drivers/char/tty_io.c at dc39455e7948ec9bc5f3f2dced5c2f5ac8a8dfd9

tjh.dev / kernel
fork
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork
kernel / drivers / char / tty_io.c
at dc39455e7948ec9bc5f3f2dced5c2f5ac8a8dfd9 4112 lines 106 kB view raw
wrap content
   1/*
   2 *  linux/drivers/char/tty_io.c
   3 *
   4 *  Copyright (C) 1991, 1992  Linus Torvalds
   5 */
   6
   7/*
   8 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
   9 * or rs-channels. It also implements echoing, cooked mode etc.
  10 *
  11 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
  12 *
  13 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
  14 * tty_struct and tty_queue structures.  Previously there was an array
  15 * of 256 tty_struct's which was statically allocated, and the
  16 * tty_queue structures were allocated at boot time.  Both are now
  17 * dynamically allocated only when the tty is open.
  18 *
  19 * Also restructured routines so that there is more of a separation
  20 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
  21 * the low-level tty routines (serial.c, pty.c, console.c).  This
  22 * makes for cleaner and more compact code.  -TYT, 9/17/92
  23 *
  24 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
  25 * which can be dynamically activated and de-activated by the line
  26 * discipline handling modules (like SLIP).
  27 *
  28 * NOTE: pay no attention to the line discipline code (yet); its
  29 * interface is still subject to change in this version...
  30 * -- TYT, 1/31/92
  31 *
  32 * Added functionality to the OPOST tty handling.  No delays, but all
  33 * other bits should be there.
  34 *	-- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
  35 *
  36 * Rewrote canonical mode and added more termios flags.
  37 * 	-- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
  38 *
  39 * Reorganized FASYNC support so mouse code can share it.
  40 *	-- ctm@ardi.com, 9Sep95
  41 *
  42 * New TIOCLINUX variants added.
  43 *	-- mj@k332.feld.cvut.cz, 19-Nov-95
  44 *
  45 * Restrict vt switching via ioctl()
  46 *      -- grif@cs.ucr.edu, 5-Dec-95
  47 *
  48 * Move console and virtual terminal code to more appropriate files,
  49 * implement CONFIG_VT and generalize console device interface.
  50 *	-- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
  51 *
  52 * Rewrote init_dev and release_dev to eliminate races.
  53 *	-- Bill Hawes <whawes@star.net>, June 97
  54 *
  55 * Added devfs support.
  56 *      -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
  57 *
  58 * Added support for a Unix98-style ptmx device.
  59 *      -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
  60 *
  61 * Reduced memory usage for older ARM systems
  62 *      -- Russell King <rmk@arm.linux.org.uk>
  63 *
  64 * Move do_SAK() into process context.  Less stack use in devfs functions.
  65 * alloc_tty_struct() always uses kmalloc()
  66 *			 -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
  67 */
  68
  69#include <linux/types.h>
  70#include <linux/major.h>
  71#include <linux/errno.h>
  72#include <linux/signal.h>
  73#include <linux/fcntl.h>
  74#include <linux/sched.h>
  75#include <linux/interrupt.h>
  76#include <linux/tty.h>
  77#include <linux/tty_driver.h>
  78#include <linux/tty_flip.h>
  79#include <linux/devpts_fs.h>
  80#include <linux/file.h>
  81#include <linux/console.h>
  82#include <linux/timer.h>
  83#include <linux/ctype.h>
  84#include <linux/kd.h>
  85#include <linux/mm.h>
  86#include <linux/string.h>
  87#include <linux/slab.h>
  88#include <linux/poll.h>
  89#include <linux/proc_fs.h>
  90#include <linux/init.h>
  91#include <linux/module.h>
  92#include <linux/smp_lock.h>
  93#include <linux/device.h>
  94#include <linux/idr.h>
  95#include <linux/wait.h>
  96#include <linux/bitops.h>
  97#include <linux/delay.h>
  98
  99#include <asm/uaccess.h>
 100#include <asm/system.h>
 101
 102#include <linux/kbd_kern.h>
 103#include <linux/vt_kern.h>
 104#include <linux/selection.h>
 105
 106#include <linux/kmod.h>
 107#include <linux/nsproxy.h>
 108
 109#undef TTY_DEBUG_HANGUP
 110
 111#define TTY_PARANOIA_CHECK 1
 112#define CHECK_TTY_COUNT 1
 113
 114struct ktermios tty_std_termios = {	/* for the benefit of tty drivers  */
 115	.c_iflag = ICRNL | IXON,
 116	.c_oflag = OPOST | ONLCR,
 117	.c_cflag = B38400 | CS8 | CREAD | HUPCL,
 118	.c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
 119		   ECHOCTL | ECHOKE | IEXTEN,
 120	.c_cc = INIT_C_CC,
 121	.c_ispeed = 38400,
 122	.c_ospeed = 38400
 123};
 124
 125EXPORT_SYMBOL(tty_std_termios);
 126
 127/* This list gets poked at by procfs and various bits of boot up code. This
 128   could do with some rationalisation such as pulling the tty proc function
 129   into this file */
 130
 131LIST_HEAD(tty_drivers);			/* linked list of tty drivers */
 132
 133/* Mutex to protect creating and releasing a tty. This is shared with
 134   vt.c for deeply disgusting hack reasons */
 135DEFINE_MUTEX(tty_mutex);
 136EXPORT_SYMBOL(tty_mutex);
 137
 138#ifdef CONFIG_UNIX98_PTYS
 139extern struct tty_driver *ptm_driver;	/* Unix98 pty masters; for /dev/ptmx */
 140extern int pty_limit;			/* Config limit on Unix98 ptys */
 141static DEFINE_IDR(allocated_ptys);
 142static DEFINE_MUTEX(allocated_ptys_lock);
 143static int ptmx_open(struct inode *, struct file *);
 144#endif
 145
 146static void initialize_tty_struct(struct tty_struct *tty);
 147
 148static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
 149static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
 150ssize_t redirected_tty_write(struct file *, const char __user *,
 151							size_t, loff_t *);
 152static unsigned int tty_poll(struct file *, poll_table *);
 153static int tty_open(struct inode *, struct file *);
 154static int tty_release(struct inode *, struct file *);
 155int tty_ioctl(struct inode *inode, struct file *file,
 156	      unsigned int cmd, unsigned long arg);
 157#ifdef CONFIG_COMPAT
 158static long tty_compat_ioctl(struct file *file, unsigned int cmd,
 159				unsigned long arg);
 160#else
 161#define tty_compat_ioctl NULL
 162#endif
 163static int tty_fasync(int fd, struct file *filp, int on);
 164static void release_tty(struct tty_struct *tty, int idx);
 165static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
 166static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
 167
 168/**
 169 *	alloc_tty_struct	-	allocate a tty object
 170 *
 171 *	Return a new empty tty structure. The data fields have not
 172 *	been initialized in any way but has been zeroed
 173 *
 174 *	Locking: none
 175 */
 176
 177static struct tty_struct *alloc_tty_struct(void)
 178{
 179	return kzalloc(sizeof(struct tty_struct), GFP_KERNEL);
 180}
 181
 182static void tty_buffer_free_all(struct tty_struct *);
 183
 184/**
 185 *	free_tty_struct		-	free a disused tty
 186 *	@tty: tty struct to free
 187 *
 188 *	Free the write buffers, tty queue and tty memory itself.
 189 *
 190 *	Locking: none. Must be called after tty is definitely unused
 191 */
 192
 193static inline void free_tty_struct(struct tty_struct *tty)
 194{
 195	kfree(tty->write_buf);
 196	tty_buffer_free_all(tty);
 197	kfree(tty);
 198}
 199
 200#define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
 201
 202/**
 203 *	tty_name	-	return tty naming
 204 *	@tty: tty structure
 205 *	@buf: buffer for output
 206 *
 207 *	Convert a tty structure into a name. The name reflects the kernel
 208 *	naming policy and if udev is in use may not reflect user space
 209 *
 210 *	Locking: none
 211 */
 212
 213char *tty_name(struct tty_struct *tty, char *buf)
 214{
 215	if (!tty) /* Hmm.  NULL pointer.  That's fun. */
 216		strcpy(buf, "NULL tty");
 217	else
 218		strcpy(buf, tty->name);
 219	return buf;
 220}
 221
 222EXPORT_SYMBOL(tty_name);
 223
 224int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
 225			      const char *routine)
 226{
 227#ifdef TTY_PARANOIA_CHECK
 228	if (!tty) {
 229		printk(KERN_WARNING
 230			"null TTY for (%d:%d) in %s\n",
 231			imajor(inode), iminor(inode), routine);
 232		return 1;
 233	}
 234	if (tty->magic != TTY_MAGIC) {
 235		printk(KERN_WARNING
 236			"bad magic number for tty struct (%d:%d) in %s\n",
 237			imajor(inode), iminor(inode), routine);
 238		return 1;
 239	}
 240#endif
 241	return 0;
 242}
 243
 244static int check_tty_count(struct tty_struct *tty, const char *routine)
 245{
 246#ifdef CHECK_TTY_COUNT
 247	struct list_head *p;
 248	int count = 0;
 249
 250	file_list_lock();
 251	list_for_each(p, &tty->tty_files) {
 252		count++;
 253	}
 254	file_list_unlock();
 255	if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
 256	    tty->driver->subtype == PTY_TYPE_SLAVE &&
 257	    tty->link && tty->link->count)
 258		count++;
 259	if (tty->count != count) {
 260		printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
 261				    "!= #fd's(%d) in %s\n",
 262		       tty->name, tty->count, count, routine);
 263		return count;
 264	}
 265#endif
 266	return 0;
 267}
 268
 269/*
 270 * Tty buffer allocation management
 271 */
 272
 273/**
 274 *	tty_buffer_free_all		-	free buffers used by a tty
 275 *	@tty: tty to free from
 276 *
 277 *	Remove all the buffers pending on a tty whether queued with data
 278 *	or in the free ring. Must be called when the tty is no longer in use
 279 *
 280 *	Locking: none
 281 */
 282
 283static void tty_buffer_free_all(struct tty_struct *tty)
 284{
 285	struct tty_buffer *thead;
 286	while ((thead = tty->buf.head) != NULL) {
 287		tty->buf.head = thead->next;
 288		kfree(thead);
 289	}
 290	while ((thead = tty->buf.free) != NULL) {
 291		tty->buf.free = thead->next;
 292		kfree(thead);
 293	}
 294	tty->buf.tail = NULL;
 295	tty->buf.memory_used = 0;
 296}
 297
 298/**
 299 *	tty_buffer_init		-	prepare a tty buffer structure
 300 *	@tty: tty to initialise
 301 *
 302 *	Set up the initial state of the buffer management for a tty device.
 303 *	Must be called before the other tty buffer functions are used.
 304 *
 305 *	Locking: none
 306 */
 307
 308static void tty_buffer_init(struct tty_struct *tty)
 309{
 310	spin_lock_init(&tty->buf.lock);
 311	tty->buf.head = NULL;
 312	tty->buf.tail = NULL;
 313	tty->buf.free = NULL;
 314	tty->buf.memory_used = 0;
 315}
 316
 317/**
 318 *	tty_buffer_alloc	-	allocate a tty buffer
 319 *	@tty: tty device
 320 *	@size: desired size (characters)
 321 *
 322 *	Allocate a new tty buffer to hold the desired number of characters.
 323 *	Return NULL if out of memory or the allocation would exceed the
 324 *	per device queue
 325 *
 326 *	Locking: Caller must hold tty->buf.lock
 327 */
 328
 329static struct tty_buffer *tty_buffer_alloc(struct tty_struct *tty, size_t size)
 330{
 331	struct tty_buffer *p;
 332
 333	if (tty->buf.memory_used + size > 65536)
 334		return NULL;
 335	p = kmalloc(sizeof(struct tty_buffer) + 2 * size, GFP_ATOMIC);
 336	if (p == NULL)
 337		return NULL;
 338	p->used = 0;
 339	p->size = size;
 340	p->next = NULL;
 341	p->commit = 0;
 342	p->read = 0;
 343	p->char_buf_ptr = (char *)(p->data);
 344	p->flag_buf_ptr = (unsigned char *)p->char_buf_ptr + size;
 345	tty->buf.memory_used += size;
 346	return p;
 347}
 348
 349/**
 350 *	tty_buffer_free		-	free a tty buffer
 351 *	@tty: tty owning the buffer
 352 *	@b: the buffer to free
 353 *
 354 *	Free a tty buffer, or add it to the free list according to our
 355 *	internal strategy
 356 *
 357 *	Locking: Caller must hold tty->buf.lock
 358 */
 359
 360static void tty_buffer_free(struct tty_struct *tty, struct tty_buffer *b)
 361{
 362	/* Dumb strategy for now - should keep some stats */
 363	tty->buf.memory_used -= b->size;
 364	WARN_ON(tty->buf.memory_used < 0);
 365
 366	if (b->size >= 512)
 367		kfree(b);
 368	else {
 369		b->next = tty->buf.free;
 370		tty->buf.free = b;
 371	}
 372}
 373
 374/**
 375 *	__tty_buffer_flush		-	flush full tty buffers
 376 *	@tty: tty to flush
 377 *
 378 *	flush all the buffers containing receive data. Caller must
 379 *	hold the buffer lock and must have ensured no parallel flush to
 380 *	ldisc is running.
 381 *
 382 *	Locking: Caller must hold tty->buf.lock
 383 */
 384
 385static void __tty_buffer_flush(struct tty_struct *tty)
 386{
 387	struct tty_buffer *thead;
 388
 389	while ((thead = tty->buf.head) != NULL) {
 390		tty->buf.head = thead->next;
 391		tty_buffer_free(tty, thead);
 392	}
 393	tty->buf.tail = NULL;
 394}
 395
 396/**
 397 *	tty_buffer_flush		-	flush full tty buffers
 398 *	@tty: tty to flush
 399 *
 400 *	flush all the buffers containing receive data. If the buffer is
 401 *	being processed by flush_to_ldisc then we defer the processing
 402 *	to that function
 403 *
 404 *	Locking: none
 405 */
 406
 407static void tty_buffer_flush(struct tty_struct *tty)
 408{
 409	unsigned long flags;
 410	spin_lock_irqsave(&tty->buf.lock, flags);
 411
 412	/* If the data is being pushed to the tty layer then we can't
 413	   process it here. Instead set a flag and the flush_to_ldisc
 414	   path will process the flush request before it exits */
 415	if (test_bit(TTY_FLUSHING, &tty->flags)) {
 416		set_bit(TTY_FLUSHPENDING, &tty->flags);
 417		spin_unlock_irqrestore(&tty->buf.lock, flags);
 418		wait_event(tty->read_wait,
 419				test_bit(TTY_FLUSHPENDING, &tty->flags) == 0);
 420		return;
 421	} else
 422		__tty_buffer_flush(tty);
 423	spin_unlock_irqrestore(&tty->buf.lock, flags);
 424}
 425
 426/**
 427 *	tty_buffer_find		-	find a free tty buffer
 428 *	@tty: tty owning the buffer
 429 *	@size: characters wanted
 430 *
 431 *	Locate an existing suitable tty buffer or if we are lacking one then
 432 *	allocate a new one. We round our buffers off in 256 character chunks
 433 *	to get better allocation behaviour.
 434 *
 435 *	Locking: Caller must hold tty->buf.lock
 436 */
 437
 438static struct tty_buffer *tty_buffer_find(struct tty_struct *tty, size_t size)
 439{
 440	struct tty_buffer **tbh = &tty->buf.free;
 441	while ((*tbh) != NULL) {
 442		struct tty_buffer *t = *tbh;
 443		if (t->size >= size) {
 444			*tbh = t->next;
 445			t->next = NULL;
 446			t->used = 0;
 447			t->commit = 0;
 448			t->read = 0;
 449			tty->buf.memory_used += t->size;
 450			return t;
 451		}
 452		tbh = &((*tbh)->next);
 453	}
 454	/* Round the buffer size out */
 455	size = (size + 0xFF) & ~0xFF;
 456	return tty_buffer_alloc(tty, size);
 457	/* Should possibly check if this fails for the largest buffer we
 458	   have queued and recycle that ? */
 459}
 460
 461/**
 462 *	tty_buffer_request_room		-	grow tty buffer if needed
 463 *	@tty: tty structure
 464 *	@size: size desired
 465 *
 466 *	Make at least size bytes of linear space available for the tty
 467 *	buffer. If we fail return the size we managed to find.
 468 *
 469 *	Locking: Takes tty->buf.lock
 470 */
 471int tty_buffer_request_room(struct tty_struct *tty, size_t size)
 472{
 473	struct tty_buffer *b, *n;
 474	int left;
 475	unsigned long flags;
 476
 477	spin_lock_irqsave(&tty->buf.lock, flags);
 478
 479	/* OPTIMISATION: We could keep a per tty "zero" sized buffer to
 480	   remove this conditional if its worth it. This would be invisible
 481	   to the callers */
 482	if ((b = tty->buf.tail) != NULL)
 483		left = b->size - b->used;
 484	else
 485		left = 0;
 486
 487	if (left < size) {
 488		/* This is the slow path - looking for new buffers to use */
 489		if ((n = tty_buffer_find(tty, size)) != NULL) {
 490			if (b != NULL) {
 491				b->next = n;
 492				b->commit = b->used;
 493			} else
 494				tty->buf.head = n;
 495			tty->buf.tail = n;
 496		} else
 497			size = left;
 498	}
 499
 500	spin_unlock_irqrestore(&tty->buf.lock, flags);
 501	return size;
 502}
 503EXPORT_SYMBOL_GPL(tty_buffer_request_room);
 504
 505/**
 506 *	tty_insert_flip_string	-	Add characters to the tty buffer
 507 *	@tty: tty structure
 508 *	@chars: characters
 509 *	@size: size
 510 *
 511 *	Queue a series of bytes to the tty buffering. All the characters
 512 *	passed are marked as without error. Returns the number added.
 513 *
 514 *	Locking: Called functions may take tty->buf.lock
 515 */
 516
 517int tty_insert_flip_string(struct tty_struct *tty, const unsigned char *chars,
 518				size_t size)
 519{
 520	int copied = 0;
 521	do {
 522		int space = tty_buffer_request_room(tty, size - copied);
 523		struct tty_buffer *tb = tty->buf.tail;
 524		/* If there is no space then tb may be NULL */
 525		if (unlikely(space == 0))
 526			break;
 527		memcpy(tb->char_buf_ptr + tb->used, chars, space);
 528		memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
 529		tb->used += space;
 530		copied += space;
 531		chars += space;
 532		/* There is a small chance that we need to split the data over
 533		   several buffers. If this is the case we must loop */
 534	} while (unlikely(size > copied));
 535	return copied;
 536}
 537EXPORT_SYMBOL(tty_insert_flip_string);
 538
 539/**
 540 *	tty_insert_flip_string_flags	-	Add characters to the tty buffer
 541 *	@tty: tty structure
 542 *	@chars: characters
 543 *	@flags: flag bytes
 544 *	@size: size
 545 *
 546 *	Queue a series of bytes to the tty buffering. For each character
 547 *	the flags array indicates the status of the character. Returns the
 548 *	number added.
 549 *
 550 *	Locking: Called functions may take tty->buf.lock
 551 */
 552
 553int tty_insert_flip_string_flags(struct tty_struct *tty,
 554		const unsigned char *chars, const char *flags, size_t size)
 555{
 556	int copied = 0;
 557	do {
 558		int space = tty_buffer_request_room(tty, size - copied);
 559		struct tty_buffer *tb = tty->buf.tail;
 560		/* If there is no space then tb may be NULL */
 561		if (unlikely(space == 0))
 562			break;
 563		memcpy(tb->char_buf_ptr + tb->used, chars, space);
 564		memcpy(tb->flag_buf_ptr + tb->used, flags, space);
 565		tb->used += space;
 566		copied += space;
 567		chars += space;
 568		flags += space;
 569		/* There is a small chance that we need to split the data over
 570		   several buffers. If this is the case we must loop */
 571	} while (unlikely(size > copied));
 572	return copied;
 573}
 574EXPORT_SYMBOL(tty_insert_flip_string_flags);
 575
 576/**
 577 *	tty_schedule_flip	-	push characters to ldisc
 578 *	@tty: tty to push from
 579 *
 580 *	Takes any pending buffers and transfers their ownership to the
 581 *	ldisc side of the queue. It then schedules those characters for
 582 *	processing by the line discipline.
 583 *
 584 *	Locking: Takes tty->buf.lock
 585 */
 586
 587void tty_schedule_flip(struct tty_struct *tty)
 588{
 589	unsigned long flags;
 590	spin_lock_irqsave(&tty->buf.lock, flags);
 591	if (tty->buf.tail != NULL)
 592		tty->buf.tail->commit = tty->buf.tail->used;
 593	spin_unlock_irqrestore(&tty->buf.lock, flags);
 594	schedule_delayed_work(&tty->buf.work, 1);
 595}
 596EXPORT_SYMBOL(tty_schedule_flip);
 597
 598/**
 599 *	tty_prepare_flip_string		-	make room for characters
 600 *	@tty: tty
 601 *	@chars: return pointer for character write area
 602 *	@size: desired size
 603 *
 604 *	Prepare a block of space in the buffer for data. Returns the length
 605 *	available and buffer pointer to the space which is now allocated and
 606 *	accounted for as ready for normal characters. This is used for drivers
 607 *	that need their own block copy routines into the buffer. There is no
 608 *	guarantee the buffer is a DMA target!
 609 *
 610 *	Locking: May call functions taking tty->buf.lock
 611 */
 612
 613int tty_prepare_flip_string(struct tty_struct *tty, unsigned char **chars,
 614								size_t size)
 615{
 616	int space = tty_buffer_request_room(tty, size);
 617	if (likely(space)) {
 618		struct tty_buffer *tb = tty->buf.tail;
 619		*chars = tb->char_buf_ptr + tb->used;
 620		memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
 621		tb->used += space;
 622	}
 623	return space;
 624}
 625
 626EXPORT_SYMBOL_GPL(tty_prepare_flip_string);
 627
 628/**
 629 *	tty_prepare_flip_string_flags	-	make room for characters
 630 *	@tty: tty
 631 *	@chars: return pointer for character write area
 632 *	@flags: return pointer for status flag write area
 633 *	@size: desired size
 634 *
 635 *	Prepare a block of space in the buffer for data. Returns the length
 636 *	available and buffer pointer to the space which is now allocated and
 637 *	accounted for as ready for characters. This is used for drivers
 638 *	that need their own block copy routines into the buffer. There is no
 639 *	guarantee the buffer is a DMA target!
 640 *
 641 *	Locking: May call functions taking tty->buf.lock
 642 */
 643
 644int tty_prepare_flip_string_flags(struct tty_struct *tty,
 645			unsigned char **chars, char **flags, size_t size)
 646{
 647	int space = tty_buffer_request_room(tty, size);
 648	if (likely(space)) {
 649		struct tty_buffer *tb = tty->buf.tail;
 650		*chars = tb->char_buf_ptr + tb->used;
 651		*flags = tb->flag_buf_ptr + tb->used;
 652		tb->used += space;
 653	}
 654	return space;
 655}
 656
 657EXPORT_SYMBOL_GPL(tty_prepare_flip_string_flags);
 658
 659
 660
 661/**
 662 *	tty_set_termios_ldisc		-	set ldisc field
 663 *	@tty: tty structure
 664 *	@num: line discipline number
 665 *
 666 *	This is probably overkill for real world processors but
 667 *	they are not on hot paths so a little discipline won't do
 668 *	any harm.
 669 *
 670 *	Locking: takes termios_mutex
 671 */
 672
 673static void tty_set_termios_ldisc(struct tty_struct *tty, int num)
 674{
 675	mutex_lock(&tty->termios_mutex);
 676	tty->termios->c_line = num;
 677	mutex_unlock(&tty->termios_mutex);
 678}
 679
 680/*
 681 *	This guards the refcounted line discipline lists. The lock
 682 *	must be taken with irqs off because there are hangup path
 683 *	callers who will do ldisc lookups and cannot sleep.
 684 */
 685
 686static DEFINE_SPINLOCK(tty_ldisc_lock);
 687static DECLARE_WAIT_QUEUE_HEAD(tty_ldisc_wait);
 688/* Line disc dispatch table */
 689static struct tty_ldisc tty_ldiscs[NR_LDISCS];
 690
 691/**
 692 *	tty_register_ldisc	-	install a line discipline
 693 *	@disc: ldisc number
 694 *	@new_ldisc: pointer to the ldisc object
 695 *
 696 *	Installs a new line discipline into the kernel. The discipline
 697 *	is set up as unreferenced and then made available to the kernel
 698 *	from this point onwards.
 699 *
 700 *	Locking:
 701 *		takes tty_ldisc_lock to guard against ldisc races
 702 */
 703
 704int tty_register_ldisc(int disc, struct tty_ldisc *new_ldisc)
 705{
 706	unsigned long flags;
 707	int ret = 0;
 708
 709	if (disc < N_TTY || disc >= NR_LDISCS)
 710		return -EINVAL;
 711
 712	spin_lock_irqsave(&tty_ldisc_lock, flags);
 713	tty_ldiscs[disc] = *new_ldisc;
 714	tty_ldiscs[disc].num = disc;
 715	tty_ldiscs[disc].flags |= LDISC_FLAG_DEFINED;
 716	tty_ldiscs[disc].refcount = 0;
 717	spin_unlock_irqrestore(&tty_ldisc_lock, flags);
 718
 719	return ret;
 720}
 721EXPORT_SYMBOL(tty_register_ldisc);
 722
 723/**
 724 *	tty_unregister_ldisc	-	unload a line discipline
 725 *	@disc: ldisc number
 726 *	@new_ldisc: pointer to the ldisc object
 727 *
 728 *	Remove a line discipline from the kernel providing it is not
 729 *	currently in use.
 730 *
 731 *	Locking:
 732 *		takes tty_ldisc_lock to guard against ldisc races
 733 */
 734
 735int tty_unregister_ldisc(int disc)
 736{
 737	unsigned long flags;
 738	int ret = 0;
 739
 740	if (disc < N_TTY || disc >= NR_LDISCS)
 741		return -EINVAL;
 742
 743	spin_lock_irqsave(&tty_ldisc_lock, flags);
 744	if (tty_ldiscs[disc].refcount)
 745		ret = -EBUSY;
 746	else
 747		tty_ldiscs[disc].flags &= ~LDISC_FLAG_DEFINED;
 748	spin_unlock_irqrestore(&tty_ldisc_lock, flags);
 749
 750	return ret;
 751}
 752EXPORT_SYMBOL(tty_unregister_ldisc);
 753
 754/**
 755 *	tty_ldisc_get		-	take a reference to an ldisc
 756 *	@disc: ldisc number
 757 *
 758 *	Takes a reference to a line discipline. Deals with refcounts and
 759 *	module locking counts. Returns NULL if the discipline is not available.
 760 *	Returns a pointer to the discipline and bumps the ref count if it is
 761 *	available
 762 *
 763 *	Locking:
 764 *		takes tty_ldisc_lock to guard against ldisc races
 765 */
 766
 767struct tty_ldisc *tty_ldisc_get(int disc)
 768{
 769	unsigned long flags;
 770	struct tty_ldisc *ld;
 771
 772	if (disc < N_TTY || disc >= NR_LDISCS)
 773		return NULL;
 774
 775	spin_lock_irqsave(&tty_ldisc_lock, flags);
 776
 777	ld = &tty_ldiscs[disc];
 778	/* Check the entry is defined */
 779	if (ld->flags & LDISC_FLAG_DEFINED) {
 780		/* If the module is being unloaded we can't use it */
 781		if (!try_module_get(ld->owner))
 782			ld = NULL;
 783		else /* lock it */
 784			ld->refcount++;
 785	} else
 786		ld = NULL;
 787	spin_unlock_irqrestore(&tty_ldisc_lock, flags);
 788	return ld;
 789}
 790
 791EXPORT_SYMBOL_GPL(tty_ldisc_get);
 792
 793/**
 794 *	tty_ldisc_put		-	drop ldisc reference
 795 *	@disc: ldisc number
 796 *
 797 *	Drop a reference to a line discipline. Manage refcounts and
 798 *	module usage counts
 799 *
 800 *	Locking:
 801 *		takes tty_ldisc_lock to guard against ldisc races
 802 */
 803
 804void tty_ldisc_put(int disc)
 805{
 806	struct tty_ldisc *ld;
 807	unsigned long flags;
 808
 809	BUG_ON(disc < N_TTY || disc >= NR_LDISCS);
 810
 811	spin_lock_irqsave(&tty_ldisc_lock, flags);
 812	ld = &tty_ldiscs[disc];
 813	BUG_ON(ld->refcount == 0);
 814	ld->refcount--;
 815	module_put(ld->owner);
 816	spin_unlock_irqrestore(&tty_ldisc_lock, flags);
 817}
 818
 819EXPORT_SYMBOL_GPL(tty_ldisc_put);
 820
 821/**
 822 *	tty_ldisc_assign	-	set ldisc on a tty
 823 *	@tty: tty to assign
 824 *	@ld: line discipline
 825 *
 826 *	Install an instance of a line discipline into a tty structure. The
 827 *	ldisc must have a reference count above zero to ensure it remains/
 828 *	The tty instance refcount starts at zero.
 829 *
 830 *	Locking:
 831 *		Caller must hold references
 832 */
 833
 834static void tty_ldisc_assign(struct tty_struct *tty, struct tty_ldisc *ld)
 835{
 836	tty->ldisc = *ld;
 837	tty->ldisc.refcount = 0;
 838}
 839
 840/**
 841 *	tty_ldisc_try		-	internal helper
 842 *	@tty: the tty
 843 *
 844 *	Make a single attempt to grab and bump the refcount on
 845 *	the tty ldisc. Return 0 on failure or 1 on success. This is
 846 *	used to implement both the waiting and non waiting versions
 847 *	of tty_ldisc_ref
 848 *
 849 *	Locking: takes tty_ldisc_lock
 850 */
 851
 852static int tty_ldisc_try(struct tty_struct *tty)
 853{
 854	unsigned long flags;
 855	struct tty_ldisc *ld;
 856	int ret = 0;
 857
 858	spin_lock_irqsave(&tty_ldisc_lock, flags);
 859	ld = &tty->ldisc;
 860	if (test_bit(TTY_LDISC, &tty->flags)) {
 861		ld->refcount++;
 862		ret = 1;
 863	}
 864	spin_unlock_irqrestore(&tty_ldisc_lock, flags);
 865	return ret;
 866}
 867
 868/**
 869 *	tty_ldisc_ref_wait	-	wait for the tty ldisc
 870 *	@tty: tty device
 871 *
 872 *	Dereference the line discipline for the terminal and take a
 873 *	reference to it. If the line discipline is in flux then
 874 *	wait patiently until it changes.
 875 *
 876 *	Note: Must not be called from an IRQ/timer context. The caller
 877 *	must also be careful not to hold other locks that will deadlock
 878 *	against a discipline change, such as an existing ldisc reference
 879 *	(which we check for)
 880 *
 881 *	Locking: call functions take tty_ldisc_lock
 882 */
 883
 884struct tty_ldisc *tty_ldisc_ref_wait(struct tty_struct *tty)
 885{
 886	/* wait_event is a macro */
 887	wait_event(tty_ldisc_wait, tty_ldisc_try(tty));
 888	if (tty->ldisc.refcount == 0)
 889		printk(KERN_ERR "tty_ldisc_ref_wait\n");
 890	return &tty->ldisc;
 891}
 892
 893EXPORT_SYMBOL_GPL(tty_ldisc_ref_wait);
 894
 895/**
 896 *	tty_ldisc_ref		-	get the tty ldisc
 897 *	@tty: tty device
 898 *
 899 *	Dereference the line discipline for the terminal and take a
 900 *	reference to it. If the line discipline is in flux then
 901 *	return NULL. Can be called from IRQ and timer functions.
 902 *
 903 *	Locking: called functions take tty_ldisc_lock
 904 */
 905
 906struct tty_ldisc *tty_ldisc_ref(struct tty_struct *tty)
 907{
 908	if (tty_ldisc_try(tty))
 909		return &tty->ldisc;
 910	return NULL;
 911}
 912
 913EXPORT_SYMBOL_GPL(tty_ldisc_ref);
 914
 915/**
 916 *	tty_ldisc_deref		-	free a tty ldisc reference
 917 *	@ld: reference to free up
 918 *
 919 *	Undoes the effect of tty_ldisc_ref or tty_ldisc_ref_wait. May
 920 *	be called in IRQ context.
 921 *
 922 *	Locking: takes tty_ldisc_lock
 923 */
 924
 925void tty_ldisc_deref(struct tty_ldisc *ld)
 926{
 927	unsigned long flags;
 928
 929	BUG_ON(ld == NULL);
 930
 931	spin_lock_irqsave(&tty_ldisc_lock, flags);
 932	if (ld->refcount == 0)
 933		printk(KERN_ERR "tty_ldisc_deref: no references.\n");
 934	else
 935		ld->refcount--;
 936	if (ld->refcount == 0)
 937		wake_up(&tty_ldisc_wait);
 938	spin_unlock_irqrestore(&tty_ldisc_lock, flags);
 939}
 940
 941EXPORT_SYMBOL_GPL(tty_ldisc_deref);
 942
 943/**
 944 *	tty_ldisc_enable	-	allow ldisc use
 945 *	@tty: terminal to activate ldisc on
 946 *
 947 *	Set the TTY_LDISC flag when the line discipline can be called
 948 *	again. Do necessary wakeups for existing sleepers.
 949 *
 950 *	Note: nobody should set this bit except via this function. Clearing
 951 *	directly is allowed.
 952 */
 953
 954static void tty_ldisc_enable(struct tty_struct *tty)
 955{
 956	set_bit(TTY_LDISC, &tty->flags);
 957	wake_up(&tty_ldisc_wait);
 958}
 959
 960/**
 961 *	tty_set_ldisc		-	set line discipline
 962 *	@tty: the terminal to set
 963 *	@ldisc: the line discipline
 964 *
 965 *	Set the discipline of a tty line. Must be called from a process
 966 *	context.
 967 *
 968 *	Locking: takes tty_ldisc_lock.
 969 *		 called functions take termios_mutex
 970 */
 971
 972static int tty_set_ldisc(struct tty_struct *tty, int ldisc)
 973{
 974	int retval = 0;
 975	struct tty_ldisc o_ldisc;
 976	char buf[64];
 977	int work;
 978	unsigned long flags;
 979	struct tty_ldisc *ld;
 980	struct tty_struct *o_tty;
 981
 982	if ((ldisc < N_TTY) || (ldisc >= NR_LDISCS))
 983		return -EINVAL;
 984
 985restart:
 986
 987	ld = tty_ldisc_get(ldisc);
 988	/* Eduardo Blanco <ejbs@cs.cs.com.uy> */
 989	/* Cyrus Durgin <cider@speakeasy.org> */
 990	if (ld == NULL) {
 991		request_module("tty-ldisc-%d", ldisc);
 992		ld = tty_ldisc_get(ldisc);
 993	}
 994	if (ld == NULL)
 995		return -EINVAL;
 996
 997	/*
 998	 *	Problem: What do we do if this blocks ?
 999	 */
1000
1001	tty_wait_until_sent(tty, 0);
1002
1003	if (tty->ldisc.num == ldisc) {
1004		tty_ldisc_put(ldisc);
1005		return 0;
1006	}
1007
1008	/*
1009	 *	No more input please, we are switching. The new ldisc
1010	 *	will update this value in the ldisc open function
1011	 */
1012
1013	tty->receive_room = 0;
1014
1015	o_ldisc = tty->ldisc;
1016	o_tty = tty->link;
1017
1018	/*
1019	 *	Make sure we don't change while someone holds a
1020	 *	reference to the line discipline. The TTY_LDISC bit
1021	 *	prevents anyone taking a reference once it is clear.
1022	 *	We need the lock to avoid racing reference takers.
1023	 */
1024
1025	spin_lock_irqsave(&tty_ldisc_lock, flags);
1026	if (tty->ldisc.refcount || (o_tty && o_tty->ldisc.refcount)) {
1027		if (tty->ldisc.refcount) {
1028			/* Free the new ldisc we grabbed. Must drop the lock
1029			   first. */
1030			spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1031			tty_ldisc_put(ldisc);
1032			/*
1033			 * There are several reasons we may be busy, including
1034			 * random momentary I/O traffic. We must therefore
1035			 * retry. We could distinguish between blocking ops
1036			 * and retries if we made tty_ldisc_wait() smarter.
1037			 * That is up for discussion.
1038			 */
1039			if (wait_event_interruptible(tty_ldisc_wait, tty->ldisc.refcount == 0) < 0)
1040				return -ERESTARTSYS;
1041			goto restart;
1042		}
1043		if (o_tty && o_tty->ldisc.refcount) {
1044			spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1045			tty_ldisc_put(ldisc);
1046			if (wait_event_interruptible(tty_ldisc_wait, o_tty->ldisc.refcount == 0) < 0)
1047				return -ERESTARTSYS;
1048			goto restart;
1049		}
1050	}
1051	/*
1052	 *	If the TTY_LDISC bit is set, then we are racing against
1053	 *	another ldisc change
1054	 */
1055	if (!test_bit(TTY_LDISC, &tty->flags)) {
1056		spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1057		tty_ldisc_put(ldisc);
1058		ld = tty_ldisc_ref_wait(tty);
1059		tty_ldisc_deref(ld);
1060		goto restart;
1061	}
1062
1063	clear_bit(TTY_LDISC, &tty->flags);
1064	if (o_tty)
1065		clear_bit(TTY_LDISC, &o_tty->flags);
1066	spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1067
1068	/*
1069	 *	From this point on we know nobody has an ldisc
1070	 *	usage reference, nor can they obtain one until
1071	 *	we say so later on.
1072	 */
1073
1074	work = cancel_delayed_work(&tty->buf.work);
1075	/*
1076	 * Wait for ->hangup_work and ->buf.work handlers to terminate
1077	 */
1078	flush_scheduled_work();
1079	/* Shutdown the current discipline. */
1080	if (tty->ldisc.close)
1081		(tty->ldisc.close)(tty);
1082
1083	/* Now set up the new line discipline. */
1084	tty_ldisc_assign(tty, ld);
1085	tty_set_termios_ldisc(tty, ldisc);
1086	if (tty->ldisc.open)
1087		retval = (tty->ldisc.open)(tty);
1088	if (retval < 0) {
1089		tty_ldisc_put(ldisc);
1090		/* There is an outstanding reference here so this is safe */
1091		tty_ldisc_assign(tty, tty_ldisc_get(o_ldisc.num));
1092		tty_set_termios_ldisc(tty, tty->ldisc.num);
1093		if (tty->ldisc.open && (tty->ldisc.open(tty) < 0)) {
1094			tty_ldisc_put(o_ldisc.num);
1095			/* This driver is always present */
1096			tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
1097			tty_set_termios_ldisc(tty, N_TTY);
1098			if (tty->ldisc.open) {
1099				int r = tty->ldisc.open(tty);
1100
1101				if (r < 0)
1102					panic("Couldn't open N_TTY ldisc for "
1103					      "%s --- error %d.",
1104					      tty_name(tty, buf), r);
1105			}
1106		}
1107	}
1108	/* At this point we hold a reference to the new ldisc and a
1109	   a reference to the old ldisc. If we ended up flipping back
1110	   to the existing ldisc we have two references to it */
1111
1112	if (tty->ldisc.num != o_ldisc.num && tty->driver->set_ldisc)
1113		tty->driver->set_ldisc(tty);
1114
1115	tty_ldisc_put(o_ldisc.num);
1116
1117	/*
1118	 *	Allow ldisc referencing to occur as soon as the driver
1119	 *	ldisc callback completes.
1120	 */
1121
1122	tty_ldisc_enable(tty);
1123	if (o_tty)
1124		tty_ldisc_enable(o_tty);
1125
1126	/* Restart it in case no characters kick it off. Safe if
1127	   already running */
1128	if (work)
1129		schedule_delayed_work(&tty->buf.work, 1);
1130	return retval;
1131}
1132
1133/**
1134 *	get_tty_driver		-	find device of a tty
1135 *	@dev_t: device identifier
1136 *	@index: returns the index of the tty
1137 *
1138 *	This routine returns a tty driver structure, given a device number
1139 *	and also passes back the index number.
1140 *
1141 *	Locking: caller must hold tty_mutex
1142 */
1143
1144static struct tty_driver *get_tty_driver(dev_t device, int *index)
1145{
1146	struct tty_driver *p;
1147
1148	list_for_each_entry(p, &tty_drivers, tty_drivers) {
1149		dev_t base = MKDEV(p->major, p->minor_start);
1150		if (device < base || device >= base + p->num)
1151			continue;
1152		*index = device - base;
1153		return p;
1154	}
1155	return NULL;
1156}
1157
1158/**
1159 *	tty_check_change	-	check for POSIX terminal changes
1160 *	@tty: tty to check
1161 *
1162 *	If we try to write to, or set the state of, a terminal and we're
1163 *	not in the foreground, send a SIGTTOU.  If the signal is blocked or
1164 *	ignored, go ahead and perform the operation.  (POSIX 7.2)
1165 *
1166 *	Locking: none
1167 */
1168
1169int tty_check_change(struct tty_struct *tty)
1170{
1171	if (current->signal->tty != tty)
1172		return 0;
1173	if (!tty->pgrp) {
1174		printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n");
1175		return 0;
1176	}
1177	if (task_pgrp(current) == tty->pgrp)
1178		return 0;
1179	if (is_ignored(SIGTTOU))
1180		return 0;
1181	if (is_current_pgrp_orphaned())
1182		return -EIO;
1183	kill_pgrp(task_pgrp(current), SIGTTOU, 1);
1184	set_thread_flag(TIF_SIGPENDING);
1185	return -ERESTARTSYS;
1186}
1187
1188EXPORT_SYMBOL(tty_check_change);
1189
1190static ssize_t hung_up_tty_read(struct file *file, char __user *buf,
1191				size_t count, loff_t *ppos)
1192{
1193	return 0;
1194}
1195
1196static ssize_t hung_up_tty_write(struct file *file, const char __user *buf,
1197				 size_t count, loff_t *ppos)
1198{
1199	return -EIO;
1200}
1201
1202/* No kernel lock held - none needed ;) */
1203static unsigned int hung_up_tty_poll(struct file *filp, poll_table *wait)
1204{
1205	return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
1206}
1207
1208static int hung_up_tty_ioctl(struct inode *inode, struct file *file,
1209			     unsigned int cmd, unsigned long arg)
1210{
1211	return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
1212}
1213
1214static long hung_up_tty_compat_ioctl(struct file *file,
1215				     unsigned int cmd, unsigned long arg)
1216{
1217	return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
1218}
1219
1220static const struct file_operations tty_fops = {
1221	.llseek		= no_llseek,
1222	.read		= tty_read,
1223	.write		= tty_write,
1224	.poll		= tty_poll,
1225	.ioctl		= tty_ioctl,
1226	.compat_ioctl	= tty_compat_ioctl,
1227	.open		= tty_open,
1228	.release	= tty_release,
1229	.fasync		= tty_fasync,
1230};
1231
1232#ifdef CONFIG_UNIX98_PTYS
1233static const struct file_operations ptmx_fops = {
1234	.llseek		= no_llseek,
1235	.read		= tty_read,
1236	.write		= tty_write,
1237	.poll		= tty_poll,
1238	.ioctl		= tty_ioctl,
1239	.compat_ioctl	= tty_compat_ioctl,
1240	.open		= ptmx_open,
1241	.release	= tty_release,
1242	.fasync		= tty_fasync,
1243};
1244#endif
1245
1246static const struct file_operations console_fops = {
1247	.llseek		= no_llseek,
1248	.read		= tty_read,
1249	.write		= redirected_tty_write,
1250	.poll		= tty_poll,
1251	.ioctl		= tty_ioctl,
1252	.compat_ioctl	= tty_compat_ioctl,
1253	.open		= tty_open,
1254	.release	= tty_release,
1255	.fasync		= tty_fasync,
1256};
1257
1258static const struct file_operations hung_up_tty_fops = {
1259	.llseek		= no_llseek,
1260	.read		= hung_up_tty_read,
1261	.write		= hung_up_tty_write,
1262	.poll		= hung_up_tty_poll,
1263	.ioctl		= hung_up_tty_ioctl,
1264	.compat_ioctl	= hung_up_tty_compat_ioctl,
1265	.release	= tty_release,
1266};
1267
1268static DEFINE_SPINLOCK(redirect_lock);
1269static struct file *redirect;
1270
1271/**
1272 *	tty_wakeup	-	request more data
1273 *	@tty: terminal
1274 *
1275 *	Internal and external helper for wakeups of tty. This function
1276 *	informs the line discipline if present that the driver is ready
1277 *	to receive more output data.
1278 */
1279
1280void tty_wakeup(struct tty_struct *tty)
1281{
1282	struct tty_ldisc *ld;
1283
1284	if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
1285		ld = tty_ldisc_ref(tty);
1286		if (ld) {
1287			if (ld->write_wakeup)
1288				ld->write_wakeup(tty);
1289			tty_ldisc_deref(ld);
1290		}
1291	}
1292	wake_up_interruptible(&tty->write_wait);
1293}
1294
1295EXPORT_SYMBOL_GPL(tty_wakeup);
1296
1297/**
1298 *	tty_ldisc_flush	-	flush line discipline queue
1299 *	@tty: tty
1300 *
1301 *	Flush the line discipline queue (if any) for this tty. If there
1302 *	is no line discipline active this is a no-op.
1303 */
1304
1305void tty_ldisc_flush(struct tty_struct *tty)
1306{
1307	struct tty_ldisc *ld = tty_ldisc_ref(tty);
1308	if (ld) {
1309		if (ld->flush_buffer)
1310			ld->flush_buffer(tty);
1311		tty_ldisc_deref(ld);
1312	}
1313	tty_buffer_flush(tty);
1314}
1315
1316EXPORT_SYMBOL_GPL(tty_ldisc_flush);
1317
1318/**
1319 *	tty_reset_termios	-	reset terminal state
1320 *	@tty: tty to reset
1321 *
1322 *	Restore a terminal to the driver default state
1323 */
1324
1325static void tty_reset_termios(struct tty_struct *tty)
1326{
1327	mutex_lock(&tty->termios_mutex);
1328	*tty->termios = tty->driver->init_termios;
1329	tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
1330	tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
1331	mutex_unlock(&tty->termios_mutex);
1332}
1333
1334/**
1335 *	do_tty_hangup		-	actual handler for hangup events
1336 *	@work: tty device
1337 *
1338 *	This can be called by the "eventd" kernel thread.  That is process
1339 *	synchronous but doesn't hold any locks, so we need to make sure we
1340 *	have the appropriate locks for what we're doing.
1341 *
1342 *	The hangup event clears any pending redirections onto the hung up
1343 *	device. It ensures future writes will error and it does the needed
1344 *	line discipline hangup and signal delivery. The tty object itself
1345 *	remains intact.
1346 *
1347 *	Locking:
1348 *		BKL
1349 *		  redirect lock for undoing redirection
1350 *		  file list lock for manipulating list of ttys
1351 *		  tty_ldisc_lock from called functions
1352 *		  termios_mutex resetting termios data
1353 *		  tasklist_lock to walk task list for hangup event
1354 *		    ->siglock to protect ->signal/->sighand
1355 */
1356static void do_tty_hangup(struct work_struct *work)
1357{
1358	struct tty_struct *tty =
1359		container_of(work, struct tty_struct, hangup_work);
1360	struct file *cons_filp = NULL;
1361	struct file *filp, *f = NULL;
1362	struct task_struct *p;
1363	struct tty_ldisc *ld;
1364	int    closecount = 0, n;
1365
1366	if (!tty)
1367		return;
1368
1369	/* inuse_filps is protected by the single kernel lock */
1370	lock_kernel();
1371
1372	spin_lock(&redirect_lock);
1373	if (redirect && redirect->private_data == tty) {
1374		f = redirect;
1375		redirect = NULL;
1376	}
1377	spin_unlock(&redirect_lock);
1378
1379	check_tty_count(tty, "do_tty_hangup");
1380	file_list_lock();
1381	/* This breaks for file handles being sent over AF_UNIX sockets ? */
1382	list_for_each_entry(filp, &tty->tty_files, f_u.fu_list) {
1383		if (filp->f_op->write == redirected_tty_write)
1384			cons_filp = filp;
1385		if (filp->f_op->write != tty_write)
1386			continue;
1387		closecount++;
1388		tty_fasync(-1, filp, 0);	/* can't block */
1389		filp->f_op = &hung_up_tty_fops;
1390	}
1391	file_list_unlock();
1392	/*
1393	 * FIXME! What are the locking issues here? This may me overdoing
1394	 * things... This question is especially important now that we've
1395	 * removed the irqlock.
1396	 */
1397	ld = tty_ldisc_ref(tty);
1398	if (ld != NULL) {
1399		/* We may have no line discipline at this point */
1400		if (ld->flush_buffer)
1401			ld->flush_buffer(tty);
1402		if (tty->driver->flush_buffer)
1403			tty->driver->flush_buffer(tty);
1404		if ((test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) &&
1405		    ld->write_wakeup)
1406			ld->write_wakeup(tty);
1407		if (ld->hangup)
1408			ld->hangup(tty);
1409	}
1410	/*
1411	 * FIXME: Once we trust the LDISC code better we can wait here for
1412	 * ldisc completion and fix the driver call race
1413	 */
1414	wake_up_interruptible(&tty->write_wait);
1415	wake_up_interruptible(&tty->read_wait);
1416	/*
1417	 * Shutdown the current line discipline, and reset it to
1418	 * N_TTY.
1419	 */
1420	if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1421		tty_reset_termios(tty);
1422	/* Defer ldisc switch */
1423	/* tty_deferred_ldisc_switch(N_TTY);
1424
1425	  This should get done automatically when the port closes and
1426	  tty_release is called */
1427
1428	read_lock(&tasklist_lock);
1429	if (tty->session) {
1430		do_each_pid_task(tty->session, PIDTYPE_SID, p) {
1431			spin_lock_irq(&p->sighand->siglock);
1432			if (p->signal->tty == tty)
1433				p->signal->tty = NULL;
1434			if (!p->signal->leader) {
1435				spin_unlock_irq(&p->sighand->siglock);
1436				continue;
1437			}
1438			__group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
1439			__group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
1440			put_pid(p->signal->tty_old_pgrp);  /* A noop */
1441			if (tty->pgrp)
1442				p->signal->tty_old_pgrp = get_pid(tty->pgrp);
1443			spin_unlock_irq(&p->sighand->siglock);
1444		} while_each_pid_task(tty->session, PIDTYPE_SID, p);
1445	}
1446	read_unlock(&tasklist_lock);
1447
1448	tty->flags = 0;
1449	put_pid(tty->session);
1450	put_pid(tty->pgrp);
1451	tty->session = NULL;
1452	tty->pgrp = NULL;
1453	tty->ctrl_status = 0;
1454	/*
1455	 * If one of the devices matches a console pointer, we
1456	 * cannot just call hangup() because that will cause
1457	 * tty->count and state->count to go out of sync.
1458	 * So we just call close() the right number of times.
1459	 */
1460	if (cons_filp) {
1461		if (tty->driver->close)
1462			for (n = 0; n < closecount; n++)
1463				tty->driver->close(tty, cons_filp);
1464	} else if (tty->driver->hangup)
1465		(tty->driver->hangup)(tty);
1466	/*
1467	 * We don't want to have driver/ldisc interactions beyond
1468	 * the ones we did here. The driver layer expects no
1469	 * calls after ->hangup() from the ldisc side. However we
1470	 * can't yet guarantee all that.
1471	 */
1472	set_bit(TTY_HUPPED, &tty->flags);
1473	if (ld) {
1474		tty_ldisc_enable(tty);
1475		tty_ldisc_deref(ld);
1476	}
1477	unlock_kernel();
1478	if (f)
1479		fput(f);
1480}
1481
1482/**
1483 *	tty_hangup		-	trigger a hangup event
1484 *	@tty: tty to hangup
1485 *
1486 *	A carrier loss (virtual or otherwise) has occurred on this like
1487 *	schedule a hangup sequence to run after this event.
1488 */
1489
1490void tty_hangup(struct tty_struct *tty)
1491{
1492#ifdef TTY_DEBUG_HANGUP
1493	char	buf[64];
1494	printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
1495#endif
1496	schedule_work(&tty->hangup_work);
1497}
1498
1499EXPORT_SYMBOL(tty_hangup);
1500
1501/**
1502 *	tty_vhangup		-	process vhangup
1503 *	@tty: tty to hangup
1504 *
1505 *	The user has asked via system call for the terminal to be hung up.
1506 *	We do this synchronously so that when the syscall returns the process
1507 *	is complete. That guarantee is necessary for security reasons.
1508 */
1509
1510void tty_vhangup(struct tty_struct *tty)
1511{
1512#ifdef TTY_DEBUG_HANGUP
1513	char	buf[64];
1514
1515	printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
1516#endif
1517	do_tty_hangup(&tty->hangup_work);
1518}
1519
1520EXPORT_SYMBOL(tty_vhangup);
1521
1522/**
1523 *	tty_hung_up_p		-	was tty hung up
1524 *	@filp: file pointer of tty
1525 *
1526 *	Return true if the tty has been subject to a vhangup or a carrier
1527 *	loss
1528 */
1529
1530int tty_hung_up_p(struct file *filp)
1531{
1532	return (filp->f_op == &hung_up_tty_fops);
1533}
1534
1535EXPORT_SYMBOL(tty_hung_up_p);
1536
1537/**
1538 *	is_tty	-	checker whether file is a TTY
1539 *	@filp:		file handle that may be a tty
1540 *
1541 *	Check if the file handle is a tty handle.
1542 */
1543
1544int is_tty(struct file *filp)
1545{
1546	return filp->f_op->read == tty_read
1547		|| filp->f_op->read == hung_up_tty_read;
1548}
1549
1550static void session_clear_tty(struct pid *session)
1551{
1552	struct task_struct *p;
1553	do_each_pid_task(session, PIDTYPE_SID, p) {
1554		proc_clear_tty(p);
1555	} while_each_pid_task(session, PIDTYPE_SID, p);
1556}
1557
1558/**
1559 *	disassociate_ctty	-	disconnect controlling tty
1560 *	@on_exit: true if exiting so need to "hang up" the session
1561 *
1562 *	This function is typically called only by the session leader, when
1563 *	it wants to disassociate itself from its controlling tty.
1564 *
1565 *	It performs the following functions:
1566 * 	(1)  Sends a SIGHUP and SIGCONT to the foreground process group
1567 * 	(2)  Clears the tty from being controlling the session
1568 * 	(3)  Clears the controlling tty for all processes in the
1569 * 		session group.
1570 *
1571 *	The argument on_exit is set to 1 if called when a process is
1572 *	exiting; it is 0 if called by the ioctl TIOCNOTTY.
1573 *
1574 *	Locking:
1575 *		BKL is taken for hysterical raisins
1576 *		  tty_mutex is taken to protect tty
1577 *		  ->siglock is taken to protect ->signal/->sighand
1578 *		  tasklist_lock is taken to walk process list for sessions
1579 *		    ->siglock is taken to protect ->signal/->sighand
1580 */
1581
1582void disassociate_ctty(int on_exit)
1583{
1584	struct tty_struct *tty;
1585	struct pid *tty_pgrp = NULL;
1586
1587	lock_kernel();
1588
1589	mutex_lock(&tty_mutex);
1590	tty = get_current_tty();
1591	if (tty) {
1592		tty_pgrp = get_pid(tty->pgrp);
1593		mutex_unlock(&tty_mutex);
1594		/* XXX: here we race, there is nothing protecting tty */
1595		if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY)
1596			tty_vhangup(tty);
1597	} else if (on_exit) {
1598		struct pid *old_pgrp;
1599		spin_lock_irq(&current->sighand->siglock);
1600		old_pgrp = current->signal->tty_old_pgrp;
1601		current->signal->tty_old_pgrp = NULL;
1602		spin_unlock_irq(&current->sighand->siglock);
1603		if (old_pgrp) {
1604			kill_pgrp(old_pgrp, SIGHUP, on_exit);
1605			kill_pgrp(old_pgrp, SIGCONT, on_exit);
1606			put_pid(old_pgrp);
1607		}
1608		mutex_unlock(&tty_mutex);
1609		unlock_kernel();
1610		return;
1611	}
1612	if (tty_pgrp) {
1613		kill_pgrp(tty_pgrp, SIGHUP, on_exit);
1614		if (!on_exit)
1615			kill_pgrp(tty_pgrp, SIGCONT, on_exit);
1616		put_pid(tty_pgrp);
1617	}
1618
1619	spin_lock_irq(&current->sighand->siglock);
1620	put_pid(current->signal->tty_old_pgrp);
1621	current->signal->tty_old_pgrp = NULL;
1622	spin_unlock_irq(&current->sighand->siglock);
1623
1624	mutex_lock(&tty_mutex);
1625	/* It is possible that do_tty_hangup has free'd this tty */
1626	tty = get_current_tty();
1627	if (tty) {
1628		put_pid(tty->session);
1629		put_pid(tty->pgrp);
1630		tty->session = NULL;
1631		tty->pgrp = NULL;
1632	} else {
1633#ifdef TTY_DEBUG_HANGUP
1634		printk(KERN_DEBUG "error attempted to write to tty [0x%p]"
1635		       " = NULL", tty);
1636#endif
1637	}
1638	mutex_unlock(&tty_mutex);
1639
1640	/* Now clear signal->tty under the lock */
1641	read_lock(&tasklist_lock);
1642	session_clear_tty(task_session(current));
1643	read_unlock(&tasklist_lock);
1644	unlock_kernel();
1645}
1646
1647/**
1648 *
1649 *	no_tty	- Ensure the current process does not have a controlling tty
1650 */
1651void no_tty(void)
1652{
1653	struct task_struct *tsk = current;
1654	if (tsk->signal->leader)
1655		disassociate_ctty(0);
1656	proc_clear_tty(tsk);
1657}
1658
1659
1660/**
1661 *	stop_tty	-	propagate flow control
1662 *	@tty: tty to stop
1663 *
1664 *	Perform flow control to the driver. For PTY/TTY pairs we
1665 *	must also propagate the TIOCKPKT status. May be called
1666 *	on an already stopped device and will not re-call the driver
1667 *	method.
1668 *
1669 *	This functionality is used by both the line disciplines for
1670 *	halting incoming flow and by the driver. It may therefore be
1671 *	called from any context, may be under the tty atomic_write_lock
1672 *	but not always.
1673 *
1674 *	Locking:
1675 *		Broken. Relies on BKL which is unsafe here.
1676 */
1677
1678void stop_tty(struct tty_struct *tty)
1679{
1680	if (tty->stopped)
1681		return;
1682	tty->stopped = 1;
1683	if (tty->link && tty->link->packet) {
1684		tty->ctrl_status &= ~TIOCPKT_START;
1685		tty->ctrl_status |= TIOCPKT_STOP;
1686		wake_up_interruptible(&tty->link->read_wait);
1687	}
1688	if (tty->driver->stop)
1689		(tty->driver->stop)(tty);
1690}
1691
1692EXPORT_SYMBOL(stop_tty);
1693
1694/**
1695 *	start_tty	-	propagate flow control
1696 *	@tty: tty to start
1697 *
1698 *	Start a tty that has been stopped if at all possible. Perform
1699 *	any necessary wakeups and propagate the TIOCPKT status. If this
1700 *	is the tty was previous stopped and is being started then the
1701 *	driver start method is invoked and the line discipline woken.
1702 *
1703 *	Locking:
1704 *		Broken. Relies on BKL which is unsafe here.
1705 */
1706
1707void start_tty(struct tty_struct *tty)
1708{
1709	if (!tty->stopped || tty->flow_stopped)
1710		return;
1711	tty->stopped = 0;
1712	if (tty->link && tty->link->packet) {
1713		tty->ctrl_status &= ~TIOCPKT_STOP;
1714		tty->ctrl_status |= TIOCPKT_START;
1715		wake_up_interruptible(&tty->link->read_wait);
1716	}
1717	if (tty->driver->start)
1718		(tty->driver->start)(tty);
1719	/* If we have a running line discipline it may need kicking */
1720	tty_wakeup(tty);
1721}
1722
1723EXPORT_SYMBOL(start_tty);
1724
1725/**
1726 *	tty_read	-	read method for tty device files
1727 *	@file: pointer to tty file
1728 *	@buf: user buffer
1729 *	@count: size of user buffer
1730 *	@ppos: unused
1731 *
1732 *	Perform the read system call function on this terminal device. Checks
1733 *	for hung up devices before calling the line discipline method.
1734 *
1735 *	Locking:
1736 *		Locks the line discipline internally while needed
1737 *		For historical reasons the line discipline read method is
1738 *	invoked under the BKL. This will go away in time so do not rely on it
1739 *	in new code. Multiple read calls may be outstanding in parallel.
1740 */
1741
1742static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
1743			loff_t *ppos)
1744{
1745	int i;
1746	struct tty_struct *tty;
1747	struct inode *inode;
1748	struct tty_ldisc *ld;
1749
1750	tty = (struct tty_struct *)file->private_data;
1751	inode = file->f_path.dentry->d_inode;
1752	if (tty_paranoia_check(tty, inode, "tty_read"))
1753		return -EIO;
1754	if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
1755		return -EIO;
1756
1757	/* We want to wait for the line discipline to sort out in this
1758	   situation */
1759	ld = tty_ldisc_ref_wait(tty);
1760	lock_kernel();
1761	if (ld->read)
1762		i = (ld->read)(tty, file, buf, count);
1763	else
1764		i = -EIO;
1765	tty_ldisc_deref(ld);
1766	unlock_kernel();
1767	if (i > 0)
1768		inode->i_atime = current_fs_time(inode->i_sb);
1769	return i;
1770}
1771
1772void tty_write_unlock(struct tty_struct *tty)
1773{
1774	mutex_unlock(&tty->atomic_write_lock);
1775	wake_up_interruptible(&tty->write_wait);
1776}
1777
1778int tty_write_lock(struct tty_struct *tty, int ndelay)
1779{
1780	if (!mutex_trylock(&tty->atomic_write_lock)) {
1781		if (ndelay)
1782			return -EAGAIN;
1783		if (mutex_lock_interruptible(&tty->atomic_write_lock))
1784			return -ERESTARTSYS;
1785	}
1786	return 0;
1787}
1788
1789/*
1790 * Split writes up in sane blocksizes to avoid
1791 * denial-of-service type attacks
1792 */
1793static inline ssize_t do_tty_write(
1794	ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1795	struct tty_struct *tty,
1796	struct file *file,
1797	const char __user *buf,
1798	size_t count)
1799{
1800	ssize_t ret, written = 0;
1801	unsigned int chunk;
1802
1803	ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
1804	if (ret < 0)
1805		return ret;
1806
1807	/*
1808	 * We chunk up writes into a temporary buffer. This
1809	 * simplifies low-level drivers immensely, since they
1810	 * don't have locking issues and user mode accesses.
1811	 *
1812	 * But if TTY_NO_WRITE_SPLIT is set, we should use a
1813	 * big chunk-size..
1814	 *
1815	 * The default chunk-size is 2kB, because the NTTY
1816	 * layer has problems with bigger chunks. It will
1817	 * claim to be able to handle more characters than
1818	 * it actually does.
1819	 *
1820	 * FIXME: This can probably go away now except that 64K chunks
1821	 * are too likely to fail unless switched to vmalloc...
1822	 */
1823	chunk = 2048;
1824	if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1825		chunk = 65536;
1826	if (count < chunk)
1827		chunk = count;
1828
1829	/* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1830	if (tty->write_cnt < chunk) {
1831		unsigned char *buf;
1832
1833		if (chunk < 1024)
1834			chunk = 1024;
1835
1836		buf = kmalloc(chunk, GFP_KERNEL);
1837		if (!buf) {
1838			ret = -ENOMEM;
1839			goto out;
1840		}
1841		kfree(tty->write_buf);
1842		tty->write_cnt = chunk;
1843		tty->write_buf = buf;
1844	}
1845
1846	/* Do the write .. */
1847	for (;;) {
1848		size_t size = count;
1849		if (size > chunk)
1850			size = chunk;
1851		ret = -EFAULT;
1852		if (copy_from_user(tty->write_buf, buf, size))
1853			break;
1854		lock_kernel();
1855		ret = write(tty, file, tty->write_buf, size);
1856		unlock_kernel();
1857		if (ret <= 0)
1858			break;
1859		written += ret;
1860		buf += ret;
1861		count -= ret;
1862		if (!count)
1863			break;
1864		ret = -ERESTARTSYS;
1865		if (signal_pending(current))
1866			break;
1867		cond_resched();
1868	}
1869	if (written) {
1870		struct inode *inode = file->f_path.dentry->d_inode;
1871		inode->i_mtime = current_fs_time(inode->i_sb);
1872		ret = written;
1873	}
1874out:
1875	tty_write_unlock(tty);
1876	return ret;
1877}
1878
1879
1880/**
1881 *	tty_write		-	write method for tty device file
1882 *	@file: tty file pointer
1883 *	@buf: user data to write
1884 *	@count: bytes to write
1885 *	@ppos: unused
1886 *
1887 *	Write data to a tty device via the line discipline.
1888 *
1889 *	Locking:
1890 *		Locks the line discipline as required
1891 *		Writes to the tty driver are serialized by the atomic_write_lock
1892 *	and are then processed in chunks to the device. The line discipline
1893 *	write method will not be involked in parallel for each device
1894 *		The line discipline write method is called under the big
1895 *	kernel lock for historical reasons. New code should not rely on this.
1896 */
1897
1898static ssize_t tty_write(struct file *file, const char __user *buf,
1899						size_t count, loff_t *ppos)
1900{
1901	struct tty_struct *tty;
1902	struct inode *inode = file->f_path.dentry->d_inode;
1903	ssize_t ret;
1904	struct tty_ldisc *ld;
1905
1906	tty = (struct tty_struct *)file->private_data;
1907	if (tty_paranoia_check(tty, inode, "tty_write"))
1908		return -EIO;
1909	if (!tty || !tty->driver->write ||
1910		(test_bit(TTY_IO_ERROR, &tty->flags)))
1911			return -EIO;
1912
1913	ld = tty_ldisc_ref_wait(tty);
1914	if (!ld->write)
1915		ret = -EIO;
1916	else
1917		ret = do_tty_write(ld->write, tty, file, buf, count);
1918	tty_ldisc_deref(ld);
1919	return ret;
1920}
1921
1922ssize_t redirected_tty_write(struct file *file, const char __user *buf,
1923						size_t count, loff_t *ppos)
1924{
1925	struct file *p = NULL;
1926
1927	spin_lock(&redirect_lock);
1928	if (redirect) {
1929		get_file(redirect);
1930		p = redirect;
1931	}
1932	spin_unlock(&redirect_lock);
1933
1934	if (p) {
1935		ssize_t res;
1936		res = vfs_write(p, buf, count, &p->f_pos);
1937		fput(p);
1938		return res;
1939	}
1940	return tty_write(file, buf, count, ppos);
1941}
1942
1943static char ptychar[] = "pqrstuvwxyzabcde";
1944
1945/**
1946 *	pty_line_name	-	generate name for a pty
1947 *	@driver: the tty driver in use
1948 *	@index: the minor number
1949 *	@p: output buffer of at least 6 bytes
1950 *
1951 *	Generate a name from a driver reference and write it to the output
1952 *	buffer.
1953 *
1954 *	Locking: None
1955 */
1956static void pty_line_name(struct tty_driver *driver, int index, char *p)
1957{
1958	int i = index + driver->name_base;
1959	/* ->name is initialized to "ttyp", but "tty" is expected */
1960	sprintf(p, "%s%c%x",
1961		driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1962		ptychar[i >> 4 & 0xf], i & 0xf);
1963}
1964
1965/**
1966 *	pty_line_name	-	generate name for a tty
1967 *	@driver: the tty driver in use
1968 *	@index: the minor number
1969 *	@p: output buffer of at least 7 bytes
1970 *
1971 *	Generate a name from a driver reference and write it to the output
1972 *	buffer.
1973 *
1974 *	Locking: None
1975 */
1976static void tty_line_name(struct tty_driver *driver, int index, char *p)
1977{
1978	sprintf(p, "%s%d", driver->name, index + driver->name_base);
1979}
1980
1981/**
1982 *	init_dev		-	initialise a tty device
1983 *	@driver: tty driver we are opening a device on
1984 *	@idx: device index
1985 *	@tty: returned tty structure
1986 *
1987 *	Prepare a tty device. This may not be a "new" clean device but
1988 *	could also be an active device. The pty drivers require special
1989 *	handling because of this.
1990 *
1991 *	Locking:
1992 *		The function is called under the tty_mutex, which
1993 *	protects us from the tty struct or driver itself going away.
1994 *
1995 *	On exit the tty device has the line discipline attached and
1996 *	a reference count of 1. If a pair was created for pty/tty use
1997 *	and the other was a pty master then it too has a reference count of 1.
1998 *
1999 * WSH 06/09/97: Rewritten to remove races and properly clean up after a
2000 * failed open.  The new code protects the open with a mutex, so it's
2001 * really quite straightforward.  The mutex locking can probably be
2002 * relaxed for the (most common) case of reopening a tty.
2003 */
2004
2005static int init_dev(struct tty_driver *driver, int idx,
2006	struct tty_struct **ret_tty)
2007{
2008	struct tty_struct *tty, *o_tty;
2009	struct ktermios *tp, **tp_loc, *o_tp, **o_tp_loc;
2010	struct ktermios *ltp, **ltp_loc, *o_ltp, **o_ltp_loc;
2011	int retval = 0;
2012
2013	/* check whether we're reopening an existing tty */
2014	if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
2015		tty = devpts_get_tty(idx);
2016		/*
2017		 * If we don't have a tty here on a slave open, it's because
2018		 * the master already started the close process and there's
2019		 * no relation between devpts file and tty anymore.
2020		 */
2021		if (!tty && driver->subtype == PTY_TYPE_SLAVE) {
2022			retval = -EIO;
2023			goto end_init;
2024		}
2025		/*
2026		 * It's safe from now on because init_dev() is called with
2027		 * tty_mutex held and release_dev() won't change tty->count
2028		 * or tty->flags without having to grab tty_mutex
2029		 */
2030		if (tty && driver->subtype == PTY_TYPE_MASTER)
2031			tty = tty->link;
2032	} else {
2033		tty = driver->ttys[idx];
2034	}
2035	if (tty) goto fast_track;
2036
2037	/*
2038	 * First time open is complex, especially for PTY devices.
2039	 * This code guarantees that either everything succeeds and the
2040	 * TTY is ready for operation, or else the table slots are vacated
2041	 * and the allocated memory released.  (Except that the termios
2042	 * and locked termios may be retained.)
2043	 */
2044
2045	if (!try_module_get(driver->owner)) {
2046		retval = -ENODEV;
2047		goto end_init;
2048	}
2049
2050	o_tty = NULL;
2051	tp = o_tp = NULL;
2052	ltp = o_ltp = NULL;
2053
2054	tty = alloc_tty_struct();
2055	if (!tty)
2056		goto fail_no_mem;
2057	initialize_tty_struct(tty);
2058	tty->driver = driver;
2059	tty->index = idx;
2060	tty_line_name(driver, idx, tty->name);
2061
2062	if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
2063		tp_loc = &tty->termios;
2064		ltp_loc = &tty->termios_locked;
2065	} else {
2066		tp_loc = &driver->termios[idx];
2067		ltp_loc = &driver->termios_locked[idx];
2068	}
2069
2070	if (!*tp_loc) {
2071		tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
2072		if (!tp)
2073			goto free_mem_out;
2074		*tp = driver->init_termios;
2075	}
2076
2077	if (!*ltp_loc) {
2078		ltp = kzalloc(sizeof(struct ktermios), GFP_KERNEL);
2079		if (!ltp)
2080			goto free_mem_out;
2081	}
2082
2083	if (driver->type == TTY_DRIVER_TYPE_PTY) {
2084		o_tty = alloc_tty_struct();
2085		if (!o_tty)
2086			goto free_mem_out;
2087		initialize_tty_struct(o_tty);
2088		o_tty->driver = driver->other;
2089		o_tty->index = idx;
2090		tty_line_name(driver->other, idx, o_tty->name);
2091
2092		if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
2093			o_tp_loc = &o_tty->termios;
2094			o_ltp_loc = &o_tty->termios_locked;
2095		} else {
2096			o_tp_loc = &driver->other->termios[idx];
2097			o_ltp_loc = &driver->other->termios_locked[idx];
2098		}
2099
2100		if (!*o_tp_loc) {
2101			o_tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
2102			if (!o_tp)
2103				goto free_mem_out;
2104			*o_tp = driver->other->init_termios;
2105		}
2106
2107		if (!*o_ltp_loc) {
2108			o_ltp = kzalloc(sizeof(struct ktermios), GFP_KERNEL);
2109			if (!o_ltp)
2110				goto free_mem_out;
2111		}
2112
2113		/*
2114		 * Everything allocated ... set up the o_tty structure.
2115		 */
2116		if (!(driver->other->flags & TTY_DRIVER_DEVPTS_MEM))
2117			driver->other->ttys[idx] = o_tty;
2118		if (!*o_tp_loc)
2119			*o_tp_loc = o_tp;
2120		if (!*o_ltp_loc)
2121			*o_ltp_loc = o_ltp;
2122		o_tty->termios = *o_tp_loc;
2123		o_tty->termios_locked = *o_ltp_loc;
2124		driver->other->refcount++;
2125		if (driver->subtype == PTY_TYPE_MASTER)
2126			o_tty->count++;
2127
2128		/* Establish the links in both directions */
2129		tty->link   = o_tty;
2130		o_tty->link = tty;
2131	}
2132
2133	/*
2134	 * All structures have been allocated, so now we install them.
2135	 * Failures after this point use release_tty to clean up, so
2136	 * there's no need to null out the local pointers.
2137	 */
2138	if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM))
2139		driver->ttys[idx] = tty;
2140
2141	if (!*tp_loc)
2142		*tp_loc = tp;
2143	if (!*ltp_loc)
2144		*ltp_loc = ltp;
2145	tty->termios = *tp_loc;
2146	tty->termios_locked = *ltp_loc;
2147	/* Compatibility until drivers always set this */
2148	tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
2149	tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
2150	driver->refcount++;
2151	tty->count++;
2152
2153	/*
2154	 * Structures all installed ... call the ldisc open routines.
2155	 * If we fail here just call release_tty to clean up.  No need
2156	 * to decrement the use counts, as release_tty doesn't care.
2157	 */
2158
2159	if (tty->ldisc.open) {
2160		retval = (tty->ldisc.open)(tty);
2161		if (retval)
2162			goto release_mem_out;
2163	}
2164	if (o_tty && o_tty->ldisc.open) {
2165		retval = (o_tty->ldisc.open)(o_tty);
2166		if (retval) {
2167			if (tty->ldisc.close)
2168				(tty->ldisc.close)(tty);
2169			goto release_mem_out;
2170		}
2171		tty_ldisc_enable(o_tty);
2172	}
2173	tty_ldisc_enable(tty);
2174	goto success;
2175
2176	/*
2177	 * This fast open can be used if the tty is already open.
2178	 * No memory is allocated, and the only failures are from
2179	 * attempting to open a closing tty or attempting multiple
2180	 * opens on a pty master.
2181	 */
2182fast_track:
2183	if (test_bit(TTY_CLOSING, &tty->flags)) {
2184		retval = -EIO;
2185		goto end_init;
2186	}
2187	if (driver->type == TTY_DRIVER_TYPE_PTY &&
2188	    driver->subtype == PTY_TYPE_MASTER) {
2189		/*
2190		 * special case for PTY masters: only one open permitted,
2191		 * and the slave side open count is incremented as well.
2192		 */
2193		if (tty->count) {
2194			retval = -EIO;
2195			goto end_init;
2196		}
2197		tty->link->count++;
2198	}
2199	tty->count++;
2200	tty->driver = driver; /* N.B. why do this every time?? */
2201
2202	/* FIXME */
2203	if (!test_bit(TTY_LDISC, &tty->flags))
2204		printk(KERN_ERR "init_dev but no ldisc\n");
2205success:
2206	*ret_tty = tty;
2207
2208	/* All paths come through here to release the mutex */
2209end_init:
2210	return retval;
2211
2212	/* Release locally allocated memory ... nothing placed in slots */
2213free_mem_out:
2214	kfree(o_tp);
2215	if (o_tty)
2216		free_tty_struct(o_tty);
2217	kfree(ltp);
2218	kfree(tp);
2219	free_tty_struct(tty);
2220
2221fail_no_mem:
2222	module_put(driver->owner);
2223	retval = -ENOMEM;
2224	goto end_init;
2225
2226	/* call the tty release_tty routine to clean out this slot */
2227release_mem_out:
2228	if (printk_ratelimit())
2229		printk(KERN_INFO "init_dev: ldisc open failed, "
2230				 "clearing slot %d\n", idx);
2231	release_tty(tty, idx);
2232	goto end_init;
2233}
2234
2235/**
2236 *	release_one_tty		-	release tty structure memory
2237 *
2238 *	Releases memory associated with a tty structure, and clears out the
2239 *	driver table slots. This function is called when a device is no longer
2240 *	in use. It also gets called when setup of a device fails.
2241 *
2242 *	Locking:
2243 *		tty_mutex - sometimes only
2244 *		takes the file list lock internally when working on the list
2245 *	of ttys that the driver keeps.
2246 *		FIXME: should we require tty_mutex is held here ??
2247 */
2248static void release_one_tty(struct tty_struct *tty, int idx)
2249{
2250	int devpts = tty->driver->flags & TTY_DRIVER_DEVPTS_MEM;
2251	struct ktermios *tp;
2252
2253	if (!devpts)
2254		tty->driver->ttys[idx] = NULL;
2255
2256	if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
2257		tp = tty->termios;
2258		if (!devpts)
2259			tty->driver->termios[idx] = NULL;
2260		kfree(tp);
2261
2262		tp = tty->termios_locked;
2263		if (!devpts)
2264			tty->driver->termios_locked[idx] = NULL;
2265		kfree(tp);
2266	}
2267
2268
2269	tty->magic = 0;
2270	tty->driver->refcount--;
2271
2272	file_list_lock();
2273	list_del_init(&tty->tty_files);
2274	file_list_unlock();
2275
2276	free_tty_struct(tty);
2277}
2278
2279/**
2280 *	release_tty		-	release tty structure memory
2281 *
2282 *	Release both @tty and a possible linked partner (think pty pair),
2283 *	and decrement the refcount of the backing module.
2284 *
2285 *	Locking:
2286 *		tty_mutex - sometimes only
2287 *		takes the file list lock internally when working on the list
2288 *	of ttys that the driver keeps.
2289 *		FIXME: should we require tty_mutex is held here ??
2290 */
2291static void release_tty(struct tty_struct *tty, int idx)
2292{
2293	struct tty_driver *driver = tty->driver;
2294
2295	if (tty->link)
2296		release_one_tty(tty->link, idx);
2297	release_one_tty(tty, idx);
2298	module_put(driver->owner);
2299}
2300
2301/*
2302 * Even releasing the tty structures is a tricky business.. We have
2303 * to be very careful that the structures are all released at the
2304 * same time, as interrupts might otherwise get the wrong pointers.
2305 *
2306 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
2307 * lead to double frees or releasing memory still in use.
2308 */
2309static void release_dev(struct file *filp)
2310{
2311	struct tty_struct *tty, *o_tty;
2312	int	pty_master, tty_closing, o_tty_closing, do_sleep;
2313	int	devpts;
2314	int	idx;
2315	char	buf[64];
2316	unsigned long flags;
2317
2318	tty = (struct tty_struct *)filp->private_data;
2319	if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode,
2320							"release_dev"))
2321		return;
2322
2323	check_tty_count(tty, "release_dev");
2324
2325	tty_fasync(-1, filp, 0);
2326
2327	idx = tty->index;
2328	pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2329		      tty->driver->subtype == PTY_TYPE_MASTER);
2330	devpts = (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) != 0;
2331	o_tty = tty->link;
2332
2333#ifdef TTY_PARANOIA_CHECK
2334	if (idx < 0 || idx >= tty->driver->num) {
2335		printk(KERN_DEBUG "release_dev: bad idx when trying to "
2336				  "free (%s)\n", tty->name);
2337		return;
2338	}
2339	if (!(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2340		if (tty != tty->driver->ttys[idx]) {
2341			printk(KERN_DEBUG "release_dev: driver.table[%d] not tty "
2342			       "for (%s)\n", idx, tty->name);
2343			return;
2344		}
2345		if (tty->termios != tty->driver->termios[idx]) {
2346			printk(KERN_DEBUG "release_dev: driver.termios[%d] not termios "
2347			       "for (%s)\n",
2348			       idx, tty->name);
2349			return;
2350		}
2351		if (tty->termios_locked != tty->driver->termios_locked[idx]) {
2352			printk(KERN_DEBUG "release_dev: driver.termios_locked[%d] not "
2353			       "termios_locked for (%s)\n",
2354			       idx, tty->name);
2355			return;
2356		}
2357	}
2358#endif
2359
2360#ifdef TTY_DEBUG_HANGUP
2361	printk(KERN_DEBUG "release_dev of %s (tty count=%d)...",
2362	       tty_name(tty, buf), tty->count);
2363#endif
2364
2365#ifdef TTY_PARANOIA_CHECK
2366	if (tty->driver->other &&
2367	     !(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2368		if (o_tty != tty->driver->other->ttys[idx]) {
2369			printk(KERN_DEBUG "release_dev: other->table[%d] "
2370					  "not o_tty for (%s)\n",
2371			       idx, tty->name);
2372			return;
2373		}
2374		if (o_tty->termios != tty->driver->other->termios[idx]) {
2375			printk(KERN_DEBUG "release_dev: other->termios[%d] "
2376					  "not o_termios for (%s)\n",
2377			       idx, tty->name);
2378			return;
2379		}
2380		if (o_tty->termios_locked !=
2381		      tty->driver->other->termios_locked[idx]) {
2382			printk(KERN_DEBUG "release_dev: other->termios_locked["
2383					  "%d] not o_termios_locked for (%s)\n",
2384			       idx, tty->name);
2385			return;
2386		}
2387		if (o_tty->link != tty) {
2388			printk(KERN_DEBUG "release_dev: bad pty pointers\n");
2389			return;
2390		}
2391	}
2392#endif
2393	if (tty->driver->close)
2394		tty->driver->close(tty, filp);
2395
2396	/*
2397	 * Sanity check: if tty->count is going to zero, there shouldn't be
2398	 * any waiters on tty->read_wait or tty->write_wait.  We test the
2399	 * wait queues and kick everyone out _before_ actually starting to
2400	 * close.  This ensures that we won't block while releasing the tty
2401	 * structure.
2402	 *
2403	 * The test for the o_tty closing is necessary, since the master and
2404	 * slave sides may close in any order.  If the slave side closes out
2405	 * first, its count will be one, since the master side holds an open.
2406	 * Thus this test wouldn't be triggered at the time the slave closes,
2407	 * so we do it now.
2408	 *
2409	 * Note that it's possible for the tty to be opened again while we're
2410	 * flushing out waiters.  By recalculating the closing flags before
2411	 * each iteration we avoid any problems.
2412	 */
2413	while (1) {
2414		/* Guard against races with tty->count changes elsewhere and
2415		   opens on /dev/tty */
2416
2417		mutex_lock(&tty_mutex);
2418		tty_closing = tty->count <= 1;
2419		o_tty_closing = o_tty &&
2420			(o_tty->count <= (pty_master ? 1 : 0));
2421		do_sleep = 0;
2422
2423		if (tty_closing) {
2424			if (waitqueue_active(&tty->read_wait)) {
2425				wake_up(&tty->read_wait);
2426				do_sleep++;
2427			}
2428			if (waitqueue_active(&tty->write_wait)) {
2429				wake_up(&tty->write_wait);
2430				do_sleep++;
2431			}
2432		}
2433		if (o_tty_closing) {
2434			if (waitqueue_active(&o_tty->read_wait)) {
2435				wake_up(&o_tty->read_wait);
2436				do_sleep++;
2437			}
2438			if (waitqueue_active(&o_tty->write_wait)) {
2439				wake_up(&o_tty->write_wait);
2440				do_sleep++;
2441			}
2442		}
2443		if (!do_sleep)
2444			break;
2445
2446		printk(KERN_WARNING "release_dev: %s: read/write wait queue "
2447				    "active!\n", tty_name(tty, buf));
2448		mutex_unlock(&tty_mutex);
2449		schedule();
2450	}
2451
2452	/*
2453	 * The closing flags are now consistent with the open counts on
2454	 * both sides, and we've completed the last operation that could
2455	 * block, so it's safe to proceed with closing.
2456	 */
2457	if (pty_master) {
2458		if (--o_tty->count < 0) {
2459			printk(KERN_WARNING "release_dev: bad pty slave count "
2460					    "(%d) for %s\n",
2461			       o_tty->count, tty_name(o_tty, buf));
2462			o_tty->count = 0;
2463		}
2464	}
2465	if (--tty->count < 0) {
2466		printk(KERN_WARNING "release_dev: bad tty->count (%d) for %s\n",
2467		       tty->count, tty_name(tty, buf));
2468		tty->count = 0;
2469	}
2470
2471	/*
2472	 * We've decremented tty->count, so we need to remove this file
2473	 * descriptor off the tty->tty_files list; this serves two
2474	 * purposes:
2475	 *  - check_tty_count sees the correct number of file descriptors
2476	 *    associated with this tty.
2477	 *  - do_tty_hangup no longer sees this file descriptor as
2478	 *    something that needs to be handled for hangups.
2479	 */
2480	file_kill(filp);
2481	filp->private_data = NULL;
2482
2483	/*
2484	 * Perform some housekeeping before deciding whether to return.
2485	 *
2486	 * Set the TTY_CLOSING flag if this was the last open.  In the
2487	 * case of a pty we may have to wait around for the other side
2488	 * to close, and TTY_CLOSING makes sure we can't be reopened.
2489	 */
2490	if (tty_closing)
2491		set_bit(TTY_CLOSING, &tty->flags);
2492	if (o_tty_closing)
2493		set_bit(TTY_CLOSING, &o_tty->flags);
2494
2495	/*
2496	 * If _either_ side is closing, make sure there aren't any
2497	 * processes that still think tty or o_tty is their controlling
2498	 * tty.
2499	 */
2500	if (tty_closing || o_tty_closing) {
2501		read_lock(&tasklist_lock);
2502		session_clear_tty(tty->session);
2503		if (o_tty)
2504			session_clear_tty(o_tty->session);
2505		read_unlock(&tasklist_lock);
2506	}
2507
2508	mutex_unlock(&tty_mutex);
2509
2510	/* check whether both sides are closing ... */
2511	if (!tty_closing || (o_tty && !o_tty_closing))
2512		return;
2513
2514#ifdef TTY_DEBUG_HANGUP
2515	printk(KERN_DEBUG "freeing tty structure...");
2516#endif
2517	/*
2518	 * Prevent flush_to_ldisc() from rescheduling the work for later.  Then
2519	 * kill any delayed work. As this is the final close it does not
2520	 * race with the set_ldisc code path.
2521	 */
2522	clear_bit(TTY_LDISC, &tty->flags);
2523	cancel_delayed_work(&tty->buf.work);
2524
2525	/*
2526	 * Wait for ->hangup_work and ->buf.work handlers to terminate
2527	 */
2528
2529	flush_scheduled_work();
2530
2531	/*
2532	 * Wait for any short term users (we know they are just driver
2533	 * side waiters as the file is closing so user count on the file
2534	 * side is zero.
2535	 */
2536	spin_lock_irqsave(&tty_ldisc_lock, flags);
2537	while (tty->ldisc.refcount) {
2538		spin_unlock_irqrestore(&tty_ldisc_lock, flags);
2539		wait_event(tty_ldisc_wait, tty->ldisc.refcount == 0);
2540		spin_lock_irqsave(&tty_ldisc_lock, flags);
2541	}
2542	spin_unlock_irqrestore(&tty_ldisc_lock, flags);
2543	/*
2544	 * Shutdown the current line discipline, and reset it to N_TTY.
2545	 * N.B. why reset ldisc when we're releasing the memory??
2546	 *
2547	 * FIXME: this MUST get fixed for the new reflocking
2548	 */
2549	if (tty->ldisc.close)
2550		(tty->ldisc.close)(tty);
2551	tty_ldisc_put(tty->ldisc.num);
2552
2553	/*
2554	 *	Switch the line discipline back
2555	 */
2556	tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
2557	tty_set_termios_ldisc(tty, N_TTY);
2558	if (o_tty) {
2559		/* FIXME: could o_tty be in setldisc here ? */
2560		clear_bit(TTY_LDISC, &o_tty->flags);
2561		if (o_tty->ldisc.close)
2562			(o_tty->ldisc.close)(o_tty);
2563		tty_ldisc_put(o_tty->ldisc.num);
2564		tty_ldisc_assign(o_tty, tty_ldisc_get(N_TTY));
2565		tty_set_termios_ldisc(o_tty, N_TTY);
2566	}
2567	/*
2568	 * The release_tty function takes care of the details of clearing
2569	 * the slots and preserving the termios structure.
2570	 */
2571	release_tty(tty, idx);
2572
2573#ifdef CONFIG_UNIX98_PTYS
2574	/* Make this pty number available for reallocation */
2575	if (devpts) {
2576		mutex_lock(&allocated_ptys_lock);
2577		idr_remove(&allocated_ptys, idx);
2578		mutex_unlock(&allocated_ptys_lock);
2579	}
2580#endif
2581
2582}
2583
2584/**
2585 *	tty_open		-	open a tty device
2586 *	@inode: inode of device file
2587 *	@filp: file pointer to tty
2588 *
2589 *	tty_open and tty_release keep up the tty count that contains the
2590 *	number of opens done on a tty. We cannot use the inode-count, as
2591 *	different inodes might point to the same tty.
2592 *
2593 *	Open-counting is needed for pty masters, as well as for keeping
2594 *	track of serial lines: DTR is dropped when the last close happens.
2595 *	(This is not done solely through tty->count, now.  - Ted 1/27/92)
2596 *
2597 *	The termios state of a pty is reset on first open so that
2598 *	settings don't persist across reuse.
2599 *
2600 *	Locking: tty_mutex protects tty, get_tty_driver and init_dev work.
2601 *		 tty->count should protect the rest.
2602 *		 ->siglock protects ->signal/->sighand
2603 */
2604
2605static int tty_open(struct inode *inode, struct file *filp)
2606{
2607	struct tty_struct *tty;
2608	int noctty, retval;
2609	struct tty_driver *driver;
2610	int index;
2611	dev_t device = inode->i_rdev;
2612	unsigned short saved_flags = filp->f_flags;
2613
2614	nonseekable_open(inode, filp);
2615
2616retry_open:
2617	noctty = filp->f_flags & O_NOCTTY;
2618	index  = -1;
2619	retval = 0;
2620
2621	mutex_lock(&tty_mutex);
2622
2623	if (device == MKDEV(TTYAUX_MAJOR, 0)) {
2624		tty = get_current_tty();
2625		if (!tty) {
2626			mutex_unlock(&tty_mutex);
2627			return -ENXIO;
2628		}
2629		driver = tty->driver;
2630		index = tty->index;
2631		filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
2632		/* noctty = 1; */
2633		goto got_driver;
2634	}
2635#ifdef CONFIG_VT
2636	if (device == MKDEV(TTY_MAJOR, 0)) {
2637		extern struct tty_driver *console_driver;
2638		driver = console_driver;
2639		index = fg_console;
2640		noctty = 1;
2641		goto got_driver;
2642	}
2643#endif
2644	if (device == MKDEV(TTYAUX_MAJOR, 1)) {
2645		driver = console_device(&index);
2646		if (driver) {
2647			/* Don't let /dev/console block */
2648			filp->f_flags |= O_NONBLOCK;
2649			noctty = 1;
2650			goto got_driver;
2651		}
2652		mutex_unlock(&tty_mutex);
2653		return -ENODEV;
2654	}
2655
2656	driver = get_tty_driver(device, &index);
2657	if (!driver) {
2658		mutex_unlock(&tty_mutex);
2659		return -ENODEV;
2660	}
2661got_driver:
2662	retval = init_dev(driver, index, &tty);
2663	mutex_unlock(&tty_mutex);
2664	if (retval)
2665		return retval;
2666
2667	filp->private_data = tty;
2668	file_move(filp, &tty->tty_files);
2669	check_tty_count(tty, "tty_open");
2670	if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2671	    tty->driver->subtype == PTY_TYPE_MASTER)
2672		noctty = 1;
2673#ifdef TTY_DEBUG_HANGUP
2674	printk(KERN_DEBUG "opening %s...", tty->name);
2675#endif
2676	if (!retval) {
2677		if (tty->driver->open)
2678			retval = tty->driver->open(tty, filp);
2679		else
2680			retval = -ENODEV;
2681	}
2682	filp->f_flags = saved_flags;
2683
2684	if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) &&
2685						!capable(CAP_SYS_ADMIN))
2686		retval = -EBUSY;
2687
2688	if (retval) {
2689#ifdef TTY_DEBUG_HANGUP
2690		printk(KERN_DEBUG "error %d in opening %s...", retval,
2691		       tty->name);
2692#endif
2693		release_dev(filp);
2694		if (retval != -ERESTARTSYS)
2695			return retval;
2696		if (signal_pending(current))
2697			return retval;
2698		schedule();
2699		/*
2700		 * Need to reset f_op in case a hangup happened.
2701		 */
2702		if (filp->f_op == &hung_up_tty_fops)
2703			filp->f_op = &tty_fops;
2704		goto retry_open;
2705	}
2706
2707	mutex_lock(&tty_mutex);
2708	spin_lock_irq(&current->sighand->siglock);
2709	if (!noctty &&
2710	    current->signal->leader &&
2711	    !current->signal->tty &&
2712	    tty->session == NULL)
2713		__proc_set_tty(current, tty);
2714	spin_unlock_irq(&current->sighand->siglock);
2715	mutex_unlock(&tty_mutex);
2716	tty_audit_opening();
2717	return 0;
2718}
2719
2720#ifdef CONFIG_UNIX98_PTYS
2721/**
2722 *	ptmx_open		-	open a unix 98 pty master
2723 *	@inode: inode of device file
2724 *	@filp: file pointer to tty
2725 *
2726 *	Allocate a unix98 pty master device from the ptmx driver.
2727 *
2728 *	Locking: tty_mutex protects theinit_dev work. tty->count should
2729 * 		protect the rest.
2730 *		allocated_ptys_lock handles the list of free pty numbers
2731 */
2732
2733static int ptmx_open(struct inode *inode, struct file *filp)
2734{
2735	struct tty_struct *tty;
2736	int retval;
2737	int index;
2738	int idr_ret;
2739
2740	nonseekable_open(inode, filp);
2741
2742	/* find a device that is not in use. */
2743	mutex_lock(&allocated_ptys_lock);
2744	if (!idr_pre_get(&allocated_ptys, GFP_KERNEL)) {
2745		mutex_unlock(&allocated_ptys_lock);
2746		return -ENOMEM;
2747	}
2748	idr_ret = idr_get_new(&allocated_ptys, NULL, &index);
2749	if (idr_ret < 0) {
2750		mutex_unlock(&allocated_ptys_lock);
2751		if (idr_ret == -EAGAIN)
2752			return -ENOMEM;
2753		return -EIO;
2754	}
2755	if (index >= pty_limit) {
2756		idr_remove(&allocated_ptys, index);
2757		mutex_unlock(&allocated_ptys_lock);
2758		return -EIO;
2759	}
2760	mutex_unlock(&allocated_ptys_lock);
2761
2762	mutex_lock(&tty_mutex);
2763	retval = init_dev(ptm_driver, index, &tty);
2764	mutex_unlock(&tty_mutex);
2765
2766	if (retval)
2767		goto out;
2768
2769	set_bit(TTY_PTY_LOCK, &tty->flags); /* LOCK THE SLAVE */
2770	filp->private_data = tty;
2771	file_move(filp, &tty->tty_files);
2772
2773	retval = -ENOMEM;
2774	if (devpts_pty_new(tty->link))
2775		goto out1;
2776
2777	check_tty_count(tty, "tty_open");
2778	retval = ptm_driver->open(tty, filp);
2779	if (!retval) {
2780		tty_audit_opening();
2781		return 0;
2782	}
2783out1:
2784	release_dev(filp);
2785	return retval;
2786out:
2787	mutex_lock(&allocated_ptys_lock);
2788	idr_remove(&allocated_ptys, index);
2789	mutex_unlock(&allocated_ptys_lock);
2790	return retval;
2791}
2792#endif
2793
2794/**
2795 *	tty_release		-	vfs callback for close
2796 *	@inode: inode of tty
2797 *	@filp: file pointer for handle to tty
2798 *
2799 *	Called the last time each file handle is closed that references
2800 *	this tty. There may however be several such references.
2801 *
2802 *	Locking:
2803 *		Takes bkl. See release_dev
2804 */
2805
2806static int tty_release(struct inode *inode, struct file *filp)
2807{
2808	lock_kernel();
2809	release_dev(filp);
2810	unlock_kernel();
2811	return 0;
2812}
2813
2814/**
2815 *	tty_poll	-	check tty status
2816 *	@filp: file being polled
2817 *	@wait: poll wait structures to update
2818 *
2819 *	Call the line discipline polling method to obtain the poll
2820 *	status of the device.
2821 *
2822 *	Locking: locks called line discipline but ldisc poll method
2823 *	may be re-entered freely by other callers.
2824 */
2825
2826static unsigned int tty_poll(struct file *filp, poll_table *wait)
2827{
2828	struct tty_struct *tty;
2829	struct tty_ldisc *ld;
2830	int ret = 0;
2831
2832	tty = (struct tty_struct *)filp->private_data;
2833	if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_poll"))
2834		return 0;
2835
2836	ld = tty_ldisc_ref_wait(tty);
2837	if (ld->poll)
2838		ret = (ld->poll)(tty, filp, wait);
2839	tty_ldisc_deref(ld);
2840	return ret;
2841}
2842
2843static int tty_fasync(int fd, struct file *filp, int on)
2844{
2845	struct tty_struct *tty;
2846	int retval;
2847
2848	tty = (struct tty_struct *)filp->private_data;
2849	if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_fasync"))
2850		return 0;
2851
2852	retval = fasync_helper(fd, filp, on, &tty->fasync);
2853	if (retval <= 0)
2854		return retval;
2855
2856	if (on) {
2857		enum pid_type type;
2858		struct pid *pid;
2859		if (!waitqueue_active(&tty->read_wait))
2860			tty->minimum_to_wake = 1;
2861		if (tty->pgrp) {
2862			pid = tty->pgrp;
2863			type = PIDTYPE_PGID;
2864		} else {
2865			pid = task_pid(current);
2866			type = PIDTYPE_PID;
2867		}
2868		retval = __f_setown(filp, pid, type, 0);
2869		if (retval)
2870			return retval;
2871	} else {
2872		if (!tty->fasync && !waitqueue_active(&tty->read_wait))
2873			tty->minimum_to_wake = N_TTY_BUF_SIZE;
2874	}
2875	return 0;
2876}
2877
2878/**
2879 *	tiocsti			-	fake input character
2880 *	@tty: tty to fake input into
2881 *	@p: pointer to character
2882 *
2883 *	Fake input to a tty device. Does the necessary locking and
2884 *	input management.
2885 *
2886 *	FIXME: does not honour flow control ??
2887 *
2888 *	Locking:
2889 *		Called functions take tty_ldisc_lock
2890 *		current->signal->tty check is safe without locks
2891 *
2892 *	FIXME: may race normal receive processing
2893 */
2894
2895static int tiocsti(struct tty_struct *tty, char __user *p)
2896{
2897	char ch, mbz = 0;
2898	struct tty_ldisc *ld;
2899
2900	if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2901		return -EPERM;
2902	if (get_user(ch, p))
2903		return -EFAULT;
2904	ld = tty_ldisc_ref_wait(tty);
2905	ld->receive_buf(tty, &ch, &mbz, 1);
2906	tty_ldisc_deref(ld);
2907	return 0;
2908}
2909
2910/**
2911 *	tiocgwinsz		-	implement window query ioctl
2912 *	@tty; tty
2913 *	@arg: user buffer for result
2914 *
2915 *	Copies the kernel idea of the window size into the user buffer.
2916 *
2917 *	Locking: tty->termios_mutex is taken to ensure the winsize data
2918 *		is consistent.
2919 */
2920
2921static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2922{
2923	int err;
2924
2925	mutex_lock(&tty->termios_mutex);
2926	err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2927	mutex_unlock(&tty->termios_mutex);
2928
2929	return err ? -EFAULT: 0;
2930}
2931
2932/**
2933 *	tiocswinsz		-	implement window size set ioctl
2934 *	@tty; tty
2935 *	@arg: user buffer for result
2936 *
2937 *	Copies the user idea of the window size to the kernel. Traditionally
2938 *	this is just advisory information but for the Linux console it
2939 *	actually has driver level meaning and triggers a VC resize.
2940 *
2941 *	Locking:
2942 *		Called function use the console_sem is used to ensure we do
2943 *	not try and resize the console twice at once.
2944 *		The tty->termios_mutex is used to ensure we don't double
2945 *	resize and get confused. Lock order - tty->termios_mutex before
2946 *	console sem
2947 */
2948
2949static int tiocswinsz(struct tty_struct *tty, struct tty_struct *real_tty,
2950	struct winsize __user *arg)
2951{
2952	struct winsize tmp_ws;
2953
2954	if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2955		return -EFAULT;
2956
2957	mutex_lock(&tty->termios_mutex);
2958	if (!memcmp(&tmp_ws, &tty->winsize, sizeof(*arg)))
2959		goto done;
2960
2961#ifdef CONFIG_VT
2962	if (tty->driver->type == TTY_DRIVER_TYPE_CONSOLE) {
2963		if (vc_lock_resize(tty->driver_data, tmp_ws.ws_col,
2964					tmp_ws.ws_row)) {
2965			mutex_unlock(&tty->termios_mutex);
2966			return -ENXIO;
2967		}
2968	}
2969#endif
2970	if (tty->pgrp)
2971		kill_pgrp(tty->pgrp, SIGWINCH, 1);
2972	if ((real_tty->pgrp != tty->pgrp) && real_tty->pgrp)
2973		kill_pgrp(real_tty->pgrp, SIGWINCH, 1);
2974	tty->winsize = tmp_ws;
2975	real_tty->winsize = tmp_ws;
2976done:
2977	mutex_unlock(&tty->termios_mutex);
2978	return 0;
2979}
2980
2981/**
2982 *	tioccons	-	allow admin to move logical console
2983 *	@file: the file to become console
2984 *
2985 *	Allow the adminstrator to move the redirected console device
2986 *
2987 *	Locking: uses redirect_lock to guard the redirect information
2988 */
2989
2990static int tioccons(struct file *file)
2991{
2992	if (!capable(CAP_SYS_ADMIN))
2993		return -EPERM;
2994	if (file->f_op->write == redirected_tty_write) {
2995		struct file *f;
2996		spin_lock(&redirect_lock);
2997		f = redirect;
2998		redirect = NULL;
2999		spin_unlock(&redirect_lock);
3000		if (f)
3001			fput(f);
3002		return 0;
3003	}
3004	spin_lock(&redirect_lock);
3005	if (redirect) {
3006		spin_unlock(&redirect_lock);
3007		return -EBUSY;
3008	}
3009	get_file(file);
3010	redirect = file;
3011	spin_unlock(&redirect_lock);
3012	return 0;
3013}
3014
3015/**
3016 *	fionbio		-	non blocking ioctl
3017 *	@file: file to set blocking value
3018 *	@p: user parameter
3019 *
3020 *	Historical tty interfaces had a blocking control ioctl before
3021 *	the generic functionality existed. This piece of history is preserved
3022 *	in the expected tty API of posix OS's.
3023 *
3024 *	Locking: none, the open fle handle ensures it won't go away.
3025 */
3026
3027static int fionbio(struct file *file, int __user *p)
3028{
3029	int nonblock;
3030
3031	if (get_user(nonblock, p))
3032		return -EFAULT;
3033
3034	if (nonblock)
3035		file->f_flags |= O_NONBLOCK;
3036	else
3037		file->f_flags &= ~O_NONBLOCK;
3038	return 0;
3039}
3040
3041/**
3042 *	tiocsctty	-	set controlling tty
3043 *	@tty: tty structure
3044 *	@arg: user argument
3045 *
3046 *	This ioctl is used to manage job control. It permits a session
3047 *	leader to set this tty as the controlling tty for the session.
3048 *
3049 *	Locking:
3050 *		Takes tty_mutex() to protect tty instance
3051 *		Takes tasklist_lock internally to walk sessions
3052 *		Takes ->siglock() when updating signal->tty
3053 */
3054
3055static int tiocsctty(struct tty_struct *tty, int arg)
3056{
3057	int ret = 0;
3058	if (current->signal->leader && (task_session(current) == tty->session))
3059		return ret;
3060
3061	mutex_lock(&tty_mutex);
3062	/*
3063	 * The process must be a session leader and
3064	 * not have a controlling tty already.
3065	 */
3066	if (!current->signal->leader || current->signal->tty) {
3067		ret = -EPERM;
3068		goto unlock;
3069	}
3070
3071	if (tty->session) {
3072		/*
3073		 * This tty is already the controlling
3074		 * tty for another session group!
3075		 */
3076		if (arg == 1 && capable(CAP_SYS_ADMIN)) {
3077			/*
3078			 * Steal it away
3079			 */
3080			read_lock(&tasklist_lock);
3081			session_clear_tty(tty->session);
3082			read_unlock(&tasklist_lock);
3083		} else {
3084			ret = -EPERM;
3085			goto unlock;
3086		}
3087	}
3088	proc_set_tty(current, tty);
3089unlock:
3090	mutex_unlock(&tty_mutex);
3091	return ret;
3092}
3093
3094/**
3095 *	tiocgpgrp		-	get process group
3096 *	@tty: tty passed by user
3097 *	@real_tty: tty side of the tty pased by the user if a pty else the tty
3098 *	@p: returned pid
3099 *
3100 *	Obtain the process group of the tty. If there is no process group
3101 *	return an error.
3102 *
3103 *	Locking: none. Reference to current->signal->tty is safe.
3104 */
3105
3106static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3107{
3108	/*
3109	 * (tty == real_tty) is a cheap way of
3110	 * testing if the tty is NOT a master pty.
3111	 */
3112	if (tty == real_tty && current->signal->tty != real_tty)
3113		return -ENOTTY;
3114	return put_user(pid_vnr(real_tty->pgrp), p);
3115}
3116
3117/**
3118 *	tiocspgrp		-	attempt to set process group
3119 *	@tty: tty passed by user
3120 *	@real_tty: tty side device matching tty passed by user
3121 *	@p: pid pointer
3122 *
3123 *	Set the process group of the tty to the session passed. Only
3124 *	permitted where the tty session is our session.
3125 *
3126 *	Locking: None
3127 */
3128
3129static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3130{
3131	struct pid *pgrp;
3132	pid_t pgrp_nr;
3133	int retval = tty_check_change(real_tty);
3134
3135	if (retval == -EIO)
3136		return -ENOTTY;
3137	if (retval)
3138		return retval;
3139	if (!current->signal->tty ||
3140	    (current->signal->tty != real_tty) ||
3141	    (real_tty->session != task_session(current)))
3142		return -ENOTTY;
3143	if (get_user(pgrp_nr, p))
3144		return -EFAULT;
3145	if (pgrp_nr < 0)
3146		return -EINVAL;
3147	rcu_read_lock();
3148	pgrp = find_vpid(pgrp_nr);
3149	retval = -ESRCH;
3150	if (!pgrp)
3151		goto out_unlock;
3152	retval = -EPERM;
3153	if (session_of_pgrp(pgrp) != task_session(current))
3154		goto out_unlock;
3155	retval = 0;
3156	put_pid(real_tty->pgrp);
3157	real_tty->pgrp = get_pid(pgrp);
3158out_unlock:
3159	rcu_read_unlock();
3160	return retval;
3161}
3162
3163/**
3164 *	tiocgsid		-	get session id
3165 *	@tty: tty passed by user
3166 *	@real_tty: tty side of the tty pased by the user if a pty else the tty
3167 *	@p: pointer to returned session id
3168 *
3169 *	Obtain the session id of the tty. If there is no session
3170 *	return an error.
3171 *
3172 *	Locking: none. Reference to current->signal->tty is safe.
3173 */
3174
3175static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3176{
3177	/*
3178	 * (tty == real_tty) is a cheap way of
3179	 * testing if the tty is NOT a master pty.
3180	*/
3181	if (tty == real_tty && current->signal->tty != real_tty)
3182		return -ENOTTY;
3183	if (!real_tty->session)
3184		return -ENOTTY;
3185	return put_user(pid_vnr(real_tty->session), p);
3186}
3187
3188/**
3189 *	tiocsetd	-	set line discipline
3190 *	@tty: tty device
3191 *	@p: pointer to user data
3192 *
3193 *	Set the line discipline according to user request.
3194 *
3195 *	Locking: see tty_set_ldisc, this function is just a helper
3196 */
3197
3198static int tiocsetd(struct tty_struct *tty, int __user *p)
3199{
3200	int ldisc;
3201
3202	if (get_user(ldisc, p))
3203		return -EFAULT;
3204	return tty_set_ldisc(tty, ldisc);
3205}
3206
3207/**
3208 *	send_break	-	performed time break
3209 *	@tty: device to break on
3210 *	@duration: timeout in mS
3211 *
3212 *	Perform a timed break on hardware that lacks its own driver level
3213 *	timed break functionality.
3214 *
3215 *	Locking:
3216 *		atomic_write_lock serializes
3217 *
3218 */
3219
3220static int send_break(struct tty_struct *tty, unsigned int duration)
3221{
3222	if (tty_write_lock(tty, 0) < 0)
3223		return -EINTR;
3224	tty->driver->break_ctl(tty, -1);
3225	if (!signal_pending(current))
3226		msleep_interruptible(duration);
3227	tty->driver->break_ctl(tty, 0);
3228	tty_write_unlock(tty);
3229	if (signal_pending(current))
3230		return -EINTR;
3231	return 0;
3232}
3233
3234/**
3235 *	tiocmget		-	get modem status
3236 *	@tty: tty device
3237 *	@file: user file pointer
3238 *	@p: pointer to result
3239 *
3240 *	Obtain the modem status bits from the tty driver if the feature
3241 *	is supported. Return -EINVAL if it is not available.
3242 *
3243 *	Locking: none (up to the driver)
3244 */
3245
3246static int tty_tiocmget(struct tty_struct *tty, struct file *file, int __user *p)
3247{
3248	int retval = -EINVAL;
3249
3250	if (tty->driver->tiocmget) {
3251		retval = tty->driver->tiocmget(tty, file);
3252
3253		if (retval >= 0)
3254			retval = put_user(retval, p);
3255	}
3256	return retval;
3257}
3258
3259/**
3260 *	tiocmset		-	set modem status
3261 *	@tty: tty device
3262 *	@file: user file pointer
3263 *	@cmd: command - clear bits, set bits or set all
3264 *	@p: pointer to desired bits
3265 *
3266 *	Set the modem status bits from the tty driver if the feature
3267 *	is supported. Return -EINVAL if it is not available.
3268 *
3269 *	Locking: none (up to the driver)
3270 */
3271
3272static int tty_tiocmset(struct tty_struct *tty, struct file *file, unsigned int cmd,
3273	     unsigned __user *p)
3274{
3275	int retval = -EINVAL;
3276
3277	if (tty->driver->tiocmset) {
3278		unsigned int set, clear, val;
3279
3280		retval = get_user(val, p);
3281		if (retval)
3282			return retval;
3283
3284		set = clear = 0;
3285		switch (cmd) {
3286		case TIOCMBIS:
3287			set = val;
3288			break;
3289		case TIOCMBIC:
3290			clear = val;
3291			break;
3292		case TIOCMSET:
3293			set = val;
3294			clear = ~val;
3295			break;
3296		}
3297
3298		set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
3299		clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
3300
3301		retval = tty->driver->tiocmset(tty, file, set, clear);
3302	}
3303	return retval;
3304}
3305
3306/*
3307 * Split this up, as gcc can choke on it otherwise..
3308 */
3309int tty_ioctl(struct inode *inode, struct file *file,
3310	      unsigned int cmd, unsigned long arg)
3311{
3312	struct tty_struct *tty, *real_tty;
3313	void __user *p = (void __user *)arg;
3314	int retval;
3315	struct tty_ldisc *ld;
3316
3317	tty = (struct tty_struct *)file->private_data;
3318	if (tty_paranoia_check(tty, inode, "tty_ioctl"))
3319		return -EINVAL;
3320
3321	/* CHECKME: is this safe as one end closes ? */
3322
3323	real_tty = tty;
3324	if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
3325	    tty->driver->subtype == PTY_TYPE_MASTER)
3326		real_tty = tty->link;
3327
3328	/*
3329	 * Break handling by driver
3330	 */
3331	if (!tty->driver->break_ctl) {
3332		switch (cmd) {
3333		case TIOCSBRK:
3334		case TIOCCBRK:
3335			if (tty->driver->ioctl)
3336				return tty->driver->ioctl(tty, file, cmd, arg);
3337			return -EINVAL;
3338
3339		/* These two ioctl's always return success; even if */
3340		/* the driver doesn't support them. */
3341		case TCSBRK:
3342		case TCSBRKP:
3343			if (!tty->driver->ioctl)
3344				return 0;
3345			retval = tty->driver->ioctl(tty, file, cmd, arg);
3346			if (retval == -ENOIOCTLCMD)
3347				retval = 0;
3348			return retval;
3349		}
3350	}
3351
3352	/*
3353	 * Factor out some common prep work
3354	 */
3355	switch (cmd) {
3356	case TIOCSETD:
3357	case TIOCSBRK:
3358	case TIOCCBRK:
3359	case TCSBRK:
3360	case TCSBRKP:
3361		retval = tty_check_change(tty);
3362		if (retval)
3363			return retval;
3364		if (cmd != TIOCCBRK) {
3365			tty_wait_until_sent(tty, 0);
3366			if (signal_pending(current))
3367				return -EINTR;
3368		}
3369		break;
3370	}
3371
3372	switch (cmd) {
3373	case TIOCSTI:
3374		return tiocsti(tty, p);
3375	case TIOCGWINSZ:
3376		return tiocgwinsz(tty, p);
3377	case TIOCSWINSZ:
3378		return tiocswinsz(tty, real_tty, p);
3379	case TIOCCONS:
3380		return real_tty != tty ? -EINVAL : tioccons(file);
3381	case FIONBIO:
3382		return fionbio(file, p);
3383	case TIOCEXCL:
3384		set_bit(TTY_EXCLUSIVE, &tty->flags);
3385		return 0;
3386	case TIOCNXCL:
3387		clear_bit(TTY_EXCLUSIVE, &tty->flags);
3388		return 0;
3389	case TIOCNOTTY:
3390		if (current->signal->tty != tty)
3391			return -ENOTTY;
3392		no_tty();
3393		return 0;
3394	case TIOCSCTTY:
3395		return tiocsctty(tty, arg);
3396	case TIOCGPGRP:
3397		return tiocgpgrp(tty, real_tty, p);
3398	case TIOCSPGRP:
3399		return tiocspgrp(tty, real_tty, p);
3400	case TIOCGSID:
3401		return tiocgsid(tty, real_tty, p);
3402	case TIOCGETD:
3403		/* FIXME: check this is ok */
3404		return put_user(tty->ldisc.num, (int __user *)p);
3405	case TIOCSETD:
3406		return tiocsetd(tty, p);
3407#ifdef CONFIG_VT
3408	case TIOCLINUX:
3409		return tioclinux(tty, arg);
3410#endif
3411	/*
3412	 * Break handling
3413	 */
3414	case TIOCSBRK:	/* Turn break on, unconditionally */
3415		tty->driver->break_ctl(tty, -1);
3416		return 0;
3417
3418	case TIOCCBRK:	/* Turn break off, unconditionally */
3419		tty->driver->break_ctl(tty, 0);
3420		return 0;
3421	case TCSBRK:   /* SVID version: non-zero arg --> no break */
3422		/* non-zero arg means wait for all output data
3423		 * to be sent (performed above) but don't send break.
3424		 * This is used by the tcdrain() termios function.
3425		 */
3426		if (!arg)
3427			return send_break(tty, 250);
3428		return 0;
3429	case TCSBRKP:	/* support for POSIX tcsendbreak() */
3430		return send_break(tty, arg ? arg*100 : 250);
3431
3432	case TIOCMGET:
3433		return tty_tiocmget(tty, file, p);
3434	case TIOCMSET:
3435	case TIOCMBIC:
3436	case TIOCMBIS:
3437		return tty_tiocmset(tty, file, cmd, p);
3438	case TCFLSH:
3439		switch (arg) {
3440		case TCIFLUSH:
3441		case TCIOFLUSH:
3442		/* flush tty buffer and allow ldisc to process ioctl */
3443			tty_buffer_flush(tty);
3444			break;
3445		}
3446		break;
3447	}
3448	if (tty->driver->ioctl) {
3449		retval = (tty->driver->ioctl)(tty, file, cmd, arg);
3450		if (retval != -ENOIOCTLCMD)
3451			return retval;
3452	}
3453	ld = tty_ldisc_ref_wait(tty);
3454	retval = -EINVAL;
3455	if (ld->ioctl) {
3456		retval = ld->ioctl(tty, file, cmd, arg);
3457		if (retval == -ENOIOCTLCMD)
3458			retval = -EINVAL;
3459	}
3460	tty_ldisc_deref(ld);
3461	return retval;
3462}
3463
3464#ifdef CONFIG_COMPAT
3465static long tty_compat_ioctl(struct file *file, unsigned int cmd,
3466				unsigned long arg)
3467{
3468	struct inode *inode = file->f_dentry->d_inode;
3469	struct tty_struct *tty = file->private_data;
3470	struct tty_ldisc *ld;
3471	int retval = -ENOIOCTLCMD;
3472
3473	if (tty_paranoia_check(tty, inode, "tty_ioctl"))
3474		return -EINVAL;
3475
3476	if (tty->driver->compat_ioctl) {
3477		retval = (tty->driver->compat_ioctl)(tty, file, cmd, arg);
3478		if (retval != -ENOIOCTLCMD)
3479			return retval;
3480	}
3481
3482	ld = tty_ldisc_ref_wait(tty);
3483	if (ld->compat_ioctl)
3484		retval = ld->compat_ioctl(tty, file, cmd, arg);
3485	tty_ldisc_deref(ld);
3486
3487	return retval;
3488}
3489#endif
3490
3491/*
3492 * This implements the "Secure Attention Key" ---  the idea is to
3493 * prevent trojan horses by killing all processes associated with this
3494 * tty when the user hits the "Secure Attention Key".  Required for
3495 * super-paranoid applications --- see the Orange Book for more details.
3496 *
3497 * This code could be nicer; ideally it should send a HUP, wait a few
3498 * seconds, then send a INT, and then a KILL signal.  But you then
3499 * have to coordinate with the init process, since all processes associated
3500 * with the current tty must be dead before the new getty is allowed
3501 * to spawn.
3502 *
3503 * Now, if it would be correct ;-/ The current code has a nasty hole -
3504 * it doesn't catch files in flight. We may send the descriptor to ourselves
3505 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
3506 *
3507 * Nasty bug: do_SAK is being called in interrupt context.  This can
3508 * deadlock.  We punt it up to process context.  AKPM - 16Mar2001
3509 */
3510void __do_SAK(struct tty_struct *tty)
3511{
3512#ifdef TTY_SOFT_SAK
3513	tty_hangup(tty);
3514#else
3515	struct task_struct *g, *p;
3516	struct pid *session;
3517	int		i;
3518	struct file	*filp;
3519	struct fdtable *fdt;
3520
3521	if (!tty)
3522		return;
3523	session = tty->session;
3524
3525	tty_ldisc_flush(tty);
3526
3527	if (tty->driver->flush_buffer)
3528		tty->driver->flush_buffer(tty);
3529
3530	read_lock(&tasklist_lock);
3531	/* Kill the entire session */
3532	do_each_pid_task(session, PIDTYPE_SID, p) {
3533		printk(KERN_NOTICE "SAK: killed process %d"
3534			" (%s): task_session_nr(p)==tty->session\n",
3535			task_pid_nr(p), p->comm);
3536		send_sig(SIGKILL, p, 1);
3537	} while_each_pid_task(session, PIDTYPE_SID, p);
3538	/* Now kill any processes that happen to have the
3539	 * tty open.
3540	 */
3541	do_each_thread(g, p) {
3542		if (p->signal->tty == tty) {
3543			printk(KERN_NOTICE "SAK: killed process %d"
3544			    " (%s): task_session_nr(p)==tty->session\n",
3545			    task_pid_nr(p), p->comm);
3546			send_sig(SIGKILL, p, 1);
3547			continue;
3548		}
3549		task_lock(p);
3550		if (p->files) {
3551			/*
3552			 * We don't take a ref to the file, so we must
3553			 * hold ->file_lock instead.
3554			 */
3555			spin_lock(&p->files->file_lock);
3556			fdt = files_fdtable(p->files);
3557			for (i = 0; i < fdt->max_fds; i++) {
3558				filp = fcheck_files(p->files, i);
3559				if (!filp)
3560					continue;
3561				if (filp->f_op->read == tty_read &&
3562				    filp->private_data == tty) {
3563					printk(KERN_NOTICE "SAK: killed process %d"
3564					    " (%s): fd#%d opened to the tty\n",
3565					    task_pid_nr(p), p->comm, i);
3566					force_sig(SIGKILL, p);
3567					break;
3568				}
3569			}
3570			spin_unlock(&p->files->file_lock);
3571		}
3572		task_unlock(p);
3573	} while_each_thread(g, p);
3574	read_unlock(&tasklist_lock);
3575#endif
3576}
3577
3578static void do_SAK_work(struct work_struct *work)
3579{
3580	struct tty_struct *tty =
3581		container_of(work, struct tty_struct, SAK_work);
3582	__do_SAK(tty);
3583}
3584
3585/*
3586 * The tq handling here is a little racy - tty->SAK_work may already be queued.
3587 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3588 * the values which we write to it will be identical to the values which it
3589 * already has. --akpm
3590 */
3591void do_SAK(struct tty_struct *tty)
3592{
3593	if (!tty)
3594		return;
3595	schedule_work(&tty->SAK_work);
3596}
3597
3598EXPORT_SYMBOL(do_SAK);
3599
3600/**
3601 *	flush_to_ldisc
3602 *	@work: tty structure passed from work queue.
3603 *
3604 *	This routine is called out of the software interrupt to flush data
3605 *	from the buffer chain to the line discipline.
3606 *
3607 *	Locking: holds tty->buf.lock to guard buffer list. Drops the lock
3608 *	while invoking the line discipline receive_buf method. The
3609 *	receive_buf method is single threaded for each tty instance.
3610 */
3611
3612static void flush_to_ldisc(struct work_struct *work)
3613{
3614	struct tty_struct *tty =
3615		container_of(work, struct tty_struct, buf.work.work);
3616	unsigned long 	flags;
3617	struct tty_ldisc *disc;
3618	struct tty_buffer *tbuf, *head;
3619	char *char_buf;
3620	unsigned char *flag_buf;
3621
3622	disc = tty_ldisc_ref(tty);
3623	if (disc == NULL)	/*  !TTY_LDISC */
3624		return;
3625
3626	spin_lock_irqsave(&tty->buf.lock, flags);
3627	/* So we know a flush is running */
3628	set_bit(TTY_FLUSHING, &tty->flags);
3629	head = tty->buf.head;
3630	if (head != NULL) {
3631		tty->buf.head = NULL;
3632		for (;;) {
3633			int count = head->commit - head->read;
3634			if (!count) {
3635				if (head->next == NULL)
3636					break;
3637				tbuf = head;
3638				head = head->next;
3639				tty_buffer_free(tty, tbuf);
3640				continue;
3641			}
3642			/* Ldisc or user is trying to flush the buffers
3643			   we are feeding to the ldisc, stop feeding the
3644			   line discipline as we want to empty the queue */
3645			if (test_bit(TTY_FLUSHPENDING, &tty->flags))
3646				break;
3647			if (!tty->receive_room) {
3648				schedule_delayed_work(&tty->buf.work, 1);
3649				break;
3650			}
3651			if (count > tty->receive_room)
3652				count = tty->receive_room;
3653			char_buf = head->char_buf_ptr + head->read;
3654			flag_buf = head->flag_buf_ptr + head->read;
3655			head->read += count;
3656			spin_unlock_irqrestore(&tty->buf.lock, flags);
3657			disc->receive_buf(tty, char_buf, flag_buf, count);
3658			spin_lock_irqsave(&tty->buf.lock, flags);
3659		}
3660		/* Restore the queue head */
3661		tty->buf.head = head;
3662	}
3663	/* We may have a deferred request to flush the input buffer,
3664	   if so pull the chain under the lock and empty the queue */
3665	if (test_bit(TTY_FLUSHPENDING, &tty->flags)) {
3666		__tty_buffer_flush(tty);
3667		clear_bit(TTY_FLUSHPENDING, &tty->flags);
3668		wake_up(&tty->read_wait);
3669	}
3670	clear_bit(TTY_FLUSHING, &tty->flags);
3671	spin_unlock_irqrestore(&tty->buf.lock, flags);
3672
3673	tty_ldisc_deref(disc);
3674}
3675
3676/**
3677 *	tty_flip_buffer_push	-	terminal
3678 *	@tty: tty to push
3679 *
3680 *	Queue a push of the terminal flip buffers to the line discipline. This
3681 *	function must not be called from IRQ context if tty->low_latency is set.
3682 *
3683 *	In the event of the queue being busy for flipping the work will be
3684 *	held off and retried later.
3685 *
3686 *	Locking: tty buffer lock. Driver locks in low latency mode.
3687 */
3688
3689void tty_flip_buffer_push(struct tty_struct *tty)
3690{
3691	unsigned long flags;
3692	spin_lock_irqsave(&tty->buf.lock, flags);
3693	if (tty->buf.tail != NULL)
3694		tty->buf.tail->commit = tty->buf.tail->used;
3695	spin_unlock_irqrestore(&tty->buf.lock, flags);
3696
3697	if (tty->low_latency)
3698		flush_to_ldisc(&tty->buf.work.work);
3699	else
3700		schedule_delayed_work(&tty->buf.work, 1);
3701}
3702
3703EXPORT_SYMBOL(tty_flip_buffer_push);
3704
3705
3706/**
3707 *	initialize_tty_struct
3708 *	@tty: tty to initialize
3709 *
3710 *	This subroutine initializes a tty structure that has been newly
3711 *	allocated.
3712 *
3713 *	Locking: none - tty in question must not be exposed at this point
3714 */
3715
3716static void initialize_tty_struct(struct tty_struct *tty)
3717{
3718	memset(tty, 0, sizeof(struct tty_struct));
3719	tty->magic = TTY_MAGIC;
3720	tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
3721	tty->session = NULL;
3722	tty->pgrp = NULL;
3723	tty->overrun_time = jiffies;
3724	tty->buf.head = tty->buf.tail = NULL;
3725	tty_buffer_init(tty);
3726	INIT_DELAYED_WORK(&tty->buf.work, flush_to_ldisc);
3727	mutex_init(&tty->termios_mutex);
3728	init_waitqueue_head(&tty->write_wait);
3729	init_waitqueue_head(&tty->read_wait);
3730	INIT_WORK(&tty->hangup_work, do_tty_hangup);
3731	mutex_init(&tty->atomic_read_lock);
3732	mutex_init(&tty->atomic_write_lock);
3733	spin_lock_init(&tty->read_lock);
3734	INIT_LIST_HEAD(&tty->tty_files);
3735	INIT_WORK(&tty->SAK_work, do_SAK_work);
3736}
3737
3738/*
3739 * The default put_char routine if the driver did not define one.
3740 */
3741
3742static void tty_default_put_char(struct tty_struct *tty, unsigned char ch)
3743{
3744	tty->driver->write(tty, &ch, 1);
3745}
3746
3747static struct class *tty_class;
3748
3749/**
3750 *	tty_register_device - register a tty device
3751 *	@driver: the tty driver that describes the tty device
3752 *	@index: the index in the tty driver for this tty device
3753 *	@device: a struct device that is associated with this tty device.
3754 *		This field is optional, if there is no known struct device
3755 *		for this tty device it can be set to NULL safely.
3756 *
3757 *	Returns a pointer to the struct device for this tty device
3758 *	(or ERR_PTR(-EFOO) on error).
3759 *
3760 *	This call is required to be made to register an individual tty device
3761 *	if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set.  If
3762 *	that bit is not set, this function should not be called by a tty
3763 *	driver.
3764 *
3765 *	Locking: ??
3766 */
3767
3768struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3769				   struct device *device)
3770{
3771	char name[64];
3772	dev_t dev = MKDEV(driver->major, driver->minor_start) + index;
3773
3774	if (index >= driver->num) {
3775		printk(KERN_ERR "Attempt to register invalid tty line number "
3776		       " (%d).\n", index);
3777		return ERR_PTR(-EINVAL);
3778	}
3779
3780	if (driver->type == TTY_DRIVER_TYPE_PTY)
3781		pty_line_name(driver, index, name);
3782	else
3783		tty_line_name(driver, index, name);
3784
3785	return device_create(tty_class, device, dev, name);
3786}
3787
3788/**
3789 * 	tty_unregister_device - unregister a tty device
3790 * 	@driver: the tty driver that describes the tty device
3791 * 	@index: the index in the tty driver for this tty device
3792 *
3793 * 	If a tty device is registered with a call to tty_register_device() then
3794 *	this function must be called when the tty device is gone.
3795 *
3796 *	Locking: ??
3797 */
3798
3799void tty_unregister_device(struct tty_driver *driver, unsigned index)
3800{
3801	device_destroy(tty_class,
3802		MKDEV(driver->major, driver->minor_start) + index);
3803}
3804
3805EXPORT_SYMBOL(tty_register_device);
3806EXPORT_SYMBOL(tty_unregister_device);
3807
3808struct tty_driver *alloc_tty_driver(int lines)
3809{
3810	struct tty_driver *driver;
3811
3812	driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL);
3813	if (driver) {
3814		driver->magic = TTY_DRIVER_MAGIC;
3815		driver->num = lines;
3816		/* later we'll move allocation of tables here */
3817	}
3818	return driver;
3819}
3820
3821void put_tty_driver(struct tty_driver *driver)
3822{
3823	kfree(driver);
3824}
3825
3826void tty_set_operations(struct tty_driver *driver,
3827			const struct tty_operations *op)
3828{
3829	driver->open = op->open;
3830	driver->close = op->close;
3831	driver->write = op->write;
3832	driver->put_char = op->put_char;
3833	driver->flush_chars = op->flush_chars;
3834	driver->write_room = op->write_room;
3835	driver->chars_in_buffer = op->chars_in_buffer;
3836	driver->ioctl = op->ioctl;
3837	driver->compat_ioctl = op->compat_ioctl;
3838	driver->set_termios = op->set_termios;
3839	driver->throttle = op->throttle;
3840	driver->unthrottle = op->unthrottle;
3841	driver->stop = op->stop;
3842	driver->start = op->start;
3843	driver->hangup = op->hangup;
3844	driver->break_ctl = op->break_ctl;
3845	driver->flush_buffer = op->flush_buffer;
3846	driver->set_ldisc = op->set_ldisc;
3847	driver->wait_until_sent = op->wait_until_sent;
3848	driver->send_xchar = op->send_xchar;
3849	driver->read_proc = op->read_proc;
3850	driver->write_proc = op->write_proc;
3851	driver->tiocmget = op->tiocmget;
3852	driver->tiocmset = op->tiocmset;
3853}
3854
3855
3856EXPORT_SYMBOL(alloc_tty_driver);
3857EXPORT_SYMBOL(put_tty_driver);
3858EXPORT_SYMBOL(tty_set_operations);
3859
3860/*
3861 * Called by a tty driver to register itself.
3862 */
3863int tty_register_driver(struct tty_driver *driver)
3864{
3865	int error;
3866	int i;
3867	dev_t dev;
3868	void **p = NULL;
3869
3870	if (driver->flags & TTY_DRIVER_INSTALLED)
3871		return 0;
3872
3873	if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM) && driver->num) {
3874		p = kzalloc(driver->num * 3 * sizeof(void *), GFP_KERNEL);
3875		if (!p)
3876			return -ENOMEM;
3877	}
3878
3879	if (!driver->major) {
3880		error = alloc_chrdev_region(&dev, driver->minor_start,
3881						driver->num, driver->name);
3882		if (!error) {
3883			driver->major = MAJOR(dev);
3884			driver->minor_start = MINOR(dev);
3885		}
3886	} else {
3887		dev = MKDEV(driver->major, driver->minor_start);
3888		error = register_chrdev_region(dev, driver->num, driver->name);
3889	}
3890	if (error < 0) {
3891		kfree(p);
3892		return error;
3893	}
3894
3895	if (p) {
3896		driver->ttys = (struct tty_struct **)p;
3897		driver->termios = (struct ktermios **)(p + driver->num);
3898		driver->termios_locked = (struct ktermios **)
3899							(p + driver->num * 2);
3900	} else {
3901		driver->ttys = NULL;
3902		driver->termios = NULL;
3903		driver->termios_locked = NULL;
3904	}
3905
3906	cdev_init(&driver->cdev, &tty_fops);
3907	driver->cdev.owner = driver->owner;
3908	error = cdev_add(&driver->cdev, dev, driver->num);
3909	if (error) {
3910		unregister_chrdev_region(dev, driver->num);
3911		driver->ttys = NULL;
3912		driver->termios = driver->termios_locked = NULL;
3913		kfree(p);
3914		return error;
3915	}
3916
3917	if (!driver->put_char)
3918		driver->put_char = tty_default_put_char;
3919
3920	mutex_lock(&tty_mutex);
3921	list_add(&driver->tty_drivers, &tty_drivers);
3922	mutex_unlock(&tty_mutex);
3923
3924	if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
3925		for (i = 0; i < driver->num; i++)
3926		    tty_register_device(driver, i, NULL);
3927	}
3928	proc_tty_register_driver(driver);
3929	return 0;
3930}
3931
3932EXPORT_SYMBOL(tty_register_driver);
3933
3934/*
3935 * Called by a tty driver to unregister itself.
3936 */
3937int tty_unregister_driver(struct tty_driver *driver)
3938{
3939	int i;
3940	struct ktermios *tp;
3941	void *p;
3942
3943	if (driver->refcount)
3944		return -EBUSY;
3945
3946	unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3947				driver->num);
3948	mutex_lock(&tty_mutex);
3949	list_del(&driver->tty_drivers);
3950	mutex_unlock(&tty_mutex);
3951
3952	/*
3953	 * Free the termios and termios_locked structures because
3954	 * we don't want to get memory leaks when modular tty
3955	 * drivers are removed from the kernel.
3956	 */
3957	for (i = 0; i < driver->num; i++) {
3958		tp = driver->termios[i];
3959		if (tp) {
3960			driver->termios[i] = NULL;
3961			kfree(tp);
3962		}
3963		tp = driver->termios_locked[i];
3964		if (tp) {
3965			driver->termios_locked[i] = NULL;
3966			kfree(tp);
3967		}
3968		if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3969			tty_unregister_device(driver, i);
3970	}
3971	p = driver->ttys;
3972	proc_tty_unregister_driver(driver);
3973	driver->ttys = NULL;
3974	driver->termios = driver->termios_locked = NULL;
3975	kfree(p);
3976	cdev_del(&driver->cdev);
3977	return 0;
3978}
3979EXPORT_SYMBOL(tty_unregister_driver);
3980
3981dev_t tty_devnum(struct tty_struct *tty)
3982{
3983	return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3984}
3985EXPORT_SYMBOL(tty_devnum);
3986
3987void proc_clear_tty(struct task_struct *p)
3988{
3989	spin_lock_irq(&p->sighand->siglock);
3990	p->signal->tty = NULL;
3991	spin_unlock_irq(&p->sighand->siglock);
3992}
3993EXPORT_SYMBOL(proc_clear_tty);
3994
3995static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
3996{
3997	if (tty) {
3998		/* We should not have a session or pgrp to here but.... */
3999		put_pid(tty->session);
4000		put_pid(tty->pgrp);
4001		tty->session = get_pid(task_session(tsk));
4002		tty->pgrp = get_pid(task_pgrp(tsk));
4003	}
4004	put_pid(tsk->signal->tty_old_pgrp);
4005	tsk->signal->tty = tty;
4006	tsk->signal->tty_old_pgrp = NULL;
4007}
4008
4009static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
4010{
4011	spin_lock_irq(&tsk->sighand->siglock);
4012	__proc_set_tty(tsk, tty);
4013	spin_unlock_irq(&tsk->sighand->siglock);
4014}
4015
4016struct tty_struct *get_current_tty(void)
4017{
4018	struct tty_struct *tty;
4019	WARN_ON_ONCE(!mutex_is_locked(&tty_mutex));
4020	tty = current->signal->tty;
4021	/*
4022	 * session->tty can be changed/cleared from under us, make sure we
4023	 * issue the load. The obtained pointer, when not NULL, is valid as
4024	 * long as we hold tty_mutex.
4025	 */
4026	barrier();
4027	return tty;
4028}
4029EXPORT_SYMBOL_GPL(get_current_tty);
4030
4031/*
4032 * Initialize the console device. This is called *early*, so
4033 * we can't necessarily depend on lots of kernel help here.
4034 * Just do some early initializations, and do the complex setup
4035 * later.
4036 */
4037void __init console_init(void)
4038{
4039	initcall_t *call;
4040
4041	/* Setup the default TTY line discipline. */
4042	(void) tty_register_ldisc(N_TTY, &tty_ldisc_N_TTY);
4043
4044	/*
4045	 * set up the console device so that later boot sequences can
4046	 * inform about problems etc..
4047	 */
4048	call = __con_initcall_start;
4049	while (call < __con_initcall_end) {
4050		(*call)();
4051		call++;
4052	}
4053}
4054
4055static int __init tty_class_init(void)
4056{
4057	tty_class = class_create(THIS_MODULE, "tty");
4058	if (IS_ERR(tty_class))
4059		return PTR_ERR(tty_class);
4060	return 0;
4061}
4062
4063postcore_initcall(tty_class_init);
4064
4065/* 3/2004 jmc: why do these devices exist? */
4066
4067static struct cdev tty_cdev, console_cdev;
4068#ifdef CONFIG_UNIX98_PTYS
4069static struct cdev ptmx_cdev;
4070#endif
4071#ifdef CONFIG_VT
4072static struct cdev vc0_cdev;
4073#endif
4074
4075/*
4076 * Ok, now we can initialize the rest of the tty devices and can count
4077 * on memory allocations, interrupts etc..
4078 */
4079static int __init tty_init(void)
4080{
4081	cdev_init(&tty_cdev, &tty_fops);
4082	if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
4083	    register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
4084		panic("Couldn't register /dev/tty driver\n");
4085	device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), "tty");
4086
4087	cdev_init(&console_cdev, &console_fops);
4088	if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
4089	    register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
4090		panic("Couldn't register /dev/console driver\n");
4091	device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), "console");
4092
4093#ifdef CONFIG_UNIX98_PTYS
4094	cdev_init(&ptmx_cdev, &ptmx_fops);
4095	if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) ||
4096	    register_chrdev_region(MKDEV(TTYAUX_MAJOR, 2), 1, "/dev/ptmx") < 0)
4097		panic("Couldn't register /dev/ptmx driver\n");
4098	device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 2), "ptmx");
4099#endif
4100
4101#ifdef CONFIG_VT
4102	cdev_init(&vc0_cdev, &console_fops);
4103	if (cdev_add(&vc0_cdev, MKDEV(TTY_MAJOR, 0), 1) ||
4104	    register_chrdev_region(MKDEV(TTY_MAJOR, 0), 1, "/dev/vc/0") < 0)
4105		panic("Couldn't register /dev/tty0 driver\n");
4106	device_create(tty_class, NULL, MKDEV(TTY_MAJOR, 0), "tty0");
4107
4108	vty_init();
4109#endif
4110	return 0;
4111}
4112module_init(tty_init);
Configure Feed

Configure Feed
