add new system file

hc

2024-02-20 102a0743326a03cd1a1202ceda21e175b7d3575c

 kernel/drivers/tty/tty_io.c
..
..
@@ -87,6 +87,7 @@
87
87
 #include <linux/string.h>
88
88
 #include <linux/slab.h>
89
89
 #include <linux/poll.h>
90
+#include <linux/ppp-ioctl.h>
90
91
 #include <linux/proc_fs.h>
91
92
 #include <linux/init.h>
92
93
 #include <linux/module.h>
..
..
@@ -97,6 +98,7 @@
97
98
 #include <linux/seq_file.h>
98
99
 #include <linux/serial.h>
99
100
 #include <linux/ratelimit.h>
101
+#include <linux/compat.h>
100
102
 
101
103
 #include <linux/uaccess.h>
102
104
 
..
..
@@ -106,6 +108,7 @@
106
108
 
107
109
 #include <linux/kmod.h>
108
110
 #include <linux/nsproxy.h>
111
+#include "tty.h"
109
112
 
110
113
 #undef TTY_DEBUG_HANGUP
111
114
 #ifdef TTY_DEBUG_HANGUP
..
..
@@ -140,13 +143,10 @@
140
143
 /* Mutex to protect creating and releasing a tty */
141
144
 DEFINE_MUTEX(tty_mutex);
142
145
 
143
-static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
144
-static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
145
-ssize_t redirected_tty_write(struct file *, const char __user *,
146
-							size_t, loff_t *);
146
+static ssize_t tty_read(struct kiocb *, struct iov_iter *);
147
+static ssize_t tty_write(struct kiocb *, struct iov_iter *);
147
148
 static __poll_t tty_poll(struct file *, poll_table *);
148
149
 static int tty_open(struct inode *, struct file *);
149
-long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
150
150
 #ifdef CONFIG_COMPAT
151
151
 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
152
152
 				unsigned long arg);
..
..
@@ -305,7 +305,7 @@
305
305
 
306
306
 /**
307
307
  *	get_tty_driver		-	find device of a tty
308
- *	@dev_t: device identifier
308
+ *	@device: device identifier
309
309
  *	@index: returns the index of the tty
310
310
  *
311
311
  *	This routine returns a tty driver structure, given a device number
..
..
@@ -430,14 +430,12 @@
430
430
 EXPORT_SYMBOL_GPL(tty_find_polling_driver);
431
431
 #endif
432
432
 
433
-static ssize_t hung_up_tty_read(struct file *file, char __user *buf,
434
-				size_t count, loff_t *ppos)
433
+static ssize_t hung_up_tty_read(struct kiocb *iocb, struct iov_iter *to)
435
434
 {
436
435
 	return 0;
437
436
 }
438
437
 
439
-static ssize_t hung_up_tty_write(struct file *file, const char __user *buf,
440
-				 size_t count, loff_t *ppos)
438
+static ssize_t hung_up_tty_write(struct kiocb *iocb, struct iov_iter *from)
441
439
 {
442
440
 	return -EIO;
443
441
 }
..
..
@@ -475,8 +473,10 @@
475
473
 
476
474
 static const struct file_operations tty_fops = {
477
475
 	.llseek		= no_llseek,
478
-	.read		= tty_read,
479
-	.write		= tty_write,
476
+	.read_iter	= tty_read,
477
+	.write_iter	= tty_write,
478
+	.splice_read	= generic_file_splice_read,
479
+	.splice_write	= iter_file_splice_write,
480
480
 	.poll		= tty_poll,
481
481
 	.unlocked_ioctl	= tty_ioctl,
482
482
 	.compat_ioctl	= tty_compat_ioctl,
..
..
@@ -488,8 +488,10 @@
488
488
 
489
489
 static const struct file_operations console_fops = {
490
490
 	.llseek		= no_llseek,
491
-	.read		= tty_read,
492
-	.write		= redirected_tty_write,
491
+	.read_iter	= tty_read,
492
+	.write_iter	= redirected_tty_write,
493
+	.splice_read	= generic_file_splice_read,
494
+	.splice_write	= iter_file_splice_write,
493
495
 	.poll		= tty_poll,
494
496
 	.unlocked_ioctl	= tty_ioctl,
495
497
 	.compat_ioctl	= tty_compat_ioctl,
..
..
@@ -500,8 +502,8 @@
500
502
 
501
503
 static const struct file_operations hung_up_tty_fops = {
502
504
 	.llseek		= no_llseek,
503
-	.read		= hung_up_tty_read,
504
-	.write		= hung_up_tty_write,
505
+	.read_iter	= hung_up_tty_read,
506
+	.write_iter	= hung_up_tty_write,
505
507
 	.poll		= hung_up_tty_poll,
506
508
 	.unlocked_ioctl	= hung_up_tty_ioctl,
507
509
 	.compat_ioctl	= hung_up_tty_compat_ioctl,
..
..
@@ -542,7 +544,7 @@
542
544
 
543
545
 /**
544
546
  *	__tty_hangup		-	actual handler for hangup events
545
- *	@work: tty device
547
+ *	@tty: tty device
546
548
  *
547
549
  *	This can be called by a "kworker" kernel thread.  That is process
548
550
  *	synchronous but doesn't hold any locks, so we need to make sure we
..
..
@@ -605,9 +607,9 @@
605
607
 	/* This breaks for file handles being sent over AF_UNIX sockets ? */
606
608
 	list_for_each_entry(priv, &tty->tty_files, list) {
607
609
 		filp = priv->file;
608
-		if (filp->f_op->write == redirected_tty_write)
610
+		if (filp->f_op->write_iter == redirected_tty_write)
609
611
 			cons_filp = filp;
610
-		if (filp->f_op->write != tty_write)
612
+		if (filp->f_op->write_iter != tty_write)
611
613
 			continue;
612
614
 		closecount++;
613
615
 		__tty_fasync(-1, filp, 0);	/* can't block */
..
..
@@ -830,6 +832,72 @@
830
832
 		time->tv_sec = sec;
831
833
 }
832
834
 
835
+/*
836
+ * Iterate on the ldisc ->read() function until we've gotten all
837
+ * the data the ldisc has for us.
838
+ *
839
+ * The "cookie" is something that the ldisc read function can fill
840
+ * in to let us know that there is more data to be had.
841
+ *
842
+ * We promise to continue to call the ldisc until it stops returning
843
+ * data or clears the cookie. The cookie may be something that the
844
+ * ldisc maintains state for and needs to free.
845
+ */
846
+static int iterate_tty_read(struct tty_ldisc *ld, struct tty_struct *tty,
847
+		struct file *file, struct iov_iter *to)
848
+{
849
+	int retval = 0;
850
+	void *cookie = NULL;
851
+	unsigned long offset = 0;
852
+	char kernel_buf[64];
853
+	size_t count = iov_iter_count(to);
854
+
855
+	do {
856
+		int size, copied;
857
+
858
+		size = count > sizeof(kernel_buf) ? sizeof(kernel_buf) : count;
859
+		size = ld->ops->read(tty, file, kernel_buf, size, &cookie, offset);
860
+		if (!size)
861
+			break;
862
+
863
+		if (size < 0) {
864
+			/* Did we have an earlier error (ie -EFAULT)? */
865
+			if (retval)
866
+				break;
867
+			retval = size;
868
+
869
+			/*
870
+			 * -EOVERFLOW means we didn't have enough space
871
+			 * for a whole packet, and we shouldn't return
872
+			 * a partial result.
873
+			 */
874
+			if (retval == -EOVERFLOW)
875
+				offset = 0;
876
+			break;
877
+		}
878
+
879
+		copied = copy_to_iter(kernel_buf, size, to);
880
+		offset += copied;
881
+		count -= copied;
882
+
883
+		/*
884
+		 * If the user copy failed, we still need to do another ->read()
885
+		 * call if we had a cookie to let the ldisc clear up.
886
+		 *
887
+		 * But make sure size is zeroed.
888
+		 */
889
+		if (unlikely(copied != size)) {
890
+			count = 0;
891
+			retval = -EFAULT;
892
+		}
893
+	} while (cookie);
894
+
895
+	/* We always clear tty buffer in case they contained passwords */
896
+	memzero_explicit(kernel_buf, sizeof(kernel_buf));
897
+	return offset ? offset : retval;
898
+}
899
+
900
+
833
901
 /**
834
902
  *	tty_read	-	read method for tty device files
835
903
  *	@file: pointer to tty file
..
..
@@ -845,10 +913,10 @@
845
913
  *	read calls may be outstanding in parallel.
846
914
  */
847
915
 
848
-static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
849
-			loff_t *ppos)
916
+static ssize_t tty_read(struct kiocb *iocb, struct iov_iter *to)
850
917
 {
851
918
 	int i;
919
+	struct file *file = iocb->ki_filp;
852
920
 	struct inode *inode = file_inode(file);
853
921
 	struct tty_struct *tty = file_tty(file);
854
922
 	struct tty_ldisc *ld;
..
..
@@ -862,11 +930,10 @@
862
930
 	   situation */
863
931
 	ld = tty_ldisc_ref_wait(tty);
864
932
 	if (!ld)
865
-		return hung_up_tty_read(file, buf, count, ppos);
933
+		return hung_up_tty_read(iocb, to);
934
+	i = -EIO;
866
935
 	if (ld->ops->read)
867
-		i = ld->ops->read(tty, file, buf, count);
868
-	else
869
-		i = -EIO;
936
+		i = iterate_tty_read(ld, tty, file, to);
870
937
 	tty_ldisc_deref(ld);
871
938
 
872
939
 	if (i > 0)
..
..
@@ -875,13 +942,13 @@
875
942
 	return i;
876
943
 }
877
944
 
878
-static void tty_write_unlock(struct tty_struct *tty)
945
+void tty_write_unlock(struct tty_struct *tty)
879
946
 {
880
947
 	mutex_unlock(&tty->atomic_write_lock);
881
948
 	wake_up_interruptible_poll(&tty->write_wait, EPOLLOUT);
882
949
 }
883
950
 
884
-static int tty_write_lock(struct tty_struct *tty, int ndelay)
951
+int tty_write_lock(struct tty_struct *tty, int ndelay)
885
952
 {
886
953
 	if (!mutex_trylock(&tty->atomic_write_lock)) {
887
954
 		if (ndelay)
..
..
@@ -900,9 +967,9 @@
900
967
 	ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
901
968
 	struct tty_struct *tty,
902
969
 	struct file *file,
903
-	const char __user *buf,
904
-	size_t count)
970
+	struct iov_iter *from)
905
971
 {
972
+	size_t count = iov_iter_count(from);
906
973
 	ssize_t ret, written = 0;
907
974
 	unsigned int chunk;
908
975
 
..
..
@@ -954,14 +1021,23 @@
954
1021
 		size_t size = count;
955
1022
 		if (size > chunk)
956
1023
 			size = chunk;
1024
+
957
1025
 		ret = -EFAULT;
958
-		if (copy_from_user(tty->write_buf, buf, size))
1026
+		if (copy_from_iter(tty->write_buf, size, from) != size)
959
1027
 			break;
1028
+
960
1029
 		ret = write(tty, file, tty->write_buf, size);
961
1030
 		if (ret <= 0)
962
1031
 			break;
1032
+
963
1033
 		written += ret;
964
-		buf += ret;
1034
+		if (ret > size)
1035
+			break;
1036
+
1037
+		/* FIXME! Have Al check this! */
1038
+		if (ret != size)
1039
+			iov_iter_revert(from, size-ret);
1040
+
965
1041
 		count -= ret;
966
1042
 		if (!count)
967
1043
 			break;
..
..
@@ -1021,8 +1097,7 @@
1021
1097
  *	write method will not be invoked in parallel for each device.
1022
1098
  */
1023
1099
 
1024
-static ssize_t tty_write(struct file *file, const char __user *buf,
1025
-						size_t count, loff_t *ppos)
1100
+static ssize_t file_tty_write(struct file *file, struct kiocb *iocb, struct iov_iter *from)
1026
1101
 {
1027
1102
 	struct tty_struct *tty = file_tty(file);
1028
1103
  	struct tty_ldisc *ld;
..
..
@@ -1037,17 +1112,21 @@
1037
1112
 		tty_err(tty, "missing write_room method\n");
1038
1113
 	ld = tty_ldisc_ref_wait(tty);
1039
1114
 	if (!ld)
1040
-		return hung_up_tty_write(file, buf, count, ppos);
1115
+		return hung_up_tty_write(iocb, from);
1041
1116
 	if (!ld->ops->write)
1042
1117
 		ret = -EIO;
1043
1118
 	else
1044
-		ret = do_tty_write(ld->ops->write, tty, file, buf, count);
1119
+		ret = do_tty_write(ld->ops->write, tty, file, from);
1045
1120
 	tty_ldisc_deref(ld);
1046
1121
 	return ret;
1047
1122
 }
1048
1123
 
1049
-ssize_t redirected_tty_write(struct file *file, const char __user *buf,
1050
-						size_t count, loff_t *ppos)
1124
+static ssize_t tty_write(struct kiocb *iocb, struct iov_iter *from)
1125
+{
1126
+	return file_tty_write(iocb->ki_filp, iocb, from);
1127
+}
1128
+
1129
+ssize_t redirected_tty_write(struct kiocb *iocb, struct iov_iter *iter)
1051
1130
 {
1052
1131
 	struct file *p = NULL;
1053
1132
 
..
..
@@ -1056,13 +1135,17 @@
1056
1135
 		p = get_file(redirect);
1057
1136
 	spin_unlock(&redirect_lock);
1058
1137
 
1138
+	/*
1139
+	 * We know the redirected tty is just another tty, we can can
1140
+	 * call file_tty_write() directly with that file pointer.
1141
+	 */
1059
1142
 	if (p) {
1060
1143
 		ssize_t res;
1061
-		res = vfs_write(p, buf, count, &p->f_pos);
1144
+		res = file_tty_write(p, iocb, iter);
1062
1145
 		fput(p);
1063
1146
 		return res;
1064
1147
 	}
1065
-	return tty_write(file, buf, count, ppos);
1148
+	return tty_write(iocb, iter);
1066
1149
 }
1067
1150
 
1068
1151
 /**
..
..
@@ -1155,14 +1238,16 @@
1155
1238
 {
1156
1239
 	struct tty_struct *tty;
1157
1240
 
1158
-	if (driver->ops->lookup)
1241
+	if (driver->ops->lookup) {
1159
1242
 		if (!file)
1160
1243
 			tty = ERR_PTR(-EIO);
1161
1244
 		else
1162
1245
 			tty = driver->ops->lookup(driver, file, idx);
1163
-	else
1246
+	} else {
1247
+		if (idx >= driver->num)
1248
+			return ERR_PTR(-EINVAL);
1164
1249
 		tty = driver->ttys[idx];
1165
-
1250
+	}
1166
1251
 	if (!IS_ERR(tty))
1167
1252
 		tty_kref_get(tty);
1168
1253
 	return tty;
..
..
@@ -1172,7 +1257,7 @@
1172
1257
  *	tty_init_termios	-  helper for termios setup
1173
1258
  *	@tty: the tty to set up
1174
1259
  *
1175
- *	Initialise the termios structures for this tty. Thus runs under
1260
+ *	Initialise the termios structure for this tty. This runs under
1176
1261
  *	the tty_mutex currently so we can be relaxed about ordering.
1177
1262
  */
1178
1263
 
..
..
@@ -1230,7 +1315,7 @@
1230
1315
 /**
1231
1316
  *	tty_driver_remove_tty() - remove a tty from the driver tables
1232
1317
  *	@driver: the driver for the tty
1233
- *	@idx:	 the minor number
1318
+ *	@tty: tty to remove
1234
1319
  *
1235
1320
  *	Remvoe a tty object from the driver tables. The tty->index field
1236
1321
  *	will be set by the time this is called.
..
..
@@ -1245,9 +1330,9 @@
1245
1330
 		driver->ttys[tty->index] = NULL;
1246
1331
 }
1247
1332
 
1248
-/*
1249
- * 	tty_reopen()	- fast re-open of an open tty
1250
- * 	@tty	- the tty to open
1333
+/**
1334
+ *	tty_reopen()	- fast re-open of an open tty
1335
+ *	@tty: the tty to open
1251
1336
  *
1252
1337
  *	Return 0 on success, -errno on error.
1253
1338
  *	Re-opens on master ptys are not allowed and return -EIO.
..
..
@@ -1293,7 +1378,6 @@
1293
1378
  *	tty_init_dev		-	initialise a tty device
1294
1379
  *	@driver: tty driver we are opening a device on
1295
1380
  *	@idx: device index
1296
- *	@ret_tty: returned tty structure
1297
1381
  *
1298
1382
  *	Prepare a tty device. This may not be a "new" clean device but
1299
1383
  *	could also be an active device. The pty drivers require special
..
..
@@ -1311,6 +1395,8 @@
1311
1395
  * failed open.  The new code protects the open with a mutex, so it's
1312
1396
  * really quite straightforward.  The mutex locking can probably be
1313
1397
  * relaxed for the (most common) case of reopening a tty.
1398
+ *
1399
+ *	Return: returned tty structure
1314
1400
  */
1315
1401
 
1316
1402
 struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx)
..
..
@@ -1343,9 +1429,12 @@
1343
1429
 	if (!tty->port)
1344
1430
 		tty->port = driver->ports[idx];
1345
1431
 
1346
-	WARN_RATELIMIT(!tty->port,
1347
-			"%s: %s driver does not set tty->port. This will crash the kernel later. Fix the driver!\n",
1348
-			__func__, tty->driver->name);
1432
+	if (WARN_RATELIMIT(!tty->port,
1433
+			"%s: %s driver does not set tty->port. This would crash the kernel. Fix the driver!\n",
1434
+			__func__, tty->driver->name)) {
1435
+		retval = -EINVAL;
1436
+		goto err_release_lock;
1437
+	}
1349
1438
 
1350
1439
 	retval = tty_ldisc_lock(tty, 5 * HZ);
1351
1440
 	if (retval)
..
..
@@ -1400,7 +1489,7 @@
1400
1489
 	/* Stash the termios data */
1401
1490
 	tp = tty->driver->termios[idx];
1402
1491
 	if (tp == NULL) {
1403
-		tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
1492
+		tp = kmalloc(sizeof(*tp), GFP_KERNEL);
1404
1493
 		if (tp == NULL)
1405
1494
 			return;
1406
1495
 		tty->driver->termios[idx] = tp;
..
..
@@ -1427,7 +1516,7 @@
1427
1516
 
1428
1517
 /**
1429
1518
  *	release_one_tty		-	release tty structure memory
1430
- *	@kref: kref of tty we are obliterating
1519
+ *	@work: work of tty we are obliterating
1431
1520
  *
1432
1521
  *	Releases memory associated with a tty structure, and clears out the
1433
1522
  *	driver table slots. This function is called when a device is no longer
..
..
@@ -1509,10 +1598,12 @@
1509
1598
 		tty->ops->shutdown(tty);
1510
1599
 	tty_save_termios(tty);
1511
1600
 	tty_driver_remove_tty(tty->driver, tty);
1512
-	tty->port->itty = NULL;
1601
+	if (tty->port)
1602
+		tty->port->itty = NULL;
1513
1603
 	if (tty->link)
1514
1604
 		tty->link->port->itty = NULL;
1515
-	tty_buffer_cancel_work(tty->port);
1605
+	if (tty->port)
1606
+		tty_buffer_cancel_work(tty->port);
1516
1607
 	if (tty->link)
1517
1608
 		tty_buffer_cancel_work(tty->link->port);
1518
1609
 
..
..
@@ -1523,7 +1614,6 @@
1523
1614
 /**
1524
1615
  *	tty_release_checks - check a tty before real release
1525
1616
  *	@tty: tty to check
1526
- *	@o_tty: link of @tty (if any)
1527
1617
  *	@idx: index of the tty
1528
1618
  *
1529
1619
  *	Performs some paranoid checking before true release of the @tty.
..
..
@@ -1584,9 +1674,7 @@
1584
1674
 	tty_debug_hangup(tty, "freeing structure\n");
1585
1675
 	/*
1586
1676
 	 * The release_tty function takes care of the details of clearing
1587
-	 * the slots and preserving the termios structure. The tty_unlock_pair
1588
-	 * should be safe as we keep a kref while the tty is locked (so the
1589
-	 * unlock never unlocks a freed tty).
1677
+	 * the slots and preserving the termios structure.
1590
1678
 	 */
1591
1679
 	mutex_lock(&tty_mutex);
1592
1680
 	tty_port_set_kopened(tty->port, 0);
..
..
@@ -1616,9 +1704,7 @@
1616
1704
 	tty_debug_hangup(tty, "freeing structure\n");
1617
1705
 	/*
1618
1706
 	 * The release_tty function takes care of the details of clearing
1619
-	 * the slots and preserving the termios structure. The tty_unlock_pair
1620
-	 * should be safe as we keep a kref while the tty is locked (so the
1621
-	 * unlock never unlocks a freed tty).
1707
+	 * the slots and preserving the termios structure.
1622
1708
 	 */
1623
1709
 	mutex_lock(&tty_mutex);
1624
1710
 	release_tty(tty, idx);
..
..
@@ -1836,7 +1922,7 @@
1836
1922
 static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp,
1837
1923
 		int *index)
1838
1924
 {
1839
-	struct tty_driver *driver;
1925
+	struct tty_driver *driver = NULL;
1840
1926
 
1841
1927
 	switch (device) {
1842
1928
 #ifdef CONFIG_VT
..
..
@@ -1857,6 +1943,8 @@
1857
1943
 				break;
1858
1944
 			}
1859
1945
 		}
1946
+		if (driver)
1947
+			tty_driver_kref_put(driver);
1860
1948
 		return ERR_PTR(-ENODEV);
1861
1949
 	}
1862
1950
 	default:
..
..
@@ -1886,7 +1974,7 @@
1886
1974
 struct tty_struct *tty_kopen(dev_t device)
1887
1975
 {
1888
1976
 	struct tty_struct *tty;
1889
-	struct tty_driver *driver = NULL;
1977
+	struct tty_driver *driver;
1890
1978
 	int index = -1;
1891
1979
 
1892
1980
 	mutex_lock(&tty_mutex);
..
..
@@ -1921,7 +2009,6 @@
1921
2009
 /**
1922
2010
  *	tty_open_by_driver	-	open a tty device
1923
2011
  *	@device: dev_t of device to open
1924
- *	@inode: inode of device file
1925
2012
  *	@filp: file pointer to tty
1926
2013
  *
1927
2014
  *	Performs the driver lookup, checks for a reopen, or otherwise
..
..
@@ -1934,7 +2021,7 @@
1934
2021
  *	  - concurrent tty driver removal w/ lookup
1935
2022
  *	  - concurrent tty removal from driver table
1936
2023
  */
1937
-static struct tty_struct *tty_open_by_driver(dev_t device, struct inode *inode,
2024
+static struct tty_struct *tty_open_by_driver(dev_t device,
1938
2025
 					     struct file *filp)
1939
2026
 {
1940
2027
 	struct tty_struct *tty;
..
..
@@ -2026,7 +2113,7 @@
2026
2113
 
2027
2114
 	tty = tty_open_current_tty(device, filp);
2028
2115
 	if (!tty)
2029
-		tty = tty_open_by_driver(device, inode, filp);
2116
+		tty = tty_open_by_driver(device, filp);
2030
2117
 
2031
2118
 	if (IS_ERR(tty)) {
2032
2119
 		tty_free_file(filp);
..
..
@@ -2198,7 +2285,7 @@
2198
2285
 
2199
2286
 /**
2200
2287
  *	tiocgwinsz		-	implement window query ioctl
2201
- *	@tty; tty
2288
+ *	@tty: tty
2202
2289
  *	@arg: user buffer for result
2203
2290
  *
2204
2291
  *	Copies the kernel idea of the window size into the user buffer.
..
..
@@ -2221,8 +2308,7 @@
2221
2308
 /**
2222
2309
  *	tty_do_resize		-	resize event
2223
2310
  *	@tty: tty being resized
2224
- *	@rows: rows (character)
2225
- *	@cols: cols (character)
2311
+ *	@ws: new dimensions
2226
2312
  *
2227
2313
  *	Update the termios variables and send the necessary signals to
2228
2314
  *	peform a terminal resize correctly
..
..
@@ -2252,7 +2338,7 @@
2252
2338
 
2253
2339
 /**
2254
2340
  *	tiocswinsz		-	implement window size set ioctl
2255
- *	@tty; tty side of tty
2341
+ *	@tty: tty side of tty
2256
2342
  *	@arg: user buffer for result
2257
2343
  *
2258
2344
  *	Copies the user idea of the window size to the kernel. Traditionally
..
..
@@ -2290,7 +2376,7 @@
2290
2376
 {
2291
2377
 	if (!capable(CAP_SYS_ADMIN))
2292
2378
 		return -EPERM;
2293
-	if (file->f_op->write == redirected_tty_write) {
2379
+	if (file->f_op->write_iter == redirected_tty_write) {
2294
2380
 		struct file *f;
2295
2381
 		spin_lock(&redirect_lock);
2296
2382
 		f = redirect;
..
..
@@ -2300,6 +2386,12 @@
2300
2386
 			fput(f);
2301
2387
 		return 0;
2302
2388
 	}
2389
+	if (file->f_op->write_iter != tty_write)
2390
+		return -ENOTTY;
2391
+	if (!(file->f_mode & FMODE_WRITE))
2392
+		return -EBADF;
2393
+	if (!(file->f_mode & FMODE_CAN_WRITE))
2394
+		return -EINVAL;
2303
2395
 	spin_lock(&redirect_lock);
2304
2396
 	if (redirect) {
2305
2397
 		spin_unlock(&redirect_lock);
..
..
@@ -2307,34 +2399,6 @@
2307
2399
 	}
2308
2400
 	redirect = get_file(file);
2309
2401
 	spin_unlock(&redirect_lock);
2310
-	return 0;
2311
-}
2312
-
2313
-/**
2314
- *	fionbio		-	non blocking ioctl
2315
- *	@file: file to set blocking value
2316
- *	@p: user parameter
2317
- *
2318
- *	Historical tty interfaces had a blocking control ioctl before
2319
- *	the generic functionality existed. This piece of history is preserved
2320
- *	in the expected tty API of posix OS's.
2321
- *
2322
- *	Locking: none, the open file handle ensures it won't go away.
2323
- */
2324
-
2325
-static int fionbio(struct file *file, int __user *p)
2326
-{
2327
-	int nonblock;
2328
-
2329
-	if (get_user(nonblock, p))
2330
-		return -EFAULT;
2331
-
2332
-	spin_lock(&file->f_lock);
2333
-	if (nonblock)
2334
-		file->f_flags |= O_NONBLOCK;
2335
-	else
2336
-		file->f_flags &= ~O_NONBLOCK;
2337
-	spin_unlock(&file->f_lock);
2338
2402
 	return 0;
2339
2403
 }
2340
2404
 
..
..
@@ -2428,7 +2492,6 @@
2428
2492
 /**
2429
2493
  *	tty_tiocmget		-	get modem status
2430
2494
  *	@tty: tty device
2431
- *	@file: user file pointer
2432
2495
  *	@p: pointer to result
2433
2496
  *
2434
2497
  *	Obtain the modem status bits from the tty driver if the feature
..
..
@@ -2506,22 +2569,40 @@
2506
2569
 	return 0;
2507
2570
 }
2508
2571
 
2509
-static void tty_warn_deprecated_flags(struct serial_struct __user *ss)
2572
+static int tty_tiocsserial(struct tty_struct *tty, struct serial_struct __user *ss)
2510
2573
 {
2511
2574
 	static DEFINE_RATELIMIT_STATE(depr_flags,
2512
2575
 			DEFAULT_RATELIMIT_INTERVAL,
2513
2576
 			DEFAULT_RATELIMIT_BURST);
2514
2577
 	char comm[TASK_COMM_LEN];
2578
+	struct serial_struct v;
2515
2579
 	int flags;
2516
2580
 
2517
-	if (get_user(flags, &ss->flags))
2518
-		return;
2581
+	if (copy_from_user(&v, ss, sizeof(*ss)))
2582
+		return -EFAULT;
2519
2583
 
2520
-	flags &= ASYNC_DEPRECATED;
2584
+	flags = v.flags & ASYNC_DEPRECATED;
2521
2585
 
2522
2586
 	if (flags && __ratelimit(&depr_flags))
2523
2587
 		pr_warn("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n",
2524
2588
 			__func__, get_task_comm(comm, current), flags);
2589
+	if (!tty->ops->set_serial)
2590
+		return -ENOTTY;
2591
+	return tty->ops->set_serial(tty, &v);
2592
+}
2593
+
2594
+static int tty_tiocgserial(struct tty_struct *tty, struct serial_struct __user *ss)
2595
+{
2596
+	struct serial_struct v;
2597
+	int err;
2598
+
2599
+	memset(&v, 0, sizeof(v));
2600
+	if (!tty->ops->get_serial)
2601
+		return -ENOTTY;
2602
+	err = tty->ops->get_serial(tty, &v);
2603
+	if (!err && copy_to_user(ss, &v, sizeof(v)))
2604
+		err = -EFAULT;
2605
+	return err;
2525
2606
 }
2526
2607
 
2527
2608
 /*
..
..
@@ -2584,8 +2665,6 @@
2584
2665
 		return tiocswinsz(real_tty, p);
2585
2666
 	case TIOCCONS:
2586
2667
 		return real_tty != tty ? -EINVAL : tioccons(file);
2587
-	case FIONBIO:
2588
-		return fionbio(file, p);
2589
2668
 	case TIOCEXCL:
2590
2669
 		set_bit(TTY_EXCLUSIVE, &tty->flags);
2591
2670
 		return 0;
..
..
@@ -2640,11 +2719,7 @@
2640
2719
 	case TIOCMBIS:
2641
2720
 		return tty_tiocmset(tty, cmd, p);
2642
2721
 	case TIOCGICOUNT:
2643
-		retval = tty_tiocgicount(tty, p);
2644
-		/* For the moment allow fall through to the old method */
2645
-        	if (retval != -EINVAL)
2646
-			return retval;
2647
-		break;
2722
+		return tty_tiocgicount(tty, p);
2648
2723
 	case TCFLSH:
2649
2724
 		switch (arg) {
2650
2725
 		case TCIFLUSH:
..
..
@@ -2655,8 +2730,9 @@
2655
2730
 		}
2656
2731
 		break;
2657
2732
 	case TIOCSSERIAL:
2658
-		tty_warn_deprecated_flags(p);
2659
-		break;
2733
+		return tty_tiocsserial(tty, p);
2734
+	case TIOCGSERIAL:
2735
+		return tty_tiocgserial(tty, p);
2660
2736
 	case TIOCGPTPEER:
2661
2737
 		/* Special because the struct file is needed */
2662
2738
 		return ptm_open_peer(file, tty, (int)arg);
..
..
@@ -2684,6 +2760,83 @@
2684
2760
 }
2685
2761
 
2686
2762
 #ifdef CONFIG_COMPAT
2763
+
2764
+struct serial_struct32 {
2765
+	compat_int_t    type;
2766
+	compat_int_t    line;
2767
+	compat_uint_t   port;
2768
+	compat_int_t    irq;
2769
+	compat_int_t    flags;
2770
+	compat_int_t    xmit_fifo_size;
2771
+	compat_int_t    custom_divisor;
2772
+	compat_int_t    baud_base;
2773
+	unsigned short  close_delay;
2774
+	char    io_type;
2775
+	char    reserved_char;
2776
+	compat_int_t    hub6;
2777
+	unsigned short  closing_wait; /* time to wait before closing */
2778
+	unsigned short  closing_wait2; /* no longer used... */
2779
+	compat_uint_t   iomem_base;
2780
+	unsigned short  iomem_reg_shift;
2781
+	unsigned int    port_high;
2782
+	/* compat_ulong_t  iomap_base FIXME */
2783
+	compat_int_t    reserved;
2784
+};
2785
+
2786
+static int compat_tty_tiocsserial(struct tty_struct *tty,
2787
+		struct serial_struct32 __user *ss)
2788
+{
2789
+	static DEFINE_RATELIMIT_STATE(depr_flags,
2790
+			DEFAULT_RATELIMIT_INTERVAL,
2791
+			DEFAULT_RATELIMIT_BURST);
2792
+	char comm[TASK_COMM_LEN];
2793
+	struct serial_struct32 v32;
2794
+	struct serial_struct v;
2795
+	int flags;
2796
+
2797
+	if (copy_from_user(&v32, ss, sizeof(*ss)))
2798
+		return -EFAULT;
2799
+
2800
+	memcpy(&v, &v32, offsetof(struct serial_struct32, iomem_base));
2801
+	v.iomem_base = compat_ptr(v32.iomem_base);
2802
+	v.iomem_reg_shift = v32.iomem_reg_shift;
2803
+	v.port_high = v32.port_high;
2804
+	v.iomap_base = 0;
2805
+
2806
+	flags = v.flags & ASYNC_DEPRECATED;
2807
+
2808
+	if (flags && __ratelimit(&depr_flags))
2809
+		pr_warn("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n",
2810
+			__func__, get_task_comm(comm, current), flags);
2811
+	if (!tty->ops->set_serial)
2812
+		return -ENOTTY;
2813
+	return tty->ops->set_serial(tty, &v);
2814
+}
2815
+
2816
+static int compat_tty_tiocgserial(struct tty_struct *tty,
2817
+			struct serial_struct32 __user *ss)
2818
+{
2819
+	struct serial_struct32 v32;
2820
+	struct serial_struct v;
2821
+	int err;
2822
+
2823
+	memset(&v, 0, sizeof(v));
2824
+	memset(&v32, 0, sizeof(v32));
2825
+
2826
+	if (!tty->ops->get_serial)
2827
+		return -ENOTTY;
2828
+	err = tty->ops->get_serial(tty, &v);
2829
+	if (!err) {
2830
+		memcpy(&v32, &v, offsetof(struct serial_struct32, iomem_base));
2831
+		v32.iomem_base = (unsigned long)v.iomem_base >> 32 ?
2832
+			0xfffffff : ptr_to_compat(v.iomem_base);
2833
+		v32.iomem_reg_shift = v.iomem_reg_shift;
2834
+		v32.port_high = v.port_high;
2835
+		if (copy_to_user(ss, &v32, sizeof(v32)))
2836
+			err = -EFAULT;
2837
+	}
2838
+	return err;
2839
+}
2687
2840
 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
2688
2841
 				unsigned long arg)
2689
2842
 {
..
..
@@ -2691,9 +2844,94 @@
2691
2844
 	struct tty_ldisc *ld;
2692
2845
 	int retval = -ENOIOCTLCMD;
2693
2846
 
2847
+	switch (cmd) {
2848
+	case TIOCOUTQ:
2849
+	case TIOCSTI:
2850
+	case TIOCGWINSZ:
2851
+	case TIOCSWINSZ:
2852
+	case TIOCGEXCL:
2853
+	case TIOCGETD:
2854
+	case TIOCSETD:
2855
+	case TIOCGDEV:
2856
+	case TIOCMGET:
2857
+	case TIOCMSET:
2858
+	case TIOCMBIC:
2859
+	case TIOCMBIS:
2860
+	case TIOCGICOUNT:
2861
+	case TIOCGPGRP:
2862
+	case TIOCSPGRP:
2863
+	case TIOCGSID:
2864
+	case TIOCSERGETLSR:
2865
+	case TIOCGRS485:
2866
+	case TIOCSRS485:
2867
+#ifdef TIOCGETP
2868
+	case TIOCGETP:
2869
+	case TIOCSETP:
2870
+	case TIOCSETN:
2871
+#endif
2872
+#ifdef TIOCGETC
2873
+	case TIOCGETC:
2874
+	case TIOCSETC:
2875
+#endif
2876
+#ifdef TIOCGLTC
2877
+	case TIOCGLTC:
2878
+	case TIOCSLTC:
2879
+#endif
2880
+	case TCSETSF:
2881
+	case TCSETSW:
2882
+	case TCSETS:
2883
+	case TCGETS:
2884
+#ifdef TCGETS2
2885
+	case TCGETS2:
2886
+	case TCSETSF2:
2887
+	case TCSETSW2:
2888
+	case TCSETS2:
2889
+#endif
2890
+	case TCGETA:
2891
+	case TCSETAF:
2892
+	case TCSETAW:
2893
+	case TCSETA:
2894
+	case TIOCGLCKTRMIOS:
2895
+	case TIOCSLCKTRMIOS:
2896
+#ifdef TCGETX
2897
+	case TCGETX:
2898
+	case TCSETX:
2899
+	case TCSETXW:
2900
+	case TCSETXF:
2901
+#endif
2902
+	case TIOCGSOFTCAR:
2903
+	case TIOCSSOFTCAR:
2904
+
2905
+	case PPPIOCGCHAN:
2906
+	case PPPIOCGUNIT:
2907
+		return tty_ioctl(file, cmd, (unsigned long)compat_ptr(arg));
2908
+	case TIOCCONS:
2909
+	case TIOCEXCL:
2910
+	case TIOCNXCL:
2911
+	case TIOCVHANGUP:
2912
+	case TIOCSBRK:
2913
+	case TIOCCBRK:
2914
+	case TCSBRK:
2915
+	case TCSBRKP:
2916
+	case TCFLSH:
2917
+	case TIOCGPTPEER:
2918
+	case TIOCNOTTY:
2919
+	case TIOCSCTTY:
2920
+	case TCXONC:
2921
+	case TIOCMIWAIT:
2922
+	case TIOCSERCONFIG:
2923
+		return tty_ioctl(file, cmd, arg);
2924
+	}
2925
+
2694
2926
 	if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2695
2927
 		return -EINVAL;
2696
2928
 
2929
+	switch (cmd) {
2930
+	case TIOCSSERIAL:
2931
+		return compat_tty_tiocsserial(tty, compat_ptr(arg));
2932
+	case TIOCGSERIAL:
2933
+		return compat_tty_tiocgserial(tty, compat_ptr(arg));
2934
+	}
2697
2935
 	if (tty->ops->compat_ioctl) {
2698
2936
 		retval = tty->ops->compat_ioctl(tty, cmd, arg);
2699
2937
 		if (retval != -ENOIOCTLCMD)
..
..
@@ -2705,8 +2943,9 @@
2705
2943
 		return hung_up_tty_compat_ioctl(file, cmd, arg);
2706
2944
 	if (ld->ops->compat_ioctl)
2707
2945
 		retval = ld->ops->compat_ioctl(tty, file, cmd, arg);
2708
-	else
2709
-		retval = n_tty_compat_ioctl_helper(tty, file, cmd, arg);
2946
+	if (retval == -ENOIOCTLCMD && ld->ops->ioctl)
2947
+		retval = ld->ops->ioctl(tty, file,
2948
+				(unsigned long)compat_ptr(cmd), arg);
2710
2949
 	tty_ldisc_deref(ld);
2711
2950
 
2712
2951
 	return retval;
..
..
@@ -2715,7 +2954,7 @@
2715
2954
 
2716
2955
 static int this_tty(const void *t, struct file *file, unsigned fd)
2717
2956
 {
2718
-	if (likely(file->f_op->read != tty_read))
2957
+	if (likely(file->f_op->read_iter != tty_read))
2719
2958
 		return 0;
2720
2959
 	return file_tty(file) != t ? 0 : fd + 1;
2721
2960
 }
..
..
@@ -2765,7 +3004,7 @@
2765
3004
 	do_each_pid_task(session, PIDTYPE_SID, p) {
2766
3005
 		tty_notice(tty, "SAK: killed process %d (%s): by session\n",
2767
3006
 			   task_pid_nr(p), p->comm);
2768
-		send_sig(SIGKILL, p, 1);
3007
+		group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID);
2769
3008
 	} while_each_pid_task(session, PIDTYPE_SID, p);
2770
3009
 
2771
3010
 	/* Now kill any processes that happen to have the tty open */
..
..
@@ -2773,7 +3012,7 @@
2773
3012
 		if (p->signal->tty == tty) {
2774
3013
 			tty_notice(tty, "SAK: killed process %d (%s): by controlling tty\n",
2775
3014
 				   task_pid_nr(p), p->comm);
2776
-			send_sig(SIGKILL, p, 1);
3015
+			group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID);
2777
3016
 			continue;
2778
3017
 		}
2779
3018
 		task_lock(p);
..
..
@@ -2781,7 +3020,7 @@
2781
3020
 		if (i != 0) {
2782
3021
 			tty_notice(tty, "SAK: killed process %d (%s): by fd#%d\n",
2783
3022
 				   task_pid_nr(p), p->comm, i - 1);
2784
-			force_sig(SIGKILL, p);
3023
+			group_send_sig_info(SIGKILL, SEND_SIG_PRIV, p, PIDTYPE_SID);
2785
3024
 		}
2786
3025
 		task_unlock(p);
2787
3026
 	} while_each_thread(g, p);
..
..
@@ -2812,17 +3051,11 @@
2812
3051
 
2813
3052
 EXPORT_SYMBOL(do_SAK);
2814
3053
 
2815
-static int dev_match_devt(struct device *dev, const void *data)
2816
-{
2817
-	const dev_t *devt = data;
2818
-	return dev->devt == *devt;
2819
-}
2820
-
2821
3054
 /* Must put_device() after it's unused! */
2822
3055
 static struct device *tty_get_device(struct tty_struct *tty)
2823
3056
 {
2824
3057
 	dev_t devt = tty_devnum(tty);
2825
-	return class_find_device(tty_class, NULL, &devt, dev_match_devt);
3058
+	return class_find_device_by_devt(tty_class, devt);
2826
3059
 }
2827
3060
 
2828
3061
 
..
..
@@ -3076,7 +3309,7 @@
3076
3309
 	if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1))
3077
3310
 		return ERR_PTR(-EINVAL);
3078
3311
 
3079
-	driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL);
3312
+	driver = kzalloc(sizeof(*driver), GFP_KERNEL);
3080
3313
 	if (!driver)
3081
3314
 		return ERR_PTR(-ENOMEM);
3082
3315