1 // SPDX-License-Identifier: GPL-2.0
3 * Copyright (C) 1991, 1992 Linus Torvalds
7 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
8 * or rs-channels. It also implements echoing, cooked mode etc.
10 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
12 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
13 * tty_struct and tty_queue structures. Previously there was an array
14 * of 256 tty_struct's which was statically allocated, and the
15 * tty_queue structures were allocated at boot time. Both are now
16 * dynamically allocated only when the tty is open.
18 * Also restructured routines so that there is more of a separation
19 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
20 * the low-level tty routines (serial.c, pty.c, console.c). This
21 * makes for cleaner and more compact code. -TYT, 9/17/92
23 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
24 * which can be dynamically activated and de-activated by the line
25 * discipline handling modules (like SLIP).
27 * NOTE: pay no attention to the line discipline code (yet); its
28 * interface is still subject to change in this version...
31 * Added functionality to the OPOST tty handling. No delays, but all
32 * other bits should be there.
33 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
35 * Rewrote canonical mode and added more termios flags.
36 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
38 * Reorganized FASYNC support so mouse code can share it.
39 * -- ctm@ardi.com, 9Sep95
41 * New TIOCLINUX variants added.
42 * -- mj@k332.feld.cvut.cz, 19-Nov-95
44 * Restrict vt switching via ioctl()
45 * -- grif@cs.ucr.edu, 5-Dec-95
47 * Move console and virtual terminal code to more appropriate files,
48 * implement CONFIG_VT and generalize console device interface.
49 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
51 * Rewrote tty_init_dev and tty_release_dev to eliminate races.
52 * -- Bill Hawes <whawes@star.net>, June 97
54 * Added devfs support.
55 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
57 * Added support for a Unix98-style ptmx device.
58 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
60 * Reduced memory usage for older ARM systems
61 * -- Russell King <rmk@arm.linux.org.uk>
63 * Move do_SAK() into process context. Less stack use in devfs functions.
64 * alloc_tty_struct() always uses kmalloc()
65 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
68 #include <linux/types.h>
69 #include <linux/major.h>
70 #include <linux/errno.h>
71 #include <linux/signal.h>
72 #include <linux/fcntl.h>
73 #include <linux/sched/signal.h>
74 #include <linux/sched/task.h>
75 #include <linux/interrupt.h>
76 #include <linux/tty.h>
77 #include <linux/tty_driver.h>
78 #include <linux/tty_flip.h>
79 #include <linux/devpts_fs.h>
80 #include <linux/file.h>
81 #include <linux/fdtable.h>
82 #include <linux/console.h>
83 #include <linux/timer.h>
84 #include <linux/ctype.h>
87 #include <linux/string.h>
88 #include <linux/slab.h>
89 #include <linux/poll.h>
90 #include <linux/ppp-ioctl.h>
91 #include <linux/proc_fs.h>
92 #include <linux/init.h>
93 #include <linux/module.h>
94 #include <linux/device.h>
95 #include <linux/wait.h>
96 #include <linux/bitops.h>
97 #include <linux/delay.h>
98 #include <linux/seq_file.h>
99 #include <linux/serial.h>
100 #include <linux/ratelimit.h>
101 #include <linux/compat.h>
102 #include <linux/uaccess.h>
103 #include <linux/termios_internal.h>
104 #include <linux/fs.h>
106 #include <linux/kbd_kern.h>
107 #include <linux/vt_kern.h>
108 #include <linux/selection.h>
110 #include <linux/kmod.h>
111 #include <linux/nsproxy.h>
114 #undef TTY_DEBUG_HANGUP
115 #ifdef TTY_DEBUG_HANGUP
116 # define tty_debug_hangup(tty, f, args...) tty_debug(tty, f, ##args)
118 # define tty_debug_hangup(tty, f, args...) do { } while (0)
121 #define TTY_PARANOIA_CHECK 1
122 #define CHECK_TTY_COUNT 1
124 struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
125 .c_iflag = ICRNL | IXON,
126 .c_oflag = OPOST | ONLCR,
127 .c_cflag = B38400 | CS8 | CREAD | HUPCL,
128 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
129 ECHOCTL | ECHOKE | IEXTEN,
133 /* .c_line = N_TTY, */
135 EXPORT_SYMBOL(tty_std_termios);
137 /* This list gets poked at by procfs and various bits of boot up code. This
138 * could do with some rationalisation such as pulling the tty proc function
142 LIST_HEAD(tty_drivers); /* linked list of tty drivers */
144 /* Mutex to protect creating and releasing a tty */
145 DEFINE_MUTEX(tty_mutex);
147 static ssize_t tty_read(struct kiocb *, struct iov_iter *);
148 static ssize_t tty_write(struct kiocb *, struct iov_iter *);
149 static __poll_t tty_poll(struct file *, poll_table *);
150 static int tty_open(struct inode *, struct file *);
152 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
155 #define tty_compat_ioctl NULL
157 static int __tty_fasync(int fd, struct file *filp, int on);
158 static int tty_fasync(int fd, struct file *filp, int on);
159 static void release_tty(struct tty_struct *tty, int idx);
162 * free_tty_struct - free a disused tty
163 * @tty: tty struct to free
165 * Free the write buffers, tty queue and tty memory itself.
167 * Locking: none. Must be called after tty is definitely unused
169 static void free_tty_struct(struct tty_struct *tty)
171 tty_ldisc_deinit(tty);
172 put_device(tty->dev);
173 kvfree(tty->write_buf);
177 static inline struct tty_struct *file_tty(struct file *file)
179 return ((struct tty_file_private *)file->private_data)->tty;
182 int tty_alloc_file(struct file *file)
184 struct tty_file_private *priv;
186 priv = kmalloc(sizeof(*priv), GFP_KERNEL);
190 file->private_data = priv;
195 /* Associate a new file with the tty structure */
196 void tty_add_file(struct tty_struct *tty, struct file *file)
198 struct tty_file_private *priv = file->private_data;
203 spin_lock(&tty->files_lock);
204 list_add(&priv->list, &tty->tty_files);
205 spin_unlock(&tty->files_lock);
209 * tty_free_file - free file->private_data
210 * @file: to free private_data of
212 * This shall be used only for fail path handling when tty_add_file was not
215 void tty_free_file(struct file *file)
217 struct tty_file_private *priv = file->private_data;
219 file->private_data = NULL;
223 /* Delete file from its tty */
224 static void tty_del_file(struct file *file)
226 struct tty_file_private *priv = file->private_data;
227 struct tty_struct *tty = priv->tty;
229 spin_lock(&tty->files_lock);
230 list_del(&priv->list);
231 spin_unlock(&tty->files_lock);
236 * tty_name - return tty naming
237 * @tty: tty structure
239 * Convert a tty structure into a name. The name reflects the kernel naming
240 * policy and if udev is in use may not reflect user space
244 const char *tty_name(const struct tty_struct *tty)
246 if (!tty) /* Hmm. NULL pointer. That's fun. */
250 EXPORT_SYMBOL(tty_name);
252 const char *tty_driver_name(const struct tty_struct *tty)
254 if (!tty || !tty->driver)
256 return tty->driver->name;
259 static int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
262 #ifdef TTY_PARANOIA_CHECK
264 pr_warn("(%d:%d): %s: NULL tty\n",
265 imajor(inode), iminor(inode), routine);
272 /* Caller must hold tty_lock */
273 static void check_tty_count(struct tty_struct *tty, const char *routine)
275 #ifdef CHECK_TTY_COUNT
277 int count = 0, kopen_count = 0;
279 spin_lock(&tty->files_lock);
280 list_for_each(p, &tty->tty_files) {
283 spin_unlock(&tty->files_lock);
284 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
285 tty->driver->subtype == PTY_TYPE_SLAVE &&
286 tty->link && tty->link->count)
288 if (tty_port_kopened(tty->port))
290 if (tty->count != (count + kopen_count)) {
291 tty_warn(tty, "%s: tty->count(%d) != (#fd's(%d) + #kopen's(%d))\n",
292 routine, tty->count, count, kopen_count);
298 * get_tty_driver - find device of a tty
299 * @device: device identifier
300 * @index: returns the index of the tty
302 * This routine returns a tty driver structure, given a device number and also
303 * passes back the index number.
305 * Locking: caller must hold tty_mutex
307 static struct tty_driver *get_tty_driver(dev_t device, int *index)
309 struct tty_driver *p;
311 list_for_each_entry(p, &tty_drivers, tty_drivers) {
312 dev_t base = MKDEV(p->major, p->minor_start);
314 if (device < base || device >= base + p->num)
316 *index = device - base;
317 return tty_driver_kref_get(p);
323 * tty_dev_name_to_number - return dev_t for device name
324 * @name: user space name of device under /dev
325 * @number: pointer to dev_t that this function will populate
327 * This function converts device names like ttyS0 or ttyUSB1 into dev_t like
328 * (4, 64) or (188, 1). If no corresponding driver is registered then the
329 * function returns -%ENODEV.
331 * Locking: this acquires tty_mutex to protect the tty_drivers list from
332 * being modified while we are traversing it, and makes sure to
333 * release it before exiting.
335 int tty_dev_name_to_number(const char *name, dev_t *number)
337 struct tty_driver *p;
339 int index, prefix_length = 0;
342 for (str = name; *str && !isdigit(*str); str++)
348 ret = kstrtoint(str, 10, &index);
352 prefix_length = str - name;
353 mutex_lock(&tty_mutex);
355 list_for_each_entry(p, &tty_drivers, tty_drivers)
356 if (prefix_length == strlen(p->name) && strncmp(name,
357 p->name, prefix_length) == 0) {
358 if (index < p->num) {
359 *number = MKDEV(p->major, p->minor_start + index);
364 /* if here then driver wasn't found */
367 mutex_unlock(&tty_mutex);
370 EXPORT_SYMBOL_GPL(tty_dev_name_to_number);
372 #ifdef CONFIG_CONSOLE_POLL
375 * tty_find_polling_driver - find device of a polled tty
376 * @name: name string to match
377 * @line: pointer to resulting tty line nr
379 * This routine returns a tty driver structure, given a name and the condition
380 * that the tty driver is capable of polled operation.
382 struct tty_driver *tty_find_polling_driver(char *name, int *line)
384 struct tty_driver *p, *res = NULL;
389 for (str = name; *str; str++)
390 if ((*str >= '0' && *str <= '9') || *str == ',')
396 tty_line = simple_strtoul(str, &str, 10);
398 mutex_lock(&tty_mutex);
399 /* Search through the tty devices to look for a match */
400 list_for_each_entry(p, &tty_drivers, tty_drivers) {
401 if (!len || strncmp(name, p->name, len) != 0)
409 if (tty_line >= 0 && tty_line < p->num && p->ops &&
410 p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) {
411 res = tty_driver_kref_get(p);
416 mutex_unlock(&tty_mutex);
420 EXPORT_SYMBOL_GPL(tty_find_polling_driver);
423 static ssize_t hung_up_tty_read(struct kiocb *iocb, struct iov_iter *to)
428 static ssize_t hung_up_tty_write(struct kiocb *iocb, struct iov_iter *from)
433 /* No kernel lock held - none needed ;) */
434 static __poll_t hung_up_tty_poll(struct file *filp, poll_table *wait)
436 return EPOLLIN | EPOLLOUT | EPOLLERR | EPOLLHUP | EPOLLRDNORM | EPOLLWRNORM;
439 static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
442 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
445 static long hung_up_tty_compat_ioctl(struct file *file,
446 unsigned int cmd, unsigned long arg)
448 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
451 static int hung_up_tty_fasync(int fd, struct file *file, int on)
456 static void tty_show_fdinfo(struct seq_file *m, struct file *file)
458 struct tty_struct *tty = file_tty(file);
460 if (tty && tty->ops && tty->ops->show_fdinfo)
461 tty->ops->show_fdinfo(tty, m);
464 static const struct file_operations tty_fops = {
466 .read_iter = tty_read,
467 .write_iter = tty_write,
468 .splice_read = copy_splice_read,
469 .splice_write = iter_file_splice_write,
471 .unlocked_ioctl = tty_ioctl,
472 .compat_ioctl = tty_compat_ioctl,
474 .release = tty_release,
475 .fasync = tty_fasync,
476 .show_fdinfo = tty_show_fdinfo,
479 static const struct file_operations console_fops = {
481 .read_iter = tty_read,
482 .write_iter = redirected_tty_write,
483 .splice_read = copy_splice_read,
484 .splice_write = iter_file_splice_write,
486 .unlocked_ioctl = tty_ioctl,
487 .compat_ioctl = tty_compat_ioctl,
489 .release = tty_release,
490 .fasync = tty_fasync,
493 static const struct file_operations hung_up_tty_fops = {
495 .read_iter = hung_up_tty_read,
496 .write_iter = hung_up_tty_write,
497 .poll = hung_up_tty_poll,
498 .unlocked_ioctl = hung_up_tty_ioctl,
499 .compat_ioctl = hung_up_tty_compat_ioctl,
500 .release = tty_release,
501 .fasync = hung_up_tty_fasync,
504 static DEFINE_SPINLOCK(redirect_lock);
505 static struct file *redirect;
508 * tty_wakeup - request more data
511 * Internal and external helper for wakeups of tty. This function informs the
512 * line discipline if present that the driver is ready to receive more output
515 void tty_wakeup(struct tty_struct *tty)
517 struct tty_ldisc *ld;
519 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
520 ld = tty_ldisc_ref(tty);
522 if (ld->ops->write_wakeup)
523 ld->ops->write_wakeup(tty);
527 wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT);
529 EXPORT_SYMBOL_GPL(tty_wakeup);
532 * tty_release_redirect - Release a redirect on a pty if present
535 * This is available to the pty code so if the master closes, if the slave is a
536 * redirect it can release the redirect.
538 static struct file *tty_release_redirect(struct tty_struct *tty)
540 struct file *f = NULL;
542 spin_lock(&redirect_lock);
543 if (redirect && file_tty(redirect) == tty) {
547 spin_unlock(&redirect_lock);
553 * __tty_hangup - actual handler for hangup events
555 * @exit_session: if non-zero, signal all foreground group processes
557 * This can be called by a "kworker" kernel thread. That is process synchronous
558 * but doesn't hold any locks, so we need to make sure we have the appropriate
559 * locks for what we're doing.
561 * The hangup event clears any pending redirections onto the hung up device. It
562 * ensures future writes will error and it does the needed line discipline
563 * hangup and signal delivery. The tty object itself remains intact.
568 * * redirect lock for undoing redirection
569 * * file list lock for manipulating list of ttys
570 * * tty_ldiscs_lock from called functions
571 * * termios_rwsem resetting termios data
572 * * tasklist_lock to walk task list for hangup event
574 * * ->siglock to protect ->signal/->sighand
577 static void __tty_hangup(struct tty_struct *tty, int exit_session)
579 struct file *cons_filp = NULL;
580 struct file *filp, *f;
581 struct tty_file_private *priv;
582 int closecount = 0, n;
588 f = tty_release_redirect(tty);
592 if (test_bit(TTY_HUPPED, &tty->flags)) {
598 * Some console devices aren't actually hung up for technical and
599 * historical reasons, which can lead to indefinite interruptible
600 * sleep in n_tty_read(). The following explicitly tells
601 * n_tty_read() to abort readers.
603 set_bit(TTY_HUPPING, &tty->flags);
605 /* inuse_filps is protected by the single tty lock,
606 * this really needs to change if we want to flush the
607 * workqueue with the lock held.
609 check_tty_count(tty, "tty_hangup");
611 spin_lock(&tty->files_lock);
612 /* This breaks for file handles being sent over AF_UNIX sockets ? */
613 list_for_each_entry(priv, &tty->tty_files, list) {
615 if (filp->f_op->write_iter == redirected_tty_write)
617 if (filp->f_op->write_iter != tty_write)
620 __tty_fasync(-1, filp, 0); /* can't block */
621 filp->f_op = &hung_up_tty_fops;
623 spin_unlock(&tty->files_lock);
625 refs = tty_signal_session_leader(tty, exit_session);
626 /* Account for the p->signal references we killed */
630 tty_ldisc_hangup(tty, cons_filp != NULL);
632 spin_lock_irq(&tty->ctrl.lock);
633 clear_bit(TTY_THROTTLED, &tty->flags);
634 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
635 put_pid(tty->ctrl.session);
636 put_pid(tty->ctrl.pgrp);
637 tty->ctrl.session = NULL;
638 tty->ctrl.pgrp = NULL;
639 tty->ctrl.pktstatus = 0;
640 spin_unlock_irq(&tty->ctrl.lock);
643 * If one of the devices matches a console pointer, we
644 * cannot just call hangup() because that will cause
645 * tty->count and state->count to go out of sync.
646 * So we just call close() the right number of times.
650 for (n = 0; n < closecount; n++)
651 tty->ops->close(tty, cons_filp);
652 } else if (tty->ops->hangup)
653 tty->ops->hangup(tty);
655 * We don't want to have driver/ldisc interactions beyond the ones
656 * we did here. The driver layer expects no calls after ->hangup()
657 * from the ldisc side, which is now guaranteed.
659 set_bit(TTY_HUPPED, &tty->flags);
660 clear_bit(TTY_HUPPING, &tty->flags);
667 static void do_tty_hangup(struct work_struct *work)
669 struct tty_struct *tty =
670 container_of(work, struct tty_struct, hangup_work);
672 __tty_hangup(tty, 0);
676 * tty_hangup - trigger a hangup event
677 * @tty: tty to hangup
679 * A carrier loss (virtual or otherwise) has occurred on @tty. Schedule a
680 * hangup sequence to run after this event.
682 void tty_hangup(struct tty_struct *tty)
684 tty_debug_hangup(tty, "hangup\n");
685 schedule_work(&tty->hangup_work);
687 EXPORT_SYMBOL(tty_hangup);
690 * tty_vhangup - process vhangup
691 * @tty: tty to hangup
693 * The user has asked via system call for the terminal to be hung up. We do
694 * this synchronously so that when the syscall returns the process is complete.
695 * That guarantee is necessary for security reasons.
697 void tty_vhangup(struct tty_struct *tty)
699 tty_debug_hangup(tty, "vhangup\n");
700 __tty_hangup(tty, 0);
702 EXPORT_SYMBOL(tty_vhangup);
706 * tty_vhangup_self - process vhangup for own ctty
708 * Perform a vhangup on the current controlling tty
710 void tty_vhangup_self(void)
712 struct tty_struct *tty;
714 tty = get_current_tty();
722 * tty_vhangup_session - hangup session leader exit
723 * @tty: tty to hangup
725 * The session leader is exiting and hanging up its controlling terminal.
726 * Every process in the foreground process group is signalled %SIGHUP.
728 * We do this synchronously so that when the syscall returns the process is
729 * complete. That guarantee is necessary for security reasons.
731 void tty_vhangup_session(struct tty_struct *tty)
733 tty_debug_hangup(tty, "session hangup\n");
734 __tty_hangup(tty, 1);
738 * tty_hung_up_p - was tty hung up
739 * @filp: file pointer of tty
741 * Return: true if the tty has been subject to a vhangup or a carrier loss
743 int tty_hung_up_p(struct file *filp)
745 return (filp && filp->f_op == &hung_up_tty_fops);
747 EXPORT_SYMBOL(tty_hung_up_p);
749 void __stop_tty(struct tty_struct *tty)
751 if (tty->flow.stopped)
753 tty->flow.stopped = true;
759 * stop_tty - propagate flow control
762 * Perform flow control to the driver. May be called on an already stopped
763 * device and will not re-call the &tty_driver->stop() method.
765 * This functionality is used by both the line disciplines for halting incoming
766 * flow and by the driver. It may therefore be called from any context, may be
767 * under the tty %atomic_write_lock but not always.
772 void stop_tty(struct tty_struct *tty)
776 spin_lock_irqsave(&tty->flow.lock, flags);
778 spin_unlock_irqrestore(&tty->flow.lock, flags);
780 EXPORT_SYMBOL(stop_tty);
782 void __start_tty(struct tty_struct *tty)
784 if (!tty->flow.stopped || tty->flow.tco_stopped)
786 tty->flow.stopped = false;
788 tty->ops->start(tty);
793 * start_tty - propagate flow control
796 * Start a tty that has been stopped if at all possible. If @tty was previously
797 * stopped and is now being started, the &tty_driver->start() method is invoked
798 * and the line discipline woken.
803 void start_tty(struct tty_struct *tty)
807 spin_lock_irqsave(&tty->flow.lock, flags);
809 spin_unlock_irqrestore(&tty->flow.lock, flags);
811 EXPORT_SYMBOL(start_tty);
813 static void tty_update_time(struct tty_struct *tty, bool mtime)
815 time64_t sec = ktime_get_real_seconds();
816 struct tty_file_private *priv;
818 spin_lock(&tty->files_lock);
819 list_for_each_entry(priv, &tty->tty_files, list) {
820 struct inode *inode = file_inode(priv->file);
821 struct timespec64 time = mtime ? inode_get_mtime(inode) : inode_get_atime(inode);
824 * We only care if the two values differ in anything other than the
825 * lower three bits (i.e every 8 seconds). If so, then we can update
826 * the time of the tty device, otherwise it could be construded as a
827 * security leak to let userspace know the exact timing of the tty.
829 if ((sec ^ time.tv_sec) & ~7) {
831 inode_set_mtime(inode, sec, 0);
833 inode_set_atime(inode, sec, 0);
836 spin_unlock(&tty->files_lock);
840 * Iterate on the ldisc ->read() function until we've gotten all
841 * the data the ldisc has for us.
843 * The "cookie" is something that the ldisc read function can fill
844 * in to let us know that there is more data to be had.
846 * We promise to continue to call the ldisc until it stops returning
847 * data or clears the cookie. The cookie may be something that the
848 * ldisc maintains state for and needs to free.
850 static ssize_t iterate_tty_read(struct tty_ldisc *ld, struct tty_struct *tty,
851 struct file *file, struct iov_iter *to)
854 unsigned long offset = 0;
856 size_t copied, count = iov_iter_count(to);
860 ssize_t size = min(count, sizeof(kernel_buf));
862 size = ld->ops->read(tty, file, kernel_buf, size, &cookie, offset);
867 /* Did we have an earlier error (ie -EFAULT)? */
873 * -EOVERFLOW means we didn't have enough space
874 * for a whole packet, and we shouldn't return
877 if (retval == -EOVERFLOW)
882 copied = copy_to_iter(kernel_buf, size, to);
887 * If the user copy failed, we still need to do another ->read()
888 * call if we had a cookie to let the ldisc clear up.
890 * But make sure size is zeroed.
892 if (unlikely(copied != size)) {
898 /* We always clear tty buffer in case they contained passwords */
899 memzero_explicit(kernel_buf, sizeof(kernel_buf));
900 return offset ? offset : retval;
905 * tty_read - read method for tty device files
906 * @iocb: kernel I/O control block
907 * @to: destination for the data read
909 * Perform the read system call function on this terminal device. Checks
910 * for hung up devices before calling the line discipline method.
913 * Locks the line discipline internally while needed. Multiple read calls
914 * may be outstanding in parallel.
916 static ssize_t tty_read(struct kiocb *iocb, struct iov_iter *to)
918 struct file *file = iocb->ki_filp;
919 struct inode *inode = file_inode(file);
920 struct tty_struct *tty = file_tty(file);
921 struct tty_ldisc *ld;
924 if (tty_paranoia_check(tty, inode, "tty_read"))
926 if (!tty || tty_io_error(tty))
929 /* We want to wait for the line discipline to sort out in this
932 ld = tty_ldisc_ref_wait(tty);
934 return hung_up_tty_read(iocb, to);
937 ret = iterate_tty_read(ld, tty, file, to);
941 tty_update_time(tty, false);
946 void tty_write_unlock(struct tty_struct *tty)
948 mutex_unlock(&tty->atomic_write_lock);
949 wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT);
952 int tty_write_lock(struct tty_struct *tty, bool ndelay)
954 if (!mutex_trylock(&tty->atomic_write_lock)) {
957 if (mutex_lock_interruptible(&tty->atomic_write_lock))
964 * Split writes up in sane blocksizes to avoid
965 * denial-of-service type attacks
967 static ssize_t iterate_tty_write(struct tty_ldisc *ld, struct tty_struct *tty,
968 struct file *file, struct iov_iter *from)
970 size_t chunk, count = iov_iter_count(from);
971 ssize_t ret, written = 0;
973 ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
978 * We chunk up writes into a temporary buffer. This
979 * simplifies low-level drivers immensely, since they
980 * don't have locking issues and user mode accesses.
982 * But if TTY_NO_WRITE_SPLIT is set, we should use a
985 * The default chunk-size is 2kB, because the NTTY
986 * layer has problems with bigger chunks. It will
987 * claim to be able to handle more characters than
991 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
996 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
997 if (tty->write_cnt < chunk) {
1003 buf_chunk = kvmalloc(chunk, GFP_KERNEL | __GFP_RETRY_MAYFAIL);
1008 kvfree(tty->write_buf);
1009 tty->write_cnt = chunk;
1010 tty->write_buf = buf_chunk;
1013 /* Do the write .. */
1015 size_t size = min(chunk, count);
1018 if (copy_from_iter(tty->write_buf, size, from) != size)
1021 ret = ld->ops->write(tty, file, tty->write_buf, size);
1029 /* FIXME! Have Al check this! */
1031 iov_iter_revert(from, size-ret);
1037 if (signal_pending(current))
1042 tty_update_time(tty, true);
1046 tty_write_unlock(tty);
1050 #ifdef CONFIG_PRINT_QUOTA_WARNING
1052 * tty_write_message - write a message to a certain tty, not just the console.
1053 * @tty: the destination tty_struct
1054 * @msg: the message to write
1056 * This is used for messages that need to be redirected to a specific tty. We
1057 * don't put it into the syslog queue right now maybe in the future if really
1060 * We must still hold the BTM and test the CLOSING flag for the moment.
1062 * This function is DEPRECATED, do not use in new code.
1064 void tty_write_message(struct tty_struct *tty, char *msg)
1067 mutex_lock(&tty->atomic_write_lock);
1069 if (tty->ops->write && tty->count > 0)
1070 tty->ops->write(tty, msg, strlen(msg));
1072 tty_write_unlock(tty);
1077 static ssize_t file_tty_write(struct file *file, struct kiocb *iocb, struct iov_iter *from)
1079 struct tty_struct *tty = file_tty(file);
1080 struct tty_ldisc *ld;
1083 if (tty_paranoia_check(tty, file_inode(file), "tty_write"))
1085 if (!tty || !tty->ops->write || tty_io_error(tty))
1087 /* Short term debug to catch buggy drivers */
1088 if (tty->ops->write_room == NULL)
1089 tty_err(tty, "missing write_room method\n");
1090 ld = tty_ldisc_ref_wait(tty);
1092 return hung_up_tty_write(iocb, from);
1093 if (!ld->ops->write)
1096 ret = iterate_tty_write(ld, tty, file, from);
1097 tty_ldisc_deref(ld);
1102 * tty_write - write method for tty device file
1103 * @iocb: kernel I/O control block
1104 * @from: iov_iter with data to write
1106 * Write data to a tty device via the line discipline.
1109 * Locks the line discipline as required
1110 * Writes to the tty driver are serialized by the atomic_write_lock
1111 * and are then processed in chunks to the device. The line
1112 * discipline write method will not be invoked in parallel for
1115 static ssize_t tty_write(struct kiocb *iocb, struct iov_iter *from)
1117 return file_tty_write(iocb->ki_filp, iocb, from);
1120 ssize_t redirected_tty_write(struct kiocb *iocb, struct iov_iter *iter)
1122 struct file *p = NULL;
1124 spin_lock(&redirect_lock);
1126 p = get_file(redirect);
1127 spin_unlock(&redirect_lock);
1130 * We know the redirected tty is just another tty, we can
1131 * call file_tty_write() directly with that file pointer.
1136 res = file_tty_write(p, iocb, iter);
1140 return tty_write(iocb, iter);
1144 * tty_send_xchar - send priority character
1145 * @tty: the tty to send to
1146 * @ch: xchar to send
1148 * Send a high priority character to the tty even if stopped.
1150 * Locking: none for xchar method, write ordering for write method.
1152 int tty_send_xchar(struct tty_struct *tty, u8 ch)
1154 bool was_stopped = tty->flow.stopped;
1156 if (tty->ops->send_xchar) {
1157 down_read(&tty->termios_rwsem);
1158 tty->ops->send_xchar(tty, ch);
1159 up_read(&tty->termios_rwsem);
1163 if (tty_write_lock(tty, false) < 0)
1164 return -ERESTARTSYS;
1166 down_read(&tty->termios_rwsem);
1169 tty->ops->write(tty, &ch, 1);
1172 up_read(&tty->termios_rwsem);
1173 tty_write_unlock(tty);
1178 * pty_line_name - generate name for a pty
1179 * @driver: the tty driver in use
1180 * @index: the minor number
1181 * @p: output buffer of at least 6 bytes
1183 * Generate a name from a @driver reference and write it to the output buffer
1188 static void pty_line_name(struct tty_driver *driver, int index, char *p)
1190 static const char ptychar[] = "pqrstuvwxyzabcde";
1191 int i = index + driver->name_base;
1192 /* ->name is initialized to "ttyp", but "tty" is expected */
1193 sprintf(p, "%s%c%x",
1194 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1195 ptychar[i >> 4 & 0xf], i & 0xf);
1199 * tty_line_name - generate name for a tty
1200 * @driver: the tty driver in use
1201 * @index: the minor number
1202 * @p: output buffer of at least 7 bytes
1204 * Generate a name from a @driver reference and write it to the output buffer
1209 static ssize_t tty_line_name(struct tty_driver *driver, int index, char *p)
1211 if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE)
1212 return sprintf(p, "%s", driver->name);
1214 return sprintf(p, "%s%d", driver->name,
1215 index + driver->name_base);
1219 * tty_driver_lookup_tty() - find an existing tty, if any
1220 * @driver: the driver for the tty
1221 * @file: file object
1222 * @idx: the minor number
1224 * Return: the tty, if found. If not found, return %NULL or ERR_PTR() if the
1225 * driver lookup() method returns an error.
1227 * Locking: tty_mutex must be held. If the tty is found, bump the tty kref.
1229 static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver,
1230 struct file *file, int idx)
1232 struct tty_struct *tty;
1234 if (driver->ops->lookup) {
1236 tty = ERR_PTR(-EIO);
1238 tty = driver->ops->lookup(driver, file, idx);
1240 if (idx >= driver->num)
1241 return ERR_PTR(-EINVAL);
1242 tty = driver->ttys[idx];
1250 * tty_init_termios - helper for termios setup
1251 * @tty: the tty to set up
1253 * Initialise the termios structure for this tty. This runs under the
1254 * %tty_mutex currently so we can be relaxed about ordering.
1256 void tty_init_termios(struct tty_struct *tty)
1258 struct ktermios *tp;
1259 int idx = tty->index;
1261 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1262 tty->termios = tty->driver->init_termios;
1264 /* Check for lazy saved data */
1265 tp = tty->driver->termios[idx];
1268 tty->termios.c_line = tty->driver->init_termios.c_line;
1270 tty->termios = tty->driver->init_termios;
1272 /* Compatibility until drivers always set this */
1273 tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios);
1274 tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios);
1276 EXPORT_SYMBOL_GPL(tty_init_termios);
1279 * tty_standard_install - usual tty->ops->install
1280 * @driver: the driver for the tty
1283 * If the @driver overrides @tty->ops->install, it still can call this function
1284 * to perform the standard install operations.
1286 int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty)
1288 tty_init_termios(tty);
1289 tty_driver_kref_get(driver);
1291 driver->ttys[tty->index] = tty;
1294 EXPORT_SYMBOL_GPL(tty_standard_install);
1297 * tty_driver_install_tty() - install a tty entry in the driver
1298 * @driver: the driver for the tty
1301 * Install a tty object into the driver tables. The @tty->index field will be
1302 * set by the time this is called. This method is responsible for ensuring any
1303 * need additional structures are allocated and configured.
1305 * Locking: tty_mutex for now
1307 static int tty_driver_install_tty(struct tty_driver *driver,
1308 struct tty_struct *tty)
1310 return driver->ops->install ? driver->ops->install(driver, tty) :
1311 tty_standard_install(driver, tty);
1315 * tty_driver_remove_tty() - remove a tty from the driver tables
1316 * @driver: the driver for the tty
1317 * @tty: tty to remove
1319 * Remove a tty object from the driver tables. The tty->index field will be set
1320 * by the time this is called.
1322 * Locking: tty_mutex for now
1324 static void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty)
1326 if (driver->ops->remove)
1327 driver->ops->remove(driver, tty);
1329 driver->ttys[tty->index] = NULL;
1333 * tty_reopen() - fast re-open of an open tty
1334 * @tty: the tty to open
1336 * Re-opens on master ptys are not allowed and return -%EIO.
1338 * Locking: Caller must hold tty_lock
1339 * Return: 0 on success, -errno on error.
1341 static int tty_reopen(struct tty_struct *tty)
1343 struct tty_driver *driver = tty->driver;
1344 struct tty_ldisc *ld;
1347 if (driver->type == TTY_DRIVER_TYPE_PTY &&
1348 driver->subtype == PTY_TYPE_MASTER)
1354 if (test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN))
1357 ld = tty_ldisc_ref_wait(tty);
1359 tty_ldisc_deref(ld);
1361 retval = tty_ldisc_lock(tty, 5 * HZ);
1366 retval = tty_ldisc_reinit(tty, tty->termios.c_line);
1367 tty_ldisc_unlock(tty);
1377 * tty_init_dev - initialise a tty device
1378 * @driver: tty driver we are opening a device on
1379 * @idx: device index
1381 * Prepare a tty device. This may not be a "new" clean device but could also be
1382 * an active device. The pty drivers require special handling because of this.
1385 * The function is called under the tty_mutex, which protects us from the
1386 * tty struct or driver itself going away.
1388 * On exit the tty device has the line discipline attached and a reference
1389 * count of 1. If a pair was created for pty/tty use and the other was a pty
1390 * master then it too has a reference count of 1.
1392 * WSH 06/09/97: Rewritten to remove races and properly clean up after a failed
1393 * open. The new code protects the open with a mutex, so it's really quite
1394 * straightforward. The mutex locking can probably be relaxed for the (most
1395 * common) case of reopening a tty.
1397 * Return: new tty structure
1399 struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx)
1401 struct tty_struct *tty;
1405 * First time open is complex, especially for PTY devices.
1406 * This code guarantees that either everything succeeds and the
1407 * TTY is ready for operation, or else the table slots are vacated
1408 * and the allocated memory released. (Except that the termios
1412 if (!try_module_get(driver->owner))
1413 return ERR_PTR(-ENODEV);
1415 tty = alloc_tty_struct(driver, idx);
1418 goto err_module_put;
1422 retval = tty_driver_install_tty(driver, tty);
1427 tty->port = driver->ports[idx];
1429 if (WARN_RATELIMIT(!tty->port,
1430 "%s: %s driver does not set tty->port. This would crash the kernel. Fix the driver!\n",
1431 __func__, tty->driver->name)) {
1433 goto err_release_lock;
1436 retval = tty_ldisc_lock(tty, 5 * HZ);
1438 goto err_release_lock;
1439 tty->port->itty = tty;
1442 * Structures all installed ... call the ldisc open routines.
1443 * If we fail here just call release_tty to clean up. No need
1444 * to decrement the use counts, as release_tty doesn't care.
1446 retval = tty_ldisc_setup(tty, tty->link);
1448 goto err_release_tty;
1449 tty_ldisc_unlock(tty);
1450 /* Return the tty locked so that it cannot vanish under the caller */
1455 free_tty_struct(tty);
1457 module_put(driver->owner);
1458 return ERR_PTR(retval);
1460 /* call the tty release_tty routine to clean out this slot */
1462 tty_ldisc_unlock(tty);
1463 tty_info_ratelimited(tty, "ldisc open failed (%d), clearing slot %d\n",
1467 release_tty(tty, idx);
1468 return ERR_PTR(retval);
1472 * tty_save_termios() - save tty termios data in driver table
1473 * @tty: tty whose termios data to save
1475 * Locking: Caller guarantees serialisation with tty_init_termios().
1477 void tty_save_termios(struct tty_struct *tty)
1479 struct ktermios *tp;
1480 int idx = tty->index;
1482 /* If the port is going to reset then it has no termios to save */
1483 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1486 /* Stash the termios data */
1487 tp = tty->driver->termios[idx];
1489 tp = kmalloc(sizeof(*tp), GFP_KERNEL);
1492 tty->driver->termios[idx] = tp;
1496 EXPORT_SYMBOL_GPL(tty_save_termios);
1499 * tty_flush_works - flush all works of a tty/pty pair
1500 * @tty: tty device to flush works for (or either end of a pty pair)
1502 * Sync flush all works belonging to @tty (and the 'other' tty).
1504 static void tty_flush_works(struct tty_struct *tty)
1506 flush_work(&tty->SAK_work);
1507 flush_work(&tty->hangup_work);
1509 flush_work(&tty->link->SAK_work);
1510 flush_work(&tty->link->hangup_work);
1515 * release_one_tty - release tty structure memory
1516 * @work: work of tty we are obliterating
1518 * Releases memory associated with a tty structure, and clears out the
1519 * driver table slots. This function is called when a device is no longer
1520 * in use. It also gets called when setup of a device fails.
1523 * takes the file list lock internally when working on the list of ttys
1524 * that the driver keeps.
1526 * This method gets called from a work queue so that the driver private
1527 * cleanup ops can sleep (needed for USB at least)
1529 static void release_one_tty(struct work_struct *work)
1531 struct tty_struct *tty =
1532 container_of(work, struct tty_struct, hangup_work);
1533 struct tty_driver *driver = tty->driver;
1534 struct module *owner = driver->owner;
1536 if (tty->ops->cleanup)
1537 tty->ops->cleanup(tty);
1539 tty_driver_kref_put(driver);
1542 spin_lock(&tty->files_lock);
1543 list_del_init(&tty->tty_files);
1544 spin_unlock(&tty->files_lock);
1546 put_pid(tty->ctrl.pgrp);
1547 put_pid(tty->ctrl.session);
1548 free_tty_struct(tty);
1551 static void queue_release_one_tty(struct kref *kref)
1553 struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
1555 /* The hangup queue is now free so we can reuse it rather than
1556 * waste a chunk of memory for each port.
1558 INIT_WORK(&tty->hangup_work, release_one_tty);
1559 schedule_work(&tty->hangup_work);
1563 * tty_kref_put - release a tty kref
1566 * Release a reference to the @tty device and if need be let the kref layer
1567 * destruct the object for us.
1569 void tty_kref_put(struct tty_struct *tty)
1572 kref_put(&tty->kref, queue_release_one_tty);
1574 EXPORT_SYMBOL(tty_kref_put);
1577 * release_tty - release tty structure memory
1578 * @tty: tty device release
1579 * @idx: index of the tty device release
1581 * Release both @tty and a possible linked partner (think pty pair),
1582 * and decrement the refcount of the backing module.
1586 * takes the file list lock internally when working on the list of ttys
1587 * that the driver keeps.
1589 static void release_tty(struct tty_struct *tty, int idx)
1591 /* This should always be true but check for the moment */
1592 WARN_ON(tty->index != idx);
1593 WARN_ON(!mutex_is_locked(&tty_mutex));
1594 if (tty->ops->shutdown)
1595 tty->ops->shutdown(tty);
1596 tty_save_termios(tty);
1597 tty_driver_remove_tty(tty->driver, tty);
1599 tty->port->itty = NULL;
1601 tty->link->port->itty = NULL;
1603 tty_buffer_cancel_work(tty->port);
1605 tty_buffer_cancel_work(tty->link->port);
1607 tty_kref_put(tty->link);
1612 * tty_release_checks - check a tty before real release
1613 * @tty: tty to check
1614 * @idx: index of the tty
1616 * Performs some paranoid checking before true release of the @tty. This is a
1617 * no-op unless %TTY_PARANOIA_CHECK is defined.
1619 static int tty_release_checks(struct tty_struct *tty, int idx)
1621 #ifdef TTY_PARANOIA_CHECK
1622 if (idx < 0 || idx >= tty->driver->num) {
1623 tty_debug(tty, "bad idx %d\n", idx);
1627 /* not much to check for devpts */
1628 if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)
1631 if (tty != tty->driver->ttys[idx]) {
1632 tty_debug(tty, "bad driver table[%d] = %p\n",
1633 idx, tty->driver->ttys[idx]);
1636 if (tty->driver->other) {
1637 struct tty_struct *o_tty = tty->link;
1639 if (o_tty != tty->driver->other->ttys[idx]) {
1640 tty_debug(tty, "bad other table[%d] = %p\n",
1641 idx, tty->driver->other->ttys[idx]);
1644 if (o_tty->link != tty) {
1645 tty_debug(tty, "bad link = %p\n", o_tty->link);
1654 * tty_kclose - closes tty opened by tty_kopen
1657 * Performs the final steps to release and free a tty device. It is the same as
1658 * tty_release_struct() except that it also resets %TTY_PORT_KOPENED flag on
1661 void tty_kclose(struct tty_struct *tty)
1664 * Ask the line discipline code to release its structures
1666 tty_ldisc_release(tty);
1668 /* Wait for pending work before tty destruction commences */
1669 tty_flush_works(tty);
1671 tty_debug_hangup(tty, "freeing structure\n");
1673 * The release_tty function takes care of the details of clearing
1674 * the slots and preserving the termios structure.
1676 mutex_lock(&tty_mutex);
1677 tty_port_set_kopened(tty->port, 0);
1678 release_tty(tty, tty->index);
1679 mutex_unlock(&tty_mutex);
1681 EXPORT_SYMBOL_GPL(tty_kclose);
1684 * tty_release_struct - release a tty struct
1686 * @idx: index of the tty
1688 * Performs the final steps to release and free a tty device. It is roughly the
1689 * reverse of tty_init_dev().
1691 void tty_release_struct(struct tty_struct *tty, int idx)
1694 * Ask the line discipline code to release its structures
1696 tty_ldisc_release(tty);
1698 /* Wait for pending work before tty destruction commmences */
1699 tty_flush_works(tty);
1701 tty_debug_hangup(tty, "freeing structure\n");
1703 * The release_tty function takes care of the details of clearing
1704 * the slots and preserving the termios structure.
1706 mutex_lock(&tty_mutex);
1707 release_tty(tty, idx);
1708 mutex_unlock(&tty_mutex);
1710 EXPORT_SYMBOL_GPL(tty_release_struct);
1713 * tty_release - vfs callback for close
1714 * @inode: inode of tty
1715 * @filp: file pointer for handle to tty
1717 * Called the last time each file handle is closed that references this tty.
1718 * There may however be several such references.
1721 * Takes BKL. See tty_release_dev().
1723 * Even releasing the tty structures is a tricky business. We have to be very
1724 * careful that the structures are all released at the same time, as interrupts
1725 * might otherwise get the wrong pointers.
1727 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1728 * lead to double frees or releasing memory still in use.
1730 int tty_release(struct inode *inode, struct file *filp)
1732 struct tty_struct *tty = file_tty(filp);
1733 struct tty_struct *o_tty = NULL;
1734 int do_sleep, final;
1739 if (tty_paranoia_check(tty, inode, __func__))
1743 check_tty_count(tty, __func__);
1745 __tty_fasync(-1, filp, 0);
1748 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1749 tty->driver->subtype == PTY_TYPE_MASTER)
1752 if (tty_release_checks(tty, idx)) {
1757 tty_debug_hangup(tty, "releasing (count=%d)\n", tty->count);
1759 if (tty->ops->close)
1760 tty->ops->close(tty, filp);
1762 /* If tty is pty master, lock the slave pty (stable lock order) */
1763 tty_lock_slave(o_tty);
1766 * Sanity check: if tty->count is going to zero, there shouldn't be
1767 * any waiters on tty->read_wait or tty->write_wait. We test the
1768 * wait queues and kick everyone out _before_ actually starting to
1769 * close. This ensures that we won't block while releasing the tty
1772 * The test for the o_tty closing is necessary, since the master and
1773 * slave sides may close in any order. If the slave side closes out
1774 * first, its count will be one, since the master side holds an open.
1775 * Thus this test wouldn't be triggered at the time the slave closed,
1781 if (tty->count <= 1) {
1782 if (waitqueue_active(&tty->read_wait)) {
1783 wake_up_poll(&tty->read_wait, EPOLLIN);
1786 if (waitqueue_active(&tty->write_wait)) {
1787 wake_up_poll(&tty->write_wait, EPOLLOUT);
1791 if (o_tty && o_tty->count <= 1) {
1792 if (waitqueue_active(&o_tty->read_wait)) {
1793 wake_up_poll(&o_tty->read_wait, EPOLLIN);
1796 if (waitqueue_active(&o_tty->write_wait)) {
1797 wake_up_poll(&o_tty->write_wait, EPOLLOUT);
1806 tty_warn(tty, "read/write wait queue active!\n");
1808 schedule_timeout_killable(timeout);
1809 if (timeout < 120 * HZ)
1810 timeout = 2 * timeout + 1;
1812 timeout = MAX_SCHEDULE_TIMEOUT;
1816 if (--o_tty->count < 0) {
1817 tty_warn(tty, "bad slave count (%d)\n", o_tty->count);
1821 if (--tty->count < 0) {
1822 tty_warn(tty, "bad tty->count (%d)\n", tty->count);
1827 * We've decremented tty->count, so we need to remove this file
1828 * descriptor off the tty->tty_files list; this serves two
1830 * - check_tty_count sees the correct number of file descriptors
1831 * associated with this tty.
1832 * - do_tty_hangup no longer sees this file descriptor as
1833 * something that needs to be handled for hangups.
1838 * Perform some housekeeping before deciding whether to return.
1840 * If _either_ side is closing, make sure there aren't any
1841 * processes that still think tty or o_tty is their controlling
1845 read_lock(&tasklist_lock);
1846 session_clear_tty(tty->ctrl.session);
1848 session_clear_tty(o_tty->ctrl.session);
1849 read_unlock(&tasklist_lock);
1852 /* check whether both sides are closing ... */
1853 final = !tty->count && !(o_tty && o_tty->count);
1855 tty_unlock_slave(o_tty);
1858 /* At this point, the tty->count == 0 should ensure a dead tty
1859 * cannot be re-opened by a racing opener.
1865 tty_debug_hangup(tty, "final close\n");
1867 tty_release_struct(tty, idx);
1872 * tty_open_current_tty - get locked tty of current task
1873 * @device: device number
1874 * @filp: file pointer to tty
1875 * @return: locked tty of the current task iff @device is /dev/tty
1877 * Performs a re-open of the current task's controlling tty.
1879 * We cannot return driver and index like for the other nodes because devpts
1880 * will not work then. It expects inodes to be from devpts FS.
1882 static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp)
1884 struct tty_struct *tty;
1887 if (device != MKDEV(TTYAUX_MAJOR, 0))
1890 tty = get_current_tty();
1892 return ERR_PTR(-ENXIO);
1894 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
1897 tty_kref_put(tty); /* safe to drop the kref now */
1899 retval = tty_reopen(tty);
1902 tty = ERR_PTR(retval);
1908 * tty_lookup_driver - lookup a tty driver for a given device file
1909 * @device: device number
1910 * @filp: file pointer to tty
1911 * @index: index for the device in the @return driver
1913 * If returned value is not erroneous, the caller is responsible to decrement
1914 * the refcount by tty_driver_kref_put().
1916 * Locking: %tty_mutex protects get_tty_driver()
1918 * Return: driver for this inode (with increased refcount)
1920 static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp,
1923 struct tty_driver *driver = NULL;
1927 case MKDEV(TTY_MAJOR, 0): {
1928 extern struct tty_driver *console_driver;
1930 driver = tty_driver_kref_get(console_driver);
1931 *index = fg_console;
1935 case MKDEV(TTYAUX_MAJOR, 1): {
1936 struct tty_driver *console_driver = console_device(index);
1938 if (console_driver) {
1939 driver = tty_driver_kref_get(console_driver);
1940 if (driver && filp) {
1941 /* Don't let /dev/console block */
1942 filp->f_flags |= O_NONBLOCK;
1947 tty_driver_kref_put(driver);
1948 return ERR_PTR(-ENODEV);
1951 driver = get_tty_driver(device, index);
1953 return ERR_PTR(-ENODEV);
1959 static struct tty_struct *tty_kopen(dev_t device, int shared)
1961 struct tty_struct *tty;
1962 struct tty_driver *driver;
1965 mutex_lock(&tty_mutex);
1966 driver = tty_lookup_driver(device, NULL, &index);
1967 if (IS_ERR(driver)) {
1968 mutex_unlock(&tty_mutex);
1969 return ERR_CAST(driver);
1972 /* check whether we're reopening an existing tty */
1973 tty = tty_driver_lookup_tty(driver, NULL, index);
1974 if (IS_ERR(tty) || shared)
1978 /* drop kref from tty_driver_lookup_tty() */
1980 tty = ERR_PTR(-EBUSY);
1981 } else { /* tty_init_dev returns tty with the tty_lock held */
1982 tty = tty_init_dev(driver, index);
1985 tty_port_set_kopened(tty->port, 1);
1988 mutex_unlock(&tty_mutex);
1989 tty_driver_kref_put(driver);
1994 * tty_kopen_exclusive - open a tty device for kernel
1995 * @device: dev_t of device to open
1997 * Opens tty exclusively for kernel. Performs the driver lookup, makes sure
1998 * it's not already opened and performs the first-time tty initialization.
2000 * Claims the global %tty_mutex to serialize:
2001 * * concurrent first-time tty initialization
2002 * * concurrent tty driver removal w/ lookup
2003 * * concurrent tty removal from driver table
2005 * Return: the locked initialized &tty_struct
2007 struct tty_struct *tty_kopen_exclusive(dev_t device)
2009 return tty_kopen(device, 0);
2011 EXPORT_SYMBOL_GPL(tty_kopen_exclusive);
2014 * tty_kopen_shared - open a tty device for shared in-kernel use
2015 * @device: dev_t of device to open
2017 * Opens an already existing tty for in-kernel use. Compared to
2018 * tty_kopen_exclusive() above it doesn't ensure to be the only user.
2020 * Locking: identical to tty_kopen() above.
2022 struct tty_struct *tty_kopen_shared(dev_t device)
2024 return tty_kopen(device, 1);
2026 EXPORT_SYMBOL_GPL(tty_kopen_shared);
2029 * tty_open_by_driver - open a tty device
2030 * @device: dev_t of device to open
2031 * @filp: file pointer to tty
2033 * Performs the driver lookup, checks for a reopen, or otherwise performs the
2034 * first-time tty initialization.
2037 * Claims the global tty_mutex to serialize:
2038 * * concurrent first-time tty initialization
2039 * * concurrent tty driver removal w/ lookup
2040 * * concurrent tty removal from driver table
2042 * Return: the locked initialized or re-opened &tty_struct
2044 static struct tty_struct *tty_open_by_driver(dev_t device,
2047 struct tty_struct *tty;
2048 struct tty_driver *driver = NULL;
2052 mutex_lock(&tty_mutex);
2053 driver = tty_lookup_driver(device, filp, &index);
2054 if (IS_ERR(driver)) {
2055 mutex_unlock(&tty_mutex);
2056 return ERR_CAST(driver);
2059 /* check whether we're reopening an existing tty */
2060 tty = tty_driver_lookup_tty(driver, filp, index);
2062 mutex_unlock(&tty_mutex);
2067 if (tty_port_kopened(tty->port)) {
2069 mutex_unlock(&tty_mutex);
2070 tty = ERR_PTR(-EBUSY);
2073 mutex_unlock(&tty_mutex);
2074 retval = tty_lock_interruptible(tty);
2075 tty_kref_put(tty); /* drop kref from tty_driver_lookup_tty() */
2077 if (retval == -EINTR)
2078 retval = -ERESTARTSYS;
2079 tty = ERR_PTR(retval);
2082 retval = tty_reopen(tty);
2085 tty = ERR_PTR(retval);
2087 } else { /* Returns with the tty_lock held for now */
2088 tty = tty_init_dev(driver, index);
2089 mutex_unlock(&tty_mutex);
2092 tty_driver_kref_put(driver);
2097 * tty_open - open a tty device
2098 * @inode: inode of device file
2099 * @filp: file pointer to tty
2101 * tty_open() and tty_release() keep up the tty count that contains the number
2102 * of opens done on a tty. We cannot use the inode-count, as different inodes
2103 * might point to the same tty.
2105 * Open-counting is needed for pty masters, as well as for keeping track of
2106 * serial lines: DTR is dropped when the last close happens.
2107 * (This is not done solely through tty->count, now. - Ted 1/27/92)
2109 * The termios state of a pty is reset on the first open so that settings don't
2110 * persist across reuse.
2113 * * %tty_mutex protects tty, tty_lookup_driver() and tty_init_dev().
2114 * * @tty->count should protect the rest.
2115 * * ->siglock protects ->signal/->sighand
2117 * Note: the tty_unlock/lock cases without a ref are only safe due to %tty_mutex
2119 static int tty_open(struct inode *inode, struct file *filp)
2121 struct tty_struct *tty;
2123 dev_t device = inode->i_rdev;
2124 unsigned saved_flags = filp->f_flags;
2126 nonseekable_open(inode, filp);
2129 retval = tty_alloc_file(filp);
2133 tty = tty_open_current_tty(device, filp);
2135 tty = tty_open_by_driver(device, filp);
2138 tty_free_file(filp);
2139 retval = PTR_ERR(tty);
2140 if (retval != -EAGAIN || signal_pending(current))
2146 tty_add_file(tty, filp);
2148 check_tty_count(tty, __func__);
2149 tty_debug_hangup(tty, "opening (count=%d)\n", tty->count);
2152 retval = tty->ops->open(tty, filp);
2155 filp->f_flags = saved_flags;
2158 tty_debug_hangup(tty, "open error %d, releasing\n", retval);
2160 tty_unlock(tty); /* need to call tty_release without BTM */
2161 tty_release(inode, filp);
2162 if (retval != -ERESTARTSYS)
2165 if (signal_pending(current))
2170 * Need to reset f_op in case a hangup happened.
2172 if (tty_hung_up_p(filp))
2173 filp->f_op = &tty_fops;
2176 clear_bit(TTY_HUPPED, &tty->flags);
2178 noctty = (filp->f_flags & O_NOCTTY) ||
2179 (IS_ENABLED(CONFIG_VT) && device == MKDEV(TTY_MAJOR, 0)) ||
2180 device == MKDEV(TTYAUX_MAJOR, 1) ||
2181 (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2182 tty->driver->subtype == PTY_TYPE_MASTER);
2184 tty_open_proc_set_tty(filp, tty);
2191 * tty_poll - check tty status
2192 * @filp: file being polled
2193 * @wait: poll wait structures to update
2195 * Call the line discipline polling method to obtain the poll status of the
2198 * Locking: locks called line discipline but ldisc poll method may be
2199 * re-entered freely by other callers.
2201 static __poll_t tty_poll(struct file *filp, poll_table *wait)
2203 struct tty_struct *tty = file_tty(filp);
2204 struct tty_ldisc *ld;
2207 if (tty_paranoia_check(tty, file_inode(filp), "tty_poll"))
2210 ld = tty_ldisc_ref_wait(tty);
2212 return hung_up_tty_poll(filp, wait);
2214 ret = ld->ops->poll(tty, filp, wait);
2215 tty_ldisc_deref(ld);
2219 static int __tty_fasync(int fd, struct file *filp, int on)
2221 struct tty_struct *tty = file_tty(filp);
2222 unsigned long flags;
2225 if (tty_paranoia_check(tty, file_inode(filp), "tty_fasync"))
2228 retval = fasync_helper(fd, filp, on, &tty->fasync);
2236 spin_lock_irqsave(&tty->ctrl.lock, flags);
2237 if (tty->ctrl.pgrp) {
2238 pid = tty->ctrl.pgrp;
2239 type = PIDTYPE_PGID;
2241 pid = task_pid(current);
2242 type = PIDTYPE_TGID;
2245 spin_unlock_irqrestore(&tty->ctrl.lock, flags);
2246 __f_setown(filp, pid, type, 0);
2254 static int tty_fasync(int fd, struct file *filp, int on)
2256 struct tty_struct *tty = file_tty(filp);
2257 int retval = -ENOTTY;
2260 if (!tty_hung_up_p(filp))
2261 retval = __tty_fasync(fd, filp, on);
2267 static bool tty_legacy_tiocsti __read_mostly = IS_ENABLED(CONFIG_LEGACY_TIOCSTI);
2269 * tiocsti - fake input character
2270 * @tty: tty to fake input into
2271 * @p: pointer to character
2273 * Fake input to a tty device. Does the necessary locking and input management.
2275 * FIXME: does not honour flow control ??
2278 * * Called functions take tty_ldiscs_lock
2279 * * current->signal->tty check is safe without locks
2281 static int tiocsti(struct tty_struct *tty, u8 __user *p)
2283 struct tty_ldisc *ld;
2286 if (!tty_legacy_tiocsti && !capable(CAP_SYS_ADMIN))
2289 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2291 if (get_user(ch, p))
2293 tty_audit_tiocsti(tty, ch);
2294 ld = tty_ldisc_ref_wait(tty);
2297 tty_buffer_lock_exclusive(tty->port);
2298 if (ld->ops->receive_buf)
2299 ld->ops->receive_buf(tty, &ch, NULL, 1);
2300 tty_buffer_unlock_exclusive(tty->port);
2301 tty_ldisc_deref(ld);
2306 * tiocgwinsz - implement window query ioctl
2308 * @arg: user buffer for result
2310 * Copies the kernel idea of the window size into the user buffer.
2312 * Locking: @tty->winsize_mutex is taken to ensure the winsize data is
2315 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2319 mutex_lock(&tty->winsize_mutex);
2320 err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2321 mutex_unlock(&tty->winsize_mutex);
2323 return err ? -EFAULT : 0;
2327 * tty_do_resize - resize event
2328 * @tty: tty being resized
2329 * @ws: new dimensions
2331 * Update the termios variables and send the necessary signals to peform a
2332 * terminal resize correctly.
2334 int tty_do_resize(struct tty_struct *tty, struct winsize *ws)
2339 mutex_lock(&tty->winsize_mutex);
2340 if (!memcmp(ws, &tty->winsize, sizeof(*ws)))
2343 /* Signal the foreground process group */
2344 pgrp = tty_get_pgrp(tty);
2346 kill_pgrp(pgrp, SIGWINCH, 1);
2351 mutex_unlock(&tty->winsize_mutex);
2354 EXPORT_SYMBOL(tty_do_resize);
2357 * tiocswinsz - implement window size set ioctl
2358 * @tty: tty side of tty
2359 * @arg: user buffer for result
2361 * Copies the user idea of the window size to the kernel. Traditionally this is
2362 * just advisory information but for the Linux console it actually has driver
2363 * level meaning and triggers a VC resize.
2366 * Driver dependent. The default do_resize method takes the tty termios
2367 * mutex and ctrl.lock. The console takes its own lock then calls into the
2370 static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg)
2372 struct winsize tmp_ws;
2374 if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2377 if (tty->ops->resize)
2378 return tty->ops->resize(tty, &tmp_ws);
2380 return tty_do_resize(tty, &tmp_ws);
2384 * tioccons - allow admin to move logical console
2385 * @file: the file to become console
2387 * Allow the administrator to move the redirected console device.
2389 * Locking: uses redirect_lock to guard the redirect information
2391 static int tioccons(struct file *file)
2393 if (!capable(CAP_SYS_ADMIN))
2395 if (file->f_op->write_iter == redirected_tty_write) {
2398 spin_lock(&redirect_lock);
2401 spin_unlock(&redirect_lock);
2406 if (file->f_op->write_iter != tty_write)
2408 if (!(file->f_mode & FMODE_WRITE))
2410 if (!(file->f_mode & FMODE_CAN_WRITE))
2412 spin_lock(&redirect_lock);
2414 spin_unlock(&redirect_lock);
2417 redirect = get_file(file);
2418 spin_unlock(&redirect_lock);
2423 * tiocsetd - set line discipline
2425 * @p: pointer to user data
2427 * Set the line discipline according to user request.
2429 * Locking: see tty_set_ldisc(), this function is just a helper
2431 static int tiocsetd(struct tty_struct *tty, int __user *p)
2436 if (get_user(disc, p))
2439 ret = tty_set_ldisc(tty, disc);
2445 * tiocgetd - get line discipline
2447 * @p: pointer to user data
2449 * Retrieves the line discipline id directly from the ldisc.
2451 * Locking: waits for ldisc reference (in case the line discipline is changing
2452 * or the @tty is being hungup)
2454 static int tiocgetd(struct tty_struct *tty, int __user *p)
2456 struct tty_ldisc *ld;
2459 ld = tty_ldisc_ref_wait(tty);
2462 ret = put_user(ld->ops->num, p);
2463 tty_ldisc_deref(ld);
2468 * send_break - performed time break
2469 * @tty: device to break on
2470 * @duration: timeout in mS
2472 * Perform a timed break on hardware that lacks its own driver level timed
2473 * break functionality.
2476 * @tty->atomic_write_lock serializes
2478 static int send_break(struct tty_struct *tty, unsigned int duration)
2482 if (tty->ops->break_ctl == NULL)
2485 if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
2486 return tty->ops->break_ctl(tty, duration);
2488 /* Do the work ourselves */
2489 if (tty_write_lock(tty, false) < 0)
2492 retval = tty->ops->break_ctl(tty, -1);
2494 msleep_interruptible(duration);
2495 retval = tty->ops->break_ctl(tty, 0);
2496 } else if (retval == -EOPNOTSUPP) {
2497 /* some drivers can tell only dynamically */
2500 tty_write_unlock(tty);
2502 if (signal_pending(current))
2509 * tty_get_tiocm - get tiocm status register
2512 * Obtain the modem status bits from the tty driver if the feature
2515 int tty_get_tiocm(struct tty_struct *tty)
2517 int retval = -ENOTTY;
2519 if (tty->ops->tiocmget)
2520 retval = tty->ops->tiocmget(tty);
2524 EXPORT_SYMBOL_GPL(tty_get_tiocm);
2527 * tty_tiocmget - get modem status
2529 * @p: pointer to result
2531 * Obtain the modem status bits from the tty driver if the feature is
2532 * supported. Return -%ENOTTY if it is not available.
2534 * Locking: none (up to the driver)
2536 static int tty_tiocmget(struct tty_struct *tty, int __user *p)
2540 retval = tty_get_tiocm(tty);
2542 retval = put_user(retval, p);
2548 * tty_tiocmset - set modem status
2550 * @cmd: command - clear bits, set bits or set all
2551 * @p: pointer to desired bits
2553 * Set the modem status bits from the tty driver if the feature
2554 * is supported. Return -%ENOTTY if it is not available.
2556 * Locking: none (up to the driver)
2558 static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd,
2562 unsigned int set, clear, val;
2564 if (tty->ops->tiocmset == NULL)
2567 retval = get_user(val, p);
2583 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2584 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2585 return tty->ops->tiocmset(tty, set, clear);
2589 * tty_get_icount - get tty statistics
2591 * @icount: output parameter
2593 * Gets a copy of the @tty's icount statistics.
2595 * Locking: none (up to the driver)
2597 int tty_get_icount(struct tty_struct *tty,
2598 struct serial_icounter_struct *icount)
2600 memset(icount, 0, sizeof(*icount));
2602 if (tty->ops->get_icount)
2603 return tty->ops->get_icount(tty, icount);
2607 EXPORT_SYMBOL_GPL(tty_get_icount);
2609 static int tty_tiocgicount(struct tty_struct *tty, void __user *arg)
2611 struct serial_icounter_struct icount;
2614 retval = tty_get_icount(tty, &icount);
2618 if (copy_to_user(arg, &icount, sizeof(icount)))
2623 static int tty_set_serial(struct tty_struct *tty, struct serial_struct *ss)
2625 char comm[TASK_COMM_LEN];
2628 flags = ss->flags & ASYNC_DEPRECATED;
2631 pr_warn_ratelimited("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n",
2632 __func__, get_task_comm(comm, current), flags);
2634 if (!tty->ops->set_serial)
2637 return tty->ops->set_serial(tty, ss);
2640 static int tty_tiocsserial(struct tty_struct *tty, struct serial_struct __user *ss)
2642 struct serial_struct v;
2644 if (copy_from_user(&v, ss, sizeof(*ss)))
2647 return tty_set_serial(tty, &v);
2650 static int tty_tiocgserial(struct tty_struct *tty, struct serial_struct __user *ss)
2652 struct serial_struct v;
2655 memset(&v, 0, sizeof(v));
2656 if (!tty->ops->get_serial)
2658 err = tty->ops->get_serial(tty, &v);
2659 if (!err && copy_to_user(ss, &v, sizeof(v)))
2665 * if pty, return the slave side (real_tty)
2666 * otherwise, return self
2668 static struct tty_struct *tty_pair_get_tty(struct tty_struct *tty)
2670 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2671 tty->driver->subtype == PTY_TYPE_MASTER)
2677 * Split this up, as gcc can choke on it otherwise..
2679 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2681 struct tty_struct *tty = file_tty(file);
2682 struct tty_struct *real_tty;
2683 void __user *p = (void __user *)arg;
2685 struct tty_ldisc *ld;
2687 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2690 real_tty = tty_pair_get_tty(tty);
2693 * Factor out some common prep work
2701 retval = tty_check_change(tty);
2704 if (cmd != TIOCCBRK) {
2705 tty_wait_until_sent(tty, 0);
2706 if (signal_pending(current))
2717 return tiocsti(tty, p);
2719 return tiocgwinsz(real_tty, p);
2721 return tiocswinsz(real_tty, p);
2723 return real_tty != tty ? -EINVAL : tioccons(file);
2725 set_bit(TTY_EXCLUSIVE, &tty->flags);
2728 clear_bit(TTY_EXCLUSIVE, &tty->flags);
2732 int excl = test_bit(TTY_EXCLUSIVE, &tty->flags);
2734 return put_user(excl, (int __user *)p);
2737 return tiocgetd(tty, p);
2739 return tiocsetd(tty, p);
2741 if (!capable(CAP_SYS_ADMIN))
2747 unsigned int ret = new_encode_dev(tty_devnum(real_tty));
2749 return put_user(ret, (unsigned int __user *)p);
2754 case TIOCSBRK: /* Turn break on, unconditionally */
2755 if (tty->ops->break_ctl)
2756 return tty->ops->break_ctl(tty, -1);
2758 case TIOCCBRK: /* Turn break off, unconditionally */
2759 if (tty->ops->break_ctl)
2760 return tty->ops->break_ctl(tty, 0);
2762 case TCSBRK: /* SVID version: non-zero arg --> no break */
2763 /* non-zero arg means wait for all output data
2764 * to be sent (performed above) but don't send break.
2765 * This is used by the tcdrain() termios function.
2768 return send_break(tty, 250);
2770 case TCSBRKP: /* support for POSIX tcsendbreak() */
2771 return send_break(tty, arg ? arg*100 : 250);
2774 return tty_tiocmget(tty, p);
2778 return tty_tiocmset(tty, cmd, p);
2780 return tty_tiocgicount(tty, p);
2785 /* flush tty buffer and allow ldisc to process ioctl */
2786 tty_buffer_flush(tty, NULL);
2791 return tty_tiocsserial(tty, p);
2793 return tty_tiocgserial(tty, p);
2795 /* Special because the struct file is needed */
2796 return ptm_open_peer(file, tty, (int)arg);
2798 retval = tty_jobctrl_ioctl(tty, real_tty, file, cmd, arg);
2799 if (retval != -ENOIOCTLCMD)
2802 if (tty->ops->ioctl) {
2803 retval = tty->ops->ioctl(tty, cmd, arg);
2804 if (retval != -ENOIOCTLCMD)
2807 ld = tty_ldisc_ref_wait(tty);
2809 return hung_up_tty_ioctl(file, cmd, arg);
2811 if (ld->ops->ioctl) {
2812 retval = ld->ops->ioctl(tty, cmd, arg);
2813 if (retval == -ENOIOCTLCMD)
2816 tty_ldisc_deref(ld);
2820 #ifdef CONFIG_COMPAT
2822 struct serial_struct32 {
2828 compat_int_t xmit_fifo_size;
2829 compat_int_t custom_divisor;
2830 compat_int_t baud_base;
2831 unsigned short close_delay;
2835 unsigned short closing_wait; /* time to wait before closing */
2836 unsigned short closing_wait2; /* no longer used... */
2837 compat_uint_t iomem_base;
2838 unsigned short iomem_reg_shift;
2839 unsigned int port_high;
2840 /* compat_ulong_t iomap_base FIXME */
2841 compat_int_t reserved;
2844 static int compat_tty_tiocsserial(struct tty_struct *tty,
2845 struct serial_struct32 __user *ss)
2847 struct serial_struct32 v32;
2848 struct serial_struct v;
2850 if (copy_from_user(&v32, ss, sizeof(*ss)))
2853 memcpy(&v, &v32, offsetof(struct serial_struct32, iomem_base));
2854 v.iomem_base = compat_ptr(v32.iomem_base);
2855 v.iomem_reg_shift = v32.iomem_reg_shift;
2856 v.port_high = v32.port_high;
2859 return tty_set_serial(tty, &v);
2862 static int compat_tty_tiocgserial(struct tty_struct *tty,
2863 struct serial_struct32 __user *ss)
2865 struct serial_struct32 v32;
2866 struct serial_struct v;
2869 memset(&v, 0, sizeof(v));
2870 memset(&v32, 0, sizeof(v32));
2872 if (!tty->ops->get_serial)
2874 err = tty->ops->get_serial(tty, &v);
2876 memcpy(&v32, &v, offsetof(struct serial_struct32, iomem_base));
2877 v32.iomem_base = (unsigned long)v.iomem_base >> 32 ?
2878 0xfffffff : ptr_to_compat(v.iomem_base);
2879 v32.iomem_reg_shift = v.iomem_reg_shift;
2880 v32.port_high = v.port_high;
2881 if (copy_to_user(ss, &v32, sizeof(v32)))
2886 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
2889 struct tty_struct *tty = file_tty(file);
2890 struct tty_ldisc *ld;
2891 int retval = -ENOIOCTLCMD;
2940 case TIOCGLCKTRMIOS:
2941 case TIOCSLCKTRMIOS:
2953 return tty_ioctl(file, cmd, (unsigned long)compat_ptr(arg));
2969 return tty_ioctl(file, cmd, arg);
2972 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2977 return compat_tty_tiocsserial(tty, compat_ptr(arg));
2979 return compat_tty_tiocgserial(tty, compat_ptr(arg));
2981 if (tty->ops->compat_ioctl) {
2982 retval = tty->ops->compat_ioctl(tty, cmd, arg);
2983 if (retval != -ENOIOCTLCMD)
2987 ld = tty_ldisc_ref_wait(tty);
2989 return hung_up_tty_compat_ioctl(file, cmd, arg);
2990 if (ld->ops->compat_ioctl)
2991 retval = ld->ops->compat_ioctl(tty, cmd, arg);
2992 if (retval == -ENOIOCTLCMD && ld->ops->ioctl)
2993 retval = ld->ops->ioctl(tty, (unsigned long)compat_ptr(cmd),
2995 tty_ldisc_deref(ld);
3001 static int this_tty(const void *t, struct file *file, unsigned fd)
3003 if (likely(file->f_op->read_iter != tty_read))
3005 return file_tty(file) != t ? 0 : fd + 1;
3009 * This implements the "Secure Attention Key" --- the idea is to
3010 * prevent trojan horses by killing all processes associated with this
3011 * tty when the user hits the "Secure Attention Key". Required for
3012 * super-paranoid applications --- see the Orange Book for more details.
3014 * This code could be nicer; ideally it should send a HUP, wait a few
3015 * seconds, then send a INT, and then a KILL signal. But you then
3016 * have to coordinate with the init process, since all processes associated
3017 * with the current tty must be dead before the new getty is allowed
3020 * Now, if it would be correct ;-/ The current code has a nasty hole -
3021 * it doesn't catch files in flight. We may send the descriptor to ourselves
3022 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
3024 * Nasty bug: do_SAK is being called in interrupt context. This can
3025 * deadlock. We punt it up to process context. AKPM - 16Mar2001
3027 void __do_SAK(struct tty_struct *tty)
3029 struct task_struct *g, *p;
3030 struct pid *session;
3032 unsigned long flags;
3034 spin_lock_irqsave(&tty->ctrl.lock, flags);
3035 session = get_pid(tty->ctrl.session);
3036 spin_unlock_irqrestore(&tty->ctrl.lock, flags);
3038 tty_ldisc_flush(tty);
3040 tty_driver_flush_buffer(tty);
3042 read_lock(&tasklist_lock);
3043 /* Kill the entire session */
3044 do_each_pid_task(session, PIDTYPE_SID, p) {
3045 tty_notice(tty, "SAK: killed process %d (%s): by session\n",
3046 task_pid_nr(p), p->comm);
3047 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID);
3048 } while_each_pid_task(session, PIDTYPE_SID, p);
3050 /* Now kill any processes that happen to have the tty open */
3051 for_each_process_thread(g, p) {
3052 if (p->signal->tty == tty) {
3053 tty_notice(tty, "SAK: killed process %d (%s): by controlling tty\n",
3054 task_pid_nr(p), p->comm);
3055 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p,
3060 i = iterate_fd(p->files, 0, this_tty, tty);
3062 tty_notice(tty, "SAK: killed process %d (%s): by fd#%d\n",
3063 task_pid_nr(p), p->comm, i - 1);
3064 group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p,
3069 read_unlock(&tasklist_lock);
3073 static void do_SAK_work(struct work_struct *work)
3075 struct tty_struct *tty =
3076 container_of(work, struct tty_struct, SAK_work);
3081 * The tq handling here is a little racy - tty->SAK_work may already be queued.
3082 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3083 * the values which we write to it will be identical to the values which it
3084 * already has. --akpm
3086 void do_SAK(struct tty_struct *tty)
3090 schedule_work(&tty->SAK_work);
3092 EXPORT_SYMBOL(do_SAK);
3094 /* Must put_device() after it's unused! */
3095 static struct device *tty_get_device(struct tty_struct *tty)
3097 dev_t devt = tty_devnum(tty);
3099 return class_find_device_by_devt(&tty_class, devt);
3104 * alloc_tty_struct - allocate a new tty
3105 * @driver: driver which will handle the returned tty
3106 * @idx: minor of the tty
3108 * This subroutine allocates and initializes a tty structure.
3110 * Locking: none - @tty in question is not exposed at this point
3112 struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx)
3114 struct tty_struct *tty;
3116 tty = kzalloc(sizeof(*tty), GFP_KERNEL_ACCOUNT);
3120 kref_init(&tty->kref);
3121 if (tty_ldisc_init(tty)) {
3125 tty->ctrl.session = NULL;
3126 tty->ctrl.pgrp = NULL;
3127 mutex_init(&tty->legacy_mutex);
3128 mutex_init(&tty->throttle_mutex);
3129 init_rwsem(&tty->termios_rwsem);
3130 mutex_init(&tty->winsize_mutex);
3131 init_ldsem(&tty->ldisc_sem);
3132 init_waitqueue_head(&tty->write_wait);
3133 init_waitqueue_head(&tty->read_wait);
3134 INIT_WORK(&tty->hangup_work, do_tty_hangup);
3135 mutex_init(&tty->atomic_write_lock);
3136 spin_lock_init(&tty->ctrl.lock);
3137 spin_lock_init(&tty->flow.lock);
3138 spin_lock_init(&tty->files_lock);
3139 INIT_LIST_HEAD(&tty->tty_files);
3140 INIT_WORK(&tty->SAK_work, do_SAK_work);
3142 tty->driver = driver;
3143 tty->ops = driver->ops;
3145 tty_line_name(driver, idx, tty->name);
3146 tty->dev = tty_get_device(tty);
3152 * tty_put_char - write one character to a tty
3154 * @ch: character to write
3156 * Write one byte to the @tty using the provided @tty->ops->put_char() method
3159 * Note: the specific put_char operation in the driver layer may go
3160 * away soon. Don't call it directly, use this method
3162 * Return: the number of characters successfully output.
3164 int tty_put_char(struct tty_struct *tty, u8 ch)
3166 if (tty->ops->put_char)
3167 return tty->ops->put_char(tty, ch);
3168 return tty->ops->write(tty, &ch, 1);
3170 EXPORT_SYMBOL_GPL(tty_put_char);
3172 static int tty_cdev_add(struct tty_driver *driver, dev_t dev,
3173 unsigned int index, unsigned int count)
3177 /* init here, since reused cdevs cause crashes */
3178 driver->cdevs[index] = cdev_alloc();
3179 if (!driver->cdevs[index])
3181 driver->cdevs[index]->ops = &tty_fops;
3182 driver->cdevs[index]->owner = driver->owner;
3183 err = cdev_add(driver->cdevs[index], dev, count);
3185 kobject_put(&driver->cdevs[index]->kobj);
3190 * tty_register_device - register a tty device
3191 * @driver: the tty driver that describes the tty device
3192 * @index: the index in the tty driver for this tty device
3193 * @device: a struct device that is associated with this tty device.
3194 * This field is optional, if there is no known struct device
3195 * for this tty device it can be set to NULL safely.
3197 * This call is required to be made to register an individual tty device
3198 * if the tty driver's flags have the %TTY_DRIVER_DYNAMIC_DEV bit set. If
3199 * that bit is not set, this function should not be called by a tty
3204 * Return: A pointer to the struct device for this tty device (or
3205 * ERR_PTR(-EFOO) on error).
3207 struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3208 struct device *device)
3210 return tty_register_device_attr(driver, index, device, NULL, NULL);
3212 EXPORT_SYMBOL(tty_register_device);
3214 static void tty_device_create_release(struct device *dev)
3216 dev_dbg(dev, "releasing...\n");
3221 * tty_register_device_attr - register a tty device
3222 * @driver: the tty driver that describes the tty device
3223 * @index: the index in the tty driver for this tty device
3224 * @device: a struct device that is associated with this tty device.
3225 * This field is optional, if there is no known struct device
3226 * for this tty device it can be set to %NULL safely.
3227 * @drvdata: Driver data to be set to device.
3228 * @attr_grp: Attribute group to be set on device.
3230 * This call is required to be made to register an individual tty device if the
3231 * tty driver's flags have the %TTY_DRIVER_DYNAMIC_DEV bit set. If that bit is
3232 * not set, this function should not be called by a tty driver.
3236 * Return: A pointer to the struct device for this tty device (or
3237 * ERR_PTR(-EFOO) on error).
3239 struct device *tty_register_device_attr(struct tty_driver *driver,
3240 unsigned index, struct device *device,
3242 const struct attribute_group **attr_grp)
3245 dev_t devt = MKDEV(driver->major, driver->minor_start) + index;
3246 struct ktermios *tp;
3250 if (index >= driver->num) {
3251 pr_err("%s: Attempt to register invalid tty line number (%d)\n",
3252 driver->name, index);
3253 return ERR_PTR(-EINVAL);
3256 if (driver->type == TTY_DRIVER_TYPE_PTY)
3257 pty_line_name(driver, index, name);
3259 tty_line_name(driver, index, name);
3261 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3263 return ERR_PTR(-ENOMEM);
3266 dev->class = &tty_class;
3267 dev->parent = device;
3268 dev->release = tty_device_create_release;
3269 dev_set_name(dev, "%s", name);
3270 dev->groups = attr_grp;
3271 dev_set_drvdata(dev, drvdata);
3273 dev_set_uevent_suppress(dev, 1);
3275 retval = device_register(dev);
3279 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3281 * Free any saved termios data so that the termios state is
3282 * reset when reusing a minor number.
3284 tp = driver->termios[index];
3286 driver->termios[index] = NULL;
3290 retval = tty_cdev_add(driver, devt, index, 1);
3295 dev_set_uevent_suppress(dev, 0);
3296 kobject_uevent(&dev->kobj, KOBJ_ADD);
3305 return ERR_PTR(retval);
3307 EXPORT_SYMBOL_GPL(tty_register_device_attr);
3310 * tty_unregister_device - unregister a tty device
3311 * @driver: the tty driver that describes the tty device
3312 * @index: the index in the tty driver for this tty device
3314 * If a tty device is registered with a call to tty_register_device() then
3315 * this function must be called when the tty device is gone.
3319 void tty_unregister_device(struct tty_driver *driver, unsigned index)
3321 device_destroy(&tty_class, MKDEV(driver->major, driver->minor_start) + index);
3322 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3323 cdev_del(driver->cdevs[index]);
3324 driver->cdevs[index] = NULL;
3327 EXPORT_SYMBOL(tty_unregister_device);
3330 * __tty_alloc_driver - allocate tty driver
3331 * @lines: count of lines this driver can handle at most
3332 * @owner: module which is responsible for this driver
3333 * @flags: some of %TTY_DRIVER_ flags, will be set in driver->flags
3335 * This should not be called directly, some of the provided macros should be
3336 * used instead. Use IS_ERR() and friends on @retval.
3338 struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner,
3339 unsigned long flags)
3341 struct tty_driver *driver;
3342 unsigned int cdevs = 1;
3345 if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1))
3346 return ERR_PTR(-EINVAL);
3348 driver = kzalloc(sizeof(*driver), GFP_KERNEL);
3350 return ERR_PTR(-ENOMEM);
3352 kref_init(&driver->kref);
3353 driver->num = lines;
3354 driver->owner = owner;
3355 driver->flags = flags;
3357 if (!(flags & TTY_DRIVER_DEVPTS_MEM)) {
3358 driver->ttys = kcalloc(lines, sizeof(*driver->ttys),
3360 driver->termios = kcalloc(lines, sizeof(*driver->termios),
3362 if (!driver->ttys || !driver->termios) {
3368 if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3369 driver->ports = kcalloc(lines, sizeof(*driver->ports),
3371 if (!driver->ports) {
3378 driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL);
3379 if (!driver->cdevs) {
3386 kfree(driver->ports);
3387 kfree(driver->ttys);
3388 kfree(driver->termios);
3389 kfree(driver->cdevs);
3391 return ERR_PTR(err);
3393 EXPORT_SYMBOL(__tty_alloc_driver);
3395 static void destruct_tty_driver(struct kref *kref)
3397 struct tty_driver *driver = container_of(kref, struct tty_driver, kref);
3399 struct ktermios *tp;
3401 if (driver->flags & TTY_DRIVER_INSTALLED) {
3402 for (i = 0; i < driver->num; i++) {
3403 tp = driver->termios[i];
3405 driver->termios[i] = NULL;
3408 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3409 tty_unregister_device(driver, i);
3411 proc_tty_unregister_driver(driver);
3412 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)
3413 cdev_del(driver->cdevs[0]);
3415 kfree(driver->cdevs);
3416 kfree(driver->ports);
3417 kfree(driver->termios);
3418 kfree(driver->ttys);
3423 * tty_driver_kref_put - drop a reference to a tty driver
3424 * @driver: driver of which to drop the reference
3426 * The final put will destroy and free up the driver.
3428 void tty_driver_kref_put(struct tty_driver *driver)
3430 kref_put(&driver->kref, destruct_tty_driver);
3432 EXPORT_SYMBOL(tty_driver_kref_put);
3435 * tty_register_driver - register a tty driver
3436 * @driver: driver to register
3438 * Called by a tty driver to register itself.
3440 int tty_register_driver(struct tty_driver *driver)
3447 if (!driver->major) {
3448 error = alloc_chrdev_region(&dev, driver->minor_start,
3449 driver->num, driver->name);
3451 driver->major = MAJOR(dev);
3452 driver->minor_start = MINOR(dev);
3455 dev = MKDEV(driver->major, driver->minor_start);
3456 error = register_chrdev_region(dev, driver->num, driver->name);
3461 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) {
3462 error = tty_cdev_add(driver, dev, 0, driver->num);
3464 goto err_unreg_char;
3467 mutex_lock(&tty_mutex);
3468 list_add(&driver->tty_drivers, &tty_drivers);
3469 mutex_unlock(&tty_mutex);
3471 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
3472 for (i = 0; i < driver->num; i++) {
3473 d = tty_register_device(driver, i, NULL);
3476 goto err_unreg_devs;
3480 proc_tty_register_driver(driver);
3481 driver->flags |= TTY_DRIVER_INSTALLED;
3485 for (i--; i >= 0; i--)
3486 tty_unregister_device(driver, i);
3488 mutex_lock(&tty_mutex);
3489 list_del(&driver->tty_drivers);
3490 mutex_unlock(&tty_mutex);
3493 unregister_chrdev_region(dev, driver->num);
3497 EXPORT_SYMBOL(tty_register_driver);
3500 * tty_unregister_driver - unregister a tty driver
3501 * @driver: driver to unregister
3503 * Called by a tty driver to unregister itself.
3505 void tty_unregister_driver(struct tty_driver *driver)
3507 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3509 mutex_lock(&tty_mutex);
3510 list_del(&driver->tty_drivers);
3511 mutex_unlock(&tty_mutex);
3513 EXPORT_SYMBOL(tty_unregister_driver);
3515 dev_t tty_devnum(struct tty_struct *tty)
3517 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3519 EXPORT_SYMBOL(tty_devnum);
3521 void tty_default_fops(struct file_operations *fops)
3526 static char *tty_devnode(const struct device *dev, umode_t *mode)
3530 if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) ||
3531 dev->devt == MKDEV(TTYAUX_MAJOR, 2))
3536 const struct class tty_class = {
3538 .devnode = tty_devnode,
3541 static int __init tty_class_init(void)
3543 return class_register(&tty_class);
3546 postcore_initcall(tty_class_init);
3548 /* 3/2004 jmc: why do these devices exist? */
3549 static struct cdev tty_cdev, console_cdev;
3551 static ssize_t show_cons_active(struct device *dev,
3552 struct device_attribute *attr, char *buf)
3554 struct console *cs[16];
3560 * Hold the console_list_lock to guarantee that no consoles are
3561 * unregistered until all console processing is complete.
3562 * This also allows safe traversal of the console list and
3563 * race-free reading of @flags.
3565 console_list_lock();
3567 for_each_console(c) {
3572 if ((c->flags & CON_ENABLED) == 0)
3575 if (i >= ARRAY_SIZE(cs))
3580 * Take console_lock to serialize device() callback with
3581 * other console operations. For example, fg_console is
3582 * modified under console_lock when switching vt.
3586 int index = cs[i]->index;
3587 struct tty_driver *drv = cs[i]->device(cs[i], &index);
3589 /* don't resolve tty0 as some programs depend on it */
3590 if (drv && (cs[i]->index > 0 || drv->major != TTY_MAJOR))
3591 count += tty_line_name(drv, index, buf + count);
3593 count += sprintf(buf + count, "%s%d",
3594 cs[i]->name, cs[i]->index);
3596 count += sprintf(buf + count, "%c", i ? ' ':'\n');
3600 console_list_unlock();
3604 static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL);
3606 static struct attribute *cons_dev_attrs[] = {
3607 &dev_attr_active.attr,
3611 ATTRIBUTE_GROUPS(cons_dev);
3613 static struct device *consdev;
3615 void console_sysfs_notify(void)
3618 sysfs_notify(&consdev->kobj, NULL, "active");
3621 static struct ctl_table tty_table[] = {
3623 .procname = "legacy_tiocsti",
3624 .data = &tty_legacy_tiocsti,
3625 .maxlen = sizeof(tty_legacy_tiocsti),
3627 .proc_handler = proc_dobool,
3630 .procname = "ldisc_autoload",
3631 .data = &tty_ldisc_autoload,
3632 .maxlen = sizeof(tty_ldisc_autoload),
3634 .proc_handler = proc_dointvec,
3635 .extra1 = SYSCTL_ZERO,
3636 .extra2 = SYSCTL_ONE,
3641 * Ok, now we can initialize the rest of the tty devices and can count
3642 * on memory allocations, interrupts etc..
3644 int __init tty_init(void)
3646 register_sysctl_init("dev/tty", tty_table);
3647 cdev_init(&tty_cdev, &tty_fops);
3648 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3649 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3650 panic("Couldn't register /dev/tty driver\n");
3651 device_create(&tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty");
3653 cdev_init(&console_cdev, &console_fops);
3654 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3655 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3656 panic("Couldn't register /dev/console driver\n");
3657 consdev = device_create_with_groups(&tty_class, NULL,
3658 MKDEV(TTYAUX_MAJOR, 1), NULL,
3659 cons_dev_groups, "console");
3660 if (IS_ERR(consdev))
3664 vty_init(&console_fops);
projects / linux-2.6-microblaze.git / blob