ioctl()ling the device

% The <#2693#> ioctl()<#2693#> system call is the entry point for user processes to control the behavior of device files. Ioctl management is spawned by <#2694#> ../../fs/ioctl.c<#2694#>, where the real <#2695#> sys_ioctl()<#2695#> resides. The standard <#2696#> ioctl<#2696#> requests are performed right there, other file-related requests are processed by <#2697#> file_ioctl()<#2697#> (same source file), while any other request is dispatches to the device-specific <#2698#> ioctl()<#2698#> function. The <#2699#> ioctl<#2699#> material for console devices resides in <#2700#> vt.c<#2700#>, because the console driver dispatches ioctl requests to <#2701#> vt_ioctl()<#2701#>.

#tex2html_wrap2976#

Ioctl material is quite confused, indeed. Some requests are related to the device, and some are related to the line discipline. I'll try to summarize things for the 1.0 and the 1.1.7x kernels and anything that happened in between. The 1.1.7x series features the following approach: <#2704#> tty_ioctl.c<#2704#> implements only line discipline requests (namely <#2705#> n_tty_ioctl()<#2705#>, which is the only n_tty function outside of <#2706#> n_tty.c<#2706#>), while the <#2707#> file_operations<#2707#> field points to <#2708#> tty_ioctl()<#2708#> in <#2709#> tty_io.c<#2709#>. If the request number is not resolved by <#2710#> tty_ioctl()<#2710#>, it is passed along to <#2711#> tty-;SPM_gt;driver.ioctl<#2711#> or, if it fails, to <#2712#> tty-;SPM_gt;ldisc.ioctl<#2712#>. Driver-related stuff for the console it to be found in <#2713#> vt.c<#2713#>, while line discipline material is in <#2714#> tty_ioctl.c<#2714#>. In the 1.0 kernel, <#2715#> tty_ioctl()<#2715#> is in <#2716#> tty_ioctl.c<#2716#> and is pointed to by generic tty <#2717#> file_operations<#2717#>. Unresolved requests are passed along to the specific ioctl function or to the line-discipline code, in a way similar to 1.1.7x. Note that in both cases, the <#2718#> TIOCLINUX<#2718#> request is in the device-independent code. This implies that the console selection can be set by <#2719#> ioctl<#2719#>ling any tty (<#2720#> set_selection()<#2720#> always operates on the foreground console), and this is a security hole. It is also a good reason to switch to a newer kernel, where the problem is fixed by only allowing the superuser to handle the selection. % A variety of requests can be issued to the console device, and the best way to know about them is to browse the source file <#2721#> vt.c<#2721#>. % % %