/drivers/tty/tty_io.c
C | 3357 lines | 2057 code | 367 blank | 933 comment | 378 complexity | 6ecc1c9b9f67f4bbb78c995a054161ca MD5 | raw file
Possible License(s): GPL-2.0, LGPL-2.0, AGPL-1.0
Large files files are truncated, but you can click here to view the full file
1/*
2 * Copyright (C) 1991, 1992 Linus Torvalds
3 */
4
5/*
6 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
7 * or rs-channels. It also implements echoing, cooked mode etc.
8 *
9 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
10 *
11 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
12 * tty_struct and tty_queue structures. Previously there was an array
13 * of 256 tty_struct's which was statically allocated, and the
14 * tty_queue structures were allocated at boot time. Both are now
15 * dynamically allocated only when the tty is open.
16 *
17 * Also restructured routines so that there is more of a separation
18 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
19 * the low-level tty routines (serial.c, pty.c, console.c). This
20 * makes for cleaner and more compact code. -TYT, 9/17/92
21 *
22 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
23 * which can be dynamically activated and de-activated by the line
24 * discipline handling modules (like SLIP).
25 *
26 * NOTE: pay no attention to the line discipline code (yet); its
27 * interface is still subject to change in this version...
28 * -- TYT, 1/31/92
29 *
30 * Added functionality to the OPOST tty handling. No delays, but all
31 * other bits should be there.
32 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
33 *
34 * Rewrote canonical mode and added more termios flags.
35 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
36 *
37 * Reorganized FASYNC support so mouse code can share it.
38 * -- ctm@ardi.com, 9Sep95
39 *
40 * New TIOCLINUX variants added.
41 * -- mj@k332.feld.cvut.cz, 19-Nov-95
42 *
43 * Restrict vt switching via ioctl()
44 * -- grif@cs.ucr.edu, 5-Dec-95
45 *
46 * Move console and virtual terminal code to more appropriate files,
47 * implement CONFIG_VT and generalize console device interface.
48 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
49 *
50 * Rewrote tty_init_dev and tty_release_dev to eliminate races.
51 * -- Bill Hawes <whawes@star.net>, June 97
52 *
53 * Added devfs support.
54 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
55 *
56 * Added support for a Unix98-style ptmx device.
57 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
58 *
59 * Reduced memory usage for older ARM systems
60 * -- Russell King <rmk@arm.linux.org.uk>
61 *
62 * Move do_SAK() into process context. Less stack use in devfs functions.
63 * alloc_tty_struct() always uses kmalloc()
64 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
65 */
66
67#include <linux/types.h>
68#include <linux/major.h>
69#include <linux/errno.h>
70#include <linux/signal.h>
71#include <linux/fcntl.h>
72#include <linux/sched.h>
73#include <linux/interrupt.h>
74#include <linux/tty.h>
75#include <linux/tty_driver.h>
76#include <linux/tty_flip.h>
77#include <linux/devpts_fs.h>
78#include <linux/file.h>
79#include <linux/fdtable.h>
80#include <linux/console.h>
81#include <linux/timer.h>
82#include <linux/ctype.h>
83#include <linux/kd.h>
84#include <linux/mm.h>
85#include <linux/string.h>
86#include <linux/slab.h>
87#include <linux/poll.h>
88#include <linux/proc_fs.h>
89#include <linux/init.h>
90#include <linux/module.h>
91#include <linux/device.h>
92#include <linux/wait.h>
93#include <linux/bitops.h>
94#include <linux/delay.h>
95#include <linux/seq_file.h>
96#include <linux/serial.h>
97
98#include <linux/uaccess.h>
99#include <asm/system.h>
100
101#include <linux/kbd_kern.h>
102#include <linux/vt_kern.h>
103#include <linux/selection.h>
104
105#include <linux/kmod.h>
106#include <linux/nsproxy.h>
107
108#undef TTY_DEBUG_HANGUP
109
110#define TTY_PARANOIA_CHECK 1
111#define CHECK_TTY_COUNT 1
112
113struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
114 .c_iflag = ICRNL | IXON,
115 .c_oflag = OPOST | ONLCR,
116 .c_cflag = B38400 | CS8 | CREAD | HUPCL,
117 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
118 ECHOCTL | ECHOKE | IEXTEN,
119 .c_cc = INIT_C_CC,
120 .c_ispeed = 38400,
121 .c_ospeed = 38400
122};
123
124EXPORT_SYMBOL(tty_std_termios);
125
126/* This list gets poked at by procfs and various bits of boot up code. This
127 could do with some rationalisation such as pulling the tty proc function
128 into this file */
129
130LIST_HEAD(tty_drivers); /* linked list of tty drivers */
131
132/* Mutex to protect creating and releasing a tty. This is shared with
133 vt.c for deeply disgusting hack reasons */
134DEFINE_MUTEX(tty_mutex);
135EXPORT_SYMBOL(tty_mutex);
136
137/* Spinlock to protect the tty->tty_files list */
138DEFINE_SPINLOCK(tty_files_lock);
139
140static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
141static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
142ssize_t redirected_tty_write(struct file *, const char __user *,
143 size_t, loff_t *);
144static unsigned int tty_poll(struct file *, poll_table *);
145static int tty_open(struct inode *, struct file *);
146long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
147#ifdef CONFIG_COMPAT
148static long tty_compat_ioctl(struct file *file, unsigned int cmd,
149 unsigned long arg);
150#else
151#define tty_compat_ioctl NULL
152#endif
153static int __tty_fasync(int fd, struct file *filp, int on);
154static int tty_fasync(int fd, struct file *filp, int on);
155static void release_tty(struct tty_struct *tty, int idx);
156static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
157static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
158
159/**
160 * alloc_tty_struct - allocate a tty object
161 *
162 * Return a new empty tty structure. The data fields have not
163 * been initialized in any way but has been zeroed
164 *
165 * Locking: none
166 */
167
168struct tty_struct *alloc_tty_struct(void)
169{
170 return kzalloc(sizeof(struct tty_struct), GFP_KERNEL);
171}
172
173/**
174 * free_tty_struct - free a disused tty
175 * @tty: tty struct to free
176 *
177 * Free the write buffers, tty queue and tty memory itself.
178 *
179 * Locking: none. Must be called after tty is definitely unused
180 */
181
182void free_tty_struct(struct tty_struct *tty)
183{
184 if (tty->dev)
185 put_device(tty->dev);
186 kfree(tty->write_buf);
187 tty_buffer_free_all(tty);
188 kfree(tty);
189}
190
191static inline struct tty_struct *file_tty(struct file *file)
192{
193 return ((struct tty_file_private *)file->private_data)->tty;
194}
195
196int tty_alloc_file(struct file *file)
197{
198 struct tty_file_private *priv;
199
200 priv = kmalloc(sizeof(*priv), GFP_KERNEL);
201 if (!priv)
202 return -ENOMEM;
203
204 file->private_data = priv;
205
206 return 0;
207}
208
209/* Associate a new file with the tty structure */
210void tty_add_file(struct tty_struct *tty, struct file *file)
211{
212 struct tty_file_private *priv = file->private_data;
213
214 priv->tty = tty;
215 priv->file = file;
216
217 spin_lock(&tty_files_lock);
218 list_add(&priv->list, &tty->tty_files);
219 spin_unlock(&tty_files_lock);
220}
221
222/**
223 * tty_free_file - free file->private_data
224 *
225 * This shall be used only for fail path handling when tty_add_file was not
226 * called yet.
227 */
228void tty_free_file(struct file *file)
229{
230 struct tty_file_private *priv = file->private_data;
231
232 file->private_data = NULL;
233 kfree(priv);
234}
235
236/* Delete file from its tty */
237void tty_del_file(struct file *file)
238{
239 struct tty_file_private *priv = file->private_data;
240
241 spin_lock(&tty_files_lock);
242 list_del(&priv->list);
243 spin_unlock(&tty_files_lock);
244 tty_free_file(file);
245}
246
247
248#define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
249
250/**
251 * tty_name - return tty naming
252 * @tty: tty structure
253 * @buf: buffer for output
254 *
255 * Convert a tty structure into a name. The name reflects the kernel
256 * naming policy and if udev is in use may not reflect user space
257 *
258 * Locking: none
259 */
260
261char *tty_name(struct tty_struct *tty, char *buf)
262{
263 if (!tty) /* Hmm. NULL pointer. That's fun. */
264 strcpy(buf, "NULL tty");
265 else
266 strcpy(buf, tty->name);
267 return buf;
268}
269
270EXPORT_SYMBOL(tty_name);
271
272int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
273 const char *routine)
274{
275#ifdef TTY_PARANOIA_CHECK
276 if (!tty) {
277 printk(KERN_WARNING
278 "null TTY for (%d:%d) in %s\n",
279 imajor(inode), iminor(inode), routine);
280 return 1;
281 }
282 if (tty->magic != TTY_MAGIC) {
283 printk(KERN_WARNING
284 "bad magic number for tty struct (%d:%d) in %s\n",
285 imajor(inode), iminor(inode), routine);
286 return 1;
287 }
288#endif
289 return 0;
290}
291
292static int check_tty_count(struct tty_struct *tty, const char *routine)
293{
294#ifdef CHECK_TTY_COUNT
295 struct list_head *p;
296 int count = 0;
297
298 spin_lock(&tty_files_lock);
299 list_for_each(p, &tty->tty_files) {
300 count++;
301 }
302 spin_unlock(&tty_files_lock);
303 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
304 tty->driver->subtype == PTY_TYPE_SLAVE &&
305 tty->link && tty->link->count)
306 count++;
307 if (tty->count != count) {
308 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
309 "!= #fd's(%d) in %s\n",
310 tty->name, tty->count, count, routine);
311 return count;
312 }
313#endif
314 return 0;
315}
316
317/**
318 * get_tty_driver - find device of a tty
319 * @dev_t: device identifier
320 * @index: returns the index of the tty
321 *
322 * This routine returns a tty driver structure, given a device number
323 * and also passes back the index number.
324 *
325 * Locking: caller must hold tty_mutex
326 */
327
328static struct tty_driver *get_tty_driver(dev_t device, int *index)
329{
330 struct tty_driver *p;
331
332 list_for_each_entry(p, &tty_drivers, tty_drivers) {
333 dev_t base = MKDEV(p->major, p->minor_start);
334 if (device < base || device >= base + p->num)
335 continue;
336 *index = device - base;
337 return tty_driver_kref_get(p);
338 }
339 return NULL;
340}
341
342#ifdef CONFIG_CONSOLE_POLL
343
344/**
345 * tty_find_polling_driver - find device of a polled tty
346 * @name: name string to match
347 * @line: pointer to resulting tty line nr
348 *
349 * This routine returns a tty driver structure, given a name
350 * and the condition that the tty driver is capable of polled
351 * operation.
352 */
353struct tty_driver *tty_find_polling_driver(char *name, int *line)
354{
355 struct tty_driver *p, *res = NULL;
356 int tty_line = 0;
357 int len;
358 char *str, *stp;
359
360 for (str = name; *str; str++)
361 if ((*str >= '0' && *str <= '9') || *str == ',')
362 break;
363 if (!*str)
364 return NULL;
365
366 len = str - name;
367 tty_line = simple_strtoul(str, &str, 10);
368
369 mutex_lock(&tty_mutex);
370 /* Search through the tty devices to look for a match */
371 list_for_each_entry(p, &tty_drivers, tty_drivers) {
372 if (strncmp(name, p->name, len) != 0)
373 continue;
374 stp = str;
375 if (*stp == ',')
376 stp++;
377 if (*stp == '\0')
378 stp = NULL;
379
380 if (tty_line >= 0 && tty_line < p->num && p->ops &&
381 p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) {
382 res = tty_driver_kref_get(p);
383 *line = tty_line;
384 break;
385 }
386 }
387 mutex_unlock(&tty_mutex);
388
389 return res;
390}
391EXPORT_SYMBOL_GPL(tty_find_polling_driver);
392#endif
393
394/**
395 * tty_check_change - check for POSIX terminal changes
396 * @tty: tty to check
397 *
398 * If we try to write to, or set the state of, a terminal and we're
399 * not in the foreground, send a SIGTTOU. If the signal is blocked or
400 * ignored, go ahead and perform the operation. (POSIX 7.2)
401 *
402 * Locking: ctrl_lock
403 */
404
405int tty_check_change(struct tty_struct *tty)
406{
407 unsigned long flags;
408 int ret = 0;
409
410 if (current->signal->tty != tty)
411 return 0;
412
413 spin_lock_irqsave(&tty->ctrl_lock, flags);
414
415 if (!tty->pgrp) {
416 printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n");
417 goto out_unlock;
418 }
419 if (task_pgrp(current) == tty->pgrp)
420 goto out_unlock;
421 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
422 if (is_ignored(SIGTTOU))
423 goto out;
424 if (is_current_pgrp_orphaned()) {
425 ret = -EIO;
426 goto out;
427 }
428 kill_pgrp(task_pgrp(current), SIGTTOU, 1);
429 set_thread_flag(TIF_SIGPENDING);
430 ret = -ERESTARTSYS;
431out:
432 return ret;
433out_unlock:
434 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
435 return ret;
436}
437
438EXPORT_SYMBOL(tty_check_change);
439
440static ssize_t hung_up_tty_read(struct file *file, char __user *buf,
441 size_t count, loff_t *ppos)
442{
443 return 0;
444}
445
446static ssize_t hung_up_tty_write(struct file *file, const char __user *buf,
447 size_t count, loff_t *ppos)
448{
449 return -EIO;
450}
451
452/* No kernel lock held - none needed ;) */
453static unsigned int hung_up_tty_poll(struct file *filp, poll_table *wait)
454{
455 return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
456}
457
458static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
459 unsigned long arg)
460{
461 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
462}
463
464static long hung_up_tty_compat_ioctl(struct file *file,
465 unsigned int cmd, unsigned long arg)
466{
467 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
468}
469
470static const struct file_operations tty_fops = {
471 .llseek = no_llseek,
472 .read = tty_read,
473 .write = tty_write,
474 .poll = tty_poll,
475 .unlocked_ioctl = tty_ioctl,
476 .compat_ioctl = tty_compat_ioctl,
477 .open = tty_open,
478 .release = tty_release,
479 .fasync = tty_fasync,
480};
481
482static const struct file_operations console_fops = {
483 .llseek = no_llseek,
484 .read = tty_read,
485 .write = redirected_tty_write,
486 .poll = tty_poll,
487 .unlocked_ioctl = tty_ioctl,
488 .compat_ioctl = tty_compat_ioctl,
489 .open = tty_open,
490 .release = tty_release,
491 .fasync = tty_fasync,
492};
493
494static const struct file_operations hung_up_tty_fops = {
495 .llseek = no_llseek,
496 .read = hung_up_tty_read,
497 .write = hung_up_tty_write,
498 .poll = hung_up_tty_poll,
499 .unlocked_ioctl = hung_up_tty_ioctl,
500 .compat_ioctl = hung_up_tty_compat_ioctl,
501 .release = tty_release,
502};
503
504static DEFINE_SPINLOCK(redirect_lock);
505static struct file *redirect;
506
507/**
508 * tty_wakeup - request more data
509 * @tty: terminal
510 *
511 * Internal and external helper for wakeups of tty. This function
512 * informs the line discipline if present that the driver is ready
513 * to receive more output data.
514 */
515
516void tty_wakeup(struct tty_struct *tty)
517{
518 struct tty_ldisc *ld;
519
520 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
521 ld = tty_ldisc_ref(tty);
522 if (ld) {
523 if (ld->ops->write_wakeup)
524 ld->ops->write_wakeup(tty);
525 tty_ldisc_deref(ld);
526 }
527 }
528 wake_up_interruptible_poll(&tty->write_wait, POLLOUT);
529}
530
531EXPORT_SYMBOL_GPL(tty_wakeup);
532
533/**
534 * __tty_hangup - actual handler for hangup events
535 * @work: tty device
536 *
537 * This can be called by the "eventd" kernel thread. That is process
538 * synchronous but doesn't hold any locks, so we need to make sure we
539 * have the appropriate locks for what we're doing.
540 *
541 * The hangup event clears any pending redirections onto the hung up
542 * device. It ensures future writes will error and it does the needed
543 * line discipline hangup and signal delivery. The tty object itself
544 * remains intact.
545 *
546 * Locking:
547 * BTM
548 * redirect lock for undoing redirection
549 * file list lock for manipulating list of ttys
550 * tty_ldisc_lock from called functions
551 * termios_mutex resetting termios data
552 * tasklist_lock to walk task list for hangup event
553 * ->siglock to protect ->signal/->sighand
554 */
555void __tty_hangup(struct tty_struct *tty)
556{
557 struct file *cons_filp = NULL;
558 struct file *filp, *f = NULL;
559 struct task_struct *p;
560 struct tty_file_private *priv;
561 int closecount = 0, n;
562 unsigned long flags;
563 int refs = 0;
564
565 if (!tty)
566 return;
567
568
569 spin_lock(&redirect_lock);
570 if (redirect && file_tty(redirect) == tty) {
571 f = redirect;
572 redirect = NULL;
573 }
574 spin_unlock(&redirect_lock);
575
576 tty_lock();
577
578 /* some functions below drop BTM, so we need this bit */
579 set_bit(TTY_HUPPING, &tty->flags);
580
581 /* inuse_filps is protected by the single tty lock,
582 this really needs to change if we want to flush the
583 workqueue with the lock held */
584 check_tty_count(tty, "tty_hangup");
585
586 spin_lock(&tty_files_lock);
587 /* This breaks for file handles being sent over AF_UNIX sockets ? */
588 list_for_each_entry(priv, &tty->tty_files, list) {
589 filp = priv->file;
590 if (filp->f_op->write == redirected_tty_write)
591 cons_filp = filp;
592 if (filp->f_op->write != tty_write)
593 continue;
594 closecount++;
595 __tty_fasync(-1, filp, 0); /* can't block */
596 filp->f_op = &hung_up_tty_fops;
597 }
598 spin_unlock(&tty_files_lock);
599
600 /*
601 * it drops BTM and thus races with reopen
602 * we protect the race by TTY_HUPPING
603 */
604 tty_ldisc_hangup(tty);
605
606 read_lock(&tasklist_lock);
607 if (tty->session) {
608 do_each_pid_task(tty->session, PIDTYPE_SID, p) {
609 spin_lock_irq(&p->sighand->siglock);
610 if (p->signal->tty == tty) {
611 p->signal->tty = NULL;
612 /* We defer the dereferences outside fo
613 the tasklist lock */
614 refs++;
615 }
616 if (!p->signal->leader) {
617 spin_unlock_irq(&p->sighand->siglock);
618 continue;
619 }
620 __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
621 __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
622 put_pid(p->signal->tty_old_pgrp); /* A noop */
623 spin_lock_irqsave(&tty->ctrl_lock, flags);
624 if (tty->pgrp)
625 p->signal->tty_old_pgrp = get_pid(tty->pgrp);
626 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
627 spin_unlock_irq(&p->sighand->siglock);
628 } while_each_pid_task(tty->session, PIDTYPE_SID, p);
629 }
630 read_unlock(&tasklist_lock);
631
632 spin_lock_irqsave(&tty->ctrl_lock, flags);
633 clear_bit(TTY_THROTTLED, &tty->flags);
634 clear_bit(TTY_PUSH, &tty->flags);
635 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
636 put_pid(tty->session);
637 put_pid(tty->pgrp);
638 tty->session = NULL;
639 tty->pgrp = NULL;
640 tty->ctrl_status = 0;
641 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
642
643 /* Account for the p->signal references we killed */
644 while (refs--)
645 tty_kref_put(tty);
646
647 /*
648 * If one of the devices matches a console pointer, we
649 * cannot just call hangup() because that will cause
650 * tty->count and state->count to go out of sync.
651 * So we just call close() the right number of times.
652 */
653 if (cons_filp) {
654 if (tty->ops->close)
655 for (n = 0; n < closecount; n++)
656 tty->ops->close(tty, cons_filp);
657 } else if (tty->ops->hangup)
658 (tty->ops->hangup)(tty);
659 /*
660 * We don't want to have driver/ldisc interactions beyond
661 * the ones we did here. The driver layer expects no
662 * calls after ->hangup() from the ldisc side. However we
663 * can't yet guarantee all that.
664 */
665 set_bit(TTY_HUPPED, &tty->flags);
666 clear_bit(TTY_HUPPING, &tty->flags);
667 tty_ldisc_enable(tty);
668
669 tty_unlock();
670
671 if (f)
672 fput(f);
673}
674
675static void do_tty_hangup(struct work_struct *work)
676{
677 struct tty_struct *tty =
678 container_of(work, struct tty_struct, hangup_work);
679
680 __tty_hangup(tty);
681}
682
683/**
684 * tty_hangup - trigger a hangup event
685 * @tty: tty to hangup
686 *
687 * A carrier loss (virtual or otherwise) has occurred on this like
688 * schedule a hangup sequence to run after this event.
689 */
690
691void tty_hangup(struct tty_struct *tty)
692{
693#ifdef TTY_DEBUG_HANGUP
694 char buf[64];
695 printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
696#endif
697 schedule_work(&tty->hangup_work);
698}
699
700EXPORT_SYMBOL(tty_hangup);
701
702/**
703 * tty_vhangup - process vhangup
704 * @tty: tty to hangup
705 *
706 * The user has asked via system call for the terminal to be hung up.
707 * We do this synchronously so that when the syscall returns the process
708 * is complete. That guarantee is necessary for security reasons.
709 */
710
711void tty_vhangup(struct tty_struct *tty)
712{
713#ifdef TTY_DEBUG_HANGUP
714 char buf[64];
715
716 printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
717#endif
718 __tty_hangup(tty);
719}
720
721EXPORT_SYMBOL(tty_vhangup);
722
723
724/**
725 * tty_vhangup_self - process vhangup for own ctty
726 *
727 * Perform a vhangup on the current controlling tty
728 */
729
730void tty_vhangup_self(void)
731{
732 struct tty_struct *tty;
733
734 tty = get_current_tty();
735 if (tty) {
736 tty_vhangup(tty);
737 tty_kref_put(tty);
738 }
739}
740
741/**
742 * tty_hung_up_p - was tty hung up
743 * @filp: file pointer of tty
744 *
745 * Return true if the tty has been subject to a vhangup or a carrier
746 * loss
747 */
748
749int tty_hung_up_p(struct file *filp)
750{
751 return (filp->f_op == &hung_up_tty_fops);
752}
753
754EXPORT_SYMBOL(tty_hung_up_p);
755
756static void session_clear_tty(struct pid *session)
757{
758 struct task_struct *p;
759 do_each_pid_task(session, PIDTYPE_SID, p) {
760 proc_clear_tty(p);
761 } while_each_pid_task(session, PIDTYPE_SID, p);
762}
763
764/**
765 * disassociate_ctty - disconnect controlling tty
766 * @on_exit: true if exiting so need to "hang up" the session
767 *
768 * This function is typically called only by the session leader, when
769 * it wants to disassociate itself from its controlling tty.
770 *
771 * It performs the following functions:
772 * (1) Sends a SIGHUP and SIGCONT to the foreground process group
773 * (2) Clears the tty from being controlling the session
774 * (3) Clears the controlling tty for all processes in the
775 * session group.
776 *
777 * The argument on_exit is set to 1 if called when a process is
778 * exiting; it is 0 if called by the ioctl TIOCNOTTY.
779 *
780 * Locking:
781 * BTM is taken for hysterical raisins, and held when
782 * called from no_tty().
783 * tty_mutex is taken to protect tty
784 * ->siglock is taken to protect ->signal/->sighand
785 * tasklist_lock is taken to walk process list for sessions
786 * ->siglock is taken to protect ->signal/->sighand
787 */
788
789void disassociate_ctty(int on_exit)
790{
791 struct tty_struct *tty;
792 struct pid *tty_pgrp = NULL;
793
794 if (!current->signal->leader)
795 return;
796
797 tty = get_current_tty();
798 if (tty) {
799 tty_pgrp = get_pid(tty->pgrp);
800 if (on_exit) {
801 if (tty->driver->type != TTY_DRIVER_TYPE_PTY)
802 tty_vhangup(tty);
803 }
804 tty_kref_put(tty);
805 } else if (on_exit) {
806 struct pid *old_pgrp;
807 spin_lock_irq(¤t->sighand->siglock);
808 old_pgrp = current->signal->tty_old_pgrp;
809 current->signal->tty_old_pgrp = NULL;
810 spin_unlock_irq(¤t->sighand->siglock);
811 if (old_pgrp) {
812 kill_pgrp(old_pgrp, SIGHUP, on_exit);
813 kill_pgrp(old_pgrp, SIGCONT, on_exit);
814 put_pid(old_pgrp);
815 }
816 return;
817 }
818 if (tty_pgrp) {
819 kill_pgrp(tty_pgrp, SIGHUP, on_exit);
820 if (!on_exit)
821 kill_pgrp(tty_pgrp, SIGCONT, on_exit);
822 put_pid(tty_pgrp);
823 }
824
825 spin_lock_irq(¤t->sighand->siglock);
826 put_pid(current->signal->tty_old_pgrp);
827 current->signal->tty_old_pgrp = NULL;
828 spin_unlock_irq(¤t->sighand->siglock);
829
830 tty = get_current_tty();
831 if (tty) {
832 unsigned long flags;
833 spin_lock_irqsave(&tty->ctrl_lock, flags);
834 put_pid(tty->session);
835 put_pid(tty->pgrp);
836 tty->session = NULL;
837 tty->pgrp = NULL;
838 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
839 tty_kref_put(tty);
840 } else {
841#ifdef TTY_DEBUG_HANGUP
842 printk(KERN_DEBUG "error attempted to write to tty [0x%p]"
843 " = NULL", tty);
844#endif
845 }
846
847 /* Now clear signal->tty under the lock */
848 read_lock(&tasklist_lock);
849 session_clear_tty(task_session(current));
850 read_unlock(&tasklist_lock);
851}
852
853/**
854 *
855 * no_tty - Ensure the current process does not have a controlling tty
856 */
857void no_tty(void)
858{
859 struct task_struct *tsk = current;
860 tty_lock();
861 disassociate_ctty(0);
862 tty_unlock();
863 proc_clear_tty(tsk);
864}
865
866
867/**
868 * stop_tty - propagate flow control
869 * @tty: tty to stop
870 *
871 * Perform flow control to the driver. For PTY/TTY pairs we
872 * must also propagate the TIOCKPKT status. May be called
873 * on an already stopped device and will not re-call the driver
874 * method.
875 *
876 * This functionality is used by both the line disciplines for
877 * halting incoming flow and by the driver. It may therefore be
878 * called from any context, may be under the tty atomic_write_lock
879 * but not always.
880 *
881 * Locking:
882 * Uses the tty control lock internally
883 */
884
885void stop_tty(struct tty_struct *tty)
886{
887 unsigned long flags;
888 spin_lock_irqsave(&tty->ctrl_lock, flags);
889 if (tty->stopped) {
890 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
891 return;
892 }
893 tty->stopped = 1;
894 if (tty->link && tty->link->packet) {
895 tty->ctrl_status &= ~TIOCPKT_START;
896 tty->ctrl_status |= TIOCPKT_STOP;
897 wake_up_interruptible_poll(&tty->link->read_wait, POLLIN);
898 }
899 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
900 if (tty->ops->stop)
901 (tty->ops->stop)(tty);
902}
903
904EXPORT_SYMBOL(stop_tty);
905
906/**
907 * start_tty - propagate flow control
908 * @tty: tty to start
909 *
910 * Start a tty that has been stopped if at all possible. Perform
911 * any necessary wakeups and propagate the TIOCPKT status. If this
912 * is the tty was previous stopped and is being started then the
913 * driver start method is invoked and the line discipline woken.
914 *
915 * Locking:
916 * ctrl_lock
917 */
918
919void start_tty(struct tty_struct *tty)
920{
921 unsigned long flags;
922 spin_lock_irqsave(&tty->ctrl_lock, flags);
923 if (!tty->stopped || tty->flow_stopped) {
924 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
925 return;
926 }
927 tty->stopped = 0;
928 if (tty->link && tty->link->packet) {
929 tty->ctrl_status &= ~TIOCPKT_STOP;
930 tty->ctrl_status |= TIOCPKT_START;
931 wake_up_interruptible_poll(&tty->link->read_wait, POLLIN);
932 }
933 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
934 if (tty->ops->start)
935 (tty->ops->start)(tty);
936 /* If we have a running line discipline it may need kicking */
937 tty_wakeup(tty);
938}
939
940EXPORT_SYMBOL(start_tty);
941
942/**
943 * tty_read - read method for tty device files
944 * @file: pointer to tty file
945 * @buf: user buffer
946 * @count: size of user buffer
947 * @ppos: unused
948 *
949 * Perform the read system call function on this terminal device. Checks
950 * for hung up devices before calling the line discipline method.
951 *
952 * Locking:
953 * Locks the line discipline internally while needed. Multiple
954 * read calls may be outstanding in parallel.
955 */
956
957static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
958 loff_t *ppos)
959{
960 int i;
961 struct inode *inode = file->f_path.dentry->d_inode;
962 struct tty_struct *tty = file_tty(file);
963 struct tty_ldisc *ld;
964
965 if (tty_paranoia_check(tty, inode, "tty_read"))
966 return -EIO;
967 if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
968 return -EIO;
969
970 /* We want to wait for the line discipline to sort out in this
971 situation */
972 ld = tty_ldisc_ref_wait(tty);
973 if (ld->ops->read)
974 i = (ld->ops->read)(tty, file, buf, count);
975 else
976 i = -EIO;
977 tty_ldisc_deref(ld);
978 if (i > 0)
979 inode->i_atime = current_fs_time(inode->i_sb);
980 return i;
981}
982
983void tty_write_unlock(struct tty_struct *tty)
984 __releases(&tty->atomic_write_lock)
985{
986 mutex_unlock(&tty->atomic_write_lock);
987 wake_up_interruptible_poll(&tty->write_wait, POLLOUT);
988}
989
990int tty_write_lock(struct tty_struct *tty, int ndelay)
991 __acquires(&tty->atomic_write_lock)
992{
993 if (!mutex_trylock(&tty->atomic_write_lock)) {
994 if (ndelay)
995 return -EAGAIN;
996 if (mutex_lock_interruptible(&tty->atomic_write_lock))
997 return -ERESTARTSYS;
998 }
999 return 0;
1000}
1001
1002/*
1003 * Split writes up in sane blocksizes to avoid
1004 * denial-of-service type attacks
1005 */
1006static inline ssize_t do_tty_write(
1007 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1008 struct tty_struct *tty,
1009 struct file *file,
1010 const char __user *buf,
1011 size_t count)
1012{
1013 ssize_t ret, written = 0;
1014 unsigned int chunk;
1015
1016 ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
1017 if (ret < 0)
1018 return ret;
1019
1020 /*
1021 * We chunk up writes into a temporary buffer. This
1022 * simplifies low-level drivers immensely, since they
1023 * don't have locking issues and user mode accesses.
1024 *
1025 * But if TTY_NO_WRITE_SPLIT is set, we should use a
1026 * big chunk-size..
1027 *
1028 * The default chunk-size is 2kB, because the NTTY
1029 * layer has problems with bigger chunks. It will
1030 * claim to be able to handle more characters than
1031 * it actually does.
1032 *
1033 * FIXME: This can probably go away now except that 64K chunks
1034 * are too likely to fail unless switched to vmalloc...
1035 */
1036 chunk = 2048;
1037 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1038 chunk = 65536;
1039 if (count < chunk)
1040 chunk = count;
1041
1042 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1043 if (tty->write_cnt < chunk) {
1044 unsigned char *buf_chunk;
1045
1046 if (chunk < 1024)
1047 chunk = 1024;
1048
1049 buf_chunk = kmalloc(chunk, GFP_KERNEL);
1050 if (!buf_chunk) {
1051 ret = -ENOMEM;
1052 goto out;
1053 }
1054 kfree(tty->write_buf);
1055 tty->write_cnt = chunk;
1056 tty->write_buf = buf_chunk;
1057 }
1058
1059 /* Do the write .. */
1060 for (;;) {
1061 size_t size = count;
1062 if (size > chunk)
1063 size = chunk;
1064 ret = -EFAULT;
1065 if (copy_from_user(tty->write_buf, buf, size))
1066 break;
1067 ret = write(tty, file, tty->write_buf, size);
1068 if (ret <= 0)
1069 break;
1070 written += ret;
1071 buf += ret;
1072 count -= ret;
1073 if (!count)
1074 break;
1075 ret = -ERESTARTSYS;
1076 if (signal_pending(current))
1077 break;
1078 cond_resched();
1079 }
1080 if (written) {
1081 struct inode *inode = file->f_path.dentry->d_inode;
1082 inode->i_mtime = current_fs_time(inode->i_sb);
1083 ret = written;
1084 }
1085out:
1086 tty_write_unlock(tty);
1087 return ret;
1088}
1089
1090/**
1091 * tty_write_message - write a message to a certain tty, not just the console.
1092 * @tty: the destination tty_struct
1093 * @msg: the message to write
1094 *
1095 * This is used for messages that need to be redirected to a specific tty.
1096 * We don't put it into the syslog queue right now maybe in the future if
1097 * really needed.
1098 *
1099 * We must still hold the BTM and test the CLOSING flag for the moment.
1100 */
1101
1102void tty_write_message(struct tty_struct *tty, char *msg)
1103{
1104 if (tty) {
1105 mutex_lock(&tty->atomic_write_lock);
1106 tty_lock();
1107 if (tty->ops->write && !test_bit(TTY_CLOSING, &tty->flags)) {
1108 tty_unlock();
1109 tty->ops->write(tty, msg, strlen(msg));
1110 } else
1111 tty_unlock();
1112 tty_write_unlock(tty);
1113 }
1114 return;
1115}
1116
1117
1118/**
1119 * tty_write - write method for tty device file
1120 * @file: tty file pointer
1121 * @buf: user data to write
1122 * @count: bytes to write
1123 * @ppos: unused
1124 *
1125 * Write data to a tty device via the line discipline.
1126 *
1127 * Locking:
1128 * Locks the line discipline as required
1129 * Writes to the tty driver are serialized by the atomic_write_lock
1130 * and are then processed in chunks to the device. The line discipline
1131 * write method will not be invoked in parallel for each device.
1132 */
1133
1134static ssize_t tty_write(struct file *file, const char __user *buf,
1135 size_t count, loff_t *ppos)
1136{
1137 struct inode *inode = file->f_path.dentry->d_inode;
1138 struct tty_struct *tty = file_tty(file);
1139 struct tty_ldisc *ld;
1140 ssize_t ret;
1141
1142 if (tty_paranoia_check(tty, inode, "tty_write"))
1143 return -EIO;
1144 if (!tty || !tty->ops->write ||
1145 (test_bit(TTY_IO_ERROR, &tty->flags)))
1146 return -EIO;
1147 /* Short term debug to catch buggy drivers */
1148 if (tty->ops->write_room == NULL)
1149 printk(KERN_ERR "tty driver %s lacks a write_room method.\n",
1150 tty->driver->name);
1151 ld = tty_ldisc_ref_wait(tty);
1152 if (!ld->ops->write)
1153 ret = -EIO;
1154 else
1155 ret = do_tty_write(ld->ops->write, tty, file, buf, count);
1156 tty_ldisc_deref(ld);
1157 return ret;
1158}
1159
1160ssize_t redirected_tty_write(struct file *file, const char __user *buf,
1161 size_t count, loff_t *ppos)
1162{
1163 struct file *p = NULL;
1164
1165 spin_lock(&redirect_lock);
1166 if (redirect) {
1167 get_file(redirect);
1168 p = redirect;
1169 }
1170 spin_unlock(&redirect_lock);
1171
1172 if (p) {
1173 ssize_t res;
1174 res = vfs_write(p, buf, count, &p->f_pos);
1175 fput(p);
1176 return res;
1177 }
1178 return tty_write(file, buf, count, ppos);
1179}
1180
1181static char ptychar[] = "pqrstuvwxyzabcde";
1182
1183/**
1184 * pty_line_name - generate name for a pty
1185 * @driver: the tty driver in use
1186 * @index: the minor number
1187 * @p: output buffer of at least 6 bytes
1188 *
1189 * Generate a name from a driver reference and write it to the output
1190 * buffer.
1191 *
1192 * Locking: None
1193 */
1194static void pty_line_name(struct tty_driver *driver, int index, char *p)
1195{
1196 int i = index + driver->name_base;
1197 /* ->name is initialized to "ttyp", but "tty" is expected */
1198 sprintf(p, "%s%c%x",
1199 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1200 ptychar[i >> 4 & 0xf], i & 0xf);
1201}
1202
1203/**
1204 * tty_line_name - generate name for a tty
1205 * @driver: the tty driver in use
1206 * @index: the minor number
1207 * @p: output buffer of at least 7 bytes
1208 *
1209 * Generate a name from a driver reference and write it to the output
1210 * buffer.
1211 *
1212 * Locking: None
1213 */
1214static void tty_line_name(struct tty_driver *driver, int index, char *p)
1215{
1216 sprintf(p, "%s%d", driver->name, index + driver->name_base);
1217}
1218
1219/**
1220 * tty_driver_lookup_tty() - find an existing tty, if any
1221 * @driver: the driver for the tty
1222 * @idx: the minor number
1223 *
1224 * Return the tty, if found or ERR_PTR() otherwise.
1225 *
1226 * Locking: tty_mutex must be held. If tty is found, the mutex must
1227 * be held until the 'fast-open' is also done. Will change once we
1228 * have refcounting in the driver and per driver locking
1229 */
1230static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver,
1231 struct inode *inode, int idx)
1232{
1233 struct tty_struct *tty;
1234
1235 if (driver->ops->lookup)
1236 return driver->ops->lookup(driver, inode, idx);
1237
1238 tty = driver->ttys[idx];
1239 return tty;
1240}
1241
1242/**
1243 * tty_init_termios - helper for termios setup
1244 * @tty: the tty to set up
1245 *
1246 * Initialise the termios structures for this tty. Thus runs under
1247 * the tty_mutex currently so we can be relaxed about ordering.
1248 */
1249
1250int tty_init_termios(struct tty_struct *tty)
1251{
1252 struct ktermios *tp;
1253 int idx = tty->index;
1254
1255 tp = tty->driver->termios[idx];
1256 if (tp == NULL) {
1257 tp = kzalloc(sizeof(struct ktermios[2]), GFP_KERNEL);
1258 if (tp == NULL)
1259 return -ENOMEM;
1260 memcpy(tp, &tty->driver->init_termios,
1261 sizeof(struct ktermios));
1262 tty->driver->termios[idx] = tp;
1263 }
1264 tty->termios = tp;
1265 tty->termios_locked = tp + 1;
1266
1267 /* Compatibility until drivers always set this */
1268 tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
1269 tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
1270 return 0;
1271}
1272EXPORT_SYMBOL_GPL(tty_init_termios);
1273
1274/**
1275 * tty_driver_install_tty() - install a tty entry in the driver
1276 * @driver: the driver for the tty
1277 * @tty: the tty
1278 *
1279 * Install a tty object into the driver tables. The tty->index field
1280 * will be set by the time this is called. This method is responsible
1281 * for ensuring any need additional structures are allocated and
1282 * configured.
1283 *
1284 * Locking: tty_mutex for now
1285 */
1286static int tty_driver_install_tty(struct tty_driver *driver,
1287 struct tty_struct *tty)
1288{
1289 int idx = tty->index;
1290 int ret;
1291
1292 if (driver->ops->install) {
1293 ret = driver->ops->install(driver, tty);
1294 return ret;
1295 }
1296
1297 if (tty_init_termios(tty) == 0) {
1298 tty_driver_kref_get(driver);
1299 tty->count++;
1300 driver->ttys[idx] = tty;
1301 return 0;
1302 }
1303 return -ENOMEM;
1304}
1305
1306/**
1307 * tty_driver_remove_tty() - remove a tty from the driver tables
1308 * @driver: the driver for the tty
1309 * @idx: the minor number
1310 *
1311 * Remvoe a tty object from the driver tables. The tty->index field
1312 * will be set by the time this is called.
1313 *
1314 * Locking: tty_mutex for now
1315 */
1316void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty)
1317{
1318 if (driver->ops->remove)
1319 driver->ops->remove(driver, tty);
1320 else
1321 driver->ttys[tty->index] = NULL;
1322}
1323
1324/*
1325 * tty_reopen() - fast re-open of an open tty
1326 * @tty - the tty to open
1327 *
1328 * Return 0 on success, -errno on error.
1329 *
1330 * Locking: tty_mutex must be held from the time the tty was found
1331 * till this open completes.
1332 */
1333static int tty_reopen(struct tty_struct *tty)
1334{
1335 struct tty_driver *driver = tty->driver;
1336
1337 if (test_bit(TTY_CLOSING, &tty->flags) ||
1338 test_bit(TTY_HUPPING, &tty->flags) ||
1339 test_bit(TTY_LDISC_CHANGING, &tty->flags))
1340 return -EIO;
1341
1342 if (driver->type == TTY_DRIVER_TYPE_PTY &&
1343 driver->subtype == PTY_TYPE_MASTER) {
1344 /*
1345 * special case for PTY masters: only one open permitted,
1346 * and the slave side open count is incremented as well.
1347 */
1348 if (tty->count)
1349 return -EIO;
1350
1351 tty->link->count++;
1352 }
1353 tty->count++;
1354 tty->driver = driver; /* N.B. why do this every time?? */
1355
1356 mutex_lock(&tty->ldisc_mutex);
1357 WARN_ON(!test_bit(TTY_LDISC, &tty->flags));
1358 mutex_unlock(&tty->ldisc_mutex);
1359
1360 return 0;
1361}
1362
1363/**
1364 * tty_init_dev - initialise a tty device
1365 * @driver: tty driver we are opening a device on
1366 * @idx: device index
1367 * @ret_tty: returned tty structure
1368 * @first_ok: ok to open a new device (used by ptmx)
1369 *
1370 * Prepare a tty device. This may not be a "new" clean device but
1371 * could also be an active device. The pty drivers require special
1372 * handling because of this.
1373 *
1374 * Locking:
1375 * The function is called under the tty_mutex, which
1376 * protects us from the tty struct or driver itself going away.
1377 *
1378 * On exit the tty device has the line discipline attached and
1379 * a reference count of 1. If a pair was created for pty/tty use
1380 * and the other was a pty master then it too has a reference count of 1.
1381 *
1382 * WSH 06/09/97: Rewritten to remove races and properly clean up after a
1383 * failed open. The new code protects the open with a mutex, so it's
1384 * really quite straightforward. The mutex locking can probably be
1385 * relaxed for the (most common) case of reopening a tty.
1386 */
1387
1388struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx,
1389 int first_ok)
1390{
1391 struct tty_struct *tty;
1392 int retval;
1393
1394 /* Check if pty master is being opened multiple times */
1395 if (driver->subtype == PTY_TYPE_MASTER &&
1396 (driver->flags & TTY_DRIVER_DEVPTS_MEM) && !first_ok) {
1397 return ERR_PTR(-EIO);
1398 }
1399
1400 /*
1401 * First time open is complex, especially for PTY devices.
1402 * This code guarantees that either everything succeeds and the
1403 * TTY is ready for operation, or else the table slots are vacated
1404 * and the allocated memory released. (Except that the termios
1405 * and locked termios may be retained.)
1406 */
1407
1408 if (!try_module_get(driver->owner))
1409 return ERR_PTR(-ENODEV);
1410
1411 tty = alloc_tty_struct();
1412 if (!tty) {
1413 retval = -ENOMEM;
1414 goto err_module_put;
1415 }
1416 initialize_tty_struct(tty, driver, idx);
1417
1418 retval = tty_driver_install_tty(driver, tty);
1419 if (retval < 0)
1420 goto err_deinit_tty;
1421
1422 /*
1423 * Structures all installed ... call the ldisc open routines.
1424 * If we fail here just call release_tty to clean up. No need
1425 * to decrement the use counts, as release_tty doesn't care.
1426 */
1427 retval = tty_ldisc_setup(tty, tty->link);
1428 if (retval)
1429 goto err_release_tty;
1430 return tty;
1431
1432err_deinit_tty:
1433 deinitialize_tty_struct(tty);
1434 free_tty_struct(tty);
1435err_module_put:
1436 module_put(driver->owner);
1437 return ERR_PTR(retval);
1438
1439 /* call the tty release_tty routine to clean out this slot */
1440err_release_tty:
1441 if (printk_ratelimit())
1442 printk(KERN_INFO "tty_init_dev: ldisc open failed, "
1443 "clearing slot %d\n", idx);
1444 release_tty(tty, idx);
1445 return ERR_PTR(retval);
1446}
1447
1448void tty_free_termios(struct tty_struct *tty)
1449{
1450 struct ktermios *tp;
1451 int idx = tty->index;
1452 /* Kill this flag and push into drivers for locking etc */
1453 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
1454 /* FIXME: Locking on ->termios array */
1455 tp = tty->termios;
1456 tty->driver->termios[idx] = NULL;
1457 kfree(tp);
1458 }
1459}
1460EXPORT_SYMBOL(tty_free_termios);
1461
1462void tty_shutdown(struct tty_struct *tty)
1463{
1464 tty_driver_remove_tty(tty->driver, tty);
1465 tty_free_termios(tty);
1466}
1467EXPORT_SYMBOL(tty_shutdown);
1468
1469/**
1470 * release_one_tty - release tty structure memory
1471 * @kref: kref of tty we are obliterating
1472 *
1473 * Releases memory associated with a tty structure, and clears out the
1474 * driver table slots. This function is called when a device is no longer
1475 * in use. It also gets called when setup of a device fails.
1476 *
1477 * Locking:
1478 * tty_mutex - sometimes only
1479 * takes the file list lock internally when working on the list
1480 * of ttys that the driver keeps.
1481 *
1482 * This method gets called from a work queue so that the driver private
1483 * cleanup ops can sleep (needed for USB at least)
1484 */
1485static void release_one_tty(struct work_struct *work)
1486{
1487 struct tty_struct *tty =
1488 container_of(work, struct tty_struct, hangup_work);
1489 struct tty_driver *driver = tty->driver;
1490
1491 if (tty->ops->cleanup)
1492 tty->ops->cleanup(tty);
1493
1494 tty->magic = 0;
1495 tty_driver_kref_put(driver);
1496 module_put(driver->owner);
1497
1498 spin_lock(&tty_files_lock);
1499 list_del_init(&tty->tty_files);
1500 spin_unlock(&tty_files_lock);
1501
1502 put_pid(tty->pgrp);
1503 put_pid(tty->session);
1504 free_tty_struct(tty);
1505}
1506
1507static void queue_release_one_tty(struct kref *kref)
1508{
1509 struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
1510
1511 if (tty->ops->shutdown)
1512 tty->ops->shutdown(tty);
1513 else
1514 tty_shutdown(tty);
1515
1516 /* The hangup queue is now free so we can reuse it rather than
1517 waste a chunk of memory for each port */
1518 INIT_WORK(&tty->hangup_work, release_one_tty);
1519 schedule_work(&tty->hangup_work);
1520}
1521
1522/**
1523 * tty_kref_put - release a tty kref
1524 * @tty: tty device
1525 *
1526 * Release a reference to a tty device and if need be let the kref
1527 * layer destruct the object for us
1528 */
1529
1530void tty_kref_put(struct tty_struct *tty)
1531{
1532 if (tty)
1533 kref_put(&tty->kref, queue_release_one_tty);
1534}
1535EXPORT_SYMBOL(tty_kref_put);
1536
1537/**
1538 * release_tty - release tty structure memory
1539 *
1540 * Release both @tty and a possible linked partner (think pty pair),
1541 * and decrement the refcount of the backing module.
1542 *
1543 * Locking:
1544 * tty_mutex - sometimes only
1545 * takes the file list lock internally when working on the list
1546 * of ttys that the driver keeps.
1547 * FIXME: should we require tty_mutex is held here ??
1548 *
1549 */
1550static void release_tty(struct tty_struct *tty, int idx)
1551{
1552 /* This should always be true but check for the moment */
1553 WARN_ON(tty->index != idx);
1554
1555 if (tty->link)
1556 tty_kref_put(tty->link);
1557 tty_kref_put(tty);
1558}
1559
1560/**
1561 * tty_release - vfs callback for close
1562 * @inode: inode of tty
1563 * @filp: file pointer for handle to tty
1564 *
1565 * Called the last time each file handle is closed that references
1566 * this tty. There may however be several such references.
1567 *
1568 * Locking:
1569 * Takes bkl. See tty_release_dev
1570 *
1571 * Even releasing the tty structures is a tricky business.. We have
1572 * to be very careful that the structures are all released at the
1573 * same time, as interrupts might otherwise get the wrong pointers.
1574 *
1575 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1576 * lead to double frees or releasing memory still in use.
1577 */
1578
1579int tty_release(struct inode *inode, struct file *filp)
1580{
1581 struct tty_struct *tty = file_tty(filp);
1582 struct tty_struct *o_tty;
1583 int pty_master, tty_closing, o_tty_closing, do_sleep;
1584 int devpts;
1585 int idx;
1586 char buf[64];
1587
1588 if (tty_paranoia_check(tty, inode, "tty_release_dev"))
1589 return 0;
1590
1591 tty_lock();
1592 check_tty_count(tty, "tty_release_dev");
1593
1594 __tty_fasync(-1, filp, 0);
1595
1596 idx = tty->index;
1597 pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1598 tty->driver->subtype == PTY_TYPE_MASTER);
1599 devpts = (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) != 0;
1600 o_tty = tty->link;
1601
1602#ifdef TTY_PARANOIA_CHECK
1603 if (idx < 0 || idx >= tty->driver->num) {
1604 printk(KERN_DEBUG "tty_release_dev: bad idx when trying to "
1605 "free (%s)\n", tty->name);
1606 tty_unlock();
1607 return 0;
1608 }
1609 if (!devpts) {
1610 if (tty != tty->driver->ttys[idx]) {
1611 tty_unlock();
1612 printk(KERN_DEBUG "tty_release_dev: driver.table[%d] not tty "
1613 "for (%s)\n", idx, tty->name);
1614 return 0;
1615 }
1616 if (tty->termios != tty->driver->termios[idx]) {
1617 tty_unlock();
1618 printk(KERN_DEBUG "tty_release_dev: driver.termios[%d] not termios "
1619 "for (%s)\n",
1620 idx, tty->name);
1621 return 0;
1622 }
1623 }
1624#endif
1625
1626#ifdef TTY_DEBUG_HANGUP
1627 printk(KERN_DEBUG "tty_release_dev of %s (tty count=%d)...",
1628 tty_name(tty, buf), tty->count);
1629#endif
1630
1631#ifdef TTY_PARANOIA_CHECK
1632 if (tty->driver->other &&
1633 !(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
1634 if (o_tty != tty->driver->other->ttys[idx]) {
1635 tty_unlock();
1636 printk(KERN_DEBUG "tty_release_dev: other->table[%d] "
1637 "not o_tty for (%s)\n",
1638 idx, tty->name);
1639 return 0 ;
1640 }
1641 if (o_tty->termios != tty->driver->other->termios[idx]) {
1642 tty_unlock();
1643 printk(KERN_DEBUG "tty_release_dev: other->termios[%d] "
1644 "not o_termios for (%s)\n",
1645 idx, tty->name);
1646 return 0;
1647 }
1648 if (o_tty->link != tty) {
1649 tty_unlock();
1650 printk(KERN_DEBUG "tty_release_dev: bad pty pointers\n");
1651 return 0;
1652 }
1653 }
1654#endif
1655 if (tty->ops->close)
1656 tty->ops->close(tty, filp);
1657
1658 tty_unlock();
1659 /*
1660 * Sanity check: if tty->count is going to zero, there shouldn't be
1661 * any waiters on tty->read_wait or tty->write_wait. We test the
1662 * wait queues and kick everyone out _before_ actually starting to
1663 * close. This ensures that we won't block while releasing the tty
1664 * structure.
1665 *
1666 * The test for the o_tty closing is necessary, since the master and
1667 * slave sides may close in any order. If the slave side closes out
1668 * first, its count will be one, since the master side holds an open.
1669 * Thus this test wouldn't be triggered at the time the slave closes,
1670 * so we do it now.
1671 *
1672 * Note that it's possible for the tty to be opened again while we're
1673 * flushing out waiters. By recalculating the closing flags before
1674 * each iteration we avoid any problems.
1675 */
1676 while (1) {
1677 /* Guard against races with tty->count changes elsewhere and
1678 opens on /dev/tty */
1679
1680 mutex_lock(&tty_mutex);
1681 tty_lock();
1682 tty_closing = tty->count <= 1;
1683 o_tty_closing = o_tty &&
1684 (o_tty->count <= (pty_master ? 1 : 0));
1685 do_sleep = 0;
1686
1687 if (tty_closing) {
1688 if (waitqueue_active(&tty->read_wait)) {
1689 wake_up_poll(&tty->read_wait, POLLIN);
1690 do_sleep++;
1691 }
1692 if (waitqueue_active(&tty->write_wait)) {
1693 wake_up_poll(&tty->write_wait, POLLOUT);
1694 do_sleep++;
1695 }
1696 }
1697 if (o_tty_closing) {
1698 if (waitqueue_active(&o_tty->read_wait)) {
1699 wake_up_poll(&o_tty->read_wait, POLLIN);
1700 do_sleep++;
1701 }
1702 if (waitqueue_active(&o_tty->write_wait)) {
1703 wake_up_poll(&o_tty->write_wait, POLLOUT);
1704 do_sleep++;
1705 }
1706 }
1707 if (!do_sleep)
1708 break;
1709
1710 printk(KERN_WARNING "tty_release_dev: %s: read/write wait queue "
1711 "active!\n", tty_name(tty, buf));
1712 tty_unlock();
1713 mutex_unlock(&tty_mutex);
1714 schedule();
1715 }
1716
1717 /*
1718 * The closing flags are now consistent with the open counts on
1719 * both sides, and we've completed the last operation that could
1720 * block, so it's safe to proceed with closing.
1721 */
1722 if (pty_master) {
1723 if (--o_tty->count < 0) {
1724 printk(KERN_WARNING "tty_release_dev: bad pty slave count "
1725 "(%d) for %s\n",
1726 o_tty->count, tty_name(o_tty, buf));
1727 o_tty->count = 0;
1728 }
1729 }
1730 if (--tty->count < 0) {
1731 printk(KERN_WARNING "tty_release_dev: bad tty->count (%d) for %s\n",
1732 tty->count, tty_name(tty, buf));
1733 tty->count = 0;
1734 }
1735
1736 /*
1737 * We've decremented tty->count, so we need to remove this file
1738 * descriptor off the tty->tty_files list; this serves two
1739 * purposes:
1740 * - check_tty_count sees the correct number of file descriptors
1741 * associated with this tty.
1742 * - do_tty_hangup no longer sees this file descriptor as
1743 * something that needs to be handled for hangups.
1744 */
1745 tty_del_file(filp);
1746
1747 /*
1748 * Perform some housekeeping before deciding whether to return.
1749 *
1750 * Set the TTY_CLOSING flag if this was the last open. In the
1751 * case of a pty we may have to wait around for the other side
1752 * to close, and TTY_CLOSING makes sure we can't be reopened.
1753 */
1754 if (tty_closing)
1755 set_bit(TTY_CLOSING, &tty->flags);
1756 if (o_tty_closing)
1757 set_bit(TTY_CLOSING, &o_tty->flags);
1758
1759 /*
1760 * If _either_ side is closing, make sure there aren't any
1761 * processes that still think tty or o_tty is their controlling
1762 * tty.
1763 */
1764 if (tty_closing || o_tty_closing) {
1765 read_lock(&tasklist_lock);
1766 session_clear_tty(tty->session);
1767 if (o_tty)
1768 session_clear_tty(o_tty->session);
1769 read_unlock(&tasklist_lock);
1770 }
1771
1772 mutex_unlock(&tty_mutex);
1773
1774 /* check whether both sides are closing ... */
1775 if (!tty_closing || (o_tty && !o_tty_closing)) {
1776 tty_unlock();
1777 return 0;
1778 }
1779
1780#ifdef TTY_DEBUG_HANGUP
1781 printk(KERN_DEBUG "freeing tty structure...");
1782#endif
1783 /*
1784 * Ask the line discipline code to release its structures
1785 */
1786 tty_ldisc_release(tty, o_tty);
1787 /*
1788 * The release_tty function takes care of the details of clearing
1789 * the slots and preserving the termios structure.
1790 */
1791 release_tty(tty, idx);
1792
1793 /* Make this pty number available for reallocation */
1794 if (devpts)
1795 devpts_kill_index(inode, idx);
1796 tty_unlock();
1797 return 0;
1798}
1799
1800/**
1801 * tty_open - open a tty device
1802 * @inode: inode of device file
1803 * @filp: file pointer to tty
1804 *
1805 * tty_open and tty_release keep up the tty count that contains the
1806 * number of opens done on a tty. We cannot use the inode-count, as
1807 * different inodes might point to the same tty.
1808 *
1809 * Open-counting is needed for pty masters, as well as for keeping
1810 * track of serial lines: DTR is dropped when the last close happens.
1811 * (This is not done solely through tty->count, now. - Ted 1/27/92)
1812 *
1813 * The termios state of a pty is reset on first open so that
1814 * settings don't persist across reuse.
1815 *
1816 * Locking: tty_mutex protects tty, get_tty_driver and tty_init_dev work.
1817 * tty->count should protect the rest.
1818 * ->siglock protects ->signal/->sighand
1819 */
1820
1821static int tty_open(struct inode *inode, struct file *filp)
1822{
1823 struct tty_struct *tty = NULL;
1824 int noctty, retval;
1825 struct tty_driver *driver;
1826 int index;
1827 dev_t device = inode->i_rdev;
1828 unsigned saved_flags = filp->f_flags;
1829
1830 nonseekable_open(inode, filp);
1831
1832retry_open:
1833 retval = tty_alloc_file(filp);
1834 if (retval)
1835 return -ENOMEM;
1836
1837 noctty = filp->f_flags & O_NOCTTY;
1838 index = -1;
1839 retval = 0;
1840
1841 mutex_lock(&tty_mutex);
1842 tty_lock();
1843
1844 if (device == MKDEV(TTYAUX_MAJOR, 0)) {
1845 tty = get_current_tty();
1846 if (!tty) {
1847 tty_unlock();
1848 mutex_unlock(&tty_mutex);
1849 tty_free_file(filp);
1850 return -ENXIO;
1851 }
1852 driver = tty_driver_kref_get(tty->driver);
1853 index = tty->index;
1854 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
1855 /* noctty = 1; */
1856 /* FIXME: Should we take a driver reference ? */
1857 tty_kref_put(tty);
1858 goto got_driver;
1859 }
1860#ifdef CONFIG_VT
1861 if (device == MKDEV(TTY_MAJOR, 0)) {
1862 extern struct tty_driver *console_driver;
1863 driver = tty_driver_kref_get(console_driver);
1864 index = fg_console;
1865 noctty = 1;
1866 goto got_driver;
1867 }
1868#endif
1869 if (device == MKDEV(TTYAUX_MAJOR, 1)) {
1870 struct tty_driver *console_driver = console_device(&index);
1871 if (console_driver) {
1872 driver = tty_driver_kref_get(console_driver);
1873 if (driver) {
1874 /* Don't let /dev/console block */
1875 filp->f_flags |= O_NONBLOCK;
1876 noctty = 1;
1877 goto got_driver;
1878 }
1879 }
1880 tty_unlock();
1881 mutex_unlock(&tty_mutex);
1882 tty_free_file(filp);
1883 return -ENODEV;
1884 }
1885
1886 driver = get_tty_driver(device, &index);
1887 if (!driver) {
1888 tty_unlock();
1889 mutex_unlock(&tty_mutex);
1890 tty_free_file(filp);
1891 return -ENODEV;
1892 }
1893got_driver:
1894 if (!tty) {
1895 /* check whether we're reopening an existing tty */
1896 tty = tty_driver_lookup_tty(driver, inode, index);
1897
1898 if (IS_ERR(tty)) {
1899 tty_unlock();
1900 mutex_unlock(&tty_mutex);
1901 tty_driver_kref_put(driver);
1902 tty_free_file(filp);
1903 return PTR_ERR(tty);
1904 }
1905 }
1906
1907 if (tty) {
1908 retval = tty_reopen(tty);
1909 if (retval)
1910 tty = ERR_PTR(retval);
1911 } else
1912 tty = tty_init_dev(driver, index, 0);
1913
1914 mutex_unlock(&tty_mutex);
1915 tty_driver_kref_put(driver);
1916 if (IS_ERR(tty)) {
1917 tty_unlock();
1918 tty_free_file(filp);
1919 return PTR_ERR(tty);
1920 }
1921
1922 tty_add_file(tty, filp);
1923
1924 check_tty_count(tty, "tty_open");
1925 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1926 tty->driver->subtype == PTY_TYPE_MASTER)
1927 noctty = 1;
1928#ifdef TTY_DEBUG_HANG…Large files files are truncated, but you can click here to view the full file