projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
[PATCH] docbook: fix segfault in docproc.c
[linux-2.6-block.git] / drivers / char / tty_io.c
CommitLineData
1da177e4
LT		 1/*
2 * linux/drivers/char/tty_io.c
3 *
4 * Copyright (C) 1991, 1992 Linus Torvalds
5 */
6
7/*
8 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
9 * or rs-channels. It also implements echoing, cooked mode etc.
10 *
11 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
12 *
13 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
14 * tty_struct and tty_queue structures. Previously there was an array
15 * of 256 tty_struct's which was statically allocated, and the
16 * tty_queue structures were allocated at boot time. Both are now
17 * dynamically allocated only when the tty is open.
18 *
19 * Also restructured routines so that there is more of a separation
20 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
21 * the low-level tty routines (serial.c, pty.c, console.c). This
22 * makes for cleaner and more compact code. -TYT, 9/17/92
23 *
24 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
25 * which can be dynamically activated and de-activated by the line
26 * discipline handling modules (like SLIP).
27 *
28 * NOTE: pay no attention to the line discipline code (yet); its
29 * interface is still subject to change in this version...
30 * -- TYT, 1/31/92
31 *
32 * Added functionality to the OPOST tty handling. No delays, but all
33 * other bits should be there.
34 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
35 *
36 * Rewrote canonical mode and added more termios flags.
37 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
38 *
39 * Reorganized FASYNC support so mouse code can share it.
40 * -- ctm@ardi.com, 9Sep95
41 *
42 * New TIOCLINUX variants added.
43 * -- mj@k332.feld.cvut.cz, 19-Nov-95
44 *
45 * Restrict vt switching via ioctl()
46 * -- grif@cs.ucr.edu, 5-Dec-95
47 *
48 * Move console and virtual terminal code to more appropriate files,
49 * implement CONFIG_VT and generalize console device interface.
50 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
51 *
52 * Rewrote init_dev and release_dev to eliminate races.
53 * -- Bill Hawes <whawes@star.net>, June 97
54 *
55 * Added devfs support.
56 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
57 *
58 * Added support for a Unix98-style ptmx device.
59 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
60 *
61 * Reduced memory usage for older ARM systems
62 * -- Russell King <rmk@arm.linux.org.uk>
63 *
64 * Move do_SAK() into process context. Less stack use in devfs functions.
65 * alloc_tty_struct() always uses kmalloc() -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
66 */
67
1da177e4
LT		 68#include <linux/types.h>
69#include <linux/major.h>
70#include <linux/errno.h>
71#include <linux/signal.h>
72#include <linux/fcntl.h>
73#include <linux/sched.h>
74#include <linux/interrupt.h>
75#include <linux/tty.h>
76#include <linux/tty_driver.h>
77#include <linux/tty_flip.h>
78#include <linux/devpts_fs.h>
79#include <linux/file.h>
80#include <linux/console.h>
81#include <linux/timer.h>
82#include <linux/ctype.h>
83#include <linux/kd.h>
84#include <linux/mm.h>
85#include <linux/string.h>
86#include <linux/slab.h>
87#include <linux/poll.h>
88#include <linux/proc_fs.h>
89#include <linux/init.h>
90#include <linux/module.h>
91#include <linux/smp_lock.h>
92#include <linux/device.h>
93#include <linux/idr.h>
94#include <linux/wait.h>
95#include <linux/bitops.h>
b20f3ae5 96#include <linux/delay.h>
1da177e4
LT		 97
98#include <asm/uaccess.h>
99#include <asm/system.h>
100
101#include <linux/kbd_kern.h>
102#include <linux/vt_kern.h>
103#include <linux/selection.h>
1da177e4
LT		 104
105#include <linux/kmod.h>
106
107#undef TTY_DEBUG_HANGUP
108
109#define TTY_PARANOIA_CHECK 1
110#define CHECK_TTY_COUNT 1
111
112struct termios tty_std_termios = { /* for the benefit of tty drivers */
113 .c_iflag = ICRNL | IXON,
114 .c_oflag = OPOST | ONLCR,
115 .c_cflag = B38400 | CS8 | CREAD | HUPCL,
116 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
117 ECHOCTL | ECHOKE | IEXTEN,
118 .c_cc = INIT_C_CC
119};
120
121EXPORT_SYMBOL(tty_std_termios);
122
123/* This list gets poked at by procfs and various bits of boot up code. This
124 could do with some rationalisation such as pulling the tty proc function
125 into this file */
126
127LIST_HEAD(tty_drivers); /* linked list of tty drivers */
128
129/* Semaphore to protect creating and releasing a tty. This is shared with
130 vt.c for deeply disgusting hack reasons */
70522e12 131DEFINE_MUTEX(tty_mutex);
1da177e4
LT		 132
133#ifdef CONFIG_UNIX98_PTYS
134extern struct tty_driver *ptm_driver; /* Unix98 pty masters; for /dev/ptmx */
135extern int pty_limit; /* Config limit on Unix98 ptys */
136static DEFINE_IDR(allocated_ptys);
137static DECLARE_MUTEX(allocated_ptys_lock);
138static int ptmx_open(struct inode *, struct file *);
139#endif
140
141extern void disable_early_printk(void);
142
143static void initialize_tty_struct(struct tty_struct *tty);
144
145static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
146static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
147ssize_t redirected_tty_write(struct file *, const char __user *, size_t, loff_t *);
148static unsigned int tty_poll(struct file *, poll_table *);
149static int tty_open(struct inode *, struct file *);
150static int tty_release(struct inode *, struct file *);
151int tty_ioctl(struct inode * inode, struct file * file,
152 unsigned int cmd, unsigned long arg);
153static int tty_fasync(int fd, struct file * filp, int on);
1da177e4
LT		 154static void release_mem(struct tty_struct *tty, int idx);
155
af9b897e
AC		 156/**
157 * alloc_tty_struct - allocate a tty object
158 *
159 * Return a new empty tty structure. The data fields have not
160 * been initialized in any way but has been zeroed
161 *
162 * Locking: none
af9b897e 163 */
1da177e4
LT		 164
165static struct tty_struct *alloc_tty_struct(void)
166{
1266b1e1 167 return kzalloc(sizeof(struct tty_struct), GFP_KERNEL);
1da177e4
LT		 168}
169
33f0f88f
AC		 170static void tty_buffer_free_all(struct tty_struct *);
171
af9b897e
AC		 172/**
173 * free_tty_struct - free a disused tty
174 * @tty: tty struct to free
175 *
176 * Free the write buffers, tty queue and tty memory itself.
177 *
178 * Locking: none. Must be called after tty is definitely unused
179 */
180
1da177e4
LT		 181static inline void free_tty_struct(struct tty_struct *tty)
182{
183 kfree(tty->write_buf);
33f0f88f 184 tty_buffer_free_all(tty);
1da177e4
LT		 185 kfree(tty);
186}
187
188#define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
189
af9b897e
AC		 190/**
191 * tty_name - return tty naming
192 * @tty: tty structure
193 * @buf: buffer for output
194 *
195 * Convert a tty structure into a name. The name reflects the kernel
196 * naming policy and if udev is in use may not reflect user space
197 *
198 * Locking: none
199 */
200
1da177e4
LT		 201char *tty_name(struct tty_struct *tty, char *buf)
202{
203 if (!tty) /* Hmm. NULL pointer. That's fun. */
204 strcpy(buf, "NULL tty");
205 else
206 strcpy(buf, tty->name);
207 return buf;
208}
209
210EXPORT_SYMBOL(tty_name);
211
d769a669 212int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
1da177e4
LT		 213 const char *routine)
214{
215#ifdef TTY_PARANOIA_CHECK
216 if (!tty) {
217 printk(KERN_WARNING
218 "null TTY for (%d:%d) in %s\n",
219 imajor(inode), iminor(inode), routine);
220 return 1;
221 }
222 if (tty->magic != TTY_MAGIC) {
223 printk(KERN_WARNING
224 "bad magic number for tty struct (%d:%d) in %s\n",
225 imajor(inode), iminor(inode), routine);
226 return 1;
227 }
228#endif
229 return 0;
230}
231
232static int check_tty_count(struct tty_struct *tty, const char *routine)
233{
234#ifdef CHECK_TTY_COUNT
235 struct list_head *p;
236 int count = 0;
237
238 file_list_lock();
239 list_for_each(p, &tty->tty_files) {
240 count++;
241 }
242 file_list_unlock();
243 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
244 tty->driver->subtype == PTY_TYPE_SLAVE &&
245 tty->link && tty->link->count)
246 count++;
247 if (tty->count != count) {
248 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
249 "!= #fd's(%d) in %s\n",
250 tty->name, tty->count, count, routine);
251 return count;
252 }
253#endif
254 return 0;
255}
256
33f0f88f
AC		 257/*
258 * Tty buffer allocation management
259 */
260
af9b897e 261
01da5fd8
AC		 262/**
263 * tty_buffer_free_all - free buffers used by a tty
264 * @tty: tty to free from
265 *
266 * Remove all the buffers pending on a tty whether queued with data
267 * or in the free ring. Must be called when the tty is no longer in use
268 *
269 * Locking: none
270 */
271
272
af9b897e
AC		 273/**
274 * tty_buffer_free_all - free buffers used by a tty
275 * @tty: tty to free from
276 *
277 * Remove all the buffers pending on a tty whether queued with data
278 * or in the free ring. Must be called when the tty is no longer in use
279 *
280 * Locking: none
281 */
282
33f0f88f
AC		 283static void tty_buffer_free_all(struct tty_struct *tty)
284{
285 struct tty_buffer *thead;
286 while((thead = tty->buf.head) != NULL) {
287 tty->buf.head = thead->next;
288 kfree(thead);
289 }
290 while((thead = tty->buf.free) != NULL) {
291 tty->buf.free = thead->next;
292 kfree(thead);
293 }
294 tty->buf.tail = NULL;
01da5fd8 295 tty->buf.memory_used = 0;
33f0f88f
AC		 296}
297
01da5fd8
AC		 298/**
299 * tty_buffer_init - prepare a tty buffer structure
300 * @tty: tty to initialise
301 *
302 * Set up the initial state of the buffer management for a tty device.
303 * Must be called before the other tty buffer functions are used.
304 *
305 * Locking: none
306 */
307
33f0f88f
AC		 308static void tty_buffer_init(struct tty_struct *tty)
309{
808249ce 310 spin_lock_init(&tty->buf.lock);
33f0f88f
AC		 311 tty->buf.head = NULL;
312 tty->buf.tail = NULL;
313 tty->buf.free = NULL;
01da5fd8 314 tty->buf.memory_used = 0;
33f0f88f
AC		 315}
316
01da5fd8
AC		 317/**
318 * tty_buffer_alloc - allocate a tty buffer
319 * @tty: tty device
320 * @size: desired size (characters)
321 *
322 * Allocate a new tty buffer to hold the desired number of characters.
323 * Return NULL if out of memory or the allocation would exceed the
324 * per device queue
325 *
326 * Locking: Caller must hold tty->buf.lock
327 */
328
329static struct tty_buffer *tty_buffer_alloc(struct tty_struct *tty, size_t size)
33f0f88f 330{
01da5fd8
AC		 331 struct tty_buffer *p;
332
333 if (tty->buf.memory_used + size > 65536)
334 return NULL;
335 p = kmalloc(sizeof(struct tty_buffer) + 2 * size, GFP_ATOMIC);
33f0f88f
AC		 336 if(p == NULL)
337 return NULL;
338 p->used = 0;
339 p->size = size;
340 p->next = NULL;
8977d929
PF		 341 p->commit = 0;
342 p->read = 0;
33f0f88f
AC		 343 p->char_buf_ptr = (char *)(p->data);
344 p->flag_buf_ptr = (unsigned char *)p->char_buf_ptr + size;
01da5fd8 345 tty->buf.memory_used += size;
33f0f88f
AC		 346 return p;
347}
348
01da5fd8
AC		 349/**
350 * tty_buffer_free - free a tty buffer
351 * @tty: tty owning the buffer
352 * @b: the buffer to free
353 *
354 * Free a tty buffer, or add it to the free list according to our
355 * internal strategy
356 *
357 * Locking: Caller must hold tty->buf.lock
358 */
33f0f88f
AC		 359
360static void tty_buffer_free(struct tty_struct *tty, struct tty_buffer *b)
361{
362 /* Dumb strategy for now - should keep some stats */
01da5fd8
AC		 363 tty->buf.memory_used -= b->size;
364 WARN_ON(tty->buf.memory_used < 0);
365
33f0f88f
AC		 366 if(b->size >= 512)
367 kfree(b);
368 else {
369 b->next = tty->buf.free;
370 tty->buf.free = b;
371 }
372}
373
01da5fd8
AC		 374/**
375 * tty_buffer_find - find a free tty buffer
376 * @tty: tty owning the buffer
377 * @size: characters wanted
378 *
379 * Locate an existing suitable tty buffer or if we are lacking one then
380 * allocate a new one. We round our buffers off in 256 character chunks
381 * to get better allocation behaviour.
382 *
383 * Locking: Caller must hold tty->buf.lock
384 */
385
33f0f88f
AC		 386static struct tty_buffer *tty_buffer_find(struct tty_struct *tty, size_t size)
387{
388 struct tty_buffer **tbh = &tty->buf.free;
389 while((*tbh) != NULL) {
390 struct tty_buffer *t = *tbh;
391 if(t->size >= size) {
392 *tbh = t->next;
393 t->next = NULL;
394 t->used = 0;
8977d929
PF		 395 t->commit = 0;
396 t->read = 0;
01da5fd8 397 tty->buf.memory_used += t->size;
33f0f88f
AC		 398 return t;
399 }
400 tbh = &((*tbh)->next);
401 }
402 /* Round the buffer size out */
403 size = (size + 0xFF) & ~ 0xFF;
01da5fd8 404 return tty_buffer_alloc(tty, size);
33f0f88f
AC		 405 /* Should possibly check if this fails for the largest buffer we
406 have queued and recycle that ? */
407}
408
01da5fd8
AC		 409/**
410 * tty_buffer_request_room - grow tty buffer if needed
411 * @tty: tty structure
412 * @size: size desired
413 *
414 * Make at least size bytes of linear space available for the tty
415 * buffer. If we fail return the size we managed to find.
416 *
417 * Locking: Takes tty->buf.lock
418 */
33f0f88f
AC		 419int tty_buffer_request_room(struct tty_struct *tty, size_t size)
420{
808249ce
PF		 421 struct tty_buffer *b, *n;
422 int left;
423 unsigned long flags;
424
425 spin_lock_irqsave(&tty->buf.lock, flags);
33f0f88f
AC		 426
427 /* OPTIMISATION: We could keep a per tty "zero" sized buffer to
428 remove this conditional if its worth it. This would be invisible
429 to the callers */
33b37a33 430 if ((b = tty->buf.tail) != NULL)
33f0f88f 431 left = b->size - b->used;
33b37a33 432 else
808249ce
PF		 433 left = 0;
434
435 if (left < size) {
436 /* This is the slow path - looking for new buffers to use */
437 if ((n = tty_buffer_find(tty, size)) != NULL) {
438 if (b != NULL) {
439 b->next = n;
8977d929 440 b->commit = b->used;
808249ce
PF		 441 } else
442 tty->buf.head = n;
443 tty->buf.tail = n;
808249ce
PF		 444 } else
445 size = left;
446 }
447
448 spin_unlock_irqrestore(&tty->buf.lock, flags);
33f0f88f
AC		 449 return size;
450}
33f0f88f
AC		 451EXPORT_SYMBOL_GPL(tty_buffer_request_room);
452
af9b897e
AC		 453/**
454 * tty_insert_flip_string - Add characters to the tty buffer
455 * @tty: tty structure
456 * @chars: characters
457 * @size: size
458 *
459 * Queue a series of bytes to the tty buffering. All the characters
460 * passed are marked as without error. Returns the number added.
461 *
462 * Locking: Called functions may take tty->buf.lock
463 */
464
e1a25090
AM		 465int tty_insert_flip_string(struct tty_struct *tty, const unsigned char *chars,
466 size_t size)
33f0f88f
AC		 467{
468 int copied = 0;
469 do {
470 int space = tty_buffer_request_room(tty, size - copied);
471 struct tty_buffer *tb = tty->buf.tail;
472 /* If there is no space then tb may be NULL */
473 if(unlikely(space == 0))
474 break;
475 memcpy(tb->char_buf_ptr + tb->used, chars, space);
476 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
477 tb->used += space;
478 copied += space;
479 chars += space;
527063ba
AD		 480 /* There is a small chance that we need to split the data over
481 several buffers. If this is the case we must loop */
482 } while (unlikely(size > copied));
33f0f88f
AC		 483 return copied;
484}
ee37df78 485EXPORT_SYMBOL(tty_insert_flip_string);
33f0f88f 486
af9b897e
AC		 487/**
488 * tty_insert_flip_string_flags - Add characters to the tty buffer
489 * @tty: tty structure
490 * @chars: characters
491 * @flags: flag bytes
492 * @size: size
493 *
494 * Queue a series of bytes to the tty buffering. For each character
495 * the flags array indicates the status of the character. Returns the
496 * number added.
497 *
498 * Locking: Called functions may take tty->buf.lock
499 */
500
e1a25090
AM		 501int tty_insert_flip_string_flags(struct tty_struct *tty,
502 const unsigned char *chars, const char *flags, size_t size)
33f0f88f
AC		 503{
504 int copied = 0;
505 do {
506 int space = tty_buffer_request_room(tty, size - copied);
507 struct tty_buffer *tb = tty->buf.tail;
508 /* If there is no space then tb may be NULL */
509 if(unlikely(space == 0))
510 break;
511 memcpy(tb->char_buf_ptr + tb->used, chars, space);
512 memcpy(tb->flag_buf_ptr + tb->used, flags, space);
513 tb->used += space;
514 copied += space;
515 chars += space;
516 flags += space;
527063ba
AD		 517 /* There is a small chance that we need to split the data over
518 several buffers. If this is the case we must loop */
519 } while (unlikely(size > copied));
33f0f88f
AC		 520 return copied;
521}
ff4547f4 522EXPORT_SYMBOL(tty_insert_flip_string_flags);
33f0f88f 523
af9b897e
AC		 524/**
525 * tty_schedule_flip - push characters to ldisc
526 * @tty: tty to push from
527 *
528 * Takes any pending buffers and transfers their ownership to the
529 * ldisc side of the queue. It then schedules those characters for
530 * processing by the line discipline.
531 *
532 * Locking: Takes tty->buf.lock
533 */
534
e1a25090
AM		 535void tty_schedule_flip(struct tty_struct *tty)
536{
537 unsigned long flags;
538 spin_lock_irqsave(&tty->buf.lock, flags);
33b37a33 539 if (tty->buf.tail != NULL)
e1a25090 540 tty->buf.tail->commit = tty->buf.tail->used;
e1a25090
AM		 541 spin_unlock_irqrestore(&tty->buf.lock, flags);
542 schedule_delayed_work(&tty->buf.work, 1);
543}
544EXPORT_SYMBOL(tty_schedule_flip);
33f0f88f 545
af9b897e
AC		 546/**
547 * tty_prepare_flip_string - make room for characters
548 * @tty: tty
549 * @chars: return pointer for character write area
550 * @size: desired size
551 *
33f0f88f
AC		 552 * Prepare a block of space in the buffer for data. Returns the length
553 * available and buffer pointer to the space which is now allocated and
554 * accounted for as ready for normal characters. This is used for drivers
555 * that need their own block copy routines into the buffer. There is no
556 * guarantee the buffer is a DMA target!
af9b897e
AC		 557 *
558 * Locking: May call functions taking tty->buf.lock
33f0f88f
AC		 559 */
560
561int tty_prepare_flip_string(struct tty_struct *tty, unsigned char **chars, size_t size)
562{
563 int space = tty_buffer_request_room(tty, size);
808249ce
PF		 564 if (likely(space)) {
565 struct tty_buffer *tb = tty->buf.tail;
566 *chars = tb->char_buf_ptr + tb->used;
567 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
568 tb->used += space;
569 }
33f0f88f
AC		 570 return space;
571}
572
573EXPORT_SYMBOL_GPL(tty_prepare_flip_string);
574
af9b897e
AC		 575/**
576 * tty_prepare_flip_string_flags - make room for characters
577 * @tty: tty
578 * @chars: return pointer for character write area
579 * @flags: return pointer for status flag write area
580 * @size: desired size
581 *
33f0f88f
AC		 582 * Prepare a block of space in the buffer for data. Returns the length
583 * available and buffer pointer to the space which is now allocated and
584 * accounted for as ready for characters. This is used for drivers
585 * that need their own block copy routines into the buffer. There is no
586 * guarantee the buffer is a DMA target!
af9b897e
AC		 587 *
588 * Locking: May call functions taking tty->buf.lock
33f0f88f
AC		 589 */
590
591int tty_prepare_flip_string_flags(struct tty_struct *tty, unsigned char **chars, char **flags, size_t size)
592{
593 int space = tty_buffer_request_room(tty, size);
808249ce
PF		 594 if (likely(space)) {
595 struct tty_buffer *tb = tty->buf.tail;
596 *chars = tb->char_buf_ptr + tb->used;
597 *flags = tb->flag_buf_ptr + tb->used;
598 tb->used += space;
599 }
33f0f88f
AC		 600 return space;
601}
602
603EXPORT_SYMBOL_GPL(tty_prepare_flip_string_flags);
604
605
606
af9b897e
AC		 607/**
608 * tty_set_termios_ldisc - set ldisc field
609 * @tty: tty structure
610 * @num: line discipline number
611 *
1da177e4
LT		 612 * This is probably overkill for real world processors but
613 * they are not on hot paths so a little discipline won't do
614 * any harm.
af9b897e
AC		 615 *
616 * Locking: takes termios_sem
1da177e4
LT		 617 */
618
619static void tty_set_termios_ldisc(struct tty_struct *tty, int num)
620{
5785c95b 621 mutex_lock(&tty->termios_mutex);
1da177e4 622 tty->termios->c_line = num;
5785c95b 623 mutex_unlock(&tty->termios_mutex);
1da177e4
LT		 624}
625
626/*
627 * This guards the refcounted line discipline lists. The lock
628 * must be taken with irqs off because there are hangup path
629 * callers who will do ldisc lookups and cannot sleep.
630 */
631
632static DEFINE_SPINLOCK(tty_ldisc_lock);
633static DECLARE_WAIT_QUEUE_HEAD(tty_ldisc_wait);
bfb07599 634static struct tty_ldisc tty_ldiscs[NR_LDISCS]; /* line disc dispatch table */
1da177e4 635
af9b897e
AC		 636/**
637 * tty_register_ldisc - install a line discipline
638 * @disc: ldisc number
639 * @new_ldisc: pointer to the ldisc object
640 *
641 * Installs a new line discipline into the kernel. The discipline
642 * is set up as unreferenced and then made available to the kernel
643 * from this point onwards.
644 *
645 * Locking:
646 * takes tty_ldisc_lock to guard against ldisc races
647 */
648
1da177e4
LT		 649int tty_register_ldisc(int disc, struct tty_ldisc *new_ldisc)
650{
651 unsigned long flags;
652 int ret = 0;
653
654 if (disc < N_TTY || disc >= NR_LDISCS)
655 return -EINVAL;
656
657 spin_lock_irqsave(&tty_ldisc_lock, flags);
bfb07599
AD		 658 tty_ldiscs[disc] = *new_ldisc;
659 tty_ldiscs[disc].num = disc;
660 tty_ldiscs[disc].flags |= LDISC_FLAG_DEFINED;
661 tty_ldiscs[disc].refcount = 0;
1da177e4
LT		 662 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
663
664 return ret;
665}
1da177e4
LT		 666EXPORT_SYMBOL(tty_register_ldisc);
667
af9b897e
AC		 668/**
669 * tty_unregister_ldisc - unload a line discipline
670 * @disc: ldisc number
671 * @new_ldisc: pointer to the ldisc object
672 *
673 * Remove a line discipline from the kernel providing it is not
674 * currently in use.
675 *
676 * Locking:
677 * takes tty_ldisc_lock to guard against ldisc races
678 */
679
bfb07599
AD		 680int tty_unregister_ldisc(int disc)
681{
682 unsigned long flags;
683 int ret = 0;
684
685 if (disc < N_TTY || disc >= NR_LDISCS)
686 return -EINVAL;
687
688 spin_lock_irqsave(&tty_ldisc_lock, flags);
689 if (tty_ldiscs[disc].refcount)
690 ret = -EBUSY;
691 else
692 tty_ldiscs[disc].flags &= ~LDISC_FLAG_DEFINED;
693 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
694
695 return ret;
696}
697EXPORT_SYMBOL(tty_unregister_ldisc);
698
af9b897e
AC		 699/**
700 * tty_ldisc_get - take a reference to an ldisc
701 * @disc: ldisc number
702 *
703 * Takes a reference to a line discipline. Deals with refcounts and
704 * module locking counts. Returns NULL if the discipline is not available.
705 * Returns a pointer to the discipline and bumps the ref count if it is
706 * available
707 *
708 * Locking:
709 * takes tty_ldisc_lock to guard against ldisc races
710 */
711
1da177e4
LT		 712struct tty_ldisc *tty_ldisc_get(int disc)
713{
714 unsigned long flags;
715 struct tty_ldisc *ld;
716
717 if (disc < N_TTY || disc >= NR_LDISCS)
718 return NULL;
719
720 spin_lock_irqsave(&tty_ldisc_lock, flags);
721
722 ld = &tty_ldiscs[disc];
723 /* Check the entry is defined */
724 if(ld->flags & LDISC_FLAG_DEFINED)
725 {
726 /* If the module is being unloaded we can't use it */
727 if (!try_module_get(ld->owner))
728 ld = NULL;
729 else /* lock it */
730 ld->refcount++;
731 }
732 else
733 ld = NULL;
734 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
735 return ld;
736}
737
738EXPORT_SYMBOL_GPL(tty_ldisc_get);
739
af9b897e
AC		 740/**
741 * tty_ldisc_put - drop ldisc reference
742 * @disc: ldisc number
743 *
744 * Drop a reference to a line discipline. Manage refcounts and
745 * module usage counts
746 *
747 * Locking:
748 * takes tty_ldisc_lock to guard against ldisc races
749 */
750
1da177e4
LT		 751void tty_ldisc_put(int disc)
752{
753 struct tty_ldisc *ld;
754 unsigned long flags;
755
56ee4827 756 BUG_ON(disc < N_TTY || disc >= NR_LDISCS);
1da177e4
LT		 757
758 spin_lock_irqsave(&tty_ldisc_lock, flags);
759 ld = &tty_ldiscs[disc];
56ee4827
ES		 760 BUG_ON(ld->refcount == 0);
761 ld->refcount--;
1da177e4
LT		 762 module_put(ld->owner);
763 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
764}
765
766EXPORT_SYMBOL_GPL(tty_ldisc_put);
767
af9b897e
AC		 768/**
769 * tty_ldisc_assign - set ldisc on a tty
770 * @tty: tty to assign
771 * @ld: line discipline
772 *
773 * Install an instance of a line discipline into a tty structure. The
774 * ldisc must have a reference count above zero to ensure it remains/
775 * The tty instance refcount starts at zero.
776 *
777 * Locking:
778 * Caller must hold references
779 */
780
1da177e4
LT		 781static void tty_ldisc_assign(struct tty_struct *tty, struct tty_ldisc *ld)
782{
783 tty->ldisc = *ld;
784 tty->ldisc.refcount = 0;
785}
786
787/**
788 * tty_ldisc_try - internal helper
789 * @tty: the tty
790 *
791 * Make a single attempt to grab and bump the refcount on
792 * the tty ldisc. Return 0 on failure or 1 on success. This is
793 * used to implement both the waiting and non waiting versions
794 * of tty_ldisc_ref
af9b897e
AC		 795 *
796 * Locking: takes tty_ldisc_lock
1da177e4
LT		 797 */
798
799static int tty_ldisc_try(struct tty_struct *tty)
800{
801 unsigned long flags;
802 struct tty_ldisc *ld;
803 int ret = 0;
804
805 spin_lock_irqsave(&tty_ldisc_lock, flags);
806 ld = &tty->ldisc;
807 if(test_bit(TTY_LDISC, &tty->flags))
808 {
809 ld->refcount++;
810 ret = 1;
811 }
812 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
813 return ret;
814}
815
816/**
817 * tty_ldisc_ref_wait - wait for the tty ldisc
818 * @tty: tty device
819 *
820 * Dereference the line discipline for the terminal and take a
821 * reference to it. If the line discipline is in flux then
822 * wait patiently until it changes.
823 *
824 * Note: Must not be called from an IRQ/timer context. The caller
825 * must also be careful not to hold other locks that will deadlock
826 * against a discipline change, such as an existing ldisc reference
827 * (which we check for)
af9b897e
AC		 828 *
829 * Locking: call functions take tty_ldisc_lock
1da177e4
LT		 830 */
831
832struct tty_ldisc *tty_ldisc_ref_wait(struct tty_struct *tty)
833{
834 /* wait_event is a macro */
835 wait_event(tty_ldisc_wait, tty_ldisc_try(tty));
836 if(tty->ldisc.refcount == 0)
837 printk(KERN_ERR "tty_ldisc_ref_wait\n");
838 return &tty->ldisc;
839}
840
841EXPORT_SYMBOL_GPL(tty_ldisc_ref_wait);
842
843/**
844 * tty_ldisc_ref - get the tty ldisc
845 * @tty: tty device
846 *
847 * Dereference the line discipline for the terminal and take a
848 * reference to it. If the line discipline is in flux then
849 * return NULL. Can be called from IRQ and timer functions.
af9b897e
AC		 850 *
851 * Locking: called functions take tty_ldisc_lock
1da177e4
LT		 852 */
853
854struct tty_ldisc *tty_ldisc_ref(struct tty_struct *tty)
855{
856 if(tty_ldisc_try(tty))
857 return &tty->ldisc;
858 return NULL;
859}
860
861EXPORT_SYMBOL_GPL(tty_ldisc_ref);
862
863/**
864 * tty_ldisc_deref - free a tty ldisc reference
865 * @ld: reference to free up
866 *
867 * Undoes the effect of tty_ldisc_ref or tty_ldisc_ref_wait. May
868 * be called in IRQ context.
af9b897e
AC		 869 *
870 * Locking: takes tty_ldisc_lock
1da177e4
LT		 871 */
872
873void tty_ldisc_deref(struct tty_ldisc *ld)
874{
875 unsigned long flags;
876
56ee4827 877 BUG_ON(ld == NULL);
1da177e4
LT		 878
879 spin_lock_irqsave(&tty_ldisc_lock, flags);
880 if(ld->refcount == 0)
881 printk(KERN_ERR "tty_ldisc_deref: no references.\n");
882 else
883 ld->refcount--;
884 if(ld->refcount == 0)
885 wake_up(&tty_ldisc_wait);
886 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
887}
888
889EXPORT_SYMBOL_GPL(tty_ldisc_deref);
890
891/**
892 * tty_ldisc_enable - allow ldisc use
893 * @tty: terminal to activate ldisc on
894 *
895 * Set the TTY_LDISC flag when the line discipline can be called
896 * again. Do neccessary wakeups for existing sleepers.
897 *
898 * Note: nobody should set this bit except via this function. Clearing
899 * directly is allowed.
900 */
901
902static void tty_ldisc_enable(struct tty_struct *tty)
903{
904 set_bit(TTY_LDISC, &tty->flags);
905 wake_up(&tty_ldisc_wait);
906}
907
908/**
909 * tty_set_ldisc - set line discipline
910 * @tty: the terminal to set
911 * @ldisc: the line discipline
912 *
913 * Set the discipline of a tty line. Must be called from a process
914 * context.
af9b897e
AC		 915 *
916 * Locking: takes tty_ldisc_lock.
917 * called functions take termios_sem
1da177e4
LT		 918 */
919
920static int tty_set_ldisc(struct tty_struct *tty, int ldisc)
921{
ff55fe20
JB		 922 int retval = 0;
923 struct tty_ldisc o_ldisc;
1da177e4
LT		 924 char buf[64];
925 int work;
926 unsigned long flags;
927 struct tty_ldisc *ld;
ff55fe20 928 struct tty_struct *o_tty;
1da177e4
LT		 929
930 if ((ldisc < N_TTY) || (ldisc >= NR_LDISCS))
931 return -EINVAL;
932
933restart:
934
1da177e4
LT		 935 ld = tty_ldisc_get(ldisc);
936 /* Eduardo Blanco <ejbs@cs.cs.com.uy> */
937 /* Cyrus Durgin <cider@speakeasy.org> */
938 if (ld == NULL) {
939 request_module("tty-ldisc-%d", ldisc);
940 ld = tty_ldisc_get(ldisc);
941 }
942 if (ld == NULL)
943 return -EINVAL;
944
33f0f88f
AC		 945 /*
946 * No more input please, we are switching. The new ldisc
947 * will update this value in the ldisc open function
948 */
949
950 tty->receive_room = 0;
951
952 /*
953 * Problem: What do we do if this blocks ?
954 */
955
1da177e4
LT		 956 tty_wait_until_sent(tty, 0);
957
ff55fe20
JB		 958 if (tty->ldisc.num == ldisc) {
959 tty_ldisc_put(ldisc);
960 return 0;
961 }
962
963 o_ldisc = tty->ldisc;
964 o_tty = tty->link;
965
1da177e4
LT		 966 /*
967 * Make sure we don't change while someone holds a
968 * reference to the line discipline. The TTY_LDISC bit
969 * prevents anyone taking a reference once it is clear.
970 * We need the lock to avoid racing reference takers.
971 */
ff55fe20 972
1da177e4 973 spin_lock_irqsave(&tty_ldisc_lock, flags);
ff55fe20
JB		 974 if (tty->ldisc.refcount || (o_tty && o_tty->ldisc.refcount)) {
975 if(tty->ldisc.refcount) {
976 /* Free the new ldisc we grabbed. Must drop the lock
977 first. */
978 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
979 tty_ldisc_put(ldisc);
980 /*
981 * There are several reasons we may be busy, including
982 * random momentary I/O traffic. We must therefore
983 * retry. We could distinguish between blocking ops
984 * and retries if we made tty_ldisc_wait() smarter. That
985 * is up for discussion.
986 */
987 if (wait_event_interruptible(tty_ldisc_wait, tty->ldisc.refcount == 0) < 0)
988 return -ERESTARTSYS;
989 goto restart;
990 }
991 if(o_tty && o_tty->ldisc.refcount) {
992 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
993 tty_ldisc_put(ldisc);
994 if (wait_event_interruptible(tty_ldisc_wait, o_tty->ldisc.refcount == 0) < 0)
995 return -ERESTARTSYS;
996 goto restart;
997 }
998 }
999
1000 /* if the TTY_LDISC bit is set, then we are racing against another ldisc change */
1001
1002 if (!test_bit(TTY_LDISC, &tty->flags)) {
1da177e4
LT		 1003 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1004 tty_ldisc_put(ldisc);
ff55fe20
JB		 1005 ld = tty_ldisc_ref_wait(tty);
1006 tty_ldisc_deref(ld);
1da177e4
LT		 1007 goto restart;
1008 }
ff55fe20
JB		 1009
1010 clear_bit(TTY_LDISC, &tty->flags);
817d6d3b 1011 if (o_tty)
ff55fe20 1012 clear_bit(TTY_LDISC, &o_tty->flags);
1da177e4 1013 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
ff55fe20 1014
1da177e4
LT		 1015 /*
1016 * From this point on we know nobody has an ldisc
1017 * usage reference, nor can they obtain one until
1018 * we say so later on.
1019 */
ff55fe20 1020
33f0f88f 1021 work = cancel_delayed_work(&tty->buf.work);
1da177e4 1022 /*
33f0f88f 1023 * Wait for ->hangup_work and ->buf.work handlers to terminate
1da177e4
LT		 1024 */
1025
1026 flush_scheduled_work();
1027 /* Shutdown the current discipline. */
1028 if (tty->ldisc.close)
1029 (tty->ldisc.close)(tty);
1030
1031 /* Now set up the new line discipline. */
1032 tty_ldisc_assign(tty, ld);
1033 tty_set_termios_ldisc(tty, ldisc);
1034 if (tty->ldisc.open)
1035 retval = (tty->ldisc.open)(tty);
1036 if (retval < 0) {
1037 tty_ldisc_put(ldisc);
1038 /* There is an outstanding reference here so this is safe */
1039 tty_ldisc_assign(tty, tty_ldisc_get(o_ldisc.num));
1040 tty_set_termios_ldisc(tty, tty->ldisc.num);
1041 if (tty->ldisc.open && (tty->ldisc.open(tty) < 0)) {
1042 tty_ldisc_put(o_ldisc.num);
1043 /* This driver is always present */
1044 tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
1045 tty_set_termios_ldisc(tty, N_TTY);
1046 if (tty->ldisc.open) {
1047 int r = tty->ldisc.open(tty);
1048
1049 if (r < 0)
1050 panic("Couldn't open N_TTY ldisc for "
1051 "%s --- error %d.",
1052 tty_name(tty, buf), r);
1053 }
1054 }
1055 }
1056 /* At this point we hold a reference to the new ldisc and a
1057 a reference to the old ldisc. If we ended up flipping back
1058 to the existing ldisc we have two references to it */
1059
1060 if (tty->ldisc.num != o_ldisc.num && tty->driver->set_ldisc)
1061 tty->driver->set_ldisc(tty);
1062
1063 tty_ldisc_put(o_ldisc.num);
1064
1065 /*
1066 * Allow ldisc referencing to occur as soon as the driver
1067 * ldisc callback completes.
1068 */
1069
1070 tty_ldisc_enable(tty);
ff55fe20
JB		 1071 if (o_tty)
1072 tty_ldisc_enable(o_tty);
1da177e4
LT		 1073
1074 /* Restart it in case no characters kick it off. Safe if
1075 already running */
ff55fe20 1076 if (work)
33f0f88f 1077 schedule_delayed_work(&tty->buf.work, 1);
1da177e4
LT		 1078 return retval;
1079}
1080
af9b897e
AC		 1081/**
1082 * get_tty_driver - find device of a tty
1083 * @dev_t: device identifier
1084 * @index: returns the index of the tty
1085 *
1086 * This routine returns a tty driver structure, given a device number
1087 * and also passes back the index number.
1088 *
1089 * Locking: caller must hold tty_mutex
1da177e4 1090 */
af9b897e 1091
1da177e4
LT		 1092static struct tty_driver *get_tty_driver(dev_t device, int *index)
1093{
1094 struct tty_driver *p;
1095
1096 list_for_each_entry(p, &tty_drivers, tty_drivers) {
1097 dev_t base = MKDEV(p->major, p->minor_start);
1098 if (device < base || device >= base + p->num)
1099 continue;
1100 *index = device - base;
1101 return p;
1102 }
1103 return NULL;
1104}
1105
af9b897e
AC		 1106/**
1107 * tty_check_change - check for POSIX terminal changes
1108 * @tty: tty to check
1109 *
1110 * If we try to write to, or set the state of, a terminal and we're
1111 * not in the foreground, send a SIGTTOU. If the signal is blocked or
1112 * ignored, go ahead and perform the operation. (POSIX 7.2)
1113 *
1114 * Locking: none
1da177e4 1115 */
af9b897e 1116
1da177e4
LT		 1117int tty_check_change(struct tty_struct * tty)
1118{
1119 if (current->signal->tty != tty)
1120 return 0;
1121 if (tty->pgrp <= 0) {
1122 printk(KERN_WARNING "tty_check_change: tty->pgrp <= 0!\n");
1123 return 0;
1124 }
1125 if (process_group(current) == tty->pgrp)
1126 return 0;
1127 if (is_ignored(SIGTTOU))
1128 return 0;
1129 if (is_orphaned_pgrp(process_group(current)))
1130 return -EIO;
1131 (void) kill_pg(process_group(current), SIGTTOU, 1);
1132 return -ERESTARTSYS;
1133}
1134
1135EXPORT_SYMBOL(tty_check_change);
1136
1137static ssize_t hung_up_tty_read(struct file * file, char __user * buf,
1138 size_t count, loff_t *ppos)
1139{
1140 return 0;
1141}
1142
1143static ssize_t hung_up_tty_write(struct file * file, const char __user * buf,
1144 size_t count, loff_t *ppos)
1145{
1146 return -EIO;
1147}
1148
1149/* No kernel lock held - none needed ;) */
1150static unsigned int hung_up_tty_poll(struct file * filp, poll_table * wait)
1151{
1152 return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
1153}
1154
1155static int hung_up_tty_ioctl(struct inode * inode, struct file * file,
1156 unsigned int cmd, unsigned long arg)
1157{
1158 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
1159}
1160
62322d25 1161static const struct file_operations tty_fops = {
1da177e4
LT		 1162 .llseek = no_llseek,
1163 .read = tty_read,
1164 .write = tty_write,
1165 .poll = tty_poll,
1166 .ioctl = tty_ioctl,
1167 .open = tty_open,
1168 .release = tty_release,
1169 .fasync = tty_fasync,
1170};
1171
1172#ifdef CONFIG_UNIX98_PTYS
62322d25 1173static const struct file_operations ptmx_fops = {
1da177e4
LT		 1174 .llseek = no_llseek,
1175 .read = tty_read,
1176 .write = tty_write,
1177 .poll = tty_poll,
1178 .ioctl = tty_ioctl,
1179 .open = ptmx_open,
1180 .release = tty_release,
1181 .fasync = tty_fasync,
1182};
1183#endif
1184
62322d25 1185static const struct file_operations console_fops = {
1da177e4
LT		 1186 .llseek = no_llseek,
1187 .read = tty_read,
1188 .write = redirected_tty_write,
1189 .poll = tty_poll,
1190 .ioctl = tty_ioctl,
1191 .open = tty_open,
1192 .release = tty_release,
1193 .fasync = tty_fasync,
1194};
1195
62322d25 1196static const struct file_operations hung_up_tty_fops = {
1da177e4
LT		 1197 .llseek = no_llseek,
1198 .read = hung_up_tty_read,
1199 .write = hung_up_tty_write,
1200 .poll = hung_up_tty_poll,
1201 .ioctl = hung_up_tty_ioctl,
1202 .release = tty_release,
1203};
1204
1205static DEFINE_SPINLOCK(redirect_lock);
1206static struct file *redirect;
1207
1208/**
1209 * tty_wakeup - request more data
1210 * @tty: terminal
1211 *
1212 * Internal and external helper for wakeups of tty. This function
1213 * informs the line discipline if present that the driver is ready
1214 * to receive more output data.
1215 */
1216
1217void tty_wakeup(struct tty_struct *tty)
1218{
1219 struct tty_ldisc *ld;
1220
1221 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
1222 ld = tty_ldisc_ref(tty);
1223 if(ld) {
1224 if(ld->write_wakeup)
1225 ld->write_wakeup(tty);
1226 tty_ldisc_deref(ld);
1227 }
1228 }
1229 wake_up_interruptible(&tty->write_wait);
1230}
1231
1232EXPORT_SYMBOL_GPL(tty_wakeup);
1233
1234/**
1235 * tty_ldisc_flush - flush line discipline queue
1236 * @tty: tty
1237 *
1238 * Flush the line discipline queue (if any) for this tty. If there
1239 * is no line discipline active this is a no-op.
1240 */
1241
1242void tty_ldisc_flush(struct tty_struct *tty)
1243{
1244 struct tty_ldisc *ld = tty_ldisc_ref(tty);
1245 if(ld) {
1246 if(ld->flush_buffer)
1247 ld->flush_buffer(tty);
1248 tty_ldisc_deref(ld);
1249 }
1250}
1251
1252EXPORT_SYMBOL_GPL(tty_ldisc_flush);
1253
af9b897e
AC		 1254/**
1255 * do_tty_hangup - actual handler for hangup events
1256 * @data: tty device
1257 *
1258 * This can be called by the "eventd" kernel thread. That is process
1259 * synchronous but doesn't hold any locks, so we need to make sure we
1260 * have the appropriate locks for what we're doing.
1261 *
1262 * The hangup event clears any pending redirections onto the hung up
1263 * device. It ensures future writes will error and it does the needed
1264 * line discipline hangup and signal delivery. The tty object itself
1265 * remains intact.
1266 *
1267 * Locking:
1268 * BKL
1269 * redirect lock for undoing redirection
1270 * file list lock for manipulating list of ttys
1271 * tty_ldisc_lock from called functions
1272 * termios_sem resetting termios data
1273 * tasklist_lock to walk task list for hangup event
1274 *
1da177e4
LT		 1275 */
1276static void do_tty_hangup(void *data)
1277{
1278 struct tty_struct *tty = (struct tty_struct *) data;
1279 struct file * cons_filp = NULL;
1280 struct file *filp, *f = NULL;
1281 struct task_struct *p;
1282 struct tty_ldisc *ld;
1283 int closecount = 0, n;
1284
1285 if (!tty)
1286 return;
1287
1288 /* inuse_filps is protected by the single kernel lock */
1289 lock_kernel();
1290
1291 spin_lock(&redirect_lock);
1292 if (redirect && redirect->private_data == tty) {
1293 f = redirect;
1294 redirect = NULL;
1295 }
1296 spin_unlock(&redirect_lock);
1297
1298 check_tty_count(tty, "do_tty_hangup");
1299 file_list_lock();
1300 /* This breaks for file handles being sent over AF_UNIX sockets ? */
2f512016 1301 list_for_each_entry(filp, &tty->tty_files, f_u.fu_list) {
1da177e4
LT		 1302 if (filp->f_op->write == redirected_tty_write)
1303 cons_filp = filp;
1304 if (filp->f_op->write != tty_write)
1305 continue;
1306 closecount++;
1307 tty_fasync(-1, filp, 0); /* can't block */
1308 filp->f_op = &hung_up_tty_fops;
1309 }
1310 file_list_unlock();
1311
1312 /* FIXME! What are the locking issues here? This may me overdoing things..
1313 * this question is especially important now that we've removed the irqlock. */
1314
1315 ld = tty_ldisc_ref(tty);
1316 if(ld != NULL) /* We may have no line discipline at this point */
1317 {
1318 if (ld->flush_buffer)
1319 ld->flush_buffer(tty);
1320 if (tty->driver->flush_buffer)
1321 tty->driver->flush_buffer(tty);
1322 if ((test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) &&
1323 ld->write_wakeup)
1324 ld->write_wakeup(tty);
1325 if (ld->hangup)
1326 ld->hangup(tty);
1327 }
1328
1329 /* FIXME: Once we trust the LDISC code better we can wait here for
1330 ldisc completion and fix the driver call race */
1331
1332 wake_up_interruptible(&tty->write_wait);
1333 wake_up_interruptible(&tty->read_wait);
1334
1335 /*
1336 * Shutdown the current line discipline, and reset it to
1337 * N_TTY.
1338 */
1339 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1340 {
5785c95b 1341 mutex_lock(&tty->termios_mutex);
1da177e4 1342 *tty->termios = tty->driver->init_termios;
5785c95b 1343 mutex_unlock(&tty->termios_mutex);
1da177e4
LT		 1344 }
1345
1346 /* Defer ldisc switch */
1347 /* tty_deferred_ldisc_switch(N_TTY);
1348
1349 This should get done automatically when the port closes and
1350 tty_release is called */
1351
1352 read_lock(&tasklist_lock);
1353 if (tty->session > 0) {
1354 do_each_task_pid(tty->session, PIDTYPE_SID, p) {
1355 if (p->signal->tty == tty)
1356 p->signal->tty = NULL;
1357 if (!p->signal->leader)
1358 continue;
f96a795d
EB		 1359 group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
1360 group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
1da177e4
LT		 1361 if (tty->pgrp > 0)
1362 p->signal->tty_old_pgrp = tty->pgrp;
1363 } while_each_task_pid(tty->session, PIDTYPE_SID, p);
1364 }
1365 read_unlock(&tasklist_lock);
1366
1367 tty->flags = 0;
1368 tty->session = 0;
1369 tty->pgrp = -1;
1370 tty->ctrl_status = 0;
1371 /*
1372 * If one of the devices matches a console pointer, we
1373 * cannot just call hangup() because that will cause
1374 * tty->count and state->count to go out of sync.
1375 * So we just call close() the right number of times.
1376 */
1377 if (cons_filp) {
1378 if (tty->driver->close)
1379 for (n = 0; n < closecount; n++)
1380 tty->driver->close(tty, cons_filp);
1381 } else if (tty->driver->hangup)
1382 (tty->driver->hangup)(tty);
1383
1384 /* We don't want to have driver/ldisc interactions beyond
1385 the ones we did here. The driver layer expects no
1386 calls after ->hangup() from the ldisc side. However we
1387 can't yet guarantee all that */
1388
1389 set_bit(TTY_HUPPED, &tty->flags);
1390 if (ld) {
1391 tty_ldisc_enable(tty);
1392 tty_ldisc_deref(ld);
1393 }
1394 unlock_kernel();
1395 if (f)
1396 fput(f);
1397}
1398
af9b897e
AC		 1399/**
1400 * tty_hangup - trigger a hangup event
1401 * @tty: tty to hangup
1402 *
1403 * A carrier loss (virtual or otherwise) has occurred on this like
1404 * schedule a hangup sequence to run after this event.
1405 */
1406
1da177e4
LT		 1407void tty_hangup(struct tty_struct * tty)
1408{
1409#ifdef TTY_DEBUG_HANGUP
1410 char buf[64];
1411
1412 printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
1413#endif
1414 schedule_work(&tty->hangup_work);
1415}
1416
1417EXPORT_SYMBOL(tty_hangup);
1418
af9b897e
AC		 1419/**
1420 * tty_vhangup - process vhangup
1421 * @tty: tty to hangup
1422 *
1423 * The user has asked via system call for the terminal to be hung up.
1424 * We do this synchronously so that when the syscall returns the process
1425 * is complete. That guarantee is neccessary for security reasons.
1426 */
1427
1da177e4
LT		 1428void tty_vhangup(struct tty_struct * tty)
1429{
1430#ifdef TTY_DEBUG_HANGUP
1431 char buf[64];
1432
1433 printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
1434#endif
1435 do_tty_hangup((void *) tty);
1436}
1437EXPORT_SYMBOL(tty_vhangup);
1438
af9b897e
AC		 1439/**
1440 * tty_hung_up_p - was tty hung up
1441 * @filp: file pointer of tty
1442 *
1443 * Return true if the tty has been subject to a vhangup or a carrier
1444 * loss
1445 */
1446
1da177e4
LT		 1447int tty_hung_up_p(struct file * filp)
1448{
1449 return (filp->f_op == &hung_up_tty_fops);
1450}
1451
1452EXPORT_SYMBOL(tty_hung_up_p);
1453
af9b897e
AC		 1454/**
1455 * disassociate_ctty - disconnect controlling tty
1456 * @on_exit: true if exiting so need to "hang up" the session
1da177e4 1457 *
af9b897e
AC		 1458 * This function is typically called only by the session leader, when
1459 * it wants to disassociate itself from its controlling tty.
1460 *
1461 * It performs the following functions:
1da177e4
LT		 1462 * (1) Sends a SIGHUP and SIGCONT to the foreground process group
1463 * (2) Clears the tty from being controlling the session
1464 * (3) Clears the controlling tty for all processes in the
1465 * session group.
1466 *
af9b897e
AC		 1467 * The argument on_exit is set to 1 if called when a process is
1468 * exiting; it is 0 if called by the ioctl TIOCNOTTY.
1469 *
1470 * Locking: tty_mutex is taken to protect current->signal->tty
1471 * BKL is taken for hysterical raisins
1472 * Tasklist lock is taken (under tty_mutex) to walk process
1473 * lists for the session.
1da177e4 1474 */
af9b897e 1475
1da177e4
LT		 1476void disassociate_ctty(int on_exit)
1477{
1478 struct tty_struct *tty;
1479 struct task_struct *p;
1480 int tty_pgrp = -1;
1481
1482 lock_kernel();
1483
70522e12 1484 mutex_lock(&tty_mutex);
1da177e4
LT		 1485 tty = current->signal->tty;
1486 if (tty) {
1487 tty_pgrp = tty->pgrp;
70522e12 1488 mutex_unlock(&tty_mutex);
1da177e4
LT		 1489 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY)
1490 tty_vhangup(tty);
1491 } else {
1492 if (current->signal->tty_old_pgrp) {
1493 kill_pg(current->signal->tty_old_pgrp, SIGHUP, on_exit);
1494 kill_pg(current->signal->tty_old_pgrp, SIGCONT, on_exit);
1495 }
70522e12 1496 mutex_unlock(&tty_mutex);
1da177e4
LT		 1497 unlock_kernel();
1498 return;
1499 }
1500 if (tty_pgrp > 0) {
1501 kill_pg(tty_pgrp, SIGHUP, on_exit);
1502 if (!on_exit)
1503 kill_pg(tty_pgrp, SIGCONT, on_exit);
1504 }
1505
1506 /* Must lock changes to tty_old_pgrp */
70522e12 1507 mutex_lock(&tty_mutex);
1da177e4
LT		 1508 current->signal->tty_old_pgrp = 0;
1509 tty->session = 0;
1510 tty->pgrp = -1;
1511
1512 /* Now clear signal->tty under the lock */
1513 read_lock(&tasklist_lock);
1514 do_each_task_pid(current->signal->session, PIDTYPE_SID, p) {
1515 p->signal->tty = NULL;
1516 } while_each_task_pid(current->signal->session, PIDTYPE_SID, p);
1517 read_unlock(&tasklist_lock);
70522e12 1518 mutex_unlock(&tty_mutex);
1da177e4
LT		 1519 unlock_kernel();
1520}
1521
af9b897e
AC		 1522
1523/**
1524 * stop_tty - propogate flow control
1525 * @tty: tty to stop
1526 *
1527 * Perform flow control to the driver. For PTY/TTY pairs we
1528 * must also propogate the TIOCKPKT status. May be called
1529 * on an already stopped device and will not re-call the driver
1530 * method.
1531 *
1532 * This functionality is used by both the line disciplines for
1533 * halting incoming flow and by the driver. It may therefore be
1534 * called from any context, may be under the tty atomic_write_lock
1535 * but not always.
1536 *
1537 * Locking:
1538 * Broken. Relies on BKL which is unsafe here.
1539 */
1540
1da177e4
LT		 1541void stop_tty(struct tty_struct *tty)
1542{
1543 if (tty->stopped)
1544 return;
1545 tty->stopped = 1;
1546 if (tty->link && tty->link->packet) {
1547 tty->ctrl_status &= ~TIOCPKT_START;
1548 tty->ctrl_status |= TIOCPKT_STOP;
1549 wake_up_interruptible(&tty->link->read_wait);
1550 }
1551 if (tty->driver->stop)
1552 (tty->driver->stop)(tty);
1553}
1554
1555EXPORT_SYMBOL(stop_tty);
1556
af9b897e
AC		 1557/**
1558 * start_tty - propogate flow control
1559 * @tty: tty to start
1560 *
1561 * Start a tty that has been stopped if at all possible. Perform
1562 * any neccessary wakeups and propogate the TIOCPKT status. If this
1563 * is the tty was previous stopped and is being started then the
1564 * driver start method is invoked and the line discipline woken.
1565 *
1566 * Locking:
1567 * Broken. Relies on BKL which is unsafe here.
1568 */
1569
1da177e4
LT		 1570void start_tty(struct tty_struct *tty)
1571{
1572 if (!tty->stopped || tty->flow_stopped)
1573 return;
1574 tty->stopped = 0;
1575 if (tty->link && tty->link->packet) {
1576 tty->ctrl_status &= ~TIOCPKT_STOP;
1577 tty->ctrl_status |= TIOCPKT_START;
1578 wake_up_interruptible(&tty->link->read_wait);
1579 }
1580 if (tty->driver->start)
1581 (tty->driver->start)(tty);
1582
1583 /* If we have a running line discipline it may need kicking */
1584 tty_wakeup(tty);
1585 wake_up_interruptible(&tty->write_wait);
1586}
1587
1588EXPORT_SYMBOL(start_tty);
1589
af9b897e
AC		 1590/**
1591 * tty_read - read method for tty device files
1592 * @file: pointer to tty file
1593 * @buf: user buffer
1594 * @count: size of user buffer
1595 * @ppos: unused
1596 *
1597 * Perform the read system call function on this terminal device. Checks
1598 * for hung up devices before calling the line discipline method.
1599 *
1600 * Locking:
1601 * Locks the line discipline internally while needed
1602 * For historical reasons the line discipline read method is
1603 * invoked under the BKL. This will go away in time so do not rely on it
1604 * in new code. Multiple read calls may be outstanding in parallel.
1605 */
1606
1da177e4
LT		 1607static ssize_t tty_read(struct file * file, char __user * buf, size_t count,
1608 loff_t *ppos)
1609{
1610 int i;
1611 struct tty_struct * tty;
1612 struct inode *inode;
1613 struct tty_ldisc *ld;
1614
1615 tty = (struct tty_struct *)file->private_data;
1616 inode = file->f_dentry->d_inode;
1617 if (tty_paranoia_check(tty, inode, "tty_read"))
1618 return -EIO;
1619 if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
1620 return -EIO;
1621
1622 /* We want to wait for the line discipline to sort out in this
1623 situation */
1624 ld = tty_ldisc_ref_wait(tty);
1625 lock_kernel();
1626 if (ld->read)
1627 i = (ld->read)(tty,file,buf,count);
1628 else
1629 i = -EIO;
1630 tty_ldisc_deref(ld);
1631 unlock_kernel();
1632 if (i > 0)
1633 inode->i_atime = current_fs_time(inode->i_sb);
1634 return i;
1635}
1636
1637/*
1638 * Split writes up in sane blocksizes to avoid
1639 * denial-of-service type attacks
1640 */
1641static inline ssize_t do_tty_write(
1642 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1643 struct tty_struct *tty,
1644 struct file *file,
1645 const char __user *buf,
1646 size_t count)
1647{
1648 ssize_t ret = 0, written = 0;
1649 unsigned int chunk;
1650
af9b897e 1651 /* FIXME: O_NDELAY ... */
70522e12 1652 if (mutex_lock_interruptible(&tty->atomic_write_lock)) {
1da177e4
LT		 1653 return -ERESTARTSYS;
1654 }
1655
1656 /*
1657 * We chunk up writes into a temporary buffer. This
1658 * simplifies low-level drivers immensely, since they
1659 * don't have locking issues and user mode accesses.
1660 *
1661 * But if TTY_NO_WRITE_SPLIT is set, we should use a
1662 * big chunk-size..
1663 *
1664 * The default chunk-size is 2kB, because the NTTY
1665 * layer has problems with bigger chunks. It will
1666 * claim to be able to handle more characters than
1667 * it actually does.
af9b897e
AC		 1668 *
1669 * FIXME: This can probably go away now except that 64K chunks
1670 * are too likely to fail unless switched to vmalloc...
1da177e4
LT		 1671 */
1672 chunk = 2048;
1673 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1674 chunk = 65536;
1675 if (count < chunk)
1676 chunk = count;
1677
70522e12 1678 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1da177e4
LT		 1679 if (tty->write_cnt < chunk) {
1680 unsigned char *buf;
1681
1682 if (chunk < 1024)
1683 chunk = 1024;
1684
1685 buf = kmalloc(chunk, GFP_KERNEL);
1686 if (!buf) {
70522e12 1687 mutex_unlock(&tty->atomic_write_lock);
1da177e4
LT		 1688 return -ENOMEM;
1689 }
1690 kfree(tty->write_buf);
1691 tty->write_cnt = chunk;
1692 tty->write_buf = buf;
1693 }
1694
1695 /* Do the write .. */
1696 for (;;) {
1697 size_t size = count;
1698 if (size > chunk)
1699 size = chunk;
1700 ret = -EFAULT;
1701 if (copy_from_user(tty->write_buf, buf, size))
1702 break;
1703 lock_kernel();
1704 ret = write(tty, file, tty->write_buf, size);
1705 unlock_kernel();
1706 if (ret <= 0)
1707 break;
1708 written += ret;
1709 buf += ret;
1710 count -= ret;
1711 if (!count)
1712 break;
1713 ret = -ERESTARTSYS;
1714 if (signal_pending(current))
1715 break;
1716 cond_resched();
1717 }
1718 if (written) {
1719 struct inode *inode = file->f_dentry->d_inode;
1720 inode->i_mtime = current_fs_time(inode->i_sb);
1721 ret = written;
1722 }
70522e12 1723 mutex_unlock(&tty->atomic_write_lock);
1da177e4
LT		 1724 return ret;
1725}
1726
1727
af9b897e
AC		 1728/**
1729 * tty_write - write method for tty device file
1730 * @file: tty file pointer
1731 * @buf: user data to write
1732 * @count: bytes to write
1733 * @ppos: unused
1734 *
1735 * Write data to a tty device via the line discipline.
1736 *
1737 * Locking:
1738 * Locks the line discipline as required
1739 * Writes to the tty driver are serialized by the atomic_write_lock
1740 * and are then processed in chunks to the device. The line discipline
1741 * write method will not be involked in parallel for each device
1742 * The line discipline write method is called under the big
1743 * kernel lock for historical reasons. New code should not rely on this.
1744 */
1745
1da177e4
LT		 1746static ssize_t tty_write(struct file * file, const char __user * buf, size_t count,
1747 loff_t *ppos)
1748{
1749 struct tty_struct * tty;
1750 struct inode *inode = file->f_dentry->d_inode;
1751 ssize_t ret;
1752 struct tty_ldisc *ld;
1753
1754 tty = (struct tty_struct *)file->private_data;
1755 if (tty_paranoia_check(tty, inode, "tty_write"))
1756 return -EIO;
1757 if (!tty || !tty->driver->write || (test_bit(TTY_IO_ERROR, &tty->flags)))
1758 return -EIO;
1759
1760 ld = tty_ldisc_ref_wait(tty);
1761 if (!ld->write)
1762 ret = -EIO;
1763 else
1764 ret = do_tty_write(ld->write, tty, file, buf, count);
1765 tty_ldisc_deref(ld);
1766 return ret;
1767}
1768
1769ssize_t redirected_tty_write(struct file * file, const char __user * buf, size_t count,
1770 loff_t *ppos)
1771{
1772 struct file *p = NULL;
1773
1774 spin_lock(&redirect_lock);
1775 if (redirect) {
1776 get_file(redirect);
1777 p = redirect;
1778 }
1779 spin_unlock(&redirect_lock);
1780
1781 if (p) {
1782 ssize_t res;
1783 res = vfs_write(p, buf, count, &p->f_pos);
1784 fput(p);
1785 return res;
1786 }
1787
1788 return tty_write(file, buf, count, ppos);
1789}
1790
1791static char ptychar[] = "pqrstuvwxyzabcde";
1792
af9b897e
AC		 1793/**
1794 * pty_line_name - generate name for a pty
1795 * @driver: the tty driver in use
1796 * @index: the minor number
1797 * @p: output buffer of at least 6 bytes
1798 *
1799 * Generate a name from a driver reference and write it to the output
1800 * buffer.
1801 *
1802 * Locking: None
1803 */
1804static void pty_line_name(struct tty_driver *driver, int index, char *p)
1da177e4
LT		 1805{
1806 int i = index + driver->name_base;
1807 /* ->name is initialized to "ttyp", but "tty" is expected */
1808 sprintf(p, "%s%c%x",
1809 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1810 ptychar[i >> 4 & 0xf], i & 0xf);
1811}
1812
af9b897e
AC		 1813/**
1814 * pty_line_name - generate name for a tty
1815 * @driver: the tty driver in use
1816 * @index: the minor number
1817 * @p: output buffer of at least 7 bytes
1818 *
1819 * Generate a name from a driver reference and write it to the output
1820 * buffer.
1821 *
1822 * Locking: None
1823 */
1824static void tty_line_name(struct tty_driver *driver, int index, char *p)
1da177e4
LT		 1825{
1826 sprintf(p, "%s%d", driver->name, index + driver->name_base);
1827}
1828
af9b897e
AC		 1829/**
1830 * init_dev - initialise a tty device
1831 * @driver: tty driver we are opening a device on
1832 * @idx: device index
1833 * @tty: returned tty structure
1834 *
1835 * Prepare a tty device. This may not be a "new" clean device but
1836 * could also be an active device. The pty drivers require special
1837 * handling because of this.
1838 *
1839 * Locking:
1840 * The function is called under the tty_mutex, which
1841 * protects us from the tty struct or driver itself going away.
1842 *
1843 * On exit the tty device has the line discipline attached and
1844 * a reference count of 1. If a pair was created for pty/tty use
1845 * and the other was a pty master then it too has a reference count of 1.
1846 *
1da177e4 1847 * WSH 06/09/97: Rewritten to remove races and properly clean up after a
70522e12
IM		 1848 * failed open. The new code protects the open with a mutex, so it's
1849 * really quite straightforward. The mutex locking can probably be
1da177e4
LT		 1850 * relaxed for the (most common) case of reopening a tty.
1851 */
af9b897e 1852
1da177e4
LT		 1853static int init_dev(struct tty_driver *driver, int idx,
1854 struct tty_struct **ret_tty)
1855{
1856 struct tty_struct *tty, *o_tty;
1857 struct termios *tp, **tp_loc, *o_tp, **o_tp_loc;
1858 struct termios *ltp, **ltp_loc, *o_ltp, **o_ltp_loc;
af9b897e 1859 int retval = 0;
1da177e4
LT		 1860
1861 /* check whether we're reopening an existing tty */
1862 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1863 tty = devpts_get_tty(idx);
1864 if (tty && driver->subtype == PTY_TYPE_MASTER)
1865 tty = tty->link;
1866 } else {
1867 tty = driver->ttys[idx];
1868 }
1869 if (tty) goto fast_track;
1870
1871 /*
1872 * First time open is complex, especially for PTY devices.
1873 * This code guarantees that either everything succeeds and the
1874 * TTY is ready for operation, or else the table slots are vacated
1875 * and the allocated memory released. (Except that the termios
1876 * and locked termios may be retained.)
1877 */
1878
1879 if (!try_module_get(driver->owner)) {
1880 retval = -ENODEV;
1881 goto end_init;
1882 }
1883
1884 o_tty = NULL;
1885 tp = o_tp = NULL;
1886 ltp = o_ltp = NULL;
1887
1888 tty = alloc_tty_struct();
1889 if(!tty)
1890 goto fail_no_mem;
1891 initialize_tty_struct(tty);
1892 tty->driver = driver;
1893 tty->index = idx;
1894 tty_line_name(driver, idx, tty->name);
1895
1896 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1897 tp_loc = &tty->termios;
1898 ltp_loc = &tty->termios_locked;
1899 } else {
1900 tp_loc = &driver->termios[idx];
1901 ltp_loc = &driver->termios_locked[idx];
1902 }
1903
1904 if (!*tp_loc) {
1905 tp = (struct termios *) kmalloc(sizeof(struct termios),
1906 GFP_KERNEL);
1907 if (!tp)
1908 goto free_mem_out;
1909 *tp = driver->init_termios;
1910 }
1911
1912 if (!*ltp_loc) {
1913 ltp = (struct termios *) kmalloc(sizeof(struct termios),
1914 GFP_KERNEL);
1915 if (!ltp)
1916 goto free_mem_out;
1917 memset(ltp, 0, sizeof(struct termios));
1918 }
1919
1920 if (driver->type == TTY_DRIVER_TYPE_PTY) {
1921 o_tty = alloc_tty_struct();
1922 if (!o_tty)
1923 goto free_mem_out;
1924 initialize_tty_struct(o_tty);
1925 o_tty->driver = driver->other;
1926 o_tty->index = idx;
1927 tty_line_name(driver->other, idx, o_tty->name);
1928
1929 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1930 o_tp_loc = &o_tty->termios;
1931 o_ltp_loc = &o_tty->termios_locked;
1932 } else {
1933 o_tp_loc = &driver->other->termios[idx];
1934 o_ltp_loc = &driver->other->termios_locked[idx];
1935 }
1936
1937 if (!*o_tp_loc) {
1938 o_tp = (struct termios *)
1939 kmalloc(sizeof(struct termios), GFP_KERNEL);
1940 if (!o_tp)
1941 goto free_mem_out;
1942 *o_tp = driver->other->init_termios;
1943 }
1944
1945 if (!*o_ltp_loc) {
1946 o_ltp = (struct termios *)
1947 kmalloc(sizeof(struct termios), GFP_KERNEL);
1948 if (!o_ltp)
1949 goto free_mem_out;
1950 memset(o_ltp, 0, sizeof(struct termios));
1951 }
1952
1953 /*
1954 * Everything allocated ... set up the o_tty structure.
1955 */
1956 if (!(driver->other->flags & TTY_DRIVER_DEVPTS_MEM)) {
1957 driver->other->ttys[idx] = o_tty;
1958 }
1959 if (!*o_tp_loc)
1960 *o_tp_loc = o_tp;
1961 if (!*o_ltp_loc)
1962 *o_ltp_loc = o_ltp;
1963 o_tty->termios = *o_tp_loc;
1964 o_tty->termios_locked = *o_ltp_loc;
1965 driver->other->refcount++;
1966 if (driver->subtype == PTY_TYPE_MASTER)
1967 o_tty->count++;
1968
1969 /* Establish the links in both directions */
1970 tty->link = o_tty;
1971 o_tty->link = tty;
1972 }
1973
1974 /*
1975 * All structures have been allocated, so now we install them.
1976 * Failures after this point use release_mem to clean up, so
1977 * there's no need to null out the local pointers.
1978 */
1979 if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
1980 driver->ttys[idx] = tty;
1981 }
1982
1983 if (!*tp_loc)
1984 *tp_loc = tp;
1985 if (!*ltp_loc)
1986 *ltp_loc = ltp;
1987 tty->termios = *tp_loc;
1988 tty->termios_locked = *ltp_loc;
1989 driver->refcount++;
1990 tty->count++;
1991
1992 /*
1993 * Structures all installed ... call the ldisc open routines.
1994 * If we fail here just call release_mem to clean up. No need
1995 * to decrement the use counts, as release_mem doesn't care.
1996 */
1997
1998 if (tty->ldisc.open) {
1999 retval = (tty->ldisc.open)(tty);
2000 if (retval)
2001 goto release_mem_out;
2002 }
2003 if (o_tty && o_tty->ldisc.open) {
2004 retval = (o_tty->ldisc.open)(o_tty);
2005 if (retval) {
2006 if (tty->ldisc.close)
2007 (tty->ldisc.close)(tty);
2008 goto release_mem_out;
2009 }
2010 tty_ldisc_enable(o_tty);
2011 }
2012 tty_ldisc_enable(tty);
2013 goto success;
2014
2015 /*
2016 * This fast open can be used if the tty is already open.
2017 * No memory is allocated, and the only failures are from
2018 * attempting to open a closing tty or attempting multiple
2019 * opens on a pty master.
2020 */
2021fast_track:
2022 if (test_bit(TTY_CLOSING, &tty->flags)) {
2023 retval = -EIO;
2024 goto end_init;
2025 }
2026 if (driver->type == TTY_DRIVER_TYPE_PTY &&
2027 driver->subtype == PTY_TYPE_MASTER) {
2028 /*
2029 * special case for PTY masters: only one open permitted,
2030 * and the slave side open count is incremented as well.
2031 */
2032 if (tty->count) {
2033 retval = -EIO;
2034 goto end_init;
2035 }
2036 tty->link->count++;
2037 }
2038 tty->count++;
2039 tty->driver = driver; /* N.B. why do this every time?? */
2040
2041 /* FIXME */
2042 if(!test_bit(TTY_LDISC, &tty->flags))
2043 printk(KERN_ERR "init_dev but no ldisc\n");
2044success:
2045 *ret_tty = tty;
2046
70522e12 2047 /* All paths come through here to release the mutex */
1da177e4
LT		 2048end_init:
2049 return retval;
2050
2051 /* Release locally allocated memory ... nothing placed in slots */
2052free_mem_out:
735d5661 2053 kfree(o_tp);
1da177e4
LT		 2054 if (o_tty)
2055 free_tty_struct(o_tty);
735d5661
JJ		 2056 kfree(ltp);
2057 kfree(tp);
1da177e4
LT		 2058 free_tty_struct(tty);
2059
2060fail_no_mem:
2061 module_put(driver->owner);
2062 retval = -ENOMEM;
2063 goto end_init;
2064
2065 /* call the tty release_mem routine to clean out this slot */
2066release_mem_out:
2067 printk(KERN_INFO "init_dev: ldisc open failed, "
2068 "clearing slot %d\n", idx);
2069 release_mem(tty, idx);
2070 goto end_init;
2071}
2072
af9b897e
AC		 2073/**
2074 * release_mem - release tty structure memory
2075 *
2076 * Releases memory associated with a tty structure, and clears out the
2077 * driver table slots. This function is called when a device is no longer
2078 * in use. It also gets called when setup of a device fails.
2079 *
2080 * Locking:
2081 * tty_mutex - sometimes only
2082 * takes the file list lock internally when working on the list
2083 * of ttys that the driver keeps.
2084 * FIXME: should we require tty_mutex is held here ??
1da177e4 2085 */
af9b897e 2086
1da177e4
LT		 2087static void release_mem(struct tty_struct *tty, int idx)
2088{
2089 struct tty_struct *o_tty;
2090 struct termios *tp;
2091 int devpts = tty->driver->flags & TTY_DRIVER_DEVPTS_MEM;
2092
2093 if ((o_tty = tty->link) != NULL) {
2094 if (!devpts)
2095 o_tty->driver->ttys[idx] = NULL;
2096 if (o_tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
2097 tp = o_tty->termios;
2098 if (!devpts)
2099 o_tty->driver->termios[idx] = NULL;
2100 kfree(tp);
2101
2102 tp = o_tty->termios_locked;
2103 if (!devpts)
2104 o_tty->driver->termios_locked[idx] = NULL;
2105 kfree(tp);
2106 }
2107 o_tty->magic = 0;
2108 o_tty->driver->refcount--;
2109 file_list_lock();
2110 list_del_init(&o_tty->tty_files);
2111 file_list_unlock();
2112 free_tty_struct(o_tty);
2113 }
2114
2115 if (!devpts)
2116 tty->driver->ttys[idx] = NULL;
2117 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
2118 tp = tty->termios;
2119 if (!devpts)
2120 tty->driver->termios[idx] = NULL;
2121 kfree(tp);
2122
2123 tp = tty->termios_locked;
2124 if (!devpts)
2125 tty->driver->termios_locked[idx] = NULL;
2126 kfree(tp);
2127 }
2128
2129 tty->magic = 0;
2130 tty->driver->refcount--;
2131 file_list_lock();
2132 list_del_init(&tty->tty_files);
2133 file_list_unlock();
2134 module_put(tty->driver->owner);
2135 free_tty_struct(tty);
2136}
2137
2138/*
2139 * Even releasing the tty structures is a tricky business.. We have
2140 * to be very careful that the structures are all released at the
2141 * same time, as interrupts might otherwise get the wrong pointers.
2142 *
2143 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
2144 * lead to double frees or releasing memory still in use.
2145 */
2146static void release_dev(struct file * filp)
2147{
2148 struct tty_struct *tty, *o_tty;
2149 int pty_master, tty_closing, o_tty_closing, do_sleep;
14a6283e 2150 int devpts;
1da177e4
LT		 2151 int idx;
2152 char buf[64];
2153 unsigned long flags;
2154
2155 tty = (struct tty_struct *)filp->private_data;
2156 if (tty_paranoia_check(tty, filp->f_dentry->d_inode, "release_dev"))
2157 return;
2158
2159 check_tty_count(tty, "release_dev");
2160
2161 tty_fasync(-1, filp, 0);
2162
2163 idx = tty->index;
2164 pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2165 tty->driver->subtype == PTY_TYPE_MASTER);
2166 devpts = (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) != 0;
1da177e4
LT		 2167 o_tty = tty->link;
2168
2169#ifdef TTY_PARANOIA_CHECK
2170 if (idx < 0 || idx >= tty->driver->num) {
2171 printk(KERN_DEBUG "release_dev: bad idx when trying to "
2172 "free (%s)\n", tty->name);
2173 return;
2174 }
2175 if (!(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2176 if (tty != tty->driver->ttys[idx]) {
2177 printk(KERN_DEBUG "release_dev: driver.table[%d] not tty "
2178 "for (%s)\n", idx, tty->name);
2179 return;
2180 }
2181 if (tty->termios != tty->driver->termios[idx]) {
2182 printk(KERN_DEBUG "release_dev: driver.termios[%d] not termios "
2183 "for (%s)\n",
2184 idx, tty->name);
2185 return;
2186 }
2187 if (tty->termios_locked != tty->driver->termios_locked[idx]) {
2188 printk(KERN_DEBUG "release_dev: driver.termios_locked[%d] not "
2189 "termios_locked for (%s)\n",
2190 idx, tty->name);
2191 return;
2192 }
2193 }
2194#endif
2195
2196#ifdef TTY_DEBUG_HANGUP
2197 printk(KERN_DEBUG "release_dev of %s (tty count=%d)...",
2198 tty_name(tty, buf), tty->count);
2199#endif
2200
2201#ifdef TTY_PARANOIA_CHECK
2202 if (tty->driver->other &&
2203 !(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2204 if (o_tty != tty->driver->other->ttys[idx]) {
2205 printk(KERN_DEBUG "release_dev: other->table[%d] "
2206 "not o_tty for (%s)\n",
2207 idx, tty->name);
2208 return;
2209 }
2210 if (o_tty->termios != tty->driver->other->termios[idx]) {
2211 printk(KERN_DEBUG "release_dev: other->termios[%d] "
2212 "not o_termios for (%s)\n",
2213 idx, tty->name);
2214 return;
2215 }
2216 if (o_tty->termios_locked !=
2217 tty->driver->other->termios_locked[idx]) {
2218 printk(KERN_DEBUG "release_dev: other->termios_locked["
2219 "%d] not o_termios_locked for (%s)\n",
2220 idx, tty->name);
2221 return;
2222 }
2223 if (o_tty->link != tty) {
2224 printk(KERN_DEBUG "release_dev: bad pty pointers\n");
2225 return;
2226 }
2227 }
2228#endif
2229 if (tty->driver->close)
2230 tty->driver->close(tty, filp);
2231
2232 /*
2233 * Sanity check: if tty->count is going to zero, there shouldn't be
2234 * any waiters on tty->read_wait or tty->write_wait. We test the
2235 * wait queues and kick everyone out _before_ actually starting to
2236 * close. This ensures that we won't block while releasing the tty
2237 * structure.
2238 *
2239 * The test for the o_tty closing is necessary, since the master and
2240 * slave sides may close in any order. If the slave side closes out
2241 * first, its count will be one, since the master side holds an open.
2242 * Thus this test wouldn't be triggered at the time the slave closes,
2243 * so we do it now.
2244 *
2245 * Note that it's possible for the tty to be opened again while we're
2246 * flushing out waiters. By recalculating the closing flags before
2247 * each iteration we avoid any problems.
2248 */
2249 while (1) {
2250 /* Guard against races with tty->count changes elsewhere and
2251 opens on /dev/tty */
2252
70522e12 2253 mutex_lock(&tty_mutex);
1da177e4
LT		 2254 tty_closing = tty->count <= 1;
2255 o_tty_closing = o_tty &&
2256 (o_tty->count <= (pty_master ? 1 : 0));
1da177e4
LT		 2257 do_sleep = 0;
2258
2259 if (tty_closing) {
2260 if (waitqueue_active(&tty->read_wait)) {
2261 wake_up(&tty->read_wait);
2262 do_sleep++;
2263 }
2264 if (waitqueue_active(&tty->write_wait)) {
2265 wake_up(&tty->write_wait);
2266 do_sleep++;
2267 }
2268 }
2269 if (o_tty_closing) {
2270 if (waitqueue_active(&o_tty->read_wait)) {
2271 wake_up(&o_tty->read_wait);
2272 do_sleep++;
2273 }
2274 if (waitqueue_active(&o_tty->write_wait)) {
2275 wake_up(&o_tty->write_wait);
2276 do_sleep++;
2277 }
2278 }
2279 if (!do_sleep)
2280 break;
2281
2282 printk(KERN_WARNING "release_dev: %s: read/write wait queue "
2283 "active!\n", tty_name(tty, buf));
70522e12 2284 mutex_unlock(&tty_mutex);
1da177e4
LT		 2285 schedule();
2286 }
2287
2288 /*
2289 * The closing flags are now consistent with the open counts on
2290 * both sides, and we've completed the last operation that could
2291 * block, so it's safe to proceed with closing.
2292 */
1da177e4
LT		 2293 if (pty_master) {
2294 if (--o_tty->count < 0) {
2295 printk(KERN_WARNING "release_dev: bad pty slave count "
2296 "(%d) for %s\n",
2297 o_tty->count, tty_name(o_tty, buf));
2298 o_tty->count = 0;
2299 }
2300 }
2301 if (--tty->count < 0) {
2302 printk(KERN_WARNING "release_dev: bad tty->count (%d) for %s\n",
2303 tty->count, tty_name(tty, buf));
2304 tty->count = 0;
2305 }
1da177e4
LT		 2306
2307 /*
2308 * We've decremented tty->count, so we need to remove this file
2309 * descriptor off the tty->tty_files list; this serves two
2310 * purposes:
2311 * - check_tty_count sees the correct number of file descriptors
2312 * associated with this tty.
2313 * - do_tty_hangup no longer sees this file descriptor as
2314 * something that needs to be handled for hangups.
2315 */
2316 file_kill(filp);
2317 filp->private_data = NULL;
2318
2319 /*
2320 * Perform some housekeeping before deciding whether to return.
2321 *
2322 * Set the TTY_CLOSING flag if this was the last open. In the
2323 * case of a pty we may have to wait around for the other side
2324 * to close, and TTY_CLOSING makes sure we can't be reopened.
2325 */
2326 if(tty_closing)
2327 set_bit(TTY_CLOSING, &tty->flags);
2328 if(o_tty_closing)
2329 set_bit(TTY_CLOSING, &o_tty->flags);
2330
2331 /*
2332 * If _either_ side is closing, make sure there aren't any
2333 * processes that still think tty or o_tty is their controlling
2334 * tty.
2335 */
2336 if (tty_closing || o_tty_closing) {
2337 struct task_struct *p;
2338
2339 read_lock(&tasklist_lock);
2340 do_each_task_pid(tty->session, PIDTYPE_SID, p) {
2341 p->signal->tty = NULL;
2342 } while_each_task_pid(tty->session, PIDTYPE_SID, p);
2343 if (o_tty)
2344 do_each_task_pid(o_tty->session, PIDTYPE_SID, p) {
2345 p->signal->tty = NULL;
2346 } while_each_task_pid(o_tty->session, PIDTYPE_SID, p);
2347 read_unlock(&tasklist_lock);
2348 }
2349
70522e12 2350 mutex_unlock(&tty_mutex);
da965822 2351
1da177e4
LT		 2352 /* check whether both sides are closing ... */
2353 if (!tty_closing || (o_tty && !o_tty_closing))
2354 return;
2355
2356#ifdef TTY_DEBUG_HANGUP
2357 printk(KERN_DEBUG "freeing tty structure...");
2358#endif
2359 /*
2360 * Prevent flush_to_ldisc() from rescheduling the work for later. Then
2361 * kill any delayed work. As this is the final close it does not
2362 * race with the set_ldisc code path.
2363 */
2364 clear_bit(TTY_LDISC, &tty->flags);
33f0f88f 2365 cancel_delayed_work(&tty->buf.work);
1da177e4
LT		 2366
2367 /*
33f0f88f 2368 * Wait for ->hangup_work and ->buf.work handlers to terminate
1da177e4
LT		 2369 */
2370
2371 flush_scheduled_work();
2372
2373 /*
2374 * Wait for any short term users (we know they are just driver
2375 * side waiters as the file is closing so user count on the file
2376 * side is zero.
2377 */
2378 spin_lock_irqsave(&tty_ldisc_lock, flags);
2379 while(tty->ldisc.refcount)
2380 {
2381 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
2382 wait_event(tty_ldisc_wait, tty->ldisc.refcount == 0);
2383 spin_lock_irqsave(&tty_ldisc_lock, flags);
2384 }
2385 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
2386 /*
2387 * Shutdown the current line discipline, and reset it to N_TTY.
2388 * N.B. why reset ldisc when we're releasing the memory??
2389 *
2390 * FIXME: this MUST get fixed for the new reflocking
2391 */
2392 if (tty->ldisc.close)
2393 (tty->ldisc.close)(tty);
2394 tty_ldisc_put(tty->ldisc.num);
2395
2396 /*
2397 * Switch the line discipline back
2398 */
2399 tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
2400 tty_set_termios_ldisc(tty,N_TTY);
2401 if (o_tty) {
2402 /* FIXME: could o_tty be in setldisc here ? */
2403 clear_bit(TTY_LDISC, &o_tty->flags);
2404 if (o_tty->ldisc.close)
2405 (o_tty->ldisc.close)(o_tty);
2406 tty_ldisc_put(o_tty->ldisc.num);
2407 tty_ldisc_assign(o_tty, tty_ldisc_get(N_TTY));
2408 tty_set_termios_ldisc(o_tty,N_TTY);
2409 }
2410 /*
2411 * The release_mem function takes care of the details of clearing
2412 * the slots and preserving the termios structure.
2413 */
2414 release_mem(tty, idx);
2415
2416#ifdef CONFIG_UNIX98_PTYS
2417 /* Make this pty number available for reallocation */
2418 if (devpts) {
2419 down(&allocated_ptys_lock);
2420 idr_remove(&allocated_ptys, idx);
2421 up(&allocated_ptys_lock);
2422 }
2423#endif
2424
2425}
2426
af9b897e
AC		 2427/**
2428 * tty_open - open a tty device
2429 * @inode: inode of device file
2430 * @filp: file pointer to tty
1da177e4 2431 *
af9b897e
AC		 2432 * tty_open and tty_release keep up the tty count that contains the
2433 * number of opens done on a tty. We cannot use the inode-count, as
2434 * different inodes might point to the same tty.
1da177e4 2435 *
af9b897e
AC		 2436 * Open-counting is needed for pty masters, as well as for keeping
2437 * track of serial lines: DTR is dropped when the last close happens.
2438 * (This is not done solely through tty->count, now. - Ted 1/27/92)
2439 *
2440 * The termios state of a pty is reset on first open so that
2441 * settings don't persist across reuse.
2442 *
2443 * Locking: tty_mutex protects current->signal->tty, get_tty_driver and
2444 * init_dev work. tty->count should protect the rest.
2445 * task_lock is held to update task details for sessions
1da177e4 2446 */
af9b897e 2447
1da177e4
LT		 2448static int tty_open(struct inode * inode, struct file * filp)
2449{
2450 struct tty_struct *tty;
2451 int noctty, retval;
2452 struct tty_driver *driver;
2453 int index;
2454 dev_t device = inode->i_rdev;
2455 unsigned short saved_flags = filp->f_flags;
2456
2457 nonseekable_open(inode, filp);
2458
2459retry_open:
2460 noctty = filp->f_flags & O_NOCTTY;
2461 index = -1;
2462 retval = 0;
2463
70522e12 2464 mutex_lock(&tty_mutex);
1da177e4
LT		 2465
2466 if (device == MKDEV(TTYAUX_MAJOR,0)) {
2467 if (!current->signal->tty) {
70522e12 2468 mutex_unlock(&tty_mutex);
1da177e4
LT		 2469 return -ENXIO;
2470 }
2471 driver = current->signal->tty->driver;
2472 index = current->signal->tty->index;
2473 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
2474 /* noctty = 1; */
2475 goto got_driver;
2476 }
2477#ifdef CONFIG_VT
2478 if (device == MKDEV(TTY_MAJOR,0)) {
2479 extern struct tty_driver *console_driver;
2480 driver = console_driver;
2481 index = fg_console;
2482 noctty = 1;
2483 goto got_driver;
2484 }
2485#endif
2486 if (device == MKDEV(TTYAUX_MAJOR,1)) {
2487 driver = console_device(&index);
2488 if (driver) {
2489 /* Don't let /dev/console block */
2490 filp->f_flags |= O_NONBLOCK;
2491 noctty = 1;
2492 goto got_driver;
2493 }
70522e12 2494 mutex_unlock(&tty_mutex);
1da177e4
LT		 2495 return -ENODEV;
2496 }
2497
2498 driver = get_tty_driver(device, &index);
2499 if (!driver) {
70522e12 2500 mutex_unlock(&tty_mutex);
1da177e4
LT		 2501 return -ENODEV;
2502 }
2503got_driver:
2504 retval = init_dev(driver, index, &tty);
70522e12 2505 mutex_unlock(&tty_mutex);
1da177e4
LT		 2506 if (retval)
2507 return retval;
2508
2509 filp->private_data = tty;
2510 file_move(filp, &tty->tty_files);
2511 check_tty_count(tty, "tty_open");
2512 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2513 tty->driver->subtype == PTY_TYPE_MASTER)
2514 noctty = 1;
2515#ifdef TTY_DEBUG_HANGUP
2516 printk(KERN_DEBUG "opening %s...", tty->name);
2517#endif
2518 if (!retval) {
2519 if (tty->driver->open)
2520 retval = tty->driver->open(tty, filp);
2521 else
2522 retval = -ENODEV;
2523 }
2524 filp->f_flags = saved_flags;
2525
2526 if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN))
2527 retval = -EBUSY;
2528
2529 if (retval) {
2530#ifdef TTY_DEBUG_HANGUP
2531 printk(KERN_DEBUG "error %d in opening %s...", retval,
2532 tty->name);
2533#endif
2534 release_dev(filp);
2535 if (retval != -ERESTARTSYS)
2536 return retval;
2537 if (signal_pending(current))
2538 return retval;
2539 schedule();
2540 /*
2541 * Need to reset f_op in case a hangup happened.
2542 */
2543 if (filp->f_op == &hung_up_tty_fops)
2544 filp->f_op = &tty_fops;
2545 goto retry_open;
2546 }
2547 if (!noctty &&
2548 current->signal->leader &&
2549 !current->signal->tty &&
2550 tty->session == 0) {
2551 task_lock(current);
2552 current->signal->tty = tty;
2553 task_unlock(current);
2554 current->signal->tty_old_pgrp = 0;
2555 tty->session = current->signal->session;
2556 tty->pgrp = process_group(current);
2557 }
2558 return 0;
2559}
2560
2561#ifdef CONFIG_UNIX98_PTYS
af9b897e
AC		 2562/**
2563 * ptmx_open - open a unix 98 pty master
2564 * @inode: inode of device file
2565 * @filp: file pointer to tty
2566 *
2567 * Allocate a unix98 pty master device from the ptmx driver.
2568 *
2569 * Locking: tty_mutex protects theinit_dev work. tty->count should
2570 protect the rest.
2571 * allocated_ptys_lock handles the list of free pty numbers
2572 */
2573
1da177e4
LT		 2574static int ptmx_open(struct inode * inode, struct file * filp)
2575{
2576 struct tty_struct *tty;
2577 int retval;
2578 int index;
2579 int idr_ret;
2580
2581 nonseekable_open(inode, filp);
2582
2583 /* find a device that is not in use. */
2584 down(&allocated_ptys_lock);
2585 if (!idr_pre_get(&allocated_ptys, GFP_KERNEL)) {
2586 up(&allocated_ptys_lock);
2587 return -ENOMEM;
2588 }
2589 idr_ret = idr_get_new(&allocated_ptys, NULL, &index);
2590 if (idr_ret < 0) {
2591 up(&allocated_ptys_lock);
2592 if (idr_ret == -EAGAIN)
2593 return -ENOMEM;
2594 return -EIO;
2595 }
2596 if (index >= pty_limit) {
2597 idr_remove(&allocated_ptys, index);
2598 up(&allocated_ptys_lock);
2599 return -EIO;
2600 }
2601 up(&allocated_ptys_lock);
2602
70522e12 2603 mutex_lock(&tty_mutex);
1da177e4 2604 retval = init_dev(ptm_driver, index, &tty);
70522e12 2605 mutex_unlock(&tty_mutex);
1da177e4
LT		 2606
2607 if (retval)
2608 goto out;
2609
2610 set_bit(TTY_PTY_LOCK, &tty->flags); /* LOCK THE SLAVE */
2611 filp->private_data = tty;
2612 file_move(filp, &tty->tty_files);
2613
2614 retval = -ENOMEM;
2615 if (devpts_pty_new(tty->link))
2616 goto out1;
2617
2618 check_tty_count(tty, "tty_open");
2619 retval = ptm_driver->open(tty, filp);
2620 if (!retval)
2621 return 0;
2622out1:
2623 release_dev(filp);
9453a5ad 2624 return retval;
1da177e4
LT		 2625out:
2626 down(&allocated_ptys_lock);
2627 idr_remove(&allocated_ptys, index);
2628 up(&allocated_ptys_lock);
2629 return retval;
2630}
2631#endif
2632
af9b897e
AC		 2633/**
2634 * tty_release - vfs callback for close
2635 * @inode: inode of tty
2636 * @filp: file pointer for handle to tty
2637 *
2638 * Called the last time each file handle is closed that references
2639 * this tty. There may however be several such references.
2640 *
2641 * Locking:
2642 * Takes bkl. See release_dev
2643 */
2644
1da177e4
LT		 2645static int tty_release(struct inode * inode, struct file * filp)
2646{
2647 lock_kernel();
2648 release_dev(filp);
2649 unlock_kernel();
2650 return 0;
2651}
2652
af9b897e
AC		 2653/**
2654 * tty_poll - check tty status
2655 * @filp: file being polled
2656 * @wait: poll wait structures to update
2657 *
2658 * Call the line discipline polling method to obtain the poll
2659 * status of the device.
2660 *
2661 * Locking: locks called line discipline but ldisc poll method
2662 * may be re-entered freely by other callers.
2663 */
2664
1da177e4
LT		 2665static unsigned int tty_poll(struct file * filp, poll_table * wait)
2666{
2667 struct tty_struct * tty;
2668 struct tty_ldisc *ld;
2669 int ret = 0;
2670
2671 tty = (struct tty_struct *)filp->private_data;
2672 if (tty_paranoia_check(tty, filp->f_dentry->d_inode, "tty_poll"))
2673 return 0;
2674
2675 ld = tty_ldisc_ref_wait(tty);
2676 if (ld->poll)
2677 ret = (ld->poll)(tty, filp, wait);
2678 tty_ldisc_deref(ld);
2679 return ret;
2680}
2681
2682static int tty_fasync(int fd, struct file * filp, int on)
2683{
2684 struct tty_struct * tty;
2685 int retval;
2686
2687 tty = (struct tty_struct *)filp->private_data;
2688 if (tty_paranoia_check(tty, filp->f_dentry->d_inode, "tty_fasync"))
2689 return 0;
2690
2691 retval = fasync_helper(fd, filp, on, &tty->fasync);
2692 if (retval <= 0)
2693 return retval;
2694
2695 if (on) {
2696 if (!waitqueue_active(&tty->read_wait))
2697 tty->minimum_to_wake = 1;
2698 retval = f_setown(filp, (-tty->pgrp) ? : current->pid, 0);
2699 if (retval)
2700 return retval;
2701 } else {
2702 if (!tty->fasync && !waitqueue_active(&tty->read_wait))
2703 tty->minimum_to_wake = N_TTY_BUF_SIZE;
2704 }
2705 return 0;
2706}
2707
af9b897e
AC		 2708/**
2709 * tiocsti - fake input character
2710 * @tty: tty to fake input into
2711 * @p: pointer to character
2712 *
2713 * Fake input to a tty device. Does the neccessary locking and
2714 * input management.
2715 *
2716 * FIXME: does not honour flow control ??
2717 *
2718 * Locking:
2719 * Called functions take tty_ldisc_lock
2720 * current->signal->tty check is safe without locks
2721 */
2722
1da177e4
LT		 2723static int tiocsti(struct tty_struct *tty, char __user *p)
2724{
2725 char ch, mbz = 0;
2726 struct tty_ldisc *ld;
2727
2728 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2729 return -EPERM;
2730 if (get_user(ch, p))
2731 return -EFAULT;
2732 ld = tty_ldisc_ref_wait(tty);
2733 ld->receive_buf(tty, &ch, &mbz, 1);
2734 tty_ldisc_deref(ld);
2735 return 0;
2736}
2737
af9b897e
AC		 2738/**
2739 * tiocgwinsz - implement window query ioctl
2740 * @tty; tty
2741 * @arg: user buffer for result
2742 *
808a0d38 2743 * Copies the kernel idea of the window size into the user buffer.
af9b897e 2744 *
808a0d38
AC		 2745 * Locking: tty->termios_sem is taken to ensure the winsize data
2746 * is consistent.
af9b897e
AC		 2747 */
2748
1da177e4
LT		 2749static int tiocgwinsz(struct tty_struct *tty, struct winsize __user * arg)
2750{
808a0d38
AC		 2751 int err;
2752
5785c95b 2753 mutex_lock(&tty->termios_mutex);
808a0d38 2754 err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
5785c95b 2755 mutex_unlock(&tty->termios_mutex);
808a0d38
AC		 2756
2757 return err ? -EFAULT: 0;
1da177e4
LT		 2758}
2759
af9b897e
AC		 2760/**
2761 * tiocswinsz - implement window size set ioctl
2762 * @tty; tty
2763 * @arg: user buffer for result
2764 *
2765 * Copies the user idea of the window size to the kernel. Traditionally
2766 * this is just advisory information but for the Linux console it
2767 * actually has driver level meaning and triggers a VC resize.
2768 *
2769 * Locking:
ca9bda00
AC		 2770 * Called function use the console_sem is used to ensure we do
2771 * not try and resize the console twice at once.
2772 * The tty->termios_sem is used to ensure we don't double
2773 * resize and get confused. Lock order - tty->termios.sem before
2774 * console sem
af9b897e
AC		 2775 */
2776
1da177e4
LT		 2777static int tiocswinsz(struct tty_struct *tty, struct tty_struct *real_tty,
2778 struct winsize __user * arg)
2779{
2780 struct winsize tmp_ws;
2781
2782 if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2783 return -EFAULT;
ca9bda00 2784
5785c95b 2785 mutex_lock(&tty->termios_mutex);
1da177e4 2786 if (!memcmp(&tmp_ws, &tty->winsize, sizeof(*arg)))
ca9bda00
AC		 2787 goto done;
2788
1da177e4
LT		 2789#ifdef CONFIG_VT
2790 if (tty->driver->type == TTY_DRIVER_TYPE_CONSOLE) {
5785c95b
AV		 2791 if (vc_lock_resize(tty->driver_data, tmp_ws.ws_col,
2792 tmp_ws.ws_row)) {
2793 mutex_unlock(&tty->termios_mutex);
ca9bda00
AC		 2794 return -ENXIO;
2795 }
1da177e4
LT		 2796 }
2797#endif
2798 if (tty->pgrp > 0)
2799 kill_pg(tty->pgrp, SIGWINCH, 1);
2800 if ((real_tty->pgrp != tty->pgrp) && (real_tty->pgrp > 0))
2801 kill_pg(real_tty->pgrp, SIGWINCH, 1);
2802 tty->winsize = tmp_ws;
2803 real_tty->winsize = tmp_ws;
ca9bda00 2804done:
5785c95b 2805 mutex_unlock(&tty->termios_mutex);
1da177e4
LT		 2806 return 0;
2807}
2808
af9b897e
AC		 2809/**
2810 * tioccons - allow admin to move logical console
2811 * @file: the file to become console
2812 *
2813 * Allow the adminstrator to move the redirected console device
2814 *
2815 * Locking: uses redirect_lock to guard the redirect information
2816 */
2817
1da177e4
LT		 2818static int tioccons(struct file *file)
2819{
2820 if (!capable(CAP_SYS_ADMIN))
2821 return -EPERM;
2822 if (file->f_op->write == redirected_tty_write) {
2823 struct file *f;
2824 spin_lock(&redirect_lock);
2825 f = redirect;
2826 redirect = NULL;
2827 spin_unlock(&redirect_lock);
2828 if (f)
2829 fput(f);
2830 return 0;
2831 }
2832 spin_lock(&redirect_lock);
2833 if (redirect) {
2834 spin_unlock(&redirect_lock);
2835 return -EBUSY;
2836 }
2837 get_file(file);
2838 redirect = file;
2839 spin_unlock(&redirect_lock);
2840 return 0;
2841}
2842
af9b897e
AC		 2843/**
2844 * fionbio - non blocking ioctl
2845 * @file: file to set blocking value
2846 * @p: user parameter
2847 *
2848 * Historical tty interfaces had a blocking control ioctl before
2849 * the generic functionality existed. This piece of history is preserved
2850 * in the expected tty API of posix OS's.
2851 *
2852 * Locking: none, the open fle handle ensures it won't go away.
2853 */
1da177e4
LT		 2854
2855static int fionbio(struct file *file, int __user *p)
2856{
2857 int nonblock;
2858
2859 if (get_user(nonblock, p))
2860 return -EFAULT;
2861
2862 if (nonblock)
2863 file->f_flags |= O_NONBLOCK;
2864 else
2865 file->f_flags &= ~O_NONBLOCK;
2866 return 0;
2867}
2868
af9b897e
AC		 2869/**
2870 * tiocsctty - set controlling tty
2871 * @tty: tty structure
2872 * @arg: user argument
2873 *
2874 * This ioctl is used to manage job control. It permits a session
2875 * leader to set this tty as the controlling tty for the session.
2876 *
2877 * Locking:
2878 * Takes tasklist lock internally to walk sessions
2879 * Takes task_lock() when updating signal->tty
2880 *
2881 * FIXME: tty_mutex is needed to protect signal->tty references.
2882 * FIXME: why task_lock on the signal->tty reference ??
2883 *
2884 */
2885
1da177e4
LT		 2886static int tiocsctty(struct tty_struct *tty, int arg)
2887{
36c8b586 2888 struct task_struct *p;
1da177e4
LT		 2889
2890 if (current->signal->leader &&
2891 (current->signal->session == tty->session))
2892 return 0;
2893 /*
2894 * The process must be a session leader and
2895 * not have a controlling tty already.
2896 */
2897 if (!current->signal->leader || current->signal->tty)
2898 return -EPERM;
2899 if (tty->session > 0) {
2900 /*
2901 * This tty is already the controlling
2902 * tty for another session group!
2903 */
2904 if ((arg == 1) && capable(CAP_SYS_ADMIN)) {
2905 /*
2906 * Steal it away
2907 */
2908
2909 read_lock(&tasklist_lock);
2910 do_each_task_pid(tty->session, PIDTYPE_SID, p) {
2911 p->signal->tty = NULL;
2912 } while_each_task_pid(tty->session, PIDTYPE_SID, p);
2913 read_unlock(&tasklist_lock);
2914 } else
2915 return -EPERM;
2916 }
2917 task_lock(current);
2918 current->signal->tty = tty;
2919 task_unlock(current);
2920 current->signal->tty_old_pgrp = 0;
2921 tty->session = current->signal->session;
2922 tty->pgrp = process_group(current);
2923 return 0;
2924}
2925
af9b897e
AC		 2926/**
2927 * tiocgpgrp - get process group
2928 * @tty: tty passed by user
2929 * @real_tty: tty side of the tty pased by the user if a pty else the tty
2930 * @p: returned pid
2931 *
2932 * Obtain the process group of the tty. If there is no process group
2933 * return an error.
2934 *
2935 * Locking: none. Reference to ->signal->tty is safe.
2936 */
2937
1da177e4
LT		 2938static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2939{
2940 /*
2941 * (tty == real_tty) is a cheap way of
2942 * testing if the tty is NOT a master pty.
2943 */
2944 if (tty == real_tty && current->signal->tty != real_tty)
2945 return -ENOTTY;
2946 return put_user(real_tty->pgrp, p);
2947}
2948
af9b897e
AC		 2949/**
2950 * tiocspgrp - attempt to set process group
2951 * @tty: tty passed by user
2952 * @real_tty: tty side device matching tty passed by user
2953 * @p: pid pointer
2954 *
2955 * Set the process group of the tty to the session passed. Only
2956 * permitted where the tty session is our session.
2957 *
2958 * Locking: None
2959 *
2960 * FIXME: current->signal->tty referencing is unsafe.
2961 */
2962
1da177e4
LT		 2963static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2964{
2965 pid_t pgrp;
2966 int retval = tty_check_change(real_tty);
2967
2968 if (retval == -EIO)
2969 return -ENOTTY;
2970 if (retval)
2971 return retval;
2972 if (!current->signal->tty ||
2973 (current->signal->tty != real_tty) ||
2974 (real_tty->session != current->signal->session))
2975 return -ENOTTY;
2976 if (get_user(pgrp, p))
2977 return -EFAULT;
2978 if (pgrp < 0)
2979 return -EINVAL;
2980 if (session_of_pgrp(pgrp) != current->signal->session)
2981 return -EPERM;
2982 real_tty->pgrp = pgrp;
2983 return 0;
2984}
2985
af9b897e
AC		 2986/**
2987 * tiocgsid - get session id
2988 * @tty: tty passed by user
2989 * @real_tty: tty side of the tty pased by the user if a pty else the tty
2990 * @p: pointer to returned session id
2991 *
2992 * Obtain the session id of the tty. If there is no session
2993 * return an error.
2994 *
2995 * Locking: none. Reference to ->signal->tty is safe.
2996 */
2997
1da177e4
LT		 2998static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2999{
3000 /*
3001 * (tty == real_tty) is a cheap way of
3002 * testing if the tty is NOT a master pty.
3003 */
3004 if (tty == real_tty && current->signal->tty != real_tty)
3005 return -ENOTTY;
3006 if (real_tty->session <= 0)
3007 return -ENOTTY;
3008 return put_user(real_tty->session, p);
3009}
3010
af9b897e
AC		 3011/**
3012 * tiocsetd - set line discipline
3013 * @tty: tty device
3014 * @p: pointer to user data
3015 *
3016 * Set the line discipline according to user request.
3017 *
3018 * Locking: see tty_set_ldisc, this function is just a helper
3019 */
3020
1da177e4
LT		 3021static int tiocsetd(struct tty_struct *tty, int __user *p)
3022{
3023 int ldisc;
3024
3025 if (get_user(ldisc, p))
3026 return -EFAULT;
3027 return tty_set_ldisc(tty, ldisc);
3028}
3029
af9b897e
AC		 3030/**
3031 * send_break - performed time break
3032 * @tty: device to break on
3033 * @duration: timeout in mS
3034 *
3035 * Perform a timed break on hardware that lacks its own driver level
3036 * timed break functionality.
3037 *
3038 * Locking:
3039 * None
3040 *
3041 * FIXME:
3042 * What if two overlap
3043 */
3044
b20f3ae5 3045static int send_break(struct tty_struct *tty, unsigned int duration)
1da177e4
LT		 3046{
3047 tty->driver->break_ctl(tty, -1);
3048 if (!signal_pending(current)) {
b20f3ae5 3049 msleep_interruptible(duration);
1da177e4
LT		 3050 }
3051 tty->driver->break_ctl(tty, 0);
3052 if (signal_pending(current))
3053 return -EINTR;
3054 return 0;
3055}
3056
af9b897e
AC		 3057/**
3058 * tiocmget - get modem status
3059 * @tty: tty device
3060 * @file: user file pointer
3061 * @p: pointer to result
3062 *
3063 * Obtain the modem status bits from the tty driver if the feature
3064 * is supported. Return -EINVAL if it is not available.
3065 *
3066 * Locking: none (up to the driver)
3067 */
3068
3069static int tty_tiocmget(struct tty_struct *tty, struct file *file, int __user *p)
1da177e4
LT		 3070{
3071 int retval = -EINVAL;
3072
3073 if (tty->driver->tiocmget) {
3074 retval = tty->driver->tiocmget(tty, file);
3075
3076 if (retval >= 0)
3077 retval = put_user(retval, p);
3078 }
3079 return retval;
3080}
3081
af9b897e
AC		 3082/**
3083 * tiocmset - set modem status
3084 * @tty: tty device
3085 * @file: user file pointer
3086 * @cmd: command - clear bits, set bits or set all
3087 * @p: pointer to desired bits
3088 *
3089 * Set the modem status bits from the tty driver if the feature
3090 * is supported. Return -EINVAL if it is not available.
3091 *
3092 * Locking: none (up to the driver)
3093 */
3094
3095static int tty_tiocmset(struct tty_struct *tty, struct file *file, unsigned int cmd,
1da177e4
LT		 3096 unsigned __user *p)
3097{
3098 int retval = -EINVAL;
3099
3100 if (tty->driver->tiocmset) {
3101 unsigned int set, clear, val;
3102
3103 retval = get_user(val, p);
3104 if (retval)
3105 return retval;
3106
3107 set = clear = 0;
3108 switch (cmd) {
3109 case TIOCMBIS:
3110 set = val;
3111 break;
3112 case TIOCMBIC:
3113 clear = val;
3114 break;
3115 case TIOCMSET:
3116 set = val;
3117 clear = ~val;
3118 break;
3119 }
3120
3121 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
3122 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
3123
3124 retval = tty->driver->tiocmset(tty, file, set, clear);
3125 }
3126 return retval;
3127}
3128
3129/*
3130 * Split this up, as gcc can choke on it otherwise..
3131 */
3132int tty_ioctl(struct inode * inode, struct file * file,
3133 unsigned int cmd, unsigned long arg)
3134{
3135 struct tty_struct *tty, *real_tty;
3136 void __user *p = (void __user *)arg;
3137 int retval;
3138 struct tty_ldisc *ld;
3139
3140 tty = (struct tty_struct *)file->private_data;
3141 if (tty_paranoia_check(tty, inode, "tty_ioctl"))
3142 return -EINVAL;
3143
3144 real_tty = tty;
3145 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
3146 tty->driver->subtype == PTY_TYPE_MASTER)
3147 real_tty = tty->link;
3148
3149 /*
3150 * Break handling by driver
3151 */
3152 if (!tty->driver->break_ctl) {
3153 switch(cmd) {
3154 case TIOCSBRK:
3155 case TIOCCBRK:
3156 if (tty->driver->ioctl)
3157 return tty->driver->ioctl(tty, file, cmd, arg);
3158 return -EINVAL;
3159
3160 /* These two ioctl's always return success; even if */
3161 /* the driver doesn't support them. */
3162 case TCSBRK:
3163 case TCSBRKP:
3164 if (!tty->driver->ioctl)
3165 return 0;
3166 retval = tty->driver->ioctl(tty, file, cmd, arg);
3167 if (retval == -ENOIOCTLCMD)
3168 retval = 0;
3169 return retval;
3170 }
3171 }
3172
3173 /*
3174 * Factor out some common prep work
3175 */
3176 switch (cmd) {
3177 case TIOCSETD:
3178 case TIOCSBRK:
3179 case TIOCCBRK:
3180 case TCSBRK:
3181 case TCSBRKP:
3182 retval = tty_check_change(tty);
3183 if (retval)
3184 return retval;
3185 if (cmd != TIOCCBRK) {
3186 tty_wait_until_sent(tty, 0);
3187 if (signal_pending(current))
3188 return -EINTR;
3189 }
3190 break;
3191 }
3192
3193 switch (cmd) {
3194 case TIOCSTI:
3195 return tiocsti(tty, p);
3196 case TIOCGWINSZ:
3197 return tiocgwinsz(tty, p);
3198 case TIOCSWINSZ:
3199 return tiocswinsz(tty, real_tty, p);
3200 case TIOCCONS:
3201 return real_tty!=tty ? -EINVAL : tioccons(file);
3202 case FIONBIO:
3203 return fionbio(file, p);
3204 case TIOCEXCL:
3205 set_bit(TTY_EXCLUSIVE, &tty->flags);
3206 return 0;
3207 case TIOCNXCL:
3208 clear_bit(TTY_EXCLUSIVE, &tty->flags);
3209 return 0;
3210 case TIOCNOTTY:
af9b897e 3211 /* FIXME: taks lock or tty_mutex ? */
1da177e4
LT		 3212 if (current->signal->tty != tty)
3213 return -ENOTTY;
3214 if (current->signal->leader)
3215 disassociate_ctty(0);
3216 task_lock(current);
3217 current->signal->tty = NULL;
3218 task_unlock(current);
3219 return 0;
3220 case TIOCSCTTY:
3221 return tiocsctty(tty, arg);
3222 case TIOCGPGRP:
3223 return tiocgpgrp(tty, real_tty, p);
3224 case TIOCSPGRP:
3225 return tiocspgrp(tty, real_tty, p);
3226 case TIOCGSID:
3227 return tiocgsid(tty, real_tty, p);
3228 case TIOCGETD:
3229 /* FIXME: check this is ok */
3230 return put_user(tty->ldisc.num, (int __user *)p);
3231 case TIOCSETD:
3232 return tiocsetd(tty, p);
3233#ifdef CONFIG_VT
3234 case TIOCLINUX:
3235 return tioclinux(tty, arg);
3236#endif
3237 /*
3238 * Break handling
3239 */
3240 case TIOCSBRK: /* Turn break on, unconditionally */
3241 tty->driver->break_ctl(tty, -1);
3242 return 0;
3243
3244 case TIOCCBRK: /* Turn break off, unconditionally */
3245 tty->driver->break_ctl(tty, 0);
3246 return 0;
3247 case TCSBRK: /* SVID version: non-zero arg --> no break */
283fef59
PF		 3248 /* non-zero arg means wait for all output data
3249 * to be sent (performed above) but don't send break.
3250 * This is used by the tcdrain() termios function.
1da177e4
LT		 3251 */
3252 if (!arg)
b20f3ae5 3253 return send_break(tty, 250);
1da177e4
LT		 3254 return 0;
3255 case TCSBRKP: /* support for POSIX tcsendbreak() */
b20f3ae5 3256 return send_break(tty, arg ? arg*100 : 250);
1da177e4
LT		 3257
3258 case TIOCMGET:
3259 return tty_tiocmget(tty, file, p);
3260
3261 case TIOCMSET:
3262 case TIOCMBIC:
3263 case TIOCMBIS:
3264 return tty_tiocmset(tty, file, cmd, p);
3265 }
3266 if (tty->driver->ioctl) {
3267 retval = (tty->driver->ioctl)(tty, file, cmd, arg);
3268 if (retval != -ENOIOCTLCMD)
3269 return retval;
3270 }
3271 ld = tty_ldisc_ref_wait(tty);
3272 retval = -EINVAL;
3273 if (ld->ioctl) {
3274 retval = ld->ioctl(tty, file, cmd, arg);
3275 if (retval == -ENOIOCTLCMD)
3276 retval = -EINVAL;
3277 }
3278 tty_ldisc_deref(ld);
3279 return retval;
3280}
3281
3282
3283/*
3284 * This implements the "Secure Attention Key" --- the idea is to
3285 * prevent trojan horses by killing all processes associated with this
3286 * tty when the user hits the "Secure Attention Key". Required for
3287 * super-paranoid applications --- see the Orange Book for more details.
3288 *
3289 * This code could be nicer; ideally it should send a HUP, wait a few
3290 * seconds, then send a INT, and then a KILL signal. But you then
3291 * have to coordinate with the init process, since all processes associated
3292 * with the current tty must be dead before the new getty is allowed
3293 * to spawn.
3294 *
3295 * Now, if it would be correct ;-/ The current code has a nasty hole -
3296 * it doesn't catch files in flight. We may send the descriptor to ourselves
3297 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
3298 *
3299 * Nasty bug: do_SAK is being called in interrupt context. This can
3300 * deadlock. We punt it up to process context. AKPM - 16Mar2001
3301 */
3302static void __do_SAK(void *arg)
3303{
3304#ifdef TTY_SOFT_SAK
3305 tty_hangup(tty);
3306#else
3307 struct tty_struct *tty = arg;
652486fb 3308 struct task_struct *g, *p;
1da177e4
LT		 3309 int session;
3310 int i;
3311 struct file *filp;
3312 struct tty_ldisc *disc;
badf1662 3313 struct fdtable *fdt;
1da177e4
LT		 3314
3315 if (!tty)
3316 return;
3317 session = tty->session;
3318
3319 /* We don't want an ldisc switch during this */
3320 disc = tty_ldisc_ref(tty);
3321 if (disc && disc->flush_buffer)
3322 disc->flush_buffer(tty);
3323 tty_ldisc_deref(disc);
3324
3325 if (tty->driver->flush_buffer)
3326 tty->driver->flush_buffer(tty);
3327
3328 read_lock(&tasklist_lock);
652486fb 3329 /* Kill the entire session */
1da177e4 3330 do_each_task_pid(session, PIDTYPE_SID, p) {
652486fb
EB		 3331 printk(KERN_NOTICE "SAK: killed process %d"
3332 " (%s): p->signal->session==tty->session\n",
3333 p->pid, p->comm);
3334 send_sig(SIGKILL, p, 1);
3335 } while_each_task_pid(session, PIDTYPE_SID, p);
3336 /* Now kill any processes that happen to have the
3337 * tty open.
3338 */
3339 do_each_thread(g, p) {
3340 if (p->signal->tty == tty) {
1da177e4
LT		 3341 printk(KERN_NOTICE "SAK: killed process %d"
3342 " (%s): p->signal->session==tty->session\n",
3343 p->pid, p->comm);
3344 send_sig(SIGKILL, p, 1);
3345 continue;
3346 }
3347 task_lock(p);
3348 if (p->files) {
ca99c1da
DS		 3349 /*
3350 * We don't take a ref to the file, so we must
3351 * hold ->file_lock instead.
3352 */
3353 spin_lock(&p->files->file_lock);
badf1662
DS		 3354 fdt = files_fdtable(p->files);
3355 for (i=0; i < fdt->max_fds; i++) {
1da177e4
LT		 3356 filp = fcheck_files(p->files, i);
3357 if (!filp)
3358 continue;
3359 if (filp->f_op->read == tty_read &&
3360 filp->private_data == tty) {
3361 printk(KERN_NOTICE "SAK: killed process %d"
3362 " (%s): fd#%d opened to the tty\n",
3363 p->pid, p->comm, i);
20ac9437 3364 force_sig(SIGKILL, p);
1da177e4
LT		 3365 break;
3366 }
3367 }
ca99c1da 3368 spin_unlock(&p->files->file_lock);
1da177e4
LT		 3369 }
3370 task_unlock(p);
652486fb 3371 } while_each_thread(g, p);
1da177e4
LT		 3372 read_unlock(&tasklist_lock);
3373#endif
3374}
3375
3376/*
3377 * The tq handling here is a little racy - tty->SAK_work may already be queued.
3378 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3379 * the values which we write to it will be identical to the values which it
3380 * already has. --akpm
3381 */
3382void do_SAK(struct tty_struct *tty)
3383{
3384 if (!tty)
3385 return;
3386 PREPARE_WORK(&tty->SAK_work, __do_SAK, tty);
3387 schedule_work(&tty->SAK_work);
3388}
3389
3390EXPORT_SYMBOL(do_SAK);
3391
af9b897e
AC		 3392/**
3393 * flush_to_ldisc
3394 * @private_: tty structure passed from work queue.
3395 *
3396 * This routine is called out of the software interrupt to flush data
3397 * from the buffer chain to the line discipline.
3398 *
3399 * Locking: holds tty->buf.lock to guard buffer list. Drops the lock
3400 * while invoking the line discipline receive_buf method. The
3401 * receive_buf method is single threaded for each tty instance.
1da177e4
LT		 3402 */
3403
3404static void flush_to_ldisc(void *private_)
3405{
3406 struct tty_struct *tty = (struct tty_struct *) private_;
1da177e4
LT		 3407 unsigned long flags;
3408 struct tty_ldisc *disc;
2c3bb20f 3409 struct tty_buffer *tbuf, *head;
8977d929
PF		 3410 char *char_buf;
3411 unsigned char *flag_buf;
1da177e4
LT		 3412
3413 disc = tty_ldisc_ref(tty);
3414 if (disc == NULL) /* !TTY_LDISC */
3415 return;
3416
808249ce 3417 spin_lock_irqsave(&tty->buf.lock, flags);
2c3bb20f
PF		 3418 head = tty->buf.head;
3419 if (head != NULL) {
3420 tty->buf.head = NULL;
3421 for (;;) {
3422 int count = head->commit - head->read;
3423 if (!count) {
3424 if (head->next == NULL)
3425 break;
3426 tbuf = head;
3427 head = head->next;
3428 tty_buffer_free(tty, tbuf);
3429 continue;
3430 }
3431 if (!tty->receive_room) {
3432 schedule_delayed_work(&tty->buf.work, 1);
3433 break;
3434 }
3435 if (count > tty->receive_room)
3436 count = tty->receive_room;
3437 char_buf = head->char_buf_ptr + head->read;
3438 flag_buf = head->flag_buf_ptr + head->read;
3439 head->read += count;
8977d929
PF		 3440 spin_unlock_irqrestore(&tty->buf.lock, flags);
3441 disc->receive_buf(tty, char_buf, flag_buf, count);
3442 spin_lock_irqsave(&tty->buf.lock, flags);
3443 }
2c3bb20f 3444 tty->buf.head = head;
33f0f88f 3445 }
808249ce 3446 spin_unlock_irqrestore(&tty->buf.lock, flags);
817d6d3b 3447
1da177e4
LT		 3448 tty_ldisc_deref(disc);
3449}
3450
3451/*
3452 * Routine which returns the baud rate of the tty
3453 *
3454 * Note that the baud_table needs to be kept in sync with the
3455 * include/asm/termbits.h file.
3456 */
3457static int baud_table[] = {
3458 0, 50, 75, 110, 134, 150, 200, 300, 600, 1200, 1800, 2400, 4800,
3459 9600, 19200, 38400, 57600, 115200, 230400, 460800,
3460#ifdef __sparc__
3461 76800, 153600, 307200, 614400, 921600
3462#else
3463 500000, 576000, 921600, 1000000, 1152000, 1500000, 2000000,
3464 2500000, 3000000, 3500000, 4000000
3465#endif
3466};
3467
3468static int n_baud_table = ARRAY_SIZE(baud_table);
3469
3470/**
3471 * tty_termios_baud_rate
3472 * @termios: termios structure
3473 *
3474 * Convert termios baud rate data into a speed. This should be called
3475 * with the termios lock held if this termios is a terminal termios
3476 * structure. May change the termios data.
af9b897e
AC		 3477 *
3478 * Locking: none
1da177e4
LT		 3479 */
3480
3481int tty_termios_baud_rate(struct termios *termios)
3482{
3483 unsigned int cbaud;
3484
3485 cbaud = termios->c_cflag & CBAUD;
3486
3487 if (cbaud & CBAUDEX) {
3488 cbaud &= ~CBAUDEX;
3489
3490 if (cbaud < 1 || cbaud + 15 > n_baud_table)
3491 termios->c_cflag &= ~CBAUDEX;
3492 else
3493 cbaud += 15;
3494 }
3495 return baud_table[cbaud];
3496}
3497
3498EXPORT_SYMBOL(tty_termios_baud_rate);
3499
3500/**
3501 * tty_get_baud_rate - get tty bit rates
3502 * @tty: tty to query
3503 *
3504 * Returns the baud rate as an integer for this terminal. The
3505 * termios lock must be held by the caller and the terminal bit
3506 * flags may be updated.
af9b897e
AC		 3507 *
3508 * Locking: none
1da177e4
LT		 3509 */
3510
3511int tty_get_baud_rate(struct tty_struct *tty)
3512{
3513 int baud = tty_termios_baud_rate(tty->termios);
3514
3515 if (baud == 38400 && tty->alt_speed) {
3516 if (!tty->warned) {
3517 printk(KERN_WARNING "Use of setserial/setrocket to "
3518 "set SPD_* flags is deprecated\n");
3519 tty->warned = 1;
3520 }
3521 baud = tty->alt_speed;
3522 }
3523
3524 return baud;
3525}
3526
3527EXPORT_SYMBOL(tty_get_baud_rate);
3528
3529/**
3530 * tty_flip_buffer_push - terminal
3531 * @tty: tty to push
3532 *
3533 * Queue a push of the terminal flip buffers to the line discipline. This
3534 * function must not be called from IRQ context if tty->low_latency is set.
3535 *
3536 * In the event of the queue being busy for flipping the work will be
3537 * held off and retried later.
af9b897e
AC		 3538 *
3539 * Locking: tty buffer lock. Driver locks in low latency mode.
1da177e4
LT		 3540 */
3541
3542void tty_flip_buffer_push(struct tty_struct *tty)
3543{
808249ce
PF		 3544 unsigned long flags;
3545 spin_lock_irqsave(&tty->buf.lock, flags);
33b37a33 3546 if (tty->buf.tail != NULL)
8977d929 3547 tty->buf.tail->commit = tty->buf.tail->used;
808249ce
PF		 3548 spin_unlock_irqrestore(&tty->buf.lock, flags);
3549
1da177e4
LT		 3550 if (tty->low_latency)
3551 flush_to_ldisc((void *) tty);
3552 else
33f0f88f 3553 schedule_delayed_work(&tty->buf.work, 1);
1da177e4
LT		 3554}
3555
3556EXPORT_SYMBOL(tty_flip_buffer_push);
3557
33f0f88f 3558
af9b897e
AC		 3559/**
3560 * initialize_tty_struct
3561 * @tty: tty to initialize
3562 *
3563 * This subroutine initializes a tty structure that has been newly
3564 * allocated.
3565 *
3566 * Locking: none - tty in question must not be exposed at this point
1da177e4 3567 */
af9b897e 3568
1da177e4
LT		 3569static void initialize_tty_struct(struct tty_struct *tty)
3570{
3571 memset(tty, 0, sizeof(struct tty_struct));
3572 tty->magic = TTY_MAGIC;
3573 tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
3574 tty->pgrp = -1;
3575 tty->overrun_time = jiffies;
33f0f88f
AC		 3576 tty->buf.head = tty->buf.tail = NULL;
3577 tty_buffer_init(tty);
3578 INIT_WORK(&tty->buf.work, flush_to_ldisc, tty);
3579 init_MUTEX(&tty->buf.pty_sem);
5785c95b 3580 mutex_init(&tty->termios_mutex);
1da177e4
LT		 3581 init_waitqueue_head(&tty->write_wait);
3582 init_waitqueue_head(&tty->read_wait);
3583 INIT_WORK(&tty->hangup_work, do_tty_hangup, tty);
70522e12
IM		 3584 mutex_init(&tty->atomic_read_lock);
3585 mutex_init(&tty->atomic_write_lock);
1da177e4
LT		 3586 spin_lock_init(&tty->read_lock);
3587 INIT_LIST_HEAD(&tty->tty_files);
3588 INIT_WORK(&tty->SAK_work, NULL, NULL);
3589}
3590
3591/*
3592 * The default put_char routine if the driver did not define one.
3593 */
af9b897e 3594
1da177e4
LT		 3595static void tty_default_put_char(struct tty_struct *tty, unsigned char ch)
3596{
3597 tty->driver->write(tty, &ch, 1);
3598}
3599
7fe845d1 3600static struct class *tty_class;
1da177e4
LT		 3601
3602/**
af9b897e
AC		 3603 * tty_register_device - register a tty device
3604 * @driver: the tty driver that describes the tty device
3605 * @index: the index in the tty driver for this tty device
3606 * @device: a struct device that is associated with this tty device.
3607 * This field is optional, if there is no known struct device
3608 * for this tty device it can be set to NULL safely.
1da177e4 3609 *
af9b897e 3610 * Returns a pointer to the class device (or ERR_PTR(-EFOO) on error).
1cdcb6b4 3611 *
af9b897e
AC		 3612 * This call is required to be made to register an individual tty device
3613 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3614 * that bit is not set, this function should not be called by a tty
3615 * driver.
3616 *
3617 * Locking: ??
1da177e4 3618 */
af9b897e 3619
1cdcb6b4
HL		 3620struct class_device *tty_register_device(struct tty_driver *driver,
3621 unsigned index, struct device *device)
1da177e4
LT		 3622{
3623 char name[64];
3624 dev_t dev = MKDEV(driver->major, driver->minor_start) + index;
3625
3626 if (index >= driver->num) {
3627 printk(KERN_ERR "Attempt to register invalid tty line number "
3628 " (%d).\n", index);
1cdcb6b4 3629 return ERR_PTR(-EINVAL);
1da177e4
LT		 3630 }
3631
1da177e4
LT		 3632 if (driver->type == TTY_DRIVER_TYPE_PTY)
3633 pty_line_name(driver, index, name);
3634 else
3635 tty_line_name(driver, index, name);
1cdcb6b4
HL		 3636
3637 return class_device_create(tty_class, NULL, dev, device, "%s", name);
1da177e4
LT		 3638}
3639
3640/**
af9b897e
AC		 3641 * tty_unregister_device - unregister a tty device
3642 * @driver: the tty driver that describes the tty device
3643 * @index: the index in the tty driver for this tty device
1da177e4 3644 *
af9b897e
AC		 3645 * If a tty device is registered with a call to tty_register_device() then
3646 * this function must be called when the tty device is gone.
3647 *
3648 * Locking: ??
1da177e4 3649 */
af9b897e 3650
1da177e4
LT		 3651void tty_unregister_device(struct tty_driver *driver, unsigned index)
3652{
7fe845d1 3653 class_device_destroy(tty_class, MKDEV(driver->major, driver->minor_start) + index);
1da177e4
LT		 3654}
3655
3656EXPORT_SYMBOL(tty_register_device);
3657EXPORT_SYMBOL(tty_unregister_device);
3658
3659struct tty_driver *alloc_tty_driver(int lines)
3660{
3661 struct tty_driver *driver;
3662
3663 driver = kmalloc(sizeof(struct tty_driver), GFP_KERNEL);
3664 if (driver) {
3665 memset(driver, 0, sizeof(struct tty_driver));
3666 driver->magic = TTY_DRIVER_MAGIC;
3667 driver->num = lines;
3668 /* later we'll move allocation of tables here */
3669 }
3670 return driver;
3671}
3672
3673void put_tty_driver(struct tty_driver *driver)
3674{
3675 kfree(driver);
3676}
3677
3678void tty_set_operations(struct tty_driver *driver, struct tty_operations *op)
3679{
3680 driver->open = op->open;
3681 driver->close = op->close;
3682 driver->write = op->write;
3683 driver->put_char = op->put_char;
3684 driver->flush_chars = op->flush_chars;
3685 driver->write_room = op->write_room;
3686 driver->chars_in_buffer = op->chars_in_buffer;
3687 driver->ioctl = op->ioctl;
3688 driver->set_termios = op->set_termios;
3689 driver->throttle = op->throttle;
3690 driver->unthrottle = op->unthrottle;
3691 driver->stop = op->stop;
3692 driver->start = op->start;
3693 driver->hangup = op->hangup;
3694 driver->break_ctl = op->break_ctl;
3695 driver->flush_buffer = op->flush_buffer;
3696 driver->set_ldisc = op->set_ldisc;
3697 driver->wait_until_sent = op->wait_until_sent;
3698 driver->send_xchar = op->send_xchar;
3699 driver->read_proc = op->read_proc;
3700 driver->write_proc = op->write_proc;
3701 driver->tiocmget = op->tiocmget;
3702 driver->tiocmset = op->tiocmset;
3703}
3704
3705
3706EXPORT_SYMBOL(alloc_tty_driver);
3707EXPORT_SYMBOL(put_tty_driver);
3708EXPORT_SYMBOL(tty_set_operations);
3709
3710/*
3711 * Called by a tty driver to register itself.
3712 */
3713int tty_register_driver(struct tty_driver *driver)
3714{
3715 int error;
3716 int i;
3717 dev_t dev;
3718 void **p = NULL;
3719
3720 if (driver->flags & TTY_DRIVER_INSTALLED)
3721 return 0;
3722
3723 if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
3724 p = kmalloc(driver->num * 3 * sizeof(void *), GFP_KERNEL);
3725 if (!p)
3726 return -ENOMEM;
3727 memset(p, 0, driver->num * 3 * sizeof(void *));
3728 }
3729
3730 if (!driver->major) {
3731 error = alloc_chrdev_region(&dev, driver->minor_start, driver->num,
3732 (char*)driver->name);
3733 if (!error) {
3734 driver->major = MAJOR(dev);
3735 driver->minor_start = MINOR(dev);
3736 }
3737 } else {
3738 dev = MKDEV(driver->major, driver->minor_start);
3739 error = register_chrdev_region(dev, driver->num,
3740 (char*)driver->name);
3741 }
3742 if (error < 0) {
3743 kfree(p);
3744 return error;
3745 }
3746
3747 if (p) {
3748 driver->ttys = (struct tty_struct **)p;
3749 driver->termios = (struct termios **)(p + driver->num);
3750 driver->termios_locked = (struct termios **)(p + driver->num * 2);
3751 } else {
3752 driver->ttys = NULL;
3753 driver->termios = NULL;
3754 driver->termios_locked = NULL;
3755 }
3756
3757 cdev_init(&driver->cdev, &tty_fops);
3758 driver->cdev.owner = driver->owner;
3759 error = cdev_add(&driver->cdev, dev, driver->num);
3760 if (error) {
1da177e4
LT		 3761 unregister_chrdev_region(dev, driver->num);
3762 driver->ttys = NULL;
3763 driver->termios = driver->termios_locked = NULL;
3764 kfree(p);
3765 return error;
3766 }
3767
3768 if (!driver->put_char)
3769 driver->put_char = tty_default_put_char;
3770
3771 list_add(&driver->tty_drivers, &tty_drivers);
3772
331b8319 3773 if ( !(driver->flags & TTY_DRIVER_DYNAMIC_DEV) ) {
1da177e4
LT		 3774 for(i = 0; i < driver->num; i++)
3775 tty_register_device(driver, i, NULL);
3776 }
3777 proc_tty_register_driver(driver);
3778 return 0;
3779}
3780
3781EXPORT_SYMBOL(tty_register_driver);
3782
3783/*
3784 * Called by a tty driver to unregister itself.
3785 */
3786int tty_unregister_driver(struct tty_driver *driver)
3787{
3788 int i;
3789 struct termios *tp;
3790 void *p;
3791
3792 if (driver->refcount)
3793 return -EBUSY;
3794
3795 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3796 driver->num);
3797
3798 list_del(&driver->tty_drivers);
3799
3800 /*
3801 * Free the termios and termios_locked structures because
3802 * we don't want to get memory leaks when modular tty
3803 * drivers are removed from the kernel.
3804 */
3805 for (i = 0; i < driver->num; i++) {
3806 tp = driver->termios[i];
3807 if (tp) {
3808 driver->termios[i] = NULL;
3809 kfree(tp);
3810 }
3811 tp = driver->termios_locked[i];
3812 if (tp) {
3813 driver->termios_locked[i] = NULL;
3814 kfree(tp);
3815 }
331b8319 3816 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
1da177e4
LT		 3817 tty_unregister_device(driver, i);
3818 }
3819 p = driver->ttys;
3820 proc_tty_unregister_driver(driver);
3821 driver->ttys = NULL;
3822 driver->termios = driver->termios_locked = NULL;
3823 kfree(p);
3824 cdev_del(&driver->cdev);
3825 return 0;
3826}
3827
3828EXPORT_SYMBOL(tty_unregister_driver);
3829
3830
3831/*
3832 * Initialize the console device. This is called *early*, so
3833 * we can't necessarily depend on lots of kernel help here.
3834 * Just do some early initializations, and do the complex setup
3835 * later.
3836 */
3837void __init console_init(void)
3838{
3839 initcall_t *call;
3840
3841 /* Setup the default TTY line discipline. */
3842 (void) tty_register_ldisc(N_TTY, &tty_ldisc_N_TTY);
3843
3844 /*
3845 * set up the console device so that later boot sequences can
3846 * inform about problems etc..
3847 */
3848#ifdef CONFIG_EARLY_PRINTK
3849 disable_early_printk();
1da177e4
LT		 3850#endif
3851 call = __con_initcall_start;
3852 while (call < __con_initcall_end) {
3853 (*call)();
3854 call++;
3855 }
3856}
3857
3858#ifdef CONFIG_VT
3859extern int vty_init(void);
3860#endif
3861
3862static int __init tty_class_init(void)
3863{
7fe845d1 3864 tty_class = class_create(THIS_MODULE, "tty");
1da177e4
LT		 3865 if (IS_ERR(tty_class))
3866 return PTR_ERR(tty_class);
3867 return 0;
3868}
3869
3870postcore_initcall(tty_class_init);
3871
3872/* 3/2004 jmc: why do these devices exist? */
3873
3874static struct cdev tty_cdev, console_cdev;
3875#ifdef CONFIG_UNIX98_PTYS
3876static struct cdev ptmx_cdev;
3877#endif
3878#ifdef CONFIG_VT
3879static struct cdev vc0_cdev;
3880#endif
3881
3882/*
3883 * Ok, now we can initialize the rest of the tty devices and can count
3884 * on memory allocations, interrupts etc..
3885 */
3886static int __init tty_init(void)
3887{
3888 cdev_init(&tty_cdev, &tty_fops);
3889 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3890 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3891 panic("Couldn't register /dev/tty driver\n");
53f46542 3892 class_device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty");
1da177e4
LT		 3893
3894 cdev_init(&console_cdev, &console_fops);
3895 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3896 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3897 panic("Couldn't register /dev/console driver\n");
53f46542 3898 class_device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), NULL, "console");
1da177e4
LT		 3899
3900#ifdef CONFIG_UNIX98_PTYS
3901 cdev_init(&ptmx_cdev, &ptmx_fops);
3902 if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) ||
3903 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 2), 1, "/dev/ptmx") < 0)
3904 panic("Couldn't register /dev/ptmx driver\n");
53f46542 3905 class_device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 2), NULL, "ptmx");
1da177e4
LT		 3906#endif
3907
3908#ifdef CONFIG_VT
3909 cdev_init(&vc0_cdev, &console_fops);
3910 if (cdev_add(&vc0_cdev, MKDEV(TTY_MAJOR, 0), 1) ||
3911 register_chrdev_region(MKDEV(TTY_MAJOR, 0), 1, "/dev/vc/0") < 0)
3912 panic("Couldn't register /dev/tty0 driver\n");
53f46542 3913 class_device_create(tty_class, NULL, MKDEV(TTY_MAJOR, 0), NULL, "tty0");
1da177e4
LT		 3914
3915 vty_init();
3916#endif
3917 return 0;
3918}
3919module_init(tty_init);
Linux 6.x block layer and io_uring tree(s)