drivers/char/tty_io.c at 60e417536bca8988d22ea1cc20a634ffa67bb2a8

tjh.dev / kernel
fork
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork
kernel / drivers / char / tty_io.c
at 60e417536bca8988d22ea1cc20a634ffa67bb2a8 4039 lines 104 kB view raw
wrap content
   1/*
   2 *  linux/drivers/char/tty_io.c
   3 *
   4 *  Copyright (C) 1991, 1992  Linus Torvalds
   5 */
   6
   7/*
   8 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
   9 * or rs-channels. It also implements echoing, cooked mode etc.
  10 *
  11 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
  12 *
  13 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
  14 * tty_struct and tty_queue structures.  Previously there was an array
  15 * of 256 tty_struct's which was statically allocated, and the
  16 * tty_queue structures were allocated at boot time.  Both are now
  17 * dynamically allocated only when the tty is open.
  18 *
  19 * Also restructured routines so that there is more of a separation
  20 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
  21 * the low-level tty routines (serial.c, pty.c, console.c).  This
  22 * makes for cleaner and more compact code.  -TYT, 9/17/92 
  23 *
  24 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
  25 * which can be dynamically activated and de-activated by the line
  26 * discipline handling modules (like SLIP).
  27 *
  28 * NOTE: pay no attention to the line discipline code (yet); its
  29 * interface is still subject to change in this version...
  30 * -- TYT, 1/31/92
  31 *
  32 * Added functionality to the OPOST tty handling.  No delays, but all
  33 * other bits should be there.
  34 *	-- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
  35 *
  36 * Rewrote canonical mode and added more termios flags.
  37 * 	-- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
  38 *
  39 * Reorganized FASYNC support so mouse code can share it.
  40 *	-- ctm@ardi.com, 9Sep95
  41 *
  42 * New TIOCLINUX variants added.
  43 *	-- mj@k332.feld.cvut.cz, 19-Nov-95
  44 * 
  45 * Restrict vt switching via ioctl()
  46 *      -- grif@cs.ucr.edu, 5-Dec-95
  47 *
  48 * Move console and virtual terminal code to more appropriate files,
  49 * implement CONFIG_VT and generalize console device interface.
  50 *	-- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
  51 *
  52 * Rewrote init_dev and release_dev to eliminate races.
  53 *	-- Bill Hawes <whawes@star.net>, June 97
  54 *
  55 * Added devfs support.
  56 *      -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
  57 *
  58 * Added support for a Unix98-style ptmx device.
  59 *      -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
  60 *
  61 * Reduced memory usage for older ARM systems
  62 *      -- Russell King <rmk@arm.linux.org.uk>
  63 *
  64 * Move do_SAK() into process context.  Less stack use in devfs functions.
  65 * alloc_tty_struct() always uses kmalloc() -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
  66 */
  67
  68#include <linux/types.h>
  69#include <linux/major.h>
  70#include <linux/errno.h>
  71#include <linux/signal.h>
  72#include <linux/fcntl.h>
  73#include <linux/sched.h>
  74#include <linux/interrupt.h>
  75#include <linux/tty.h>
  76#include <linux/tty_driver.h>
  77#include <linux/tty_flip.h>
  78#include <linux/devpts_fs.h>
  79#include <linux/file.h>
  80#include <linux/console.h>
  81#include <linux/timer.h>
  82#include <linux/ctype.h>
  83#include <linux/kd.h>
  84#include <linux/mm.h>
  85#include <linux/string.h>
  86#include <linux/slab.h>
  87#include <linux/poll.h>
  88#include <linux/proc_fs.h>
  89#include <linux/init.h>
  90#include <linux/module.h>
  91#include <linux/smp_lock.h>
  92#include <linux/device.h>
  93#include <linux/idr.h>
  94#include <linux/wait.h>
  95#include <linux/bitops.h>
  96#include <linux/delay.h>
  97
  98#include <asm/uaccess.h>
  99#include <asm/system.h>
 100
 101#include <linux/kbd_kern.h>
 102#include <linux/vt_kern.h>
 103#include <linux/selection.h>
 104
 105#include <linux/kmod.h>
 106
 107#undef TTY_DEBUG_HANGUP
 108
 109#define TTY_PARANOIA_CHECK 1
 110#define CHECK_TTY_COUNT 1
 111
 112struct ktermios tty_std_termios = {	/* for the benefit of tty drivers  */
 113	.c_iflag = ICRNL | IXON,
 114	.c_oflag = OPOST | ONLCR,
 115	.c_cflag = B38400 | CS8 | CREAD | HUPCL,
 116	.c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
 117		   ECHOCTL | ECHOKE | IEXTEN,
 118	.c_cc = INIT_C_CC,
 119	.c_ispeed = 38400,
 120	.c_ospeed = 38400
 121};
 122
 123EXPORT_SYMBOL(tty_std_termios);
 124
 125/* This list gets poked at by procfs and various bits of boot up code. This
 126   could do with some rationalisation such as pulling the tty proc function
 127   into this file */
 128   
 129LIST_HEAD(tty_drivers);			/* linked list of tty drivers */
 130
 131/* Mutex to protect creating and releasing a tty. This is shared with
 132   vt.c for deeply disgusting hack reasons */
 133DEFINE_MUTEX(tty_mutex);
 134EXPORT_SYMBOL(tty_mutex);
 135
 136#ifdef CONFIG_UNIX98_PTYS
 137extern struct tty_driver *ptm_driver;	/* Unix98 pty masters; for /dev/ptmx */
 138extern int pty_limit;		/* Config limit on Unix98 ptys */
 139static DEFINE_IDR(allocated_ptys);
 140static DECLARE_MUTEX(allocated_ptys_lock);
 141static int ptmx_open(struct inode *, struct file *);
 142#endif
 143
 144static void initialize_tty_struct(struct tty_struct *tty);
 145
 146static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
 147static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
 148ssize_t redirected_tty_write(struct file *, const char __user *, size_t, loff_t *);
 149static unsigned int tty_poll(struct file *, poll_table *);
 150static int tty_open(struct inode *, struct file *);
 151static int tty_release(struct inode *, struct file *);
 152int tty_ioctl(struct inode * inode, struct file * file,
 153	      unsigned int cmd, unsigned long arg);
 154#ifdef CONFIG_COMPAT
 155static long tty_compat_ioctl(struct file * file, unsigned int cmd,
 156				unsigned long arg);
 157#else
 158#define tty_compat_ioctl NULL
 159#endif
 160static int tty_fasync(int fd, struct file * filp, int on);
 161static void release_tty(struct tty_struct *tty, int idx);
 162static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
 163static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
 164
 165/**
 166 *	alloc_tty_struct	-	allocate a tty object
 167 *
 168 *	Return a new empty tty structure. The data fields have not
 169 *	been initialized in any way but has been zeroed
 170 *
 171 *	Locking: none
 172 */
 173
 174static struct tty_struct *alloc_tty_struct(void)
 175{
 176	return kzalloc(sizeof(struct tty_struct), GFP_KERNEL);
 177}
 178
 179static void tty_buffer_free_all(struct tty_struct *);
 180
 181/**
 182 *	free_tty_struct		-	free a disused tty
 183 *	@tty: tty struct to free
 184 *
 185 *	Free the write buffers, tty queue and tty memory itself.
 186 *
 187 *	Locking: none. Must be called after tty is definitely unused
 188 */
 189
 190static inline void free_tty_struct(struct tty_struct *tty)
 191{
 192	kfree(tty->write_buf);
 193	tty_buffer_free_all(tty);
 194	kfree(tty);
 195}
 196
 197#define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
 198
 199/**
 200 *	tty_name	-	return tty naming
 201 *	@tty: tty structure
 202 *	@buf: buffer for output
 203 *
 204 *	Convert a tty structure into a name. The name reflects the kernel
 205 *	naming policy and if udev is in use may not reflect user space
 206 *
 207 *	Locking: none
 208 */
 209
 210char *tty_name(struct tty_struct *tty, char *buf)
 211{
 212	if (!tty) /* Hmm.  NULL pointer.  That's fun. */
 213		strcpy(buf, "NULL tty");
 214	else
 215		strcpy(buf, tty->name);
 216	return buf;
 217}
 218
 219EXPORT_SYMBOL(tty_name);
 220
 221int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
 222			      const char *routine)
 223{
 224#ifdef TTY_PARANOIA_CHECK
 225	if (!tty) {
 226		printk(KERN_WARNING
 227			"null TTY for (%d:%d) in %s\n",
 228			imajor(inode), iminor(inode), routine);
 229		return 1;
 230	}
 231	if (tty->magic != TTY_MAGIC) {
 232		printk(KERN_WARNING
 233			"bad magic number for tty struct (%d:%d) in %s\n",
 234			imajor(inode), iminor(inode), routine);
 235		return 1;
 236	}
 237#endif
 238	return 0;
 239}
 240
 241static int check_tty_count(struct tty_struct *tty, const char *routine)
 242{
 243#ifdef CHECK_TTY_COUNT
 244	struct list_head *p;
 245	int count = 0;
 246	
 247	file_list_lock();
 248	list_for_each(p, &tty->tty_files) {
 249		count++;
 250	}
 251	file_list_unlock();
 252	if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
 253	    tty->driver->subtype == PTY_TYPE_SLAVE &&
 254	    tty->link && tty->link->count)
 255		count++;
 256	if (tty->count != count) {
 257		printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
 258				    "!= #fd's(%d) in %s\n",
 259		       tty->name, tty->count, count, routine);
 260		return count;
 261	}
 262#endif
 263	return 0;
 264}
 265
 266/*
 267 * Tty buffer allocation management
 268 */
 269
 270/**
 271 *	tty_buffer_free_all		-	free buffers used by a tty
 272 *	@tty: tty to free from
 273 *
 274 *	Remove all the buffers pending on a tty whether queued with data
 275 *	or in the free ring. Must be called when the tty is no longer in use
 276 *
 277 *	Locking: none
 278 */
 279
 280static void tty_buffer_free_all(struct tty_struct *tty)
 281{
 282	struct tty_buffer *thead;
 283	while((thead = tty->buf.head) != NULL) {
 284		tty->buf.head = thead->next;
 285		kfree(thead);
 286	}
 287	while((thead = tty->buf.free) != NULL) {
 288		tty->buf.free = thead->next;
 289		kfree(thead);
 290	}
 291	tty->buf.tail = NULL;
 292	tty->buf.memory_used = 0;
 293}
 294
 295/**
 296 *	tty_buffer_init		-	prepare a tty buffer structure
 297 *	@tty: tty to initialise
 298 *
 299 *	Set up the initial state of the buffer management for a tty device.
 300 *	Must be called before the other tty buffer functions are used.
 301 *
 302 *	Locking: none
 303 */
 304
 305static void tty_buffer_init(struct tty_struct *tty)
 306{
 307	spin_lock_init(&tty->buf.lock);
 308	tty->buf.head = NULL;
 309	tty->buf.tail = NULL;
 310	tty->buf.free = NULL;
 311	tty->buf.memory_used = 0;
 312}
 313
 314/**
 315 *	tty_buffer_alloc	-	allocate a tty buffer
 316 *	@tty: tty device
 317 *	@size: desired size (characters)
 318 *
 319 *	Allocate a new tty buffer to hold the desired number of characters.
 320 *	Return NULL if out of memory or the allocation would exceed the
 321 *	per device queue
 322 *
 323 *	Locking: Caller must hold tty->buf.lock
 324 */
 325
 326static struct tty_buffer *tty_buffer_alloc(struct tty_struct *tty, size_t size)
 327{
 328	struct tty_buffer *p;
 329
 330	if (tty->buf.memory_used + size > 65536)
 331		return NULL;
 332	p = kmalloc(sizeof(struct tty_buffer) + 2 * size, GFP_ATOMIC);
 333	if(p == NULL)
 334		return NULL;
 335	p->used = 0;
 336	p->size = size;
 337	p->next = NULL;
 338	p->commit = 0;
 339	p->read = 0;
 340	p->char_buf_ptr = (char *)(p->data);
 341	p->flag_buf_ptr = (unsigned char *)p->char_buf_ptr + size;
 342	tty->buf.memory_used += size;
 343	return p;
 344}
 345
 346/**
 347 *	tty_buffer_free		-	free a tty buffer
 348 *	@tty: tty owning the buffer
 349 *	@b: the buffer to free
 350 *
 351 *	Free a tty buffer, or add it to the free list according to our
 352 *	internal strategy
 353 *
 354 *	Locking: Caller must hold tty->buf.lock
 355 */
 356
 357static void tty_buffer_free(struct tty_struct *tty, struct tty_buffer *b)
 358{
 359	/* Dumb strategy for now - should keep some stats */
 360	tty->buf.memory_used -= b->size;
 361	WARN_ON(tty->buf.memory_used < 0);
 362
 363	if(b->size >= 512)
 364		kfree(b);
 365	else {
 366		b->next = tty->buf.free;
 367		tty->buf.free = b;
 368	}
 369}
 370
 371/**
 372 *	tty_buffer_flush		-	flush full tty buffers
 373 *	@tty: tty to flush
 374 *
 375 *	flush all the buffers containing receive data
 376 *
 377 *	Locking: none
 378 */
 379
 380static void tty_buffer_flush(struct tty_struct *tty)
 381{
 382	struct tty_buffer *thead;
 383	unsigned long flags;
 384
 385	spin_lock_irqsave(&tty->buf.lock, flags);
 386	while((thead = tty->buf.head) != NULL) {
 387		tty->buf.head = thead->next;
 388		tty_buffer_free(tty, thead);
 389	}
 390	tty->buf.tail = NULL;
 391	spin_unlock_irqrestore(&tty->buf.lock, flags);
 392}
 393
 394/**
 395 *	tty_buffer_find		-	find a free tty buffer
 396 *	@tty: tty owning the buffer
 397 *	@size: characters wanted
 398 *
 399 *	Locate an existing suitable tty buffer or if we are lacking one then
 400 *	allocate a new one. We round our buffers off in 256 character chunks
 401 *	to get better allocation behaviour.
 402 *
 403 *	Locking: Caller must hold tty->buf.lock
 404 */
 405
 406static struct tty_buffer *tty_buffer_find(struct tty_struct *tty, size_t size)
 407{
 408	struct tty_buffer **tbh = &tty->buf.free;
 409	while((*tbh) != NULL) {
 410		struct tty_buffer *t = *tbh;
 411		if(t->size >= size) {
 412			*tbh = t->next;
 413			t->next = NULL;
 414			t->used = 0;
 415			t->commit = 0;
 416			t->read = 0;
 417			tty->buf.memory_used += t->size;
 418			return t;
 419		}
 420		tbh = &((*tbh)->next);
 421	}
 422	/* Round the buffer size out */
 423	size = (size + 0xFF) & ~ 0xFF;
 424	return tty_buffer_alloc(tty, size);
 425	/* Should possibly check if this fails for the largest buffer we
 426	   have queued and recycle that ? */
 427}
 428
 429/**
 430 *	tty_buffer_request_room		-	grow tty buffer if needed
 431 *	@tty: tty structure
 432 *	@size: size desired
 433 *
 434 *	Make at least size bytes of linear space available for the tty
 435 *	buffer. If we fail return the size we managed to find.
 436 *
 437 *	Locking: Takes tty->buf.lock
 438 */
 439int tty_buffer_request_room(struct tty_struct *tty, size_t size)
 440{
 441	struct tty_buffer *b, *n;
 442	int left;
 443	unsigned long flags;
 444
 445	spin_lock_irqsave(&tty->buf.lock, flags);
 446
 447	/* OPTIMISATION: We could keep a per tty "zero" sized buffer to
 448	   remove this conditional if its worth it. This would be invisible
 449	   to the callers */
 450	if ((b = tty->buf.tail) != NULL)
 451		left = b->size - b->used;
 452	else
 453		left = 0;
 454
 455	if (left < size) {
 456		/* This is the slow path - looking for new buffers to use */
 457		if ((n = tty_buffer_find(tty, size)) != NULL) {
 458			if (b != NULL) {
 459				b->next = n;
 460				b->commit = b->used;
 461			} else
 462				tty->buf.head = n;
 463			tty->buf.tail = n;
 464		} else
 465			size = left;
 466	}
 467
 468	spin_unlock_irqrestore(&tty->buf.lock, flags);
 469	return size;
 470}
 471EXPORT_SYMBOL_GPL(tty_buffer_request_room);
 472
 473/**
 474 *	tty_insert_flip_string	-	Add characters to the tty buffer
 475 *	@tty: tty structure
 476 *	@chars: characters
 477 *	@size: size
 478 *
 479 *	Queue a series of bytes to the tty buffering. All the characters
 480 *	passed are marked as without error. Returns the number added.
 481 *
 482 *	Locking: Called functions may take tty->buf.lock
 483 */
 484
 485int tty_insert_flip_string(struct tty_struct *tty, const unsigned char *chars,
 486				size_t size)
 487{
 488	int copied = 0;
 489	do {
 490		int space = tty_buffer_request_room(tty, size - copied);
 491		struct tty_buffer *tb = tty->buf.tail;
 492		/* If there is no space then tb may be NULL */
 493		if(unlikely(space == 0))
 494			break;
 495		memcpy(tb->char_buf_ptr + tb->used, chars, space);
 496		memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
 497		tb->used += space;
 498		copied += space;
 499		chars += space;
 500		/* There is a small chance that we need to split the data over
 501		   several buffers. If this is the case we must loop */
 502	} while (unlikely(size > copied));
 503	return copied;
 504}
 505EXPORT_SYMBOL(tty_insert_flip_string);
 506
 507/**
 508 *	tty_insert_flip_string_flags	-	Add characters to the tty buffer
 509 *	@tty: tty structure
 510 *	@chars: characters
 511 *	@flags: flag bytes
 512 *	@size: size
 513 *
 514 *	Queue a series of bytes to the tty buffering. For each character
 515 *	the flags array indicates the status of the character. Returns the
 516 *	number added.
 517 *
 518 *	Locking: Called functions may take tty->buf.lock
 519 */
 520
 521int tty_insert_flip_string_flags(struct tty_struct *tty,
 522		const unsigned char *chars, const char *flags, size_t size)
 523{
 524	int copied = 0;
 525	do {
 526		int space = tty_buffer_request_room(tty, size - copied);
 527		struct tty_buffer *tb = tty->buf.tail;
 528		/* If there is no space then tb may be NULL */
 529		if(unlikely(space == 0))
 530			break;
 531		memcpy(tb->char_buf_ptr + tb->used, chars, space);
 532		memcpy(tb->flag_buf_ptr + tb->used, flags, space);
 533		tb->used += space;
 534		copied += space;
 535		chars += space;
 536		flags += space;
 537		/* There is a small chance that we need to split the data over
 538		   several buffers. If this is the case we must loop */
 539	} while (unlikely(size > copied));
 540	return copied;
 541}
 542EXPORT_SYMBOL(tty_insert_flip_string_flags);
 543
 544/**
 545 *	tty_schedule_flip	-	push characters to ldisc
 546 *	@tty: tty to push from
 547 *
 548 *	Takes any pending buffers and transfers their ownership to the
 549 *	ldisc side of the queue. It then schedules those characters for
 550 *	processing by the line discipline.
 551 *
 552 *	Locking: Takes tty->buf.lock
 553 */
 554
 555void tty_schedule_flip(struct tty_struct *tty)
 556{
 557	unsigned long flags;
 558	spin_lock_irqsave(&tty->buf.lock, flags);
 559	if (tty->buf.tail != NULL)
 560		tty->buf.tail->commit = tty->buf.tail->used;
 561	spin_unlock_irqrestore(&tty->buf.lock, flags);
 562	schedule_delayed_work(&tty->buf.work, 1);
 563}
 564EXPORT_SYMBOL(tty_schedule_flip);
 565
 566/**
 567 *	tty_prepare_flip_string		-	make room for characters
 568 *	@tty: tty
 569 *	@chars: return pointer for character write area
 570 *	@size: desired size
 571 *
 572 *	Prepare a block of space in the buffer for data. Returns the length
 573 *	available and buffer pointer to the space which is now allocated and
 574 *	accounted for as ready for normal characters. This is used for drivers
 575 *	that need their own block copy routines into the buffer. There is no
 576 *	guarantee the buffer is a DMA target!
 577 *
 578 *	Locking: May call functions taking tty->buf.lock
 579 */
 580
 581int tty_prepare_flip_string(struct tty_struct *tty, unsigned char **chars, size_t size)
 582{
 583	int space = tty_buffer_request_room(tty, size);
 584	if (likely(space)) {
 585		struct tty_buffer *tb = tty->buf.tail;
 586		*chars = tb->char_buf_ptr + tb->used;
 587		memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
 588		tb->used += space;
 589	}
 590	return space;
 591}
 592
 593EXPORT_SYMBOL_GPL(tty_prepare_flip_string);
 594
 595/**
 596 *	tty_prepare_flip_string_flags	-	make room for characters
 597 *	@tty: tty
 598 *	@chars: return pointer for character write area
 599 *	@flags: return pointer for status flag write area
 600 *	@size: desired size
 601 *
 602 *	Prepare a block of space in the buffer for data. Returns the length
 603 *	available and buffer pointer to the space which is now allocated and
 604 *	accounted for as ready for characters. This is used for drivers
 605 *	that need their own block copy routines into the buffer. There is no
 606 *	guarantee the buffer is a DMA target!
 607 *
 608 *	Locking: May call functions taking tty->buf.lock
 609 */
 610
 611int tty_prepare_flip_string_flags(struct tty_struct *tty, unsigned char **chars, char **flags, size_t size)
 612{
 613	int space = tty_buffer_request_room(tty, size);
 614	if (likely(space)) {
 615		struct tty_buffer *tb = tty->buf.tail;
 616		*chars = tb->char_buf_ptr + tb->used;
 617		*flags = tb->flag_buf_ptr + tb->used;
 618		tb->used += space;
 619	}
 620	return space;
 621}
 622
 623EXPORT_SYMBOL_GPL(tty_prepare_flip_string_flags);
 624
 625
 626
 627/**
 628 *	tty_set_termios_ldisc		-	set ldisc field
 629 *	@tty: tty structure
 630 *	@num: line discipline number
 631 *
 632 *	This is probably overkill for real world processors but
 633 *	they are not on hot paths so a little discipline won't do 
 634 *	any harm.
 635 *
 636 *	Locking: takes termios_mutex
 637 */
 638 
 639static void tty_set_termios_ldisc(struct tty_struct *tty, int num)
 640{
 641	mutex_lock(&tty->termios_mutex);
 642	tty->termios->c_line = num;
 643	mutex_unlock(&tty->termios_mutex);
 644}
 645
 646/*
 647 *	This guards the refcounted line discipline lists. The lock
 648 *	must be taken with irqs off because there are hangup path
 649 *	callers who will do ldisc lookups and cannot sleep.
 650 */
 651 
 652static DEFINE_SPINLOCK(tty_ldisc_lock);
 653static DECLARE_WAIT_QUEUE_HEAD(tty_ldisc_wait);
 654static struct tty_ldisc tty_ldiscs[NR_LDISCS];	/* line disc dispatch table */
 655
 656/**
 657 *	tty_register_ldisc	-	install a line discipline
 658 *	@disc: ldisc number
 659 *	@new_ldisc: pointer to the ldisc object
 660 *
 661 *	Installs a new line discipline into the kernel. The discipline
 662 *	is set up as unreferenced and then made available to the kernel
 663 *	from this point onwards.
 664 *
 665 *	Locking:
 666 *		takes tty_ldisc_lock to guard against ldisc races
 667 */
 668
 669int tty_register_ldisc(int disc, struct tty_ldisc *new_ldisc)
 670{
 671	unsigned long flags;
 672	int ret = 0;
 673	
 674	if (disc < N_TTY || disc >= NR_LDISCS)
 675		return -EINVAL;
 676	
 677	spin_lock_irqsave(&tty_ldisc_lock, flags);
 678	tty_ldiscs[disc] = *new_ldisc;
 679	tty_ldiscs[disc].num = disc;
 680	tty_ldiscs[disc].flags |= LDISC_FLAG_DEFINED;
 681	tty_ldiscs[disc].refcount = 0;
 682	spin_unlock_irqrestore(&tty_ldisc_lock, flags);
 683	
 684	return ret;
 685}
 686EXPORT_SYMBOL(tty_register_ldisc);
 687
 688/**
 689 *	tty_unregister_ldisc	-	unload a line discipline
 690 *	@disc: ldisc number
 691 *	@new_ldisc: pointer to the ldisc object
 692 *
 693 *	Remove a line discipline from the kernel providing it is not
 694 *	currently in use.
 695 *
 696 *	Locking:
 697 *		takes tty_ldisc_lock to guard against ldisc races
 698 */
 699
 700int tty_unregister_ldisc(int disc)
 701{
 702	unsigned long flags;
 703	int ret = 0;
 704
 705	if (disc < N_TTY || disc >= NR_LDISCS)
 706		return -EINVAL;
 707
 708	spin_lock_irqsave(&tty_ldisc_lock, flags);
 709	if (tty_ldiscs[disc].refcount)
 710		ret = -EBUSY;
 711	else
 712		tty_ldiscs[disc].flags &= ~LDISC_FLAG_DEFINED;
 713	spin_unlock_irqrestore(&tty_ldisc_lock, flags);
 714
 715	return ret;
 716}
 717EXPORT_SYMBOL(tty_unregister_ldisc);
 718
 719/**
 720 *	tty_ldisc_get		-	take a reference to an ldisc
 721 *	@disc: ldisc number
 722 *
 723 *	Takes a reference to a line discipline. Deals with refcounts and
 724 *	module locking counts. Returns NULL if the discipline is not available.
 725 *	Returns a pointer to the discipline and bumps the ref count if it is
 726 *	available
 727 *
 728 *	Locking:
 729 *		takes tty_ldisc_lock to guard against ldisc races
 730 */
 731
 732struct tty_ldisc *tty_ldisc_get(int disc)
 733{
 734	unsigned long flags;
 735	struct tty_ldisc *ld;
 736
 737	if (disc < N_TTY || disc >= NR_LDISCS)
 738		return NULL;
 739	
 740	spin_lock_irqsave(&tty_ldisc_lock, flags);
 741
 742	ld = &tty_ldiscs[disc];
 743	/* Check the entry is defined */
 744	if(ld->flags & LDISC_FLAG_DEFINED)
 745	{
 746		/* If the module is being unloaded we can't use it */
 747		if (!try_module_get(ld->owner))
 748		       	ld = NULL;
 749		else /* lock it */
 750			ld->refcount++;
 751	}
 752	else
 753		ld = NULL;
 754	spin_unlock_irqrestore(&tty_ldisc_lock, flags);
 755	return ld;
 756}
 757
 758EXPORT_SYMBOL_GPL(tty_ldisc_get);
 759
 760/**
 761 *	tty_ldisc_put		-	drop ldisc reference
 762 *	@disc: ldisc number
 763 *
 764 *	Drop a reference to a line discipline. Manage refcounts and
 765 *	module usage counts
 766 *
 767 *	Locking:
 768 *		takes tty_ldisc_lock to guard against ldisc races
 769 */
 770
 771void tty_ldisc_put(int disc)
 772{
 773	struct tty_ldisc *ld;
 774	unsigned long flags;
 775	
 776	BUG_ON(disc < N_TTY || disc >= NR_LDISCS);
 777		
 778	spin_lock_irqsave(&tty_ldisc_lock, flags);
 779	ld = &tty_ldiscs[disc];
 780	BUG_ON(ld->refcount == 0);
 781	ld->refcount--;
 782	module_put(ld->owner);
 783	spin_unlock_irqrestore(&tty_ldisc_lock, flags);
 784}
 785	
 786EXPORT_SYMBOL_GPL(tty_ldisc_put);
 787
 788/**
 789 *	tty_ldisc_assign	-	set ldisc on a tty
 790 *	@tty: tty to assign
 791 *	@ld: line discipline
 792 *
 793 *	Install an instance of a line discipline into a tty structure. The
 794 *	ldisc must have a reference count above zero to ensure it remains/
 795 *	The tty instance refcount starts at zero.
 796 *
 797 *	Locking:
 798 *		Caller must hold references
 799 */
 800
 801static void tty_ldisc_assign(struct tty_struct *tty, struct tty_ldisc *ld)
 802{
 803	tty->ldisc = *ld;
 804	tty->ldisc.refcount = 0;
 805}
 806
 807/**
 808 *	tty_ldisc_try		-	internal helper
 809 *	@tty: the tty
 810 *
 811 *	Make a single attempt to grab and bump the refcount on
 812 *	the tty ldisc. Return 0 on failure or 1 on success. This is
 813 *	used to implement both the waiting and non waiting versions
 814 *	of tty_ldisc_ref
 815 *
 816 *	Locking: takes tty_ldisc_lock
 817 */
 818
 819static int tty_ldisc_try(struct tty_struct *tty)
 820{
 821	unsigned long flags;
 822	struct tty_ldisc *ld;
 823	int ret = 0;
 824	
 825	spin_lock_irqsave(&tty_ldisc_lock, flags);
 826	ld = &tty->ldisc;
 827	if(test_bit(TTY_LDISC, &tty->flags))
 828	{
 829		ld->refcount++;
 830		ret = 1;
 831	}
 832	spin_unlock_irqrestore(&tty_ldisc_lock, flags);
 833	return ret;
 834}
 835
 836/**
 837 *	tty_ldisc_ref_wait	-	wait for the tty ldisc
 838 *	@tty: tty device
 839 *
 840 *	Dereference the line discipline for the terminal and take a 
 841 *	reference to it. If the line discipline is in flux then 
 842 *	wait patiently until it changes.
 843 *
 844 *	Note: Must not be called from an IRQ/timer context. The caller
 845 *	must also be careful not to hold other locks that will deadlock
 846 *	against a discipline change, such as an existing ldisc reference
 847 *	(which we check for)
 848 *
 849 *	Locking: call functions take tty_ldisc_lock
 850 */
 851 
 852struct tty_ldisc *tty_ldisc_ref_wait(struct tty_struct *tty)
 853{
 854	/* wait_event is a macro */
 855	wait_event(tty_ldisc_wait, tty_ldisc_try(tty));
 856	if(tty->ldisc.refcount == 0)
 857		printk(KERN_ERR "tty_ldisc_ref_wait\n");
 858	return &tty->ldisc;
 859}
 860
 861EXPORT_SYMBOL_GPL(tty_ldisc_ref_wait);
 862
 863/**
 864 *	tty_ldisc_ref		-	get the tty ldisc
 865 *	@tty: tty device
 866 *
 867 *	Dereference the line discipline for the terminal and take a 
 868 *	reference to it. If the line discipline is in flux then 
 869 *	return NULL. Can be called from IRQ and timer functions.
 870 *
 871 *	Locking: called functions take tty_ldisc_lock
 872 */
 873 
 874struct tty_ldisc *tty_ldisc_ref(struct tty_struct *tty)
 875{
 876	if(tty_ldisc_try(tty))
 877		return &tty->ldisc;
 878	return NULL;
 879}
 880
 881EXPORT_SYMBOL_GPL(tty_ldisc_ref);
 882
 883/**
 884 *	tty_ldisc_deref		-	free a tty ldisc reference
 885 *	@ld: reference to free up
 886 *
 887 *	Undoes the effect of tty_ldisc_ref or tty_ldisc_ref_wait. May
 888 *	be called in IRQ context.
 889 *
 890 *	Locking: takes tty_ldisc_lock
 891 */
 892 
 893void tty_ldisc_deref(struct tty_ldisc *ld)
 894{
 895	unsigned long flags;
 896
 897	BUG_ON(ld == NULL);
 898		
 899	spin_lock_irqsave(&tty_ldisc_lock, flags);
 900	if(ld->refcount == 0)
 901		printk(KERN_ERR "tty_ldisc_deref: no references.\n");
 902	else
 903		ld->refcount--;
 904	if(ld->refcount == 0)
 905		wake_up(&tty_ldisc_wait);
 906	spin_unlock_irqrestore(&tty_ldisc_lock, flags);
 907}
 908
 909EXPORT_SYMBOL_GPL(tty_ldisc_deref);
 910
 911/**
 912 *	tty_ldisc_enable	-	allow ldisc use
 913 *	@tty: terminal to activate ldisc on
 914 *
 915 *	Set the TTY_LDISC flag when the line discipline can be called
 916 *	again. Do neccessary wakeups for existing sleepers.
 917 *
 918 *	Note: nobody should set this bit except via this function. Clearing
 919 *	directly is allowed.
 920 */
 921
 922static void tty_ldisc_enable(struct tty_struct *tty)
 923{
 924	set_bit(TTY_LDISC, &tty->flags);
 925	wake_up(&tty_ldisc_wait);
 926}
 927	
 928/**
 929 *	tty_set_ldisc		-	set line discipline
 930 *	@tty: the terminal to set
 931 *	@ldisc: the line discipline
 932 *
 933 *	Set the discipline of a tty line. Must be called from a process
 934 *	context.
 935 *
 936 *	Locking: takes tty_ldisc_lock.
 937 *		 called functions take termios_mutex
 938 */
 939 
 940static int tty_set_ldisc(struct tty_struct *tty, int ldisc)
 941{
 942	int retval = 0;
 943	struct tty_ldisc o_ldisc;
 944	char buf[64];
 945	int work;
 946	unsigned long flags;
 947	struct tty_ldisc *ld;
 948	struct tty_struct *o_tty;
 949
 950	if ((ldisc < N_TTY) || (ldisc >= NR_LDISCS))
 951		return -EINVAL;
 952
 953restart:
 954
 955	ld = tty_ldisc_get(ldisc);
 956	/* Eduardo Blanco <ejbs@cs.cs.com.uy> */
 957	/* Cyrus Durgin <cider@speakeasy.org> */
 958	if (ld == NULL) {
 959		request_module("tty-ldisc-%d", ldisc);
 960		ld = tty_ldisc_get(ldisc);
 961	}
 962	if (ld == NULL)
 963		return -EINVAL;
 964
 965	/*
 966	 *	Problem: What do we do if this blocks ?
 967	 */
 968
 969	tty_wait_until_sent(tty, 0);
 970
 971	if (tty->ldisc.num == ldisc) {
 972		tty_ldisc_put(ldisc);
 973		return 0;
 974	}
 975
 976	/*
 977	 *	No more input please, we are switching. The new ldisc
 978	 *	will update this value in the ldisc open function
 979	 */
 980
 981	tty->receive_room = 0;
 982
 983	o_ldisc = tty->ldisc;
 984	o_tty = tty->link;
 985
 986	/*
 987	 *	Make sure we don't change while someone holds a
 988	 *	reference to the line discipline. The TTY_LDISC bit
 989	 *	prevents anyone taking a reference once it is clear.
 990	 *	We need the lock to avoid racing reference takers.
 991	 */
 992
 993	spin_lock_irqsave(&tty_ldisc_lock, flags);
 994	if (tty->ldisc.refcount || (o_tty && o_tty->ldisc.refcount)) {
 995		if(tty->ldisc.refcount) {
 996			/* Free the new ldisc we grabbed. Must drop the lock
 997			   first. */
 998			spin_unlock_irqrestore(&tty_ldisc_lock, flags);
 999			tty_ldisc_put(ldisc);
1000			/*
1001			 * There are several reasons we may be busy, including
1002			 * random momentary I/O traffic. We must therefore
1003			 * retry. We could distinguish between blocking ops
1004			 * and retries if we made tty_ldisc_wait() smarter. That
1005			 * is up for discussion.
1006			 */
1007			if (wait_event_interruptible(tty_ldisc_wait, tty->ldisc.refcount == 0) < 0)
1008				return -ERESTARTSYS;
1009			goto restart;
1010		}
1011		if(o_tty && o_tty->ldisc.refcount) {
1012			spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1013			tty_ldisc_put(ldisc);
1014			if (wait_event_interruptible(tty_ldisc_wait, o_tty->ldisc.refcount == 0) < 0)
1015				return -ERESTARTSYS;
1016			goto restart;
1017		}
1018	}
1019
1020	/* if the TTY_LDISC bit is set, then we are racing against another ldisc change */
1021
1022	if (!test_bit(TTY_LDISC, &tty->flags)) {
1023		spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1024		tty_ldisc_put(ldisc);
1025		ld = tty_ldisc_ref_wait(tty);
1026		tty_ldisc_deref(ld);
1027		goto restart;
1028	}
1029
1030	clear_bit(TTY_LDISC, &tty->flags);
1031	if (o_tty)
1032		clear_bit(TTY_LDISC, &o_tty->flags);
1033	spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1034
1035	/*
1036	 *	From this point on we know nobody has an ldisc
1037	 *	usage reference, nor can they obtain one until
1038	 *	we say so later on.
1039	 */
1040
1041	work = cancel_delayed_work(&tty->buf.work);
1042	/*
1043	 * Wait for ->hangup_work and ->buf.work handlers to terminate
1044	 */
1045	 
1046	flush_scheduled_work();
1047	/* Shutdown the current discipline. */
1048	if (tty->ldisc.close)
1049		(tty->ldisc.close)(tty);
1050
1051	/* Now set up the new line discipline. */
1052	tty_ldisc_assign(tty, ld);
1053	tty_set_termios_ldisc(tty, ldisc);
1054	if (tty->ldisc.open)
1055		retval = (tty->ldisc.open)(tty);
1056	if (retval < 0) {
1057		tty_ldisc_put(ldisc);
1058		/* There is an outstanding reference here so this is safe */
1059		tty_ldisc_assign(tty, tty_ldisc_get(o_ldisc.num));
1060		tty_set_termios_ldisc(tty, tty->ldisc.num);
1061		if (tty->ldisc.open && (tty->ldisc.open(tty) < 0)) {
1062			tty_ldisc_put(o_ldisc.num);
1063			/* This driver is always present */
1064			tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
1065			tty_set_termios_ldisc(tty, N_TTY);
1066			if (tty->ldisc.open) {
1067				int r = tty->ldisc.open(tty);
1068
1069				if (r < 0)
1070					panic("Couldn't open N_TTY ldisc for "
1071					      "%s --- error %d.",
1072					      tty_name(tty, buf), r);
1073			}
1074		}
1075	}
1076	/* At this point we hold a reference to the new ldisc and a
1077	   a reference to the old ldisc. If we ended up flipping back
1078	   to the existing ldisc we have two references to it */
1079	
1080	if (tty->ldisc.num != o_ldisc.num && tty->driver->set_ldisc)
1081		tty->driver->set_ldisc(tty);
1082		
1083	tty_ldisc_put(o_ldisc.num);
1084	
1085	/*
1086	 *	Allow ldisc referencing to occur as soon as the driver
1087	 *	ldisc callback completes.
1088	 */
1089	 
1090	tty_ldisc_enable(tty);
1091	if (o_tty)
1092		tty_ldisc_enable(o_tty);
1093	
1094	/* Restart it in case no characters kick it off. Safe if
1095	   already running */
1096	if (work)
1097		schedule_delayed_work(&tty->buf.work, 1);
1098	return retval;
1099}
1100
1101/**
1102 *	get_tty_driver		-	find device of a tty
1103 *	@dev_t: device identifier
1104 *	@index: returns the index of the tty
1105 *
1106 *	This routine returns a tty driver structure, given a device number
1107 *	and also passes back the index number.
1108 *
1109 *	Locking: caller must hold tty_mutex
1110 */
1111
1112static struct tty_driver *get_tty_driver(dev_t device, int *index)
1113{
1114	struct tty_driver *p;
1115
1116	list_for_each_entry(p, &tty_drivers, tty_drivers) {
1117		dev_t base = MKDEV(p->major, p->minor_start);
1118		if (device < base || device >= base + p->num)
1119			continue;
1120		*index = device - base;
1121		return p;
1122	}
1123	return NULL;
1124}
1125
1126/**
1127 *	tty_check_change	-	check for POSIX terminal changes
1128 *	@tty: tty to check
1129 *
1130 *	If we try to write to, or set the state of, a terminal and we're
1131 *	not in the foreground, send a SIGTTOU.  If the signal is blocked or
1132 *	ignored, go ahead and perform the operation.  (POSIX 7.2)
1133 *
1134 *	Locking: none
1135 */
1136
1137int tty_check_change(struct tty_struct * tty)
1138{
1139	if (current->signal->tty != tty)
1140		return 0;
1141	if (!tty->pgrp) {
1142		printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n");
1143		return 0;
1144	}
1145	if (task_pgrp(current) == tty->pgrp)
1146		return 0;
1147	if (is_ignored(SIGTTOU))
1148		return 0;
1149	if (is_current_pgrp_orphaned())
1150		return -EIO;
1151	(void) kill_pgrp(task_pgrp(current), SIGTTOU, 1);
1152	return -ERESTARTSYS;
1153}
1154
1155EXPORT_SYMBOL(tty_check_change);
1156
1157static ssize_t hung_up_tty_read(struct file * file, char __user * buf,
1158				size_t count, loff_t *ppos)
1159{
1160	return 0;
1161}
1162
1163static ssize_t hung_up_tty_write(struct file * file, const char __user * buf,
1164				 size_t count, loff_t *ppos)
1165{
1166	return -EIO;
1167}
1168
1169/* No kernel lock held - none needed ;) */
1170static unsigned int hung_up_tty_poll(struct file * filp, poll_table * wait)
1171{
1172	return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
1173}
1174
1175static long hung_up_tty_ioctl(struct file * file,
1176			      unsigned int cmd, unsigned long arg)
1177{
1178	return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
1179}
1180
1181static const struct file_operations tty_fops = {
1182	.llseek		= no_llseek,
1183	.read		= tty_read,
1184	.write		= tty_write,
1185	.poll		= tty_poll,
1186	.ioctl		= tty_ioctl,
1187	.compat_ioctl	= tty_compat_ioctl,
1188	.open		= tty_open,
1189	.release	= tty_release,
1190	.fasync		= tty_fasync,
1191};
1192
1193#ifdef CONFIG_UNIX98_PTYS
1194static const struct file_operations ptmx_fops = {
1195	.llseek		= no_llseek,
1196	.read		= tty_read,
1197	.write		= tty_write,
1198	.poll		= tty_poll,
1199	.ioctl		= tty_ioctl,
1200	.compat_ioctl	= tty_compat_ioctl,
1201	.open		= ptmx_open,
1202	.release	= tty_release,
1203	.fasync		= tty_fasync,
1204};
1205#endif
1206
1207static const struct file_operations console_fops = {
1208	.llseek		= no_llseek,
1209	.read		= tty_read,
1210	.write		= redirected_tty_write,
1211	.poll		= tty_poll,
1212	.ioctl		= tty_ioctl,
1213	.compat_ioctl	= tty_compat_ioctl,
1214	.open		= tty_open,
1215	.release	= tty_release,
1216	.fasync		= tty_fasync,
1217};
1218
1219static const struct file_operations hung_up_tty_fops = {
1220	.llseek		= no_llseek,
1221	.read		= hung_up_tty_read,
1222	.write		= hung_up_tty_write,
1223	.poll		= hung_up_tty_poll,
1224	.unlocked_ioctl = hung_up_tty_ioctl,
1225	.compat_ioctl	= hung_up_tty_ioctl,
1226	.release	= tty_release,
1227};
1228
1229static DEFINE_SPINLOCK(redirect_lock);
1230static struct file *redirect;
1231
1232/**
1233 *	tty_wakeup	-	request more data
1234 *	@tty: terminal
1235 *
1236 *	Internal and external helper for wakeups of tty. This function
1237 *	informs the line discipline if present that the driver is ready
1238 *	to receive more output data.
1239 */
1240 
1241void tty_wakeup(struct tty_struct *tty)
1242{
1243	struct tty_ldisc *ld;
1244	
1245	if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
1246		ld = tty_ldisc_ref(tty);
1247		if(ld) {
1248			if(ld->write_wakeup)
1249				ld->write_wakeup(tty);
1250			tty_ldisc_deref(ld);
1251		}
1252	}
1253	wake_up_interruptible(&tty->write_wait);
1254}
1255
1256EXPORT_SYMBOL_GPL(tty_wakeup);
1257
1258/**
1259 *	tty_ldisc_flush	-	flush line discipline queue
1260 *	@tty: tty
1261 *
1262 *	Flush the line discipline queue (if any) for this tty. If there
1263 *	is no line discipline active this is a no-op.
1264 */
1265 
1266void tty_ldisc_flush(struct tty_struct *tty)
1267{
1268	struct tty_ldisc *ld = tty_ldisc_ref(tty);
1269	if(ld) {
1270		if(ld->flush_buffer)
1271			ld->flush_buffer(tty);
1272		tty_ldisc_deref(ld);
1273	}
1274	tty_buffer_flush(tty);
1275}
1276
1277EXPORT_SYMBOL_GPL(tty_ldisc_flush);
1278
1279/**
1280 *	tty_reset_termios	-	reset terminal state
1281 *	@tty: tty to reset
1282 *
1283 *	Restore a terminal to the driver default state
1284 */
1285
1286static void tty_reset_termios(struct tty_struct *tty)
1287{
1288	mutex_lock(&tty->termios_mutex);
1289	*tty->termios = tty->driver->init_termios;
1290	tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
1291	tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
1292	mutex_unlock(&tty->termios_mutex);
1293}
1294	
1295/**
1296 *	do_tty_hangup		-	actual handler for hangup events
1297 *	@work: tty device
1298 *
1299 *	This can be called by the "eventd" kernel thread.  That is process
1300 *	synchronous but doesn't hold any locks, so we need to make sure we
1301 *	have the appropriate locks for what we're doing.
1302 *
1303 *	The hangup event clears any pending redirections onto the hung up
1304 *	device. It ensures future writes will error and it does the needed
1305 *	line discipline hangup and signal delivery. The tty object itself
1306 *	remains intact.
1307 *
1308 *	Locking:
1309 *		BKL
1310 *		  redirect lock for undoing redirection
1311 *		  file list lock for manipulating list of ttys
1312 *		  tty_ldisc_lock from called functions
1313 *		  termios_mutex resetting termios data
1314 *		  tasklist_lock to walk task list for hangup event
1315 *		    ->siglock to protect ->signal/->sighand
1316 */
1317static void do_tty_hangup(struct work_struct *work)
1318{
1319	struct tty_struct *tty =
1320		container_of(work, struct tty_struct, hangup_work);
1321	struct file * cons_filp = NULL;
1322	struct file *filp, *f = NULL;
1323	struct task_struct *p;
1324	struct tty_ldisc *ld;
1325	int    closecount = 0, n;
1326
1327	if (!tty)
1328		return;
1329
1330	/* inuse_filps is protected by the single kernel lock */
1331	lock_kernel();
1332
1333	spin_lock(&redirect_lock);
1334	if (redirect && redirect->private_data == tty) {
1335		f = redirect;
1336		redirect = NULL;
1337	}
1338	spin_unlock(&redirect_lock);
1339	
1340	check_tty_count(tty, "do_tty_hangup");
1341	file_list_lock();
1342	/* This breaks for file handles being sent over AF_UNIX sockets ? */
1343	list_for_each_entry(filp, &tty->tty_files, f_u.fu_list) {
1344		if (filp->f_op->write == redirected_tty_write)
1345			cons_filp = filp;
1346		if (filp->f_op->write != tty_write)
1347			continue;
1348		closecount++;
1349		tty_fasync(-1, filp, 0);	/* can't block */
1350		filp->f_op = &hung_up_tty_fops;
1351	}
1352	file_list_unlock();
1353	
1354	/* FIXME! What are the locking issues here? This may me overdoing things..
1355	 * this question is especially important now that we've removed the irqlock. */
1356
1357	ld = tty_ldisc_ref(tty);
1358	if(ld != NULL)	/* We may have no line discipline at this point */
1359	{
1360		if (ld->flush_buffer)
1361			ld->flush_buffer(tty);
1362		if (tty->driver->flush_buffer)
1363			tty->driver->flush_buffer(tty);
1364		if ((test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) &&
1365		    ld->write_wakeup)
1366			ld->write_wakeup(tty);
1367		if (ld->hangup)
1368			ld->hangup(tty);
1369	}
1370
1371	/* FIXME: Once we trust the LDISC code better we can wait here for
1372	   ldisc completion and fix the driver call race */
1373	   
1374	wake_up_interruptible(&tty->write_wait);
1375	wake_up_interruptible(&tty->read_wait);
1376
1377	/*
1378	 * Shutdown the current line discipline, and reset it to
1379	 * N_TTY.
1380	 */
1381	if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1382		tty_reset_termios(tty);
1383	
1384	/* Defer ldisc switch */
1385	/* tty_deferred_ldisc_switch(N_TTY);
1386	
1387	  This should get done automatically when the port closes and
1388	  tty_release is called */
1389	
1390	read_lock(&tasklist_lock);
1391	if (tty->session) {
1392		do_each_pid_task(tty->session, PIDTYPE_SID, p) {
1393			spin_lock_irq(&p->sighand->siglock);
1394			if (p->signal->tty == tty)
1395				p->signal->tty = NULL;
1396			if (!p->signal->leader) {
1397				spin_unlock_irq(&p->sighand->siglock);
1398				continue;
1399			}
1400			__group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
1401			__group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
1402			put_pid(p->signal->tty_old_pgrp);  /* A noop */
1403			if (tty->pgrp)
1404				p->signal->tty_old_pgrp = get_pid(tty->pgrp);
1405			spin_unlock_irq(&p->sighand->siglock);
1406		} while_each_pid_task(tty->session, PIDTYPE_SID, p);
1407	}
1408	read_unlock(&tasklist_lock);
1409
1410	tty->flags = 0;
1411	put_pid(tty->session);
1412	put_pid(tty->pgrp);
1413	tty->session = NULL;
1414	tty->pgrp = NULL;
1415	tty->ctrl_status = 0;
1416	/*
1417	 *	If one of the devices matches a console pointer, we
1418	 *	cannot just call hangup() because that will cause
1419	 *	tty->count and state->count to go out of sync.
1420	 *	So we just call close() the right number of times.
1421	 */
1422	if (cons_filp) {
1423		if (tty->driver->close)
1424			for (n = 0; n < closecount; n++)
1425				tty->driver->close(tty, cons_filp);
1426	} else if (tty->driver->hangup)
1427		(tty->driver->hangup)(tty);
1428		
1429	/* We don't want to have driver/ldisc interactions beyond
1430	   the ones we did here. The driver layer expects no
1431	   calls after ->hangup() from the ldisc side. However we
1432	   can't yet guarantee all that */
1433
1434	set_bit(TTY_HUPPED, &tty->flags);
1435	if (ld) {
1436		tty_ldisc_enable(tty);
1437		tty_ldisc_deref(ld);
1438	}
1439	unlock_kernel();
1440	if (f)
1441		fput(f);
1442}
1443
1444/**
1445 *	tty_hangup		-	trigger a hangup event
1446 *	@tty: tty to hangup
1447 *
1448 *	A carrier loss (virtual or otherwise) has occurred on this like
1449 *	schedule a hangup sequence to run after this event.
1450 */
1451
1452void tty_hangup(struct tty_struct * tty)
1453{
1454#ifdef TTY_DEBUG_HANGUP
1455	char	buf[64];
1456	
1457	printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
1458#endif
1459	schedule_work(&tty->hangup_work);
1460}
1461
1462EXPORT_SYMBOL(tty_hangup);
1463
1464/**
1465 *	tty_vhangup		-	process vhangup
1466 *	@tty: tty to hangup
1467 *
1468 *	The user has asked via system call for the terminal to be hung up.
1469 *	We do this synchronously so that when the syscall returns the process
1470 *	is complete. That guarantee is neccessary for security reasons.
1471 */
1472
1473void tty_vhangup(struct tty_struct * tty)
1474{
1475#ifdef TTY_DEBUG_HANGUP
1476	char	buf[64];
1477
1478	printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
1479#endif
1480	do_tty_hangup(&tty->hangup_work);
1481}
1482EXPORT_SYMBOL(tty_vhangup);
1483
1484/**
1485 *	tty_hung_up_p		-	was tty hung up
1486 *	@filp: file pointer of tty
1487 *
1488 *	Return true if the tty has been subject to a vhangup or a carrier
1489 *	loss
1490 */
1491
1492int tty_hung_up_p(struct file * filp)
1493{
1494	return (filp->f_op == &hung_up_tty_fops);
1495}
1496
1497EXPORT_SYMBOL(tty_hung_up_p);
1498
1499static void session_clear_tty(struct pid *session)
1500{
1501	struct task_struct *p;
1502	do_each_pid_task(session, PIDTYPE_SID, p) {
1503		proc_clear_tty(p);
1504	} while_each_pid_task(session, PIDTYPE_SID, p);
1505}
1506
1507/**
1508 *	disassociate_ctty	-	disconnect controlling tty
1509 *	@on_exit: true if exiting so need to "hang up" the session
1510 *
1511 *	This function is typically called only by the session leader, when
1512 *	it wants to disassociate itself from its controlling tty.
1513 *
1514 *	It performs the following functions:
1515 * 	(1)  Sends a SIGHUP and SIGCONT to the foreground process group
1516 * 	(2)  Clears the tty from being controlling the session
1517 * 	(3)  Clears the controlling tty for all processes in the
1518 * 		session group.
1519 *
1520 *	The argument on_exit is set to 1 if called when a process is
1521 *	exiting; it is 0 if called by the ioctl TIOCNOTTY.
1522 *
1523 *	Locking:
1524 *		BKL is taken for hysterical raisins
1525 *		  tty_mutex is taken to protect tty
1526 *		  ->siglock is taken to protect ->signal/->sighand
1527 *		  tasklist_lock is taken to walk process list for sessions
1528 *		    ->siglock is taken to protect ->signal/->sighand
1529 */
1530
1531void disassociate_ctty(int on_exit)
1532{
1533	struct tty_struct *tty;
1534	struct pid *tty_pgrp = NULL;
1535
1536	lock_kernel();
1537
1538	mutex_lock(&tty_mutex);
1539	tty = get_current_tty();
1540	if (tty) {
1541		tty_pgrp = get_pid(tty->pgrp);
1542		mutex_unlock(&tty_mutex);
1543		/* XXX: here we race, there is nothing protecting tty */
1544		if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY)
1545			tty_vhangup(tty);
1546	} else if (on_exit) {
1547		struct pid *old_pgrp;
1548		spin_lock_irq(&current->sighand->siglock);
1549		old_pgrp = current->signal->tty_old_pgrp;
1550		current->signal->tty_old_pgrp = NULL;
1551		spin_unlock_irq(&current->sighand->siglock);
1552		if (old_pgrp) {
1553			kill_pgrp(old_pgrp, SIGHUP, on_exit);
1554			kill_pgrp(old_pgrp, SIGCONT, on_exit);
1555			put_pid(old_pgrp);
1556		}
1557		mutex_unlock(&tty_mutex);
1558		unlock_kernel();	
1559		return;
1560	}
1561	if (tty_pgrp) {
1562		kill_pgrp(tty_pgrp, SIGHUP, on_exit);
1563		if (!on_exit)
1564			kill_pgrp(tty_pgrp, SIGCONT, on_exit);
1565		put_pid(tty_pgrp);
1566	}
1567
1568	spin_lock_irq(&current->sighand->siglock);
1569	put_pid(current->signal->tty_old_pgrp);
1570	current->signal->tty_old_pgrp = NULL;
1571	spin_unlock_irq(&current->sighand->siglock);
1572
1573	mutex_lock(&tty_mutex);
1574	/* It is possible that do_tty_hangup has free'd this tty */
1575	tty = get_current_tty();
1576	if (tty) {
1577		put_pid(tty->session);
1578		put_pid(tty->pgrp);
1579		tty->session = NULL;
1580		tty->pgrp = NULL;
1581	} else {
1582#ifdef TTY_DEBUG_HANGUP
1583		printk(KERN_DEBUG "error attempted to write to tty [0x%p]"
1584		       " = NULL", tty);
1585#endif
1586	}
1587	mutex_unlock(&tty_mutex);
1588
1589	/* Now clear signal->tty under the lock */
1590	read_lock(&tasklist_lock);
1591	session_clear_tty(task_session(current));
1592	read_unlock(&tasklist_lock);
1593	unlock_kernel();
1594}
1595
1596/**
1597 *
1598 *	no_tty	- Ensure the current process does not have a controlling tty
1599 */
1600void no_tty(void)
1601{
1602	struct task_struct *tsk = current;
1603	if (tsk->signal->leader)
1604		disassociate_ctty(0);
1605	proc_clear_tty(tsk);
1606}
1607
1608
1609/**
1610 *	stop_tty	-	propagate flow control
1611 *	@tty: tty to stop
1612 *
1613 *	Perform flow control to the driver. For PTY/TTY pairs we
1614 *	must also propagate the TIOCKPKT status. May be called
1615 *	on an already stopped device and will not re-call the driver
1616 *	method.
1617 *
1618 *	This functionality is used by both the line disciplines for
1619 *	halting incoming flow and by the driver. It may therefore be
1620 *	called from any context, may be under the tty atomic_write_lock
1621 *	but not always.
1622 *
1623 *	Locking:
1624 *		Broken. Relies on BKL which is unsafe here.
1625 */
1626
1627void stop_tty(struct tty_struct *tty)
1628{
1629	if (tty->stopped)
1630		return;
1631	tty->stopped = 1;
1632	if (tty->link && tty->link->packet) {
1633		tty->ctrl_status &= ~TIOCPKT_START;
1634		tty->ctrl_status |= TIOCPKT_STOP;
1635		wake_up_interruptible(&tty->link->read_wait);
1636	}
1637	if (tty->driver->stop)
1638		(tty->driver->stop)(tty);
1639}
1640
1641EXPORT_SYMBOL(stop_tty);
1642
1643/**
1644 *	start_tty	-	propagate flow control
1645 *	@tty: tty to start
1646 *
1647 *	Start a tty that has been stopped if at all possible. Perform
1648 *	any neccessary wakeups and propagate the TIOCPKT status. If this
1649 *	is the tty was previous stopped and is being started then the
1650 *	driver start method is invoked and the line discipline woken.
1651 *
1652 *	Locking:
1653 *		Broken. Relies on BKL which is unsafe here.
1654 */
1655
1656void start_tty(struct tty_struct *tty)
1657{
1658	if (!tty->stopped || tty->flow_stopped)
1659		return;
1660	tty->stopped = 0;
1661	if (tty->link && tty->link->packet) {
1662		tty->ctrl_status &= ~TIOCPKT_STOP;
1663		tty->ctrl_status |= TIOCPKT_START;
1664		wake_up_interruptible(&tty->link->read_wait);
1665	}
1666	if (tty->driver->start)
1667		(tty->driver->start)(tty);
1668
1669	/* If we have a running line discipline it may need kicking */
1670	tty_wakeup(tty);
1671}
1672
1673EXPORT_SYMBOL(start_tty);
1674
1675/**
1676 *	tty_read	-	read method for tty device files
1677 *	@file: pointer to tty file
1678 *	@buf: user buffer
1679 *	@count: size of user buffer
1680 *	@ppos: unused
1681 *
1682 *	Perform the read system call function on this terminal device. Checks
1683 *	for hung up devices before calling the line discipline method.
1684 *
1685 *	Locking:
1686 *		Locks the line discipline internally while needed
1687 *		For historical reasons the line discipline read method is
1688 *	invoked under the BKL. This will go away in time so do not rely on it
1689 *	in new code. Multiple read calls may be outstanding in parallel.
1690 */
1691
1692static ssize_t tty_read(struct file * file, char __user * buf, size_t count, 
1693			loff_t *ppos)
1694{
1695	int i;
1696	struct tty_struct * tty;
1697	struct inode *inode;
1698	struct tty_ldisc *ld;
1699
1700	tty = (struct tty_struct *)file->private_data;
1701	inode = file->f_path.dentry->d_inode;
1702	if (tty_paranoia_check(tty, inode, "tty_read"))
1703		return -EIO;
1704	if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
1705		return -EIO;
1706
1707	/* We want to wait for the line discipline to sort out in this
1708	   situation */
1709	ld = tty_ldisc_ref_wait(tty);
1710	lock_kernel();
1711	if (ld->read)
1712		i = (ld->read)(tty,file,buf,count);
1713	else
1714		i = -EIO;
1715	tty_ldisc_deref(ld);
1716	unlock_kernel();
1717	if (i > 0)
1718		inode->i_atime = current_fs_time(inode->i_sb);
1719	return i;
1720}
1721
1722/*
1723 * Split writes up in sane blocksizes to avoid
1724 * denial-of-service type attacks
1725 */
1726static inline ssize_t do_tty_write(
1727	ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1728	struct tty_struct *tty,
1729	struct file *file,
1730	const char __user *buf,
1731	size_t count)
1732{
1733	ssize_t ret = 0, written = 0;
1734	unsigned int chunk;
1735	
1736	/* FIXME: O_NDELAY ... */
1737	if (mutex_lock_interruptible(&tty->atomic_write_lock)) {
1738		return -ERESTARTSYS;
1739	}
1740
1741	/*
1742	 * We chunk up writes into a temporary buffer. This
1743	 * simplifies low-level drivers immensely, since they
1744	 * don't have locking issues and user mode accesses.
1745	 *
1746	 * But if TTY_NO_WRITE_SPLIT is set, we should use a
1747	 * big chunk-size..
1748	 *
1749	 * The default chunk-size is 2kB, because the NTTY
1750	 * layer has problems with bigger chunks. It will
1751	 * claim to be able to handle more characters than
1752	 * it actually does.
1753	 *
1754	 * FIXME: This can probably go away now except that 64K chunks
1755	 * are too likely to fail unless switched to vmalloc...
1756	 */
1757	chunk = 2048;
1758	if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1759		chunk = 65536;
1760	if (count < chunk)
1761		chunk = count;
1762
1763	/* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1764	if (tty->write_cnt < chunk) {
1765		unsigned char *buf;
1766
1767		if (chunk < 1024)
1768			chunk = 1024;
1769
1770		buf = kmalloc(chunk, GFP_KERNEL);
1771		if (!buf) {
1772			mutex_unlock(&tty->atomic_write_lock);
1773			return -ENOMEM;
1774		}
1775		kfree(tty->write_buf);
1776		tty->write_cnt = chunk;
1777		tty->write_buf = buf;
1778	}
1779
1780	/* Do the write .. */
1781	for (;;) {
1782		size_t size = count;
1783		if (size > chunk)
1784			size = chunk;
1785		ret = -EFAULT;
1786		if (copy_from_user(tty->write_buf, buf, size))
1787			break;
1788		lock_kernel();
1789		ret = write(tty, file, tty->write_buf, size);
1790		unlock_kernel();
1791		if (ret <= 0)
1792			break;
1793		written += ret;
1794		buf += ret;
1795		count -= ret;
1796		if (!count)
1797			break;
1798		ret = -ERESTARTSYS;
1799		if (signal_pending(current))
1800			break;
1801		cond_resched();
1802	}
1803	if (written) {
1804		struct inode *inode = file->f_path.dentry->d_inode;
1805		inode->i_mtime = current_fs_time(inode->i_sb);
1806		ret = written;
1807	}
1808	mutex_unlock(&tty->atomic_write_lock);
1809	return ret;
1810}
1811
1812
1813/**
1814 *	tty_write		-	write method for tty device file
1815 *	@file: tty file pointer
1816 *	@buf: user data to write
1817 *	@count: bytes to write
1818 *	@ppos: unused
1819 *
1820 *	Write data to a tty device via the line discipline.
1821 *
1822 *	Locking:
1823 *		Locks the line discipline as required
1824 *		Writes to the tty driver are serialized by the atomic_write_lock
1825 *	and are then processed in chunks to the device. The line discipline
1826 *	write method will not be involked in parallel for each device
1827 *		The line discipline write method is called under the big
1828 *	kernel lock for historical reasons. New code should not rely on this.
1829 */
1830
1831static ssize_t tty_write(struct file * file, const char __user * buf, size_t count,
1832			 loff_t *ppos)
1833{
1834	struct tty_struct * tty;
1835	struct inode *inode = file->f_path.dentry->d_inode;
1836	ssize_t ret;
1837	struct tty_ldisc *ld;
1838	
1839	tty = (struct tty_struct *)file->private_data;
1840	if (tty_paranoia_check(tty, inode, "tty_write"))
1841		return -EIO;
1842	if (!tty || !tty->driver->write || (test_bit(TTY_IO_ERROR, &tty->flags)))
1843		return -EIO;
1844
1845	ld = tty_ldisc_ref_wait(tty);		
1846	if (!ld->write)
1847		ret = -EIO;
1848	else
1849		ret = do_tty_write(ld->write, tty, file, buf, count);
1850	tty_ldisc_deref(ld);
1851	return ret;
1852}
1853
1854ssize_t redirected_tty_write(struct file * file, const char __user * buf, size_t count,
1855			 loff_t *ppos)
1856{
1857	struct file *p = NULL;
1858
1859	spin_lock(&redirect_lock);
1860	if (redirect) {
1861		get_file(redirect);
1862		p = redirect;
1863	}
1864	spin_unlock(&redirect_lock);
1865
1866	if (p) {
1867		ssize_t res;
1868		res = vfs_write(p, buf, count, &p->f_pos);
1869		fput(p);
1870		return res;
1871	}
1872
1873	return tty_write(file, buf, count, ppos);
1874}
1875
1876static char ptychar[] = "pqrstuvwxyzabcde";
1877
1878/**
1879 *	pty_line_name	-	generate name for a pty
1880 *	@driver: the tty driver in use
1881 *	@index: the minor number
1882 *	@p: output buffer of at least 6 bytes
1883 *
1884 *	Generate a name from a driver reference and write it to the output
1885 *	buffer.
1886 *
1887 *	Locking: None
1888 */
1889static void pty_line_name(struct tty_driver *driver, int index, char *p)
1890{
1891	int i = index + driver->name_base;
1892	/* ->name is initialized to "ttyp", but "tty" is expected */
1893	sprintf(p, "%s%c%x",
1894			driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1895			ptychar[i >> 4 & 0xf], i & 0xf);
1896}
1897
1898/**
1899 *	pty_line_name	-	generate name for a tty
1900 *	@driver: the tty driver in use
1901 *	@index: the minor number
1902 *	@p: output buffer of at least 7 bytes
1903 *
1904 *	Generate a name from a driver reference and write it to the output
1905 *	buffer.
1906 *
1907 *	Locking: None
1908 */
1909static void tty_line_name(struct tty_driver *driver, int index, char *p)
1910{
1911	sprintf(p, "%s%d", driver->name, index + driver->name_base);
1912}
1913
1914/**
1915 *	init_dev		-	initialise a tty device
1916 *	@driver: tty driver we are opening a device on
1917 *	@idx: device index
1918 *	@tty: returned tty structure
1919 *
1920 *	Prepare a tty device. This may not be a "new" clean device but
1921 *	could also be an active device. The pty drivers require special
1922 *	handling because of this.
1923 *
1924 *	Locking:
1925 *		The function is called under the tty_mutex, which
1926 *	protects us from the tty struct or driver itself going away.
1927 *
1928 *	On exit the tty device has the line discipline attached and
1929 *	a reference count of 1. If a pair was created for pty/tty use
1930 *	and the other was a pty master then it too has a reference count of 1.
1931 *
1932 * WSH 06/09/97: Rewritten to remove races and properly clean up after a
1933 * failed open.  The new code protects the open with a mutex, so it's
1934 * really quite straightforward.  The mutex locking can probably be
1935 * relaxed for the (most common) case of reopening a tty.
1936 */
1937
1938static int init_dev(struct tty_driver *driver, int idx,
1939	struct tty_struct **ret_tty)
1940{
1941	struct tty_struct *tty, *o_tty;
1942	struct ktermios *tp, **tp_loc, *o_tp, **o_tp_loc;
1943	struct ktermios *ltp, **ltp_loc, *o_ltp, **o_ltp_loc;
1944	int retval = 0;
1945
1946	/* check whether we're reopening an existing tty */
1947	if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1948		tty = devpts_get_tty(idx);
1949		/*
1950		 * If we don't have a tty here on a slave open, it's because
1951		 * the master already started the close process and there's
1952		 * no relation between devpts file and tty anymore.
1953		 */
1954		if (!tty && driver->subtype == PTY_TYPE_SLAVE) {
1955			retval = -EIO;
1956			goto end_init;
1957		}
1958		/*
1959		 * It's safe from now on because init_dev() is called with
1960		 * tty_mutex held and release_dev() won't change tty->count
1961		 * or tty->flags without having to grab tty_mutex
1962		 */
1963		if (tty && driver->subtype == PTY_TYPE_MASTER)
1964			tty = tty->link;
1965	} else {
1966		tty = driver->ttys[idx];
1967	}
1968	if (tty) goto fast_track;
1969
1970	/*
1971	 * First time open is complex, especially for PTY devices.
1972	 * This code guarantees that either everything succeeds and the
1973	 * TTY is ready for operation, or else the table slots are vacated
1974	 * and the allocated memory released.  (Except that the termios 
1975	 * and locked termios may be retained.)
1976	 */
1977
1978	if (!try_module_get(driver->owner)) {
1979		retval = -ENODEV;
1980		goto end_init;
1981	}
1982
1983	o_tty = NULL;
1984	tp = o_tp = NULL;
1985	ltp = o_ltp = NULL;
1986
1987	tty = alloc_tty_struct();
1988	if(!tty)
1989		goto fail_no_mem;
1990	initialize_tty_struct(tty);
1991	tty->driver = driver;
1992	tty->index = idx;
1993	tty_line_name(driver, idx, tty->name);
1994
1995	if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1996		tp_loc = &tty->termios;
1997		ltp_loc = &tty->termios_locked;
1998	} else {
1999		tp_loc = &driver->termios[idx];
2000		ltp_loc = &driver->termios_locked[idx];
2001	}
2002
2003	if (!*tp_loc) {
2004		tp = (struct ktermios *) kmalloc(sizeof(struct ktermios),
2005						GFP_KERNEL);
2006		if (!tp)
2007			goto free_mem_out;
2008		*tp = driver->init_termios;
2009	}
2010
2011	if (!*ltp_loc) {
2012		ltp = (struct ktermios *) kmalloc(sizeof(struct ktermios),
2013						 GFP_KERNEL);
2014		if (!ltp)
2015			goto free_mem_out;
2016		memset(ltp, 0, sizeof(struct ktermios));
2017	}
2018
2019	if (driver->type == TTY_DRIVER_TYPE_PTY) {
2020		o_tty = alloc_tty_struct();
2021		if (!o_tty)
2022			goto free_mem_out;
2023		initialize_tty_struct(o_tty);
2024		o_tty->driver = driver->other;
2025		o_tty->index = idx;
2026		tty_line_name(driver->other, idx, o_tty->name);
2027
2028		if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
2029			o_tp_loc = &o_tty->termios;
2030			o_ltp_loc = &o_tty->termios_locked;
2031		} else {
2032			o_tp_loc = &driver->other->termios[idx];
2033			o_ltp_loc = &driver->other->termios_locked[idx];
2034		}
2035
2036		if (!*o_tp_loc) {
2037			o_tp = (struct ktermios *)
2038				kmalloc(sizeof(struct ktermios), GFP_KERNEL);
2039			if (!o_tp)
2040				goto free_mem_out;
2041			*o_tp = driver->other->init_termios;
2042		}
2043
2044		if (!*o_ltp_loc) {
2045			o_ltp = (struct ktermios *)
2046				kmalloc(sizeof(struct ktermios), GFP_KERNEL);
2047			if (!o_ltp)
2048				goto free_mem_out;
2049			memset(o_ltp, 0, sizeof(struct ktermios));
2050		}
2051
2052		/*
2053		 * Everything allocated ... set up the o_tty structure.
2054		 */
2055		if (!(driver->other->flags & TTY_DRIVER_DEVPTS_MEM)) {
2056			driver->other->ttys[idx] = o_tty;
2057		}
2058		if (!*o_tp_loc)
2059			*o_tp_loc = o_tp;
2060		if (!*o_ltp_loc)
2061			*o_ltp_loc = o_ltp;
2062		o_tty->termios = *o_tp_loc;
2063		o_tty->termios_locked = *o_ltp_loc;
2064		driver->other->refcount++;
2065		if (driver->subtype == PTY_TYPE_MASTER)
2066			o_tty->count++;
2067
2068		/* Establish the links in both directions */
2069		tty->link   = o_tty;
2070		o_tty->link = tty;
2071	}
2072
2073	/* 
2074	 * All structures have been allocated, so now we install them.
2075	 * Failures after this point use release_tty to clean up, so
2076	 * there's no need to null out the local pointers.
2077	 */
2078	if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2079		driver->ttys[idx] = tty;
2080	}
2081	
2082	if (!*tp_loc)
2083		*tp_loc = tp;
2084	if (!*ltp_loc)
2085		*ltp_loc = ltp;
2086	tty->termios = *tp_loc;
2087	tty->termios_locked = *ltp_loc;
2088	/* Compatibility until drivers always set this */
2089	tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
2090	tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
2091	driver->refcount++;
2092	tty->count++;
2093
2094	/* 
2095	 * Structures all installed ... call the ldisc open routines.
2096	 * If we fail here just call release_tty to clean up.  No need
2097	 * to decrement the use counts, as release_tty doesn't care.
2098	 */
2099
2100	if (tty->ldisc.open) {
2101		retval = (tty->ldisc.open)(tty);
2102		if (retval)
2103			goto release_mem_out;
2104	}
2105	if (o_tty && o_tty->ldisc.open) {
2106		retval = (o_tty->ldisc.open)(o_tty);
2107		if (retval) {
2108			if (tty->ldisc.close)
2109				(tty->ldisc.close)(tty);
2110			goto release_mem_out;
2111		}
2112		tty_ldisc_enable(o_tty);
2113	}
2114	tty_ldisc_enable(tty);
2115	goto success;
2116
2117	/*
2118	 * This fast open can be used if the tty is already open.
2119	 * No memory is allocated, and the only failures are from
2120	 * attempting to open a closing tty or attempting multiple
2121	 * opens on a pty master.
2122	 */
2123fast_track:
2124	if (test_bit(TTY_CLOSING, &tty->flags)) {
2125		retval = -EIO;
2126		goto end_init;
2127	}
2128	if (driver->type == TTY_DRIVER_TYPE_PTY &&
2129	    driver->subtype == PTY_TYPE_MASTER) {
2130		/*
2131		 * special case for PTY masters: only one open permitted, 
2132		 * and the slave side open count is incremented as well.
2133		 */
2134		if (tty->count) {
2135			retval = -EIO;
2136			goto end_init;
2137		}
2138		tty->link->count++;
2139	}
2140	tty->count++;
2141	tty->driver = driver; /* N.B. why do this every time?? */
2142
2143	/* FIXME */
2144	if(!test_bit(TTY_LDISC, &tty->flags))
2145		printk(KERN_ERR "init_dev but no ldisc\n");
2146success:
2147	*ret_tty = tty;
2148	
2149	/* All paths come through here to release the mutex */
2150end_init:
2151	return retval;
2152
2153	/* Release locally allocated memory ... nothing placed in slots */
2154free_mem_out:
2155	kfree(o_tp);
2156	if (o_tty)
2157		free_tty_struct(o_tty);
2158	kfree(ltp);
2159	kfree(tp);
2160	free_tty_struct(tty);
2161
2162fail_no_mem:
2163	module_put(driver->owner);
2164	retval = -ENOMEM;
2165	goto end_init;
2166
2167	/* call the tty release_tty routine to clean out this slot */
2168release_mem_out:
2169	if (printk_ratelimit())
2170		printk(KERN_INFO "init_dev: ldisc open failed, "
2171				 "clearing slot %d\n", idx);
2172	release_tty(tty, idx);
2173	goto end_init;
2174}
2175
2176/**
2177 *	release_one_tty		-	release tty structure memory
2178 *
2179 *	Releases memory associated with a tty structure, and clears out the
2180 *	driver table slots. This function is called when a device is no longer
2181 *	in use. It also gets called when setup of a device fails.
2182 *
2183 *	Locking:
2184 *		tty_mutex - sometimes only
2185 *		takes the file list lock internally when working on the list
2186 *	of ttys that the driver keeps.
2187 *		FIXME: should we require tty_mutex is held here ??
2188 */
2189static void release_one_tty(struct tty_struct *tty, int idx)
2190{
2191	int devpts = tty->driver->flags & TTY_DRIVER_DEVPTS_MEM;
2192	struct ktermios *tp;
2193
2194	if (!devpts)
2195		tty->driver->ttys[idx] = NULL;
2196
2197	if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
2198		tp = tty->termios;
2199		if (!devpts)
2200			tty->driver->termios[idx] = NULL;
2201		kfree(tp);
2202
2203		tp = tty->termios_locked;
2204		if (!devpts)
2205			tty->driver->termios_locked[idx] = NULL;
2206		kfree(tp);
2207	}
2208
2209
2210	tty->magic = 0;
2211	tty->driver->refcount--;
2212
2213	file_list_lock();
2214	list_del_init(&tty->tty_files);
2215	file_list_unlock();
2216
2217	free_tty_struct(tty);
2218}
2219
2220/**
2221 *	release_tty		-	release tty structure memory
2222 *
2223 *	Release both @tty and a possible linked partner (think pty pair),
2224 *	and decrement the refcount of the backing module.
2225 *
2226 *	Locking:
2227 *		tty_mutex - sometimes only
2228 *		takes the file list lock internally when working on the list
2229 *	of ttys that the driver keeps.
2230 *		FIXME: should we require tty_mutex is held here ??
2231 */
2232static void release_tty(struct tty_struct *tty, int idx)
2233{
2234	struct tty_driver *driver = tty->driver;
2235
2236	if (tty->link)
2237		release_one_tty(tty->link, idx);
2238	release_one_tty(tty, idx);
2239	module_put(driver->owner);
2240}
2241
2242/*
2243 * Even releasing the tty structures is a tricky business.. We have
2244 * to be very careful that the structures are all released at the
2245 * same time, as interrupts might otherwise get the wrong pointers.
2246 *
2247 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
2248 * lead to double frees or releasing memory still in use.
2249 */
2250static void release_dev(struct file * filp)
2251{
2252	struct tty_struct *tty, *o_tty;
2253	int	pty_master, tty_closing, o_tty_closing, do_sleep;
2254	int	devpts;
2255	int	idx;
2256	char	buf[64];
2257	unsigned long flags;
2258	
2259	tty = (struct tty_struct *)filp->private_data;
2260	if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "release_dev"))
2261		return;
2262
2263	check_tty_count(tty, "release_dev");
2264
2265	tty_fasync(-1, filp, 0);
2266
2267	idx = tty->index;
2268	pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2269		      tty->driver->subtype == PTY_TYPE_MASTER);
2270	devpts = (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) != 0;
2271	o_tty = tty->link;
2272
2273#ifdef TTY_PARANOIA_CHECK
2274	if (idx < 0 || idx >= tty->driver->num) {
2275		printk(KERN_DEBUG "release_dev: bad idx when trying to "
2276				  "free (%s)\n", tty->name);
2277		return;
2278	}
2279	if (!(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2280		if (tty != tty->driver->ttys[idx]) {
2281			printk(KERN_DEBUG "release_dev: driver.table[%d] not tty "
2282			       "for (%s)\n", idx, tty->name);
2283			return;
2284		}
2285		if (tty->termios != tty->driver->termios[idx]) {
2286			printk(KERN_DEBUG "release_dev: driver.termios[%d] not termios "
2287			       "for (%s)\n",
2288			       idx, tty->name);
2289			return;
2290		}
2291		if (tty->termios_locked != tty->driver->termios_locked[idx]) {
2292			printk(KERN_DEBUG "release_dev: driver.termios_locked[%d] not "
2293			       "termios_locked for (%s)\n",
2294			       idx, tty->name);
2295			return;
2296		}
2297	}
2298#endif
2299
2300#ifdef TTY_DEBUG_HANGUP
2301	printk(KERN_DEBUG "release_dev of %s (tty count=%d)...",
2302	       tty_name(tty, buf), tty->count);
2303#endif
2304
2305#ifdef TTY_PARANOIA_CHECK
2306	if (tty->driver->other &&
2307	     !(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2308		if (o_tty != tty->driver->other->ttys[idx]) {
2309			printk(KERN_DEBUG "release_dev: other->table[%d] "
2310					  "not o_tty for (%s)\n",
2311			       idx, tty->name);
2312			return;
2313		}
2314		if (o_tty->termios != tty->driver->other->termios[idx]) {
2315			printk(KERN_DEBUG "release_dev: other->termios[%d] "
2316					  "not o_termios for (%s)\n",
2317			       idx, tty->name);
2318			return;
2319		}
2320		if (o_tty->termios_locked != 
2321		      tty->driver->other->termios_locked[idx]) {
2322			printk(KERN_DEBUG "release_dev: other->termios_locked["
2323					  "%d] not o_termios_locked for (%s)\n",
2324			       idx, tty->name);
2325			return;
2326		}
2327		if (o_tty->link != tty) {
2328			printk(KERN_DEBUG "release_dev: bad pty pointers\n");
2329			return;
2330		}
2331	}
2332#endif
2333	if (tty->driver->close)
2334		tty->driver->close(tty, filp);
2335
2336	/*
2337	 * Sanity check: if tty->count is going to zero, there shouldn't be
2338	 * any waiters on tty->read_wait or tty->write_wait.  We test the
2339	 * wait queues and kick everyone out _before_ actually starting to
2340	 * close.  This ensures that we won't block while releasing the tty
2341	 * structure.
2342	 *
2343	 * The test for the o_tty closing is necessary, since the master and
2344	 * slave sides may close in any order.  If the slave side closes out
2345	 * first, its count will be one, since the master side holds an open.
2346	 * Thus this test wouldn't be triggered at the time the slave closes,
2347	 * so we do it now.
2348	 *
2349	 * Note that it's possible for the tty to be opened again while we're
2350	 * flushing out waiters.  By recalculating the closing flags before
2351	 * each iteration we avoid any problems.
2352	 */
2353	while (1) {
2354		/* Guard against races with tty->count changes elsewhere and
2355		   opens on /dev/tty */
2356		   
2357		mutex_lock(&tty_mutex);
2358		tty_closing = tty->count <= 1;
2359		o_tty_closing = o_tty &&
2360			(o_tty->count <= (pty_master ? 1 : 0));
2361		do_sleep = 0;
2362
2363		if (tty_closing) {
2364			if (waitqueue_active(&tty->read_wait)) {
2365				wake_up(&tty->read_wait);
2366				do_sleep++;
2367			}
2368			if (waitqueue_active(&tty->write_wait)) {
2369				wake_up(&tty->write_wait);
2370				do_sleep++;
2371			}
2372		}
2373		if (o_tty_closing) {
2374			if (waitqueue_active(&o_tty->read_wait)) {
2375				wake_up(&o_tty->read_wait);
2376				do_sleep++;
2377			}
2378			if (waitqueue_active(&o_tty->write_wait)) {
2379				wake_up(&o_tty->write_wait);
2380				do_sleep++;
2381			}
2382		}
2383		if (!do_sleep)
2384			break;
2385
2386		printk(KERN_WARNING "release_dev: %s: read/write wait queue "
2387				    "active!\n", tty_name(tty, buf));
2388		mutex_unlock(&tty_mutex);
2389		schedule();
2390	}	
2391
2392	/*
2393	 * The closing flags are now consistent with the open counts on 
2394	 * both sides, and we've completed the last operation that could 
2395	 * block, so it's safe to proceed with closing.
2396	 */
2397	if (pty_master) {
2398		if (--o_tty->count < 0) {
2399			printk(KERN_WARNING "release_dev: bad pty slave count "
2400					    "(%d) for %s\n",
2401			       o_tty->count, tty_name(o_tty, buf));
2402			o_tty->count = 0;
2403		}
2404	}
2405	if (--tty->count < 0) {
2406		printk(KERN_WARNING "release_dev: bad tty->count (%d) for %s\n",
2407		       tty->count, tty_name(tty, buf));
2408		tty->count = 0;
2409	}
2410	
2411	/*
2412	 * We've decremented tty->count, so we need to remove this file
2413	 * descriptor off the tty->tty_files list; this serves two
2414	 * purposes:
2415	 *  - check_tty_count sees the correct number of file descriptors
2416	 *    associated with this tty.
2417	 *  - do_tty_hangup no longer sees this file descriptor as
2418	 *    something that needs to be handled for hangups.
2419	 */
2420	file_kill(filp);
2421	filp->private_data = NULL;
2422
2423	/*
2424	 * Perform some housekeeping before deciding whether to return.
2425	 *
2426	 * Set the TTY_CLOSING flag if this was the last open.  In the
2427	 * case of a pty we may have to wait around for the other side
2428	 * to close, and TTY_CLOSING makes sure we can't be reopened.
2429	 */
2430	if(tty_closing)
2431		set_bit(TTY_CLOSING, &tty->flags);
2432	if(o_tty_closing)
2433		set_bit(TTY_CLOSING, &o_tty->flags);
2434
2435	/*
2436	 * If _either_ side is closing, make sure there aren't any
2437	 * processes that still think tty or o_tty is their controlling
2438	 * tty.
2439	 */
2440	if (tty_closing || o_tty_closing) {
2441		read_lock(&tasklist_lock);
2442		session_clear_tty(tty->session);
2443		if (o_tty)
2444			session_clear_tty(o_tty->session);
2445		read_unlock(&tasklist_lock);
2446	}
2447
2448	mutex_unlock(&tty_mutex);
2449
2450	/* check whether both sides are closing ... */
2451	if (!tty_closing || (o_tty && !o_tty_closing))
2452		return;
2453	
2454#ifdef TTY_DEBUG_HANGUP
2455	printk(KERN_DEBUG "freeing tty structure...");
2456#endif
2457	/*
2458	 * Prevent flush_to_ldisc() from rescheduling the work for later.  Then
2459	 * kill any delayed work. As this is the final close it does not
2460	 * race with the set_ldisc code path.
2461	 */
2462	clear_bit(TTY_LDISC, &tty->flags);
2463	cancel_delayed_work(&tty->buf.work);
2464
2465	/*
2466	 * Wait for ->hangup_work and ->buf.work handlers to terminate
2467	 */
2468	 
2469	flush_scheduled_work();
2470	
2471	/*
2472	 * Wait for any short term users (we know they are just driver
2473	 * side waiters as the file is closing so user count on the file
2474	 * side is zero.
2475	 */
2476	spin_lock_irqsave(&tty_ldisc_lock, flags);
2477	while(tty->ldisc.refcount)
2478	{
2479		spin_unlock_irqrestore(&tty_ldisc_lock, flags);
2480		wait_event(tty_ldisc_wait, tty->ldisc.refcount == 0);
2481		spin_lock_irqsave(&tty_ldisc_lock, flags);
2482	}
2483	spin_unlock_irqrestore(&tty_ldisc_lock, flags);
2484	/*
2485	 * Shutdown the current line discipline, and reset it to N_TTY.
2486	 * N.B. why reset ldisc when we're releasing the memory??
2487	 *
2488	 * FIXME: this MUST get fixed for the new reflocking
2489	 */
2490	if (tty->ldisc.close)
2491		(tty->ldisc.close)(tty);
2492	tty_ldisc_put(tty->ldisc.num);
2493	
2494	/*
2495	 *	Switch the line discipline back
2496	 */
2497	tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
2498	tty_set_termios_ldisc(tty,N_TTY); 
2499	if (o_tty) {
2500		/* FIXME: could o_tty be in setldisc here ? */
2501		clear_bit(TTY_LDISC, &o_tty->flags);
2502		if (o_tty->ldisc.close)
2503			(o_tty->ldisc.close)(o_tty);
2504		tty_ldisc_put(o_tty->ldisc.num);
2505		tty_ldisc_assign(o_tty, tty_ldisc_get(N_TTY));
2506		tty_set_termios_ldisc(o_tty,N_TTY); 
2507	}
2508	/*
2509	 * The release_tty function takes care of the details of clearing
2510	 * the slots and preserving the termios structure.
2511	 */
2512	release_tty(tty, idx);
2513
2514#ifdef CONFIG_UNIX98_PTYS
2515	/* Make this pty number available for reallocation */
2516	if (devpts) {
2517		down(&allocated_ptys_lock);
2518		idr_remove(&allocated_ptys, idx);
2519		up(&allocated_ptys_lock);
2520	}
2521#endif
2522
2523}
2524
2525/**
2526 *	tty_open		-	open a tty device
2527 *	@inode: inode of device file
2528 *	@filp: file pointer to tty
2529 *
2530 *	tty_open and tty_release keep up the tty count that contains the
2531 *	number of opens done on a tty. We cannot use the inode-count, as
2532 *	different inodes might point to the same tty.
2533 *
2534 *	Open-counting is needed for pty masters, as well as for keeping
2535 *	track of serial lines: DTR is dropped when the last close happens.
2536 *	(This is not done solely through tty->count, now.  - Ted 1/27/92)
2537 *
2538 *	The termios state of a pty is reset on first open so that
2539 *	settings don't persist across reuse.
2540 *
2541 *	Locking: tty_mutex protects tty, get_tty_driver and init_dev work.
2542 *		 tty->count should protect the rest.
2543 *		 ->siglock protects ->signal/->sighand
2544 */
2545
2546static int tty_open(struct inode * inode, struct file * filp)
2547{
2548	struct tty_struct *tty;
2549	int noctty, retval;
2550	struct tty_driver *driver;
2551	int index;
2552	dev_t device = inode->i_rdev;
2553	unsigned short saved_flags = filp->f_flags;
2554
2555	nonseekable_open(inode, filp);
2556	
2557retry_open:
2558	noctty = filp->f_flags & O_NOCTTY;
2559	index  = -1;
2560	retval = 0;
2561	
2562	mutex_lock(&tty_mutex);
2563
2564	if (device == MKDEV(TTYAUX_MAJOR,0)) {
2565		tty = get_current_tty();
2566		if (!tty) {
2567			mutex_unlock(&tty_mutex);
2568			return -ENXIO;
2569		}
2570		driver = tty->driver;
2571		index = tty->index;
2572		filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
2573		/* noctty = 1; */
2574		goto got_driver;
2575	}
2576#ifdef CONFIG_VT
2577	if (device == MKDEV(TTY_MAJOR,0)) {
2578		extern struct tty_driver *console_driver;
2579		driver = console_driver;
2580		index = fg_console;
2581		noctty = 1;
2582		goto got_driver;
2583	}
2584#endif
2585	if (device == MKDEV(TTYAUX_MAJOR,1)) {
2586		driver = console_device(&index);
2587		if (driver) {
2588			/* Don't let /dev/console block */
2589			filp->f_flags |= O_NONBLOCK;
2590			noctty = 1;
2591			goto got_driver;
2592		}
2593		mutex_unlock(&tty_mutex);
2594		return -ENODEV;
2595	}
2596
2597	driver = get_tty_driver(device, &index);
2598	if (!driver) {
2599		mutex_unlock(&tty_mutex);
2600		return -ENODEV;
2601	}
2602got_driver:
2603	retval = init_dev(driver, index, &tty);
2604	mutex_unlock(&tty_mutex);
2605	if (retval)
2606		return retval;
2607
2608	filp->private_data = tty;
2609	file_move(filp, &tty->tty_files);
2610	check_tty_count(tty, "tty_open");
2611	if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2612	    tty->driver->subtype == PTY_TYPE_MASTER)
2613		noctty = 1;
2614#ifdef TTY_DEBUG_HANGUP
2615	printk(KERN_DEBUG "opening %s...", tty->name);
2616#endif
2617	if (!retval) {
2618		if (tty->driver->open)
2619			retval = tty->driver->open(tty, filp);
2620		else
2621			retval = -ENODEV;
2622	}
2623	filp->f_flags = saved_flags;
2624
2625	if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN))
2626		retval = -EBUSY;
2627
2628	if (retval) {
2629#ifdef TTY_DEBUG_HANGUP
2630		printk(KERN_DEBUG "error %d in opening %s...", retval,
2631		       tty->name);
2632#endif
2633		release_dev(filp);
2634		if (retval != -ERESTARTSYS)
2635			return retval;
2636		if (signal_pending(current))
2637			return retval;
2638		schedule();
2639		/*
2640		 * Need to reset f_op in case a hangup happened.
2641		 */
2642		if (filp->f_op == &hung_up_tty_fops)
2643			filp->f_op = &tty_fops;
2644		goto retry_open;
2645	}
2646
2647	mutex_lock(&tty_mutex);
2648	spin_lock_irq(&current->sighand->siglock);
2649	if (!noctty &&
2650	    current->signal->leader &&
2651	    !current->signal->tty &&
2652	    tty->session == NULL)
2653		__proc_set_tty(current, tty);
2654	spin_unlock_irq(&current->sighand->siglock);
2655	mutex_unlock(&tty_mutex);
2656	return 0;
2657}
2658
2659#ifdef CONFIG_UNIX98_PTYS
2660/**
2661 *	ptmx_open		-	open a unix 98 pty master
2662 *	@inode: inode of device file
2663 *	@filp: file pointer to tty
2664 *
2665 *	Allocate a unix98 pty master device from the ptmx driver.
2666 *
2667 *	Locking: tty_mutex protects theinit_dev work. tty->count should
2668 		protect the rest.
2669 *		allocated_ptys_lock handles the list of free pty numbers
2670 */
2671
2672static int ptmx_open(struct inode * inode, struct file * filp)
2673{
2674	struct tty_struct *tty;
2675	int retval;
2676	int index;
2677	int idr_ret;
2678
2679	nonseekable_open(inode, filp);
2680
2681	/* find a device that is not in use. */
2682	down(&allocated_ptys_lock);
2683	if (!idr_pre_get(&allocated_ptys, GFP_KERNEL)) {
2684		up(&allocated_ptys_lock);
2685		return -ENOMEM;
2686	}
2687	idr_ret = idr_get_new(&allocated_ptys, NULL, &index);
2688	if (idr_ret < 0) {
2689		up(&allocated_ptys_lock);
2690		if (idr_ret == -EAGAIN)
2691			return -ENOMEM;
2692		return -EIO;
2693	}
2694	if (index >= pty_limit) {
2695		idr_remove(&allocated_ptys, index);
2696		up(&allocated_ptys_lock);
2697		return -EIO;
2698	}
2699	up(&allocated_ptys_lock);
2700
2701	mutex_lock(&tty_mutex);
2702	retval = init_dev(ptm_driver, index, &tty);
2703	mutex_unlock(&tty_mutex);
2704	
2705	if (retval)
2706		goto out;
2707
2708	set_bit(TTY_PTY_LOCK, &tty->flags); /* LOCK THE SLAVE */
2709	filp->private_data = tty;
2710	file_move(filp, &tty->tty_files);
2711
2712	retval = -ENOMEM;
2713	if (devpts_pty_new(tty->link))
2714		goto out1;
2715
2716	check_tty_count(tty, "tty_open");
2717	retval = ptm_driver->open(tty, filp);
2718	if (!retval)
2719		return 0;
2720out1:
2721	release_dev(filp);
2722	return retval;
2723out:
2724	down(&allocated_ptys_lock);
2725	idr_remove(&allocated_ptys, index);
2726	up(&allocated_ptys_lock);
2727	return retval;
2728}
2729#endif
2730
2731/**
2732 *	tty_release		-	vfs callback for close
2733 *	@inode: inode of tty
2734 *	@filp: file pointer for handle to tty
2735 *
2736 *	Called the last time each file handle is closed that references
2737 *	this tty. There may however be several such references.
2738 *
2739 *	Locking:
2740 *		Takes bkl. See release_dev
2741 */
2742
2743static int tty_release(struct inode * inode, struct file * filp)
2744{
2745	lock_kernel();
2746	release_dev(filp);
2747	unlock_kernel();
2748	return 0;
2749}
2750
2751/**
2752 *	tty_poll	-	check tty status
2753 *	@filp: file being polled
2754 *	@wait: poll wait structures to update
2755 *
2756 *	Call the line discipline polling method to obtain the poll
2757 *	status of the device.
2758 *
2759 *	Locking: locks called line discipline but ldisc poll method
2760 *	may be re-entered freely by other callers.
2761 */
2762
2763static unsigned int tty_poll(struct file * filp, poll_table * wait)
2764{
2765	struct tty_struct * tty;
2766	struct tty_ldisc *ld;
2767	int ret = 0;
2768
2769	tty = (struct tty_struct *)filp->private_data;
2770	if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_poll"))
2771		return 0;
2772		
2773	ld = tty_ldisc_ref_wait(tty);
2774	if (ld->poll)
2775		ret = (ld->poll)(tty, filp, wait);
2776	tty_ldisc_deref(ld);
2777	return ret;
2778}
2779
2780static int tty_fasync(int fd, struct file * filp, int on)
2781{
2782	struct tty_struct * tty;
2783	int retval;
2784
2785	tty = (struct tty_struct *)filp->private_data;
2786	if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_fasync"))
2787		return 0;
2788	
2789	retval = fasync_helper(fd, filp, on, &tty->fasync);
2790	if (retval <= 0)
2791		return retval;
2792
2793	if (on) {
2794		enum pid_type type;
2795		struct pid *pid;
2796		if (!waitqueue_active(&tty->read_wait))
2797			tty->minimum_to_wake = 1;
2798		if (tty->pgrp) {
2799			pid = tty->pgrp;
2800			type = PIDTYPE_PGID;
2801		} else {
2802			pid = task_pid(current);
2803			type = PIDTYPE_PID;
2804		}
2805		retval = __f_setown(filp, pid, type, 0);
2806		if (retval)
2807			return retval;
2808	} else {
2809		if (!tty->fasync && !waitqueue_active(&tty->read_wait))
2810			tty->minimum_to_wake = N_TTY_BUF_SIZE;
2811	}
2812	return 0;
2813}
2814
2815/**
2816 *	tiocsti			-	fake input character
2817 *	@tty: tty to fake input into
2818 *	@p: pointer to character
2819 *
2820 *	Fake input to a tty device. Does the neccessary locking and
2821 *	input management.
2822 *
2823 *	FIXME: does not honour flow control ??
2824 *
2825 *	Locking:
2826 *		Called functions take tty_ldisc_lock
2827 *		current->signal->tty check is safe without locks
2828 *
2829 *	FIXME: may race normal receive processing
2830 */
2831
2832static int tiocsti(struct tty_struct *tty, char __user *p)
2833{
2834	char ch, mbz = 0;
2835	struct tty_ldisc *ld;
2836	
2837	if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2838		return -EPERM;
2839	if (get_user(ch, p))
2840		return -EFAULT;
2841	ld = tty_ldisc_ref_wait(tty);
2842	ld->receive_buf(tty, &ch, &mbz, 1);
2843	tty_ldisc_deref(ld);
2844	return 0;
2845}
2846
2847/**
2848 *	tiocgwinsz		-	implement window query ioctl
2849 *	@tty; tty
2850 *	@arg: user buffer for result
2851 *
2852 *	Copies the kernel idea of the window size into the user buffer.
2853 *
2854 *	Locking: tty->termios_mutex is taken to ensure the winsize data
2855 *		is consistent.
2856 */
2857
2858static int tiocgwinsz(struct tty_struct *tty, struct winsize __user * arg)
2859{
2860	int err;
2861
2862	mutex_lock(&tty->termios_mutex);
2863	err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2864	mutex_unlock(&tty->termios_mutex);
2865
2866	return err ? -EFAULT: 0;
2867}
2868
2869/**
2870 *	tiocswinsz		-	implement window size set ioctl
2871 *	@tty; tty
2872 *	@arg: user buffer for result
2873 *
2874 *	Copies the user idea of the window size to the kernel. Traditionally
2875 *	this is just advisory information but for the Linux console it
2876 *	actually has driver level meaning and triggers a VC resize.
2877 *
2878 *	Locking:
2879 *		Called function use the console_sem is used to ensure we do
2880 *	not try and resize the console twice at once.
2881 *		The tty->termios_mutex is used to ensure we don't double
2882 *	resize and get confused. Lock order - tty->termios_mutex before
2883 *	console sem
2884 */
2885
2886static int tiocswinsz(struct tty_struct *tty, struct tty_struct *real_tty,
2887	struct winsize __user * arg)
2888{
2889	struct winsize tmp_ws;
2890
2891	if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2892		return -EFAULT;
2893
2894	mutex_lock(&tty->termios_mutex);
2895	if (!memcmp(&tmp_ws, &tty->winsize, sizeof(*arg)))
2896		goto done;
2897
2898#ifdef CONFIG_VT
2899	if (tty->driver->type == TTY_DRIVER_TYPE_CONSOLE) {
2900		if (vc_lock_resize(tty->driver_data, tmp_ws.ws_col,
2901					tmp_ws.ws_row)) {
2902			mutex_unlock(&tty->termios_mutex);
2903 			return -ENXIO;
2904		}
2905	}
2906#endif
2907	if (tty->pgrp)
2908		kill_pgrp(tty->pgrp, SIGWINCH, 1);
2909	if ((real_tty->pgrp != tty->pgrp) && real_tty->pgrp)
2910		kill_pgrp(real_tty->pgrp, SIGWINCH, 1);
2911	tty->winsize = tmp_ws;
2912	real_tty->winsize = tmp_ws;
2913done:
2914	mutex_unlock(&tty->termios_mutex);
2915	return 0;
2916}
2917
2918/**
2919 *	tioccons	-	allow admin to move logical console
2920 *	@file: the file to become console
2921 *
2922 *	Allow the adminstrator to move the redirected console device
2923 *
2924 *	Locking: uses redirect_lock to guard the redirect information
2925 */
2926
2927static int tioccons(struct file *file)
2928{
2929	if (!capable(CAP_SYS_ADMIN))
2930		return -EPERM;
2931	if (file->f_op->write == redirected_tty_write) {
2932		struct file *f;
2933		spin_lock(&redirect_lock);
2934		f = redirect;
2935		redirect = NULL;
2936		spin_unlock(&redirect_lock);
2937		if (f)
2938			fput(f);
2939		return 0;
2940	}
2941	spin_lock(&redirect_lock);
2942	if (redirect) {
2943		spin_unlock(&redirect_lock);
2944		return -EBUSY;
2945	}
2946	get_file(file);
2947	redirect = file;
2948	spin_unlock(&redirect_lock);
2949	return 0;
2950}
2951
2952/**
2953 *	fionbio		-	non blocking ioctl
2954 *	@file: file to set blocking value
2955 *	@p: user parameter
2956 *
2957 *	Historical tty interfaces had a blocking control ioctl before
2958 *	the generic functionality existed. This piece of history is preserved
2959 *	in the expected tty API of posix OS's.
2960 *
2961 *	Locking: none, the open fle handle ensures it won't go away.
2962 */
2963
2964static int fionbio(struct file *file, int __user *p)
2965{
2966	int nonblock;
2967
2968	if (get_user(nonblock, p))
2969		return -EFAULT;
2970
2971	if (nonblock)
2972		file->f_flags |= O_NONBLOCK;
2973	else
2974		file->f_flags &= ~O_NONBLOCK;
2975	return 0;
2976}
2977
2978/**
2979 *	tiocsctty	-	set controlling tty
2980 *	@tty: tty structure
2981 *	@arg: user argument
2982 *
2983 *	This ioctl is used to manage job control. It permits a session
2984 *	leader to set this tty as the controlling tty for the session.
2985 *
2986 *	Locking:
2987 *		Takes tty_mutex() to protect tty instance
2988 *		Takes tasklist_lock internally to walk sessions
2989 *		Takes ->siglock() when updating signal->tty
2990 */
2991
2992static int tiocsctty(struct tty_struct *tty, int arg)
2993{
2994	int ret = 0;
2995	if (current->signal->leader && (task_session(current) == tty->session))
2996		return ret;
2997
2998	mutex_lock(&tty_mutex);
2999	/*
3000	 * The process must be a session leader and
3001	 * not have a controlling tty already.
3002	 */
3003	if (!current->signal->leader || current->signal->tty) {
3004		ret = -EPERM;
3005		goto unlock;
3006	}
3007
3008	if (tty->session) {
3009		/*
3010		 * This tty is already the controlling
3011		 * tty for another session group!
3012		 */
3013		if ((arg == 1) && capable(CAP_SYS_ADMIN)) {
3014			/*
3015			 * Steal it away
3016			 */
3017			read_lock(&tasklist_lock);
3018			session_clear_tty(tty->session);
3019			read_unlock(&tasklist_lock);
3020		} else {
3021			ret = -EPERM;
3022			goto unlock;
3023		}
3024	}
3025	proc_set_tty(current, tty);
3026unlock:
3027	mutex_unlock(&tty_mutex);
3028	return ret;
3029}
3030
3031/**
3032 *	tiocgpgrp		-	get process group
3033 *	@tty: tty passed by user
3034 *	@real_tty: tty side of the tty pased by the user if a pty else the tty
3035 *	@p: returned pid
3036 *
3037 *	Obtain the process group of the tty. If there is no process group
3038 *	return an error.
3039 *
3040 *	Locking: none. Reference to current->signal->tty is safe.
3041 */
3042
3043static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3044{
3045	/*
3046	 * (tty == real_tty) is a cheap way of
3047	 * testing if the tty is NOT a master pty.
3048	 */
3049	if (tty == real_tty && current->signal->tty != real_tty)
3050		return -ENOTTY;
3051	return put_user(pid_nr(real_tty->pgrp), p);
3052}
3053
3054/**
3055 *	tiocspgrp		-	attempt to set process group
3056 *	@tty: tty passed by user
3057 *	@real_tty: tty side device matching tty passed by user
3058 *	@p: pid pointer
3059 *
3060 *	Set the process group of the tty to the session passed. Only
3061 *	permitted where the tty session is our session.
3062 *
3063 *	Locking: None
3064 */
3065
3066static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3067{
3068	struct pid *pgrp;
3069	pid_t pgrp_nr;
3070	int retval = tty_check_change(real_tty);
3071
3072	if (retval == -EIO)
3073		return -ENOTTY;
3074	if (retval)
3075		return retval;
3076	if (!current->signal->tty ||
3077	    (current->signal->tty != real_tty) ||
3078	    (real_tty->session != task_session(current)))
3079		return -ENOTTY;
3080	if (get_user(pgrp_nr, p))
3081		return -EFAULT;
3082	if (pgrp_nr < 0)
3083		return -EINVAL;
3084	rcu_read_lock();
3085	pgrp = find_pid(pgrp_nr);
3086	retval = -ESRCH;
3087	if (!pgrp)
3088		goto out_unlock;
3089	retval = -EPERM;
3090	if (session_of_pgrp(pgrp) != task_session(current))
3091		goto out_unlock;
3092	retval = 0;
3093	put_pid(real_tty->pgrp);
3094	real_tty->pgrp = get_pid(pgrp);
3095out_unlock:
3096	rcu_read_unlock();
3097	return retval;
3098}
3099
3100/**
3101 *	tiocgsid		-	get session id
3102 *	@tty: tty passed by user
3103 *	@real_tty: tty side of the tty pased by the user if a pty else the tty
3104 *	@p: pointer to returned session id
3105 *
3106 *	Obtain the session id of the tty. If there is no session
3107 *	return an error.
3108 *
3109 *	Locking: none. Reference to current->signal->tty is safe.
3110 */
3111
3112static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3113{
3114	/*
3115	 * (tty == real_tty) is a cheap way of
3116	 * testing if the tty is NOT a master pty.
3117	*/
3118	if (tty == real_tty && current->signal->tty != real_tty)
3119		return -ENOTTY;
3120	if (!real_tty->session)
3121		return -ENOTTY;
3122	return put_user(pid_nr(real_tty->session), p);
3123}
3124
3125/**
3126 *	tiocsetd	-	set line discipline
3127 *	@tty: tty device
3128 *	@p: pointer to user data
3129 *
3130 *	Set the line discipline according to user request.
3131 *
3132 *	Locking: see tty_set_ldisc, this function is just a helper
3133 */
3134
3135static int tiocsetd(struct tty_struct *tty, int __user *p)
3136{
3137	int ldisc;
3138
3139	if (get_user(ldisc, p))
3140		return -EFAULT;
3141	return tty_set_ldisc(tty, ldisc);
3142}
3143
3144/**
3145 *	send_break	-	performed time break
3146 *	@tty: device to break on
3147 *	@duration: timeout in mS
3148 *
3149 *	Perform a timed break on hardware that lacks its own driver level
3150 *	timed break functionality.
3151 *
3152 *	Locking:
3153 *		atomic_write_lock serializes
3154 *
3155 */
3156
3157static int send_break(struct tty_struct *tty, unsigned int duration)
3158{
3159	if (mutex_lock_interruptible(&tty->atomic_write_lock))
3160		return -EINTR;
3161	tty->driver->break_ctl(tty, -1);
3162	if (!signal_pending(current)) {
3163		msleep_interruptible(duration);
3164	}
3165	tty->driver->break_ctl(tty, 0);
3166	mutex_unlock(&tty->atomic_write_lock);
3167	if (signal_pending(current))
3168		return -EINTR;
3169	return 0;
3170}
3171
3172/**
3173 *	tiocmget		-	get modem status
3174 *	@tty: tty device
3175 *	@file: user file pointer
3176 *	@p: pointer to result
3177 *
3178 *	Obtain the modem status bits from the tty driver if the feature
3179 *	is supported. Return -EINVAL if it is not available.
3180 *
3181 *	Locking: none (up to the driver)
3182 */
3183
3184static int tty_tiocmget(struct tty_struct *tty, struct file *file, int __user *p)
3185{
3186	int retval = -EINVAL;
3187
3188	if (tty->driver->tiocmget) {
3189		retval = tty->driver->tiocmget(tty, file);
3190
3191		if (retval >= 0)
3192			retval = put_user(retval, p);
3193	}
3194	return retval;
3195}
3196
3197/**
3198 *	tiocmset		-	set modem status
3199 *	@tty: tty device
3200 *	@file: user file pointer
3201 *	@cmd: command - clear bits, set bits or set all
3202 *	@p: pointer to desired bits
3203 *
3204 *	Set the modem status bits from the tty driver if the feature
3205 *	is supported. Return -EINVAL if it is not available.
3206 *
3207 *	Locking: none (up to the driver)
3208 */
3209
3210static int tty_tiocmset(struct tty_struct *tty, struct file *file, unsigned int cmd,
3211	     unsigned __user *p)
3212{
3213	int retval = -EINVAL;
3214
3215	if (tty->driver->tiocmset) {
3216		unsigned int set, clear, val;
3217
3218		retval = get_user(val, p);
3219		if (retval)
3220			return retval;
3221
3222		set = clear = 0;
3223		switch (cmd) {
3224		case TIOCMBIS:
3225			set = val;
3226			break;
3227		case TIOCMBIC:
3228			clear = val;
3229			break;
3230		case TIOCMSET:
3231			set = val;
3232			clear = ~val;
3233			break;
3234		}
3235
3236		set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
3237		clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
3238
3239		retval = tty->driver->tiocmset(tty, file, set, clear);
3240	}
3241	return retval;
3242}
3243
3244/*
3245 * Split this up, as gcc can choke on it otherwise..
3246 */
3247int tty_ioctl(struct inode * inode, struct file * file,
3248	      unsigned int cmd, unsigned long arg)
3249{
3250	struct tty_struct *tty, *real_tty;
3251	void __user *p = (void __user *)arg;
3252	int retval;
3253	struct tty_ldisc *ld;
3254	
3255	tty = (struct tty_struct *)file->private_data;
3256	if (tty_paranoia_check(tty, inode, "tty_ioctl"))
3257		return -EINVAL;
3258
3259	/* CHECKME: is this safe as one end closes ? */
3260
3261	real_tty = tty;
3262	if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
3263	    tty->driver->subtype == PTY_TYPE_MASTER)
3264		real_tty = tty->link;
3265
3266	/*
3267	 * Break handling by driver
3268	 */
3269	if (!tty->driver->break_ctl) {
3270		switch(cmd) {
3271		case TIOCSBRK:
3272		case TIOCCBRK:
3273			if (tty->driver->ioctl)
3274				return tty->driver->ioctl(tty, file, cmd, arg);
3275			return -EINVAL;
3276			
3277		/* These two ioctl's always return success; even if */
3278		/* the driver doesn't support them. */
3279		case TCSBRK:
3280		case TCSBRKP:
3281			if (!tty->driver->ioctl)
3282				return 0;
3283			retval = tty->driver->ioctl(tty, file, cmd, arg);
3284			if (retval == -ENOIOCTLCMD)
3285				retval = 0;
3286			return retval;
3287		}
3288	}
3289
3290	/*
3291	 * Factor out some common prep work
3292	 */
3293	switch (cmd) {
3294	case TIOCSETD:
3295	case TIOCSBRK:
3296	case TIOCCBRK:
3297	case TCSBRK:
3298	case TCSBRKP:			
3299		retval = tty_check_change(tty);
3300		if (retval)
3301			return retval;
3302		if (cmd != TIOCCBRK) {
3303			tty_wait_until_sent(tty, 0);
3304			if (signal_pending(current))
3305				return -EINTR;
3306		}
3307		break;
3308	}
3309
3310	switch (cmd) {
3311		case TIOCSTI:
3312			return tiocsti(tty, p);
3313		case TIOCGWINSZ:
3314			return tiocgwinsz(tty, p);
3315		case TIOCSWINSZ:
3316			return tiocswinsz(tty, real_tty, p);
3317		case TIOCCONS:
3318			return real_tty!=tty ? -EINVAL : tioccons(file);
3319		case FIONBIO:
3320			return fionbio(file, p);
3321		case TIOCEXCL:
3322			set_bit(TTY_EXCLUSIVE, &tty->flags);
3323			return 0;
3324		case TIOCNXCL:
3325			clear_bit(TTY_EXCLUSIVE, &tty->flags);
3326			return 0;
3327		case TIOCNOTTY:
3328			if (current->signal->tty != tty)
3329				return -ENOTTY;
3330			no_tty();
3331			return 0;
3332		case TIOCSCTTY:
3333			return tiocsctty(tty, arg);
3334		case TIOCGPGRP:
3335			return tiocgpgrp(tty, real_tty, p);
3336		case TIOCSPGRP:
3337			return tiocspgrp(tty, real_tty, p);
3338		case TIOCGSID:
3339			return tiocgsid(tty, real_tty, p);
3340		case TIOCGETD:
3341			/* FIXME: check this is ok */
3342			return put_user(tty->ldisc.num, (int __user *)p);
3343		case TIOCSETD:
3344			return tiocsetd(tty, p);
3345#ifdef CONFIG_VT
3346		case TIOCLINUX:
3347			return tioclinux(tty, arg);
3348#endif
3349		/*
3350		 * Break handling
3351		 */
3352		case TIOCSBRK:	/* Turn break on, unconditionally */
3353			tty->driver->break_ctl(tty, -1);
3354			return 0;
3355			
3356		case TIOCCBRK:	/* Turn break off, unconditionally */
3357			tty->driver->break_ctl(tty, 0);
3358			return 0;
3359		case TCSBRK:   /* SVID version: non-zero arg --> no break */
3360			/* non-zero arg means wait for all output data
3361			 * to be sent (performed above) but don't send break.
3362			 * This is used by the tcdrain() termios function.
3363			 */
3364			if (!arg)
3365				return send_break(tty, 250);
3366			return 0;
3367		case TCSBRKP:	/* support for POSIX tcsendbreak() */	
3368			return send_break(tty, arg ? arg*100 : 250);
3369
3370		case TIOCMGET:
3371			return tty_tiocmget(tty, file, p);
3372
3373		case TIOCMSET:
3374		case TIOCMBIC:
3375		case TIOCMBIS:
3376			return tty_tiocmset(tty, file, cmd, p);
3377		case TCFLSH:
3378			switch (arg) {
3379			case TCIFLUSH:
3380			case TCIOFLUSH:
3381				/* flush tty buffer and allow ldisc to process ioctl */
3382				tty_buffer_flush(tty);
3383				break;
3384			}
3385			break;
3386	}
3387	if (tty->driver->ioctl) {
3388		retval = (tty->driver->ioctl)(tty, file, cmd, arg);
3389		if (retval != -ENOIOCTLCMD)
3390			return retval;
3391	}
3392	ld = tty_ldisc_ref_wait(tty);
3393	retval = -EINVAL;
3394	if (ld->ioctl) {
3395		retval = ld->ioctl(tty, file, cmd, arg);
3396		if (retval == -ENOIOCTLCMD)
3397			retval = -EINVAL;
3398	}
3399	tty_ldisc_deref(ld);
3400	return retval;
3401}
3402
3403#ifdef CONFIG_COMPAT
3404static long tty_compat_ioctl(struct file * file, unsigned int cmd,
3405				unsigned long arg)
3406{
3407	struct inode *inode = file->f_dentry->d_inode;
3408	struct tty_struct *tty = file->private_data;
3409	struct tty_ldisc *ld;
3410	int retval = -ENOIOCTLCMD;
3411
3412	if (tty_paranoia_check(tty, inode, "tty_ioctl"))
3413		return -EINVAL;
3414
3415	if (tty->driver->compat_ioctl) {
3416		retval = (tty->driver->compat_ioctl)(tty, file, cmd, arg);
3417		if (retval != -ENOIOCTLCMD)
3418			return retval;
3419	}
3420
3421	ld = tty_ldisc_ref_wait(tty);
3422	if (ld->compat_ioctl)
3423		retval = ld->compat_ioctl(tty, file, cmd, arg);
3424	tty_ldisc_deref(ld);
3425
3426	return retval;
3427}
3428#endif
3429
3430/*
3431 * This implements the "Secure Attention Key" ---  the idea is to
3432 * prevent trojan horses by killing all processes associated with this
3433 * tty when the user hits the "Secure Attention Key".  Required for
3434 * super-paranoid applications --- see the Orange Book for more details.
3435 * 
3436 * This code could be nicer; ideally it should send a HUP, wait a few
3437 * seconds, then send a INT, and then a KILL signal.  But you then
3438 * have to coordinate with the init process, since all processes associated
3439 * with the current tty must be dead before the new getty is allowed
3440 * to spawn.
3441 *
3442 * Now, if it would be correct ;-/ The current code has a nasty hole -
3443 * it doesn't catch files in flight. We may send the descriptor to ourselves
3444 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
3445 *
3446 * Nasty bug: do_SAK is being called in interrupt context.  This can
3447 * deadlock.  We punt it up to process context.  AKPM - 16Mar2001
3448 */
3449void __do_SAK(struct tty_struct *tty)
3450{
3451#ifdef TTY_SOFT_SAK
3452	tty_hangup(tty);
3453#else
3454	struct task_struct *g, *p;
3455	struct pid *session;
3456	int		i;
3457	struct file	*filp;
3458	struct fdtable *fdt;
3459	
3460	if (!tty)
3461		return;
3462	session = tty->session;
3463	
3464	tty_ldisc_flush(tty);
3465
3466	if (tty->driver->flush_buffer)
3467		tty->driver->flush_buffer(tty);
3468	
3469	read_lock(&tasklist_lock);
3470	/* Kill the entire session */
3471	do_each_pid_task(session, PIDTYPE_SID, p) {
3472		printk(KERN_NOTICE "SAK: killed process %d"
3473			" (%s): process_session(p)==tty->session\n",
3474			p->pid, p->comm);
3475		send_sig(SIGKILL, p, 1);
3476	} while_each_pid_task(session, PIDTYPE_SID, p);
3477	/* Now kill any processes that happen to have the
3478	 * tty open.
3479	 */
3480	do_each_thread(g, p) {
3481		if (p->signal->tty == tty) {
3482			printk(KERN_NOTICE "SAK: killed process %d"
3483			    " (%s): process_session(p)==tty->session\n",
3484			    p->pid, p->comm);
3485			send_sig(SIGKILL, p, 1);
3486			continue;
3487		}
3488		task_lock(p);
3489		if (p->files) {
3490			/*
3491			 * We don't take a ref to the file, so we must
3492			 * hold ->file_lock instead.
3493			 */
3494			spin_lock(&p->files->file_lock);
3495			fdt = files_fdtable(p->files);
3496			for (i=0; i < fdt->max_fds; i++) {
3497				filp = fcheck_files(p->files, i);
3498				if (!filp)
3499					continue;
3500				if (filp->f_op->read == tty_read &&
3501				    filp->private_data == tty) {
3502					printk(KERN_NOTICE "SAK: killed process %d"
3503					    " (%s): fd#%d opened to the tty\n",
3504					    p->pid, p->comm, i);
3505					force_sig(SIGKILL, p);
3506					break;
3507				}
3508			}
3509			spin_unlock(&p->files->file_lock);
3510		}
3511		task_unlock(p);
3512	} while_each_thread(g, p);
3513	read_unlock(&tasklist_lock);
3514#endif
3515}
3516
3517static void do_SAK_work(struct work_struct *work)
3518{
3519	struct tty_struct *tty =
3520		container_of(work, struct tty_struct, SAK_work);
3521	__do_SAK(tty);
3522}
3523
3524/*
3525 * The tq handling here is a little racy - tty->SAK_work may already be queued.
3526 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3527 * the values which we write to it will be identical to the values which it
3528 * already has. --akpm
3529 */
3530void do_SAK(struct tty_struct *tty)
3531{
3532	if (!tty)
3533		return;
3534	schedule_work(&tty->SAK_work);
3535}
3536
3537EXPORT_SYMBOL(do_SAK);
3538
3539/**
3540 *	flush_to_ldisc
3541 *	@work: tty structure passed from work queue.
3542 *
3543 *	This routine is called out of the software interrupt to flush data
3544 *	from the buffer chain to the line discipline.
3545 *
3546 *	Locking: holds tty->buf.lock to guard buffer list. Drops the lock
3547 *	while invoking the line discipline receive_buf method. The
3548 *	receive_buf method is single threaded for each tty instance.
3549 */
3550 
3551static void flush_to_ldisc(struct work_struct *work)
3552{
3553	struct tty_struct *tty =
3554		container_of(work, struct tty_struct, buf.work.work);
3555	unsigned long 	flags;
3556	struct tty_ldisc *disc;
3557	struct tty_buffer *tbuf, *head;
3558	char *char_buf;
3559	unsigned char *flag_buf;
3560
3561	disc = tty_ldisc_ref(tty);
3562	if (disc == NULL)	/*  !TTY_LDISC */
3563		return;
3564
3565	spin_lock_irqsave(&tty->buf.lock, flags);
3566	head = tty->buf.head;
3567	if (head != NULL) {
3568		tty->buf.head = NULL;
3569		for (;;) {
3570			int count = head->commit - head->read;
3571			if (!count) {
3572				if (head->next == NULL)
3573					break;
3574				tbuf = head;
3575				head = head->next;
3576				tty_buffer_free(tty, tbuf);
3577				continue;
3578			}
3579			if (!tty->receive_room) {
3580				schedule_delayed_work(&tty->buf.work, 1);
3581				break;
3582			}
3583			if (count > tty->receive_room)
3584				count = tty->receive_room;
3585			char_buf = head->char_buf_ptr + head->read;
3586			flag_buf = head->flag_buf_ptr + head->read;
3587			head->read += count;
3588			spin_unlock_irqrestore(&tty->buf.lock, flags);
3589			disc->receive_buf(tty, char_buf, flag_buf, count);
3590			spin_lock_irqsave(&tty->buf.lock, flags);
3591		}
3592		tty->buf.head = head;
3593	}
3594	spin_unlock_irqrestore(&tty->buf.lock, flags);
3595
3596	tty_ldisc_deref(disc);
3597}
3598
3599/**
3600 *	tty_flip_buffer_push	-	terminal
3601 *	@tty: tty to push
3602 *
3603 *	Queue a push of the terminal flip buffers to the line discipline. This
3604 *	function must not be called from IRQ context if tty->low_latency is set.
3605 *
3606 *	In the event of the queue being busy for flipping the work will be
3607 *	held off and retried later.
3608 *
3609 *	Locking: tty buffer lock. Driver locks in low latency mode.
3610 */
3611
3612void tty_flip_buffer_push(struct tty_struct *tty)
3613{
3614	unsigned long flags;
3615	spin_lock_irqsave(&tty->buf.lock, flags);
3616	if (tty->buf.tail != NULL)
3617		tty->buf.tail->commit = tty->buf.tail->used;
3618	spin_unlock_irqrestore(&tty->buf.lock, flags);
3619
3620	if (tty->low_latency)
3621		flush_to_ldisc(&tty->buf.work.work);
3622	else
3623		schedule_delayed_work(&tty->buf.work, 1);
3624}
3625
3626EXPORT_SYMBOL(tty_flip_buffer_push);
3627
3628
3629/**
3630 *	initialize_tty_struct
3631 *	@tty: tty to initialize
3632 *
3633 *	This subroutine initializes a tty structure that has been newly
3634 *	allocated.
3635 *
3636 *	Locking: none - tty in question must not be exposed at this point
3637 */
3638
3639static void initialize_tty_struct(struct tty_struct *tty)
3640{
3641	memset(tty, 0, sizeof(struct tty_struct));
3642	tty->magic = TTY_MAGIC;
3643	tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
3644	tty->session = NULL;
3645	tty->pgrp = NULL;
3646	tty->overrun_time = jiffies;
3647	tty->buf.head = tty->buf.tail = NULL;
3648	tty_buffer_init(tty);
3649	INIT_DELAYED_WORK(&tty->buf.work, flush_to_ldisc);
3650	init_MUTEX(&tty->buf.pty_sem);
3651	mutex_init(&tty->termios_mutex);
3652	init_waitqueue_head(&tty->write_wait);
3653	init_waitqueue_head(&tty->read_wait);
3654	INIT_WORK(&tty->hangup_work, do_tty_hangup);
3655	mutex_init(&tty->atomic_read_lock);
3656	mutex_init(&tty->atomic_write_lock);
3657	spin_lock_init(&tty->read_lock);
3658	INIT_LIST_HEAD(&tty->tty_files);
3659	INIT_WORK(&tty->SAK_work, do_SAK_work);
3660}
3661
3662/*
3663 * The default put_char routine if the driver did not define one.
3664 */
3665
3666static void tty_default_put_char(struct tty_struct *tty, unsigned char ch)
3667{
3668	tty->driver->write(tty, &ch, 1);
3669}
3670
3671static struct class *tty_class;
3672
3673/**
3674 *	tty_register_device - register a tty device
3675 *	@driver: the tty driver that describes the tty device
3676 *	@index: the index in the tty driver for this tty device
3677 *	@device: a struct device that is associated with this tty device.
3678 *		This field is optional, if there is no known struct device
3679 *		for this tty device it can be set to NULL safely.
3680 *
3681 *	Returns a pointer to the struct device for this tty device
3682 *	(or ERR_PTR(-EFOO) on error).
3683 *
3684 *	This call is required to be made to register an individual tty device
3685 *	if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set.  If
3686 *	that bit is not set, this function should not be called by a tty
3687 *	driver.
3688 *
3689 *	Locking: ??
3690 */
3691
3692struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3693				   struct device *device)
3694{
3695	char name[64];
3696	dev_t dev = MKDEV(driver->major, driver->minor_start) + index;
3697
3698	if (index >= driver->num) {
3699		printk(KERN_ERR "Attempt to register invalid tty line number "
3700		       " (%d).\n", index);
3701		return ERR_PTR(-EINVAL);
3702	}
3703
3704	if (driver->type == TTY_DRIVER_TYPE_PTY)
3705		pty_line_name(driver, index, name);
3706	else
3707		tty_line_name(driver, index, name);
3708
3709	return device_create(tty_class, device, dev, name);
3710}
3711
3712/**
3713 * 	tty_unregister_device - unregister a tty device
3714 * 	@driver: the tty driver that describes the tty device
3715 * 	@index: the index in the tty driver for this tty device
3716 *
3717 * 	If a tty device is registered with a call to tty_register_device() then
3718 *	this function must be called when the tty device is gone.
3719 *
3720 *	Locking: ??
3721 */
3722
3723void tty_unregister_device(struct tty_driver *driver, unsigned index)
3724{
3725	device_destroy(tty_class, MKDEV(driver->major, driver->minor_start) + index);
3726}
3727
3728EXPORT_SYMBOL(tty_register_device);
3729EXPORT_SYMBOL(tty_unregister_device);
3730
3731struct tty_driver *alloc_tty_driver(int lines)
3732{
3733	struct tty_driver *driver;
3734
3735	driver = kmalloc(sizeof(struct tty_driver), GFP_KERNEL);
3736	if (driver) {
3737		memset(driver, 0, sizeof(struct tty_driver));
3738		driver->magic = TTY_DRIVER_MAGIC;
3739		driver->num = lines;
3740		/* later we'll move allocation of tables here */
3741	}
3742	return driver;
3743}
3744
3745void put_tty_driver(struct tty_driver *driver)
3746{
3747	kfree(driver);
3748}
3749
3750void tty_set_operations(struct tty_driver *driver,
3751			const struct tty_operations *op)
3752{
3753	driver->open = op->open;
3754	driver->close = op->close;
3755	driver->write = op->write;
3756	driver->put_char = op->put_char;
3757	driver->flush_chars = op->flush_chars;
3758	driver->write_room = op->write_room;
3759	driver->chars_in_buffer = op->chars_in_buffer;
3760	driver->ioctl = op->ioctl;
3761	driver->compat_ioctl = op->compat_ioctl;
3762	driver->set_termios = op->set_termios;
3763	driver->throttle = op->throttle;
3764	driver->unthrottle = op->unthrottle;
3765	driver->stop = op->stop;
3766	driver->start = op->start;
3767	driver->hangup = op->hangup;
3768	driver->break_ctl = op->break_ctl;
3769	driver->flush_buffer = op->flush_buffer;
3770	driver->set_ldisc = op->set_ldisc;
3771	driver->wait_until_sent = op->wait_until_sent;
3772	driver->send_xchar = op->send_xchar;
3773	driver->read_proc = op->read_proc;
3774	driver->write_proc = op->write_proc;
3775	driver->tiocmget = op->tiocmget;
3776	driver->tiocmset = op->tiocmset;
3777}
3778
3779
3780EXPORT_SYMBOL(alloc_tty_driver);
3781EXPORT_SYMBOL(put_tty_driver);
3782EXPORT_SYMBOL(tty_set_operations);
3783
3784/*
3785 * Called by a tty driver to register itself.
3786 */
3787int tty_register_driver(struct tty_driver *driver)
3788{
3789	int error;
3790        int i;
3791	dev_t dev;
3792	void **p = NULL;
3793
3794	if (driver->flags & TTY_DRIVER_INSTALLED)
3795		return 0;
3796
3797	if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM) && driver->num) {
3798		p = kzalloc(driver->num * 3 * sizeof(void *), GFP_KERNEL);
3799		if (!p)
3800			return -ENOMEM;
3801	}
3802
3803	if (!driver->major) {
3804		error = alloc_chrdev_region(&dev, driver->minor_start, driver->num,
3805						driver->name);
3806		if (!error) {
3807			driver->major = MAJOR(dev);
3808			driver->minor_start = MINOR(dev);
3809		}
3810	} else {
3811		dev = MKDEV(driver->major, driver->minor_start);
3812		error = register_chrdev_region(dev, driver->num, driver->name);
3813	}
3814	if (error < 0) {
3815		kfree(p);
3816		return error;
3817	}
3818
3819	if (p) {
3820		driver->ttys = (struct tty_struct **)p;
3821		driver->termios = (struct ktermios **)(p + driver->num);
3822		driver->termios_locked = (struct ktermios **)(p + driver->num * 2);
3823	} else {
3824		driver->ttys = NULL;
3825		driver->termios = NULL;
3826		driver->termios_locked = NULL;
3827	}
3828
3829	cdev_init(&driver->cdev, &tty_fops);
3830	driver->cdev.owner = driver->owner;
3831	error = cdev_add(&driver->cdev, dev, driver->num);
3832	if (error) {
3833		unregister_chrdev_region(dev, driver->num);
3834		driver->ttys = NULL;
3835		driver->termios = driver->termios_locked = NULL;
3836		kfree(p);
3837		return error;
3838	}
3839
3840	if (!driver->put_char)
3841		driver->put_char = tty_default_put_char;
3842	
3843	mutex_lock(&tty_mutex);
3844	list_add(&driver->tty_drivers, &tty_drivers);
3845	mutex_unlock(&tty_mutex);
3846	
3847	if ( !(driver->flags & TTY_DRIVER_DYNAMIC_DEV) ) {
3848		for(i = 0; i < driver->num; i++)
3849		    tty_register_device(driver, i, NULL);
3850	}
3851	proc_tty_register_driver(driver);
3852	return 0;
3853}
3854
3855EXPORT_SYMBOL(tty_register_driver);
3856
3857/*
3858 * Called by a tty driver to unregister itself.
3859 */
3860int tty_unregister_driver(struct tty_driver *driver)
3861{
3862	int i;
3863	struct ktermios *tp;
3864	void *p;
3865
3866	if (driver->refcount)
3867		return -EBUSY;
3868
3869	unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3870				driver->num);
3871	mutex_lock(&tty_mutex);
3872	list_del(&driver->tty_drivers);
3873	mutex_unlock(&tty_mutex);
3874
3875	/*
3876	 * Free the termios and termios_locked structures because
3877	 * we don't want to get memory leaks when modular tty
3878	 * drivers are removed from the kernel.
3879	 */
3880	for (i = 0; i < driver->num; i++) {
3881		tp = driver->termios[i];
3882		if (tp) {
3883			driver->termios[i] = NULL;
3884			kfree(tp);
3885		}
3886		tp = driver->termios_locked[i];
3887		if (tp) {
3888			driver->termios_locked[i] = NULL;
3889			kfree(tp);
3890		}
3891		if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3892			tty_unregister_device(driver, i);
3893	}
3894	p = driver->ttys;
3895	proc_tty_unregister_driver(driver);
3896	driver->ttys = NULL;
3897	driver->termios = driver->termios_locked = NULL;
3898	kfree(p);
3899	cdev_del(&driver->cdev);
3900	return 0;
3901}
3902EXPORT_SYMBOL(tty_unregister_driver);
3903
3904dev_t tty_devnum(struct tty_struct *tty)
3905{
3906	return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3907}
3908EXPORT_SYMBOL(tty_devnum);
3909
3910void proc_clear_tty(struct task_struct *p)
3911{
3912	spin_lock_irq(&p->sighand->siglock);
3913	p->signal->tty = NULL;
3914	spin_unlock_irq(&p->sighand->siglock);
3915}
3916EXPORT_SYMBOL(proc_clear_tty);
3917
3918static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
3919{
3920	if (tty) {
3921		/* We should not have a session or pgrp to here but.... */
3922		put_pid(tty->session);
3923		put_pid(tty->pgrp);
3924		tty->session = get_pid(task_session(tsk));
3925		tty->pgrp = get_pid(task_pgrp(tsk));
3926	}
3927	put_pid(tsk->signal->tty_old_pgrp);
3928	tsk->signal->tty = tty;
3929	tsk->signal->tty_old_pgrp = NULL;
3930}
3931
3932static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
3933{
3934	spin_lock_irq(&tsk->sighand->siglock);
3935	__proc_set_tty(tsk, tty);
3936	spin_unlock_irq(&tsk->sighand->siglock);
3937}
3938
3939struct tty_struct *get_current_tty(void)
3940{
3941	struct tty_struct *tty;
3942	WARN_ON_ONCE(!mutex_is_locked(&tty_mutex));
3943	tty = current->signal->tty;
3944	/*
3945	 * session->tty can be changed/cleared from under us, make sure we
3946	 * issue the load. The obtained pointer, when not NULL, is valid as
3947	 * long as we hold tty_mutex.
3948	 */
3949	barrier();
3950	return tty;
3951}
3952EXPORT_SYMBOL_GPL(get_current_tty);
3953
3954/*
3955 * Initialize the console device. This is called *early*, so
3956 * we can't necessarily depend on lots of kernel help here.
3957 * Just do some early initializations, and do the complex setup
3958 * later.
3959 */
3960void __init console_init(void)
3961{
3962	initcall_t *call;
3963
3964	/* Setup the default TTY line discipline. */
3965	(void) tty_register_ldisc(N_TTY, &tty_ldisc_N_TTY);
3966
3967	/*
3968	 * set up the console device so that later boot sequences can 
3969	 * inform about problems etc..
3970	 */
3971	call = __con_initcall_start;
3972	while (call < __con_initcall_end) {
3973		(*call)();
3974		call++;
3975	}
3976}
3977
3978#ifdef CONFIG_VT
3979extern int vty_init(void);
3980#endif
3981
3982static int __init tty_class_init(void)
3983{
3984	tty_class = class_create(THIS_MODULE, "tty");
3985	if (IS_ERR(tty_class))
3986		return PTR_ERR(tty_class);
3987	return 0;
3988}
3989
3990postcore_initcall(tty_class_init);
3991
3992/* 3/2004 jmc: why do these devices exist? */
3993
3994static struct cdev tty_cdev, console_cdev;
3995#ifdef CONFIG_UNIX98_PTYS
3996static struct cdev ptmx_cdev;
3997#endif
3998#ifdef CONFIG_VT
3999static struct cdev vc0_cdev;
4000#endif
4001
4002/*
4003 * Ok, now we can initialize the rest of the tty devices and can count
4004 * on memory allocations, interrupts etc..
4005 */
4006static int __init tty_init(void)
4007{
4008	cdev_init(&tty_cdev, &tty_fops);
4009	if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
4010	    register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
4011		panic("Couldn't register /dev/tty driver\n");
4012	device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), "tty");
4013
4014	cdev_init(&console_cdev, &console_fops);
4015	if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
4016	    register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
4017		panic("Couldn't register /dev/console driver\n");
4018	device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), "console");
4019
4020#ifdef CONFIG_UNIX98_PTYS
4021	cdev_init(&ptmx_cdev, &ptmx_fops);
4022	if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) ||
4023	    register_chrdev_region(MKDEV(TTYAUX_MAJOR, 2), 1, "/dev/ptmx") < 0)
4024		panic("Couldn't register /dev/ptmx driver\n");
4025	device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 2), "ptmx");
4026#endif
4027
4028#ifdef CONFIG_VT
4029	cdev_init(&vc0_cdev, &console_fops);
4030	if (cdev_add(&vc0_cdev, MKDEV(TTY_MAJOR, 0), 1) ||
4031	    register_chrdev_region(MKDEV(TTY_MAJOR, 0), 1, "/dev/vc/0") < 0)
4032		panic("Couldn't register /dev/tty0 driver\n");
4033	device_create(tty_class, NULL, MKDEV(TTY_MAJOR, 0), "tty0");
4034
4035	vty_init();
4036#endif
4037	return 0;
4038}
4039module_init(tty_init);
Configure Feed

Configure Feed
