send_break(struct tty_struct *tty, unsigned int duration)
2469 : {
2470 0 : int retval;
2471 :
2472 0 : if (tty->ops->break_ctl == NULL)
2473 0 : return 0;
2474 :
2475 0 : if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
2476 0 : return tty->ops->break_ctl(tty, duration);
2477 :
2478 : /* Do the work ourselves */
2479 0 : if (tty_write_lock(tty, false) < 0)
2480 0 : return -EINTR;
2481 :
2482 0 : retval = tty->ops->break_ctl(tty, -1);
2483 0 : if (!retval) {
2484 0 : msleep_interruptible(duration);
2485 0 : retval = tty->ops->break_ctl(tty, 0);
2486 0 : } else if (retval == -EOPNOTSUPP) {
2487 : /* some drivers can tell only dynamically */
2488 0 : retval = 0;
2489 0 : }
2490 0 : tty_write_unlock(tty);
2491 :
2492 0 : if (signal_pending(current))
2493 0 : retval = -EINTR;
2494 :
2495 0 : return retval;
2496 0 : }
2497 :
2498 : /**
2499 : * tty_get_tiocm - get tiocm status register
2500 : * @tty: tty device
2501 : *
2502 : * Obtain the modem status bits from the tty driver if the feature
2503 : * is supported.
2504 : */
2505 0 : int tty_get_tiocm(struct tty_struct *tty)
2506 : {
2507 0 : int retval = -ENOTTY;
2508 :
2509 0 : if (tty->ops->tiocmget)
2510 0 : retval = tty->ops->tiocmget(tty);
2511 :
2512 0 : return retval;
2513 0 : }
2514 : EXPORT_SYMBOL_GPL(tty_get_tiocm);
2515 :
2516 : /**
2517 : * tty_tiocmget - get modem status
2518 : * @tty: tty device
2519 : * @p: pointer to result
2520 : *
2521 : * Obtain the modem status bits from the tty driver if the feature is
2522 : * supported. Return -%ENOTTY if it is not available.
2523 : *
2524 : * Locking: none (up to the driver)
2525 : */
2526 0 : static int tty_tiocmget(struct tty_struct *tty, int __user *p)
2527 : {
2528 0 : int retval;
2529 :
2530 0 : retval = tty_get_tiocm(tty);
2531 0 : if (retval >= 0)
2532 0 : retval = put_user(retval, p);
2533 :
2534 0 : return retval;
2535 0 : }
2536 :
2537 : /**
2538 : * tty_tiocmset - set modem status
2539 : * @tty: tty device
2540 : * @cmd: command - clear bits, set bits or set all
2541 : * @p: pointer to desired bits
2542 : *
2543 : * Set the modem status bits from the tty driver if the feature
2544 : * is supported. Return -%ENOTTY if it is not available.
2545 : *
2546 : * Locking: none (up to the driver)
2547 : */
2548 0 : static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd,
2549 : unsigned __user *p)
2550 : {
2551 0 : int retval;
2552 0 : unsigned int set, clear, val;
2553 :
2554 0 : if (tty->ops->tiocmset == NULL)
2555 0 : return -ENOTTY;
2556 :
2557 0 : retval = get_user(val, p);
2558 0 : if (retval)
2559 0 : return retval;
2560 0 : set = clear = 0;
2561 0 : switch (cmd) {
2562 : case TIOCMBIS:
2563 0 : set = val;
2564 0 : break;
2565 : case TIOCMBIC:
2566 0 : clear = val;
2567 0 : break;
2568 : case TIOCMSET:
2569 0 : set = val;
2570 0 : clear = ~val;
2571 0 : break;
2572 : }
2573 0 : set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2574 0 : clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2575 0 : return tty->ops->tiocmset(tty, set, clear);
2576 0 : }
2577 :
2578 : /**
2579 : * tty_get_icount - get tty statistics
2580 : * @tty: tty device
2581 : * @icount: output parameter
2582 : *
2583 : * Gets a copy of the @tty's icount statistics.
2584 : *
2585 : * Locking: none (up to the driver)
2586 : */
2587 0 : int tty_get_icount(struct tty_struct *tty,
2588 : struct serial_icounter_struct *icount)
2589 : {
2590 0 : memset(icount, 0, sizeof(*icount));
2591 :
2592 0 : if (tty->ops->get_icount)
2593 0 : return tty->ops->get_icount(tty, icount);
2594 : else
2595 0 : return -ENOTTY;
2596 0 : }
2597 : EXPORT_SYMBOL_GPL(tty_get_icount);
2598 :
2599 0 : static int tty_tiocgicount(struct tty_struct *tty, void __user *arg)
2600 : {
2601 0 : struct serial_icounter_struct icount;
2602 0 : int retval;
2603 :
2604 0 : retval = tty_get_icount(tty, &icount);
2605 0 : if (retval != 0)
2606 0 : return retval;
2607 :
2608 0 : if (copy_to_user(arg, &icount, sizeof(icount)))
2609 0 : return -EFAULT;
2610 0 : return 0;
2611 0 : }
2612 :
2613 0 : static int tty_set_serial(struct tty_struct *tty, struct serial_struct *ss)
2614 : {
2615 0 : int flags;
2616 :
2617 0 : flags = ss->flags & ASYNC_DEPRECATED;
2618 :
2619 0 : if (flags)
2620 0 : pr_warn_ratelimited("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n",
2621 : __func__, current->comm, flags);
2622 :
2623 0 : if (!tty->ops->set_serial)
2624 0 : return -ENOTTY;
2625 :
2626 0 : return tty->ops->set_serial(tty, ss);
2627 0 : }
2628 :
2629 0 : static int tty_tiocsserial(struct tty_struct *tty, struct serial_struct __user *ss)
2630 : {
2631 0 : struct serial_struct v;
2632 :
2633 0 : if (copy_from_user(&v, ss, sizeof(*ss)))
2634 0 : return -EFAULT;
2635 :
2636 0 : return tty_set_serial(tty, &v);
2637 0 : }
2638 :
2639 0 : static int tty_tiocgserial(struct tty_struct *tty, struct serial_struct __user *ss)
2640 : {
2641 0 : struct serial_struct v;
2642 0 : int err;
2643 :
2644 0 : memset(&v, 0, sizeof(v));
2645 0 : if (!tty->ops->get_serial)
2646 0 : return -ENOTTY;
2647 0 : err = tty->ops->get_serial(tty, &v);
2648 0 : if (!err && copy_to_user(ss, &v, sizeof(v)))
2649 0 : err = -EFAULT;
2650 0 : return err;
2651 0 : }
2652 :
2653 : /*
2654 : * if pty, return the slave side (real_tty)
2655 : * otherwise, return self
2656 : */
2657 26 : static struct tty_struct *tty_pair_get_tty(struct tty_struct *tty)
2658 : {
2659 26 : if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2660 26 : tty->driver->subtype == PTY_TYPE_MASTER)
2661 0 : tty = tty->link;
2662 26 : return tty;
2663 : }
2664 :
2665 : /*
2666 : * Split this up, as gcc can choke on it otherwise..
2667 : */
2668 26 : long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2669 : {
2670 26 : struct tty_struct *tty = file_tty(file);
2671 26 : struct tty_struct *real_tty;
2672 26 : void __user *p = (void __user *)arg;
2673 26 : int retval;
2674 26 : struct tty_ldisc *ld;
2675 :
2676 26 : if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2677 0 : return -EINVAL;
2678 :
2679 26 : real_tty = tty_pair_get_tty(tty);
2680 :
2681 : /*
2682 : * Factor out some common prep work
2683 : */
2684 26 : switch (cmd) {
2685 : case TIOCSETD:
2686 : case TIOCSBRK:
2687 : case TIOCCBRK:
2688 : case TCSBRK:
2689 : case TCSBRKP:
2690 0 : retval = tty_check_change(tty);
2691 0 : if (retval)
2692 0 : return retval;
2693 0 : if (cmd != TIOCCBRK) {
2694 0 : tty_wait_until_sent(tty, 0);
2695 0 : if (signal_pending(current))
2696 0 : return -EINTR;
2697 0 : }
2698 0 : break;
2699 : }
2700 :
2701 : /*
2702 : * Now do the stuff.
2703 : */
2704 26 : switch (cmd) {
2705 : case TIOCSTI:
2706 0 : return tiocsti(tty, p);
2707 : case TIOCGWINSZ:
2708 8 : return tiocgwinsz(real_tty, p);
2709 : case TIOCSWINSZ:
2710 0 : return tiocswinsz(real_tty, p);
2711 : case TIOCCONS:
2712 0 : return real_tty != tty ? -EINVAL : tioccons(file);
2713 : case TIOCEXCL:
2714 0 : set_bit(TTY_EXCLUSIVE, &tty->flags);
2715 0 : return 0;
2716 : case TIOCNXCL:
2717 0 : clear_bit(TTY_EXCLUSIVE, &tty->flags);
2718 0 : return 0;
2719 : case TIOCGEXCL:
2720 : {
2721 0 : int excl = test_bit(TTY_EXCLUSIVE, &tty->flags);
2722 :
2723 0 : return put_user(excl, (int __user *)p);
2724 0 : }
2725 : case TIOCGETD:
2726 0 : return tiocgetd(tty, p);
2727 : case TIOCSETD:
2728 0 : return tiocsetd(tty, p);
2729 : case TIOCVHANGUP:
2730 0 : if (!capable(CAP_SYS_ADMIN))
2731 0 : return -EPERM;
2732 0 : tty_vhangup(tty);
2733 0 : return 0;
2734 : case TIOCGDEV:
2735 : {
2736 0 : unsigned int ret = new_encode_dev(tty_devnum(real_tty));
2737 :
2738 0 : return put_user(ret, (unsigned int __user *)p);
2739 0 : }
2740 : /*
2741 : * Break handling
2742 : */
2743 : case TIOCSBRK: /* Turn break on, unconditionally */
2744 0 : if (tty->ops->break_ctl)
2745 0 : return tty->ops->break_ctl(tty, -1);
2746 0 : return 0;
2747 : case TIOCCBRK: /* Turn break off, unconditionally */
2748 0 : if (tty->ops->break_ctl)
2749 0 : return tty->ops->break_ctl(tty, 0);
2750 0 : return 0;
2751 : case TCSBRK: /* SVID version: non-zero arg --> no break */
2752 : /* non-zero arg means wait for all output data
2753 : * to be sent (performed above) but don't send break.
2754 : * This is used by the tcdrain() termios function.
2755 : */
2756 0 : if (!arg)
2757 0 : return send_break(tty, 250);
2758 0 : return 0;
2759 : case TCSBRKP: /* support for POSIX tcsendbreak() */
2760 0 : return send_break(tty, arg ? arg*100 : 250);
2761 :
2762 : case TIOCMGET:
2763 0 : return tty_tiocmget(tty, p);
2764 : case TIOCMSET:
2765 : case TIOCMBIC:
2766 : case TIOCMBIS:
2767 0 : return tty_tiocmset(tty, cmd, p);
2768 : case TIOCGICOUNT:
2769 0 : return tty_tiocgicount(tty, p);
2770 : case TCFLSH:
2771 0 : switch (arg) {
2772 : case TCIFLUSH:
2773 : case TCIOFLUSH:
2774 : /* flush tty buffer and allow ldisc to process ioctl */
2775 0 : tty_buffer_flush(tty, NULL);
2776 0 : break;
2777 : }
2778 0 : break;
2779 : case TIOCSSERIAL:
2780 0 : return tty_tiocsserial(tty, p);
2781 : case TIOCGSERIAL:
2782 0 : return tty_tiocgserial(tty, p);
2783 : case TIOCGPTPEER:
2784 : /* Special because the struct file is needed */
2785 0 : return ptm_open_peer(file, tty, (int)arg);
2786 : default:
2787 18 : retval = tty_jobctrl_ioctl(tty, real_tty, file, cmd, arg);
2788 18 : if (retval != -ENOIOCTLCMD)
2789 0 : return retval;
2790 18 : }
2791 18 : if (tty->ops->ioctl) {
2792 0 : retval = tty->ops->ioctl(tty, cmd, arg);
2793 0 : if (retval != -ENOIOCTLCMD)
2794 0 : return retval;
2795 0 : }
2796 18 : ld = tty_ldisc_ref_wait(tty);
2797 18 : if (!ld)
2798 0 : return hung_up_tty_ioctl(file, cmd, arg);
2799 18 : retval = -EINVAL;
2800 18 : if (ld->ops->ioctl) {
2801 18 : retval = ld->ops->ioctl(tty, cmd, arg);
2802 18 : if (retval == -ENOIOCTLCMD)
2803 0 : retval = -ENOTTY;
2804 18 : }
2805 18 : tty_ldisc_deref(ld);
2806 18 : return retval;
2807 26 : }
2808 :
2809 : #ifdef CONFIG_COMPAT
2810 :
2811 : struct serial_struct32 {
2812 : compat_int_t type;
2813 : compat_int_t line;
2814 : compat_uint_t port;
2815 : compat_int_t irq;
2816 : compat_int_t flags;
2817 : compat_int_t xmit_fifo_size;
2818 : compat_int_t custom_divisor;
2819 : compat_int_t baud_base;
2820 : unsigned short close_delay;
2821 : char io_type;
2822 : char reserved_char;
2823 : compat_int_t hub6;
2824 : unsigned short closing_wait; /* time to wait before closing */
2825 : unsigned short closing_wait2; /* no longer used... */
2826 : compat_uint_t iomem_base;
2827 : unsigned short iomem_reg_shift;
2828 : unsigned int port_high;
2829 : /* compat_ulong_t iomap_base FIXME */
2830 : compat_int_t reserved;
2831 : };
2832 :
2833 0 : static int compat_tty_tiocsserial(struct tty_struct *tty,
2834 : struct serial_struct32 __user *ss)
2835 : {
2836 0 : struct serial_struct32 v32;
2837 0 : struct serial_struct v;
2838 :
2839 0 : if (copy_from_user(&v32, ss, sizeof(*ss)))
2840 0 : return -EFAULT;
2841 :
2842 0 : memcpy(&v, &v32, offsetof(struct serial_struct32, iomem_base));
2843 0 : v.iomem_base = compat_ptr(v32.iomem_base);
2844 0 : v.iomem_reg_shift = v32.iomem_reg_shift;
2845 0 : v.port_high = v32.port_high;
2846 0 : v.iomap_base = 0;
2847 :
2848 0 : return tty_set_serial(tty, &v);
2849 0 : }
2850 :
2851 0 : static int compat_tty_tiocgserial(struct tty_struct *tty,
2852 : struct serial_struct32 __user *ss)
2853 : {
2854 0 : struct serial_struct32 v32;
2855 0 : struct serial_struct v;
2856 0 : int err;
2857 :
2858 0 : memset(&v, 0, sizeof(v));
2859 0 : memset(&v32, 0, sizeof(v32));
2860 :
2861 0 : if (!tty->ops->get_serial)
2862 0 : return -ENOTTY;
2863 0 : err = tty->ops->get_serial(tty, &v);
2864 0 : if (!err) {
2865 0 : memcpy(&v32, &v, offsetof(struct serial_struct32, iomem_base));
2866 0 : v32.iomem_base = (unsigned long)v.iomem_base >> 32 ?
2867 0 : 0xfffffff : ptr_to_compat(v.iomem_base);
2868 0 : v32.iomem_reg_shift = v.iomem_reg_shift;
2869 0 : v32.port_high = v.port_high;
2870 0 : if (copy_to_user(ss, &v32, sizeof(v32)))
2871 0 : err = -EFAULT;
2872 0 : }
2873 0 : return err;
2874 0 : }
2875 0 : static long tty_compat_ioctl(struct file *file, unsigned int cmd,
2876 : unsigned long arg)
2877 : {
2878 0 : struct tty_struct *tty = file_tty(file);
2879 0 : struct tty_ldisc *ld;
2880 0 : int retval = -ENOIOCTLCMD;
2881 :
2882 0 : switch (cmd) {
2883 : case TIOCOUTQ:
2884 : case TIOCSTI:
2885 : case TIOCGWINSZ:
2886 : case TIOCSWINSZ:
2887 : case TIOCGEXCL:
2888 : case TIOCGETD:
2889 : case TIOCSETD:
2890 : case TIOCGDEV:
2891 : case TIOCMGET:
2892 : case TIOCMSET:
2893 : case TIOCMBIC:
2894 : case TIOCMBIS:
2895 : case TIOCGICOUNT:
2896 : case TIOCGPGRP:
2897 : case TIOCSPGRP:
2898 : case TIOCGSID:
2899 : case TIOCSERGETLSR:
2900 : case TIOCGRS485:
2901 : case TIOCSRS485:
2902 : #ifdef TIOCGETP
2903 : case TIOCGETP:
2904 : case TIOCSETP:
2905 : case TIOCSETN:
2906 : #endif
2907 : #ifdef TIOCGETC
2908 : case TIOCGETC:
2909 : case TIOCSETC:
2910 : #endif
2911 : #ifdef TIOCGLTC
2912 : case TIOCGLTC:
2913 : case TIOCSLTC:
2914 : #endif
2915 : case TCSETSF:
2916 : case TCSETSW:
2917 : case TCSETS:
2918 : case TCGETS:
2919 : #ifdef TCGETS2
2920 : case TCGETS2:
2921 : case TCSETSF2:
2922 : case TCSETSW2:
2923 : case TCSETS2:
2924 : #endif
2925 : case TCGETA:
2926 : case TCSETAF:
2927 : case TCSETAW:
2928 : case TCSETA:
2929 : case TIOCGLCKTRMIOS:
2930 : case TIOCSLCKTRMIOS:
2931 : #ifdef TCGETX
2932 : case TCGETX:
2933 : case TCSETX:
2934 : case TCSETXW:
2935 : case TCSETXF:
2936 : #endif
2937 : case TIOCGSOFTCAR:
2938 : case TIOCSSOFTCAR:
2939 :
2940 : case PPPIOCGCHAN:
2941 : case PPPIOCGUNIT:
2942 0 : return tty_ioctl(file, cmd, (unsigned long)compat_ptr(arg));
2943 : case TIOCCONS:
2944 : case TIOCEXCL:
2945 : case TIOCNXCL:
2946 : case TIOCVHANGUP:
2947 : case TIOCSBRK:
2948 : case TIOCCBRK:
2949 : case TCSBRK:
2950 : case TCSBRKP:
2951 : case TCFLSH:
2952 : case TIOCGPTPEER:
2953 : case TIOCNOTTY:
2954 : case TIOCSCTTY:
2955 : case TCXONC:
2956 : case TIOCMIWAIT:
2957 : case TIOCSERCONFIG:
2958 0 : return tty_ioctl(file, cmd, arg);
2959 : }
2960 :
2961 0 : if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2962 0 : return -EINVAL;
2963 :
2964 0 : switch (cmd) {
2965 : case TIOCSSERIAL:
2966 0 : return compat_tty_tiocsserial(tty, compat_ptr(arg));
2967 : case TIOCGSERIAL:
2968 0 : return compat_tty_tiocgserial(tty, compat_ptr(arg));
2969 : }
2970 0 : if (tty->ops->compat_ioctl) {
2971 0 : retval = tty->ops->compat_ioctl(tty, cmd, arg);
2972 0 : if (retval != -ENOIOCTLCMD)
2973 0 : return retval;
2974 0 : }
2975 :
2976 0 : ld = tty_ldisc_ref_wait(tty);
2977 0 : if (!ld)
2978 0 : return hung_up_tty_compat_ioctl(file, cmd, arg);
2979 0 : if (ld->ops->compat_ioctl)
2980 0 : retval = ld->ops->compat_ioctl(tty, cmd, arg);
2981 0 : if (retval == -ENOIOCTLCMD && ld->ops->ioctl)
2982 0 : retval = ld->ops->ioctl(tty, (unsigned long)compat_ptr(cmd),
2983 0 : arg);
2984 0 : tty_ldisc_deref(ld);
2985 :
2986 0 : return retval;
2987 0 : }
2988 : #endif
2989 :
2990 0 : static int this_tty(const void *t, struct file *file, unsigned fd)
2991 : {
2992 0 : if (likely(file->f_op->read_iter != tty_read))
2993 0 : return 0;
2994 0 : return file_tty(file) != t ? 0 : fd + 1;
2995 0 : }
2996 :
2997 : /*
2998 : * This implements the "Secure Attention Key" --- the idea is to
2999 : * prevent trojan horses by killing all processes associated with this
3000 : * tty when the user hits the "Secure Attention Key". Required for
3001 : * super-paranoid applications --- see the Orange Book for more details.
3002 : *
3003 : * This code could be nicer; ideally it should send a HUP, wait a few
3004 : * seconds, then send a INT, and then a KILL signal. But you then
3005 : * have to coordinate with the init process, since all processes associated
3006 : * with the current tty must be dead before the new getty is allowed
3007 : * to spawn.
3008 : *
3009 : * Now, if it would be correct ;-/ The current code has a nasty hole -
3010 : * it doesn't catch files in flight. We may send the descriptor to ourselves
3011 : * via AF_UNIX socket, close it and later fetch from socket. FIXME.
3012 : *
3013 : * Nasty bug: do_SAK is being called in interrupt context. This can
3014 : * deadlock. We punt it up to process context. AKPM - 16Mar2001
3015 : */
3016 0 : void __do_SAK(struct tty_struct *tty)
3017 : {
3018 0 : struct task_struct *g, *p;
3019 0 : struct pid *session;
3020 0 : int i;
3021 :
3022 0 : scoped_guard(spinlock_irqsave, &tty->ctrl.lock)
3023 0 : session = get_pid(tty->ctrl.session);
3024 :
3025 0 : tty_ldisc_flush(tty);
3026 :
3027 0 : tty_driver_flush_buffer(tty);
3028 :
3029 0 : read_lock(&tasklist_lock);
3030 : /* Kill the entire session */
3031 0 : do_each_pid_task(session, PIDTYPE_SID, p) {
3032 0 : tty_notice(tty, "SAK: killed process %d (%s): by session\n",
3033 : task_pid_nr(p), p->comm);
3034 0 : group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID);
3035 0 : } while_each_pid_task(session, PIDTYPE_SID, p);
3036 :
3037 : /* Now kill any processes that happen to have the tty open */
3038 0 : for_each_process_thread(g, p) {
3039 0 : if (p->signal->tty == tty) {
3040 0 : tty_notice(tty, "SAK: killed process %d (%s): by controlling tty\n",
3041 : task_pid_nr(p), p->comm);
3042 0 : group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p,
3043 : PIDTYPE_SID);
3044 0 : continue;
3045 : }
3046 0 : guard(task_lock)(p);
3047 0 : i = iterate_fd(p->files, 0, this_tty, tty);
3048 0 : if (i != 0) {
3049 0 : tty_notice(tty, "SAK: killed process %d (%s): by fd#%d\n",
3050 : task_pid_nr(p), p->comm, i - 1);
3051 0 : group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p,
3052 : PIDTYPE_SID);
3053 0 : }
3054 0 : }
3055 0 : read_unlock(&tasklist_lock);
3056 0 : put_pid(session);
3057 0 : }
3058 :
3059 0 : static void do_SAK_work(struct work_struct *work)
3060 : {
3061 0 : struct tty_struct *tty =
3062 0 : container_of(work, struct tty_struct, SAK_work);
3063 0 : __do_SAK(tty);
3064 0 : }
3065 :
3066 : /*
3067 : * The tq handling here is a little racy - tty->SAK_work may already be queued.
3068 : * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3069 : * the values which we write to it will be identical to the values which it
3070 : * already has. --akpm
3071 : */
3072 0 : void do_SAK(struct tty_struct *tty)
3073 : {
3074 0 : if (!tty)
3075 0 : return;
3076 0 : schedule_work(&tty->SAK_work);
3077 0 : }
3078 : EXPORT_SYMBOL(do_SAK);
3079 :
3080 : /* Must put_device() after it's unused! */
3081 6 : static struct device *tty_get_device(struct tty_struct *tty)
3082 : {
3083 6 : dev_t devt = tty_devnum(tty);
3084 :
3085 12 : return class_find_device_by_devt(&tty_class, devt);
3086 6 : }
3087 :
3088 :
3089 : /**
3090 : * alloc_tty_struct - allocate a new tty
3091 : * @driver: driver which will handle the returned tty
3092 : * @idx: minor of the tty
3093 : *
3094 : * This subroutine allocates and initializes a tty structure.
3095 : *
3096 : * Locking: none - @tty in question is not exposed at this point
3097 : */
3098 6 : struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx)
3099 : {
3100 6 : struct tty_struct *tty;
3101 :
3102 6 : tty = kzalloc(sizeof(*tty), GFP_KERNEL_ACCOUNT);
3103 6 : if (!tty)
3104 0 : return NULL;
3105 :
3106 6 : kref_init(&tty->kref);
3107 6 : if (tty_ldisc_init(tty)) {
3108 0 : kfree(tty);
3109 0 : return NULL;
3110 : }
3111 6 : tty->ctrl.session = NULL;
3112 6 : tty->ctrl.pgrp = NULL;
3113 6 : mutex_init(&tty->legacy_mutex);
3114 6 : mutex_init(&tty->throttle_mutex);
3115 6 : init_rwsem(&tty->termios_rwsem);
3116 6 : mutex_init(&tty->winsize_mutex);
3117 6 : init_ldsem(&tty->ldisc_sem);
3118 6 : init_waitqueue_head(&tty->write_wait);
3119 6 : init_waitqueue_head(&tty->read_wait);
3120 6 : INIT_WORK(&tty->hangup_work, do_tty_hangup);
3121 6 : mutex_init(&tty->atomic_write_lock);
3122 6 : spin_lock_init(&tty->ctrl.lock);
3123 6 : spin_lock_init(&tty->flow.lock);
3124 6 : spin_lock_init(&tty->files_lock);
3125 6 : INIT_LIST_HEAD(&tty->tty_files);
3126 6 : INIT_WORK(&tty->SAK_work, do_SAK_work);
3127 :
3128 6 : tty->driver = driver;
3129 6 : tty->ops = driver->ops;
3130 6 : tty->index = idx;
3131 6 : tty_line_name(driver, idx, tty->name);
3132 6 : tty->dev = tty_get_device(tty);
3133 :
3134 6 : return tty;
3135 6 : }
3136 :
3137 : /**
3138 : * tty_put_char - write one character to a tty
3139 : * @tty: tty
3140 : * @ch: character to write
3141 : *
3142 : * Write one byte to the @tty using the provided @tty->ops->put_char() method
3143 : * if present.
3144 : *
3145 : * Note: the specific put_char operation in the driver layer may go
3146 : * away soon. Don't call it directly, use this method
3147 : *
3148 : * Return: the number of characters successfully output.
3149 : */
3150 9 : int tty_put_char(struct tty_struct *tty, u8 ch)
3151 : {
3152 9 : if (tty->ops->put_char)
3153 0 : return tty->ops->put_char(tty, ch);
3154 9 : return tty->ops->write(tty, &ch, 1);
3155 9 : }
3156 : EXPORT_SYMBOL_GPL(tty_put_char);
3157 :
3158 1 : static int tty_cdev_add(struct tty_driver *driver, dev_t dev,
3159 : unsigned int index, unsigned int count)
3160 : {
3161 1 : int err;
3162 :
3163 : /* init here, since reused cdevs cause crashes */
3164 1 : driver->cdevs[index] = cdev_alloc();
3165 1 : if (!driver->cdevs[index])
3166 0 : return -ENOMEM;
3167 1 : driver->cdevs[index]->ops = &tty_fops;
3168 1 : driver->cdevs[index]->owner = driver->owner;
3169 1 : err = cdev_add(driver->cdevs[index], dev, count);
3170 1 : if (err)
3171 0 : kobject_put(&driver->cdevs[index]->kobj);
3172 1 : return err;
3173 1 : }
3174 :
3175 : /**
3176 : * tty_register_device - register a tty device
3177 : * @driver: the tty driver that describes the tty device
3178 : * @index: the index in the tty driver for this tty device
3179 : * @device: a struct device that is associated with this tty device.
3180 : * This field is optional, if there is no known struct device
3181 : * for this tty device it can be set to NULL safely.
3182 : *
3183 : * This call is required to be made to register an individual tty device
3184 : * if the tty driver's flags have the %TTY_DRIVER_DYNAMIC_DEV bit set. If
3185 : * that bit is not set, this function should not be called by a tty
3186 : * driver.
3187 : *
3188 : * Locking: ??
3189 : *
3190 : * Return: A pointer to the struct device for this tty device (or
3191 : * ERR_PTR(-EFOO) on error).
3192 : */
3193 0 : struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3194 : struct device *device)
3195 : {
3196 0 : return tty_register_device_attr(driver, index, device, NULL, NULL);
3197 : }
3198 : EXPORT_SYMBOL(tty_register_device);
3199 :
3200 1 : static void tty_device_create_release(struct device *dev)
3201 : {
3202 : dev_dbg(dev, "releasing...\n");
3203 1 : kfree(dev);
3204 1 : }
3205 :
3206 : /**
3207 : * tty_register_device_attr - register a tty device
3208 : * @driver: the tty driver that describes the tty device
3209 : * @index: the index in the tty driver for this tty device
3210 : * @device: a struct device that is associated with this tty device.
3211 : * This field is optional, if there is no known struct device
3212 : * for this tty device it can be set to %NULL safely.
3213 : * @drvdata: Driver data to be set to device.
3214 : * @attr_grp: Attribute group to be set on device.
3215 : *
3216 : * This call is required to be made to register an individual tty device if the
3217 : * tty driver's flags have the %TTY_DRIVER_DYNAMIC_DEV bit set. If that bit is
3218 : * not set, this function should not be called by a tty driver.
3219 : *
3220 : * Locking: ??
3221 : *
3222 : * Return: A pointer to the struct device for this tty device (or
3223 : * ERR_PTR(-EFOO) on error).
3224 : */
3225 1 : struct device *tty_register_device_attr(struct tty_driver *driver,
3226 : unsigned index, struct device *device,
3227 : void *drvdata,
3228 : const struct attribute_group **attr_grp)
3229 : {
3230 1 : char name[64];
3231 1 : dev_t devt = MKDEV(driver->major, driver->minor_start) + index;
3232 1 : struct ktermios *tp;
3233 1 : struct device *dev;
3234 1 : int retval;
3235 :
3236 1 : if (index >= driver->num) {
3237 0 : pr_err("%s: Attempt to register invalid tty line number (%d)\n",
3238 : driver->name, index);
3239 0 : return ERR_PTR(-EINVAL);
3240 : }
3241 :
3242 1 : if (driver->type == TTY_DRIVER_TYPE_PTY)
3243 0 : pty_line_name(driver, index, name);
3244 : else
3245 1 : tty_line_name(driver, index, name);
3246 :
3247 1 : dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3248 1 : if (!dev)
3249 0 : return ERR_PTR(-ENOMEM);
3250 :
3251 1 : dev->devt = devt;
3252 1 : dev->class = &tty_class;
3253 1 : dev->parent = device;
3254 1 : dev->release = tty_device_create_release;
3255 1 : dev_set_name(dev, "%s", name);
3256 1 : dev->groups = attr_grp;
3257 1 : dev_set_drvdata(dev, drvdata);
3258 :
3259 1 : dev_set_uevent_suppress(dev, 1);
3260 :
3261 1 : retval = device_register(dev);
3262 1 : if (retval)
3263 0 : goto err_put;
3264 :
3265 1 : if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3266 : /*
3267 : * Free any saved termios data so that the termios state is
3268 : * reset when reusing a minor number.
3269 : */
3270 1 : tp = driver->termios[index];
3271 1 : if (tp) {
3272 0 : driver->termios[index] = NULL;
3273 0 : kfree(tp);
3274 0 : }
3275 :
3276 1 : retval = tty_cdev_add(driver, devt, index, 1);
3277 1 : if (retval)
3278 0 : goto err_del;
3279 1 : }
3280 :
3281 1 : dev_set_uevent_suppress(dev, 0);
3282 1 : kobject_uevent(&dev->kobj, KOBJ_ADD);
3283 :
3284 1 : return dev;
3285 :
3286 : err_del:
3287 0 : device_del(dev);
3288 : err_put:
3289 0 : put_device(dev);
3290 :
3291 0 : return ERR_PTR(retval);
3292 1 : }
3293 : EXPORT_SYMBOL_GPL(tty_register_device_attr);
3294 :
3295 : /**
3296 : * tty_unregister_device - unregister a tty device
3297 : * @driver: the tty driver that describes the tty device
3298 : * @index: the index in the tty driver for this tty device
3299 : *
3300 : * If a tty device is registered with a call to tty_register_device() then
3301 : * this function must be called when the tty device is gone.
3302 : *
3303 : * Locking: ??
3304 : */
3305 1 : void tty_unregister_device(struct tty_driver *driver, unsigned index)
3306 : {
3307 1 : device_destroy(&tty_class, MKDEV(driver->major, driver->minor_start) + index);
3308 1 : if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3309 1 : cdev_del(driver->cdevs[index]);
3310 1 : driver->cdevs[index] = NULL;
3311 1 : }
3312 1 : }
3313 : EXPORT_SYMBOL(tty_unregister_device);
3314 :
3315 : /**
3316 : * __tty_alloc_driver - allocate tty driver
3317 : * @lines: count of lines this driver can handle at most
3318 : * @owner: module which is responsible for this driver
3319 : * @flags: some of enum tty_driver_flag, will be set in driver->flags
3320 : *
3321 : * This should not be called directly, tty_alloc_driver() should be used
3322 : * instead.
3323 : *
3324 : * Returns: struct tty_driver or a PTR-encoded error (use IS_ERR() and friends).
3325 : */
3326 1 : struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner,
3327 : unsigned long flags)
3328 : {
3329 1 : struct tty_driver *driver;
3330 1 : unsigned int cdevs = 1;
3331 1 : int err;
3332 :
3333 1 : if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1))
3334 0 : return ERR_PTR(-EINVAL);
3335 :
3336 1 : driver = kzalloc(sizeof(*driver), GFP_KERNEL);
3337 1 : if (!driver)
3338 0 : return ERR_PTR(-ENOMEM);
3339 :
3340 1 : kref_init(&driver->kref);
3341 1 : driver->num = lines;
3342 1 : driver->owner = owner;
3343 1 : driver->flags = flags;
3344 :
3345 1 : if (!(flags & TTY_DRIVER_DEVPTS_MEM)) {
3346 1 : driver->ttys = kcalloc(lines, sizeof(*driver->ttys),
3347 : GFP_KERNEL);
3348 1 : driver->termios = kcalloc(lines, sizeof(*driver->termios),
3349 : GFP_KERNEL);
3350 1 : if (!driver->ttys || !driver->termios) {
3351 0 : err = -ENOMEM;
3352 0 : goto err_free_all;
3353 : }
3354 1 : }
3355 :
3356 1 : if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3357 1 : driver->ports = kcalloc(lines, sizeof(*driver->ports),
3358 : GFP_KERNEL);
3359 1 : if (!driver->ports) {
3360 0 : err = -ENOMEM;
3361 0 : goto err_free_all;
3362 : }
3363 1 : cdevs = lines;
3364 1 : }
3365 :
3366 1 : driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL);
3367 1 : if (!driver->cdevs) {
3368 0 : err = -ENOMEM;
3369 0 : goto err_free_all;
3370 : }
3371 :
3372 1 : return driver;
3373 : err_free_all:
3374 0 : kfree(driver->ports);
3375 0 : kfree(driver->ttys);
3376 0 : kfree(driver->termios);
3377 0 : kfree(driver->cdevs);
3378 0 : kfree(driver);
3379 0 : return ERR_PTR(err);
3380 1 : }
3381 : EXPORT_SYMBOL(__tty_alloc_driver);
3382 :
3383 1 : static void destruct_tty_driver(struct kref *kref)
3384 : {
3385 1 : struct tty_driver *driver = container_of(kref, struct tty_driver, kref);
3386 1 : int i;
3387 1 : struct ktermios *tp;
3388 :
3389 1 : if (driver->flags & TTY_DRIVER_INSTALLED) {
3390 2 : for (i = 0; i < driver->num; i++) {
3391 1 : tp = driver->termios[i];
3392 1 : if (tp) {
3393 0 : driver->termios[i] = NULL;
3394 0 : kfree(tp);
3395 0 : }
3396 1 : if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3397 0 : tty_unregister_device(driver, i);
3398 1 : }
3399 1 : proc_tty_unregister_driver(driver);
3400 1 : if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)
3401 0 : cdev_del(driver->cdevs[0]);
3402 1 : }
3403 1 : kfree(driver->cdevs);
3404 1 : kfree(driver->ports);
3405 1 : kfree(driver->termios);
3406 1 : kfree(driver->ttys);
3407 1 : kfree(driver);
3408 1 : }
3409 :
3410 : /**
3411 : * tty_driver_kref_put - drop a reference to a tty driver
3412 : * @driver: driver of which to drop the reference
3413 : *
3414 : * The final put will destroy and free up the driver.
3415 : */
3416 13 : void tty_driver_kref_put(struct tty_driver *driver)
3417 : {
3418 13 : kref_put(&driver->kref, destruct_tty_driver);
3419 13 : }
3420 : EXPORT_SYMBOL(tty_driver_kref_put);
3421 :
3422 : /**
3423 : * tty_register_driver - register a tty driver
3424 : * @driver: driver to register
3425 : *
3426 : * Called by a tty driver to register itself.
3427 : */
3428 1 : int tty_register_driver(struct tty_driver *driver)
3429 : {
3430 1 : int error;
3431 1 : int i;
3432 1 : dev_t dev;
3433 1 : struct device *d;
3434 :
3435 1 : if (!driver->major) {
3436 2 : error = alloc_chrdev_region(&dev, driver->minor_start,
3437 1 : driver->num, driver->name);
3438 1 : if (!error) {
3439 1 : driver->major = MAJOR(dev);
3440 1 : driver->minor_start = MINOR(dev);
3441 1 : }
3442 1 : } else {
3443 0 : dev = MKDEV(driver->major, driver->minor_start);
3444 0 : error = register_chrdev_region(dev, driver->num, driver->name);
3445 : }
3446 1 : if (error < 0)
3447 0 : goto err;
3448 :
3449 1 : if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) {
3450 0 : error = tty_cdev_add(driver, dev, 0, driver->num);
3451 0 : if (error)
3452 0 : goto err_unreg_char;
3453 0 : }
3454 :
3455 2 : scoped_guard(mutex, &tty_mutex)
3456 1 : list_add(&driver->tty_drivers, &tty_drivers);
3457 :
3458 1 : if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
3459 0 : for (i = 0; i < driver->num; i++) {
3460 0 : d = tty_register_device(driver, i, NULL);
3461 0 : if (IS_ERR(d)) {
3462 0 : error = PTR_ERR(d);
3463 0 : goto err_unreg_devs;
3464 : }
3465 0 : }
3466 0 : }
3467 1 : proc_tty_register_driver(driver);
3468 1 : driver->flags |= TTY_DRIVER_INSTALLED;
3469 1 : return 0;
3470 :
3471 : err_unreg_devs:
3472 0 : for (i--; i >= 0; i--)
3473 0 : tty_unregister_device(driver, i);
3474 :
3475 0 : scoped_guard(mutex, &tty_mutex)
3476 0 : list_del(&driver->tty_drivers);
3477 :
3478 : err_unreg_char:
3479 0 : unregister_chrdev_region(dev, driver->num);
3480 : err:
3481 0 : return error;
3482 1 : }
3483 : EXPORT_SYMBOL(tty_register_driver);
3484 :
3485 : /**
3486 : * tty_unregister_driver - unregister a tty driver
3487 : * @driver: driver to unregister
3488 : *
3489 : * Called by a tty driver to unregister itself.
3490 : */
3491 1 : void tty_unregister_driver(struct tty_driver *driver)
3492 : {
3493 1 : unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3494 1 : driver->num);
3495 2 : scoped_guard(mutex, &tty_mutex)
3496 1 : list_del(&driver->tty_drivers);
3497 1 : }
3498 : EXPORT_SYMBOL(tty_unregister_driver);
3499 :
3500 6 : dev_t tty_devnum(struct tty_struct *tty)
3501 : {
3502 6 : return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3503 : }
3504 : EXPORT_SYMBOL(tty_devnum);
3505 :
3506 0 : void tty_default_fops(struct file_operations *fops)
3507 : {
3508 0 : *fops = tty_fops;
3509 0 : }
3510 :
3511 4 : static char *tty_devnode(const struct device *dev, umode_t *mode)
3512 : {
3513 4 : if (!mode)
3514 1 : return NULL;
3515 6 : if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) ||
3516 3 : dev->devt == MKDEV(TTYAUX_MAJOR, 2))
3517 0 : *mode = 0666;
3518 3 : return NULL;
3519 4 : }
3520 :
3521 : const struct class tty_class = {
3522 : .name = "tty",
3523 : .devnode = tty_devnode,
3524 : };
3525 :
3526 0 : static int __init tty_class_init(void)
3527 : {
3528 0 : return class_register(&tty_class);
3529 : }
3530 :
3531 : postcore_initcall(tty_class_init);
3532 :
3533 : /* 3/2004 jmc: why do these devices exist? */
3534 : static struct cdev tty_cdev, console_cdev;
3535 :
3536 0 : static ssize_t show_cons_active(struct device *dev,
3537 : struct device_attribute *attr, char *buf)
3538 : {
3539 0 : struct console *cs[16];
3540 0 : int i = 0;
3541 0 : struct console *c;
3542 0 : ssize_t count = 0;
3543 :
3544 : /*
3545 : * Hold the console_list_lock to guarantee that no consoles are
3546 : * unregistered until all console processing is complete.
3547 : * This also allows safe traversal of the console list and
3548 : * race-free reading of @flags.
3549 : */
3550 0 : console_list_lock();
3551 :
3552 0 : for_each_console(c) {
3553 0 : if (!c->device)
3554 0 : continue;
3555 0 : if (!(c->flags & CON_NBCON) && !c->write)
3556 0 : continue;
3557 0 : if ((c->flags & CON_ENABLED) == 0)
3558 0 : continue;
3559 0 : cs[i++] = c;
3560 0 : if (i >= ARRAY_SIZE(cs))
3561 0 : break;
3562 0 : }
3563 :
3564 : /*
3565 : * Take console_lock to serialize device() callback with
3566 : * other console operations. For example, fg_console is
3567 : * modified under console_lock when switching vt.
3568 : */
3569 0 : console_lock();
3570 0 : while (i--) {
3571 0 : int index = cs[i]->index;
3572 0 : struct tty_driver *drv = cs[i]->device(cs[i], &index);
3573 :
3574 : /* don't resolve tty0 as some programs depend on it */
3575 0 : if (drv && (cs[i]->index > 0 || drv->major != TTY_MAJOR))
3576 0 : count += tty_line_name(drv, index, buf + count);
3577 : else
3578 0 : count += sprintf(buf + count, "%s%d",
3579 0 : cs[i]->name, cs[i]->index);
3580 :
3581 0 : count += sprintf(buf + count, "%c", i ? ' ':'\n');
3582 0 : }
3583 0 : console_unlock();
3584 :
3585 0 : console_list_unlock();
3586 :
3587 0 : return count;
3588 0 : }
3589 : static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL);
3590 :
3591 : static struct attribute *cons_dev_attrs[] = {
3592 : &dev_attr_active.attr,
3593 : NULL
3594 : };
3595 :
3596 : ATTRIBUTE_GROUPS(cons_dev);
3597 :
3598 : static struct device *consdev;
3599 :
3600 0 : void console_sysfs_notify(void)
3601 : {
3602 0 : if (consdev)
3603 0 : sysfs_notify(&consdev->kobj, NULL, "active");
3604 0 : }
3605 :
3606 : static const struct ctl_table tty_table[] = {
3607 : {
3608 : .procname = "legacy_tiocsti",
3609 : .data = &tty_legacy_tiocsti,
3610 : .maxlen = sizeof(tty_legacy_tiocsti),
3611 : .mode = 0644,
3612 : .proc_handler = proc_dobool,
3613 : },
3614 : {
3615 : .procname = "ldisc_autoload",
3616 : .data = &tty_ldisc_autoload,
3617 : .maxlen = sizeof(tty_ldisc_autoload),
3618 : .mode = 0644,
3619 : .proc_handler = proc_dointvec_minmax,
3620 : .extra1 = SYSCTL_ZERO,
3621 : .extra2 = SYSCTL_ONE,
3622 : },
3623 : };
3624 :
3625 : /*
3626 : * Ok, now we can initialize the rest of the tty devices and can count
3627 : * on memory allocations, interrupts etc..
3628 : */
3629 0 : int __init tty_init(void)
3630 : {
3631 0 : register_sysctl_init("dev/tty", tty_table);
3632 0 : cdev_init(&tty_cdev, &tty_fops);
3633 0 : if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3634 0 : register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3635 0 : panic("Couldn't register /dev/tty driver\n");
3636 0 : device_create(&tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty");
3637 :
3638 0 : cdev_init(&console_cdev, &console_fops);
3639 0 : if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3640 0 : register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3641 0 : panic("Couldn't register /dev/console driver\n");
3642 0 : consdev = device_create_with_groups(&tty_class, NULL,
3643 0 : MKDEV(TTYAUX_MAJOR, 1), NULL,
3644 : cons_dev_groups, "console");
3645 0 : if (IS_ERR(consdev))
3646 0 : consdev = NULL;
3647 :
3648 : #ifdef CONFIG_VT
3649 0 : vty_init(&console_fops);
3650 : #endif
3651 0 : return 0;
3652 : }
3653 :
3654 : #ifdef CONFIG_TTY_KUNIT_TESTS
3655 : #include "tests/tty_test_helpers.c"
3656 : #endif
|
