projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
[PATCH] compound page: no access_process_vm check
[linux-2.6-block.git] / drivers / char / tty_io.c
CommitLineData
1da177e4
LT		 1/*
2 * linux/drivers/char/tty_io.c
3 *
4 * Copyright (C) 1991, 1992 Linus Torvalds
5 */
6
7/*
8 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
9 * or rs-channels. It also implements echoing, cooked mode etc.
10 *
11 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
12 *
13 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
14 * tty_struct and tty_queue structures. Previously there was an array
15 * of 256 tty_struct's which was statically allocated, and the
16 * tty_queue structures were allocated at boot time. Both are now
17 * dynamically allocated only when the tty is open.
18 *
19 * Also restructured routines so that there is more of a separation
20 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
21 * the low-level tty routines (serial.c, pty.c, console.c). This
22 * makes for cleaner and more compact code. -TYT, 9/17/92
23 *
24 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
25 * which can be dynamically activated and de-activated by the line
26 * discipline handling modules (like SLIP).
27 *
28 * NOTE: pay no attention to the line discipline code (yet); its
29 * interface is still subject to change in this version...
30 * -- TYT, 1/31/92
31 *
32 * Added functionality to the OPOST tty handling. No delays, but all
33 * other bits should be there.
34 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
35 *
36 * Rewrote canonical mode and added more termios flags.
37 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
38 *
39 * Reorganized FASYNC support so mouse code can share it.
40 * -- ctm@ardi.com, 9Sep95
41 *
42 * New TIOCLINUX variants added.
43 * -- mj@k332.feld.cvut.cz, 19-Nov-95
44 *
45 * Restrict vt switching via ioctl()
46 * -- grif@cs.ucr.edu, 5-Dec-95
47 *
48 * Move console and virtual terminal code to more appropriate files,
49 * implement CONFIG_VT and generalize console device interface.
50 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
51 *
52 * Rewrote init_dev and release_dev to eliminate races.
53 * -- Bill Hawes <whawes@star.net>, June 97
54 *
55 * Added devfs support.
56 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
57 *
58 * Added support for a Unix98-style ptmx device.
59 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
60 *
61 * Reduced memory usage for older ARM systems
62 * -- Russell King <rmk@arm.linux.org.uk>
63 *
64 * Move do_SAK() into process context. Less stack use in devfs functions.
65 * alloc_tty_struct() always uses kmalloc() -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
66 */
67
68#include <linux/config.h>
69#include <linux/types.h>
70#include <linux/major.h>
71#include <linux/errno.h>
72#include <linux/signal.h>
73#include <linux/fcntl.h>
74#include <linux/sched.h>
75#include <linux/interrupt.h>
76#include <linux/tty.h>
77#include <linux/tty_driver.h>
78#include <linux/tty_flip.h>
79#include <linux/devpts_fs.h>
80#include <linux/file.h>
81#include <linux/console.h>
82#include <linux/timer.h>
83#include <linux/ctype.h>
84#include <linux/kd.h>
85#include <linux/mm.h>
86#include <linux/string.h>
87#include <linux/slab.h>
88#include <linux/poll.h>
89#include <linux/proc_fs.h>
90#include <linux/init.h>
91#include <linux/module.h>
92#include <linux/smp_lock.h>
93#include <linux/device.h>
94#include <linux/idr.h>
95#include <linux/wait.h>
96#include <linux/bitops.h>
b20f3ae5 97#include <linux/delay.h>
1da177e4
LT		 98
99#include <asm/uaccess.h>
100#include <asm/system.h>
101
102#include <linux/kbd_kern.h>
103#include <linux/vt_kern.h>
104#include <linux/selection.h>
105#include <linux/devfs_fs_kernel.h>
106
107#include <linux/kmod.h>
108
109#undef TTY_DEBUG_HANGUP
110
111#define TTY_PARANOIA_CHECK 1
112#define CHECK_TTY_COUNT 1
113
114struct termios tty_std_termios = { /* for the benefit of tty drivers */
115 .c_iflag = ICRNL | IXON,
116 .c_oflag = OPOST | ONLCR,
117 .c_cflag = B38400 | CS8 | CREAD | HUPCL,
118 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
119 ECHOCTL | ECHOKE | IEXTEN,
120 .c_cc = INIT_C_CC
121};
122
123EXPORT_SYMBOL(tty_std_termios);
124
125/* This list gets poked at by procfs and various bits of boot up code. This
126 could do with some rationalisation such as pulling the tty proc function
127 into this file */
128
129LIST_HEAD(tty_drivers); /* linked list of tty drivers */
130
131/* Semaphore to protect creating and releasing a tty. This is shared with
132 vt.c for deeply disgusting hack reasons */
133DECLARE_MUTEX(tty_sem);
134
135#ifdef CONFIG_UNIX98_PTYS
136extern struct tty_driver *ptm_driver; /* Unix98 pty masters; for /dev/ptmx */
137extern int pty_limit; /* Config limit on Unix98 ptys */
138static DEFINE_IDR(allocated_ptys);
139static DECLARE_MUTEX(allocated_ptys_lock);
140static int ptmx_open(struct inode *, struct file *);
141#endif
142
143extern void disable_early_printk(void);
144
145static void initialize_tty_struct(struct tty_struct *tty);
146
147static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
148static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
149ssize_t redirected_tty_write(struct file *, const char __user *, size_t, loff_t *);
150static unsigned int tty_poll(struct file *, poll_table *);
151static int tty_open(struct inode *, struct file *);
152static int tty_release(struct inode *, struct file *);
153int tty_ioctl(struct inode * inode, struct file * file,
154 unsigned int cmd, unsigned long arg);
155static int tty_fasync(int fd, struct file * filp, int on);
1da177e4
LT		 156static void release_mem(struct tty_struct *tty, int idx);
157
158
159static struct tty_struct *alloc_tty_struct(void)
160{
161 struct tty_struct *tty;
162
163 tty = kmalloc(sizeof(struct tty_struct), GFP_KERNEL);
164 if (tty)
165 memset(tty, 0, sizeof(struct tty_struct));
166 return tty;
167}
168
33f0f88f
AC		 169static void tty_buffer_free_all(struct tty_struct *);
170
1da177e4
LT		 171static inline void free_tty_struct(struct tty_struct *tty)
172{
173 kfree(tty->write_buf);
33f0f88f 174 tty_buffer_free_all(tty);
1da177e4
LT		 175 kfree(tty);
176}
177
178#define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
179
180char *tty_name(struct tty_struct *tty, char *buf)
181{
182 if (!tty) /* Hmm. NULL pointer. That's fun. */
183 strcpy(buf, "NULL tty");
184 else
185 strcpy(buf, tty->name);
186 return buf;
187}
188
189EXPORT_SYMBOL(tty_name);
190
d769a669 191int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
1da177e4
LT		 192 const char *routine)
193{
194#ifdef TTY_PARANOIA_CHECK
195 if (!tty) {
196 printk(KERN_WARNING
197 "null TTY for (%d:%d) in %s\n",
198 imajor(inode), iminor(inode), routine);
199 return 1;
200 }
201 if (tty->magic != TTY_MAGIC) {
202 printk(KERN_WARNING
203 "bad magic number for tty struct (%d:%d) in %s\n",
204 imajor(inode), iminor(inode), routine);
205 return 1;
206 }
207#endif
208 return 0;
209}
210
211static int check_tty_count(struct tty_struct *tty, const char *routine)
212{
213#ifdef CHECK_TTY_COUNT
214 struct list_head *p;
215 int count = 0;
216
217 file_list_lock();
218 list_for_each(p, &tty->tty_files) {
219 count++;
220 }
221 file_list_unlock();
222 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
223 tty->driver->subtype == PTY_TYPE_SLAVE &&
224 tty->link && tty->link->count)
225 count++;
226 if (tty->count != count) {
227 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
228 "!= #fd's(%d) in %s\n",
229 tty->name, tty->count, count, routine);
230 return count;
231 }
232#endif
233 return 0;
234}
235
33f0f88f
AC		 236/*
237 * Tty buffer allocation management
238 */
239
240static void tty_buffer_free_all(struct tty_struct *tty)
241{
242 struct tty_buffer *thead;
243 while((thead = tty->buf.head) != NULL) {
244 tty->buf.head = thead->next;
245 kfree(thead);
246 }
247 while((thead = tty->buf.free) != NULL) {
248 tty->buf.free = thead->next;
249 kfree(thead);
250 }
251 tty->buf.tail = NULL;
252}
253
254static void tty_buffer_init(struct tty_struct *tty)
255{
808249ce 256 spin_lock_init(&tty->buf.lock);
33f0f88f
AC		 257 tty->buf.head = NULL;
258 tty->buf.tail = NULL;
259 tty->buf.free = NULL;
260}
261
262static struct tty_buffer *tty_buffer_alloc(size_t size)
263{
264 struct tty_buffer *p = kmalloc(sizeof(struct tty_buffer) + 2 * size, GFP_ATOMIC);
265 if(p == NULL)
266 return NULL;
267 p->used = 0;
268 p->size = size;
269 p->next = NULL;
808249ce 270 p->active = 0;
8977d929
PF		 271 p->commit = 0;
272 p->read = 0;
33f0f88f
AC		 273 p->char_buf_ptr = (char *)(p->data);
274 p->flag_buf_ptr = (unsigned char *)p->char_buf_ptr + size;
275/* printk("Flip create %p\n", p); */
276 return p;
277}
278
279/* Must be called with the tty_read lock held. This needs to acquire strategy
280 code to decide if we should kfree or relink a given expired buffer */
281
282static void tty_buffer_free(struct tty_struct *tty, struct tty_buffer *b)
283{
284 /* Dumb strategy for now - should keep some stats */
285/* printk("Flip dispose %p\n", b); */
286 if(b->size >= 512)
287 kfree(b);
288 else {
289 b->next = tty->buf.free;
290 tty->buf.free = b;
291 }
292}
293
294static struct tty_buffer *tty_buffer_find(struct tty_struct *tty, size_t size)
295{
296 struct tty_buffer **tbh = &tty->buf.free;
297 while((*tbh) != NULL) {
298 struct tty_buffer *t = *tbh;
299 if(t->size >= size) {
300 *tbh = t->next;
301 t->next = NULL;
302 t->used = 0;
8977d929
PF		 303 t->commit = 0;
304 t->read = 0;
33f0f88f
AC		 305 /* DEBUG ONLY */
306 memset(t->data, '*', size);
307/* printk("Flip recycle %p\n", t); */
308 return t;
309 }
310 tbh = &((*tbh)->next);
311 }
312 /* Round the buffer size out */
313 size = (size + 0xFF) & ~ 0xFF;
314 return tty_buffer_alloc(size);
315 /* Should possibly check if this fails for the largest buffer we
316 have queued and recycle that ? */
317}
318
319int tty_buffer_request_room(struct tty_struct *tty, size_t size)
320{
808249ce
PF		 321 struct tty_buffer *b, *n;
322 int left;
323 unsigned long flags;
324
325 spin_lock_irqsave(&tty->buf.lock, flags);
33f0f88f
AC		 326
327 /* OPTIMISATION: We could keep a per tty "zero" sized buffer to
328 remove this conditional if its worth it. This would be invisible
329 to the callers */
808249ce 330 if ((b = tty->buf.tail) != NULL) {
33f0f88f 331 left = b->size - b->used;
808249ce
PF		 332 b->active = 1;
333 } else
334 left = 0;
335
336 if (left < size) {
337 /* This is the slow path - looking for new buffers to use */
338 if ((n = tty_buffer_find(tty, size)) != NULL) {
339 if (b != NULL) {
340 b->next = n;
341 b->active = 0;
8977d929 342 b->commit = b->used;
808249ce
PF		 343 } else
344 tty->buf.head = n;
345 tty->buf.tail = n;
346 n->active = 1;
347 } else
348 size = left;
349 }
350
351 spin_unlock_irqrestore(&tty->buf.lock, flags);
33f0f88f
AC		 352 return size;
353}
354
355EXPORT_SYMBOL_GPL(tty_buffer_request_room);
356
357int tty_insert_flip_string(struct tty_struct *tty, unsigned char *chars, size_t size)
358{
359 int copied = 0;
360 do {
361 int space = tty_buffer_request_room(tty, size - copied);
362 struct tty_buffer *tb = tty->buf.tail;
363 /* If there is no space then tb may be NULL */
364 if(unlikely(space == 0))
365 break;
366 memcpy(tb->char_buf_ptr + tb->used, chars, space);
367 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
368 tb->used += space;
369 copied += space;
370 chars += space;
371/* printk("Flip insert %d.\n", space); */
372 }
373 /* There is a small chance that we need to split the data over
374 several buffers. If this is the case we must loop */
375 while (unlikely(size > copied));
376 return copied;
377}
378
379EXPORT_SYMBOL_GPL(tty_insert_flip_string);
380
381int tty_insert_flip_string_flags(struct tty_struct *tty, unsigned char *chars, char *flags, size_t size)
382{
383 int copied = 0;
384 do {
385 int space = tty_buffer_request_room(tty, size - copied);
386 struct tty_buffer *tb = tty->buf.tail;
387 /* If there is no space then tb may be NULL */
388 if(unlikely(space == 0))
389 break;
390 memcpy(tb->char_buf_ptr + tb->used, chars, space);
391 memcpy(tb->flag_buf_ptr + tb->used, flags, space);
392 tb->used += space;
393 copied += space;
394 chars += space;
395 flags += space;
396 }
397 /* There is a small chance that we need to split the data over
398 several buffers. If this is the case we must loop */
399 while (unlikely(size > copied));
400 return copied;
401}
402
403EXPORT_SYMBOL_GPL(tty_insert_flip_string_flags);
404
405
406/*
407 * Prepare a block of space in the buffer for data. Returns the length
408 * available and buffer pointer to the space which is now allocated and
409 * accounted for as ready for normal characters. This is used for drivers
410 * that need their own block copy routines into the buffer. There is no
411 * guarantee the buffer is a DMA target!
412 */
413
414int tty_prepare_flip_string(struct tty_struct *tty, unsigned char **chars, size_t size)
415{
416 int space = tty_buffer_request_room(tty, size);
808249ce
PF		 417 if (likely(space)) {
418 struct tty_buffer *tb = tty->buf.tail;
419 *chars = tb->char_buf_ptr + tb->used;
420 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
421 tb->used += space;
422 }
33f0f88f
AC		 423 return space;
424}
425
426EXPORT_SYMBOL_GPL(tty_prepare_flip_string);
427
428/*
429 * Prepare a block of space in the buffer for data. Returns the length
430 * available and buffer pointer to the space which is now allocated and
431 * accounted for as ready for characters. This is used for drivers
432 * that need their own block copy routines into the buffer. There is no
433 * guarantee the buffer is a DMA target!
434 */
435
436int tty_prepare_flip_string_flags(struct tty_struct *tty, unsigned char **chars, char **flags, size_t size)
437{
438 int space = tty_buffer_request_room(tty, size);
808249ce
PF		 439 if (likely(space)) {
440 struct tty_buffer *tb = tty->buf.tail;
441 *chars = tb->char_buf_ptr + tb->used;
442 *flags = tb->flag_buf_ptr + tb->used;
443 tb->used += space;
444 }
33f0f88f
AC		 445 return space;
446}
447
448EXPORT_SYMBOL_GPL(tty_prepare_flip_string_flags);
449
450
451
1da177e4
LT		 452/*
453 * This is probably overkill for real world processors but
454 * they are not on hot paths so a little discipline won't do
455 * any harm.
456 */
457
458static void tty_set_termios_ldisc(struct tty_struct *tty, int num)
459{
460 down(&tty->termios_sem);
461 tty->termios->c_line = num;
462 up(&tty->termios_sem);
463}
464
465/*
466 * This guards the refcounted line discipline lists. The lock
467 * must be taken with irqs off because there are hangup path
468 * callers who will do ldisc lookups and cannot sleep.
469 */
470
471static DEFINE_SPINLOCK(tty_ldisc_lock);
472static DECLARE_WAIT_QUEUE_HEAD(tty_ldisc_wait);
bfb07599 473static struct tty_ldisc tty_ldiscs[NR_LDISCS]; /* line disc dispatch table */
1da177e4
LT		 474
475int tty_register_ldisc(int disc, struct tty_ldisc *new_ldisc)
476{
477 unsigned long flags;
478 int ret = 0;
479
480 if (disc < N_TTY || disc >= NR_LDISCS)
481 return -EINVAL;
482
483 spin_lock_irqsave(&tty_ldisc_lock, flags);
bfb07599
AD		 484 tty_ldiscs[disc] = *new_ldisc;
485 tty_ldiscs[disc].num = disc;
486 tty_ldiscs[disc].flags |= LDISC_FLAG_DEFINED;
487 tty_ldiscs[disc].refcount = 0;
1da177e4
LT		 488 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
489
490 return ret;
491}
1da177e4
LT		 492EXPORT_SYMBOL(tty_register_ldisc);
493
bfb07599
AD		 494int tty_unregister_ldisc(int disc)
495{
496 unsigned long flags;
497 int ret = 0;
498
499 if (disc < N_TTY || disc >= NR_LDISCS)
500 return -EINVAL;
501
502 spin_lock_irqsave(&tty_ldisc_lock, flags);
503 if (tty_ldiscs[disc].refcount)
504 ret = -EBUSY;
505 else
506 tty_ldiscs[disc].flags &= ~LDISC_FLAG_DEFINED;
507 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
508
509 return ret;
510}
511EXPORT_SYMBOL(tty_unregister_ldisc);
512
1da177e4
LT		 513struct tty_ldisc *tty_ldisc_get(int disc)
514{
515 unsigned long flags;
516 struct tty_ldisc *ld;
517
518 if (disc < N_TTY || disc >= NR_LDISCS)
519 return NULL;
520
521 spin_lock_irqsave(&tty_ldisc_lock, flags);
522
523 ld = &tty_ldiscs[disc];
524 /* Check the entry is defined */
525 if(ld->flags & LDISC_FLAG_DEFINED)
526 {
527 /* If the module is being unloaded we can't use it */
528 if (!try_module_get(ld->owner))
529 ld = NULL;
530 else /* lock it */
531 ld->refcount++;
532 }
533 else
534 ld = NULL;
535 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
536 return ld;
537}
538
539EXPORT_SYMBOL_GPL(tty_ldisc_get);
540
541void tty_ldisc_put(int disc)
542{
543 struct tty_ldisc *ld;
544 unsigned long flags;
545
546 if (disc < N_TTY || disc >= NR_LDISCS)
547 BUG();
548
549 spin_lock_irqsave(&tty_ldisc_lock, flags);
550 ld = &tty_ldiscs[disc];
551 if(ld->refcount == 0)
552 BUG();
553 ld->refcount --;
554 module_put(ld->owner);
555 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
556}
557
558EXPORT_SYMBOL_GPL(tty_ldisc_put);
559
560static void tty_ldisc_assign(struct tty_struct *tty, struct tty_ldisc *ld)
561{
562 tty->ldisc = *ld;
563 tty->ldisc.refcount = 0;
564}
565
566/**
567 * tty_ldisc_try - internal helper
568 * @tty: the tty
569 *
570 * Make a single attempt to grab and bump the refcount on
571 * the tty ldisc. Return 0 on failure or 1 on success. This is
572 * used to implement both the waiting and non waiting versions
573 * of tty_ldisc_ref
574 */
575
576static int tty_ldisc_try(struct tty_struct *tty)
577{
578 unsigned long flags;
579 struct tty_ldisc *ld;
580 int ret = 0;
581
582 spin_lock_irqsave(&tty_ldisc_lock, flags);
583 ld = &tty->ldisc;
584 if(test_bit(TTY_LDISC, &tty->flags))
585 {
586 ld->refcount++;
587 ret = 1;
588 }
589 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
590 return ret;
591}
592
593/**
594 * tty_ldisc_ref_wait - wait for the tty ldisc
595 * @tty: tty device
596 *
597 * Dereference the line discipline for the terminal and take a
598 * reference to it. If the line discipline is in flux then
599 * wait patiently until it changes.
600 *
601 * Note: Must not be called from an IRQ/timer context. The caller
602 * must also be careful not to hold other locks that will deadlock
603 * against a discipline change, such as an existing ldisc reference
604 * (which we check for)
605 */
606
607struct tty_ldisc *tty_ldisc_ref_wait(struct tty_struct *tty)
608{
609 /* wait_event is a macro */
610 wait_event(tty_ldisc_wait, tty_ldisc_try(tty));
611 if(tty->ldisc.refcount == 0)
612 printk(KERN_ERR "tty_ldisc_ref_wait\n");
613 return &tty->ldisc;
614}
615
616EXPORT_SYMBOL_GPL(tty_ldisc_ref_wait);
617
618/**
619 * tty_ldisc_ref - get the tty ldisc
620 * @tty: tty device
621 *
622 * Dereference the line discipline for the terminal and take a
623 * reference to it. If the line discipline is in flux then
624 * return NULL. Can be called from IRQ and timer functions.
625 */
626
627struct tty_ldisc *tty_ldisc_ref(struct tty_struct *tty)
628{
629 if(tty_ldisc_try(tty))
630 return &tty->ldisc;
631 return NULL;
632}
633
634EXPORT_SYMBOL_GPL(tty_ldisc_ref);
635
636/**
637 * tty_ldisc_deref - free a tty ldisc reference
638 * @ld: reference to free up
639 *
640 * Undoes the effect of tty_ldisc_ref or tty_ldisc_ref_wait. May
641 * be called in IRQ context.
642 */
643
644void tty_ldisc_deref(struct tty_ldisc *ld)
645{
646 unsigned long flags;
647
648 if(ld == NULL)
649 BUG();
650
651 spin_lock_irqsave(&tty_ldisc_lock, flags);
652 if(ld->refcount == 0)
653 printk(KERN_ERR "tty_ldisc_deref: no references.\n");
654 else
655 ld->refcount--;
656 if(ld->refcount == 0)
657 wake_up(&tty_ldisc_wait);
658 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
659}
660
661EXPORT_SYMBOL_GPL(tty_ldisc_deref);
662
663/**
664 * tty_ldisc_enable - allow ldisc use
665 * @tty: terminal to activate ldisc on
666 *
667 * Set the TTY_LDISC flag when the line discipline can be called
668 * again. Do neccessary wakeups for existing sleepers.
669 *
670 * Note: nobody should set this bit except via this function. Clearing
671 * directly is allowed.
672 */
673
674static void tty_ldisc_enable(struct tty_struct *tty)
675{
676 set_bit(TTY_LDISC, &tty->flags);
677 wake_up(&tty_ldisc_wait);
678}
679
680/**
681 * tty_set_ldisc - set line discipline
682 * @tty: the terminal to set
683 * @ldisc: the line discipline
684 *
685 * Set the discipline of a tty line. Must be called from a process
686 * context.
687 */
688
689static int tty_set_ldisc(struct tty_struct *tty, int ldisc)
690{
ff55fe20
JB		 691 int retval = 0;
692 struct tty_ldisc o_ldisc;
1da177e4
LT		 693 char buf[64];
694 int work;
695 unsigned long flags;
696 struct tty_ldisc *ld;
ff55fe20 697 struct tty_struct *o_tty;
1da177e4
LT		 698
699 if ((ldisc < N_TTY) || (ldisc >= NR_LDISCS))
700 return -EINVAL;
701
702restart:
703
1da177e4
LT		 704 ld = tty_ldisc_get(ldisc);
705 /* Eduardo Blanco <ejbs@cs.cs.com.uy> */
706 /* Cyrus Durgin <cider@speakeasy.org> */
707 if (ld == NULL) {
708 request_module("tty-ldisc-%d", ldisc);
709 ld = tty_ldisc_get(ldisc);
710 }
711 if (ld == NULL)
712 return -EINVAL;
713
33f0f88f
AC		 714 /*
715 * No more input please, we are switching. The new ldisc
716 * will update this value in the ldisc open function
717 */
718
719 tty->receive_room = 0;
720
721 /*
722 * Problem: What do we do if this blocks ?
723 */
724
1da177e4
LT		 725 tty_wait_until_sent(tty, 0);
726
ff55fe20
JB		 727 if (tty->ldisc.num == ldisc) {
728 tty_ldisc_put(ldisc);
729 return 0;
730 }
731
732 o_ldisc = tty->ldisc;
733 o_tty = tty->link;
734
1da177e4
LT		 735 /*
736 * Make sure we don't change while someone holds a
737 * reference to the line discipline. The TTY_LDISC bit
738 * prevents anyone taking a reference once it is clear.
739 * We need the lock to avoid racing reference takers.
740 */
ff55fe20 741
1da177e4 742 spin_lock_irqsave(&tty_ldisc_lock, flags);
ff55fe20
JB		 743 if (tty->ldisc.refcount || (o_tty && o_tty->ldisc.refcount)) {
744 if(tty->ldisc.refcount) {
745 /* Free the new ldisc we grabbed. Must drop the lock
746 first. */
747 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
748 tty_ldisc_put(ldisc);
749 /*
750 * There are several reasons we may be busy, including
751 * random momentary I/O traffic. We must therefore
752 * retry. We could distinguish between blocking ops
753 * and retries if we made tty_ldisc_wait() smarter. That
754 * is up for discussion.
755 */
756 if (wait_event_interruptible(tty_ldisc_wait, tty->ldisc.refcount == 0) < 0)
757 return -ERESTARTSYS;
758 goto restart;
759 }
760 if(o_tty && o_tty->ldisc.refcount) {
761 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
762 tty_ldisc_put(ldisc);
763 if (wait_event_interruptible(tty_ldisc_wait, o_tty->ldisc.refcount == 0) < 0)
764 return -ERESTARTSYS;
765 goto restart;
766 }
767 }
768
769 /* if the TTY_LDISC bit is set, then we are racing against another ldisc change */
770
771 if (!test_bit(TTY_LDISC, &tty->flags)) {
1da177e4
LT		 772 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
773 tty_ldisc_put(ldisc);
ff55fe20
JB		 774 ld = tty_ldisc_ref_wait(tty);
775 tty_ldisc_deref(ld);
1da177e4
LT		 776 goto restart;
777 }
ff55fe20
JB		 778
779 clear_bit(TTY_LDISC, &tty->flags);
1da177e4 780 clear_bit(TTY_DONT_FLIP, &tty->flags);
ff55fe20
JB		 781 if (o_tty) {
782 clear_bit(TTY_LDISC, &o_tty->flags);
783 clear_bit(TTY_DONT_FLIP, &o_tty->flags);
784 }
1da177e4 785 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
ff55fe20 786
1da177e4
LT		 787 /*
788 * From this point on we know nobody has an ldisc
789 * usage reference, nor can they obtain one until
790 * we say so later on.
791 */
ff55fe20 792
33f0f88f 793 work = cancel_delayed_work(&tty->buf.work);
1da177e4 794 /*
33f0f88f 795 * Wait for ->hangup_work and ->buf.work handlers to terminate
1da177e4
LT		 796 */
797
798 flush_scheduled_work();
799 /* Shutdown the current discipline. */
800 if (tty->ldisc.close)
801 (tty->ldisc.close)(tty);
802
803 /* Now set up the new line discipline. */
804 tty_ldisc_assign(tty, ld);
805 tty_set_termios_ldisc(tty, ldisc);
806 if (tty->ldisc.open)
807 retval = (tty->ldisc.open)(tty);
808 if (retval < 0) {
809 tty_ldisc_put(ldisc);
810 /* There is an outstanding reference here so this is safe */
811 tty_ldisc_assign(tty, tty_ldisc_get(o_ldisc.num));
812 tty_set_termios_ldisc(tty, tty->ldisc.num);
813 if (tty->ldisc.open && (tty->ldisc.open(tty) < 0)) {
814 tty_ldisc_put(o_ldisc.num);
815 /* This driver is always present */
816 tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
817 tty_set_termios_ldisc(tty, N_TTY);
818 if (tty->ldisc.open) {
819 int r = tty->ldisc.open(tty);
820
821 if (r < 0)
822 panic("Couldn't open N_TTY ldisc for "
823 "%s --- error %d.",
824 tty_name(tty, buf), r);
825 }
826 }
827 }
828 /* At this point we hold a reference to the new ldisc and a
829 a reference to the old ldisc. If we ended up flipping back
830 to the existing ldisc we have two references to it */
831
832 if (tty->ldisc.num != o_ldisc.num && tty->driver->set_ldisc)
833 tty->driver->set_ldisc(tty);
834
835 tty_ldisc_put(o_ldisc.num);
836
837 /*
838 * Allow ldisc referencing to occur as soon as the driver
839 * ldisc callback completes.
840 */
841
842 tty_ldisc_enable(tty);
ff55fe20
JB		 843 if (o_tty)
844 tty_ldisc_enable(o_tty);
1da177e4
LT		 845
846 /* Restart it in case no characters kick it off. Safe if
847 already running */
ff55fe20 848 if (work)
33f0f88f 849 schedule_delayed_work(&tty->buf.work, 1);
1da177e4
LT		 850 return retval;
851}
852
853/*
854 * This routine returns a tty driver structure, given a device number
855 */
856static struct tty_driver *get_tty_driver(dev_t device, int *index)
857{
858 struct tty_driver *p;
859
860 list_for_each_entry(p, &tty_drivers, tty_drivers) {
861 dev_t base = MKDEV(p->major, p->minor_start);
862 if (device < base || device >= base + p->num)
863 continue;
864 *index = device - base;
865 return p;
866 }
867 return NULL;
868}
869
870/*
871 * If we try to write to, or set the state of, a terminal and we're
872 * not in the foreground, send a SIGTTOU. If the signal is blocked or
873 * ignored, go ahead and perform the operation. (POSIX 7.2)
874 */
875int tty_check_change(struct tty_struct * tty)
876{
877 if (current->signal->tty != tty)
878 return 0;
879 if (tty->pgrp <= 0) {
880 printk(KERN_WARNING "tty_check_change: tty->pgrp <= 0!\n");
881 return 0;
882 }
883 if (process_group(current) == tty->pgrp)
884 return 0;
885 if (is_ignored(SIGTTOU))
886 return 0;
887 if (is_orphaned_pgrp(process_group(current)))
888 return -EIO;
889 (void) kill_pg(process_group(current), SIGTTOU, 1);
890 return -ERESTARTSYS;
891}
892
893EXPORT_SYMBOL(tty_check_change);
894
895static ssize_t hung_up_tty_read(struct file * file, char __user * buf,
896 size_t count, loff_t *ppos)
897{
898 return 0;
899}
900
901static ssize_t hung_up_tty_write(struct file * file, const char __user * buf,
902 size_t count, loff_t *ppos)
903{
904 return -EIO;
905}
906
907/* No kernel lock held - none needed ;) */
908static unsigned int hung_up_tty_poll(struct file * filp, poll_table * wait)
909{
910 return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
911}
912
913static int hung_up_tty_ioctl(struct inode * inode, struct file * file,
914 unsigned int cmd, unsigned long arg)
915{
916 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
917}
918
919static struct file_operations tty_fops = {
920 .llseek = no_llseek,
921 .read = tty_read,
922 .write = tty_write,
923 .poll = tty_poll,
924 .ioctl = tty_ioctl,
925 .open = tty_open,
926 .release = tty_release,
927 .fasync = tty_fasync,
928};
929
930#ifdef CONFIG_UNIX98_PTYS
931static struct file_operations ptmx_fops = {
932 .llseek = no_llseek,
933 .read = tty_read,
934 .write = tty_write,
935 .poll = tty_poll,
936 .ioctl = tty_ioctl,
937 .open = ptmx_open,
938 .release = tty_release,
939 .fasync = tty_fasync,
940};
941#endif
942
943static struct file_operations console_fops = {
944 .llseek = no_llseek,
945 .read = tty_read,
946 .write = redirected_tty_write,
947 .poll = tty_poll,
948 .ioctl = tty_ioctl,
949 .open = tty_open,
950 .release = tty_release,
951 .fasync = tty_fasync,
952};
953
954static struct file_operations hung_up_tty_fops = {
955 .llseek = no_llseek,
956 .read = hung_up_tty_read,
957 .write = hung_up_tty_write,
958 .poll = hung_up_tty_poll,
959 .ioctl = hung_up_tty_ioctl,
960 .release = tty_release,
961};
962
963static DEFINE_SPINLOCK(redirect_lock);
964static struct file *redirect;
965
966/**
967 * tty_wakeup - request more data
968 * @tty: terminal
969 *
970 * Internal and external helper for wakeups of tty. This function
971 * informs the line discipline if present that the driver is ready
972 * to receive more output data.
973 */
974
975void tty_wakeup(struct tty_struct *tty)
976{
977 struct tty_ldisc *ld;
978
979 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
980 ld = tty_ldisc_ref(tty);
981 if(ld) {
982 if(ld->write_wakeup)
983 ld->write_wakeup(tty);
984 tty_ldisc_deref(ld);
985 }
986 }
987 wake_up_interruptible(&tty->write_wait);
988}
989
990EXPORT_SYMBOL_GPL(tty_wakeup);
991
992/**
993 * tty_ldisc_flush - flush line discipline queue
994 * @tty: tty
995 *
996 * Flush the line discipline queue (if any) for this tty. If there
997 * is no line discipline active this is a no-op.
998 */
999
1000void tty_ldisc_flush(struct tty_struct *tty)
1001{
1002 struct tty_ldisc *ld = tty_ldisc_ref(tty);
1003 if(ld) {
1004 if(ld->flush_buffer)
1005 ld->flush_buffer(tty);
1006 tty_ldisc_deref(ld);
1007 }
1008}
1009
1010EXPORT_SYMBOL_GPL(tty_ldisc_flush);
1011
1012/*
1013 * This can be called by the "eventd" kernel thread. That is process synchronous,
1014 * but doesn't hold any locks, so we need to make sure we have the appropriate
1015 * locks for what we're doing..
1016 */
1017static void do_tty_hangup(void *data)
1018{
1019 struct tty_struct *tty = (struct tty_struct *) data;
1020 struct file * cons_filp = NULL;
1021 struct file *filp, *f = NULL;
1022 struct task_struct *p;
1023 struct tty_ldisc *ld;
1024 int closecount = 0, n;
1025
1026 if (!tty)
1027 return;
1028
1029 /* inuse_filps is protected by the single kernel lock */
1030 lock_kernel();
1031
1032 spin_lock(&redirect_lock);
1033 if (redirect && redirect->private_data == tty) {
1034 f = redirect;
1035 redirect = NULL;
1036 }
1037 spin_unlock(&redirect_lock);
1038
1039 check_tty_count(tty, "do_tty_hangup");
1040 file_list_lock();
1041 /* This breaks for file handles being sent over AF_UNIX sockets ? */
2f512016 1042 list_for_each_entry(filp, &tty->tty_files, f_u.fu_list) {
1da177e4
LT		 1043 if (filp->f_op->write == redirected_tty_write)
1044 cons_filp = filp;
1045 if (filp->f_op->write != tty_write)
1046 continue;
1047 closecount++;
1048 tty_fasync(-1, filp, 0); /* can't block */
1049 filp->f_op = &hung_up_tty_fops;
1050 }
1051 file_list_unlock();
1052
1053 /* FIXME! What are the locking issues here? This may me overdoing things..
1054 * this question is especially important now that we've removed the irqlock. */
1055
1056 ld = tty_ldisc_ref(tty);
1057 if(ld != NULL) /* We may have no line discipline at this point */
1058 {
1059 if (ld->flush_buffer)
1060 ld->flush_buffer(tty);
1061 if (tty->driver->flush_buffer)
1062 tty->driver->flush_buffer(tty);
1063 if ((test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) &&
1064 ld->write_wakeup)
1065 ld->write_wakeup(tty);
1066 if (ld->hangup)
1067 ld->hangup(tty);
1068 }
1069
1070 /* FIXME: Once we trust the LDISC code better we can wait here for
1071 ldisc completion and fix the driver call race */
1072
1073 wake_up_interruptible(&tty->write_wait);
1074 wake_up_interruptible(&tty->read_wait);
1075
1076 /*
1077 * Shutdown the current line discipline, and reset it to
1078 * N_TTY.
1079 */
1080 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1081 {
1082 down(&tty->termios_sem);
1083 *tty->termios = tty->driver->init_termios;
1084 up(&tty->termios_sem);
1085 }
1086
1087 /* Defer ldisc switch */
1088 /* tty_deferred_ldisc_switch(N_TTY);
1089
1090 This should get done automatically when the port closes and
1091 tty_release is called */
1092
1093 read_lock(&tasklist_lock);
1094 if (tty->session > 0) {
1095 do_each_task_pid(tty->session, PIDTYPE_SID, p) {
1096 if (p->signal->tty == tty)
1097 p->signal->tty = NULL;
1098 if (!p->signal->leader)
1099 continue;
1100 send_group_sig_info(SIGHUP, SEND_SIG_PRIV, p);
1101 send_group_sig_info(SIGCONT, SEND_SIG_PRIV, p);
1102 if (tty->pgrp > 0)
1103 p->signal->tty_old_pgrp = tty->pgrp;
1104 } while_each_task_pid(tty->session, PIDTYPE_SID, p);
1105 }
1106 read_unlock(&tasklist_lock);
1107
1108 tty->flags = 0;
1109 tty->session = 0;
1110 tty->pgrp = -1;
1111 tty->ctrl_status = 0;
1112 /*
1113 * If one of the devices matches a console pointer, we
1114 * cannot just call hangup() because that will cause
1115 * tty->count and state->count to go out of sync.
1116 * So we just call close() the right number of times.
1117 */
1118 if (cons_filp) {
1119 if (tty->driver->close)
1120 for (n = 0; n < closecount; n++)
1121 tty->driver->close(tty, cons_filp);
1122 } else if (tty->driver->hangup)
1123 (tty->driver->hangup)(tty);
1124
1125 /* We don't want to have driver/ldisc interactions beyond
1126 the ones we did here. The driver layer expects no
1127 calls after ->hangup() from the ldisc side. However we
1128 can't yet guarantee all that */
1129
1130 set_bit(TTY_HUPPED, &tty->flags);
1131 if (ld) {
1132 tty_ldisc_enable(tty);
1133 tty_ldisc_deref(ld);
1134 }
1135 unlock_kernel();
1136 if (f)
1137 fput(f);
1138}
1139
1140void tty_hangup(struct tty_struct * tty)
1141{
1142#ifdef TTY_DEBUG_HANGUP
1143 char buf[64];
1144
1145 printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
1146#endif
1147 schedule_work(&tty->hangup_work);
1148}
1149
1150EXPORT_SYMBOL(tty_hangup);
1151
1152void tty_vhangup(struct tty_struct * tty)
1153{
1154#ifdef TTY_DEBUG_HANGUP
1155 char buf[64];
1156
1157 printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
1158#endif
1159 do_tty_hangup((void *) tty);
1160}
1161EXPORT_SYMBOL(tty_vhangup);
1162
1163int tty_hung_up_p(struct file * filp)
1164{
1165 return (filp->f_op == &hung_up_tty_fops);
1166}
1167
1168EXPORT_SYMBOL(tty_hung_up_p);
1169
1170/*
1171 * This function is typically called only by the session leader, when
1172 * it wants to disassociate itself from its controlling tty.
1173 *
1174 * It performs the following functions:
1175 * (1) Sends a SIGHUP and SIGCONT to the foreground process group
1176 * (2) Clears the tty from being controlling the session
1177 * (3) Clears the controlling tty for all processes in the
1178 * session group.
1179 *
1180 * The argument on_exit is set to 1 if called when a process is
1181 * exiting; it is 0 if called by the ioctl TIOCNOTTY.
1182 */
1183void disassociate_ctty(int on_exit)
1184{
1185 struct tty_struct *tty;
1186 struct task_struct *p;
1187 int tty_pgrp = -1;
1188
1189 lock_kernel();
1190
1191 down(&tty_sem);
1192 tty = current->signal->tty;
1193 if (tty) {
1194 tty_pgrp = tty->pgrp;
1195 up(&tty_sem);
1196 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY)
1197 tty_vhangup(tty);
1198 } else {
1199 if (current->signal->tty_old_pgrp) {
1200 kill_pg(current->signal->tty_old_pgrp, SIGHUP, on_exit);
1201 kill_pg(current->signal->tty_old_pgrp, SIGCONT, on_exit);
1202 }
1203 up(&tty_sem);
1204 unlock_kernel();
1205 return;
1206 }
1207 if (tty_pgrp > 0) {
1208 kill_pg(tty_pgrp, SIGHUP, on_exit);
1209 if (!on_exit)
1210 kill_pg(tty_pgrp, SIGCONT, on_exit);
1211 }
1212
1213 /* Must lock changes to tty_old_pgrp */
1214 down(&tty_sem);
1215 current->signal->tty_old_pgrp = 0;
1216 tty->session = 0;
1217 tty->pgrp = -1;
1218
1219 /* Now clear signal->tty under the lock */
1220 read_lock(&tasklist_lock);
1221 do_each_task_pid(current->signal->session, PIDTYPE_SID, p) {
1222 p->signal->tty = NULL;
1223 } while_each_task_pid(current->signal->session, PIDTYPE_SID, p);
1224 read_unlock(&tasklist_lock);
1225 up(&tty_sem);
1226 unlock_kernel();
1227}
1228
1229void stop_tty(struct tty_struct *tty)
1230{
1231 if (tty->stopped)
1232 return;
1233 tty->stopped = 1;
1234 if (tty->link && tty->link->packet) {
1235 tty->ctrl_status &= ~TIOCPKT_START;
1236 tty->ctrl_status |= TIOCPKT_STOP;
1237 wake_up_interruptible(&tty->link->read_wait);
1238 }
1239 if (tty->driver->stop)
1240 (tty->driver->stop)(tty);
1241}
1242
1243EXPORT_SYMBOL(stop_tty);
1244
1245void start_tty(struct tty_struct *tty)
1246{
1247 if (!tty->stopped || tty->flow_stopped)
1248 return;
1249 tty->stopped = 0;
1250 if (tty->link && tty->link->packet) {
1251 tty->ctrl_status &= ~TIOCPKT_STOP;
1252 tty->ctrl_status |= TIOCPKT_START;
1253 wake_up_interruptible(&tty->link->read_wait);
1254 }
1255 if (tty->driver->start)
1256 (tty->driver->start)(tty);
1257
1258 /* If we have a running line discipline it may need kicking */
1259 tty_wakeup(tty);
1260 wake_up_interruptible(&tty->write_wait);
1261}
1262
1263EXPORT_SYMBOL(start_tty);
1264
1265static ssize_t tty_read(struct file * file, char __user * buf, size_t count,
1266 loff_t *ppos)
1267{
1268 int i;
1269 struct tty_struct * tty;
1270 struct inode *inode;
1271 struct tty_ldisc *ld;
1272
1273 tty = (struct tty_struct *)file->private_data;
1274 inode = file->f_dentry->d_inode;
1275 if (tty_paranoia_check(tty, inode, "tty_read"))
1276 return -EIO;
1277 if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
1278 return -EIO;
1279
1280 /* We want to wait for the line discipline to sort out in this
1281 situation */
1282 ld = tty_ldisc_ref_wait(tty);
1283 lock_kernel();
1284 if (ld->read)
1285 i = (ld->read)(tty,file,buf,count);
1286 else
1287 i = -EIO;
1288 tty_ldisc_deref(ld);
1289 unlock_kernel();
1290 if (i > 0)
1291 inode->i_atime = current_fs_time(inode->i_sb);
1292 return i;
1293}
1294
1295/*
1296 * Split writes up in sane blocksizes to avoid
1297 * denial-of-service type attacks
1298 */
1299static inline ssize_t do_tty_write(
1300 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1301 struct tty_struct *tty,
1302 struct file *file,
1303 const char __user *buf,
1304 size_t count)
1305{
1306 ssize_t ret = 0, written = 0;
1307 unsigned int chunk;
1308
1309 if (down_interruptible(&tty->atomic_write)) {
1310 return -ERESTARTSYS;
1311 }
1312
1313 /*
1314 * We chunk up writes into a temporary buffer. This
1315 * simplifies low-level drivers immensely, since they
1316 * don't have locking issues and user mode accesses.
1317 *
1318 * But if TTY_NO_WRITE_SPLIT is set, we should use a
1319 * big chunk-size..
1320 *
1321 * The default chunk-size is 2kB, because the NTTY
1322 * layer has problems with bigger chunks. It will
1323 * claim to be able to handle more characters than
1324 * it actually does.
1325 */
1326 chunk = 2048;
1327 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1328 chunk = 65536;
1329 if (count < chunk)
1330 chunk = count;
1331
1332 /* write_buf/write_cnt is protected by the atomic_write semaphore */
1333 if (tty->write_cnt < chunk) {
1334 unsigned char *buf;
1335
1336 if (chunk < 1024)
1337 chunk = 1024;
1338
1339 buf = kmalloc(chunk, GFP_KERNEL);
1340 if (!buf) {
1341 up(&tty->atomic_write);
1342 return -ENOMEM;
1343 }
1344 kfree(tty->write_buf);
1345 tty->write_cnt = chunk;
1346 tty->write_buf = buf;
1347 }
1348
1349 /* Do the write .. */
1350 for (;;) {
1351 size_t size = count;
1352 if (size > chunk)
1353 size = chunk;
1354 ret = -EFAULT;
1355 if (copy_from_user(tty->write_buf, buf, size))
1356 break;
1357 lock_kernel();
1358 ret = write(tty, file, tty->write_buf, size);
1359 unlock_kernel();
1360 if (ret <= 0)
1361 break;
1362 written += ret;
1363 buf += ret;
1364 count -= ret;
1365 if (!count)
1366 break;
1367 ret = -ERESTARTSYS;
1368 if (signal_pending(current))
1369 break;
1370 cond_resched();
1371 }
1372 if (written) {
1373 struct inode *inode = file->f_dentry->d_inode;
1374 inode->i_mtime = current_fs_time(inode->i_sb);
1375 ret = written;
1376 }
1377 up(&tty->atomic_write);
1378 return ret;
1379}
1380
1381
1382static ssize_t tty_write(struct file * file, const char __user * buf, size_t count,
1383 loff_t *ppos)
1384{
1385 struct tty_struct * tty;
1386 struct inode *inode = file->f_dentry->d_inode;
1387 ssize_t ret;
1388 struct tty_ldisc *ld;
1389
1390 tty = (struct tty_struct *)file->private_data;
1391 if (tty_paranoia_check(tty, inode, "tty_write"))
1392 return -EIO;
1393 if (!tty || !tty->driver->write || (test_bit(TTY_IO_ERROR, &tty->flags)))
1394 return -EIO;
1395
1396 ld = tty_ldisc_ref_wait(tty);
1397 if (!ld->write)
1398 ret = -EIO;
1399 else
1400 ret = do_tty_write(ld->write, tty, file, buf, count);
1401 tty_ldisc_deref(ld);
1402 return ret;
1403}
1404
1405ssize_t redirected_tty_write(struct file * file, const char __user * buf, size_t count,
1406 loff_t *ppos)
1407{
1408 struct file *p = NULL;
1409
1410 spin_lock(&redirect_lock);
1411 if (redirect) {
1412 get_file(redirect);
1413 p = redirect;
1414 }
1415 spin_unlock(&redirect_lock);
1416
1417 if (p) {
1418 ssize_t res;
1419 res = vfs_write(p, buf, count, &p->f_pos);
1420 fput(p);
1421 return res;
1422 }
1423
1424 return tty_write(file, buf, count, ppos);
1425}
1426
1427static char ptychar[] = "pqrstuvwxyzabcde";
1428
1429static inline void pty_line_name(struct tty_driver *driver, int index, char *p)
1430{
1431 int i = index + driver->name_base;
1432 /* ->name is initialized to "ttyp", but "tty" is expected */
1433 sprintf(p, "%s%c%x",
1434 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1435 ptychar[i >> 4 & 0xf], i & 0xf);
1436}
1437
1438static inline void tty_line_name(struct tty_driver *driver, int index, char *p)
1439{
1440 sprintf(p, "%s%d", driver->name, index + driver->name_base);
1441}
1442
1443/*
1444 * WSH 06/09/97: Rewritten to remove races and properly clean up after a
1445 * failed open. The new code protects the open with a semaphore, so it's
1446 * really quite straightforward. The semaphore locking can probably be
1447 * relaxed for the (most common) case of reopening a tty.
1448 */
1449static int init_dev(struct tty_driver *driver, int idx,
1450 struct tty_struct **ret_tty)
1451{
1452 struct tty_struct *tty, *o_tty;
1453 struct termios *tp, **tp_loc, *o_tp, **o_tp_loc;
1454 struct termios *ltp, **ltp_loc, *o_ltp, **o_ltp_loc;
1455 int retval=0;
1456
1457 /* check whether we're reopening an existing tty */
1458 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1459 tty = devpts_get_tty(idx);
1460 if (tty && driver->subtype == PTY_TYPE_MASTER)
1461 tty = tty->link;
1462 } else {
1463 tty = driver->ttys[idx];
1464 }
1465 if (tty) goto fast_track;
1466
1467 /*
1468 * First time open is complex, especially for PTY devices.
1469 * This code guarantees that either everything succeeds and the
1470 * TTY is ready for operation, or else the table slots are vacated
1471 * and the allocated memory released. (Except that the termios
1472 * and locked termios may be retained.)
1473 */
1474
1475 if (!try_module_get(driver->owner)) {
1476 retval = -ENODEV;
1477 goto end_init;
1478 }
1479
1480 o_tty = NULL;
1481 tp = o_tp = NULL;
1482 ltp = o_ltp = NULL;
1483
1484 tty = alloc_tty_struct();
1485 if(!tty)
1486 goto fail_no_mem;
1487 initialize_tty_struct(tty);
1488 tty->driver = driver;
1489 tty->index = idx;
1490 tty_line_name(driver, idx, tty->name);
1491
1492 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1493 tp_loc = &tty->termios;
1494 ltp_loc = &tty->termios_locked;
1495 } else {
1496 tp_loc = &driver->termios[idx];
1497 ltp_loc = &driver->termios_locked[idx];
1498 }
1499
1500 if (!*tp_loc) {
1501 tp = (struct termios *) kmalloc(sizeof(struct termios),
1502 GFP_KERNEL);
1503 if (!tp)
1504 goto free_mem_out;
1505 *tp = driver->init_termios;
1506 }
1507
1508 if (!*ltp_loc) {
1509 ltp = (struct termios *) kmalloc(sizeof(struct termios),
1510 GFP_KERNEL);
1511 if (!ltp)
1512 goto free_mem_out;
1513 memset(ltp, 0, sizeof(struct termios));
1514 }
1515
1516 if (driver->type == TTY_DRIVER_TYPE_PTY) {
1517 o_tty = alloc_tty_struct();
1518 if (!o_tty)
1519 goto free_mem_out;
1520 initialize_tty_struct(o_tty);
1521 o_tty->driver = driver->other;
1522 o_tty->index = idx;
1523 tty_line_name(driver->other, idx, o_tty->name);
1524
1525 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1526 o_tp_loc = &o_tty->termios;
1527 o_ltp_loc = &o_tty->termios_locked;
1528 } else {
1529 o_tp_loc = &driver->other->termios[idx];
1530 o_ltp_loc = &driver->other->termios_locked[idx];
1531 }
1532
1533 if (!*o_tp_loc) {
1534 o_tp = (struct termios *)
1535 kmalloc(sizeof(struct termios), GFP_KERNEL);
1536 if (!o_tp)
1537 goto free_mem_out;
1538 *o_tp = driver->other->init_termios;
1539 }
1540
1541 if (!*o_ltp_loc) {
1542 o_ltp = (struct termios *)
1543 kmalloc(sizeof(struct termios), GFP_KERNEL);
1544 if (!o_ltp)
1545 goto free_mem_out;
1546 memset(o_ltp, 0, sizeof(struct termios));
1547 }
1548
1549 /*
1550 * Everything allocated ... set up the o_tty structure.
1551 */
1552 if (!(driver->other->flags & TTY_DRIVER_DEVPTS_MEM)) {
1553 driver->other->ttys[idx] = o_tty;
1554 }
1555 if (!*o_tp_loc)
1556 *o_tp_loc = o_tp;
1557 if (!*o_ltp_loc)
1558 *o_ltp_loc = o_ltp;
1559 o_tty->termios = *o_tp_loc;
1560 o_tty->termios_locked = *o_ltp_loc;
1561 driver->other->refcount++;
1562 if (driver->subtype == PTY_TYPE_MASTER)
1563 o_tty->count++;
1564
1565 /* Establish the links in both directions */
1566 tty->link = o_tty;
1567 o_tty->link = tty;
1568 }
1569
1570 /*
1571 * All structures have been allocated, so now we install them.
1572 * Failures after this point use release_mem to clean up, so
1573 * there's no need to null out the local pointers.
1574 */
1575 if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
1576 driver->ttys[idx] = tty;
1577 }
1578
1579 if (!*tp_loc)
1580 *tp_loc = tp;
1581 if (!*ltp_loc)
1582 *ltp_loc = ltp;
1583 tty->termios = *tp_loc;
1584 tty->termios_locked = *ltp_loc;
1585 driver->refcount++;
1586 tty->count++;
1587
1588 /*
1589 * Structures all installed ... call the ldisc open routines.
1590 * If we fail here just call release_mem to clean up. No need
1591 * to decrement the use counts, as release_mem doesn't care.
1592 */
1593
1594 if (tty->ldisc.open) {
1595 retval = (tty->ldisc.open)(tty);
1596 if (retval)
1597 goto release_mem_out;
1598 }
1599 if (o_tty && o_tty->ldisc.open) {
1600 retval = (o_tty->ldisc.open)(o_tty);
1601 if (retval) {
1602 if (tty->ldisc.close)
1603 (tty->ldisc.close)(tty);
1604 goto release_mem_out;
1605 }
1606 tty_ldisc_enable(o_tty);
1607 }
1608 tty_ldisc_enable(tty);
1609 goto success;
1610
1611 /*
1612 * This fast open can be used if the tty is already open.
1613 * No memory is allocated, and the only failures are from
1614 * attempting to open a closing tty or attempting multiple
1615 * opens on a pty master.
1616 */
1617fast_track:
1618 if (test_bit(TTY_CLOSING, &tty->flags)) {
1619 retval = -EIO;
1620 goto end_init;
1621 }
1622 if (driver->type == TTY_DRIVER_TYPE_PTY &&
1623 driver->subtype == PTY_TYPE_MASTER) {
1624 /*
1625 * special case for PTY masters: only one open permitted,
1626 * and the slave side open count is incremented as well.
1627 */
1628 if (tty->count) {
1629 retval = -EIO;
1630 goto end_init;
1631 }
1632 tty->link->count++;
1633 }
1634 tty->count++;
1635 tty->driver = driver; /* N.B. why do this every time?? */
1636
1637 /* FIXME */
1638 if(!test_bit(TTY_LDISC, &tty->flags))
1639 printk(KERN_ERR "init_dev but no ldisc\n");
1640success:
1641 *ret_tty = tty;
1642
1643 /* All paths come through here to release the semaphore */
1644end_init:
1645 return retval;
1646
1647 /* Release locally allocated memory ... nothing placed in slots */
1648free_mem_out:
735d5661 1649 kfree(o_tp);
1da177e4
LT		 1650 if (o_tty)
1651 free_tty_struct(o_tty);
735d5661
JJ		 1652 kfree(ltp);
1653 kfree(tp);
1da177e4
LT		 1654 free_tty_struct(tty);
1655
1656fail_no_mem:
1657 module_put(driver->owner);
1658 retval = -ENOMEM;
1659 goto end_init;
1660
1661 /* call the tty release_mem routine to clean out this slot */
1662release_mem_out:
1663 printk(KERN_INFO "init_dev: ldisc open failed, "
1664 "clearing slot %d\n", idx);
1665 release_mem(tty, idx);
1666 goto end_init;
1667}
1668
1669/*
1670 * Releases memory associated with a tty structure, and clears out the
1671 * driver table slots.
1672 */
1673static void release_mem(struct tty_struct *tty, int idx)
1674{
1675 struct tty_struct *o_tty;
1676 struct termios *tp;
1677 int devpts = tty->driver->flags & TTY_DRIVER_DEVPTS_MEM;
1678
1679 if ((o_tty = tty->link) != NULL) {
1680 if (!devpts)
1681 o_tty->driver->ttys[idx] = NULL;
1682 if (o_tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
1683 tp = o_tty->termios;
1684 if (!devpts)
1685 o_tty->driver->termios[idx] = NULL;
1686 kfree(tp);
1687
1688 tp = o_tty->termios_locked;
1689 if (!devpts)
1690 o_tty->driver->termios_locked[idx] = NULL;
1691 kfree(tp);
1692 }
1693 o_tty->magic = 0;
1694 o_tty->driver->refcount--;
1695 file_list_lock();
1696 list_del_init(&o_tty->tty_files);
1697 file_list_unlock();
1698 free_tty_struct(o_tty);
1699 }
1700
1701 if (!devpts)
1702 tty->driver->ttys[idx] = NULL;
1703 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
1704 tp = tty->termios;
1705 if (!devpts)
1706 tty->driver->termios[idx] = NULL;
1707 kfree(tp);
1708
1709 tp = tty->termios_locked;
1710 if (!devpts)
1711 tty->driver->termios_locked[idx] = NULL;
1712 kfree(tp);
1713 }
1714
1715 tty->magic = 0;
1716 tty->driver->refcount--;
1717 file_list_lock();
1718 list_del_init(&tty->tty_files);
1719 file_list_unlock();
1720 module_put(tty->driver->owner);
1721 free_tty_struct(tty);
1722}
1723
1724/*
1725 * Even releasing the tty structures is a tricky business.. We have
1726 * to be very careful that the structures are all released at the
1727 * same time, as interrupts might otherwise get the wrong pointers.
1728 *
1729 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1730 * lead to double frees or releasing memory still in use.
1731 */
1732static void release_dev(struct file * filp)
1733{
1734 struct tty_struct *tty, *o_tty;
1735 int pty_master, tty_closing, o_tty_closing, do_sleep;
1736 int devpts_master, devpts;
1737 int idx;
1738 char buf[64];
1739 unsigned long flags;
1740
1741 tty = (struct tty_struct *)filp->private_data;
1742 if (tty_paranoia_check(tty, filp->f_dentry->d_inode, "release_dev"))
1743 return;
1744
1745 check_tty_count(tty, "release_dev");
1746
1747 tty_fasync(-1, filp, 0);
1748
1749 idx = tty->index;
1750 pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1751 tty->driver->subtype == PTY_TYPE_MASTER);
1752 devpts = (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) != 0;
1753 devpts_master = pty_master && devpts;
1754 o_tty = tty->link;
1755
1756#ifdef TTY_PARANOIA_CHECK
1757 if (idx < 0 || idx >= tty->driver->num) {
1758 printk(KERN_DEBUG "release_dev: bad idx when trying to "
1759 "free (%s)\n", tty->name);
1760 return;
1761 }
1762 if (!(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
1763 if (tty != tty->driver->ttys[idx]) {
1764 printk(KERN_DEBUG "release_dev: driver.table[%d] not tty "
1765 "for (%s)\n", idx, tty->name);
1766 return;
1767 }
1768 if (tty->termios != tty->driver->termios[idx]) {
1769 printk(KERN_DEBUG "release_dev: driver.termios[%d] not termios "
1770 "for (%s)\n",
1771 idx, tty->name);
1772 return;
1773 }
1774 if (tty->termios_locked != tty->driver->termios_locked[idx]) {
1775 printk(KERN_DEBUG "release_dev: driver.termios_locked[%d] not "
1776 "termios_locked for (%s)\n",
1777 idx, tty->name);
1778 return;
1779 }
1780 }
1781#endif
1782
1783#ifdef TTY_DEBUG_HANGUP
1784 printk(KERN_DEBUG "release_dev of %s (tty count=%d)...",
1785 tty_name(tty, buf), tty->count);
1786#endif
1787
1788#ifdef TTY_PARANOIA_CHECK
1789 if (tty->driver->other &&
1790 !(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
1791 if (o_tty != tty->driver->other->ttys[idx]) {
1792 printk(KERN_DEBUG "release_dev: other->table[%d] "
1793 "not o_tty for (%s)\n",
1794 idx, tty->name);
1795 return;
1796 }
1797 if (o_tty->termios != tty->driver->other->termios[idx]) {
1798 printk(KERN_DEBUG "release_dev: other->termios[%d] "
1799 "not o_termios for (%s)\n",
1800 idx, tty->name);
1801 return;
1802 }
1803 if (o_tty->termios_locked !=
1804 tty->driver->other->termios_locked[idx]) {
1805 printk(KERN_DEBUG "release_dev: other->termios_locked["
1806 "%d] not o_termios_locked for (%s)\n",
1807 idx, tty->name);
1808 return;
1809 }
1810 if (o_tty->link != tty) {
1811 printk(KERN_DEBUG "release_dev: bad pty pointers\n");
1812 return;
1813 }
1814 }
1815#endif
1816 if (tty->driver->close)
1817 tty->driver->close(tty, filp);
1818
1819 /*
1820 * Sanity check: if tty->count is going to zero, there shouldn't be
1821 * any waiters on tty->read_wait or tty->write_wait. We test the
1822 * wait queues and kick everyone out _before_ actually starting to
1823 * close. This ensures that we won't block while releasing the tty
1824 * structure.
1825 *
1826 * The test for the o_tty closing is necessary, since the master and
1827 * slave sides may close in any order. If the slave side closes out
1828 * first, its count will be one, since the master side holds an open.
1829 * Thus this test wouldn't be triggered at the time the slave closes,
1830 * so we do it now.
1831 *
1832 * Note that it's possible for the tty to be opened again while we're
1833 * flushing out waiters. By recalculating the closing flags before
1834 * each iteration we avoid any problems.
1835 */
1836 while (1) {
1837 /* Guard against races with tty->count changes elsewhere and
1838 opens on /dev/tty */
1839
1840 down(&tty_sem);
1841 tty_closing = tty->count <= 1;
1842 o_tty_closing = o_tty &&
1843 (o_tty->count <= (pty_master ? 1 : 0));
1844 up(&tty_sem);
1845 do_sleep = 0;
1846
1847 if (tty_closing) {
1848 if (waitqueue_active(&tty->read_wait)) {
1849 wake_up(&tty->read_wait);
1850 do_sleep++;
1851 }
1852 if (waitqueue_active(&tty->write_wait)) {
1853 wake_up(&tty->write_wait);
1854 do_sleep++;
1855 }
1856 }
1857 if (o_tty_closing) {
1858 if (waitqueue_active(&o_tty->read_wait)) {
1859 wake_up(&o_tty->read_wait);
1860 do_sleep++;
1861 }
1862 if (waitqueue_active(&o_tty->write_wait)) {
1863 wake_up(&o_tty->write_wait);
1864 do_sleep++;
1865 }
1866 }
1867 if (!do_sleep)
1868 break;
1869
1870 printk(KERN_WARNING "release_dev: %s: read/write wait queue "
1871 "active!\n", tty_name(tty, buf));
1872 schedule();
1873 }
1874
1875 /*
1876 * The closing flags are now consistent with the open counts on
1877 * both sides, and we've completed the last operation that could
1878 * block, so it's safe to proceed with closing.
1879 */
1880
1881 down(&tty_sem);
1882 if (pty_master) {
1883 if (--o_tty->count < 0) {
1884 printk(KERN_WARNING "release_dev: bad pty slave count "
1885 "(%d) for %s\n",
1886 o_tty->count, tty_name(o_tty, buf));
1887 o_tty->count = 0;
1888 }
1889 }
1890 if (--tty->count < 0) {
1891 printk(KERN_WARNING "release_dev: bad tty->count (%d) for %s\n",
1892 tty->count, tty_name(tty, buf));
1893 tty->count = 0;
1894 }
1895 up(&tty_sem);
1896
1897 /*
1898 * We've decremented tty->count, so we need to remove this file
1899 * descriptor off the tty->tty_files list; this serves two
1900 * purposes:
1901 * - check_tty_count sees the correct number of file descriptors
1902 * associated with this tty.
1903 * - do_tty_hangup no longer sees this file descriptor as
1904 * something that needs to be handled for hangups.
1905 */
1906 file_kill(filp);
1907 filp->private_data = NULL;
1908
1909 /*
1910 * Perform some housekeeping before deciding whether to return.
1911 *
1912 * Set the TTY_CLOSING flag if this was the last open. In the
1913 * case of a pty we may have to wait around for the other side
1914 * to close, and TTY_CLOSING makes sure we can't be reopened.
1915 */
1916 if(tty_closing)
1917 set_bit(TTY_CLOSING, &tty->flags);
1918 if(o_tty_closing)
1919 set_bit(TTY_CLOSING, &o_tty->flags);
1920
1921 /*
1922 * If _either_ side is closing, make sure there aren't any
1923 * processes that still think tty or o_tty is their controlling
1924 * tty.
1925 */
1926 if (tty_closing || o_tty_closing) {
1927 struct task_struct *p;
1928
1929 read_lock(&tasklist_lock);
1930 do_each_task_pid(tty->session, PIDTYPE_SID, p) {
1931 p->signal->tty = NULL;
1932 } while_each_task_pid(tty->session, PIDTYPE_SID, p);
1933 if (o_tty)
1934 do_each_task_pid(o_tty->session, PIDTYPE_SID, p) {
1935 p->signal->tty = NULL;
1936 } while_each_task_pid(o_tty->session, PIDTYPE_SID, p);
1937 read_unlock(&tasklist_lock);
1938 }
1939
1940 /* check whether both sides are closing ... */
1941 if (!tty_closing || (o_tty && !o_tty_closing))
1942 return;
1943
1944#ifdef TTY_DEBUG_HANGUP
1945 printk(KERN_DEBUG "freeing tty structure...");
1946#endif
1947 /*
1948 * Prevent flush_to_ldisc() from rescheduling the work for later. Then
1949 * kill any delayed work. As this is the final close it does not
1950 * race with the set_ldisc code path.
1951 */
1952 clear_bit(TTY_LDISC, &tty->flags);
1953 clear_bit(TTY_DONT_FLIP, &tty->flags);
33f0f88f 1954 cancel_delayed_work(&tty->buf.work);
1da177e4
LT		 1955
1956 /*
33f0f88f 1957 * Wait for ->hangup_work and ->buf.work handlers to terminate
1da177e4
LT		 1958 */
1959
1960 flush_scheduled_work();
1961
1962 /*
1963 * Wait for any short term users (we know they are just driver
1964 * side waiters as the file is closing so user count on the file
1965 * side is zero.
1966 */
1967 spin_lock_irqsave(&tty_ldisc_lock, flags);
1968 while(tty->ldisc.refcount)
1969 {
1970 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1971 wait_event(tty_ldisc_wait, tty->ldisc.refcount == 0);
1972 spin_lock_irqsave(&tty_ldisc_lock, flags);
1973 }
1974 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1975 /*
1976 * Shutdown the current line discipline, and reset it to N_TTY.
1977 * N.B. why reset ldisc when we're releasing the memory??
1978 *
1979 * FIXME: this MUST get fixed for the new reflocking
1980 */
1981 if (tty->ldisc.close)
1982 (tty->ldisc.close)(tty);
1983 tty_ldisc_put(tty->ldisc.num);
1984
1985 /*
1986 * Switch the line discipline back
1987 */
1988 tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
1989 tty_set_termios_ldisc(tty,N_TTY);
1990 if (o_tty) {
1991 /* FIXME: could o_tty be in setldisc here ? */
1992 clear_bit(TTY_LDISC, &o_tty->flags);
1993 if (o_tty->ldisc.close)
1994 (o_tty->ldisc.close)(o_tty);
1995 tty_ldisc_put(o_tty->ldisc.num);
1996 tty_ldisc_assign(o_tty, tty_ldisc_get(N_TTY));
1997 tty_set_termios_ldisc(o_tty,N_TTY);
1998 }
1999 /*
2000 * The release_mem function takes care of the details of clearing
2001 * the slots and preserving the termios structure.
2002 */
2003 release_mem(tty, idx);
2004
2005#ifdef CONFIG_UNIX98_PTYS
2006 /* Make this pty number available for reallocation */
2007 if (devpts) {
2008 down(&allocated_ptys_lock);
2009 idr_remove(&allocated_ptys, idx);
2010 up(&allocated_ptys_lock);
2011 }
2012#endif
2013
2014}
2015
2016/*
2017 * tty_open and tty_release keep up the tty count that contains the
2018 * number of opens done on a tty. We cannot use the inode-count, as
2019 * different inodes might point to the same tty.
2020 *
2021 * Open-counting is needed for pty masters, as well as for keeping
2022 * track of serial lines: DTR is dropped when the last close happens.
2023 * (This is not done solely through tty->count, now. - Ted 1/27/92)
2024 *
2025 * The termios state of a pty is reset on first open so that
2026 * settings don't persist across reuse.
2027 */
2028static int tty_open(struct inode * inode, struct file * filp)
2029{
2030 struct tty_struct *tty;
2031 int noctty, retval;
2032 struct tty_driver *driver;
2033 int index;
2034 dev_t device = inode->i_rdev;
2035 unsigned short saved_flags = filp->f_flags;
2036
2037 nonseekable_open(inode, filp);
2038
2039retry_open:
2040 noctty = filp->f_flags & O_NOCTTY;
2041 index = -1;
2042 retval = 0;
2043
2044 down(&tty_sem);
2045
2046 if (device == MKDEV(TTYAUX_MAJOR,0)) {
2047 if (!current->signal->tty) {
2048 up(&tty_sem);
2049 return -ENXIO;
2050 }
2051 driver = current->signal->tty->driver;
2052 index = current->signal->tty->index;
2053 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
2054 /* noctty = 1; */
2055 goto got_driver;
2056 }
2057#ifdef CONFIG_VT
2058 if (device == MKDEV(TTY_MAJOR,0)) {
2059 extern struct tty_driver *console_driver;
2060 driver = console_driver;
2061 index = fg_console;
2062 noctty = 1;
2063 goto got_driver;
2064 }
2065#endif
2066 if (device == MKDEV(TTYAUX_MAJOR,1)) {
2067 driver = console_device(&index);
2068 if (driver) {
2069 /* Don't let /dev/console block */
2070 filp->f_flags |= O_NONBLOCK;
2071 noctty = 1;
2072 goto got_driver;
2073 }
2074 up(&tty_sem);
2075 return -ENODEV;
2076 }
2077
2078 driver = get_tty_driver(device, &index);
2079 if (!driver) {
2080 up(&tty_sem);
2081 return -ENODEV;
2082 }
2083got_driver:
2084 retval = init_dev(driver, index, &tty);
2085 up(&tty_sem);
2086 if (retval)
2087 return retval;
2088
2089 filp->private_data = tty;
2090 file_move(filp, &tty->tty_files);
2091 check_tty_count(tty, "tty_open");
2092 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2093 tty->driver->subtype == PTY_TYPE_MASTER)
2094 noctty = 1;
2095#ifdef TTY_DEBUG_HANGUP
2096 printk(KERN_DEBUG "opening %s...", tty->name);
2097#endif
2098 if (!retval) {
2099 if (tty->driver->open)
2100 retval = tty->driver->open(tty, filp);
2101 else
2102 retval = -ENODEV;
2103 }
2104 filp->f_flags = saved_flags;
2105
2106 if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN))
2107 retval = -EBUSY;
2108
2109 if (retval) {
2110#ifdef TTY_DEBUG_HANGUP
2111 printk(KERN_DEBUG "error %d in opening %s...", retval,
2112 tty->name);
2113#endif
2114 release_dev(filp);
2115 if (retval != -ERESTARTSYS)
2116 return retval;
2117 if (signal_pending(current))
2118 return retval;
2119 schedule();
2120 /*
2121 * Need to reset f_op in case a hangup happened.
2122 */
2123 if (filp->f_op == &hung_up_tty_fops)
2124 filp->f_op = &tty_fops;
2125 goto retry_open;
2126 }
2127 if (!noctty &&
2128 current->signal->leader &&
2129 !current->signal->tty &&
2130 tty->session == 0) {
2131 task_lock(current);
2132 current->signal->tty = tty;
2133 task_unlock(current);
2134 current->signal->tty_old_pgrp = 0;
2135 tty->session = current->signal->session;
2136 tty->pgrp = process_group(current);
2137 }
2138 return 0;
2139}
2140
2141#ifdef CONFIG_UNIX98_PTYS
2142static int ptmx_open(struct inode * inode, struct file * filp)
2143{
2144 struct tty_struct *tty;
2145 int retval;
2146 int index;
2147 int idr_ret;
2148
2149 nonseekable_open(inode, filp);
2150
2151 /* find a device that is not in use. */
2152 down(&allocated_ptys_lock);
2153 if (!idr_pre_get(&allocated_ptys, GFP_KERNEL)) {
2154 up(&allocated_ptys_lock);
2155 return -ENOMEM;
2156 }
2157 idr_ret = idr_get_new(&allocated_ptys, NULL, &index);
2158 if (idr_ret < 0) {
2159 up(&allocated_ptys_lock);
2160 if (idr_ret == -EAGAIN)
2161 return -ENOMEM;
2162 return -EIO;
2163 }
2164 if (index >= pty_limit) {
2165 idr_remove(&allocated_ptys, index);
2166 up(&allocated_ptys_lock);
2167 return -EIO;
2168 }
2169 up(&allocated_ptys_lock);
2170
2171 down(&tty_sem);
2172 retval = init_dev(ptm_driver, index, &tty);
2173 up(&tty_sem);
2174
2175 if (retval)
2176 goto out;
2177
2178 set_bit(TTY_PTY_LOCK, &tty->flags); /* LOCK THE SLAVE */
2179 filp->private_data = tty;
2180 file_move(filp, &tty->tty_files);
2181
2182 retval = -ENOMEM;
2183 if (devpts_pty_new(tty->link))
2184 goto out1;
2185
2186 check_tty_count(tty, "tty_open");
2187 retval = ptm_driver->open(tty, filp);
2188 if (!retval)
2189 return 0;
2190out1:
2191 release_dev(filp);
2192out:
2193 down(&allocated_ptys_lock);
2194 idr_remove(&allocated_ptys, index);
2195 up(&allocated_ptys_lock);
2196 return retval;
2197}
2198#endif
2199
2200static int tty_release(struct inode * inode, struct file * filp)
2201{
2202 lock_kernel();
2203 release_dev(filp);
2204 unlock_kernel();
2205 return 0;
2206}
2207
2208/* No kernel lock held - fine */
2209static unsigned int tty_poll(struct file * filp, poll_table * wait)
2210{
2211 struct tty_struct * tty;
2212 struct tty_ldisc *ld;
2213 int ret = 0;
2214
2215 tty = (struct tty_struct *)filp->private_data;
2216 if (tty_paranoia_check(tty, filp->f_dentry->d_inode, "tty_poll"))
2217 return 0;
2218
2219 ld = tty_ldisc_ref_wait(tty);
2220 if (ld->poll)
2221 ret = (ld->poll)(tty, filp, wait);
2222 tty_ldisc_deref(ld);
2223 return ret;
2224}
2225
2226static int tty_fasync(int fd, struct file * filp, int on)
2227{
2228 struct tty_struct * tty;
2229 int retval;
2230
2231 tty = (struct tty_struct *)filp->private_data;
2232 if (tty_paranoia_check(tty, filp->f_dentry->d_inode, "tty_fasync"))
2233 return 0;
2234
2235 retval = fasync_helper(fd, filp, on, &tty->fasync);
2236 if (retval <= 0)
2237 return retval;
2238
2239 if (on) {
2240 if (!waitqueue_active(&tty->read_wait))
2241 tty->minimum_to_wake = 1;
2242 retval = f_setown(filp, (-tty->pgrp) ? : current->pid, 0);
2243 if (retval)
2244 return retval;
2245 } else {
2246 if (!tty->fasync && !waitqueue_active(&tty->read_wait))
2247 tty->minimum_to_wake = N_TTY_BUF_SIZE;
2248 }
2249 return 0;
2250}
2251
2252static int tiocsti(struct tty_struct *tty, char __user *p)
2253{
2254 char ch, mbz = 0;
2255 struct tty_ldisc *ld;
2256
2257 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2258 return -EPERM;
2259 if (get_user(ch, p))
2260 return -EFAULT;
2261 ld = tty_ldisc_ref_wait(tty);
2262 ld->receive_buf(tty, &ch, &mbz, 1);
2263 tty_ldisc_deref(ld);
2264 return 0;
2265}
2266
2267static int tiocgwinsz(struct tty_struct *tty, struct winsize __user * arg)
2268{
2269 if (copy_to_user(arg, &tty->winsize, sizeof(*arg)))
2270 return -EFAULT;
2271 return 0;
2272}
2273
2274static int tiocswinsz(struct tty_struct *tty, struct tty_struct *real_tty,
2275 struct winsize __user * arg)
2276{
2277 struct winsize tmp_ws;
2278
2279 if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2280 return -EFAULT;
2281 if (!memcmp(&tmp_ws, &tty->winsize, sizeof(*arg)))
2282 return 0;
2283#ifdef CONFIG_VT
2284 if (tty->driver->type == TTY_DRIVER_TYPE_CONSOLE) {
2285 int rc;
2286
2287 acquire_console_sem();
2288 rc = vc_resize(tty->driver_data, tmp_ws.ws_col, tmp_ws.ws_row);
2289 release_console_sem();
2290 if (rc)
2291 return -ENXIO;
2292 }
2293#endif
2294 if (tty->pgrp > 0)
2295 kill_pg(tty->pgrp, SIGWINCH, 1);
2296 if ((real_tty->pgrp != tty->pgrp) && (real_tty->pgrp > 0))
2297 kill_pg(real_tty->pgrp, SIGWINCH, 1);
2298 tty->winsize = tmp_ws;
2299 real_tty->winsize = tmp_ws;
2300 return 0;
2301}
2302
2303static int tioccons(struct file *file)
2304{
2305 if (!capable(CAP_SYS_ADMIN))
2306 return -EPERM;
2307 if (file->f_op->write == redirected_tty_write) {
2308 struct file *f;
2309 spin_lock(&redirect_lock);
2310 f = redirect;
2311 redirect = NULL;
2312 spin_unlock(&redirect_lock);
2313 if (f)
2314 fput(f);
2315 return 0;
2316 }
2317 spin_lock(&redirect_lock);
2318 if (redirect) {
2319 spin_unlock(&redirect_lock);
2320 return -EBUSY;
2321 }
2322 get_file(file);
2323 redirect = file;
2324 spin_unlock(&redirect_lock);
2325 return 0;
2326}
2327
2328
2329static int fionbio(struct file *file, int __user *p)
2330{
2331 int nonblock;
2332
2333 if (get_user(nonblock, p))
2334 return -EFAULT;
2335
2336 if (nonblock)
2337 file->f_flags |= O_NONBLOCK;
2338 else
2339 file->f_flags &= ~O_NONBLOCK;
2340 return 0;
2341}
2342
2343static int tiocsctty(struct tty_struct *tty, int arg)
2344{
2345 task_t *p;
2346
2347 if (current->signal->leader &&
2348 (current->signal->session == tty->session))
2349 return 0;
2350 /*
2351 * The process must be a session leader and
2352 * not have a controlling tty already.
2353 */
2354 if (!current->signal->leader || current->signal->tty)
2355 return -EPERM;
2356 if (tty->session > 0) {
2357 /*
2358 * This tty is already the controlling
2359 * tty for another session group!
2360 */
2361 if ((arg == 1) && capable(CAP_SYS_ADMIN)) {
2362 /*
2363 * Steal it away
2364 */
2365
2366 read_lock(&tasklist_lock);
2367 do_each_task_pid(tty->session, PIDTYPE_SID, p) {
2368 p->signal->tty = NULL;
2369 } while_each_task_pid(tty->session, PIDTYPE_SID, p);
2370 read_unlock(&tasklist_lock);
2371 } else
2372 return -EPERM;
2373 }
2374 task_lock(current);
2375 current->signal->tty = tty;
2376 task_unlock(current);
2377 current->signal->tty_old_pgrp = 0;
2378 tty->session = current->signal->session;
2379 tty->pgrp = process_group(current);
2380 return 0;
2381}
2382
2383static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2384{
2385 /*
2386 * (tty == real_tty) is a cheap way of
2387 * testing if the tty is NOT a master pty.
2388 */
2389 if (tty == real_tty && current->signal->tty != real_tty)
2390 return -ENOTTY;
2391 return put_user(real_tty->pgrp, p);
2392}
2393
2394static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2395{
2396 pid_t pgrp;
2397 int retval = tty_check_change(real_tty);
2398
2399 if (retval == -EIO)
2400 return -ENOTTY;
2401 if (retval)
2402 return retval;
2403 if (!current->signal->tty ||
2404 (current->signal->tty != real_tty) ||
2405 (real_tty->session != current->signal->session))
2406 return -ENOTTY;
2407 if (get_user(pgrp, p))
2408 return -EFAULT;
2409 if (pgrp < 0)
2410 return -EINVAL;
2411 if (session_of_pgrp(pgrp) != current->signal->session)
2412 return -EPERM;
2413 real_tty->pgrp = pgrp;
2414 return 0;
2415}
2416
2417static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2418{
2419 /*
2420 * (tty == real_tty) is a cheap way of
2421 * testing if the tty is NOT a master pty.
2422 */
2423 if (tty == real_tty && current->signal->tty != real_tty)
2424 return -ENOTTY;
2425 if (real_tty->session <= 0)
2426 return -ENOTTY;
2427 return put_user(real_tty->session, p);
2428}
2429
2430static int tiocsetd(struct tty_struct *tty, int __user *p)
2431{
2432 int ldisc;
2433
2434 if (get_user(ldisc, p))
2435 return -EFAULT;
2436 return tty_set_ldisc(tty, ldisc);
2437}
2438
b20f3ae5 2439static int send_break(struct tty_struct *tty, unsigned int duration)
1da177e4
LT		 2440{
2441 tty->driver->break_ctl(tty, -1);
2442 if (!signal_pending(current)) {
b20f3ae5 2443 msleep_interruptible(duration);
1da177e4
LT		 2444 }
2445 tty->driver->break_ctl(tty, 0);
2446 if (signal_pending(current))
2447 return -EINTR;
2448 return 0;
2449}
2450
2451static int
2452tty_tiocmget(struct tty_struct *tty, struct file *file, int __user *p)
2453{
2454 int retval = -EINVAL;
2455
2456 if (tty->driver->tiocmget) {
2457 retval = tty->driver->tiocmget(tty, file);
2458
2459 if (retval >= 0)
2460 retval = put_user(retval, p);
2461 }
2462 return retval;
2463}
2464
2465static int
2466tty_tiocmset(struct tty_struct *tty, struct file *file, unsigned int cmd,
2467 unsigned __user *p)
2468{
2469 int retval = -EINVAL;
2470
2471 if (tty->driver->tiocmset) {
2472 unsigned int set, clear, val;
2473
2474 retval = get_user(val, p);
2475 if (retval)
2476 return retval;
2477
2478 set = clear = 0;
2479 switch (cmd) {
2480 case TIOCMBIS:
2481 set = val;
2482 break;
2483 case TIOCMBIC:
2484 clear = val;
2485 break;
2486 case TIOCMSET:
2487 set = val;
2488 clear = ~val;
2489 break;
2490 }
2491
2492 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2493 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2494
2495 retval = tty->driver->tiocmset(tty, file, set, clear);
2496 }
2497 return retval;
2498}
2499
2500/*
2501 * Split this up, as gcc can choke on it otherwise..
2502 */
2503int tty_ioctl(struct inode * inode, struct file * file,
2504 unsigned int cmd, unsigned long arg)
2505{
2506 struct tty_struct *tty, *real_tty;
2507 void __user *p = (void __user *)arg;
2508 int retval;
2509 struct tty_ldisc *ld;
2510
2511 tty = (struct tty_struct *)file->private_data;
2512 if (tty_paranoia_check(tty, inode, "tty_ioctl"))
2513 return -EINVAL;
2514
2515 real_tty = tty;
2516 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2517 tty->driver->subtype == PTY_TYPE_MASTER)
2518 real_tty = tty->link;
2519
2520 /*
2521 * Break handling by driver
2522 */
2523 if (!tty->driver->break_ctl) {
2524 switch(cmd) {
2525 case TIOCSBRK:
2526 case TIOCCBRK:
2527 if (tty->driver->ioctl)
2528 return tty->driver->ioctl(tty, file, cmd, arg);
2529 return -EINVAL;
2530
2531 /* These two ioctl's always return success; even if */
2532 /* the driver doesn't support them. */
2533 case TCSBRK:
2534 case TCSBRKP:
2535 if (!tty->driver->ioctl)
2536 return 0;
2537 retval = tty->driver->ioctl(tty, file, cmd, arg);
2538 if (retval == -ENOIOCTLCMD)
2539 retval = 0;
2540 return retval;
2541 }
2542 }
2543
2544 /*
2545 * Factor out some common prep work
2546 */
2547 switch (cmd) {
2548 case TIOCSETD:
2549 case TIOCSBRK:
2550 case TIOCCBRK:
2551 case TCSBRK:
2552 case TCSBRKP:
2553 retval = tty_check_change(tty);
2554 if (retval)
2555 return retval;
2556 if (cmd != TIOCCBRK) {
2557 tty_wait_until_sent(tty, 0);
2558 if (signal_pending(current))
2559 return -EINTR;
2560 }
2561 break;
2562 }
2563
2564 switch (cmd) {
2565 case TIOCSTI:
2566 return tiocsti(tty, p);
2567 case TIOCGWINSZ:
2568 return tiocgwinsz(tty, p);
2569 case TIOCSWINSZ:
2570 return tiocswinsz(tty, real_tty, p);
2571 case TIOCCONS:
2572 return real_tty!=tty ? -EINVAL : tioccons(file);
2573 case FIONBIO:
2574 return fionbio(file, p);
2575 case TIOCEXCL:
2576 set_bit(TTY_EXCLUSIVE, &tty->flags);
2577 return 0;
2578 case TIOCNXCL:
2579 clear_bit(TTY_EXCLUSIVE, &tty->flags);
2580 return 0;
2581 case TIOCNOTTY:
2582 if (current->signal->tty != tty)
2583 return -ENOTTY;
2584 if (current->signal->leader)
2585 disassociate_ctty(0);
2586 task_lock(current);
2587 current->signal->tty = NULL;
2588 task_unlock(current);
2589 return 0;
2590 case TIOCSCTTY:
2591 return tiocsctty(tty, arg);
2592 case TIOCGPGRP:
2593 return tiocgpgrp(tty, real_tty, p);
2594 case TIOCSPGRP:
2595 return tiocspgrp(tty, real_tty, p);
2596 case TIOCGSID:
2597 return tiocgsid(tty, real_tty, p);
2598 case TIOCGETD:
2599 /* FIXME: check this is ok */
2600 return put_user(tty->ldisc.num, (int __user *)p);
2601 case TIOCSETD:
2602 return tiocsetd(tty, p);
2603#ifdef CONFIG_VT
2604 case TIOCLINUX:
2605 return tioclinux(tty, arg);
2606#endif
2607 /*
2608 * Break handling
2609 */
2610 case TIOCSBRK: /* Turn break on, unconditionally */
2611 tty->driver->break_ctl(tty, -1);
2612 return 0;
2613
2614 case TIOCCBRK: /* Turn break off, unconditionally */
2615 tty->driver->break_ctl(tty, 0);
2616 return 0;
2617 case TCSBRK: /* SVID version: non-zero arg --> no break */
2618 /*
2619 * XXX is the above comment correct, or the
2620 * code below correct? Is this ioctl used at
2621 * all by anyone?
2622 */
2623 if (!arg)
b20f3ae5 2624 return send_break(tty, 250);
1da177e4
LT		 2625 return 0;
2626 case TCSBRKP: /* support for POSIX tcsendbreak() */
b20f3ae5 2627 return send_break(tty, arg ? arg*100 : 250);
1da177e4
LT		 2628
2629 case TIOCMGET:
2630 return tty_tiocmget(tty, file, p);
2631
2632 case TIOCMSET:
2633 case TIOCMBIC:
2634 case TIOCMBIS:
2635 return tty_tiocmset(tty, file, cmd, p);
2636 }
2637 if (tty->driver->ioctl) {
2638 retval = (tty->driver->ioctl)(tty, file, cmd, arg);
2639 if (retval != -ENOIOCTLCMD)
2640 return retval;
2641 }
2642 ld = tty_ldisc_ref_wait(tty);
2643 retval = -EINVAL;
2644 if (ld->ioctl) {
2645 retval = ld->ioctl(tty, file, cmd, arg);
2646 if (retval == -ENOIOCTLCMD)
2647 retval = -EINVAL;
2648 }
2649 tty_ldisc_deref(ld);
2650 return retval;
2651}
2652
2653
2654/*
2655 * This implements the "Secure Attention Key" --- the idea is to
2656 * prevent trojan horses by killing all processes associated with this
2657 * tty when the user hits the "Secure Attention Key". Required for
2658 * super-paranoid applications --- see the Orange Book for more details.
2659 *
2660 * This code could be nicer; ideally it should send a HUP, wait a few
2661 * seconds, then send a INT, and then a KILL signal. But you then
2662 * have to coordinate with the init process, since all processes associated
2663 * with the current tty must be dead before the new getty is allowed
2664 * to spawn.
2665 *
2666 * Now, if it would be correct ;-/ The current code has a nasty hole -
2667 * it doesn't catch files in flight. We may send the descriptor to ourselves
2668 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
2669 *
2670 * Nasty bug: do_SAK is being called in interrupt context. This can
2671 * deadlock. We punt it up to process context. AKPM - 16Mar2001
2672 */
2673static void __do_SAK(void *arg)
2674{
2675#ifdef TTY_SOFT_SAK
2676 tty_hangup(tty);
2677#else
2678 struct tty_struct *tty = arg;
2679 struct task_struct *p;
2680 int session;
2681 int i;
2682 struct file *filp;
2683 struct tty_ldisc *disc;
badf1662 2684 struct fdtable *fdt;
1da177e4
LT		 2685
2686 if (!tty)
2687 return;
2688 session = tty->session;
2689
2690 /* We don't want an ldisc switch during this */
2691 disc = tty_ldisc_ref(tty);
2692 if (disc && disc->flush_buffer)
2693 disc->flush_buffer(tty);
2694 tty_ldisc_deref(disc);
2695
2696 if (tty->driver->flush_buffer)
2697 tty->driver->flush_buffer(tty);
2698
2699 read_lock(&tasklist_lock);
2700 do_each_task_pid(session, PIDTYPE_SID, p) {
2701 if (p->signal->tty == tty || session > 0) {
2702 printk(KERN_NOTICE "SAK: killed process %d"
2703 " (%s): p->signal->session==tty->session\n",
2704 p->pid, p->comm);
2705 send_sig(SIGKILL, p, 1);
2706 continue;
2707 }
2708 task_lock(p);
2709 if (p->files) {
b835996f 2710 rcu_read_lock();
badf1662
DS		 2711 fdt = files_fdtable(p->files);
2712 for (i=0; i < fdt->max_fds; i++) {
1da177e4
LT		 2713 filp = fcheck_files(p->files, i);
2714 if (!filp)
2715 continue;
2716 if (filp->f_op->read == tty_read &&
2717 filp->private_data == tty) {
2718 printk(KERN_NOTICE "SAK: killed process %d"
2719 " (%s): fd#%d opened to the tty\n",
2720 p->pid, p->comm, i);
2721 send_sig(SIGKILL, p, 1);
2722 break;
2723 }
2724 }
b835996f 2725 rcu_read_unlock();
1da177e4
LT		 2726 }
2727 task_unlock(p);
2728 } while_each_task_pid(session, PIDTYPE_SID, p);
2729 read_unlock(&tasklist_lock);
2730#endif
2731}
2732
2733/*
2734 * The tq handling here is a little racy - tty->SAK_work may already be queued.
2735 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
2736 * the values which we write to it will be identical to the values which it
2737 * already has. --akpm
2738 */
2739void do_SAK(struct tty_struct *tty)
2740{
2741 if (!tty)
2742 return;
2743 PREPARE_WORK(&tty->SAK_work, __do_SAK, tty);
2744 schedule_work(&tty->SAK_work);
2745}
2746
2747EXPORT_SYMBOL(do_SAK);
2748
2749/*
2750 * This routine is called out of the software interrupt to flush data
33f0f88f 2751 * from the buffer chain to the line discipline.
1da177e4
LT		 2752 */
2753
2754static void flush_to_ldisc(void *private_)
2755{
2756 struct tty_struct *tty = (struct tty_struct *) private_;
1da177e4
LT		 2757 unsigned long flags;
2758 struct tty_ldisc *disc;
33f0f88f 2759 struct tty_buffer *tbuf;
8977d929
PF		 2760 int count;
2761 char *char_buf;
2762 unsigned char *flag_buf;
1da177e4
LT		 2763
2764 disc = tty_ldisc_ref(tty);
2765 if (disc == NULL) /* !TTY_LDISC */
2766 return;
2767
2768 if (test_bit(TTY_DONT_FLIP, &tty->flags)) {
2769 /*
2770 * Do it after the next timer tick:
2771 */
33f0f88f 2772 schedule_delayed_work(&tty->buf.work, 1);
1da177e4
LT		 2773 goto out;
2774 }
808249ce 2775 spin_lock_irqsave(&tty->buf.lock, flags);
8977d929
PF		 2776 while((tbuf = tty->buf.head) != NULL) {
2777 while ((count = tbuf->commit - tbuf->read) != 0) {
2778 char_buf = tbuf->char_buf_ptr + tbuf->read;
2779 flag_buf = tbuf->flag_buf_ptr + tbuf->read;
2780 tbuf->read += count;
2781 spin_unlock_irqrestore(&tty->buf.lock, flags);
2782 disc->receive_buf(tty, char_buf, flag_buf, count);
2783 spin_lock_irqsave(&tty->buf.lock, flags);
2784 }
2785 if (tbuf->active)
2786 break;
33f0f88f 2787 tty->buf.head = tbuf->next;
607f4e38
PF		 2788 if (tty->buf.head == NULL)
2789 tty->buf.tail = NULL;
33f0f88f
AC		 2790 tty_buffer_free(tty, tbuf);
2791 }
808249ce 2792 spin_unlock_irqrestore(&tty->buf.lock, flags);
1da177e4
LT		 2793out:
2794 tty_ldisc_deref(disc);
2795}
2796
2797/*
2798 * Routine which returns the baud rate of the tty
2799 *
2800 * Note that the baud_table needs to be kept in sync with the
2801 * include/asm/termbits.h file.
2802 */
2803static int baud_table[] = {
2804 0, 50, 75, 110, 134, 150, 200, 300, 600, 1200, 1800, 2400, 4800,
2805 9600, 19200, 38400, 57600, 115200, 230400, 460800,
2806#ifdef __sparc__
2807 76800, 153600, 307200, 614400, 921600
2808#else
2809 500000, 576000, 921600, 1000000, 1152000, 1500000, 2000000,
2810 2500000, 3000000, 3500000, 4000000
2811#endif
2812};
2813
2814static int n_baud_table = ARRAY_SIZE(baud_table);
2815
2816/**
2817 * tty_termios_baud_rate
2818 * @termios: termios structure
2819 *
2820 * Convert termios baud rate data into a speed. This should be called
2821 * with the termios lock held if this termios is a terminal termios
2822 * structure. May change the termios data.
2823 */
2824
2825int tty_termios_baud_rate(struct termios *termios)
2826{
2827 unsigned int cbaud;
2828
2829 cbaud = termios->c_cflag & CBAUD;
2830
2831 if (cbaud & CBAUDEX) {
2832 cbaud &= ~CBAUDEX;
2833
2834 if (cbaud < 1 || cbaud + 15 > n_baud_table)
2835 termios->c_cflag &= ~CBAUDEX;
2836 else
2837 cbaud += 15;
2838 }
2839 return baud_table[cbaud];
2840}
2841
2842EXPORT_SYMBOL(tty_termios_baud_rate);
2843
2844/**
2845 * tty_get_baud_rate - get tty bit rates
2846 * @tty: tty to query
2847 *
2848 * Returns the baud rate as an integer for this terminal. The
2849 * termios lock must be held by the caller and the terminal bit
2850 * flags may be updated.
2851 */
2852
2853int tty_get_baud_rate(struct tty_struct *tty)
2854{
2855 int baud = tty_termios_baud_rate(tty->termios);
2856
2857 if (baud == 38400 && tty->alt_speed) {
2858 if (!tty->warned) {
2859 printk(KERN_WARNING "Use of setserial/setrocket to "
2860 "set SPD_* flags is deprecated\n");
2861 tty->warned = 1;
2862 }
2863 baud = tty->alt_speed;
2864 }
2865
2866 return baud;
2867}
2868
2869EXPORT_SYMBOL(tty_get_baud_rate);
2870
2871/**
2872 * tty_flip_buffer_push - terminal
2873 * @tty: tty to push
2874 *
2875 * Queue a push of the terminal flip buffers to the line discipline. This
2876 * function must not be called from IRQ context if tty->low_latency is set.
2877 *
2878 * In the event of the queue being busy for flipping the work will be
2879 * held off and retried later.
2880 */
2881
2882void tty_flip_buffer_push(struct tty_struct *tty)
2883{
808249ce
PF		 2884 unsigned long flags;
2885 spin_lock_irqsave(&tty->buf.lock, flags);
8977d929 2886 if (tty->buf.tail != NULL) {
808249ce 2887 tty->buf.tail->active = 0;
8977d929
PF		 2888 tty->buf.tail->commit = tty->buf.tail->used;
2889 }
808249ce
PF		 2890 spin_unlock_irqrestore(&tty->buf.lock, flags);
2891
1da177e4
LT		 2892 if (tty->low_latency)
2893 flush_to_ldisc((void *) tty);
2894 else
33f0f88f 2895 schedule_delayed_work(&tty->buf.work, 1);
1da177e4
LT		 2896}
2897
2898EXPORT_SYMBOL(tty_flip_buffer_push);
2899
33f0f88f 2900
1da177e4
LT		 2901/*
2902 * This subroutine initializes a tty structure.
2903 */
2904static void initialize_tty_struct(struct tty_struct *tty)
2905{
2906 memset(tty, 0, sizeof(struct tty_struct));
2907 tty->magic = TTY_MAGIC;
2908 tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
2909 tty->pgrp = -1;
2910 tty->overrun_time = jiffies;
33f0f88f
AC		 2911 tty->buf.head = tty->buf.tail = NULL;
2912 tty_buffer_init(tty);
2913 INIT_WORK(&tty->buf.work, flush_to_ldisc, tty);
2914 init_MUTEX(&tty->buf.pty_sem);
1da177e4
LT		 2915 init_MUTEX(&tty->termios_sem);
2916 init_waitqueue_head(&tty->write_wait);
2917 init_waitqueue_head(&tty->read_wait);
2918 INIT_WORK(&tty->hangup_work, do_tty_hangup, tty);
2919 sema_init(&tty->atomic_read, 1);
2920 sema_init(&tty->atomic_write, 1);
2921 spin_lock_init(&tty->read_lock);
2922 INIT_LIST_HEAD(&tty->tty_files);
2923 INIT_WORK(&tty->SAK_work, NULL, NULL);
2924}
2925
2926/*
2927 * The default put_char routine if the driver did not define one.
2928 */
2929static void tty_default_put_char(struct tty_struct *tty, unsigned char ch)
2930{
2931 tty->driver->write(tty, &ch, 1);
2932}
2933
7fe845d1 2934static struct class *tty_class;
1da177e4
LT		 2935
2936/**
2937 * tty_register_device - register a tty device
2938 * @driver: the tty driver that describes the tty device
2939 * @index: the index in the tty driver for this tty device
2940 * @device: a struct device that is associated with this tty device.
2941 * This field is optional, if there is no known struct device for this
2942 * tty device it can be set to NULL safely.
2943 *
2944 * This call is required to be made to register an individual tty device if
2945 * the tty driver's flags have the TTY_DRIVER_NO_DEVFS bit set. If that
2946 * bit is not set, this function should not be called.
2947 */
2948void tty_register_device(struct tty_driver *driver, unsigned index,
2949 struct device *device)
2950{
2951 char name[64];
2952 dev_t dev = MKDEV(driver->major, driver->minor_start) + index;
2953
2954 if (index >= driver->num) {
2955 printk(KERN_ERR "Attempt to register invalid tty line number "
2956 " (%d).\n", index);
2957 return;
2958 }
2959
2960 devfs_mk_cdev(dev, S_IFCHR | S_IRUSR | S_IWUSR,
2961 "%s%d", driver->devfs_name, index + driver->name_base);
2962
2963 if (driver->type == TTY_DRIVER_TYPE_PTY)
2964 pty_line_name(driver, index, name);
2965 else
2966 tty_line_name(driver, index, name);
53f46542 2967 class_device_create(tty_class, NULL, dev, device, "%s", name);
1da177e4
LT		 2968}
2969
2970/**
2971 * tty_unregister_device - unregister a tty device
2972 * @driver: the tty driver that describes the tty device
2973 * @index: the index in the tty driver for this tty device
2974 *
2975 * If a tty device is registered with a call to tty_register_device() then
2976 * this function must be made when the tty device is gone.
2977 */
2978void tty_unregister_device(struct tty_driver *driver, unsigned index)
2979{
2980 devfs_remove("%s%d", driver->devfs_name, index + driver->name_base);
7fe845d1 2981 class_device_destroy(tty_class, MKDEV(driver->major, driver->minor_start) + index);
1da177e4
LT		 2982}
2983
2984EXPORT_SYMBOL(tty_register_device);
2985EXPORT_SYMBOL(tty_unregister_device);
2986
2987struct tty_driver *alloc_tty_driver(int lines)
2988{
2989 struct tty_driver *driver;
2990
2991 driver = kmalloc(sizeof(struct tty_driver), GFP_KERNEL);
2992 if (driver) {
2993 memset(driver, 0, sizeof(struct tty_driver));
2994 driver->magic = TTY_DRIVER_MAGIC;
2995 driver->num = lines;
2996 /* later we'll move allocation of tables here */
2997 }
2998 return driver;
2999}
3000
3001void put_tty_driver(struct tty_driver *driver)
3002{
3003 kfree(driver);
3004}
3005
3006void tty_set_operations(struct tty_driver *driver, struct tty_operations *op)
3007{
3008 driver->open = op->open;
3009 driver->close = op->close;
3010 driver->write = op->write;
3011 driver->put_char = op->put_char;
3012 driver->flush_chars = op->flush_chars;
3013 driver->write_room = op->write_room;
3014 driver->chars_in_buffer = op->chars_in_buffer;
3015 driver->ioctl = op->ioctl;
3016 driver->set_termios = op->set_termios;
3017 driver->throttle = op->throttle;
3018 driver->unthrottle = op->unthrottle;
3019 driver->stop = op->stop;
3020 driver->start = op->start;
3021 driver->hangup = op->hangup;
3022 driver->break_ctl = op->break_ctl;
3023 driver->flush_buffer = op->flush_buffer;
3024 driver->set_ldisc = op->set_ldisc;
3025 driver->wait_until_sent = op->wait_until_sent;
3026 driver->send_xchar = op->send_xchar;
3027 driver->read_proc = op->read_proc;
3028 driver->write_proc = op->write_proc;
3029 driver->tiocmget = op->tiocmget;
3030 driver->tiocmset = op->tiocmset;
3031}
3032
3033
3034EXPORT_SYMBOL(alloc_tty_driver);
3035EXPORT_SYMBOL(put_tty_driver);
3036EXPORT_SYMBOL(tty_set_operations);
3037
3038/*
3039 * Called by a tty driver to register itself.
3040 */
3041int tty_register_driver(struct tty_driver *driver)
3042{
3043 int error;
3044 int i;
3045 dev_t dev;
3046 void **p = NULL;
3047
3048 if (driver->flags & TTY_DRIVER_INSTALLED)
3049 return 0;
3050
3051 if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
3052 p = kmalloc(driver->num * 3 * sizeof(void *), GFP_KERNEL);
3053 if (!p)
3054 return -ENOMEM;
3055 memset(p, 0, driver->num * 3 * sizeof(void *));
3056 }
3057
3058 if (!driver->major) {
3059 error = alloc_chrdev_region(&dev, driver->minor_start, driver->num,
3060 (char*)driver->name);
3061 if (!error) {
3062 driver->major = MAJOR(dev);
3063 driver->minor_start = MINOR(dev);
3064 }
3065 } else {
3066 dev = MKDEV(driver->major, driver->minor_start);
3067 error = register_chrdev_region(dev, driver->num,
3068 (char*)driver->name);
3069 }
3070 if (error < 0) {
3071 kfree(p);
3072 return error;
3073 }
3074
3075 if (p) {
3076 driver->ttys = (struct tty_struct **)p;
3077 driver->termios = (struct termios **)(p + driver->num);
3078 driver->termios_locked = (struct termios **)(p + driver->num * 2);
3079 } else {
3080 driver->ttys = NULL;
3081 driver->termios = NULL;
3082 driver->termios_locked = NULL;
3083 }
3084
3085 cdev_init(&driver->cdev, &tty_fops);
3086 driver->cdev.owner = driver->owner;
3087 error = cdev_add(&driver->cdev, dev, driver->num);
3088 if (error) {
3089 cdev_del(&driver->cdev);
3090 unregister_chrdev_region(dev, driver->num);
3091 driver->ttys = NULL;
3092 driver->termios = driver->termios_locked = NULL;
3093 kfree(p);
3094 return error;
3095 }
3096
3097 if (!driver->put_char)
3098 driver->put_char = tty_default_put_char;
3099
3100 list_add(&driver->tty_drivers, &tty_drivers);
3101
3102 if ( !(driver->flags & TTY_DRIVER_NO_DEVFS) ) {
3103 for(i = 0; i < driver->num; i++)
3104 tty_register_device(driver, i, NULL);
3105 }
3106 proc_tty_register_driver(driver);
3107 return 0;
3108}
3109
3110EXPORT_SYMBOL(tty_register_driver);
3111
3112/*
3113 * Called by a tty driver to unregister itself.
3114 */
3115int tty_unregister_driver(struct tty_driver *driver)
3116{
3117 int i;
3118 struct termios *tp;
3119 void *p;
3120
3121 if (driver->refcount)
3122 return -EBUSY;
3123
3124 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3125 driver->num);
3126
3127 list_del(&driver->tty_drivers);
3128
3129 /*
3130 * Free the termios and termios_locked structures because
3131 * we don't want to get memory leaks when modular tty
3132 * drivers are removed from the kernel.
3133 */
3134 for (i = 0; i < driver->num; i++) {
3135 tp = driver->termios[i];
3136 if (tp) {
3137 driver->termios[i] = NULL;
3138 kfree(tp);
3139 }
3140 tp = driver->termios_locked[i];
3141 if (tp) {
3142 driver->termios_locked[i] = NULL;
3143 kfree(tp);
3144 }
3145 if (!(driver->flags & TTY_DRIVER_NO_DEVFS))
3146 tty_unregister_device(driver, i);
3147 }
3148 p = driver->ttys;
3149 proc_tty_unregister_driver(driver);
3150 driver->ttys = NULL;
3151 driver->termios = driver->termios_locked = NULL;
3152 kfree(p);
3153 cdev_del(&driver->cdev);
3154 return 0;
3155}
3156
3157EXPORT_SYMBOL(tty_unregister_driver);
3158
3159
3160/*
3161 * Initialize the console device. This is called *early*, so
3162 * we can't necessarily depend on lots of kernel help here.
3163 * Just do some early initializations, and do the complex setup
3164 * later.
3165 */
3166void __init console_init(void)
3167{
3168 initcall_t *call;
3169
3170 /* Setup the default TTY line discipline. */
3171 (void) tty_register_ldisc(N_TTY, &tty_ldisc_N_TTY);
3172
3173 /*
3174 * set up the console device so that later boot sequences can
3175 * inform about problems etc..
3176 */
3177#ifdef CONFIG_EARLY_PRINTK
3178 disable_early_printk();
1da177e4
LT		 3179#endif
3180 call = __con_initcall_start;
3181 while (call < __con_initcall_end) {
3182 (*call)();
3183 call++;
3184 }
3185}
3186
3187#ifdef CONFIG_VT
3188extern int vty_init(void);
3189#endif
3190
3191static int __init tty_class_init(void)
3192{
7fe845d1 3193 tty_class = class_create(THIS_MODULE, "tty");
1da177e4
LT		 3194 if (IS_ERR(tty_class))
3195 return PTR_ERR(tty_class);
3196 return 0;
3197}
3198
3199postcore_initcall(tty_class_init);
3200
3201/* 3/2004 jmc: why do these devices exist? */
3202
3203static struct cdev tty_cdev, console_cdev;
3204#ifdef CONFIG_UNIX98_PTYS
3205static struct cdev ptmx_cdev;
3206#endif
3207#ifdef CONFIG_VT
3208static struct cdev vc0_cdev;
3209#endif
3210
3211/*
3212 * Ok, now we can initialize the rest of the tty devices and can count
3213 * on memory allocations, interrupts etc..
3214 */
3215static int __init tty_init(void)
3216{
3217 cdev_init(&tty_cdev, &tty_fops);
3218 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3219 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3220 panic("Couldn't register /dev/tty driver\n");
3221 devfs_mk_cdev(MKDEV(TTYAUX_MAJOR, 0), S_IFCHR|S_IRUGO|S_IWUGO, "tty");
53f46542 3222 class_device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty");
1da177e4
LT		 3223
3224 cdev_init(&console_cdev, &console_fops);
3225 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3226 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3227 panic("Couldn't register /dev/console driver\n");
3228 devfs_mk_cdev(MKDEV(TTYAUX_MAJOR, 1), S_IFCHR|S_IRUSR|S_IWUSR, "console");
53f46542 3229 class_device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), NULL, "console");
1da177e4
LT		 3230
3231#ifdef CONFIG_UNIX98_PTYS
3232 cdev_init(&ptmx_cdev, &ptmx_fops);
3233 if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) ||
3234 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 2), 1, "/dev/ptmx") < 0)
3235 panic("Couldn't register /dev/ptmx driver\n");
3236 devfs_mk_cdev(MKDEV(TTYAUX_MAJOR, 2), S_IFCHR|S_IRUGO|S_IWUGO, "ptmx");
53f46542 3237 class_device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 2), NULL, "ptmx");
1da177e4
LT		 3238#endif
3239
3240#ifdef CONFIG_VT
3241 cdev_init(&vc0_cdev, &console_fops);
3242 if (cdev_add(&vc0_cdev, MKDEV(TTY_MAJOR, 0), 1) ||
3243 register_chrdev_region(MKDEV(TTY_MAJOR, 0), 1, "/dev/vc/0") < 0)
3244 panic("Couldn't register /dev/tty0 driver\n");
3245 devfs_mk_cdev(MKDEV(TTY_MAJOR, 0), S_IFCHR|S_IRUSR|S_IWUSR, "vc/0");
53f46542 3246 class_device_create(tty_class, NULL, MKDEV(TTY_MAJOR, 0), NULL, "tty0");
1da177e4
LT		 3247
3248 vty_init();
3249#endif
3250 return 0;
3251}
3252module_init(tty_init);
Linux 6.x block layer and io_uring tree(s)