projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
tty: BKL pushdown
[linux-2.6-block.git] / drivers / char / tty_io.c
CommitLineData
1da177e4
LT		 1/*
2 * linux/drivers/char/tty_io.c
3 *
4 * Copyright (C) 1991, 1992 Linus Torvalds
5 */
6
7/*
8 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
9 * or rs-channels. It also implements echoing, cooked mode etc.
10 *
11 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
12 *
13 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
14 * tty_struct and tty_queue structures. Previously there was an array
15 * of 256 tty_struct's which was statically allocated, and the
16 * tty_queue structures were allocated at boot time. Both are now
17 * dynamically allocated only when the tty is open.
18 *
19 * Also restructured routines so that there is more of a separation
20 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
21 * the low-level tty routines (serial.c, pty.c, console.c). This
37bdfb07 22 * makes for cleaner and more compact code. -TYT, 9/17/92
1da177e4
LT		 23 *
24 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
25 * which can be dynamically activated and de-activated by the line
26 * discipline handling modules (like SLIP).
27 *
28 * NOTE: pay no attention to the line discipline code (yet); its
29 * interface is still subject to change in this version...
30 * -- TYT, 1/31/92
31 *
32 * Added functionality to the OPOST tty handling. No delays, but all
33 * other bits should be there.
34 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
35 *
36 * Rewrote canonical mode and added more termios flags.
37 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
38 *
39 * Reorganized FASYNC support so mouse code can share it.
40 * -- ctm@ardi.com, 9Sep95
41 *
42 * New TIOCLINUX variants added.
43 * -- mj@k332.feld.cvut.cz, 19-Nov-95
37bdfb07 44 *
1da177e4
LT		 45 * Restrict vt switching via ioctl()
46 * -- grif@cs.ucr.edu, 5-Dec-95
47 *
48 * Move console and virtual terminal code to more appropriate files,
49 * implement CONFIG_VT and generalize console device interface.
50 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
51 *
52 * Rewrote init_dev and release_dev to eliminate races.
53 * -- Bill Hawes <whawes@star.net>, June 97
54 *
55 * Added devfs support.
56 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
57 *
58 * Added support for a Unix98-style ptmx device.
59 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
60 *
61 * Reduced memory usage for older ARM systems
62 * -- Russell King <rmk@arm.linux.org.uk>
63 *
64 * Move do_SAK() into process context. Less stack use in devfs functions.
37bdfb07
AC		 65 * alloc_tty_struct() always uses kmalloc()
66 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
1da177e4
LT		 67 */
68
1da177e4
LT		 69#include <linux/types.h>
70#include <linux/major.h>
71#include <linux/errno.h>
72#include <linux/signal.h>
73#include <linux/fcntl.h>
74#include <linux/sched.h>
75#include <linux/interrupt.h>
76#include <linux/tty.h>
77#include <linux/tty_driver.h>
78#include <linux/tty_flip.h>
79#include <linux/devpts_fs.h>
80#include <linux/file.h>
81#include <linux/console.h>
82#include <linux/timer.h>
83#include <linux/ctype.h>
84#include <linux/kd.h>
85#include <linux/mm.h>
86#include <linux/string.h>
87#include <linux/slab.h>
88#include <linux/poll.h>
89#include <linux/proc_fs.h>
90#include <linux/init.h>
91#include <linux/module.h>
92#include <linux/smp_lock.h>
93#include <linux/device.h>
94#include <linux/idr.h>
95#include <linux/wait.h>
96#include <linux/bitops.h>
b20f3ae5 97#include <linux/delay.h>
1da177e4
LT		 98
99#include <asm/uaccess.h>
100#include <asm/system.h>
101
102#include <linux/kbd_kern.h>
103#include <linux/vt_kern.h>
104#include <linux/selection.h>
1da177e4
LT		 105
106#include <linux/kmod.h>
b488893a 107#include <linux/nsproxy.h>
1da177e4
LT		 108
109#undef TTY_DEBUG_HANGUP
110
111#define TTY_PARANOIA_CHECK 1
112#define CHECK_TTY_COUNT 1
113
edc6afc5 114struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
1da177e4
LT		 115 .c_iflag = ICRNL | IXON,
116 .c_oflag = OPOST | ONLCR,
117 .c_cflag = B38400 | CS8 | CREAD | HUPCL,
118 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
119 ECHOCTL | ECHOKE | IEXTEN,
edc6afc5
AC		 120 .c_cc = INIT_C_CC,
121 .c_ispeed = 38400,
122 .c_ospeed = 38400
1da177e4
LT		 123};
124
125EXPORT_SYMBOL(tty_std_termios);
126
127/* This list gets poked at by procfs and various bits of boot up code. This
128 could do with some rationalisation such as pulling the tty proc function
129 into this file */
37bdfb07 130
1da177e4
LT		 131LIST_HEAD(tty_drivers); /* linked list of tty drivers */
132
24ec839c 133/* Mutex to protect creating and releasing a tty. This is shared with
1da177e4 134 vt.c for deeply disgusting hack reasons */
70522e12 135DEFINE_MUTEX(tty_mutex);
de2a84f2 136EXPORT_SYMBOL(tty_mutex);
1da177e4
LT		 137
138#ifdef CONFIG_UNIX98_PTYS
139extern struct tty_driver *ptm_driver; /* Unix98 pty masters; for /dev/ptmx */
37bdfb07 140extern int pty_limit; /* Config limit on Unix98 ptys */
1da177e4 141static DEFINE_IDR(allocated_ptys);
a6752f3f 142static DEFINE_MUTEX(allocated_ptys_lock);
1da177e4
LT		 143static int ptmx_open(struct inode *, struct file *);
144#endif
145
1da177e4
LT		 146static void initialize_tty_struct(struct tty_struct *tty);
147
148static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
149static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
37bdfb07
AC		 150ssize_t redirected_tty_write(struct file *, const char __user *,
151 size_t, loff_t *);
1da177e4
LT		 152static unsigned int tty_poll(struct file *, poll_table *);
153static int tty_open(struct inode *, struct file *);
154static int tty_release(struct inode *, struct file *);
04f378b1 155long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
e10cc1df 156#ifdef CONFIG_COMPAT
37bdfb07 157static long tty_compat_ioctl(struct file *file, unsigned int cmd,
e10cc1df
PF		 158 unsigned long arg);
159#else
160#define tty_compat_ioctl NULL
161#endif
37bdfb07 162static int tty_fasync(int fd, struct file *filp, int on);
d5698c28 163static void release_tty(struct tty_struct *tty, int idx);
2a65f1d9 164static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
98a27ba4 165static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
1da177e4 166
af9b897e
AC		 167/**
168 * alloc_tty_struct - allocate a tty object
169 *
170 * Return a new empty tty structure. The data fields have not
171 * been initialized in any way but has been zeroed
172 *
173 * Locking: none
af9b897e 174 */
1da177e4
LT		 175
176static struct tty_struct *alloc_tty_struct(void)
177{
1266b1e1 178 return kzalloc(sizeof(struct tty_struct), GFP_KERNEL);
1da177e4
LT		 179}
180
33f0f88f
AC		 181static void tty_buffer_free_all(struct tty_struct *);
182
af9b897e
AC		 183/**
184 * free_tty_struct - free a disused tty
185 * @tty: tty struct to free
186 *
187 * Free the write buffers, tty queue and tty memory itself.
188 *
189 * Locking: none. Must be called after tty is definitely unused
190 */
191
1da177e4
LT		 192static inline void free_tty_struct(struct tty_struct *tty)
193{
194 kfree(tty->write_buf);
33f0f88f 195 tty_buffer_free_all(tty);
1da177e4
LT		 196 kfree(tty);
197}
198
199#define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
200
af9b897e
AC		 201/**
202 * tty_name - return tty naming
203 * @tty: tty structure
204 * @buf: buffer for output
205 *
206 * Convert a tty structure into a name. The name reflects the kernel
207 * naming policy and if udev is in use may not reflect user space
208 *
209 * Locking: none
210 */
211
1da177e4
LT		 212char *tty_name(struct tty_struct *tty, char *buf)
213{
214 if (!tty) /* Hmm. NULL pointer. That's fun. */
215 strcpy(buf, "NULL tty");
216 else
217 strcpy(buf, tty->name);
218 return buf;
219}
220
221EXPORT_SYMBOL(tty_name);
222
d769a669 223int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
1da177e4
LT		 224 const char *routine)
225{
226#ifdef TTY_PARANOIA_CHECK
227 if (!tty) {
228 printk(KERN_WARNING
229 "null TTY for (%d:%d) in %s\n",
230 imajor(inode), iminor(inode), routine);
231 return 1;
232 }
233 if (tty->magic != TTY_MAGIC) {
234 printk(KERN_WARNING
235 "bad magic number for tty struct (%d:%d) in %s\n",
236 imajor(inode), iminor(inode), routine);
237 return 1;
238 }
239#endif
240 return 0;
241}
242
243static int check_tty_count(struct tty_struct *tty, const char *routine)
244{
245#ifdef CHECK_TTY_COUNT
246 struct list_head *p;
247 int count = 0;
37bdfb07 248
1da177e4
LT		 249 file_list_lock();
250 list_for_each(p, &tty->tty_files) {
251 count++;
252 }
253 file_list_unlock();
254 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
255 tty->driver->subtype == PTY_TYPE_SLAVE &&
256 tty->link && tty->link->count)
257 count++;
258 if (tty->count != count) {
259 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
260 "!= #fd's(%d) in %s\n",
261 tty->name, tty->count, count, routine);
262 return count;
24ec839c 263 }
1da177e4
LT		 264#endif
265 return 0;
266}
267
33f0f88f
AC		 268/*
269 * Tty buffer allocation management
270 */
271
af9b897e
AC		 272/**
273 * tty_buffer_free_all - free buffers used by a tty
274 * @tty: tty to free from
275 *
276 * Remove all the buffers pending on a tty whether queued with data
277 * or in the free ring. Must be called when the tty is no longer in use
278 *
279 * Locking: none
280 */
281
33f0f88f
AC		 282static void tty_buffer_free_all(struct tty_struct *tty)
283{
284 struct tty_buffer *thead;
37bdfb07 285 while ((thead = tty->buf.head) != NULL) {
33f0f88f
AC		 286 tty->buf.head = thead->next;
287 kfree(thead);
288 }
37bdfb07 289 while ((thead = tty->buf.free) != NULL) {
33f0f88f
AC		 290 tty->buf.free = thead->next;
291 kfree(thead);
292 }
293 tty->buf.tail = NULL;
01da5fd8 294 tty->buf.memory_used = 0;
33f0f88f
AC		 295}
296
01da5fd8
AC		 297/**
298 * tty_buffer_init - prepare a tty buffer structure
299 * @tty: tty to initialise
300 *
301 * Set up the initial state of the buffer management for a tty device.
302 * Must be called before the other tty buffer functions are used.
303 *
304 * Locking: none
305 */
306
33f0f88f
AC		 307static void tty_buffer_init(struct tty_struct *tty)
308{
808249ce 309 spin_lock_init(&tty->buf.lock);
33f0f88f
AC		 310 tty->buf.head = NULL;
311 tty->buf.tail = NULL;
312 tty->buf.free = NULL;
01da5fd8 313 tty->buf.memory_used = 0;
33f0f88f
AC		 314}
315
01da5fd8
AC		 316/**
317 * tty_buffer_alloc - allocate a tty buffer
318 * @tty: tty device
319 * @size: desired size (characters)
320 *
321 * Allocate a new tty buffer to hold the desired number of characters.
322 * Return NULL if out of memory or the allocation would exceed the
323 * per device queue
324 *
325 * Locking: Caller must hold tty->buf.lock
326 */
327
328static struct tty_buffer *tty_buffer_alloc(struct tty_struct *tty, size_t size)
33f0f88f 329{
01da5fd8
AC		 330 struct tty_buffer *p;
331
332 if (tty->buf.memory_used + size > 65536)
333 return NULL;
334 p = kmalloc(sizeof(struct tty_buffer) + 2 * size, GFP_ATOMIC);
37bdfb07 335 if (p == NULL)
33f0f88f
AC		 336 return NULL;
337 p->used = 0;
338 p->size = size;
339 p->next = NULL;
8977d929
PF		 340 p->commit = 0;
341 p->read = 0;
33f0f88f
AC		 342 p->char_buf_ptr = (char *)(p->data);
343 p->flag_buf_ptr = (unsigned char *)p->char_buf_ptr + size;
01da5fd8 344 tty->buf.memory_used += size;
33f0f88f
AC		 345 return p;
346}
347
01da5fd8
AC		 348/**
349 * tty_buffer_free - free a tty buffer
350 * @tty: tty owning the buffer
351 * @b: the buffer to free
352 *
353 * Free a tty buffer, or add it to the free list according to our
354 * internal strategy
355 *
356 * Locking: Caller must hold tty->buf.lock
357 */
33f0f88f
AC		 358
359static void tty_buffer_free(struct tty_struct *tty, struct tty_buffer *b)
360{
361 /* Dumb strategy for now - should keep some stats */
01da5fd8
AC		 362 tty->buf.memory_used -= b->size;
363 WARN_ON(tty->buf.memory_used < 0);
364
37bdfb07 365 if (b->size >= 512)
33f0f88f
AC		 366 kfree(b);
367 else {
368 b->next = tty->buf.free;
369 tty->buf.free = b;
370 }
371}
372
c5c34d48 373/**
42fd552e 374 * __tty_buffer_flush - flush full tty buffers
c5c34d48
PF		 375 * @tty: tty to flush
376 *
42fd552e
AC		 377 * flush all the buffers containing receive data. Caller must
378 * hold the buffer lock and must have ensured no parallel flush to
379 * ldisc is running.
c5c34d48 380 *
42fd552e 381 * Locking: Caller must hold tty->buf.lock
c5c34d48
PF		 382 */
383
42fd552e 384static void __tty_buffer_flush(struct tty_struct *tty)
c5c34d48
PF		 385{
386 struct tty_buffer *thead;
c5c34d48 387
37bdfb07 388 while ((thead = tty->buf.head) != NULL) {
c5c34d48
PF		 389 tty->buf.head = thead->next;
390 tty_buffer_free(tty, thead);
391 }
392 tty->buf.tail = NULL;
42fd552e
AC		 393}
394
395/**
396 * tty_buffer_flush - flush full tty buffers
397 * @tty: tty to flush
398 *
399 * flush all the buffers containing receive data. If the buffer is
400 * being processed by flush_to_ldisc then we defer the processing
401 * to that function
402 *
403 * Locking: none
404 */
405
406static void tty_buffer_flush(struct tty_struct *tty)
407{
408 unsigned long flags;
409 spin_lock_irqsave(&tty->buf.lock, flags);
410
411 /* If the data is being pushed to the tty layer then we can't
412 process it here. Instead set a flag and the flush_to_ldisc
413 path will process the flush request before it exits */
414 if (test_bit(TTY_FLUSHING, &tty->flags)) {
415 set_bit(TTY_FLUSHPENDING, &tty->flags);
416 spin_unlock_irqrestore(&tty->buf.lock, flags);
417 wait_event(tty->read_wait,
418 test_bit(TTY_FLUSHPENDING, &tty->flags) == 0);
419 return;
420 } else
421 __tty_buffer_flush(tty);
c5c34d48
PF		 422 spin_unlock_irqrestore(&tty->buf.lock, flags);
423}
424
01da5fd8
AC		 425/**
426 * tty_buffer_find - find a free tty buffer
427 * @tty: tty owning the buffer
428 * @size: characters wanted
429 *
430 * Locate an existing suitable tty buffer or if we are lacking one then
431 * allocate a new one. We round our buffers off in 256 character chunks
432 * to get better allocation behaviour.
433 *
434 * Locking: Caller must hold tty->buf.lock
435 */
436
33f0f88f
AC		 437static struct tty_buffer *tty_buffer_find(struct tty_struct *tty, size_t size)
438{
439 struct tty_buffer **tbh = &tty->buf.free;
37bdfb07 440 while ((*tbh) != NULL) {
33f0f88f 441 struct tty_buffer *t = *tbh;
37bdfb07 442 if (t->size >= size) {
33f0f88f
AC		 443 *tbh = t->next;
444 t->next = NULL;
445 t->used = 0;
8977d929
PF		 446 t->commit = 0;
447 t->read = 0;
01da5fd8 448 tty->buf.memory_used += t->size;
33f0f88f
AC		 449 return t;
450 }
451 tbh = &((*tbh)->next);
452 }
453 /* Round the buffer size out */
37bdfb07 454 size = (size + 0xFF) & ~0xFF;
01da5fd8 455 return tty_buffer_alloc(tty, size);
33f0f88f
AC		 456 /* Should possibly check if this fails for the largest buffer we
457 have queued and recycle that ? */
458}
459
01da5fd8
AC		 460/**
461 * tty_buffer_request_room - grow tty buffer if needed
462 * @tty: tty structure
463 * @size: size desired
464 *
465 * Make at least size bytes of linear space available for the tty
466 * buffer. If we fail return the size we managed to find.
467 *
468 * Locking: Takes tty->buf.lock
469 */
33f0f88f
AC		 470int tty_buffer_request_room(struct tty_struct *tty, size_t size)
471{
808249ce
PF		 472 struct tty_buffer *b, *n;
473 int left;
474 unsigned long flags;
475
476 spin_lock_irqsave(&tty->buf.lock, flags);
33f0f88f
AC		 477
478 /* OPTIMISATION: We could keep a per tty "zero" sized buffer to
479 remove this conditional if its worth it. This would be invisible
480 to the callers */
33b37a33 481 if ((b = tty->buf.tail) != NULL)
33f0f88f 482 left = b->size - b->used;
33b37a33 483 else
808249ce
PF		 484 left = 0;
485
486 if (left < size) {
487 /* This is the slow path - looking for new buffers to use */
488 if ((n = tty_buffer_find(tty, size)) != NULL) {
489 if (b != NULL) {
490 b->next = n;
8977d929 491 b->commit = b->used;
808249ce
PF		 492 } else
493 tty->buf.head = n;
494 tty->buf.tail = n;
808249ce
PF		 495 } else
496 size = left;
497 }
498
499 spin_unlock_irqrestore(&tty->buf.lock, flags);
33f0f88f
AC		 500 return size;
501}
33f0f88f
AC		 502EXPORT_SYMBOL_GPL(tty_buffer_request_room);
503
af9b897e
AC		 504/**
505 * tty_insert_flip_string - Add characters to the tty buffer
506 * @tty: tty structure
507 * @chars: characters
508 * @size: size
509 *
510 * Queue a series of bytes to the tty buffering. All the characters
511 * passed are marked as without error. Returns the number added.
512 *
513 * Locking: Called functions may take tty->buf.lock
514 */
515
e1a25090
AM		 516int tty_insert_flip_string(struct tty_struct *tty, const unsigned char *chars,
517 size_t size)
33f0f88f
AC		 518{
519 int copied = 0;
520 do {
521 int space = tty_buffer_request_room(tty, size - copied);
522 struct tty_buffer *tb = tty->buf.tail;
523 /* If there is no space then tb may be NULL */
37bdfb07 524 if (unlikely(space == 0))
33f0f88f
AC		 525 break;
526 memcpy(tb->char_buf_ptr + tb->used, chars, space);
527 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
528 tb->used += space;
529 copied += space;
530 chars += space;
527063ba
AD		 531 /* There is a small chance that we need to split the data over
532 several buffers. If this is the case we must loop */
533 } while (unlikely(size > copied));
33f0f88f
AC		 534 return copied;
535}
ee37df78 536EXPORT_SYMBOL(tty_insert_flip_string);
33f0f88f 537
af9b897e
AC		 538/**
539 * tty_insert_flip_string_flags - Add characters to the tty buffer
540 * @tty: tty structure
541 * @chars: characters
542 * @flags: flag bytes
543 * @size: size
544 *
545 * Queue a series of bytes to the tty buffering. For each character
546 * the flags array indicates the status of the character. Returns the
547 * number added.
548 *
549 * Locking: Called functions may take tty->buf.lock
550 */
551
e1a25090
AM		 552int tty_insert_flip_string_flags(struct tty_struct *tty,
553 const unsigned char *chars, const char *flags, size_t size)
33f0f88f
AC		 554{
555 int copied = 0;
556 do {
557 int space = tty_buffer_request_room(tty, size - copied);
558 struct tty_buffer *tb = tty->buf.tail;
559 /* If there is no space then tb may be NULL */
37bdfb07 560 if (unlikely(space == 0))
33f0f88f
AC		 561 break;
562 memcpy(tb->char_buf_ptr + tb->used, chars, space);
563 memcpy(tb->flag_buf_ptr + tb->used, flags, space);
564 tb->used += space;
565 copied += space;
566 chars += space;
567 flags += space;
527063ba
AD		 568 /* There is a small chance that we need to split the data over
569 several buffers. If this is the case we must loop */
570 } while (unlikely(size > copied));
33f0f88f
AC		 571 return copied;
572}
ff4547f4 573EXPORT_SYMBOL(tty_insert_flip_string_flags);
33f0f88f 574
af9b897e
AC		 575/**
576 * tty_schedule_flip - push characters to ldisc
577 * @tty: tty to push from
578 *
579 * Takes any pending buffers and transfers their ownership to the
580 * ldisc side of the queue. It then schedules those characters for
581 * processing by the line discipline.
582 *
583 * Locking: Takes tty->buf.lock
584 */
585
e1a25090
AM		 586void tty_schedule_flip(struct tty_struct *tty)
587{
588 unsigned long flags;
589 spin_lock_irqsave(&tty->buf.lock, flags);
33b37a33 590 if (tty->buf.tail != NULL)
e1a25090 591 tty->buf.tail->commit = tty->buf.tail->used;
e1a25090
AM		 592 spin_unlock_irqrestore(&tty->buf.lock, flags);
593 schedule_delayed_work(&tty->buf.work, 1);
594}
595EXPORT_SYMBOL(tty_schedule_flip);
33f0f88f 596
af9b897e
AC		 597/**
598 * tty_prepare_flip_string - make room for characters
599 * @tty: tty
600 * @chars: return pointer for character write area
601 * @size: desired size
602 *
33f0f88f
AC		 603 * Prepare a block of space in the buffer for data. Returns the length
604 * available and buffer pointer to the space which is now allocated and
605 * accounted for as ready for normal characters. This is used for drivers
606 * that need their own block copy routines into the buffer. There is no
607 * guarantee the buffer is a DMA target!
af9b897e
AC		 608 *
609 * Locking: May call functions taking tty->buf.lock
33f0f88f
AC		 610 */
611
37bdfb07
AC		 612int tty_prepare_flip_string(struct tty_struct *tty, unsigned char **chars,
613 size_t size)
33f0f88f
AC		 614{
615 int space = tty_buffer_request_room(tty, size);
808249ce
PF		 616 if (likely(space)) {
617 struct tty_buffer *tb = tty->buf.tail;
618 *chars = tb->char_buf_ptr + tb->used;
619 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
620 tb->used += space;
621 }
33f0f88f
AC		 622 return space;
623}
624
625EXPORT_SYMBOL_GPL(tty_prepare_flip_string);
626
af9b897e
AC		 627/**
628 * tty_prepare_flip_string_flags - make room for characters
629 * @tty: tty
630 * @chars: return pointer for character write area
631 * @flags: return pointer for status flag write area
632 * @size: desired size
633 *
33f0f88f
AC		 634 * Prepare a block of space in the buffer for data. Returns the length
635 * available and buffer pointer to the space which is now allocated and
636 * accounted for as ready for characters. This is used for drivers
637 * that need their own block copy routines into the buffer. There is no
638 * guarantee the buffer is a DMA target!
af9b897e
AC		 639 *
640 * Locking: May call functions taking tty->buf.lock
33f0f88f
AC		 641 */
642
37bdfb07
AC		 643int tty_prepare_flip_string_flags(struct tty_struct *tty,
644 unsigned char **chars, char **flags, size_t size)
33f0f88f
AC		 645{
646 int space = tty_buffer_request_room(tty, size);
808249ce
PF		 647 if (likely(space)) {
648 struct tty_buffer *tb = tty->buf.tail;
649 *chars = tb->char_buf_ptr + tb->used;
650 *flags = tb->flag_buf_ptr + tb->used;
651 tb->used += space;
652 }
33f0f88f
AC		 653 return space;
654}
655
656EXPORT_SYMBOL_GPL(tty_prepare_flip_string_flags);
657
658
659
af9b897e
AC		 660/**
661 * tty_set_termios_ldisc - set ldisc field
662 * @tty: tty structure
663 * @num: line discipline number
664 *
1da177e4 665 * This is probably overkill for real world processors but
37bdfb07 666 * they are not on hot paths so a little discipline won't do
1da177e4 667 * any harm.
af9b897e 668 *
24ec839c 669 * Locking: takes termios_mutex
1da177e4 670 */
37bdfb07 671
1da177e4
LT		 672static void tty_set_termios_ldisc(struct tty_struct *tty, int num)
673{
5785c95b 674 mutex_lock(&tty->termios_mutex);
1da177e4 675 tty->termios->c_line = num;
5785c95b 676 mutex_unlock(&tty->termios_mutex);
1da177e4
LT		 677}
678
679/*
680 * This guards the refcounted line discipline lists. The lock
681 * must be taken with irqs off because there are hangup path
682 * callers who will do ldisc lookups and cannot sleep.
683 */
37bdfb07 684
1da177e4
LT		 685static DEFINE_SPINLOCK(tty_ldisc_lock);
686static DECLARE_WAIT_QUEUE_HEAD(tty_ldisc_wait);
37bdfb07
AC		 687/* Line disc dispatch table */
688static struct tty_ldisc tty_ldiscs[NR_LDISCS];
1da177e4 689
af9b897e
AC		 690/**
691 * tty_register_ldisc - install a line discipline
692 * @disc: ldisc number
693 * @new_ldisc: pointer to the ldisc object
694 *
695 * Installs a new line discipline into the kernel. The discipline
696 * is set up as unreferenced and then made available to the kernel
697 * from this point onwards.
698 *
699 * Locking:
700 * takes tty_ldisc_lock to guard against ldisc races
701 */
702
1da177e4
LT		 703int tty_register_ldisc(int disc, struct tty_ldisc *new_ldisc)
704{
705 unsigned long flags;
706 int ret = 0;
37bdfb07 707
1da177e4
LT		 708 if (disc < N_TTY || disc >= NR_LDISCS)
709 return -EINVAL;
37bdfb07 710
1da177e4 711 spin_lock_irqsave(&tty_ldisc_lock, flags);
bfb07599
AD		 712 tty_ldiscs[disc] = *new_ldisc;
713 tty_ldiscs[disc].num = disc;
714 tty_ldiscs[disc].flags |= LDISC_FLAG_DEFINED;
715 tty_ldiscs[disc].refcount = 0;
1da177e4 716 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
37bdfb07 717
1da177e4
LT		 718 return ret;
719}
1da177e4
LT		 720EXPORT_SYMBOL(tty_register_ldisc);
721
af9b897e
AC		 722/**
723 * tty_unregister_ldisc - unload a line discipline
724 * @disc: ldisc number
725 * @new_ldisc: pointer to the ldisc object
726 *
727 * Remove a line discipline from the kernel providing it is not
728 * currently in use.
729 *
730 * Locking:
731 * takes tty_ldisc_lock to guard against ldisc races
732 */
733
bfb07599
AD		 734int tty_unregister_ldisc(int disc)
735{
736 unsigned long flags;
737 int ret = 0;
738
739 if (disc < N_TTY || disc >= NR_LDISCS)
740 return -EINVAL;
741
742 spin_lock_irqsave(&tty_ldisc_lock, flags);
743 if (tty_ldiscs[disc].refcount)
744 ret = -EBUSY;
745 else
746 tty_ldiscs[disc].flags &= ~LDISC_FLAG_DEFINED;
747 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
748
749 return ret;
750}
751EXPORT_SYMBOL(tty_unregister_ldisc);
752
af9b897e
AC		 753/**
754 * tty_ldisc_get - take a reference to an ldisc
755 * @disc: ldisc number
756 *
757 * Takes a reference to a line discipline. Deals with refcounts and
758 * module locking counts. Returns NULL if the discipline is not available.
759 * Returns a pointer to the discipline and bumps the ref count if it is
760 * available
761 *
762 * Locking:
763 * takes tty_ldisc_lock to guard against ldisc races
764 */
765
1da177e4
LT		 766struct tty_ldisc *tty_ldisc_get(int disc)
767{
768 unsigned long flags;
769 struct tty_ldisc *ld;
770
771 if (disc < N_TTY || disc >= NR_LDISCS)
772 return NULL;
37bdfb07 773
1da177e4
LT		 774 spin_lock_irqsave(&tty_ldisc_lock, flags);
775
776 ld = &tty_ldiscs[disc];
777 /* Check the entry is defined */
37bdfb07 778 if (ld->flags & LDISC_FLAG_DEFINED) {
1da177e4
LT		 779 /* If the module is being unloaded we can't use it */
780 if (!try_module_get(ld->owner))
37bdfb07 781 ld = NULL;
1da177e4
LT		 782 else /* lock it */
783 ld->refcount++;
37bdfb07 784 } else
1da177e4
LT		 785 ld = NULL;
786 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
787 return ld;
788}
789
790EXPORT_SYMBOL_GPL(tty_ldisc_get);
791
af9b897e
AC		 792/**
793 * tty_ldisc_put - drop ldisc reference
794 * @disc: ldisc number
795 *
796 * Drop a reference to a line discipline. Manage refcounts and
797 * module usage counts
798 *
799 * Locking:
800 * takes tty_ldisc_lock to guard against ldisc races
801 */
802
1da177e4
LT		 803void tty_ldisc_put(int disc)
804{
805 struct tty_ldisc *ld;
806 unsigned long flags;
37bdfb07 807
56ee4827 808 BUG_ON(disc < N_TTY || disc >= NR_LDISCS);
37bdfb07 809
1da177e4
LT		 810 spin_lock_irqsave(&tty_ldisc_lock, flags);
811 ld = &tty_ldiscs[disc];
56ee4827
ES		 812 BUG_ON(ld->refcount == 0);
813 ld->refcount--;
1da177e4
LT		 814 module_put(ld->owner);
815 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
816}
37bdfb07 817
1da177e4
LT		 818EXPORT_SYMBOL_GPL(tty_ldisc_put);
819
af9b897e
AC		 820/**
821 * tty_ldisc_assign - set ldisc on a tty
822 * @tty: tty to assign
823 * @ld: line discipline
824 *
825 * Install an instance of a line discipline into a tty structure. The
826 * ldisc must have a reference count above zero to ensure it remains/
827 * The tty instance refcount starts at zero.
828 *
829 * Locking:
830 * Caller must hold references
831 */
832
1da177e4
LT		 833static void tty_ldisc_assign(struct tty_struct *tty, struct tty_ldisc *ld)
834{
835 tty->ldisc = *ld;
836 tty->ldisc.refcount = 0;
837}
838
839/**
840 * tty_ldisc_try - internal helper
841 * @tty: the tty
842 *
843 * Make a single attempt to grab and bump the refcount on
844 * the tty ldisc. Return 0 on failure or 1 on success. This is
845 * used to implement both the waiting and non waiting versions
846 * of tty_ldisc_ref
af9b897e
AC		 847 *
848 * Locking: takes tty_ldisc_lock
1da177e4
LT		 849 */
850
851static int tty_ldisc_try(struct tty_struct *tty)
852{
853 unsigned long flags;
854 struct tty_ldisc *ld;
855 int ret = 0;
37bdfb07 856
1da177e4
LT		 857 spin_lock_irqsave(&tty_ldisc_lock, flags);
858 ld = &tty->ldisc;
37bdfb07 859 if (test_bit(TTY_LDISC, &tty->flags)) {
1da177e4
LT		 860 ld->refcount++;
861 ret = 1;
862 }
863 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
864 return ret;
865}
866
867/**
868 * tty_ldisc_ref_wait - wait for the tty ldisc
869 * @tty: tty device
870 *
37bdfb07
AC		 871 * Dereference the line discipline for the terminal and take a
872 * reference to it. If the line discipline is in flux then
1da177e4
LT		 873 * wait patiently until it changes.
874 *
875 * Note: Must not be called from an IRQ/timer context. The caller
876 * must also be careful not to hold other locks that will deadlock
877 * against a discipline change, such as an existing ldisc reference
878 * (which we check for)
af9b897e
AC		 879 *
880 * Locking: call functions take tty_ldisc_lock
1da177e4 881 */
37bdfb07 882
1da177e4
LT		 883struct tty_ldisc *tty_ldisc_ref_wait(struct tty_struct *tty)
884{
885 /* wait_event is a macro */
886 wait_event(tty_ldisc_wait, tty_ldisc_try(tty));
37bdfb07 887 if (tty->ldisc.refcount == 0)
1da177e4
LT		 888 printk(KERN_ERR "tty_ldisc_ref_wait\n");
889 return &tty->ldisc;
890}
891
892EXPORT_SYMBOL_GPL(tty_ldisc_ref_wait);
893
894/**
895 * tty_ldisc_ref - get the tty ldisc
896 * @tty: tty device
897 *
37bdfb07
AC		 898 * Dereference the line discipline for the terminal and take a
899 * reference to it. If the line discipline is in flux then
1da177e4 900 * return NULL. Can be called from IRQ and timer functions.
af9b897e
AC		 901 *
902 * Locking: called functions take tty_ldisc_lock
1da177e4 903 */
37bdfb07 904
1da177e4
LT		 905struct tty_ldisc *tty_ldisc_ref(struct tty_struct *tty)
906{
37bdfb07 907 if (tty_ldisc_try(tty))
1da177e4
LT		 908 return &tty->ldisc;
909 return NULL;
910}
911
912EXPORT_SYMBOL_GPL(tty_ldisc_ref);
913
914/**
915 * tty_ldisc_deref - free a tty ldisc reference
916 * @ld: reference to free up
917 *
918 * Undoes the effect of tty_ldisc_ref or tty_ldisc_ref_wait. May
919 * be called in IRQ context.
af9b897e
AC		 920 *
921 * Locking: takes tty_ldisc_lock
1da177e4 922 */
37bdfb07 923
1da177e4
LT		 924void tty_ldisc_deref(struct tty_ldisc *ld)
925{
926 unsigned long flags;
927
56ee4827 928 BUG_ON(ld == NULL);
37bdfb07 929
1da177e4 930 spin_lock_irqsave(&tty_ldisc_lock, flags);
37bdfb07 931 if (ld->refcount == 0)
1da177e4
LT		 932 printk(KERN_ERR "tty_ldisc_deref: no references.\n");
933 else
934 ld->refcount--;
37bdfb07 935 if (ld->refcount == 0)
1da177e4
LT		 936 wake_up(&tty_ldisc_wait);
937 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
938}
939
940EXPORT_SYMBOL_GPL(tty_ldisc_deref);
941
942/**
943 * tty_ldisc_enable - allow ldisc use
944 * @tty: terminal to activate ldisc on
945 *
946 * Set the TTY_LDISC flag when the line discipline can be called
3a4fa0a2 947 * again. Do necessary wakeups for existing sleepers.
1da177e4
LT		 948 *
949 * Note: nobody should set this bit except via this function. Clearing
950 * directly is allowed.
951 */
952
953static void tty_ldisc_enable(struct tty_struct *tty)
954{
955 set_bit(TTY_LDISC, &tty->flags);
956 wake_up(&tty_ldisc_wait);
957}
37bdfb07 958
1da177e4
LT		 959/**
960 * tty_set_ldisc - set line discipline
961 * @tty: the terminal to set
962 * @ldisc: the line discipline
963 *
964 * Set the discipline of a tty line. Must be called from a process
965 * context.
af9b897e
AC		 966 *
967 * Locking: takes tty_ldisc_lock.
24ec839c 968 * called functions take termios_mutex
1da177e4 969 */
37bdfb07 970
1da177e4
LT		 971static int tty_set_ldisc(struct tty_struct *tty, int ldisc)
972{
ff55fe20
JB		 973 int retval = 0;
974 struct tty_ldisc o_ldisc;
1da177e4
LT		 975 char buf[64];
976 int work;
977 unsigned long flags;
978 struct tty_ldisc *ld;
ff55fe20 979 struct tty_struct *o_tty;
1da177e4
LT		 980
981 if ((ldisc < N_TTY) || (ldisc >= NR_LDISCS))
982 return -EINVAL;
983
984restart:
985
1da177e4
LT		 986 ld = tty_ldisc_get(ldisc);
987 /* Eduardo Blanco <ejbs@cs.cs.com.uy> */
988 /* Cyrus Durgin <cider@speakeasy.org> */
989 if (ld == NULL) {
990 request_module("tty-ldisc-%d", ldisc);
991 ld = tty_ldisc_get(ldisc);
992 }
993 if (ld == NULL)
994 return -EINVAL;
995
33f0f88f
AC		 996 /*
997 * Problem: What do we do if this blocks ?
998 */
999
1da177e4
LT		 1000 tty_wait_until_sent(tty, 0);
1001
ff55fe20
JB		 1002 if (tty->ldisc.num == ldisc) {
1003 tty_ldisc_put(ldisc);
1004 return 0;
1005 }
1006
ae030e43
PF		 1007 /*
1008 * No more input please, we are switching. The new ldisc
1009 * will update this value in the ldisc open function
1010 */
1011
1012 tty->receive_room = 0;
1013
ff55fe20
JB		 1014 o_ldisc = tty->ldisc;
1015 o_tty = tty->link;
1016
1da177e4
LT		 1017 /*
1018 * Make sure we don't change while someone holds a
1019 * reference to the line discipline. The TTY_LDISC bit
1020 * prevents anyone taking a reference once it is clear.
1021 * We need the lock to avoid racing reference takers.
1022 */
ff55fe20 1023
1da177e4 1024 spin_lock_irqsave(&tty_ldisc_lock, flags);
ff55fe20 1025 if (tty->ldisc.refcount || (o_tty && o_tty->ldisc.refcount)) {
37bdfb07 1026 if (tty->ldisc.refcount) {
ff55fe20
JB		 1027 /* Free the new ldisc we grabbed. Must drop the lock
1028 first. */
1029 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1030 tty_ldisc_put(ldisc);
1031 /*
1032 * There are several reasons we may be busy, including
1033 * random momentary I/O traffic. We must therefore
1034 * retry. We could distinguish between blocking ops
37bdfb07
AC		 1035 * and retries if we made tty_ldisc_wait() smarter.
1036 * That is up for discussion.
ff55fe20
JB		 1037 */
1038 if (wait_event_interruptible(tty_ldisc_wait, tty->ldisc.refcount == 0) < 0)
1039 return -ERESTARTSYS;
1040 goto restart;
1041 }
37bdfb07 1042 if (o_tty && o_tty->ldisc.refcount) {
ff55fe20
JB		 1043 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1044 tty_ldisc_put(ldisc);
1045 if (wait_event_interruptible(tty_ldisc_wait, o_tty->ldisc.refcount == 0) < 0)
1046 return -ERESTARTSYS;
1047 goto restart;
1048 }
1049 }
37bdfb07
AC		 1050 /*
1051 * If the TTY_LDISC bit is set, then we are racing against
1052 * another ldisc change
1053 */
ff55fe20 1054 if (!test_bit(TTY_LDISC, &tty->flags)) {
1da177e4
LT		 1055 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1056 tty_ldisc_put(ldisc);
ff55fe20
JB		 1057 ld = tty_ldisc_ref_wait(tty);
1058 tty_ldisc_deref(ld);
1da177e4
LT		 1059 goto restart;
1060 }
ff55fe20
JB		 1061
1062 clear_bit(TTY_LDISC, &tty->flags);
817d6d3b 1063 if (o_tty)
ff55fe20 1064 clear_bit(TTY_LDISC, &o_tty->flags);
1da177e4 1065 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
ff55fe20 1066
1da177e4
LT		 1067 /*
1068 * From this point on we know nobody has an ldisc
1069 * usage reference, nor can they obtain one until
1070 * we say so later on.
1071 */
ff55fe20 1072
33f0f88f 1073 work = cancel_delayed_work(&tty->buf.work);
1da177e4 1074 /*
33f0f88f 1075 * Wait for ->hangup_work and ->buf.work handlers to terminate
1da177e4 1076 */
1da177e4
LT		 1077 flush_scheduled_work();
1078 /* Shutdown the current discipline. */
1079 if (tty->ldisc.close)
1080 (tty->ldisc.close)(tty);
1081
1082 /* Now set up the new line discipline. */
1083 tty_ldisc_assign(tty, ld);
1084 tty_set_termios_ldisc(tty, ldisc);
1085 if (tty->ldisc.open)
1086 retval = (tty->ldisc.open)(tty);
1087 if (retval < 0) {
1088 tty_ldisc_put(ldisc);
1089 /* There is an outstanding reference here so this is safe */
1090 tty_ldisc_assign(tty, tty_ldisc_get(o_ldisc.num));
1091 tty_set_termios_ldisc(tty, tty->ldisc.num);
1092 if (tty->ldisc.open && (tty->ldisc.open(tty) < 0)) {
1093 tty_ldisc_put(o_ldisc.num);
1094 /* This driver is always present */
1095 tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
1096 tty_set_termios_ldisc(tty, N_TTY);
1097 if (tty->ldisc.open) {
1098 int r = tty->ldisc.open(tty);
1099
1100 if (r < 0)
1101 panic("Couldn't open N_TTY ldisc for "
1102 "%s --- error %d.",
1103 tty_name(tty, buf), r);
1104 }
1105 }
1106 }
1107 /* At this point we hold a reference to the new ldisc and a
1108 a reference to the old ldisc. If we ended up flipping back
1109 to the existing ldisc we have two references to it */
37bdfb07 1110
1da177e4
LT		 1111 if (tty->ldisc.num != o_ldisc.num && tty->driver->set_ldisc)
1112 tty->driver->set_ldisc(tty);
37bdfb07 1113
1da177e4 1114 tty_ldisc_put(o_ldisc.num);
37bdfb07 1115
1da177e4
LT		 1116 /*
1117 * Allow ldisc referencing to occur as soon as the driver
1118 * ldisc callback completes.
1119 */
37bdfb07 1120
1da177e4 1121 tty_ldisc_enable(tty);
ff55fe20
JB		 1122 if (o_tty)
1123 tty_ldisc_enable(o_tty);
37bdfb07 1124
1da177e4
LT		 1125 /* Restart it in case no characters kick it off. Safe if
1126 already running */
ff55fe20 1127 if (work)
33f0f88f 1128 schedule_delayed_work(&tty->buf.work, 1);
1da177e4
LT		 1129 return retval;
1130}
1131
af9b897e
AC		 1132/**
1133 * get_tty_driver - find device of a tty
1134 * @dev_t: device identifier
1135 * @index: returns the index of the tty
1136 *
1137 * This routine returns a tty driver structure, given a device number
1138 * and also passes back the index number.
1139 *
1140 * Locking: caller must hold tty_mutex
1da177e4 1141 */
af9b897e 1142
1da177e4
LT		 1143static struct tty_driver *get_tty_driver(dev_t device, int *index)
1144{
1145 struct tty_driver *p;
1146
1147 list_for_each_entry(p, &tty_drivers, tty_drivers) {
1148 dev_t base = MKDEV(p->major, p->minor_start);
1149 if (device < base || device >= base + p->num)
1150 continue;
1151 *index = device - base;
1152 return p;
1153 }
1154 return NULL;
1155}
1156
f2d937f3
JW		 1157#ifdef CONFIG_CONSOLE_POLL
1158
1159/**
1160 * tty_find_polling_driver - find device of a polled tty
1161 * @name: name string to match
1162 * @line: pointer to resulting tty line nr
1163 *
1164 * This routine returns a tty driver structure, given a name
1165 * and the condition that the tty driver is capable of polled
1166 * operation.
1167 */
1168struct tty_driver *tty_find_polling_driver(char *name, int *line)
1169{
1170 struct tty_driver *p, *res = NULL;
1171 int tty_line = 0;
1172 char *str;
1173
1174 mutex_lock(&tty_mutex);
1175 /* Search through the tty devices to look for a match */
1176 list_for_each_entry(p, &tty_drivers, tty_drivers) {
1177 str = name + strlen(p->name);
1178 tty_line = simple_strtoul(str, &str, 10);
1179 if (*str == ',')
1180 str++;
1181 if (*str == '\0')
8da56309 1182 str = NULL;
f2d937f3
JW		 1183
1184 if (tty_line >= 0 && tty_line <= p->num && p->poll_init &&
1185 !p->poll_init(p, tty_line, str)) {
1186
1187 res = p;
1188 *line = tty_line;
1189 break;
1190 }
1191 }
1192 mutex_unlock(&tty_mutex);
1193
1194 return res;
1195}
1196EXPORT_SYMBOL_GPL(tty_find_polling_driver);
1197#endif
1198
af9b897e
AC		 1199/**
1200 * tty_check_change - check for POSIX terminal changes
1201 * @tty: tty to check
1202 *
1203 * If we try to write to, or set the state of, a terminal and we're
1204 * not in the foreground, send a SIGTTOU. If the signal is blocked or
1205 * ignored, go ahead and perform the operation. (POSIX 7.2)
1206 *
04f378b1 1207 * Locking: none - FIXME: review this
1da177e4 1208 */
af9b897e 1209
37bdfb07 1210int tty_check_change(struct tty_struct *tty)
1da177e4
LT		 1211{
1212 if (current->signal->tty != tty)
1213 return 0;
ab521dc0
EB		 1214 if (!tty->pgrp) {
1215 printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n");
1da177e4
LT		 1216 return 0;
1217 }
ab521dc0 1218 if (task_pgrp(current) == tty->pgrp)
1da177e4
LT		 1219 return 0;
1220 if (is_ignored(SIGTTOU))
1221 return 0;
3e7cd6c4 1222 if (is_current_pgrp_orphaned())
1da177e4 1223 return -EIO;
040b6362
ON		 1224 kill_pgrp(task_pgrp(current), SIGTTOU, 1);
1225 set_thread_flag(TIF_SIGPENDING);
1da177e4
LT		 1226 return -ERESTARTSYS;
1227}
1228
1229EXPORT_SYMBOL(tty_check_change);
1230
37bdfb07 1231static ssize_t hung_up_tty_read(struct file *file, char __user *buf,
1da177e4
LT		 1232 size_t count, loff_t *ppos)
1233{
1234 return 0;
1235}
1236
37bdfb07 1237static ssize_t hung_up_tty_write(struct file *file, const char __user *buf,
1da177e4
LT		 1238 size_t count, loff_t *ppos)
1239{
1240 return -EIO;
1241}
1242
1243/* No kernel lock held - none needed ;) */
37bdfb07 1244static unsigned int hung_up_tty_poll(struct file *filp, poll_table *wait)
1da177e4
LT		 1245{
1246 return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
1247}
1248
04f378b1
AC		 1249static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
1250 unsigned long arg)
38ad2ed0
PF		 1251{
1252 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
1253}
1254
37bdfb07 1255static long hung_up_tty_compat_ioctl(struct file *file,
38ad2ed0 1256 unsigned int cmd, unsigned long arg)
1da177e4
LT		 1257{
1258 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
1259}
1260
62322d25 1261static const struct file_operations tty_fops = {
1da177e4
LT		 1262 .llseek = no_llseek,
1263 .read = tty_read,
1264 .write = tty_write,
1265 .poll = tty_poll,
04f378b1 1266 .unlocked_ioctl = tty_ioctl,
e10cc1df 1267 .compat_ioctl = tty_compat_ioctl,
1da177e4
LT		 1268 .open = tty_open,
1269 .release = tty_release,
1270 .fasync = tty_fasync,
1271};
1272
1273#ifdef CONFIG_UNIX98_PTYS
62322d25 1274static const struct file_operations ptmx_fops = {
1da177e4
LT		 1275 .llseek = no_llseek,
1276 .read = tty_read,
1277 .write = tty_write,
1278 .poll = tty_poll,
04f378b1 1279 .unlocked_ioctl = tty_ioctl,
e10cc1df 1280 .compat_ioctl = tty_compat_ioctl,
1da177e4
LT		 1281 .open = ptmx_open,
1282 .release = tty_release,
1283 .fasync = tty_fasync,
1284};
1285#endif
1286
62322d25 1287static const struct file_operations console_fops = {
1da177e4
LT		 1288 .llseek = no_llseek,
1289 .read = tty_read,
1290 .write = redirected_tty_write,
1291 .poll = tty_poll,
04f378b1 1292 .unlocked_ioctl = tty_ioctl,
e10cc1df 1293 .compat_ioctl = tty_compat_ioctl,
1da177e4
LT		 1294 .open = tty_open,
1295 .release = tty_release,
1296 .fasync = tty_fasync,
1297};
1298
62322d25 1299static const struct file_operations hung_up_tty_fops = {
1da177e4
LT		 1300 .llseek = no_llseek,
1301 .read = hung_up_tty_read,
1302 .write = hung_up_tty_write,
1303 .poll = hung_up_tty_poll,
04f378b1 1304 .unlocked_ioctl = hung_up_tty_ioctl,
38ad2ed0 1305 .compat_ioctl = hung_up_tty_compat_ioctl,
1da177e4
LT		 1306 .release = tty_release,
1307};
1308
1309static DEFINE_SPINLOCK(redirect_lock);
1310static struct file *redirect;
1311
1312/**
1313 * tty_wakeup - request more data
1314 * @tty: terminal
1315 *
1316 * Internal and external helper for wakeups of tty. This function
1317 * informs the line discipline if present that the driver is ready
1318 * to receive more output data.
1319 */
37bdfb07 1320
1da177e4
LT		 1321void tty_wakeup(struct tty_struct *tty)
1322{
1323 struct tty_ldisc *ld;
37bdfb07 1324
1da177e4
LT		 1325 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
1326 ld = tty_ldisc_ref(tty);
37bdfb07
AC		 1327 if (ld) {
1328 if (ld->write_wakeup)
1da177e4
LT		 1329 ld->write_wakeup(tty);
1330 tty_ldisc_deref(ld);
1331 }
1332 }
1333 wake_up_interruptible(&tty->write_wait);
1334}
1335
1336EXPORT_SYMBOL_GPL(tty_wakeup);
1337
1338/**
1339 * tty_ldisc_flush - flush line discipline queue
1340 * @tty: tty
1341 *
1342 * Flush the line discipline queue (if any) for this tty. If there
1343 * is no line discipline active this is a no-op.
1344 */
37bdfb07 1345
1da177e4
LT		 1346void tty_ldisc_flush(struct tty_struct *tty)
1347{
1348 struct tty_ldisc *ld = tty_ldisc_ref(tty);
37bdfb07
AC		 1349 if (ld) {
1350 if (ld->flush_buffer)
1da177e4
LT		 1351 ld->flush_buffer(tty);
1352 tty_ldisc_deref(ld);
1353 }
c5c34d48 1354 tty_buffer_flush(tty);
1da177e4
LT		 1355}
1356
1357EXPORT_SYMBOL_GPL(tty_ldisc_flush);
edc6afc5
AC		 1358
1359/**
1360 * tty_reset_termios - reset terminal state
1361 * @tty: tty to reset
1362 *
1363 * Restore a terminal to the driver default state
1364 */
1365
1366static void tty_reset_termios(struct tty_struct *tty)
1367{
1368 mutex_lock(&tty->termios_mutex);
1369 *tty->termios = tty->driver->init_termios;
1370 tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
1371 tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
1372 mutex_unlock(&tty->termios_mutex);
1373}
37bdfb07 1374
af9b897e
AC		 1375/**
1376 * do_tty_hangup - actual handler for hangup events
65f27f38 1377 * @work: tty device
af9b897e
AC		 1378 *
1379 * This can be called by the "eventd" kernel thread. That is process
1380 * synchronous but doesn't hold any locks, so we need to make sure we
1381 * have the appropriate locks for what we're doing.
1382 *
1383 * The hangup event clears any pending redirections onto the hung up
1384 * device. It ensures future writes will error and it does the needed
1385 * line discipline hangup and signal delivery. The tty object itself
1386 * remains intact.
1387 *
1388 * Locking:
1389 * BKL
24ec839c
PZ		 1390 * redirect lock for undoing redirection
1391 * file list lock for manipulating list of ttys
1392 * tty_ldisc_lock from called functions
1393 * termios_mutex resetting termios data
1394 * tasklist_lock to walk task list for hangup event
1395 * ->siglock to protect ->signal/->sighand
1da177e4 1396 */
65f27f38 1397static void do_tty_hangup(struct work_struct *work)
1da177e4 1398{
65f27f38
DH		 1399 struct tty_struct *tty =
1400 container_of(work, struct tty_struct, hangup_work);
37bdfb07 1401 struct file *cons_filp = NULL;
1da177e4
LT		 1402 struct file *filp, *f = NULL;
1403 struct task_struct *p;
1404 struct tty_ldisc *ld;
1405 int closecount = 0, n;
1406
1407 if (!tty)
1408 return;
1409
1410 /* inuse_filps is protected by the single kernel lock */
1411 lock_kernel();
1412
1413 spin_lock(&redirect_lock);
1414 if (redirect && redirect->private_data == tty) {
1415 f = redirect;
1416 redirect = NULL;
1417 }
1418 spin_unlock(&redirect_lock);
37bdfb07 1419
1da177e4
LT		 1420 check_tty_count(tty, "do_tty_hangup");
1421 file_list_lock();
1422 /* This breaks for file handles being sent over AF_UNIX sockets ? */
2f512016 1423 list_for_each_entry(filp, &tty->tty_files, f_u.fu_list) {
1da177e4
LT		 1424 if (filp->f_op->write == redirected_tty_write)
1425 cons_filp = filp;
1426 if (filp->f_op->write != tty_write)
1427 continue;
1428 closecount++;
1429 tty_fasync(-1, filp, 0); /* can't block */
1430 filp->f_op = &hung_up_tty_fops;
1431 }
1432 file_list_unlock();
37bdfb07
AC		 1433 /*
1434 * FIXME! What are the locking issues here? This may me overdoing
1435 * things... This question is especially important now that we've
1436 * removed the irqlock.
1437 */
1da177e4 1438 ld = tty_ldisc_ref(tty);
37bdfb07
AC		 1439 if (ld != NULL) {
1440 /* We may have no line discipline at this point */
1da177e4
LT		 1441 if (ld->flush_buffer)
1442 ld->flush_buffer(tty);
1443 if (tty->driver->flush_buffer)
1444 tty->driver->flush_buffer(tty);
1445 if ((test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) &&
1446 ld->write_wakeup)
1447 ld->write_wakeup(tty);
1448 if (ld->hangup)
1449 ld->hangup(tty);
1450 }
37bdfb07
AC		 1451 /*
1452 * FIXME: Once we trust the LDISC code better we can wait here for
1453 * ldisc completion and fix the driver call race
1454 */
1da177e4
LT		 1455 wake_up_interruptible(&tty->write_wait);
1456 wake_up_interruptible(&tty->read_wait);
1da177e4
LT		 1457 /*
1458 * Shutdown the current line discipline, and reset it to
1459 * N_TTY.
1460 */
1461 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
edc6afc5 1462 tty_reset_termios(tty);
1da177e4
LT		 1463 /* Defer ldisc switch */
1464 /* tty_deferred_ldisc_switch(N_TTY);
37bdfb07 1465
1da177e4
LT		 1466 This should get done automatically when the port closes and
1467 tty_release is called */
37bdfb07 1468
1da177e4 1469 read_lock(&tasklist_lock);
ab521dc0
EB		 1470 if (tty->session) {
1471 do_each_pid_task(tty->session, PIDTYPE_SID, p) {
24ec839c 1472 spin_lock_irq(&p->sighand->siglock);
1da177e4
LT		 1473 if (p->signal->tty == tty)
1474 p->signal->tty = NULL;
24ec839c
PZ		 1475 if (!p->signal->leader) {
1476 spin_unlock_irq(&p->sighand->siglock);
1da177e4 1477 continue;
24ec839c
PZ		 1478 }
1479 __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
1480 __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
ab521dc0
EB		 1481 put_pid(p->signal->tty_old_pgrp); /* A noop */
1482 if (tty->pgrp)
1483 p->signal->tty_old_pgrp = get_pid(tty->pgrp);
24ec839c 1484 spin_unlock_irq(&p->sighand->siglock);
ab521dc0 1485 } while_each_pid_task(tty->session, PIDTYPE_SID, p);
1da177e4
LT		 1486 }
1487 read_unlock(&tasklist_lock);
1488
1489 tty->flags = 0;
d9c1e9a8
EB		 1490 put_pid(tty->session);
1491 put_pid(tty->pgrp);
ab521dc0
EB		 1492 tty->session = NULL;
1493 tty->pgrp = NULL;
1da177e4
LT		 1494 tty->ctrl_status = 0;
1495 /*
37bdfb07
AC		 1496 * If one of the devices matches a console pointer, we
1497 * cannot just call hangup() because that will cause
1498 * tty->count and state->count to go out of sync.
1499 * So we just call close() the right number of times.
1da177e4
LT		 1500 */
1501 if (cons_filp) {
1502 if (tty->driver->close)
1503 for (n = 0; n < closecount; n++)
1504 tty->driver->close(tty, cons_filp);
1505 } else if (tty->driver->hangup)
1506 (tty->driver->hangup)(tty);
37bdfb07
AC		 1507 /*
1508 * We don't want to have driver/ldisc interactions beyond
1509 * the ones we did here. The driver layer expects no
1510 * calls after ->hangup() from the ldisc side. However we
1511 * can't yet guarantee all that.
1512 */
1da177e4
LT		 1513 set_bit(TTY_HUPPED, &tty->flags);
1514 if (ld) {
1515 tty_ldisc_enable(tty);
1516 tty_ldisc_deref(ld);
1517 }
1518 unlock_kernel();
1519 if (f)
1520 fput(f);
1521}
1522
af9b897e
AC		 1523/**
1524 * tty_hangup - trigger a hangup event
1525 * @tty: tty to hangup
1526 *
1527 * A carrier loss (virtual or otherwise) has occurred on this like
1528 * schedule a hangup sequence to run after this event.
1529 */
1530
37bdfb07 1531void tty_hangup(struct tty_struct *tty)
1da177e4
LT		 1532{
1533#ifdef TTY_DEBUG_HANGUP
1534 char buf[64];
1da177e4
LT		 1535 printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
1536#endif
1537 schedule_work(&tty->hangup_work);
1538}
1539
1540EXPORT_SYMBOL(tty_hangup);
1541
af9b897e
AC		 1542/**
1543 * tty_vhangup - process vhangup
1544 * @tty: tty to hangup
1545 *
1546 * The user has asked via system call for the terminal to be hung up.
1547 * We do this synchronously so that when the syscall returns the process
3a4fa0a2 1548 * is complete. That guarantee is necessary for security reasons.
af9b897e
AC		 1549 */
1550
37bdfb07 1551void tty_vhangup(struct tty_struct *tty)
1da177e4
LT		 1552{
1553#ifdef TTY_DEBUG_HANGUP
1554 char buf[64];
1555
1556 printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
1557#endif
65f27f38 1558 do_tty_hangup(&tty->hangup_work);
1da177e4 1559}
37bdfb07 1560
1da177e4
LT		 1561EXPORT_SYMBOL(tty_vhangup);
1562
af9b897e
AC		 1563/**
1564 * tty_hung_up_p - was tty hung up
1565 * @filp: file pointer of tty
1566 *
1567 * Return true if the tty has been subject to a vhangup or a carrier
1568 * loss
1569 */
1570
37bdfb07 1571int tty_hung_up_p(struct file *filp)
1da177e4
LT		 1572{
1573 return (filp->f_op == &hung_up_tty_fops);
1574}
1575
1576EXPORT_SYMBOL(tty_hung_up_p);
1577
522ed776 1578/**
37bdfb07
AC		 1579 * is_tty - checker whether file is a TTY
1580 * @filp: file handle that may be a tty
1581 *
1582 * Check if the file handle is a tty handle.
522ed776 1583 */
37bdfb07 1584
522ed776
MT		 1585int is_tty(struct file *filp)
1586{
1587 return filp->f_op->read == tty_read
1588 || filp->f_op->read == hung_up_tty_read;
1589}
1590
ab521dc0 1591static void session_clear_tty(struct pid *session)
24ec839c
PZ		 1592{
1593 struct task_struct *p;
ab521dc0 1594 do_each_pid_task(session, PIDTYPE_SID, p) {
24ec839c 1595 proc_clear_tty(p);
ab521dc0 1596 } while_each_pid_task(session, PIDTYPE_SID, p);
24ec839c
PZ		 1597}
1598
af9b897e
AC		 1599/**
1600 * disassociate_ctty - disconnect controlling tty
1601 * @on_exit: true if exiting so need to "hang up" the session
1da177e4 1602 *
af9b897e
AC		 1603 * This function is typically called only by the session leader, when
1604 * it wants to disassociate itself from its controlling tty.
1605 *
1606 * It performs the following functions:
1da177e4
LT		 1607 * (1) Sends a SIGHUP and SIGCONT to the foreground process group
1608 * (2) Clears the tty from being controlling the session
1609 * (3) Clears the controlling tty for all processes in the
1610 * session group.
1611 *
af9b897e
AC		 1612 * The argument on_exit is set to 1 if called when a process is
1613 * exiting; it is 0 if called by the ioctl TIOCNOTTY.
1614 *
24ec839c 1615 * Locking:
af9b897e 1616 * BKL is taken for hysterical raisins
24ec839c
PZ		 1617 * tty_mutex is taken to protect tty
1618 * ->siglock is taken to protect ->signal/->sighand
1619 * tasklist_lock is taken to walk process list for sessions
1620 * ->siglock is taken to protect ->signal/->sighand
1da177e4 1621 */
af9b897e 1622
1da177e4
LT		 1623void disassociate_ctty(int on_exit)
1624{
1625 struct tty_struct *tty;
ab521dc0 1626 struct pid *tty_pgrp = NULL;
1da177e4 1627
1da177e4 1628
70522e12 1629 mutex_lock(&tty_mutex);
24ec839c 1630 tty = get_current_tty();
1da177e4 1631 if (tty) {
ab521dc0 1632 tty_pgrp = get_pid(tty->pgrp);
70522e12 1633 mutex_unlock(&tty_mutex);
04f378b1 1634 lock_kernel();
24ec839c 1635 /* XXX: here we race, there is nothing protecting tty */
1da177e4
LT		 1636 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY)
1637 tty_vhangup(tty);
04f378b1 1638 unlock_kernel();
680a9671 1639 } else if (on_exit) {
ab521dc0 1640 struct pid *old_pgrp;
680a9671
EB		 1641 spin_lock_irq(&current->sighand->siglock);
1642 old_pgrp = current->signal->tty_old_pgrp;
ab521dc0 1643 current->signal->tty_old_pgrp = NULL;
680a9671 1644 spin_unlock_irq(&current->sighand->siglock);
24ec839c 1645 if (old_pgrp) {
ab521dc0
EB		 1646 kill_pgrp(old_pgrp, SIGHUP, on_exit);
1647 kill_pgrp(old_pgrp, SIGCONT, on_exit);
1648 put_pid(old_pgrp);
1da177e4 1649 }
70522e12 1650 mutex_unlock(&tty_mutex);
1da177e4
LT		 1651 return;
1652 }
ab521dc0
EB		 1653 if (tty_pgrp) {
1654 kill_pgrp(tty_pgrp, SIGHUP, on_exit);
1da177e4 1655 if (!on_exit)
ab521dc0
EB		 1656 kill_pgrp(tty_pgrp, SIGCONT, on_exit);
1657 put_pid(tty_pgrp);
1da177e4
LT		 1658 }
1659
24ec839c 1660 spin_lock_irq(&current->sighand->siglock);
2a65f1d9 1661 put_pid(current->signal->tty_old_pgrp);
23cac8de 1662 current->signal->tty_old_pgrp = NULL;
24ec839c
PZ		 1663 spin_unlock_irq(&current->sighand->siglock);
1664
1665 mutex_lock(&tty_mutex);
1666 /* It is possible that do_tty_hangup has free'd this tty */
1667 tty = get_current_tty();
1668 if (tty) {
ab521dc0
EB		 1669 put_pid(tty->session);
1670 put_pid(tty->pgrp);
1671 tty->session = NULL;
1672 tty->pgrp = NULL;
24ec839c
PZ		 1673 } else {
1674#ifdef TTY_DEBUG_HANGUP
1675 printk(KERN_DEBUG "error attempted to write to tty [0x%p]"
1676 " = NULL", tty);
1677#endif
1678 }
1679 mutex_unlock(&tty_mutex);
1da177e4
LT		 1680
1681 /* Now clear signal->tty under the lock */
1682 read_lock(&tasklist_lock);
ab521dc0 1683 session_clear_tty(task_session(current));
1da177e4 1684 read_unlock(&tasklist_lock);
1da177e4
LT		 1685}
1686
98a27ba4
EB		 1687/**
1688 *
1689 * no_tty - Ensure the current process does not have a controlling tty
1690 */
1691void no_tty(void)
1692{
1693 struct task_struct *tsk = current;
04f378b1 1694 lock_kernel();
98a27ba4
EB		 1695 if (tsk->signal->leader)
1696 disassociate_ctty(0);
04f378b1 1697 unlock_kernel();
98a27ba4
EB		 1698 proc_clear_tty(tsk);
1699}
1700
af9b897e
AC		 1701
1702/**
beb7dd86 1703 * stop_tty - propagate flow control
af9b897e
AC		 1704 * @tty: tty to stop
1705 *
1706 * Perform flow control to the driver. For PTY/TTY pairs we
beb7dd86 1707 * must also propagate the TIOCKPKT status. May be called
af9b897e
AC		 1708 * on an already stopped device and will not re-call the driver
1709 * method.
1710 *
1711 * This functionality is used by both the line disciplines for
1712 * halting incoming flow and by the driver. It may therefore be
1713 * called from any context, may be under the tty atomic_write_lock
1714 * but not always.
1715 *
1716 * Locking:
04f378b1 1717 * Uses the tty control lock internally
af9b897e
AC		 1718 */
1719
1da177e4
LT		 1720void stop_tty(struct tty_struct *tty)
1721{
04f378b1
AC		 1722 unsigned long flags;
1723 spin_lock_irqsave(&tty->ctrl_lock, flags);
1724 if (tty->stopped) {
1725 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1da177e4 1726 return;
04f378b1 1727 }
1da177e4
LT		 1728 tty->stopped = 1;
1729 if (tty->link && tty->link->packet) {
1730 tty->ctrl_status &= ~TIOCPKT_START;
1731 tty->ctrl_status |= TIOCPKT_STOP;
1732 wake_up_interruptible(&tty->link->read_wait);
1733 }
04f378b1 1734 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1da177e4
LT		 1735 if (tty->driver->stop)
1736 (tty->driver->stop)(tty);
1737}
1738
1739EXPORT_SYMBOL(stop_tty);
1740
af9b897e 1741/**
beb7dd86 1742 * start_tty - propagate flow control
af9b897e
AC		 1743 * @tty: tty to start
1744 *
1745 * Start a tty that has been stopped if at all possible. Perform
3a4fa0a2 1746 * any necessary wakeups and propagate the TIOCPKT status. If this
af9b897e
AC		 1747 * is the tty was previous stopped and is being started then the
1748 * driver start method is invoked and the line discipline woken.
1749 *
1750 * Locking:
04f378b1 1751 * ctrl_lock
af9b897e
AC		 1752 */
1753
1da177e4
LT		 1754void start_tty(struct tty_struct *tty)
1755{
04f378b1
AC		 1756 unsigned long flags;
1757 spin_lock_irqsave(&tty->ctrl_lock, flags);
1758 if (!tty->stopped || tty->flow_stopped) {
1759 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1da177e4 1760 return;
04f378b1 1761 }
1da177e4
LT		 1762 tty->stopped = 0;
1763 if (tty->link && tty->link->packet) {
1764 tty->ctrl_status &= ~TIOCPKT_STOP;
1765 tty->ctrl_status |= TIOCPKT_START;
1766 wake_up_interruptible(&tty->link->read_wait);
1767 }
04f378b1 1768 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1da177e4
LT		 1769 if (tty->driver->start)
1770 (tty->driver->start)(tty);
1da177e4
LT		 1771 /* If we have a running line discipline it may need kicking */
1772 tty_wakeup(tty);
1da177e4
LT		 1773}
1774
1775EXPORT_SYMBOL(start_tty);
1776
af9b897e
AC		 1777/**
1778 * tty_read - read method for tty device files
1779 * @file: pointer to tty file
1780 * @buf: user buffer
1781 * @count: size of user buffer
1782 * @ppos: unused
1783 *
1784 * Perform the read system call function on this terminal device. Checks
1785 * for hung up devices before calling the line discipline method.
1786 *
1787 * Locking:
1788 * Locks the line discipline internally while needed
1789 * For historical reasons the line discipline read method is
1790 * invoked under the BKL. This will go away in time so do not rely on it
1791 * in new code. Multiple read calls may be outstanding in parallel.
1792 */
1793
37bdfb07 1794static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
1da177e4
LT		 1795 loff_t *ppos)
1796{
1797 int i;
37bdfb07 1798 struct tty_struct *tty;
1da177e4
LT		 1799 struct inode *inode;
1800 struct tty_ldisc *ld;
1801
1802 tty = (struct tty_struct *)file->private_data;
a7113a96 1803 inode = file->f_path.dentry->d_inode;
1da177e4
LT		 1804 if (tty_paranoia_check(tty, inode, "tty_read"))
1805 return -EIO;
1806 if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
1807 return -EIO;
1808
1809 /* We want to wait for the line discipline to sort out in this
1810 situation */
1811 ld = tty_ldisc_ref_wait(tty);
1da177e4 1812 if (ld->read)
37bdfb07 1813 i = (ld->read)(tty, file, buf, count);
1da177e4
LT		 1814 else
1815 i = -EIO;
1816 tty_ldisc_deref(ld);
1da177e4
LT		 1817 if (i > 0)
1818 inode->i_atime = current_fs_time(inode->i_sb);
1819 return i;
1820}
1821
9c1729db
AC		 1822void tty_write_unlock(struct tty_struct *tty)
1823{
1824 mutex_unlock(&tty->atomic_write_lock);
1825 wake_up_interruptible(&tty->write_wait);
1826}
1827
1828int tty_write_lock(struct tty_struct *tty, int ndelay)
1829{
1830 if (!mutex_trylock(&tty->atomic_write_lock)) {
1831 if (ndelay)
1832 return -EAGAIN;
1833 if (mutex_lock_interruptible(&tty->atomic_write_lock))
1834 return -ERESTARTSYS;
1835 }
1836 return 0;
1837}
1838
1da177e4
LT		 1839/*
1840 * Split writes up in sane blocksizes to avoid
1841 * denial-of-service type attacks
1842 */
1843static inline ssize_t do_tty_write(
1844 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1845 struct tty_struct *tty,
1846 struct file *file,
1847 const char __user *buf,
1848 size_t count)
1849{
9c1729db 1850 ssize_t ret, written = 0;
1da177e4 1851 unsigned int chunk;
37bdfb07 1852
9c1729db
AC		 1853 ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
1854 if (ret < 0)
1855 return ret;
1da177e4
LT		 1856
1857 /*
1858 * We chunk up writes into a temporary buffer. This
1859 * simplifies low-level drivers immensely, since they
1860 * don't have locking issues and user mode accesses.
1861 *
1862 * But if TTY_NO_WRITE_SPLIT is set, we should use a
1863 * big chunk-size..
1864 *
1865 * The default chunk-size is 2kB, because the NTTY
1866 * layer has problems with bigger chunks. It will
1867 * claim to be able to handle more characters than
1868 * it actually does.
af9b897e
AC		 1869 *
1870 * FIXME: This can probably go away now except that 64K chunks
1871 * are too likely to fail unless switched to vmalloc...
1da177e4
LT		 1872 */
1873 chunk = 2048;
1874 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1875 chunk = 65536;
1876 if (count < chunk)
1877 chunk = count;
1878
70522e12 1879 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1da177e4
LT		 1880 if (tty->write_cnt < chunk) {
1881 unsigned char *buf;
1882
1883 if (chunk < 1024)
1884 chunk = 1024;
1885
1886 buf = kmalloc(chunk, GFP_KERNEL);
1887 if (!buf) {
9c1729db
AC		 1888 ret = -ENOMEM;
1889 goto out;
1da177e4
LT		 1890 }
1891 kfree(tty->write_buf);
1892 tty->write_cnt = chunk;
1893 tty->write_buf = buf;
1894 }
1895
1896 /* Do the write .. */
1897 for (;;) {
1898 size_t size = count;
1899 if (size > chunk)
1900 size = chunk;
1901 ret = -EFAULT;
1902 if (copy_from_user(tty->write_buf, buf, size))
1903 break;
1da177e4 1904 ret = write(tty, file, tty->write_buf, size);
1da177e4
LT		 1905 if (ret <= 0)
1906 break;
1907 written += ret;
1908 buf += ret;
1909 count -= ret;
1910 if (!count)
1911 break;
1912 ret = -ERESTARTSYS;
1913 if (signal_pending(current))
1914 break;
1915 cond_resched();
1916 }
1917 if (written) {
a7113a96 1918 struct inode *inode = file->f_path.dentry->d_inode;
1da177e4
LT		 1919 inode->i_mtime = current_fs_time(inode->i_sb);
1920 ret = written;
1921 }
9c1729db
AC		 1922out:
1923 tty_write_unlock(tty);
1da177e4
LT		 1924 return ret;
1925}
1926
1927
af9b897e
AC		 1928/**
1929 * tty_write - write method for tty device file
1930 * @file: tty file pointer
1931 * @buf: user data to write
1932 * @count: bytes to write
1933 * @ppos: unused
1934 *
1935 * Write data to a tty device via the line discipline.
1936 *
1937 * Locking:
1938 * Locks the line discipline as required
1939 * Writes to the tty driver are serialized by the atomic_write_lock
1940 * and are then processed in chunks to the device. The line discipline
1941 * write method will not be involked in parallel for each device
1942 * The line discipline write method is called under the big
1943 * kernel lock for historical reasons. New code should not rely on this.
1944 */
1945
37bdfb07
AC		 1946static ssize_t tty_write(struct file *file, const char __user *buf,
1947 size_t count, loff_t *ppos)
1da177e4 1948{
37bdfb07 1949 struct tty_struct *tty;
a7113a96 1950 struct inode *inode = file->f_path.dentry->d_inode;
1da177e4
LT		 1951 ssize_t ret;
1952 struct tty_ldisc *ld;
37bdfb07 1953
1da177e4
LT		 1954 tty = (struct tty_struct *)file->private_data;
1955 if (tty_paranoia_check(tty, inode, "tty_write"))
1956 return -EIO;
37bdfb07
AC		 1957 if (!tty || !tty->driver->write ||
1958 (test_bit(TTY_IO_ERROR, &tty->flags)))
1959 return -EIO;
1da177e4 1960
37bdfb07 1961 ld = tty_ldisc_ref_wait(tty);
1da177e4
LT		 1962 if (!ld->write)
1963 ret = -EIO;
1964 else
1965 ret = do_tty_write(ld->write, tty, file, buf, count);
1966 tty_ldisc_deref(ld);
1967 return ret;
1968}
1969
37bdfb07
AC		 1970ssize_t redirected_tty_write(struct file *file, const char __user *buf,
1971 size_t count, loff_t *ppos)
1da177e4
LT		 1972{
1973 struct file *p = NULL;
1974
1975 spin_lock(&redirect_lock);
1976 if (redirect) {
1977 get_file(redirect);
1978 p = redirect;
1979 }
1980 spin_unlock(&redirect_lock);
1981
1982 if (p) {
1983 ssize_t res;
1984 res = vfs_write(p, buf, count, &p->f_pos);
1985 fput(p);
1986 return res;
1987 }
1da177e4
LT		 1988 return tty_write(file, buf, count, ppos);
1989}
1990
1991static char ptychar[] = "pqrstuvwxyzabcde";
1992
af9b897e
AC		 1993/**
1994 * pty_line_name - generate name for a pty
1995 * @driver: the tty driver in use
1996 * @index: the minor number
1997 * @p: output buffer of at least 6 bytes
1998 *
1999 * Generate a name from a driver reference and write it to the output
2000 * buffer.
2001 *
2002 * Locking: None
2003 */
2004static void pty_line_name(struct tty_driver *driver, int index, char *p)
1da177e4
LT		 2005{
2006 int i = index + driver->name_base;
2007 /* ->name is initialized to "ttyp", but "tty" is expected */
2008 sprintf(p, "%s%c%x",
37bdfb07
AC		 2009 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
2010 ptychar[i >> 4 & 0xf], i & 0xf);
1da177e4
LT		 2011}
2012
af9b897e
AC		 2013/**
2014 * pty_line_name - generate name for a tty
2015 * @driver: the tty driver in use
2016 * @index: the minor number
2017 * @p: output buffer of at least 7 bytes
2018 *
2019 * Generate a name from a driver reference and write it to the output
2020 * buffer.
2021 *
2022 * Locking: None
2023 */
2024static void tty_line_name(struct tty_driver *driver, int index, char *p)
1da177e4
LT		 2025{
2026 sprintf(p, "%s%d", driver->name, index + driver->name_base);
2027}
2028
af9b897e
AC		 2029/**
2030 * init_dev - initialise a tty device
2031 * @driver: tty driver we are opening a device on
2032 * @idx: device index
2033 * @tty: returned tty structure
2034 *
2035 * Prepare a tty device. This may not be a "new" clean device but
2036 * could also be an active device. The pty drivers require special
2037 * handling because of this.
2038 *
2039 * Locking:
2040 * The function is called under the tty_mutex, which
2041 * protects us from the tty struct or driver itself going away.
2042 *
2043 * On exit the tty device has the line discipline attached and
2044 * a reference count of 1. If a pair was created for pty/tty use
2045 * and the other was a pty master then it too has a reference count of 1.
2046 *
1da177e4 2047 * WSH 06/09/97: Rewritten to remove races and properly clean up after a
70522e12
IM		 2048 * failed open. The new code protects the open with a mutex, so it's
2049 * really quite straightforward. The mutex locking can probably be
1da177e4
LT		 2050 * relaxed for the (most common) case of reopening a tty.
2051 */
af9b897e 2052
1da177e4
LT		 2053static int init_dev(struct tty_driver *driver, int idx,
2054 struct tty_struct **ret_tty)
2055{
2056 struct tty_struct *tty, *o_tty;
edc6afc5
AC		 2057 struct ktermios *tp, **tp_loc, *o_tp, **o_tp_loc;
2058 struct ktermios *ltp, **ltp_loc, *o_ltp, **o_ltp_loc;
af9b897e 2059 int retval = 0;
1da177e4
LT		 2060
2061 /* check whether we're reopening an existing tty */
2062 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
2063 tty = devpts_get_tty(idx);
5a39e8c6
ASRF		 2064 /*
2065 * If we don't have a tty here on a slave open, it's because
2066 * the master already started the close process and there's
2067 * no relation between devpts file and tty anymore.
2068 */
2069 if (!tty && driver->subtype == PTY_TYPE_SLAVE) {
2070 retval = -EIO;
2071 goto end_init;
2072 }
2073 /*
2074 * It's safe from now on because init_dev() is called with
2075 * tty_mutex held and release_dev() won't change tty->count
2076 * or tty->flags without having to grab tty_mutex
2077 */
1da177e4
LT		 2078 if (tty && driver->subtype == PTY_TYPE_MASTER)
2079 tty = tty->link;
2080 } else {
2081 tty = driver->ttys[idx];
2082 }
2083 if (tty) goto fast_track;
2084
2085 /*
2086 * First time open is complex, especially for PTY devices.
2087 * This code guarantees that either everything succeeds and the
2088 * TTY is ready for operation, or else the table slots are vacated
37bdfb07 2089 * and the allocated memory released. (Except that the termios
1da177e4
LT		 2090 * and locked termios may be retained.)
2091 */
2092
2093 if (!try_module_get(driver->owner)) {
2094 retval = -ENODEV;
2095 goto end_init;
2096 }
2097
2098 o_tty = NULL;
2099 tp = o_tp = NULL;
2100 ltp = o_ltp = NULL;
2101
2102 tty = alloc_tty_struct();
37bdfb07 2103 if (!tty)
1da177e4
LT		 2104 goto fail_no_mem;
2105 initialize_tty_struct(tty);
2106 tty->driver = driver;
2107 tty->index = idx;
2108 tty_line_name(driver, idx, tty->name);
2109
2110 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
2111 tp_loc = &tty->termios;
2112 ltp_loc = &tty->termios_locked;
2113 } else {
2114 tp_loc = &driver->termios[idx];
2115 ltp_loc = &driver->termios_locked[idx];
2116 }
2117
2118 if (!*tp_loc) {
abcb1ff3 2119 tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
1da177e4
LT		 2120 if (!tp)
2121 goto free_mem_out;
2122 *tp = driver->init_termios;
2123 }
2124
2125 if (!*ltp_loc) {
506eb99a 2126 ltp = kzalloc(sizeof(struct ktermios), GFP_KERNEL);
1da177e4
LT		 2127 if (!ltp)
2128 goto free_mem_out;
1da177e4
LT		 2129 }
2130
2131 if (driver->type == TTY_DRIVER_TYPE_PTY) {
2132 o_tty = alloc_tty_struct();
2133 if (!o_tty)
2134 goto free_mem_out;
2135 initialize_tty_struct(o_tty);
2136 o_tty->driver = driver->other;
2137 o_tty->index = idx;
2138 tty_line_name(driver->other, idx, o_tty->name);
2139
2140 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
2141 o_tp_loc = &o_tty->termios;
2142 o_ltp_loc = &o_tty->termios_locked;
2143 } else {
2144 o_tp_loc = &driver->other->termios[idx];
2145 o_ltp_loc = &driver->other->termios_locked[idx];
2146 }
2147
2148 if (!*o_tp_loc) {
abcb1ff3 2149 o_tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
1da177e4
LT		 2150 if (!o_tp)
2151 goto free_mem_out;
2152 *o_tp = driver->other->init_termios;
2153 }
2154
2155 if (!*o_ltp_loc) {
506eb99a 2156 o_ltp = kzalloc(sizeof(struct ktermios), GFP_KERNEL);
1da177e4
LT		 2157 if (!o_ltp)
2158 goto free_mem_out;
1da177e4
LT		 2159 }
2160
2161 /*
2162 * Everything allocated ... set up the o_tty structure.
2163 */
37bdfb07 2164 if (!(driver->other->flags & TTY_DRIVER_DEVPTS_MEM))
1da177e4 2165 driver->other->ttys[idx] = o_tty;
1da177e4
LT		 2166 if (!*o_tp_loc)
2167 *o_tp_loc = o_tp;
2168 if (!*o_ltp_loc)
2169 *o_ltp_loc = o_ltp;
2170 o_tty->termios = *o_tp_loc;
2171 o_tty->termios_locked = *o_ltp_loc;
2172 driver->other->refcount++;
2173 if (driver->subtype == PTY_TYPE_MASTER)
2174 o_tty->count++;
2175
2176 /* Establish the links in both directions */
2177 tty->link = o_tty;
2178 o_tty->link = tty;
2179 }
2180
37bdfb07 2181 /*
1da177e4 2182 * All structures have been allocated, so now we install them.
d5698c28 2183 * Failures after this point use release_tty to clean up, so
1da177e4
LT		 2184 * there's no need to null out the local pointers.
2185 */
37bdfb07 2186 if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM))
1da177e4 2187 driver->ttys[idx] = tty;
37bdfb07 2188
1da177e4
LT		 2189 if (!*tp_loc)
2190 *tp_loc = tp;
2191 if (!*ltp_loc)
2192 *ltp_loc = ltp;
2193 tty->termios = *tp_loc;
2194 tty->termios_locked = *ltp_loc;
edc6afc5
AC		 2195 /* Compatibility until drivers always set this */
2196 tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
2197 tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
1da177e4
LT		 2198 driver->refcount++;
2199 tty->count++;
2200
37bdfb07 2201 /*
1da177e4 2202 * Structures all installed ... call the ldisc open routines.
d5698c28
CH		 2203 * If we fail here just call release_tty to clean up. No need
2204 * to decrement the use counts, as release_tty doesn't care.
1da177e4
LT		 2205 */
2206
2207 if (tty->ldisc.open) {
2208 retval = (tty->ldisc.open)(tty);
2209 if (retval)
2210 goto release_mem_out;
2211 }
2212 if (o_tty && o_tty->ldisc.open) {
2213 retval = (o_tty->ldisc.open)(o_tty);
2214 if (retval) {
2215 if (tty->ldisc.close)
2216 (tty->ldisc.close)(tty);
2217 goto release_mem_out;
2218 }
2219 tty_ldisc_enable(o_tty);
2220 }
2221 tty_ldisc_enable(tty);
2222 goto success;
2223
2224 /*
2225 * This fast open can be used if the tty is already open.
2226 * No memory is allocated, and the only failures are from
2227 * attempting to open a closing tty or attempting multiple
2228 * opens on a pty master.
2229 */
2230fast_track:
2231 if (test_bit(TTY_CLOSING, &tty->flags)) {
2232 retval = -EIO;
2233 goto end_init;
2234 }
2235 if (driver->type == TTY_DRIVER_TYPE_PTY &&
2236 driver->subtype == PTY_TYPE_MASTER) {
2237 /*
37bdfb07 2238 * special case for PTY masters: only one open permitted,
1da177e4
LT		 2239 * and the slave side open count is incremented as well.
2240 */
2241 if (tty->count) {
2242 retval = -EIO;
2243 goto end_init;
2244 }
2245 tty->link->count++;
2246 }
2247 tty->count++;
2248 tty->driver = driver; /* N.B. why do this every time?? */
2249
2250 /* FIXME */
37bdfb07 2251 if (!test_bit(TTY_LDISC, &tty->flags))
1da177e4
LT		 2252 printk(KERN_ERR "init_dev but no ldisc\n");
2253success:
2254 *ret_tty = tty;
37bdfb07 2255
70522e12 2256 /* All paths come through here to release the mutex */
1da177e4
LT		 2257end_init:
2258 return retval;
2259
2260 /* Release locally allocated memory ... nothing placed in slots */
2261free_mem_out:
735d5661 2262 kfree(o_tp);
1da177e4
LT		 2263 if (o_tty)
2264 free_tty_struct(o_tty);
735d5661
JJ		 2265 kfree(ltp);
2266 kfree(tp);
1da177e4
LT		 2267 free_tty_struct(tty);
2268
2269fail_no_mem:
2270 module_put(driver->owner);
2271 retval = -ENOMEM;
2272 goto end_init;
2273
d5698c28 2274 /* call the tty release_tty routine to clean out this slot */
1da177e4 2275release_mem_out:
4050914f
AM		 2276 if (printk_ratelimit())
2277 printk(KERN_INFO "init_dev: ldisc open failed, "
2278 "clearing slot %d\n", idx);
d5698c28 2279 release_tty(tty, idx);
1da177e4
LT		 2280 goto end_init;
2281}
2282
af9b897e 2283/**
d5698c28 2284 * release_one_tty - release tty structure memory
af9b897e
AC		 2285 *
2286 * Releases memory associated with a tty structure, and clears out the
2287 * driver table slots. This function is called when a device is no longer
2288 * in use. It also gets called when setup of a device fails.
2289 *
2290 * Locking:
2291 * tty_mutex - sometimes only
2292 * takes the file list lock internally when working on the list
2293 * of ttys that the driver keeps.
2294 * FIXME: should we require tty_mutex is held here ??
1da177e4 2295 */
d5698c28 2296static void release_one_tty(struct tty_struct *tty, int idx)
1da177e4 2297{
1da177e4 2298 int devpts = tty->driver->flags & TTY_DRIVER_DEVPTS_MEM;
d5698c28 2299 struct ktermios *tp;
1da177e4
LT		 2300
2301 if (!devpts)
2302 tty->driver->ttys[idx] = NULL;
d5698c28 2303
1da177e4
LT		 2304 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
2305 tp = tty->termios;
2306 if (!devpts)
2307 tty->driver->termios[idx] = NULL;
2308 kfree(tp);
2309
2310 tp = tty->termios_locked;
2311 if (!devpts)
2312 tty->driver->termios_locked[idx] = NULL;
2313 kfree(tp);
2314 }
2315
d5698c28 2316
1da177e4
LT		 2317 tty->magic = 0;
2318 tty->driver->refcount--;
d5698c28 2319
1da177e4
LT		 2320 file_list_lock();
2321 list_del_init(&tty->tty_files);
2322 file_list_unlock();
d5698c28 2323
1da177e4
LT		 2324 free_tty_struct(tty);
2325}
2326
d5698c28
CH		 2327/**
2328 * release_tty - release tty structure memory
2329 *
2330 * Release both @tty and a possible linked partner (think pty pair),
2331 * and decrement the refcount of the backing module.
2332 *
2333 * Locking:
2334 * tty_mutex - sometimes only
2335 * takes the file list lock internally when working on the list
2336 * of ttys that the driver keeps.
2337 * FIXME: should we require tty_mutex is held here ??
2338 */
2339static void release_tty(struct tty_struct *tty, int idx)
2340{
2341 struct tty_driver *driver = tty->driver;
2342
2343 if (tty->link)
2344 release_one_tty(tty->link, idx);
2345 release_one_tty(tty, idx);
2346 module_put(driver->owner);
2347}
2348
1da177e4
LT		 2349/*
2350 * Even releasing the tty structures is a tricky business.. We have
2351 * to be very careful that the structures are all released at the
2352 * same time, as interrupts might otherwise get the wrong pointers.
2353 *
2354 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
2355 * lead to double frees or releasing memory still in use.
2356 */
37bdfb07 2357static void release_dev(struct file *filp)
1da177e4
LT		 2358{
2359 struct tty_struct *tty, *o_tty;
2360 int pty_master, tty_closing, o_tty_closing, do_sleep;
14a6283e 2361 int devpts;
1da177e4
LT		 2362 int idx;
2363 char buf[64];
2364 unsigned long flags;
37bdfb07 2365
1da177e4 2366 tty = (struct tty_struct *)filp->private_data;
37bdfb07
AC		 2367 if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode,
2368 "release_dev"))
1da177e4
LT		 2369 return;
2370
2371 check_tty_count(tty, "release_dev");
2372
2373 tty_fasync(-1, filp, 0);
2374
2375 idx = tty->index;
2376 pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2377 tty->driver->subtype == PTY_TYPE_MASTER);
2378 devpts = (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) != 0;
1da177e4
LT		 2379 o_tty = tty->link;
2380
2381#ifdef TTY_PARANOIA_CHECK
2382 if (idx < 0 || idx >= tty->driver->num) {
2383 printk(KERN_DEBUG "release_dev: bad idx when trying to "
2384 "free (%s)\n", tty->name);
2385 return;
2386 }
2387 if (!(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2388 if (tty != tty->driver->ttys[idx]) {
2389 printk(KERN_DEBUG "release_dev: driver.table[%d] not tty "
2390 "for (%s)\n", idx, tty->name);
2391 return;
2392 }
2393 if (tty->termios != tty->driver->termios[idx]) {
2394 printk(KERN_DEBUG "release_dev: driver.termios[%d] not termios "
2395 "for (%s)\n",
2396 idx, tty->name);
2397 return;
2398 }
2399 if (tty->termios_locked != tty->driver->termios_locked[idx]) {
2400 printk(KERN_DEBUG "release_dev: driver.termios_locked[%d] not "
2401 "termios_locked for (%s)\n",
2402 idx, tty->name);
2403 return;
2404 }
2405 }
2406#endif
2407
2408#ifdef TTY_DEBUG_HANGUP
2409 printk(KERN_DEBUG "release_dev of %s (tty count=%d)...",
2410 tty_name(tty, buf), tty->count);
2411#endif
2412
2413#ifdef TTY_PARANOIA_CHECK
2414 if (tty->driver->other &&
2415 !(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2416 if (o_tty != tty->driver->other->ttys[idx]) {
2417 printk(KERN_DEBUG "release_dev: other->table[%d] "
2418 "not o_tty for (%s)\n",
2419 idx, tty->name);
2420 return;
2421 }
2422 if (o_tty->termios != tty->driver->other->termios[idx]) {
2423 printk(KERN_DEBUG "release_dev: other->termios[%d] "
2424 "not o_termios for (%s)\n",
2425 idx, tty->name);
2426 return;
2427 }
37bdfb07 2428 if (o_tty->termios_locked !=
1da177e4
LT		 2429 tty->driver->other->termios_locked[idx]) {
2430 printk(KERN_DEBUG "release_dev: other->termios_locked["
2431 "%d] not o_termios_locked for (%s)\n",
2432 idx, tty->name);
2433 return;
2434 }
2435 if (o_tty->link != tty) {
2436 printk(KERN_DEBUG "release_dev: bad pty pointers\n");
2437 return;
2438 }
2439 }
2440#endif
2441 if (tty->driver->close)
2442 tty->driver->close(tty, filp);
2443
2444 /*
2445 * Sanity check: if tty->count is going to zero, there shouldn't be
2446 * any waiters on tty->read_wait or tty->write_wait. We test the
2447 * wait queues and kick everyone out _before_ actually starting to
2448 * close. This ensures that we won't block while releasing the tty
2449 * structure.
2450 *
2451 * The test for the o_tty closing is necessary, since the master and
2452 * slave sides may close in any order. If the slave side closes out
2453 * first, its count will be one, since the master side holds an open.
2454 * Thus this test wouldn't be triggered at the time the slave closes,
2455 * so we do it now.
2456 *
2457 * Note that it's possible for the tty to be opened again while we're
2458 * flushing out waiters. By recalculating the closing flags before
2459 * each iteration we avoid any problems.
2460 */
2461 while (1) {
2462 /* Guard against races with tty->count changes elsewhere and
2463 opens on /dev/tty */
37bdfb07 2464
70522e12 2465 mutex_lock(&tty_mutex);
1da177e4
LT		 2466 tty_closing = tty->count <= 1;
2467 o_tty_closing = o_tty &&
2468 (o_tty->count <= (pty_master ? 1 : 0));
1da177e4
LT		 2469 do_sleep = 0;
2470
2471 if (tty_closing) {
2472 if (waitqueue_active(&tty->read_wait)) {
2473 wake_up(&tty->read_wait);
2474 do_sleep++;
2475 }
2476 if (waitqueue_active(&tty->write_wait)) {
2477 wake_up(&tty->write_wait);
2478 do_sleep++;
2479 }
2480 }
2481 if (o_tty_closing) {
2482 if (waitqueue_active(&o_tty->read_wait)) {
2483 wake_up(&o_tty->read_wait);
2484 do_sleep++;
2485 }
2486 if (waitqueue_active(&o_tty->write_wait)) {
2487 wake_up(&o_tty->write_wait);
2488 do_sleep++;
2489 }
2490 }
2491 if (!do_sleep)
2492 break;
2493
2494 printk(KERN_WARNING "release_dev: %s: read/write wait queue "
2495 "active!\n", tty_name(tty, buf));
70522e12 2496 mutex_unlock(&tty_mutex);
1da177e4 2497 schedule();
37bdfb07 2498 }
1da177e4
LT		 2499
2500 /*
37bdfb07
AC		 2501 * The closing flags are now consistent with the open counts on
2502 * both sides, and we've completed the last operation that could
1da177e4
LT		 2503 * block, so it's safe to proceed with closing.
2504 */
1da177e4
LT		 2505 if (pty_master) {
2506 if (--o_tty->count < 0) {
2507 printk(KERN_WARNING "release_dev: bad pty slave count "
2508 "(%d) for %s\n",
2509 o_tty->count, tty_name(o_tty, buf));
2510 o_tty->count = 0;
2511 }
2512 }
2513 if (--tty->count < 0) {
2514 printk(KERN_WARNING "release_dev: bad tty->count (%d) for %s\n",
2515 tty->count, tty_name(tty, buf));
2516 tty->count = 0;
2517 }
37bdfb07 2518
1da177e4
LT		 2519 /*
2520 * We've decremented tty->count, so we need to remove this file
2521 * descriptor off the tty->tty_files list; this serves two
2522 * purposes:
2523 * - check_tty_count sees the correct number of file descriptors
2524 * associated with this tty.
2525 * - do_tty_hangup no longer sees this file descriptor as
2526 * something that needs to be handled for hangups.
2527 */
2528 file_kill(filp);
2529 filp->private_data = NULL;
2530
2531 /*
2532 * Perform some housekeeping before deciding whether to return.
2533 *
2534 * Set the TTY_CLOSING flag if this was the last open. In the
2535 * case of a pty we may have to wait around for the other side
2536 * to close, and TTY_CLOSING makes sure we can't be reopened.
2537 */
37bdfb07 2538 if (tty_closing)
1da177e4 2539 set_bit(TTY_CLOSING, &tty->flags);
37bdfb07 2540 if (o_tty_closing)
1da177e4
LT		 2541 set_bit(TTY_CLOSING, &o_tty->flags);
2542
2543 /*
2544 * If _either_ side is closing, make sure there aren't any
2545 * processes that still think tty or o_tty is their controlling
2546 * tty.
2547 */
2548 if (tty_closing || o_tty_closing) {
1da177e4 2549 read_lock(&tasklist_lock);
24ec839c 2550 session_clear_tty(tty->session);
1da177e4 2551 if (o_tty)
24ec839c 2552 session_clear_tty(o_tty->session);
1da177e4
LT		 2553 read_unlock(&tasklist_lock);
2554 }
2555
70522e12 2556 mutex_unlock(&tty_mutex);
da965822 2557
1da177e4
LT		 2558 /* check whether both sides are closing ... */
2559 if (!tty_closing || (o_tty && !o_tty_closing))
2560 return;
37bdfb07 2561
1da177e4
LT		 2562#ifdef TTY_DEBUG_HANGUP
2563 printk(KERN_DEBUG "freeing tty structure...");
2564#endif
2565 /*
2566 * Prevent flush_to_ldisc() from rescheduling the work for later. Then
2567 * kill any delayed work. As this is the final close it does not
2568 * race with the set_ldisc code path.
2569 */
2570 clear_bit(TTY_LDISC, &tty->flags);
33f0f88f 2571 cancel_delayed_work(&tty->buf.work);
1da177e4
LT		 2572
2573 /*
33f0f88f 2574 * Wait for ->hangup_work and ->buf.work handlers to terminate
1da177e4 2575 */
37bdfb07 2576
1da177e4 2577 flush_scheduled_work();
37bdfb07 2578
1da177e4
LT		 2579 /*
2580 * Wait for any short term users (we know they are just driver
2581 * side waiters as the file is closing so user count on the file
2582 * side is zero.
2583 */
2584 spin_lock_irqsave(&tty_ldisc_lock, flags);
37bdfb07 2585 while (tty->ldisc.refcount) {
1da177e4
LT		 2586 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
2587 wait_event(tty_ldisc_wait, tty->ldisc.refcount == 0);
2588 spin_lock_irqsave(&tty_ldisc_lock, flags);
2589 }
2590 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
2591 /*
2592 * Shutdown the current line discipline, and reset it to N_TTY.
2593 * N.B. why reset ldisc when we're releasing the memory??
2594 *
2595 * FIXME: this MUST get fixed for the new reflocking
2596 */
2597 if (tty->ldisc.close)
2598 (tty->ldisc.close)(tty);
2599 tty_ldisc_put(tty->ldisc.num);
37bdfb07 2600
1da177e4
LT		 2601 /*
2602 * Switch the line discipline back
2603 */
2604 tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
37bdfb07 2605 tty_set_termios_ldisc(tty, N_TTY);
1da177e4
LT		 2606 if (o_tty) {
2607 /* FIXME: could o_tty be in setldisc here ? */
2608 clear_bit(TTY_LDISC, &o_tty->flags);
2609 if (o_tty->ldisc.close)
2610 (o_tty->ldisc.close)(o_tty);
2611 tty_ldisc_put(o_tty->ldisc.num);
2612 tty_ldisc_assign(o_tty, tty_ldisc_get(N_TTY));
37bdfb07 2613 tty_set_termios_ldisc(o_tty, N_TTY);
1da177e4
LT		 2614 }
2615 /*
d5698c28 2616 * The release_tty function takes care of the details of clearing
1da177e4
LT		 2617 * the slots and preserving the termios structure.
2618 */
d5698c28 2619 release_tty(tty, idx);
1da177e4
LT		 2620
2621#ifdef CONFIG_UNIX98_PTYS
2622 /* Make this pty number available for reallocation */
2623 if (devpts) {
a6752f3f 2624 mutex_lock(&allocated_ptys_lock);
1da177e4 2625 idr_remove(&allocated_ptys, idx);
a6752f3f 2626 mutex_unlock(&allocated_ptys_lock);
1da177e4
LT		 2627 }
2628#endif
2629
2630}
2631
af9b897e
AC		 2632/**
2633 * tty_open - open a tty device
2634 * @inode: inode of device file
2635 * @filp: file pointer to tty
1da177e4 2636 *
af9b897e
AC		 2637 * tty_open and tty_release keep up the tty count that contains the
2638 * number of opens done on a tty. We cannot use the inode-count, as
2639 * different inodes might point to the same tty.
1da177e4 2640 *
af9b897e
AC		 2641 * Open-counting is needed for pty masters, as well as for keeping
2642 * track of serial lines: DTR is dropped when the last close happens.
2643 * (This is not done solely through tty->count, now. - Ted 1/27/92)
2644 *
2645 * The termios state of a pty is reset on first open so that
2646 * settings don't persist across reuse.
2647 *
24ec839c
PZ		 2648 * Locking: tty_mutex protects tty, get_tty_driver and init_dev work.
2649 * tty->count should protect the rest.
2650 * ->siglock protects ->signal/->sighand
1da177e4 2651 */
af9b897e 2652
37bdfb07 2653static int tty_open(struct inode *inode, struct file *filp)
1da177e4
LT		 2654{
2655 struct tty_struct *tty;
2656 int noctty, retval;
2657 struct tty_driver *driver;
2658 int index;
2659 dev_t device = inode->i_rdev;
2660 unsigned short saved_flags = filp->f_flags;
2661
2662 nonseekable_open(inode, filp);
37bdfb07 2663
1da177e4
LT		 2664retry_open:
2665 noctty = filp->f_flags & O_NOCTTY;
2666 index = -1;
2667 retval = 0;
37bdfb07 2668
70522e12 2669 mutex_lock(&tty_mutex);
1da177e4 2670
37bdfb07 2671 if (device == MKDEV(TTYAUX_MAJOR, 0)) {
24ec839c
PZ		 2672 tty = get_current_tty();
2673 if (!tty) {
70522e12 2674 mutex_unlock(&tty_mutex);
1da177e4
LT		 2675 return -ENXIO;
2676 }
24ec839c
PZ		 2677 driver = tty->driver;
2678 index = tty->index;
1da177e4
LT		 2679 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
2680 /* noctty = 1; */
2681 goto got_driver;
2682 }
2683#ifdef CONFIG_VT
37bdfb07 2684 if (device == MKDEV(TTY_MAJOR, 0)) {
1da177e4
LT		 2685 extern struct tty_driver *console_driver;
2686 driver = console_driver;
2687 index = fg_console;
2688 noctty = 1;
2689 goto got_driver;
2690 }
2691#endif
37bdfb07 2692 if (device == MKDEV(TTYAUX_MAJOR, 1)) {
1da177e4
LT		 2693 driver = console_device(&index);
2694 if (driver) {
2695 /* Don't let /dev/console block */
2696 filp->f_flags |= O_NONBLOCK;
2697 noctty = 1;
2698 goto got_driver;
2699 }
70522e12 2700 mutex_unlock(&tty_mutex);
1da177e4
LT		 2701 return -ENODEV;
2702 }
2703
2704 driver = get_tty_driver(device, &index);
2705 if (!driver) {
70522e12 2706 mutex_unlock(&tty_mutex);
1da177e4
LT		 2707 return -ENODEV;
2708 }
2709got_driver:
2710 retval = init_dev(driver, index, &tty);
70522e12 2711 mutex_unlock(&tty_mutex);
1da177e4
LT		 2712 if (retval)
2713 return retval;
2714
2715 filp->private_data = tty;
2716 file_move(filp, &tty->tty_files);
2717 check_tty_count(tty, "tty_open");
2718 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2719 tty->driver->subtype == PTY_TYPE_MASTER)
2720 noctty = 1;
2721#ifdef TTY_DEBUG_HANGUP
2722 printk(KERN_DEBUG "opening %s...", tty->name);
2723#endif
2724 if (!retval) {
2725 if (tty->driver->open)
2726 retval = tty->driver->open(tty, filp);
2727 else
2728 retval = -ENODEV;
2729 }
2730 filp->f_flags = saved_flags;
2731
37bdfb07
AC		 2732 if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) &&
2733 !capable(CAP_SYS_ADMIN))
1da177e4
LT		 2734 retval = -EBUSY;
2735
2736 if (retval) {
2737#ifdef TTY_DEBUG_HANGUP
2738 printk(KERN_DEBUG "error %d in opening %s...", retval,
2739 tty->name);
2740#endif
2741 release_dev(filp);
2742 if (retval != -ERESTARTSYS)
2743 return retval;
2744 if (signal_pending(current))
2745 return retval;
2746 schedule();
2747 /*
2748 * Need to reset f_op in case a hangup happened.
2749 */
2750 if (filp->f_op == &hung_up_tty_fops)
2751 filp->f_op = &tty_fops;
2752 goto retry_open;
2753 }
24ec839c
PZ		 2754
2755 mutex_lock(&tty_mutex);
2756 spin_lock_irq(&current->sighand->siglock);
1da177e4
LT		 2757 if (!noctty &&
2758 current->signal->leader &&
2759 !current->signal->tty &&
ab521dc0 2760 tty->session == NULL)
2a65f1d9 2761 __proc_set_tty(current, tty);
24ec839c
PZ		 2762 spin_unlock_irq(&current->sighand->siglock);
2763 mutex_unlock(&tty_mutex);
1da177e4
LT		 2764 return 0;
2765}
2766
2767#ifdef CONFIG_UNIX98_PTYS
af9b897e
AC		 2768/**
2769 * ptmx_open - open a unix 98 pty master
2770 * @inode: inode of device file
2771 * @filp: file pointer to tty
2772 *
2773 * Allocate a unix98 pty master device from the ptmx driver.
2774 *
2775 * Locking: tty_mutex protects theinit_dev work. tty->count should
37bdfb07 2776 * protect the rest.
af9b897e
AC		 2777 * allocated_ptys_lock handles the list of free pty numbers
2778 */
2779
37bdfb07 2780static int ptmx_open(struct inode *inode, struct file *filp)
1da177e4
LT		 2781{
2782 struct tty_struct *tty;
2783 int retval;
2784 int index;
2785 int idr_ret;
2786
2787 nonseekable_open(inode, filp);
2788
2789 /* find a device that is not in use. */
a6752f3f 2790 mutex_lock(&allocated_ptys_lock);
1da177e4 2791 if (!idr_pre_get(&allocated_ptys, GFP_KERNEL)) {
a6752f3f 2792 mutex_unlock(&allocated_ptys_lock);
1da177e4
LT		 2793 return -ENOMEM;
2794 }
2795 idr_ret = idr_get_new(&allocated_ptys, NULL, &index);
2796 if (idr_ret < 0) {
a6752f3f 2797 mutex_unlock(&allocated_ptys_lock);
1da177e4
LT		 2798 if (idr_ret == -EAGAIN)
2799 return -ENOMEM;
2800 return -EIO;
2801 }
2802 if (index >= pty_limit) {
2803 idr_remove(&allocated_ptys, index);
a6752f3f 2804 mutex_unlock(&allocated_ptys_lock);
1da177e4
LT		 2805 return -EIO;
2806 }
a6752f3f 2807 mutex_unlock(&allocated_ptys_lock);
1da177e4 2808
70522e12 2809 mutex_lock(&tty_mutex);
1da177e4 2810 retval = init_dev(ptm_driver, index, &tty);
70522e12 2811 mutex_unlock(&tty_mutex);
37bdfb07 2812
1da177e4
LT		 2813 if (retval)
2814 goto out;
2815
2816 set_bit(TTY_PTY_LOCK, &tty->flags); /* LOCK THE SLAVE */
2817 filp->private_data = tty;
2818 file_move(filp, &tty->tty_files);
2819
2820 retval = -ENOMEM;
2821 if (devpts_pty_new(tty->link))
2822 goto out1;
2823
2824 check_tty_count(tty, "tty_open");
2825 retval = ptm_driver->open(tty, filp);
41126226 2826 if (!retval)
1da177e4
LT		 2827 return 0;
2828out1:
2829 release_dev(filp);
9453a5ad 2830 return retval;
1da177e4 2831out:
a6752f3f 2832 mutex_lock(&allocated_ptys_lock);
1da177e4 2833 idr_remove(&allocated_ptys, index);
a6752f3f 2834 mutex_unlock(&allocated_ptys_lock);
1da177e4
LT		 2835 return retval;
2836}
2837#endif
2838
af9b897e
AC		 2839/**
2840 * tty_release - vfs callback for close
2841 * @inode: inode of tty
2842 * @filp: file pointer for handle to tty
2843 *
2844 * Called the last time each file handle is closed that references
2845 * this tty. There may however be several such references.
2846 *
2847 * Locking:
2848 * Takes bkl. See release_dev
2849 */
2850
37bdfb07 2851static int tty_release(struct inode *inode, struct file *filp)
1da177e4
LT		 2852{
2853 lock_kernel();
2854 release_dev(filp);
2855 unlock_kernel();
2856 return 0;
2857}
2858
af9b897e
AC		 2859/**
2860 * tty_poll - check tty status
2861 * @filp: file being polled
2862 * @wait: poll wait structures to update
2863 *
2864 * Call the line discipline polling method to obtain the poll
2865 * status of the device.
2866 *
2867 * Locking: locks called line discipline but ldisc poll method
2868 * may be re-entered freely by other callers.
2869 */
2870
37bdfb07 2871static unsigned int tty_poll(struct file *filp, poll_table *wait)
1da177e4 2872{
37bdfb07 2873 struct tty_struct *tty;
1da177e4
LT		 2874 struct tty_ldisc *ld;
2875 int ret = 0;
2876
2877 tty = (struct tty_struct *)filp->private_data;
a7113a96 2878 if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_poll"))
1da177e4 2879 return 0;
37bdfb07 2880
1da177e4
LT		 2881 ld = tty_ldisc_ref_wait(tty);
2882 if (ld->poll)
2883 ret = (ld->poll)(tty, filp, wait);
2884 tty_ldisc_deref(ld);
2885 return ret;
2886}
2887
37bdfb07 2888static int tty_fasync(int fd, struct file *filp, int on)
1da177e4 2889{
37bdfb07 2890 struct tty_struct *tty;
1da177e4
LT		 2891 int retval;
2892
2893 tty = (struct tty_struct *)filp->private_data;
a7113a96 2894 if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_fasync"))
1da177e4 2895 return 0;
37bdfb07 2896
1da177e4
LT		 2897 retval = fasync_helper(fd, filp, on, &tty->fasync);
2898 if (retval <= 0)
2899 return retval;
2900
2901 if (on) {
ab521dc0
EB		 2902 enum pid_type type;
2903 struct pid *pid;
1da177e4
LT		 2904 if (!waitqueue_active(&tty->read_wait))
2905 tty->minimum_to_wake = 1;
ab521dc0
EB		 2906 if (tty->pgrp) {
2907 pid = tty->pgrp;
2908 type = PIDTYPE_PGID;
2909 } else {
2910 pid = task_pid(current);
2911 type = PIDTYPE_PID;
2912 }
2913 retval = __f_setown(filp, pid, type, 0);
1da177e4
LT		 2914 if (retval)
2915 return retval;
2916 } else {
2917 if (!tty->fasync && !waitqueue_active(&tty->read_wait))
2918 tty->minimum_to_wake = N_TTY_BUF_SIZE;
2919 }
2920 return 0;
2921}
2922
af9b897e
AC		 2923/**
2924 * tiocsti - fake input character
2925 * @tty: tty to fake input into
2926 * @p: pointer to character
2927 *
3a4fa0a2 2928 * Fake input to a tty device. Does the necessary locking and
af9b897e
AC		 2929 * input management.
2930 *
2931 * FIXME: does not honour flow control ??
2932 *
2933 * Locking:
2934 * Called functions take tty_ldisc_lock
2935 * current->signal->tty check is safe without locks
28298232
AC		 2936 *
2937 * FIXME: may race normal receive processing
af9b897e
AC		 2938 */
2939
1da177e4
LT		 2940static int tiocsti(struct tty_struct *tty, char __user *p)
2941{
2942 char ch, mbz = 0;
2943 struct tty_ldisc *ld;
37bdfb07 2944
1da177e4
LT		 2945 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2946 return -EPERM;
2947 if (get_user(ch, p))
2948 return -EFAULT;
2949 ld = tty_ldisc_ref_wait(tty);
2950 ld->receive_buf(tty, &ch, &mbz, 1);
2951 tty_ldisc_deref(ld);
2952 return 0;
2953}
2954
af9b897e
AC		 2955/**
2956 * tiocgwinsz - implement window query ioctl
2957 * @tty; tty
2958 * @arg: user buffer for result
2959 *
808a0d38 2960 * Copies the kernel idea of the window size into the user buffer.
af9b897e 2961 *
24ec839c 2962 * Locking: tty->termios_mutex is taken to ensure the winsize data
808a0d38 2963 * is consistent.
af9b897e
AC		 2964 */
2965
37bdfb07 2966static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
1da177e4 2967{
808a0d38
AC		 2968 int err;
2969
5785c95b 2970 mutex_lock(&tty->termios_mutex);
808a0d38 2971 err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
5785c95b 2972 mutex_unlock(&tty->termios_mutex);
808a0d38
AC		 2973
2974 return err ? -EFAULT: 0;
1da177e4
LT		 2975}
2976
af9b897e
AC		 2977/**
2978 * tiocswinsz - implement window size set ioctl
2979 * @tty; tty
2980 * @arg: user buffer for result
2981 *
2982 * Copies the user idea of the window size to the kernel. Traditionally
2983 * this is just advisory information but for the Linux console it
2984 * actually has driver level meaning and triggers a VC resize.
2985 *
2986 * Locking:
ca9bda00
AC		 2987 * Called function use the console_sem is used to ensure we do
2988 * not try and resize the console twice at once.
24ec839c
PZ		 2989 * The tty->termios_mutex is used to ensure we don't double
2990 * resize and get confused. Lock order - tty->termios_mutex before
ca9bda00 2991 * console sem
af9b897e
AC		 2992 */
2993
1da177e4 2994static int tiocswinsz(struct tty_struct *tty, struct tty_struct *real_tty,
37bdfb07 2995 struct winsize __user *arg)
1da177e4
LT		 2996{
2997 struct winsize tmp_ws;
2998
2999 if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
3000 return -EFAULT;
ca9bda00 3001
5785c95b 3002 mutex_lock(&tty->termios_mutex);
1da177e4 3003 if (!memcmp(&tmp_ws, &tty->winsize, sizeof(*arg)))
ca9bda00
AC		 3004 goto done;
3005
1da177e4
LT		 3006#ifdef CONFIG_VT
3007 if (tty->driver->type == TTY_DRIVER_TYPE_CONSOLE) {
5785c95b
AV		 3008 if (vc_lock_resize(tty->driver_data, tmp_ws.ws_col,
3009 tmp_ws.ws_row)) {
3010 mutex_unlock(&tty->termios_mutex);
37bdfb07 3011 return -ENXIO;
ca9bda00 3012 }
1da177e4
LT		 3013 }
3014#endif
ab521dc0
EB		 3015 if (tty->pgrp)
3016 kill_pgrp(tty->pgrp, SIGWINCH, 1);
3017 if ((real_tty->pgrp != tty->pgrp) && real_tty->pgrp)
3018 kill_pgrp(real_tty->pgrp, SIGWINCH, 1);
1da177e4
LT		 3019 tty->winsize = tmp_ws;
3020 real_tty->winsize = tmp_ws;
ca9bda00 3021done:
5785c95b 3022 mutex_unlock(&tty->termios_mutex);
1da177e4
LT		 3023 return 0;
3024}
3025
af9b897e
AC		 3026/**
3027 * tioccons - allow admin to move logical console
3028 * @file: the file to become console
3029 *
3030 * Allow the adminstrator to move the redirected console device
3031 *
3032 * Locking: uses redirect_lock to guard the redirect information
3033 */
3034
1da177e4
LT		 3035static int tioccons(struct file *file)
3036{
3037 if (!capable(CAP_SYS_ADMIN))
3038 return -EPERM;
3039 if (file->f_op->write == redirected_tty_write) {
3040 struct file *f;
3041 spin_lock(&redirect_lock);
3042 f = redirect;
3043 redirect = NULL;
3044 spin_unlock(&redirect_lock);
3045 if (f)
3046 fput(f);
3047 return 0;
3048 }
3049 spin_lock(&redirect_lock);
3050 if (redirect) {
3051 spin_unlock(&redirect_lock);
3052 return -EBUSY;
3053 }
3054 get_file(file);
3055 redirect = file;
3056 spin_unlock(&redirect_lock);
3057 return 0;
3058}
3059
af9b897e
AC		 3060/**
3061 * fionbio - non blocking ioctl
3062 * @file: file to set blocking value
3063 * @p: user parameter
3064 *
3065 * Historical tty interfaces had a blocking control ioctl before
3066 * the generic functionality existed. This piece of history is preserved
3067 * in the expected tty API of posix OS's.
3068 *
3069 * Locking: none, the open fle handle ensures it won't go away.
3070 */
1da177e4
LT		 3071
3072static int fionbio(struct file *file, int __user *p)
3073{
3074 int nonblock;
3075
3076 if (get_user(nonblock, p))
3077 return -EFAULT;
3078
04f378b1
AC		 3079 /* file->f_flags is still BKL protected in the fs layer - vomit */
3080 lock_kernel();
1da177e4
LT		 3081 if (nonblock)
3082 file->f_flags |= O_NONBLOCK;
3083 else
3084 file->f_flags &= ~O_NONBLOCK;
04f378b1 3085 unlock_kernel();
1da177e4
LT		 3086 return 0;
3087}
3088
af9b897e
AC		 3089/**
3090 * tiocsctty - set controlling tty
3091 * @tty: tty structure
3092 * @arg: user argument
3093 *
3094 * This ioctl is used to manage job control. It permits a session
3095 * leader to set this tty as the controlling tty for the session.
3096 *
3097 * Locking:
28298232 3098 * Takes tty_mutex() to protect tty instance
24ec839c
PZ		 3099 * Takes tasklist_lock internally to walk sessions
3100 * Takes ->siglock() when updating signal->tty
af9b897e
AC		 3101 */
3102
1da177e4
LT		 3103static int tiocsctty(struct tty_struct *tty, int arg)
3104{
24ec839c 3105 int ret = 0;
ab521dc0 3106 if (current->signal->leader && (task_session(current) == tty->session))
24ec839c
PZ		 3107 return ret;
3108
3109 mutex_lock(&tty_mutex);
1da177e4
LT		 3110 /*
3111 * The process must be a session leader and
3112 * not have a controlling tty already.
3113 */
24ec839c
PZ		 3114 if (!current->signal->leader || current->signal->tty) {
3115 ret = -EPERM;
3116 goto unlock;
3117 }
3118
ab521dc0 3119 if (tty->session) {
1da177e4
LT		 3120 /*
3121 * This tty is already the controlling
3122 * tty for another session group!
3123 */
37bdfb07 3124 if (arg == 1 && capable(CAP_SYS_ADMIN)) {
1da177e4
LT		 3125 /*
3126 * Steal it away
3127 */
1da177e4 3128 read_lock(&tasklist_lock);
24ec839c 3129 session_clear_tty(tty->session);
1da177e4 3130 read_unlock(&tasklist_lock);
24ec839c
PZ		 3131 } else {
3132 ret = -EPERM;
3133 goto unlock;
3134 }
1da177e4 3135 }
24ec839c
PZ		 3136 proc_set_tty(current, tty);
3137unlock:
28298232 3138 mutex_unlock(&tty_mutex);
24ec839c 3139 return ret;
1da177e4
LT		 3140}
3141
af9b897e
AC		 3142/**
3143 * tiocgpgrp - get process group
3144 * @tty: tty passed by user
3145 * @real_tty: tty side of the tty pased by the user if a pty else the tty
3146 * @p: returned pid
3147 *
3148 * Obtain the process group of the tty. If there is no process group
3149 * return an error.
3150 *
24ec839c 3151 * Locking: none. Reference to current->signal->tty is safe.
af9b897e
AC		 3152 */
3153
1da177e4
LT		 3154static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3155{
3156 /*
3157 * (tty == real_tty) is a cheap way of
3158 * testing if the tty is NOT a master pty.
3159 */
3160 if (tty == real_tty && current->signal->tty != real_tty)
3161 return -ENOTTY;
b488893a 3162 return put_user(pid_vnr(real_tty->pgrp), p);
1da177e4
LT		 3163}
3164
af9b897e
AC		 3165/**
3166 * tiocspgrp - attempt to set process group
3167 * @tty: tty passed by user
3168 * @real_tty: tty side device matching tty passed by user
3169 * @p: pid pointer
3170 *
3171 * Set the process group of the tty to the session passed. Only
3172 * permitted where the tty session is our session.
3173 *
04f378b1 3174 * Locking: RCU
af9b897e
AC		 3175 */
3176
1da177e4
LT		 3177static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3178{
04a2e6a5
EB		 3179 struct pid *pgrp;
3180 pid_t pgrp_nr;
1da177e4
LT		 3181 int retval = tty_check_change(real_tty);
3182
3183 if (retval == -EIO)
3184 return -ENOTTY;
3185 if (retval)
3186 return retval;
3187 if (!current->signal->tty ||
3188 (current->signal->tty != real_tty) ||
ab521dc0 3189 (real_tty->session != task_session(current)))
1da177e4 3190 return -ENOTTY;
04a2e6a5 3191 if (get_user(pgrp_nr, p))
1da177e4 3192 return -EFAULT;
04a2e6a5 3193 if (pgrp_nr < 0)
1da177e4 3194 return -EINVAL;
04a2e6a5 3195 rcu_read_lock();
b488893a 3196 pgrp = find_vpid(pgrp_nr);
04a2e6a5
EB		 3197 retval = -ESRCH;
3198 if (!pgrp)
3199 goto out_unlock;
3200 retval = -EPERM;
3201 if (session_of_pgrp(pgrp) != task_session(current))
3202 goto out_unlock;
3203 retval = 0;
ab521dc0
EB		 3204 put_pid(real_tty->pgrp);
3205 real_tty->pgrp = get_pid(pgrp);
04a2e6a5
EB		 3206out_unlock:
3207 rcu_read_unlock();
3208 return retval;
1da177e4
LT		 3209}
3210
af9b897e
AC		 3211/**
3212 * tiocgsid - get session id
3213 * @tty: tty passed by user
3214 * @real_tty: tty side of the tty pased by the user if a pty else the tty
3215 * @p: pointer to returned session id
3216 *
3217 * Obtain the session id of the tty. If there is no session
3218 * return an error.
3219 *
24ec839c 3220 * Locking: none. Reference to current->signal->tty is safe.
af9b897e
AC		 3221 */
3222
1da177e4
LT		 3223static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3224{
3225 /*
3226 * (tty == real_tty) is a cheap way of
3227 * testing if the tty is NOT a master pty.
3228 */
3229 if (tty == real_tty && current->signal->tty != real_tty)
3230 return -ENOTTY;
ab521dc0 3231 if (!real_tty->session)
1da177e4 3232 return -ENOTTY;
b488893a 3233 return put_user(pid_vnr(real_tty->session), p);
1da177e4
LT		 3234}
3235
af9b897e
AC		 3236/**
3237 * tiocsetd - set line discipline
3238 * @tty: tty device
3239 * @p: pointer to user data
3240 *
3241 * Set the line discipline according to user request.
3242 *
3243 * Locking: see tty_set_ldisc, this function is just a helper
3244 */
3245
1da177e4
LT		 3246static int tiocsetd(struct tty_struct *tty, int __user *p)
3247{
3248 int ldisc;
04f378b1 3249 int ret;
1da177e4
LT		 3250
3251 if (get_user(ldisc, p))
3252 return -EFAULT;
04f378b1
AC		 3253
3254 lock_kernel();
3255 ret = tty_set_ldisc(tty, ldisc);
3256 unlock_kernel();
3257
3258 return ret;
1da177e4
LT		 3259}
3260
af9b897e
AC		 3261/**
3262 * send_break - performed time break
3263 * @tty: device to break on
3264 * @duration: timeout in mS
3265 *
3266 * Perform a timed break on hardware that lacks its own driver level
3267 * timed break functionality.
3268 *
3269 * Locking:
28298232 3270 * atomic_write_lock serializes
af9b897e 3271 *
af9b897e
AC		 3272 */
3273
b20f3ae5 3274static int send_break(struct tty_struct *tty, unsigned int duration)
1da177e4 3275{
04f378b1
AC		 3276 int retval = -EINTR;
3277
3278 lock_kernel();
9c1729db 3279 if (tty_write_lock(tty, 0) < 0)
04f378b1 3280 goto out;
1da177e4 3281 tty->driver->break_ctl(tty, -1);
9c1729db 3282 if (!signal_pending(current))
b20f3ae5 3283 msleep_interruptible(duration);
1da177e4 3284 tty->driver->break_ctl(tty, 0);
9c1729db 3285 tty_write_unlock(tty);
04f378b1
AC		 3286 if (!signal_pending(current))
3287 retval = 0;
3288out:
3289 unlock_kernel();
3290 return retval;
1da177e4
LT		 3291}
3292
af9b897e
AC		 3293/**
3294 * tiocmget - get modem status
3295 * @tty: tty device
3296 * @file: user file pointer
3297 * @p: pointer to result
3298 *
3299 * Obtain the modem status bits from the tty driver if the feature
3300 * is supported. Return -EINVAL if it is not available.
3301 *
3302 * Locking: none (up to the driver)
3303 */
3304
3305static int tty_tiocmget(struct tty_struct *tty, struct file *file, int __user *p)
1da177e4
LT		 3306{
3307 int retval = -EINVAL;
3308
3309 if (tty->driver->tiocmget) {
04f378b1 3310 lock_kernel();
1da177e4 3311 retval = tty->driver->tiocmget(tty, file);
04f378b1 3312 unlock_kernel();
1da177e4
LT		 3313
3314 if (retval >= 0)
3315 retval = put_user(retval, p);
3316 }
3317 return retval;
3318}
3319
af9b897e
AC		 3320/**
3321 * tiocmset - set modem status
3322 * @tty: tty device
3323 * @file: user file pointer
3324 * @cmd: command - clear bits, set bits or set all
3325 * @p: pointer to desired bits
3326 *
3327 * Set the modem status bits from the tty driver if the feature
3328 * is supported. Return -EINVAL if it is not available.
3329 *
3330 * Locking: none (up to the driver)
3331 */
3332
3333static int tty_tiocmset(struct tty_struct *tty, struct file *file, unsigned int cmd,
1da177e4
LT		 3334 unsigned __user *p)
3335{
3336 int retval = -EINVAL;
3337
3338 if (tty->driver->tiocmset) {
3339 unsigned int set, clear, val;
3340
3341 retval = get_user(val, p);
3342 if (retval)
3343 return retval;
3344
3345 set = clear = 0;
3346 switch (cmd) {
3347 case TIOCMBIS:
3348 set = val;
3349 break;
3350 case TIOCMBIC:
3351 clear = val;
3352 break;
3353 case TIOCMSET:
3354 set = val;
3355 clear = ~val;
3356 break;
3357 }
3358
3359 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
3360 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
3361
04f378b1 3362 lock_kernel();
1da177e4 3363 retval = tty->driver->tiocmset(tty, file, set, clear);
04f378b1 3364 unlock_kernel();
1da177e4
LT		 3365 }
3366 return retval;
3367}
3368
3369/*
3370 * Split this up, as gcc can choke on it otherwise..
3371 */
04f378b1 3372long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1da177e4
LT		 3373{
3374 struct tty_struct *tty, *real_tty;
3375 void __user *p = (void __user *)arg;
3376 int retval;
3377 struct tty_ldisc *ld;
04f378b1 3378 struct inode *inode = file->f_dentry->d_inode;
37bdfb07 3379
1da177e4
LT		 3380 tty = (struct tty_struct *)file->private_data;
3381 if (tty_paranoia_check(tty, inode, "tty_ioctl"))
3382 return -EINVAL;
3383
3384 real_tty = tty;
3385 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
3386 tty->driver->subtype == PTY_TYPE_MASTER)
3387 real_tty = tty->link;
3388
3389 /*
3390 * Break handling by driver
3391 */
04f378b1
AC		 3392
3393 retval = -EINVAL;
3394
1da177e4 3395 if (!tty->driver->break_ctl) {
37bdfb07 3396 switch (cmd) {
1da177e4
LT		 3397 case TIOCSBRK:
3398 case TIOCCBRK:
04f378b1
AC		 3399 if (tty->driver->ioctl) {
3400 lock_kernel();
3401 retval = tty->driver->ioctl(tty, file, cmd, arg);
3402 unlock_kernel();
3403 }
3404 return retval;
37bdfb07 3405
1da177e4
LT		 3406 /* These two ioctl's always return success; even if */
3407 /* the driver doesn't support them. */
3408 case TCSBRK:
3409 case TCSBRKP:
3410 if (!tty->driver->ioctl)
3411 return 0;
04f378b1 3412 lock_kernel();
1da177e4 3413 retval = tty->driver->ioctl(tty, file, cmd, arg);
04f378b1 3414 unlock_kernel();
1da177e4
LT		 3415 if (retval == -ENOIOCTLCMD)
3416 retval = 0;
3417 return retval;
3418 }
3419 }
3420
3421 /*
3422 * Factor out some common prep work
3423 */
3424 switch (cmd) {
3425 case TIOCSETD:
3426 case TIOCSBRK:
3427 case TIOCCBRK:
3428 case TCSBRK:
37bdfb07 3429 case TCSBRKP:
1da177e4
LT		 3430 retval = tty_check_change(tty);
3431 if (retval)
3432 return retval;
3433 if (cmd != TIOCCBRK) {
04f378b1 3434 lock_kernel();
1da177e4 3435 tty_wait_until_sent(tty, 0);
04f378b1 3436 unlock_kernel();
1da177e4
LT		 3437 if (signal_pending(current))
3438 return -EINTR;
3439 }
3440 break;
3441 }
3442
3443 switch (cmd) {
37bdfb07
AC		 3444 case TIOCSTI:
3445 return tiocsti(tty, p);
3446 case TIOCGWINSZ:
3447 return tiocgwinsz(tty, p);
3448 case TIOCSWINSZ:
3449 return tiocswinsz(tty, real_tty, p);
3450 case TIOCCONS:
3451 return real_tty != tty ? -EINVAL : tioccons(file);
3452 case FIONBIO:
3453 return fionbio(file, p);
3454 case TIOCEXCL:
3455 set_bit(TTY_EXCLUSIVE, &tty->flags);
3456 return 0;
3457 case TIOCNXCL:
3458 clear_bit(TTY_EXCLUSIVE, &tty->flags);
3459 return 0;
3460 case TIOCNOTTY:
3461 if (current->signal->tty != tty)
3462 return -ENOTTY;
3463 no_tty();
3464 return 0;
3465 case TIOCSCTTY:
3466 return tiocsctty(tty, arg);
3467 case TIOCGPGRP:
3468 return tiocgpgrp(tty, real_tty, p);
3469 case TIOCSPGRP:
3470 return tiocspgrp(tty, real_tty, p);
3471 case TIOCGSID:
3472 return tiocgsid(tty, real_tty, p);
3473 case TIOCGETD:
3474 /* FIXME: check this is ok */
3475 return put_user(tty->ldisc.num, (int __user *)p);
3476 case TIOCSETD:
3477 return tiocsetd(tty, p);
1da177e4 3478#ifdef CONFIG_VT
37bdfb07
AC		 3479 case TIOCLINUX:
3480 return tioclinux(tty, arg);
1da177e4 3481#endif
37bdfb07
AC		 3482 /*
3483 * Break handling
3484 */
3485 case TIOCSBRK: /* Turn break on, unconditionally */
04f378b1 3486 lock_kernel();
37bdfb07 3487 tty->driver->break_ctl(tty, -1);
04f378b1 3488 unlock_kernel();
37bdfb07 3489 return 0;
1da177e4 3490
37bdfb07 3491 case TIOCCBRK: /* Turn break off, unconditionally */
04f378b1 3492 lock_kernel();
37bdfb07 3493 tty->driver->break_ctl(tty, 0);
04f378b1 3494 unlock_kernel();
37bdfb07
AC		 3495 return 0;
3496 case TCSBRK: /* SVID version: non-zero arg --> no break */
3497 /* non-zero arg means wait for all output data
3498 * to be sent (performed above) but don't send break.
3499 * This is used by the tcdrain() termios function.
3500 */
3501 if (!arg)
3502 return send_break(tty, 250);
3503 return 0;
3504 case TCSBRKP: /* support for POSIX tcsendbreak() */
3505 return send_break(tty, arg ? arg*100 : 250);
3506
3507 case TIOCMGET:
3508 return tty_tiocmget(tty, file, p);
3509 case TIOCMSET:
3510 case TIOCMBIC:
3511 case TIOCMBIS:
3512 return tty_tiocmset(tty, file, cmd, p);
3513 case TCFLSH:
3514 switch (arg) {
3515 case TCIFLUSH:
3516 case TCIOFLUSH:
3517 /* flush tty buffer and allow ldisc to process ioctl */
3518 tty_buffer_flush(tty);
c5c34d48 3519 break;
37bdfb07
AC		 3520 }
3521 break;
1da177e4
LT		 3522 }
3523 if (tty->driver->ioctl) {
04f378b1 3524 lock_kernel();
1da177e4 3525 retval = (tty->driver->ioctl)(tty, file, cmd, arg);
04f378b1 3526 unlock_kernel();
1da177e4
LT		 3527 if (retval != -ENOIOCTLCMD)
3528 return retval;
3529 }
3530 ld = tty_ldisc_ref_wait(tty);
3531 retval = -EINVAL;
3532 if (ld->ioctl) {
04f378b1 3533 lock_kernel();
1da177e4 3534 retval = ld->ioctl(tty, file, cmd, arg);
04f378b1 3535 unlock_kernel();
1da177e4
LT		 3536 if (retval == -ENOIOCTLCMD)
3537 retval = -EINVAL;
3538 }
3539 tty_ldisc_deref(ld);
3540 return retval;
3541}
3542
e10cc1df 3543#ifdef CONFIG_COMPAT
37bdfb07 3544static long tty_compat_ioctl(struct file *file, unsigned int cmd,
e10cc1df
PF		 3545 unsigned long arg)
3546{
3547 struct inode *inode = file->f_dentry->d_inode;
3548 struct tty_struct *tty = file->private_data;
3549 struct tty_ldisc *ld;
3550 int retval = -ENOIOCTLCMD;
3551
3552 if (tty_paranoia_check(tty, inode, "tty_ioctl"))
3553 return -EINVAL;
3554
3555 if (tty->driver->compat_ioctl) {
3556 retval = (tty->driver->compat_ioctl)(tty, file, cmd, arg);
3557 if (retval != -ENOIOCTLCMD)
3558 return retval;
3559 }
3560
3561 ld = tty_ldisc_ref_wait(tty);
3562 if (ld->compat_ioctl)
3563 retval = ld->compat_ioctl(tty, file, cmd, arg);
3564 tty_ldisc_deref(ld);
3565
3566 return retval;
3567}
3568#endif
1da177e4
LT		 3569
3570/*
3571 * This implements the "Secure Attention Key" --- the idea is to
3572 * prevent trojan horses by killing all processes associated with this
3573 * tty when the user hits the "Secure Attention Key". Required for
3574 * super-paranoid applications --- see the Orange Book for more details.
37bdfb07 3575 *
1da177e4
LT		 3576 * This code could be nicer; ideally it should send a HUP, wait a few
3577 * seconds, then send a INT, and then a KILL signal. But you then
3578 * have to coordinate with the init process, since all processes associated
3579 * with the current tty must be dead before the new getty is allowed
3580 * to spawn.
3581 *
3582 * Now, if it would be correct ;-/ The current code has a nasty hole -
3583 * it doesn't catch files in flight. We may send the descriptor to ourselves
3584 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
3585 *
3586 * Nasty bug: do_SAK is being called in interrupt context. This can
3587 * deadlock. We punt it up to process context. AKPM - 16Mar2001
3588 */
8b6312f4 3589void __do_SAK(struct tty_struct *tty)
1da177e4
LT		 3590{
3591#ifdef TTY_SOFT_SAK
3592 tty_hangup(tty);
3593#else
652486fb 3594 struct task_struct *g, *p;
ab521dc0 3595 struct pid *session;
1da177e4
LT		 3596 int i;
3597 struct file *filp;
badf1662 3598 struct fdtable *fdt;
37bdfb07 3599
1da177e4
LT		 3600 if (!tty)
3601 return;
24ec839c 3602 session = tty->session;
37bdfb07 3603
b3f13deb 3604 tty_ldisc_flush(tty);
1da177e4
LT		 3605
3606 if (tty->driver->flush_buffer)
3607 tty->driver->flush_buffer(tty);
37bdfb07 3608
1da177e4 3609 read_lock(&tasklist_lock);
652486fb 3610 /* Kill the entire session */
ab521dc0 3611 do_each_pid_task(session, PIDTYPE_SID, p) {
652486fb 3612 printk(KERN_NOTICE "SAK: killed process %d"
a47afb0f 3613 " (%s): task_session_nr(p)==tty->session\n",
ba25f9dc 3614 task_pid_nr(p), p->comm);
652486fb 3615 send_sig(SIGKILL, p, 1);
ab521dc0 3616 } while_each_pid_task(session, PIDTYPE_SID, p);
652486fb
EB		 3617 /* Now kill any processes that happen to have the
3618 * tty open.
3619 */
3620 do_each_thread(g, p) {
3621 if (p->signal->tty == tty) {
1da177e4 3622 printk(KERN_NOTICE "SAK: killed process %d"
a47afb0f 3623 " (%s): task_session_nr(p)==tty->session\n",
ba25f9dc 3624 task_pid_nr(p), p->comm);
1da177e4
LT		 3625 send_sig(SIGKILL, p, 1);
3626 continue;
3627 }
3628 task_lock(p);
3629 if (p->files) {
ca99c1da
DS		 3630 /*
3631 * We don't take a ref to the file, so we must
3632 * hold ->file_lock instead.
3633 */
3634 spin_lock(&p->files->file_lock);
badf1662 3635 fdt = files_fdtable(p->files);
37bdfb07 3636 for (i = 0; i < fdt->max_fds; i++) {
1da177e4
LT		 3637 filp = fcheck_files(p->files, i);
3638 if (!filp)
3639 continue;
3640 if (filp->f_op->read == tty_read &&
3641 filp->private_data == tty) {
3642 printk(KERN_NOTICE "SAK: killed process %d"
3643 " (%s): fd#%d opened to the tty\n",
ba25f9dc 3644 task_pid_nr(p), p->comm, i);
20ac9437 3645 force_sig(SIGKILL, p);
1da177e4
LT		 3646 break;
3647 }
3648 }
ca99c1da 3649 spin_unlock(&p->files->file_lock);
1da177e4
LT		 3650 }
3651 task_unlock(p);
652486fb 3652 } while_each_thread(g, p);
1da177e4
LT		 3653 read_unlock(&tasklist_lock);
3654#endif
3655}
3656
8b6312f4
EB		 3657static void do_SAK_work(struct work_struct *work)
3658{
3659 struct tty_struct *tty =
3660 container_of(work, struct tty_struct, SAK_work);
3661 __do_SAK(tty);
3662}
3663
1da177e4
LT		 3664/*
3665 * The tq handling here is a little racy - tty->SAK_work may already be queued.
3666 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3667 * the values which we write to it will be identical to the values which it
3668 * already has. --akpm
3669 */
3670void do_SAK(struct tty_struct *tty)
3671{
3672 if (!tty)
3673 return;
1da177e4
LT		 3674 schedule_work(&tty->SAK_work);
3675}
3676
3677EXPORT_SYMBOL(do_SAK);
3678
af9b897e
AC		 3679/**
3680 * flush_to_ldisc
65f27f38 3681 * @work: tty structure passed from work queue.
af9b897e
AC		 3682 *
3683 * This routine is called out of the software interrupt to flush data
3684 * from the buffer chain to the line discipline.
3685 *
3686 * Locking: holds tty->buf.lock to guard buffer list. Drops the lock
3687 * while invoking the line discipline receive_buf method. The
3688 * receive_buf method is single threaded for each tty instance.
1da177e4 3689 */
37bdfb07 3690
65f27f38 3691static void flush_to_ldisc(struct work_struct *work)
1da177e4 3692{
65f27f38
DH		 3693 struct tty_struct *tty =
3694 container_of(work, struct tty_struct, buf.work.work);
1da177e4
LT		 3695 unsigned long flags;
3696 struct tty_ldisc *disc;
2c3bb20f 3697 struct tty_buffer *tbuf, *head;
8977d929
PF		 3698 char *char_buf;
3699 unsigned char *flag_buf;
1da177e4
LT		 3700
3701 disc = tty_ldisc_ref(tty);
3702 if (disc == NULL) /* !TTY_LDISC */
3703 return;
3704
808249ce 3705 spin_lock_irqsave(&tty->buf.lock, flags);
37bdfb07
AC		 3706 /* So we know a flush is running */
3707 set_bit(TTY_FLUSHING, &tty->flags);
2c3bb20f
PF		 3708 head = tty->buf.head;
3709 if (head != NULL) {
3710 tty->buf.head = NULL;
3711 for (;;) {
3712 int count = head->commit - head->read;
3713 if (!count) {
3714 if (head->next == NULL)
3715 break;
3716 tbuf = head;
3717 head = head->next;
3718 tty_buffer_free(tty, tbuf);
3719 continue;
3720 }
42fd552e
AC		 3721 /* Ldisc or user is trying to flush the buffers
3722 we are feeding to the ldisc, stop feeding the
3723 line discipline as we want to empty the queue */
3724 if (test_bit(TTY_FLUSHPENDING, &tty->flags))
3725 break;
2c3bb20f
PF		 3726 if (!tty->receive_room) {
3727 schedule_delayed_work(&tty->buf.work, 1);
3728 break;
3729 }
3730 if (count > tty->receive_room)
3731 count = tty->receive_room;
3732 char_buf = head->char_buf_ptr + head->read;
3733 flag_buf = head->flag_buf_ptr + head->read;
3734 head->read += count;
8977d929
PF		 3735 spin_unlock_irqrestore(&tty->buf.lock, flags);
3736 disc->receive_buf(tty, char_buf, flag_buf, count);
3737 spin_lock_irqsave(&tty->buf.lock, flags);
3738 }
42fd552e 3739 /* Restore the queue head */
2c3bb20f 3740 tty->buf.head = head;
33f0f88f 3741 }
42fd552e
AC		 3742 /* We may have a deferred request to flush the input buffer,
3743 if so pull the chain under the lock and empty the queue */
3744 if (test_bit(TTY_FLUSHPENDING, &tty->flags)) {
3745 __tty_buffer_flush(tty);
3746 clear_bit(TTY_FLUSHPENDING, &tty->flags);
3747 wake_up(&tty->read_wait);
3748 }
3749 clear_bit(TTY_FLUSHING, &tty->flags);
808249ce 3750 spin_unlock_irqrestore(&tty->buf.lock, flags);
817d6d3b 3751
1da177e4
LT		 3752 tty_ldisc_deref(disc);
3753}
3754
1da177e4
LT		 3755/**
3756 * tty_flip_buffer_push - terminal
3757 * @tty: tty to push
3758 *
3759 * Queue a push of the terminal flip buffers to the line discipline. This
3760 * function must not be called from IRQ context if tty->low_latency is set.
3761 *
3762 * In the event of the queue being busy for flipping the work will be
3763 * held off and retried later.
af9b897e
AC		 3764 *
3765 * Locking: tty buffer lock. Driver locks in low latency mode.
1da177e4
LT		 3766 */
3767
3768void tty_flip_buffer_push(struct tty_struct *tty)
3769{
808249ce
PF		 3770 unsigned long flags;
3771 spin_lock_irqsave(&tty->buf.lock, flags);
33b37a33 3772 if (tty->buf.tail != NULL)
8977d929 3773 tty->buf.tail->commit = tty->buf.tail->used;
808249ce
PF		 3774 spin_unlock_irqrestore(&tty->buf.lock, flags);
3775
1da177e4 3776 if (tty->low_latency)
65f27f38 3777 flush_to_ldisc(&tty->buf.work.work);
1da177e4 3778 else
33f0f88f 3779 schedule_delayed_work(&tty->buf.work, 1);
1da177e4
LT		 3780}
3781
3782EXPORT_SYMBOL(tty_flip_buffer_push);
3783
33f0f88f 3784
af9b897e
AC		 3785/**
3786 * initialize_tty_struct
3787 * @tty: tty to initialize
3788 *
3789 * This subroutine initializes a tty structure that has been newly
3790 * allocated.
3791 *
3792 * Locking: none - tty in question must not be exposed at this point
1da177e4 3793 */
af9b897e 3794
1da177e4
LT		 3795static void initialize_tty_struct(struct tty_struct *tty)
3796{
3797 memset(tty, 0, sizeof(struct tty_struct));
3798 tty->magic = TTY_MAGIC;
3799 tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
ab521dc0
EB		 3800 tty->session = NULL;
3801 tty->pgrp = NULL;
1da177e4 3802 tty->overrun_time = jiffies;
33f0f88f
AC		 3803 tty->buf.head = tty->buf.tail = NULL;
3804 tty_buffer_init(tty);
65f27f38 3805 INIT_DELAYED_WORK(&tty->buf.work, flush_to_ldisc);
5785c95b 3806 mutex_init(&tty->termios_mutex);
1da177e4
LT		 3807 init_waitqueue_head(&tty->write_wait);
3808 init_waitqueue_head(&tty->read_wait);
65f27f38 3809 INIT_WORK(&tty->hangup_work, do_tty_hangup);
70522e12
IM		 3810 mutex_init(&tty->atomic_read_lock);
3811 mutex_init(&tty->atomic_write_lock);
1da177e4 3812 spin_lock_init(&tty->read_lock);
04f378b1 3813 spin_lock_init(&tty->ctrl_lock);
1da177e4 3814 INIT_LIST_HEAD(&tty->tty_files);
7f1f86a0 3815 INIT_WORK(&tty->SAK_work, do_SAK_work);
1da177e4
LT		 3816}
3817
3818/*
3819 * The default put_char routine if the driver did not define one.
3820 */
af9b897e 3821
1da177e4
LT		 3822static void tty_default_put_char(struct tty_struct *tty, unsigned char ch)
3823{
3824 tty->driver->write(tty, &ch, 1);
3825}
3826
7fe845d1 3827static struct class *tty_class;
1da177e4
LT		 3828
3829/**
af9b897e
AC		 3830 * tty_register_device - register a tty device
3831 * @driver: the tty driver that describes the tty device
3832 * @index: the index in the tty driver for this tty device
3833 * @device: a struct device that is associated with this tty device.
3834 * This field is optional, if there is no known struct device
3835 * for this tty device it can be set to NULL safely.
1da177e4 3836 *
01107d34
GKH		 3837 * Returns a pointer to the struct device for this tty device
3838 * (or ERR_PTR(-EFOO) on error).
1cdcb6b4 3839 *
af9b897e
AC		 3840 * This call is required to be made to register an individual tty device
3841 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3842 * that bit is not set, this function should not be called by a tty
3843 * driver.
3844 *
3845 * Locking: ??
1da177e4 3846 */
af9b897e 3847
01107d34
GKH		 3848struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3849 struct device *device)
1da177e4
LT		 3850{
3851 char name[64];
3852 dev_t dev = MKDEV(driver->major, driver->minor_start) + index;
3853
3854 if (index >= driver->num) {
3855 printk(KERN_ERR "Attempt to register invalid tty line number "
3856 " (%d).\n", index);
1cdcb6b4 3857 return ERR_PTR(-EINVAL);
1da177e4
LT		 3858 }
3859
1da177e4
LT		 3860 if (driver->type == TTY_DRIVER_TYPE_PTY)
3861 pty_line_name(driver, index, name);
3862 else
3863 tty_line_name(driver, index, name);
1cdcb6b4 3864
01107d34 3865 return device_create(tty_class, device, dev, name);
1da177e4
LT		 3866}
3867
3868/**
af9b897e
AC		 3869 * tty_unregister_device - unregister a tty device
3870 * @driver: the tty driver that describes the tty device
3871 * @index: the index in the tty driver for this tty device
1da177e4 3872 *
af9b897e
AC		 3873 * If a tty device is registered with a call to tty_register_device() then
3874 * this function must be called when the tty device is gone.
3875 *
3876 * Locking: ??
1da177e4 3877 */
af9b897e 3878
1da177e4
LT		 3879void tty_unregister_device(struct tty_driver *driver, unsigned index)
3880{
37bdfb07
AC		 3881 device_destroy(tty_class,
3882 MKDEV(driver->major, driver->minor_start) + index);
1da177e4
LT		 3883}
3884
3885EXPORT_SYMBOL(tty_register_device);
3886EXPORT_SYMBOL(tty_unregister_device);
3887
3888struct tty_driver *alloc_tty_driver(int lines)
3889{
3890 struct tty_driver *driver;
3891
506eb99a 3892 driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL);
1da177e4 3893 if (driver) {
1da177e4
LT		 3894 driver->magic = TTY_DRIVER_MAGIC;
3895 driver->num = lines;
3896 /* later we'll move allocation of tables here */
3897 }
3898 return driver;
3899}
3900
3901void put_tty_driver(struct tty_driver *driver)
3902{
3903 kfree(driver);
3904}
3905
b68e31d0
JD		 3906void tty_set_operations(struct tty_driver *driver,
3907 const struct tty_operations *op)
1da177e4
LT		 3908{
3909 driver->open = op->open;
3910 driver->close = op->close;
3911 driver->write = op->write;
3912 driver->put_char = op->put_char;
3913 driver->flush_chars = op->flush_chars;
3914 driver->write_room = op->write_room;
3915 driver->chars_in_buffer = op->chars_in_buffer;
3916 driver->ioctl = op->ioctl;
e10cc1df 3917 driver->compat_ioctl = op->compat_ioctl;
1da177e4
LT		 3918 driver->set_termios = op->set_termios;
3919 driver->throttle = op->throttle;
3920 driver->unthrottle = op->unthrottle;
3921 driver->stop = op->stop;
3922 driver->start = op->start;
3923 driver->hangup = op->hangup;
3924 driver->break_ctl = op->break_ctl;
3925 driver->flush_buffer = op->flush_buffer;
3926 driver->set_ldisc = op->set_ldisc;
3927 driver->wait_until_sent = op->wait_until_sent;
3928 driver->send_xchar = op->send_xchar;
3929 driver->read_proc = op->read_proc;
3930 driver->write_proc = op->write_proc;
3931 driver->tiocmget = op->tiocmget;
3932 driver->tiocmset = op->tiocmset;
f2d937f3
JW		 3933#ifdef CONFIG_CONSOLE_POLL
3934 driver->poll_init = op->poll_init;
3935 driver->poll_get_char = op->poll_get_char;
3936 driver->poll_put_char = op->poll_put_char;
3937#endif
1da177e4
LT		 3938}
3939
3940
3941EXPORT_SYMBOL(alloc_tty_driver);
3942EXPORT_SYMBOL(put_tty_driver);
3943EXPORT_SYMBOL(tty_set_operations);
3944
3945/*
3946 * Called by a tty driver to register itself.
3947 */
3948int tty_register_driver(struct tty_driver *driver)
3949{
3950 int error;
37bdfb07 3951 int i;
1da177e4
LT		 3952 dev_t dev;
3953 void **p = NULL;
3954
3955 if (driver->flags & TTY_DRIVER_INSTALLED)
3956 return 0;
3957
543691a6
AW		 3958 if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM) && driver->num) {
3959 p = kzalloc(driver->num * 3 * sizeof(void *), GFP_KERNEL);
1da177e4
LT		 3960 if (!p)
3961 return -ENOMEM;
1da177e4
LT		 3962 }
3963
3964 if (!driver->major) {
37bdfb07
AC		 3965 error = alloc_chrdev_region(&dev, driver->minor_start,
3966 driver->num, driver->name);
1da177e4
LT		 3967 if (!error) {
3968 driver->major = MAJOR(dev);
3969 driver->minor_start = MINOR(dev);
3970 }
3971 } else {
3972 dev = MKDEV(driver->major, driver->minor_start);
e5717c48 3973 error = register_chrdev_region(dev, driver->num, driver->name);
1da177e4
LT		 3974 }
3975 if (error < 0) {
3976 kfree(p);
3977 return error;
3978 }
3979
3980 if (p) {
3981 driver->ttys = (struct tty_struct **)p;
edc6afc5 3982 driver->termios = (struct ktermios **)(p + driver->num);
37bdfb07
AC		 3983 driver->termios_locked = (struct ktermios **)
3984 (p + driver->num * 2);
1da177e4
LT		 3985 } else {
3986 driver->ttys = NULL;
3987 driver->termios = NULL;
3988 driver->termios_locked = NULL;
3989 }
3990
3991 cdev_init(&driver->cdev, &tty_fops);
3992 driver->cdev.owner = driver->owner;
3993 error = cdev_add(&driver->cdev, dev, driver->num);
3994 if (error) {
1da177e4
LT		 3995 unregister_chrdev_region(dev, driver->num);
3996 driver->ttys = NULL;
3997 driver->termios = driver->termios_locked = NULL;
3998 kfree(p);
3999 return error;
4000 }
4001
4002 if (!driver->put_char)
4003 driver->put_char = tty_default_put_char;
37bdfb07 4004
ca509f69 4005 mutex_lock(&tty_mutex);
1da177e4 4006 list_add(&driver->tty_drivers, &tty_drivers);
ca509f69 4007 mutex_unlock(&tty_mutex);
37bdfb07
AC		 4008
4009 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
4010 for (i = 0; i < driver->num; i++)
1da177e4
LT		 4011 tty_register_device(driver, i, NULL);
4012 }
4013 proc_tty_register_driver(driver);
4014 return 0;
4015}
4016
4017EXPORT_SYMBOL(tty_register_driver);
4018
4019/*
4020 * Called by a tty driver to unregister itself.
4021 */
4022int tty_unregister_driver(struct tty_driver *driver)
4023{
4024 int i;
edc6afc5 4025 struct ktermios *tp;
1da177e4
LT		 4026 void *p;
4027
4028 if (driver->refcount)
4029 return -EBUSY;
4030
4031 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
4032 driver->num);
ca509f69 4033 mutex_lock(&tty_mutex);
1da177e4 4034 list_del(&driver->tty_drivers);
ca509f69 4035 mutex_unlock(&tty_mutex);
1da177e4
LT		 4036
4037 /*
4038 * Free the termios and termios_locked structures because
4039 * we don't want to get memory leaks when modular tty
4040 * drivers are removed from the kernel.
4041 */
4042 for (i = 0; i < driver->num; i++) {
4043 tp = driver->termios[i];
4044 if (tp) {
4045 driver->termios[i] = NULL;
4046 kfree(tp);
4047 }
4048 tp = driver->termios_locked[i];
4049 if (tp) {
4050 driver->termios_locked[i] = NULL;
4051 kfree(tp);
4052 }
331b8319 4053 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
1da177e4
LT		 4054 tty_unregister_device(driver, i);
4055 }
4056 p = driver->ttys;
4057 proc_tty_unregister_driver(driver);
4058 driver->ttys = NULL;
4059 driver->termios = driver->termios_locked = NULL;
4060 kfree(p);
4061 cdev_del(&driver->cdev);
4062 return 0;
4063}
1da177e4
LT		 4064EXPORT_SYMBOL(tty_unregister_driver);
4065
24ec839c
PZ		 4066dev_t tty_devnum(struct tty_struct *tty)
4067{
4068 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
4069}
4070EXPORT_SYMBOL(tty_devnum);
4071
4072void proc_clear_tty(struct task_struct *p)
4073{
4074 spin_lock_irq(&p->sighand->siglock);
4075 p->signal->tty = NULL;
4076 spin_unlock_irq(&p->sighand->siglock);
4077}
7cac4ce5 4078EXPORT_SYMBOL(proc_clear_tty);
24ec839c 4079
2a65f1d9 4080static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
24ec839c
PZ		 4081{
4082 if (tty) {
d9c1e9a8
EB		 4083 /* We should not have a session or pgrp to here but.... */
4084 put_pid(tty->session);
4085 put_pid(tty->pgrp);
ab521dc0
EB		 4086 tty->session = get_pid(task_session(tsk));
4087 tty->pgrp = get_pid(task_pgrp(tsk));
24ec839c 4088 }
2a65f1d9 4089 put_pid(tsk->signal->tty_old_pgrp);
24ec839c 4090 tsk->signal->tty = tty;
ab521dc0 4091 tsk->signal->tty_old_pgrp = NULL;
24ec839c
PZ		 4092}
4093
98a27ba4 4094static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
24ec839c
PZ		 4095{
4096 spin_lock_irq(&tsk->sighand->siglock);
2a65f1d9 4097 __proc_set_tty(tsk, tty);
24ec839c
PZ		 4098 spin_unlock_irq(&tsk->sighand->siglock);
4099}
4100
4101struct tty_struct *get_current_tty(void)
4102{
4103 struct tty_struct *tty;
4104 WARN_ON_ONCE(!mutex_is_locked(&tty_mutex));
4105 tty = current->signal->tty;
4106 /*
4107 * session->tty can be changed/cleared from under us, make sure we
4108 * issue the load. The obtained pointer, when not NULL, is valid as
4109 * long as we hold tty_mutex.
4110 */
4111 barrier();
4112 return tty;
4113}
a311f743 4114EXPORT_SYMBOL_GPL(get_current_tty);
1da177e4
LT		 4115
4116/*
4117 * Initialize the console device. This is called *early*, so
4118 * we can't necessarily depend on lots of kernel help here.
4119 * Just do some early initializations, and do the complex setup
4120 * later.
4121 */
4122void __init console_init(void)
4123{
4124 initcall_t *call;
4125
4126 /* Setup the default TTY line discipline. */
4127 (void) tty_register_ldisc(N_TTY, &tty_ldisc_N_TTY);
4128
4129 /*
37bdfb07 4130 * set up the console device so that later boot sequences can
1da177e4
LT		 4131 * inform about problems etc..
4132 */
1da177e4
LT		 4133 call = __con_initcall_start;
4134 while (call < __con_initcall_end) {
4135 (*call)();
4136 call++;
4137 }
4138}
4139
1da177e4
LT		 4140static int __init tty_class_init(void)
4141{
7fe845d1 4142 tty_class = class_create(THIS_MODULE, "tty");
1da177e4
LT		 4143 if (IS_ERR(tty_class))
4144 return PTR_ERR(tty_class);
4145 return 0;
4146}
4147
4148postcore_initcall(tty_class_init);
4149
4150/* 3/2004 jmc: why do these devices exist? */
4151
4152static struct cdev tty_cdev, console_cdev;
4153#ifdef CONFIG_UNIX98_PTYS
4154static struct cdev ptmx_cdev;
4155#endif
4156#ifdef CONFIG_VT
4157static struct cdev vc0_cdev;
4158#endif
4159
4160/*
4161 * Ok, now we can initialize the rest of the tty devices and can count
4162 * on memory allocations, interrupts etc..
4163 */
4164static int __init tty_init(void)
4165{
4166 cdev_init(&tty_cdev, &tty_fops);
4167 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
4168 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
4169 panic("Couldn't register /dev/tty driver\n");
01107d34 4170 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), "tty");
1da177e4
LT		 4171
4172 cdev_init(&console_cdev, &console_fops);
4173 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
4174 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
4175 panic("Couldn't register /dev/console driver\n");
01107d34 4176 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), "console");
1da177e4
LT		 4177
4178#ifdef CONFIG_UNIX98_PTYS
4179 cdev_init(&ptmx_cdev, &ptmx_fops);
4180 if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) ||
4181 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 2), 1, "/dev/ptmx") < 0)
4182 panic("Couldn't register /dev/ptmx driver\n");
01107d34 4183 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 2), "ptmx");
1da177e4
LT		 4184#endif
4185
4186#ifdef CONFIG_VT
4187 cdev_init(&vc0_cdev, &console_fops);
4188 if (cdev_add(&vc0_cdev, MKDEV(TTY_MAJOR, 0), 1) ||
4189 register_chrdev_region(MKDEV(TTY_MAJOR, 0), 1, "/dev/vc/0") < 0)
4190 panic("Couldn't register /dev/tty0 driver\n");
01107d34 4191 device_create(tty_class, NULL, MKDEV(TTY_MAJOR, 0), "tty0");
1da177e4
LT		 4192
4193 vty_init();
4194#endif
4195 return 0;
4196}
4197module_init(tty_init);
Linux 6.x block layer and io_uring tree(s)