projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
isicom: bring into coding style
[linux-2.6-block.git] / drivers / char / tty_io.c
CommitLineData
1da177e4
LT		 1/*
2 * linux/drivers/char/tty_io.c
3 *
4 * Copyright (C) 1991, 1992 Linus Torvalds
5 */
6
7/*
8 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
9 * or rs-channels. It also implements echoing, cooked mode etc.
10 *
11 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
12 *
13 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
14 * tty_struct and tty_queue structures. Previously there was an array
15 * of 256 tty_struct's which was statically allocated, and the
16 * tty_queue structures were allocated at boot time. Both are now
17 * dynamically allocated only when the tty is open.
18 *
19 * Also restructured routines so that there is more of a separation
20 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
21 * the low-level tty routines (serial.c, pty.c, console.c). This
37bdfb07 22 * makes for cleaner and more compact code. -TYT, 9/17/92
1da177e4
LT		 23 *
24 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
25 * which can be dynamically activated and de-activated by the line
26 * discipline handling modules (like SLIP).
27 *
28 * NOTE: pay no attention to the line discipline code (yet); its
29 * interface is still subject to change in this version...
30 * -- TYT, 1/31/92
31 *
32 * Added functionality to the OPOST tty handling. No delays, but all
33 * other bits should be there.
34 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
35 *
36 * Rewrote canonical mode and added more termios flags.
37 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
38 *
39 * Reorganized FASYNC support so mouse code can share it.
40 * -- ctm@ardi.com, 9Sep95
41 *
42 * New TIOCLINUX variants added.
43 * -- mj@k332.feld.cvut.cz, 19-Nov-95
37bdfb07 44 *
1da177e4
LT		 45 * Restrict vt switching via ioctl()
46 * -- grif@cs.ucr.edu, 5-Dec-95
47 *
48 * Move console and virtual terminal code to more appropriate files,
49 * implement CONFIG_VT and generalize console device interface.
50 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
51 *
52 * Rewrote init_dev and release_dev to eliminate races.
53 * -- Bill Hawes <whawes@star.net>, June 97
54 *
55 * Added devfs support.
56 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
57 *
58 * Added support for a Unix98-style ptmx device.
59 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
60 *
61 * Reduced memory usage for older ARM systems
62 * -- Russell King <rmk@arm.linux.org.uk>
63 *
64 * Move do_SAK() into process context. Less stack use in devfs functions.
37bdfb07
AC		 65 * alloc_tty_struct() always uses kmalloc()
66 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
1da177e4
LT		 67 */
68
1da177e4
LT		 69#include <linux/types.h>
70#include <linux/major.h>
71#include <linux/errno.h>
72#include <linux/signal.h>
73#include <linux/fcntl.h>
74#include <linux/sched.h>
75#include <linux/interrupt.h>
76#include <linux/tty.h>
77#include <linux/tty_driver.h>
78#include <linux/tty_flip.h>
79#include <linux/devpts_fs.h>
80#include <linux/file.h>
81#include <linux/console.h>
82#include <linux/timer.h>
83#include <linux/ctype.h>
84#include <linux/kd.h>
85#include <linux/mm.h>
86#include <linux/string.h>
87#include <linux/slab.h>
88#include <linux/poll.h>
89#include <linux/proc_fs.h>
90#include <linux/init.h>
91#include <linux/module.h>
92#include <linux/smp_lock.h>
93#include <linux/device.h>
94#include <linux/idr.h>
95#include <linux/wait.h>
96#include <linux/bitops.h>
b20f3ae5 97#include <linux/delay.h>
1da177e4
LT		 98
99#include <asm/uaccess.h>
100#include <asm/system.h>
101
102#include <linux/kbd_kern.h>
103#include <linux/vt_kern.h>
104#include <linux/selection.h>
1da177e4
LT		 105
106#include <linux/kmod.h>
b488893a 107#include <linux/nsproxy.h>
1da177e4
LT		 108
109#undef TTY_DEBUG_HANGUP
110
111#define TTY_PARANOIA_CHECK 1
112#define CHECK_TTY_COUNT 1
113
edc6afc5 114struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
1da177e4
LT		 115 .c_iflag = ICRNL | IXON,
116 .c_oflag = OPOST | ONLCR,
117 .c_cflag = B38400 | CS8 | CREAD | HUPCL,
118 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
119 ECHOCTL | ECHOKE | IEXTEN,
edc6afc5
AC		 120 .c_cc = INIT_C_CC,
121 .c_ispeed = 38400,
122 .c_ospeed = 38400
1da177e4
LT		 123};
124
125EXPORT_SYMBOL(tty_std_termios);
126
127/* This list gets poked at by procfs and various bits of boot up code. This
128 could do with some rationalisation such as pulling the tty proc function
129 into this file */
37bdfb07 130
1da177e4
LT		 131LIST_HEAD(tty_drivers); /* linked list of tty drivers */
132
24ec839c 133/* Mutex to protect creating and releasing a tty. This is shared with
1da177e4 134 vt.c for deeply disgusting hack reasons */
70522e12 135DEFINE_MUTEX(tty_mutex);
de2a84f2 136EXPORT_SYMBOL(tty_mutex);
1da177e4
LT		 137
138#ifdef CONFIG_UNIX98_PTYS
139extern struct tty_driver *ptm_driver; /* Unix98 pty masters; for /dev/ptmx */
37bdfb07 140extern int pty_limit; /* Config limit on Unix98 ptys */
1da177e4 141static DEFINE_IDR(allocated_ptys);
a6752f3f 142static DEFINE_MUTEX(allocated_ptys_lock);
1da177e4
LT		 143static int ptmx_open(struct inode *, struct file *);
144#endif
145
1da177e4
LT		 146static void initialize_tty_struct(struct tty_struct *tty);
147
148static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
149static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
37bdfb07
AC		 150ssize_t redirected_tty_write(struct file *, const char __user *,
151 size_t, loff_t *);
1da177e4
LT		 152static unsigned int tty_poll(struct file *, poll_table *);
153static int tty_open(struct inode *, struct file *);
154static int tty_release(struct inode *, struct file *);
04f378b1 155long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
e10cc1df 156#ifdef CONFIG_COMPAT
37bdfb07 157static long tty_compat_ioctl(struct file *file, unsigned int cmd,
e10cc1df
PF		 158 unsigned long arg);
159#else
160#define tty_compat_ioctl NULL
161#endif
37bdfb07 162static int tty_fasync(int fd, struct file *filp, int on);
d5698c28 163static void release_tty(struct tty_struct *tty, int idx);
2a65f1d9 164static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
98a27ba4 165static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
1da177e4 166
af9b897e
AC		 167/**
168 * alloc_tty_struct - allocate a tty object
169 *
170 * Return a new empty tty structure. The data fields have not
171 * been initialized in any way but has been zeroed
172 *
173 * Locking: none
af9b897e 174 */
1da177e4
LT		 175
176static struct tty_struct *alloc_tty_struct(void)
177{
1266b1e1 178 return kzalloc(sizeof(struct tty_struct), GFP_KERNEL);
1da177e4
LT		 179}
180
33f0f88f
AC		 181static void tty_buffer_free_all(struct tty_struct *);
182
af9b897e
AC		 183/**
184 * free_tty_struct - free a disused tty
185 * @tty: tty struct to free
186 *
187 * Free the write buffers, tty queue and tty memory itself.
188 *
189 * Locking: none. Must be called after tty is definitely unused
190 */
191
1da177e4
LT		 192static inline void free_tty_struct(struct tty_struct *tty)
193{
194 kfree(tty->write_buf);
33f0f88f 195 tty_buffer_free_all(tty);
1da177e4
LT		 196 kfree(tty);
197}
198
199#define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
200
af9b897e
AC		 201/**
202 * tty_name - return tty naming
203 * @tty: tty structure
204 * @buf: buffer for output
205 *
206 * Convert a tty structure into a name. The name reflects the kernel
207 * naming policy and if udev is in use may not reflect user space
208 *
209 * Locking: none
210 */
211
1da177e4
LT		 212char *tty_name(struct tty_struct *tty, char *buf)
213{
214 if (!tty) /* Hmm. NULL pointer. That's fun. */
215 strcpy(buf, "NULL tty");
216 else
217 strcpy(buf, tty->name);
218 return buf;
219}
220
221EXPORT_SYMBOL(tty_name);
222
d769a669 223int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
1da177e4
LT		 224 const char *routine)
225{
226#ifdef TTY_PARANOIA_CHECK
227 if (!tty) {
228 printk(KERN_WARNING
229 "null TTY for (%d:%d) in %s\n",
230 imajor(inode), iminor(inode), routine);
231 return 1;
232 }
233 if (tty->magic != TTY_MAGIC) {
234 printk(KERN_WARNING
235 "bad magic number for tty struct (%d:%d) in %s\n",
236 imajor(inode), iminor(inode), routine);
237 return 1;
238 }
239#endif
240 return 0;
241}
242
243static int check_tty_count(struct tty_struct *tty, const char *routine)
244{
245#ifdef CHECK_TTY_COUNT
246 struct list_head *p;
247 int count = 0;
37bdfb07 248
1da177e4
LT		 249 file_list_lock();
250 list_for_each(p, &tty->tty_files) {
251 count++;
252 }
253 file_list_unlock();
254 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
255 tty->driver->subtype == PTY_TYPE_SLAVE &&
256 tty->link && tty->link->count)
257 count++;
258 if (tty->count != count) {
259 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
260 "!= #fd's(%d) in %s\n",
261 tty->name, tty->count, count, routine);
262 return count;
24ec839c 263 }
1da177e4
LT		 264#endif
265 return 0;
266}
267
33f0f88f
AC		 268/*
269 * Tty buffer allocation management
270 */
271
af9b897e
AC		 272/**
273 * tty_buffer_free_all - free buffers used by a tty
274 * @tty: tty to free from
275 *
276 * Remove all the buffers pending on a tty whether queued with data
277 * or in the free ring. Must be called when the tty is no longer in use
278 *
279 * Locking: none
280 */
281
33f0f88f
AC		 282static void tty_buffer_free_all(struct tty_struct *tty)
283{
284 struct tty_buffer *thead;
37bdfb07 285 while ((thead = tty->buf.head) != NULL) {
33f0f88f
AC		 286 tty->buf.head = thead->next;
287 kfree(thead);
288 }
37bdfb07 289 while ((thead = tty->buf.free) != NULL) {
33f0f88f
AC		 290 tty->buf.free = thead->next;
291 kfree(thead);
292 }
293 tty->buf.tail = NULL;
01da5fd8 294 tty->buf.memory_used = 0;
33f0f88f
AC		 295}
296
01da5fd8
AC		 297/**
298 * tty_buffer_init - prepare a tty buffer structure
299 * @tty: tty to initialise
300 *
301 * Set up the initial state of the buffer management for a tty device.
302 * Must be called before the other tty buffer functions are used.
303 *
304 * Locking: none
305 */
306
33f0f88f
AC		 307static void tty_buffer_init(struct tty_struct *tty)
308{
808249ce 309 spin_lock_init(&tty->buf.lock);
33f0f88f
AC		 310 tty->buf.head = NULL;
311 tty->buf.tail = NULL;
312 tty->buf.free = NULL;
01da5fd8 313 tty->buf.memory_used = 0;
33f0f88f
AC		 314}
315
01da5fd8
AC		 316/**
317 * tty_buffer_alloc - allocate a tty buffer
318 * @tty: tty device
319 * @size: desired size (characters)
320 *
321 * Allocate a new tty buffer to hold the desired number of characters.
322 * Return NULL if out of memory or the allocation would exceed the
323 * per device queue
324 *
325 * Locking: Caller must hold tty->buf.lock
326 */
327
328static struct tty_buffer *tty_buffer_alloc(struct tty_struct *tty, size_t size)
33f0f88f 329{
01da5fd8
AC		 330 struct tty_buffer *p;
331
332 if (tty->buf.memory_used + size > 65536)
333 return NULL;
334 p = kmalloc(sizeof(struct tty_buffer) + 2 * size, GFP_ATOMIC);
37bdfb07 335 if (p == NULL)
33f0f88f
AC		 336 return NULL;
337 p->used = 0;
338 p->size = size;
339 p->next = NULL;
8977d929
PF		 340 p->commit = 0;
341 p->read = 0;
33f0f88f
AC		 342 p->char_buf_ptr = (char *)(p->data);
343 p->flag_buf_ptr = (unsigned char *)p->char_buf_ptr + size;
01da5fd8 344 tty->buf.memory_used += size;
33f0f88f
AC		 345 return p;
346}
347
01da5fd8
AC		 348/**
349 * tty_buffer_free - free a tty buffer
350 * @tty: tty owning the buffer
351 * @b: the buffer to free
352 *
353 * Free a tty buffer, or add it to the free list according to our
354 * internal strategy
355 *
356 * Locking: Caller must hold tty->buf.lock
357 */
33f0f88f
AC		 358
359static void tty_buffer_free(struct tty_struct *tty, struct tty_buffer *b)
360{
361 /* Dumb strategy for now - should keep some stats */
01da5fd8
AC		 362 tty->buf.memory_used -= b->size;
363 WARN_ON(tty->buf.memory_used < 0);
364
37bdfb07 365 if (b->size >= 512)
33f0f88f
AC		 366 kfree(b);
367 else {
368 b->next = tty->buf.free;
369 tty->buf.free = b;
370 }
371}
372
c5c34d48 373/**
42fd552e 374 * __tty_buffer_flush - flush full tty buffers
c5c34d48
PF		 375 * @tty: tty to flush
376 *
42fd552e
AC		 377 * flush all the buffers containing receive data. Caller must
378 * hold the buffer lock and must have ensured no parallel flush to
379 * ldisc is running.
c5c34d48 380 *
42fd552e 381 * Locking: Caller must hold tty->buf.lock
c5c34d48
PF		 382 */
383
42fd552e 384static void __tty_buffer_flush(struct tty_struct *tty)
c5c34d48
PF		 385{
386 struct tty_buffer *thead;
c5c34d48 387
37bdfb07 388 while ((thead = tty->buf.head) != NULL) {
c5c34d48
PF		 389 tty->buf.head = thead->next;
390 tty_buffer_free(tty, thead);
391 }
392 tty->buf.tail = NULL;
42fd552e
AC		 393}
394
395/**
396 * tty_buffer_flush - flush full tty buffers
397 * @tty: tty to flush
398 *
399 * flush all the buffers containing receive data. If the buffer is
400 * being processed by flush_to_ldisc then we defer the processing
401 * to that function
402 *
403 * Locking: none
404 */
405
406static void tty_buffer_flush(struct tty_struct *tty)
407{
408 unsigned long flags;
409 spin_lock_irqsave(&tty->buf.lock, flags);
410
411 /* If the data is being pushed to the tty layer then we can't
412 process it here. Instead set a flag and the flush_to_ldisc
413 path will process the flush request before it exits */
414 if (test_bit(TTY_FLUSHING, &tty->flags)) {
415 set_bit(TTY_FLUSHPENDING, &tty->flags);
416 spin_unlock_irqrestore(&tty->buf.lock, flags);
417 wait_event(tty->read_wait,
418 test_bit(TTY_FLUSHPENDING, &tty->flags) == 0);
419 return;
420 } else
421 __tty_buffer_flush(tty);
c5c34d48
PF		 422 spin_unlock_irqrestore(&tty->buf.lock, flags);
423}
424
01da5fd8
AC		 425/**
426 * tty_buffer_find - find a free tty buffer
427 * @tty: tty owning the buffer
428 * @size: characters wanted
429 *
430 * Locate an existing suitable tty buffer or if we are lacking one then
431 * allocate a new one. We round our buffers off in 256 character chunks
432 * to get better allocation behaviour.
433 *
434 * Locking: Caller must hold tty->buf.lock
435 */
436
33f0f88f
AC		 437static struct tty_buffer *tty_buffer_find(struct tty_struct *tty, size_t size)
438{
439 struct tty_buffer **tbh = &tty->buf.free;
37bdfb07 440 while ((*tbh) != NULL) {
33f0f88f 441 struct tty_buffer *t = *tbh;
37bdfb07 442 if (t->size >= size) {
33f0f88f
AC		 443 *tbh = t->next;
444 t->next = NULL;
445 t->used = 0;
8977d929
PF		 446 t->commit = 0;
447 t->read = 0;
01da5fd8 448 tty->buf.memory_used += t->size;
33f0f88f
AC		 449 return t;
450 }
451 tbh = &((*tbh)->next);
452 }
453 /* Round the buffer size out */
37bdfb07 454 size = (size + 0xFF) & ~0xFF;
01da5fd8 455 return tty_buffer_alloc(tty, size);
33f0f88f
AC		 456 /* Should possibly check if this fails for the largest buffer we
457 have queued and recycle that ? */
458}
459
01da5fd8
AC		 460/**
461 * tty_buffer_request_room - grow tty buffer if needed
462 * @tty: tty structure
463 * @size: size desired
464 *
465 * Make at least size bytes of linear space available for the tty
466 * buffer. If we fail return the size we managed to find.
467 *
468 * Locking: Takes tty->buf.lock
469 */
33f0f88f
AC		 470int tty_buffer_request_room(struct tty_struct *tty, size_t size)
471{
808249ce
PF		 472 struct tty_buffer *b, *n;
473 int left;
474 unsigned long flags;
475
476 spin_lock_irqsave(&tty->buf.lock, flags);
33f0f88f
AC		 477
478 /* OPTIMISATION: We could keep a per tty "zero" sized buffer to
479 remove this conditional if its worth it. This would be invisible
480 to the callers */
33b37a33 481 if ((b = tty->buf.tail) != NULL)
33f0f88f 482 left = b->size - b->used;
33b37a33 483 else
808249ce
PF		 484 left = 0;
485
486 if (left < size) {
487 /* This is the slow path - looking for new buffers to use */
488 if ((n = tty_buffer_find(tty, size)) != NULL) {
489 if (b != NULL) {
490 b->next = n;
8977d929 491 b->commit = b->used;
808249ce
PF		 492 } else
493 tty->buf.head = n;
494 tty->buf.tail = n;
808249ce
PF		 495 } else
496 size = left;
497 }
498
499 spin_unlock_irqrestore(&tty->buf.lock, flags);
33f0f88f
AC		 500 return size;
501}
33f0f88f
AC		 502EXPORT_SYMBOL_GPL(tty_buffer_request_room);
503
af9b897e
AC		 504/**
505 * tty_insert_flip_string - Add characters to the tty buffer
506 * @tty: tty structure
507 * @chars: characters
508 * @size: size
509 *
510 * Queue a series of bytes to the tty buffering. All the characters
511 * passed are marked as without error. Returns the number added.
512 *
513 * Locking: Called functions may take tty->buf.lock
514 */
515
e1a25090
AM		 516int tty_insert_flip_string(struct tty_struct *tty, const unsigned char *chars,
517 size_t size)
33f0f88f
AC		 518{
519 int copied = 0;
520 do {
521 int space = tty_buffer_request_room(tty, size - copied);
522 struct tty_buffer *tb = tty->buf.tail;
523 /* If there is no space then tb may be NULL */
37bdfb07 524 if (unlikely(space == 0))
33f0f88f
AC		 525 break;
526 memcpy(tb->char_buf_ptr + tb->used, chars, space);
527 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
528 tb->used += space;
529 copied += space;
530 chars += space;
527063ba
AD		 531 /* There is a small chance that we need to split the data over
532 several buffers. If this is the case we must loop */
533 } while (unlikely(size > copied));
33f0f88f
AC		 534 return copied;
535}
ee37df78 536EXPORT_SYMBOL(tty_insert_flip_string);
33f0f88f 537
af9b897e
AC		 538/**
539 * tty_insert_flip_string_flags - Add characters to the tty buffer
540 * @tty: tty structure
541 * @chars: characters
542 * @flags: flag bytes
543 * @size: size
544 *
545 * Queue a series of bytes to the tty buffering. For each character
546 * the flags array indicates the status of the character. Returns the
547 * number added.
548 *
549 * Locking: Called functions may take tty->buf.lock
550 */
551
e1a25090
AM		 552int tty_insert_flip_string_flags(struct tty_struct *tty,
553 const unsigned char *chars, const char *flags, size_t size)
33f0f88f
AC		 554{
555 int copied = 0;
556 do {
557 int space = tty_buffer_request_room(tty, size - copied);
558 struct tty_buffer *tb = tty->buf.tail;
559 /* If there is no space then tb may be NULL */
37bdfb07 560 if (unlikely(space == 0))
33f0f88f
AC		 561 break;
562 memcpy(tb->char_buf_ptr + tb->used, chars, space);
563 memcpy(tb->flag_buf_ptr + tb->used, flags, space);
564 tb->used += space;
565 copied += space;
566 chars += space;
567 flags += space;
527063ba
AD		 568 /* There is a small chance that we need to split the data over
569 several buffers. If this is the case we must loop */
570 } while (unlikely(size > copied));
33f0f88f
AC		 571 return copied;
572}
ff4547f4 573EXPORT_SYMBOL(tty_insert_flip_string_flags);
33f0f88f 574
af9b897e
AC		 575/**
576 * tty_schedule_flip - push characters to ldisc
577 * @tty: tty to push from
578 *
579 * Takes any pending buffers and transfers their ownership to the
580 * ldisc side of the queue. It then schedules those characters for
581 * processing by the line discipline.
582 *
583 * Locking: Takes tty->buf.lock
584 */
585
e1a25090
AM		 586void tty_schedule_flip(struct tty_struct *tty)
587{
588 unsigned long flags;
589 spin_lock_irqsave(&tty->buf.lock, flags);
33b37a33 590 if (tty->buf.tail != NULL)
e1a25090 591 tty->buf.tail->commit = tty->buf.tail->used;
e1a25090
AM		 592 spin_unlock_irqrestore(&tty->buf.lock, flags);
593 schedule_delayed_work(&tty->buf.work, 1);
594}
595EXPORT_SYMBOL(tty_schedule_flip);
33f0f88f 596
af9b897e
AC		 597/**
598 * tty_prepare_flip_string - make room for characters
599 * @tty: tty
600 * @chars: return pointer for character write area
601 * @size: desired size
602 *
33f0f88f
AC		 603 * Prepare a block of space in the buffer for data. Returns the length
604 * available and buffer pointer to the space which is now allocated and
605 * accounted for as ready for normal characters. This is used for drivers
606 * that need their own block copy routines into the buffer. There is no
607 * guarantee the buffer is a DMA target!
af9b897e
AC		 608 *
609 * Locking: May call functions taking tty->buf.lock
33f0f88f
AC		 610 */
611
37bdfb07
AC		 612int tty_prepare_flip_string(struct tty_struct *tty, unsigned char **chars,
613 size_t size)
33f0f88f
AC		 614{
615 int space = tty_buffer_request_room(tty, size);
808249ce
PF		 616 if (likely(space)) {
617 struct tty_buffer *tb = tty->buf.tail;
618 *chars = tb->char_buf_ptr + tb->used;
619 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
620 tb->used += space;
621 }
33f0f88f
AC		 622 return space;
623}
624
625EXPORT_SYMBOL_GPL(tty_prepare_flip_string);
626
af9b897e
AC		 627/**
628 * tty_prepare_flip_string_flags - make room for characters
629 * @tty: tty
630 * @chars: return pointer for character write area
631 * @flags: return pointer for status flag write area
632 * @size: desired size
633 *
33f0f88f
AC		 634 * Prepare a block of space in the buffer for data. Returns the length
635 * available and buffer pointer to the space which is now allocated and
636 * accounted for as ready for characters. This is used for drivers
637 * that need their own block copy routines into the buffer. There is no
638 * guarantee the buffer is a DMA target!
af9b897e
AC		 639 *
640 * Locking: May call functions taking tty->buf.lock
33f0f88f
AC		 641 */
642
37bdfb07
AC		 643int tty_prepare_flip_string_flags(struct tty_struct *tty,
644 unsigned char **chars, char **flags, size_t size)
33f0f88f
AC		 645{
646 int space = tty_buffer_request_room(tty, size);
808249ce
PF		 647 if (likely(space)) {
648 struct tty_buffer *tb = tty->buf.tail;
649 *chars = tb->char_buf_ptr + tb->used;
650 *flags = tb->flag_buf_ptr + tb->used;
651 tb->used += space;
652 }
33f0f88f
AC		 653 return space;
654}
655
656EXPORT_SYMBOL_GPL(tty_prepare_flip_string_flags);
657
658
659
af9b897e
AC		 660/**
661 * tty_set_termios_ldisc - set ldisc field
662 * @tty: tty structure
663 * @num: line discipline number
664 *
1da177e4 665 * This is probably overkill for real world processors but
37bdfb07 666 * they are not on hot paths so a little discipline won't do
1da177e4 667 * any harm.
af9b897e 668 *
24ec839c 669 * Locking: takes termios_mutex
1da177e4 670 */
37bdfb07 671
1da177e4
LT		 672static void tty_set_termios_ldisc(struct tty_struct *tty, int num)
673{
5785c95b 674 mutex_lock(&tty->termios_mutex);
1da177e4 675 tty->termios->c_line = num;
5785c95b 676 mutex_unlock(&tty->termios_mutex);
1da177e4
LT		 677}
678
679/*
680 * This guards the refcounted line discipline lists. The lock
681 * must be taken with irqs off because there are hangup path
682 * callers who will do ldisc lookups and cannot sleep.
683 */
37bdfb07 684
1da177e4
LT		 685static DEFINE_SPINLOCK(tty_ldisc_lock);
686static DECLARE_WAIT_QUEUE_HEAD(tty_ldisc_wait);
37bdfb07
AC		 687/* Line disc dispatch table */
688static struct tty_ldisc tty_ldiscs[NR_LDISCS];
1da177e4 689
af9b897e
AC		 690/**
691 * tty_register_ldisc - install a line discipline
692 * @disc: ldisc number
693 * @new_ldisc: pointer to the ldisc object
694 *
695 * Installs a new line discipline into the kernel. The discipline
696 * is set up as unreferenced and then made available to the kernel
697 * from this point onwards.
698 *
699 * Locking:
700 * takes tty_ldisc_lock to guard against ldisc races
701 */
702
1da177e4
LT		 703int tty_register_ldisc(int disc, struct tty_ldisc *new_ldisc)
704{
705 unsigned long flags;
706 int ret = 0;
37bdfb07 707
1da177e4
LT		 708 if (disc < N_TTY || disc >= NR_LDISCS)
709 return -EINVAL;
37bdfb07 710
1da177e4 711 spin_lock_irqsave(&tty_ldisc_lock, flags);
bfb07599
AD		 712 tty_ldiscs[disc] = *new_ldisc;
713 tty_ldiscs[disc].num = disc;
714 tty_ldiscs[disc].flags |= LDISC_FLAG_DEFINED;
715 tty_ldiscs[disc].refcount = 0;
1da177e4 716 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
37bdfb07 717
1da177e4
LT		 718 return ret;
719}
1da177e4
LT		 720EXPORT_SYMBOL(tty_register_ldisc);
721
af9b897e
AC		 722/**
723 * tty_unregister_ldisc - unload a line discipline
724 * @disc: ldisc number
725 * @new_ldisc: pointer to the ldisc object
726 *
727 * Remove a line discipline from the kernel providing it is not
728 * currently in use.
729 *
730 * Locking:
731 * takes tty_ldisc_lock to guard against ldisc races
732 */
733
bfb07599
AD		 734int tty_unregister_ldisc(int disc)
735{
736 unsigned long flags;
737 int ret = 0;
738
739 if (disc < N_TTY || disc >= NR_LDISCS)
740 return -EINVAL;
741
742 spin_lock_irqsave(&tty_ldisc_lock, flags);
743 if (tty_ldiscs[disc].refcount)
744 ret = -EBUSY;
745 else
746 tty_ldiscs[disc].flags &= ~LDISC_FLAG_DEFINED;
747 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
748
749 return ret;
750}
751EXPORT_SYMBOL(tty_unregister_ldisc);
752
af9b897e
AC		 753/**
754 * tty_ldisc_get - take a reference to an ldisc
755 * @disc: ldisc number
756 *
757 * Takes a reference to a line discipline. Deals with refcounts and
758 * module locking counts. Returns NULL if the discipline is not available.
759 * Returns a pointer to the discipline and bumps the ref count if it is
760 * available
761 *
762 * Locking:
763 * takes tty_ldisc_lock to guard against ldisc races
764 */
765
1da177e4
LT		 766struct tty_ldisc *tty_ldisc_get(int disc)
767{
768 unsigned long flags;
769 struct tty_ldisc *ld;
770
771 if (disc < N_TTY || disc >= NR_LDISCS)
772 return NULL;
37bdfb07 773
1da177e4
LT		 774 spin_lock_irqsave(&tty_ldisc_lock, flags);
775
776 ld = &tty_ldiscs[disc];
777 /* Check the entry is defined */
37bdfb07 778 if (ld->flags & LDISC_FLAG_DEFINED) {
1da177e4
LT		 779 /* If the module is being unloaded we can't use it */
780 if (!try_module_get(ld->owner))
37bdfb07 781 ld = NULL;
1da177e4
LT		 782 else /* lock it */
783 ld->refcount++;
37bdfb07 784 } else
1da177e4
LT		 785 ld = NULL;
786 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
787 return ld;
788}
789
790EXPORT_SYMBOL_GPL(tty_ldisc_get);
791
af9b897e
AC		 792/**
793 * tty_ldisc_put - drop ldisc reference
794 * @disc: ldisc number
795 *
796 * Drop a reference to a line discipline. Manage refcounts and
797 * module usage counts
798 *
799 * Locking:
800 * takes tty_ldisc_lock to guard against ldisc races
801 */
802
1da177e4
LT		 803void tty_ldisc_put(int disc)
804{
805 struct tty_ldisc *ld;
806 unsigned long flags;
37bdfb07 807
56ee4827 808 BUG_ON(disc < N_TTY || disc >= NR_LDISCS);
37bdfb07 809
1da177e4
LT		 810 spin_lock_irqsave(&tty_ldisc_lock, flags);
811 ld = &tty_ldiscs[disc];
56ee4827
ES		 812 BUG_ON(ld->refcount == 0);
813 ld->refcount--;
1da177e4
LT		 814 module_put(ld->owner);
815 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
816}
37bdfb07 817
1da177e4
LT		 818EXPORT_SYMBOL_GPL(tty_ldisc_put);
819
af9b897e
AC		 820/**
821 * tty_ldisc_assign - set ldisc on a tty
822 * @tty: tty to assign
823 * @ld: line discipline
824 *
825 * Install an instance of a line discipline into a tty structure. The
826 * ldisc must have a reference count above zero to ensure it remains/
827 * The tty instance refcount starts at zero.
828 *
829 * Locking:
830 * Caller must hold references
831 */
832
1da177e4
LT		 833static void tty_ldisc_assign(struct tty_struct *tty, struct tty_ldisc *ld)
834{
835 tty->ldisc = *ld;
836 tty->ldisc.refcount = 0;
837}
838
839/**
840 * tty_ldisc_try - internal helper
841 * @tty: the tty
842 *
843 * Make a single attempt to grab and bump the refcount on
844 * the tty ldisc. Return 0 on failure or 1 on success. This is
845 * used to implement both the waiting and non waiting versions
846 * of tty_ldisc_ref
af9b897e
AC		 847 *
848 * Locking: takes tty_ldisc_lock
1da177e4
LT		 849 */
850
851static int tty_ldisc_try(struct tty_struct *tty)
852{
853 unsigned long flags;
854 struct tty_ldisc *ld;
855 int ret = 0;
37bdfb07 856
1da177e4
LT		 857 spin_lock_irqsave(&tty_ldisc_lock, flags);
858 ld = &tty->ldisc;
37bdfb07 859 if (test_bit(TTY_LDISC, &tty->flags)) {
1da177e4
LT		 860 ld->refcount++;
861 ret = 1;
862 }
863 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
864 return ret;
865}
866
867/**
868 * tty_ldisc_ref_wait - wait for the tty ldisc
869 * @tty: tty device
870 *
37bdfb07
AC		 871 * Dereference the line discipline for the terminal and take a
872 * reference to it. If the line discipline is in flux then
1da177e4
LT		 873 * wait patiently until it changes.
874 *
875 * Note: Must not be called from an IRQ/timer context. The caller
876 * must also be careful not to hold other locks that will deadlock
877 * against a discipline change, such as an existing ldisc reference
878 * (which we check for)
af9b897e
AC		 879 *
880 * Locking: call functions take tty_ldisc_lock
1da177e4 881 */
37bdfb07 882
1da177e4
LT		 883struct tty_ldisc *tty_ldisc_ref_wait(struct tty_struct *tty)
884{
885 /* wait_event is a macro */
886 wait_event(tty_ldisc_wait, tty_ldisc_try(tty));
37bdfb07 887 if (tty->ldisc.refcount == 0)
1da177e4
LT		 888 printk(KERN_ERR "tty_ldisc_ref_wait\n");
889 return &tty->ldisc;
890}
891
892EXPORT_SYMBOL_GPL(tty_ldisc_ref_wait);
893
894/**
895 * tty_ldisc_ref - get the tty ldisc
896 * @tty: tty device
897 *
37bdfb07
AC		 898 * Dereference the line discipline for the terminal and take a
899 * reference to it. If the line discipline is in flux then
1da177e4 900 * return NULL. Can be called from IRQ and timer functions.
af9b897e
AC		 901 *
902 * Locking: called functions take tty_ldisc_lock
1da177e4 903 */
37bdfb07 904
1da177e4
LT		 905struct tty_ldisc *tty_ldisc_ref(struct tty_struct *tty)
906{
37bdfb07 907 if (tty_ldisc_try(tty))
1da177e4
LT		 908 return &tty->ldisc;
909 return NULL;
910}
911
912EXPORT_SYMBOL_GPL(tty_ldisc_ref);
913
914/**
915 * tty_ldisc_deref - free a tty ldisc reference
916 * @ld: reference to free up
917 *
918 * Undoes the effect of tty_ldisc_ref or tty_ldisc_ref_wait. May
919 * be called in IRQ context.
af9b897e
AC		 920 *
921 * Locking: takes tty_ldisc_lock
1da177e4 922 */
37bdfb07 923
1da177e4
LT		 924void tty_ldisc_deref(struct tty_ldisc *ld)
925{
926 unsigned long flags;
927
56ee4827 928 BUG_ON(ld == NULL);
37bdfb07 929
1da177e4 930 spin_lock_irqsave(&tty_ldisc_lock, flags);
37bdfb07 931 if (ld->refcount == 0)
1da177e4
LT		 932 printk(KERN_ERR "tty_ldisc_deref: no references.\n");
933 else
934 ld->refcount--;
37bdfb07 935 if (ld->refcount == 0)
1da177e4
LT		 936 wake_up(&tty_ldisc_wait);
937 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
938}
939
940EXPORT_SYMBOL_GPL(tty_ldisc_deref);
941
942/**
943 * tty_ldisc_enable - allow ldisc use
944 * @tty: terminal to activate ldisc on
945 *
946 * Set the TTY_LDISC flag when the line discipline can be called
3a4fa0a2 947 * again. Do necessary wakeups for existing sleepers.
1da177e4
LT		 948 *
949 * Note: nobody should set this bit except via this function. Clearing
950 * directly is allowed.
951 */
952
953static void tty_ldisc_enable(struct tty_struct *tty)
954{
955 set_bit(TTY_LDISC, &tty->flags);
956 wake_up(&tty_ldisc_wait);
957}
37bdfb07 958
1da177e4
LT		 959/**
960 * tty_set_ldisc - set line discipline
961 * @tty: the terminal to set
962 * @ldisc: the line discipline
963 *
964 * Set the discipline of a tty line. Must be called from a process
965 * context.
af9b897e
AC		 966 *
967 * Locking: takes tty_ldisc_lock.
24ec839c 968 * called functions take termios_mutex
1da177e4 969 */
37bdfb07 970
1da177e4
LT		 971static int tty_set_ldisc(struct tty_struct *tty, int ldisc)
972{
ff55fe20
JB		 973 int retval = 0;
974 struct tty_ldisc o_ldisc;
1da177e4
LT		 975 char buf[64];
976 int work;
977 unsigned long flags;
978 struct tty_ldisc *ld;
ff55fe20 979 struct tty_struct *o_tty;
1da177e4
LT		 980
981 if ((ldisc < N_TTY) || (ldisc >= NR_LDISCS))
982 return -EINVAL;
983
984restart:
985
1da177e4
LT		 986 ld = tty_ldisc_get(ldisc);
987 /* Eduardo Blanco <ejbs@cs.cs.com.uy> */
988 /* Cyrus Durgin <cider@speakeasy.org> */
989 if (ld == NULL) {
990 request_module("tty-ldisc-%d", ldisc);
991 ld = tty_ldisc_get(ldisc);
992 }
993 if (ld == NULL)
994 return -EINVAL;
995
33f0f88f
AC		 996 /*
997 * Problem: What do we do if this blocks ?
998 */
999
1da177e4
LT		 1000 tty_wait_until_sent(tty, 0);
1001
ff55fe20
JB		 1002 if (tty->ldisc.num == ldisc) {
1003 tty_ldisc_put(ldisc);
1004 return 0;
1005 }
1006
ae030e43
PF		 1007 /*
1008 * No more input please, we are switching. The new ldisc
1009 * will update this value in the ldisc open function
1010 */
1011
1012 tty->receive_room = 0;
1013
ff55fe20
JB		 1014 o_ldisc = tty->ldisc;
1015 o_tty = tty->link;
1016
1da177e4
LT		 1017 /*
1018 * Make sure we don't change while someone holds a
1019 * reference to the line discipline. The TTY_LDISC bit
1020 * prevents anyone taking a reference once it is clear.
1021 * We need the lock to avoid racing reference takers.
1022 */
ff55fe20 1023
1da177e4 1024 spin_lock_irqsave(&tty_ldisc_lock, flags);
ff55fe20 1025 if (tty->ldisc.refcount || (o_tty && o_tty->ldisc.refcount)) {
37bdfb07 1026 if (tty->ldisc.refcount) {
ff55fe20
JB		 1027 /* Free the new ldisc we grabbed. Must drop the lock
1028 first. */
1029 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1030 tty_ldisc_put(ldisc);
1031 /*
1032 * There are several reasons we may be busy, including
1033 * random momentary I/O traffic. We must therefore
1034 * retry. We could distinguish between blocking ops
37bdfb07
AC		 1035 * and retries if we made tty_ldisc_wait() smarter.
1036 * That is up for discussion.
ff55fe20
JB		 1037 */
1038 if (wait_event_interruptible(tty_ldisc_wait, tty->ldisc.refcount == 0) < 0)
1039 return -ERESTARTSYS;
1040 goto restart;
1041 }
37bdfb07 1042 if (o_tty && o_tty->ldisc.refcount) {
ff55fe20
JB		 1043 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1044 tty_ldisc_put(ldisc);
1045 if (wait_event_interruptible(tty_ldisc_wait, o_tty->ldisc.refcount == 0) < 0)
1046 return -ERESTARTSYS;
1047 goto restart;
1048 }
1049 }
37bdfb07
AC		 1050 /*
1051 * If the TTY_LDISC bit is set, then we are racing against
1052 * another ldisc change
1053 */
ff55fe20 1054 if (!test_bit(TTY_LDISC, &tty->flags)) {
1da177e4
LT		 1055 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1056 tty_ldisc_put(ldisc);
ff55fe20
JB		 1057 ld = tty_ldisc_ref_wait(tty);
1058 tty_ldisc_deref(ld);
1da177e4
LT		 1059 goto restart;
1060 }
ff55fe20
JB		 1061
1062 clear_bit(TTY_LDISC, &tty->flags);
817d6d3b 1063 if (o_tty)
ff55fe20 1064 clear_bit(TTY_LDISC, &o_tty->flags);
1da177e4 1065 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
ff55fe20 1066
1da177e4
LT		 1067 /*
1068 * From this point on we know nobody has an ldisc
1069 * usage reference, nor can they obtain one until
1070 * we say so later on.
1071 */
ff55fe20 1072
33f0f88f 1073 work = cancel_delayed_work(&tty->buf.work);
1da177e4 1074 /*
33f0f88f 1075 * Wait for ->hangup_work and ->buf.work handlers to terminate
1da177e4 1076 */
1da177e4
LT		 1077 flush_scheduled_work();
1078 /* Shutdown the current discipline. */
1079 if (tty->ldisc.close)
1080 (tty->ldisc.close)(tty);
1081
1082 /* Now set up the new line discipline. */
1083 tty_ldisc_assign(tty, ld);
1084 tty_set_termios_ldisc(tty, ldisc);
1085 if (tty->ldisc.open)
1086 retval = (tty->ldisc.open)(tty);
1087 if (retval < 0) {
1088 tty_ldisc_put(ldisc);
1089 /* There is an outstanding reference here so this is safe */
1090 tty_ldisc_assign(tty, tty_ldisc_get(o_ldisc.num));
1091 tty_set_termios_ldisc(tty, tty->ldisc.num);
1092 if (tty->ldisc.open && (tty->ldisc.open(tty) < 0)) {
1093 tty_ldisc_put(o_ldisc.num);
1094 /* This driver is always present */
1095 tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
1096 tty_set_termios_ldisc(tty, N_TTY);
1097 if (tty->ldisc.open) {
1098 int r = tty->ldisc.open(tty);
1099
1100 if (r < 0)
1101 panic("Couldn't open N_TTY ldisc for "
1102 "%s --- error %d.",
1103 tty_name(tty, buf), r);
1104 }
1105 }
1106 }
1107 /* At this point we hold a reference to the new ldisc and a
1108 a reference to the old ldisc. If we ended up flipping back
1109 to the existing ldisc we have two references to it */
37bdfb07 1110
1da177e4
LT		 1111 if (tty->ldisc.num != o_ldisc.num && tty->driver->set_ldisc)
1112 tty->driver->set_ldisc(tty);
37bdfb07 1113
1da177e4 1114 tty_ldisc_put(o_ldisc.num);
37bdfb07 1115
1da177e4
LT		 1116 /*
1117 * Allow ldisc referencing to occur as soon as the driver
1118 * ldisc callback completes.
1119 */
37bdfb07 1120
1da177e4 1121 tty_ldisc_enable(tty);
ff55fe20
JB		 1122 if (o_tty)
1123 tty_ldisc_enable(o_tty);
37bdfb07 1124
1da177e4
LT		 1125 /* Restart it in case no characters kick it off. Safe if
1126 already running */
ff55fe20 1127 if (work)
33f0f88f 1128 schedule_delayed_work(&tty->buf.work, 1);
1da177e4
LT		 1129 return retval;
1130}
1131
af9b897e
AC		 1132/**
1133 * get_tty_driver - find device of a tty
1134 * @dev_t: device identifier
1135 * @index: returns the index of the tty
1136 *
1137 * This routine returns a tty driver structure, given a device number
1138 * and also passes back the index number.
1139 *
1140 * Locking: caller must hold tty_mutex
1da177e4 1141 */
af9b897e 1142
1da177e4
LT		 1143static struct tty_driver *get_tty_driver(dev_t device, int *index)
1144{
1145 struct tty_driver *p;
1146
1147 list_for_each_entry(p, &tty_drivers, tty_drivers) {
1148 dev_t base = MKDEV(p->major, p->minor_start);
1149 if (device < base || device >= base + p->num)
1150 continue;
1151 *index = device - base;
1152 return p;
1153 }
1154 return NULL;
1155}
1156
f2d937f3
JW		 1157#ifdef CONFIG_CONSOLE_POLL
1158
1159/**
1160 * tty_find_polling_driver - find device of a polled tty
1161 * @name: name string to match
1162 * @line: pointer to resulting tty line nr
1163 *
1164 * This routine returns a tty driver structure, given a name
1165 * and the condition that the tty driver is capable of polled
1166 * operation.
1167 */
1168struct tty_driver *tty_find_polling_driver(char *name, int *line)
1169{
1170 struct tty_driver *p, *res = NULL;
1171 int tty_line = 0;
1172 char *str;
1173
1174 mutex_lock(&tty_mutex);
1175 /* Search through the tty devices to look for a match */
1176 list_for_each_entry(p, &tty_drivers, tty_drivers) {
1177 str = name + strlen(p->name);
1178 tty_line = simple_strtoul(str, &str, 10);
1179 if (*str == ',')
1180 str++;
1181 if (*str == '\0')
8da56309 1182 str = NULL;
f2d937f3
JW		 1183
1184 if (tty_line >= 0 && tty_line <= p->num && p->poll_init &&
1185 !p->poll_init(p, tty_line, str)) {
1186
1187 res = p;
1188 *line = tty_line;
1189 break;
1190 }
1191 }
1192 mutex_unlock(&tty_mutex);
1193
1194 return res;
1195}
1196EXPORT_SYMBOL_GPL(tty_find_polling_driver);
1197#endif
1198
af9b897e
AC		 1199/**
1200 * tty_check_change - check for POSIX terminal changes
1201 * @tty: tty to check
1202 *
1203 * If we try to write to, or set the state of, a terminal and we're
1204 * not in the foreground, send a SIGTTOU. If the signal is blocked or
1205 * ignored, go ahead and perform the operation. (POSIX 7.2)
1206 *
978e595f 1207 * Locking: ctrl_lock
1da177e4 1208 */
af9b897e 1209
37bdfb07 1210int tty_check_change(struct tty_struct *tty)
1da177e4 1211{
47f86834
AC		 1212 unsigned long flags;
1213 int ret = 0;
1214
1da177e4
LT		 1215 if (current->signal->tty != tty)
1216 return 0;
47f86834
AC		 1217
1218 spin_lock_irqsave(&tty->ctrl_lock, flags);
1219
ab521dc0
EB		 1220 if (!tty->pgrp) {
1221 printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n");
47f86834 1222 goto out;
1da177e4 1223 }
ab521dc0 1224 if (task_pgrp(current) == tty->pgrp)
47f86834 1225 goto out;
1da177e4 1226 if (is_ignored(SIGTTOU))
47f86834
AC		 1227 goto out;
1228 if (is_current_pgrp_orphaned()) {
1229 ret = -EIO;
1230 goto out;
1231 }
040b6362
ON		 1232 kill_pgrp(task_pgrp(current), SIGTTOU, 1);
1233 set_thread_flag(TIF_SIGPENDING);
47f86834
AC		 1234 ret = -ERESTARTSYS;
1235out:
1236 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1237 return ret;
1da177e4
LT		 1238}
1239
1240EXPORT_SYMBOL(tty_check_change);
1241
37bdfb07 1242static ssize_t hung_up_tty_read(struct file *file, char __user *buf,
1da177e4
LT		 1243 size_t count, loff_t *ppos)
1244{
1245 return 0;
1246}
1247
37bdfb07 1248static ssize_t hung_up_tty_write(struct file *file, const char __user *buf,
1da177e4
LT		 1249 size_t count, loff_t *ppos)
1250{
1251 return -EIO;
1252}
1253
1254/* No kernel lock held - none needed ;) */
37bdfb07 1255static unsigned int hung_up_tty_poll(struct file *filp, poll_table *wait)
1da177e4
LT		 1256{
1257 return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
1258}
1259
04f378b1
AC		 1260static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
1261 unsigned long arg)
38ad2ed0
PF		 1262{
1263 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
1264}
1265
37bdfb07 1266static long hung_up_tty_compat_ioctl(struct file *file,
38ad2ed0 1267 unsigned int cmd, unsigned long arg)
1da177e4
LT		 1268{
1269 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
1270}
1271
62322d25 1272static const struct file_operations tty_fops = {
1da177e4
LT		 1273 .llseek = no_llseek,
1274 .read = tty_read,
1275 .write = tty_write,
1276 .poll = tty_poll,
04f378b1 1277 .unlocked_ioctl = tty_ioctl,
e10cc1df 1278 .compat_ioctl = tty_compat_ioctl,
1da177e4
LT		 1279 .open = tty_open,
1280 .release = tty_release,
1281 .fasync = tty_fasync,
1282};
1283
1284#ifdef CONFIG_UNIX98_PTYS
62322d25 1285static const struct file_operations ptmx_fops = {
1da177e4
LT		 1286 .llseek = no_llseek,
1287 .read = tty_read,
1288 .write = tty_write,
1289 .poll = tty_poll,
04f378b1 1290 .unlocked_ioctl = tty_ioctl,
e10cc1df 1291 .compat_ioctl = tty_compat_ioctl,
1da177e4
LT		 1292 .open = ptmx_open,
1293 .release = tty_release,
1294 .fasync = tty_fasync,
1295};
1296#endif
1297
62322d25 1298static const struct file_operations console_fops = {
1da177e4
LT		 1299 .llseek = no_llseek,
1300 .read = tty_read,
1301 .write = redirected_tty_write,
1302 .poll = tty_poll,
04f378b1 1303 .unlocked_ioctl = tty_ioctl,
e10cc1df 1304 .compat_ioctl = tty_compat_ioctl,
1da177e4
LT		 1305 .open = tty_open,
1306 .release = tty_release,
1307 .fasync = tty_fasync,
1308};
1309
62322d25 1310static const struct file_operations hung_up_tty_fops = {
1da177e4
LT		 1311 .llseek = no_llseek,
1312 .read = hung_up_tty_read,
1313 .write = hung_up_tty_write,
1314 .poll = hung_up_tty_poll,
04f378b1 1315 .unlocked_ioctl = hung_up_tty_ioctl,
38ad2ed0 1316 .compat_ioctl = hung_up_tty_compat_ioctl,
1da177e4
LT		 1317 .release = tty_release,
1318};
1319
1320static DEFINE_SPINLOCK(redirect_lock);
1321static struct file *redirect;
1322
1323/**
1324 * tty_wakeup - request more data
1325 * @tty: terminal
1326 *
1327 * Internal and external helper for wakeups of tty. This function
1328 * informs the line discipline if present that the driver is ready
1329 * to receive more output data.
1330 */
37bdfb07 1331
1da177e4
LT		 1332void tty_wakeup(struct tty_struct *tty)
1333{
1334 struct tty_ldisc *ld;
37bdfb07 1335
1da177e4
LT		 1336 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
1337 ld = tty_ldisc_ref(tty);
37bdfb07
AC		 1338 if (ld) {
1339 if (ld->write_wakeup)
1da177e4
LT		 1340 ld->write_wakeup(tty);
1341 tty_ldisc_deref(ld);
1342 }
1343 }
1344 wake_up_interruptible(&tty->write_wait);
1345}
1346
1347EXPORT_SYMBOL_GPL(tty_wakeup);
1348
1349/**
1350 * tty_ldisc_flush - flush line discipline queue
1351 * @tty: tty
1352 *
1353 * Flush the line discipline queue (if any) for this tty. If there
1354 * is no line discipline active this is a no-op.
1355 */
37bdfb07 1356
1da177e4
LT		 1357void tty_ldisc_flush(struct tty_struct *tty)
1358{
1359 struct tty_ldisc *ld = tty_ldisc_ref(tty);
37bdfb07
AC		 1360 if (ld) {
1361 if (ld->flush_buffer)
1da177e4
LT		 1362 ld->flush_buffer(tty);
1363 tty_ldisc_deref(ld);
1364 }
c5c34d48 1365 tty_buffer_flush(tty);
1da177e4
LT		 1366}
1367
1368EXPORT_SYMBOL_GPL(tty_ldisc_flush);
edc6afc5
AC		 1369
1370/**
1371 * tty_reset_termios - reset terminal state
1372 * @tty: tty to reset
1373 *
1374 * Restore a terminal to the driver default state
1375 */
1376
1377static void tty_reset_termios(struct tty_struct *tty)
1378{
1379 mutex_lock(&tty->termios_mutex);
1380 *tty->termios = tty->driver->init_termios;
1381 tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
1382 tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
1383 mutex_unlock(&tty->termios_mutex);
1384}
37bdfb07 1385
af9b897e
AC		 1386/**
1387 * do_tty_hangup - actual handler for hangup events
65f27f38 1388 * @work: tty device
af9b897e
AC		 1389 *
1390 * This can be called by the "eventd" kernel thread. That is process
1391 * synchronous but doesn't hold any locks, so we need to make sure we
1392 * have the appropriate locks for what we're doing.
1393 *
1394 * The hangup event clears any pending redirections onto the hung up
1395 * device. It ensures future writes will error and it does the needed
1396 * line discipline hangup and signal delivery. The tty object itself
1397 * remains intact.
1398 *
1399 * Locking:
1400 * BKL
24ec839c
PZ		 1401 * redirect lock for undoing redirection
1402 * file list lock for manipulating list of ttys
1403 * tty_ldisc_lock from called functions
1404 * termios_mutex resetting termios data
1405 * tasklist_lock to walk task list for hangup event
1406 * ->siglock to protect ->signal/->sighand
1da177e4 1407 */
65f27f38 1408static void do_tty_hangup(struct work_struct *work)
1da177e4 1409{
65f27f38
DH		 1410 struct tty_struct *tty =
1411 container_of(work, struct tty_struct, hangup_work);
37bdfb07 1412 struct file *cons_filp = NULL;
1da177e4
LT		 1413 struct file *filp, *f = NULL;
1414 struct task_struct *p;
1415 struct tty_ldisc *ld;
1416 int closecount = 0, n;
47f86834 1417 unsigned long flags;
1da177e4
LT		 1418
1419 if (!tty)
1420 return;
1421
1422 /* inuse_filps is protected by the single kernel lock */
1423 lock_kernel();
1424
1425 spin_lock(&redirect_lock);
1426 if (redirect && redirect->private_data == tty) {
1427 f = redirect;
1428 redirect = NULL;
1429 }
1430 spin_unlock(&redirect_lock);
37bdfb07 1431
1da177e4
LT		 1432 check_tty_count(tty, "do_tty_hangup");
1433 file_list_lock();
1434 /* This breaks for file handles being sent over AF_UNIX sockets ? */
2f512016 1435 list_for_each_entry(filp, &tty->tty_files, f_u.fu_list) {
1da177e4
LT		 1436 if (filp->f_op->write == redirected_tty_write)
1437 cons_filp = filp;
1438 if (filp->f_op->write != tty_write)
1439 continue;
1440 closecount++;
1441 tty_fasync(-1, filp, 0); /* can't block */
1442 filp->f_op = &hung_up_tty_fops;
1443 }
1444 file_list_unlock();
37bdfb07
AC		 1445 /*
1446 * FIXME! What are the locking issues here? This may me overdoing
1447 * things... This question is especially important now that we've
1448 * removed the irqlock.
1449 */
1da177e4 1450 ld = tty_ldisc_ref(tty);
37bdfb07
AC		 1451 if (ld != NULL) {
1452 /* We may have no line discipline at this point */
1da177e4
LT		 1453 if (ld->flush_buffer)
1454 ld->flush_buffer(tty);
1455 if (tty->driver->flush_buffer)
1456 tty->driver->flush_buffer(tty);
1457 if ((test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) &&
1458 ld->write_wakeup)
1459 ld->write_wakeup(tty);
1460 if (ld->hangup)
1461 ld->hangup(tty);
1462 }
37bdfb07
AC		 1463 /*
1464 * FIXME: Once we trust the LDISC code better we can wait here for
1465 * ldisc completion and fix the driver call race
1466 */
1da177e4
LT		 1467 wake_up_interruptible(&tty->write_wait);
1468 wake_up_interruptible(&tty->read_wait);
1da177e4
LT		 1469 /*
1470 * Shutdown the current line discipline, and reset it to
1471 * N_TTY.
1472 */
1473 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
edc6afc5 1474 tty_reset_termios(tty);
1da177e4
LT		 1475 /* Defer ldisc switch */
1476 /* tty_deferred_ldisc_switch(N_TTY);
37bdfb07 1477
1da177e4
LT		 1478 This should get done automatically when the port closes and
1479 tty_release is called */
37bdfb07 1480
1da177e4 1481 read_lock(&tasklist_lock);
ab521dc0
EB		 1482 if (tty->session) {
1483 do_each_pid_task(tty->session, PIDTYPE_SID, p) {
24ec839c 1484 spin_lock_irq(&p->sighand->siglock);
1da177e4
LT		 1485 if (p->signal->tty == tty)
1486 p->signal->tty = NULL;
24ec839c
PZ		 1487 if (!p->signal->leader) {
1488 spin_unlock_irq(&p->sighand->siglock);
1da177e4 1489 continue;
24ec839c
PZ		 1490 }
1491 __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
1492 __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
ab521dc0 1493 put_pid(p->signal->tty_old_pgrp); /* A noop */
47f86834 1494 spin_lock_irqsave(&tty->ctrl_lock, flags);
ab521dc0
EB		 1495 if (tty->pgrp)
1496 p->signal->tty_old_pgrp = get_pid(tty->pgrp);
47f86834 1497 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
24ec839c 1498 spin_unlock_irq(&p->sighand->siglock);
ab521dc0 1499 } while_each_pid_task(tty->session, PIDTYPE_SID, p);
1da177e4
LT		 1500 }
1501 read_unlock(&tasklist_lock);
1502
47f86834 1503 spin_lock_irqsave(&tty->ctrl_lock, flags);
1da177e4 1504 tty->flags = 0;
d9c1e9a8
EB		 1505 put_pid(tty->session);
1506 put_pid(tty->pgrp);
ab521dc0
EB		 1507 tty->session = NULL;
1508 tty->pgrp = NULL;
1da177e4 1509 tty->ctrl_status = 0;
47f86834
AC		 1510 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1511
1da177e4 1512 /*
37bdfb07
AC		 1513 * If one of the devices matches a console pointer, we
1514 * cannot just call hangup() because that will cause
1515 * tty->count and state->count to go out of sync.
1516 * So we just call close() the right number of times.
1da177e4
LT		 1517 */
1518 if (cons_filp) {
1519 if (tty->driver->close)
1520 for (n = 0; n < closecount; n++)
1521 tty->driver->close(tty, cons_filp);
1522 } else if (tty->driver->hangup)
1523 (tty->driver->hangup)(tty);
37bdfb07
AC		 1524 /*
1525 * We don't want to have driver/ldisc interactions beyond
1526 * the ones we did here. The driver layer expects no
1527 * calls after ->hangup() from the ldisc side. However we
1528 * can't yet guarantee all that.
1529 */
1da177e4
LT		 1530 set_bit(TTY_HUPPED, &tty->flags);
1531 if (ld) {
1532 tty_ldisc_enable(tty);
1533 tty_ldisc_deref(ld);
1534 }
1535 unlock_kernel();
1536 if (f)
1537 fput(f);
1538}
1539
af9b897e
AC		 1540/**
1541 * tty_hangup - trigger a hangup event
1542 * @tty: tty to hangup
1543 *
1544 * A carrier loss (virtual or otherwise) has occurred on this like
1545 * schedule a hangup sequence to run after this event.
1546 */
1547
37bdfb07 1548void tty_hangup(struct tty_struct *tty)
1da177e4
LT		 1549{
1550#ifdef TTY_DEBUG_HANGUP
1551 char buf[64];
1da177e4
LT		 1552 printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
1553#endif
1554 schedule_work(&tty->hangup_work);
1555}
1556
1557EXPORT_SYMBOL(tty_hangup);
1558
af9b897e
AC		 1559/**
1560 * tty_vhangup - process vhangup
1561 * @tty: tty to hangup
1562 *
1563 * The user has asked via system call for the terminal to be hung up.
1564 * We do this synchronously so that when the syscall returns the process
3a4fa0a2 1565 * is complete. That guarantee is necessary for security reasons.
af9b897e
AC		 1566 */
1567
37bdfb07 1568void tty_vhangup(struct tty_struct *tty)
1da177e4
LT		 1569{
1570#ifdef TTY_DEBUG_HANGUP
1571 char buf[64];
1572
1573 printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
1574#endif
65f27f38 1575 do_tty_hangup(&tty->hangup_work);
1da177e4 1576}
37bdfb07 1577
1da177e4
LT		 1578EXPORT_SYMBOL(tty_vhangup);
1579
af9b897e
AC		 1580/**
1581 * tty_hung_up_p - was tty hung up
1582 * @filp: file pointer of tty
1583 *
1584 * Return true if the tty has been subject to a vhangup or a carrier
1585 * loss
1586 */
1587
37bdfb07 1588int tty_hung_up_p(struct file *filp)
1da177e4
LT		 1589{
1590 return (filp->f_op == &hung_up_tty_fops);
1591}
1592
1593EXPORT_SYMBOL(tty_hung_up_p);
1594
522ed776 1595/**
37bdfb07
AC		 1596 * is_tty - checker whether file is a TTY
1597 * @filp: file handle that may be a tty
1598 *
1599 * Check if the file handle is a tty handle.
522ed776 1600 */
37bdfb07 1601
522ed776
MT		 1602int is_tty(struct file *filp)
1603{
1604 return filp->f_op->read == tty_read
1605 || filp->f_op->read == hung_up_tty_read;
1606}
1607
ab521dc0 1608static void session_clear_tty(struct pid *session)
24ec839c
PZ		 1609{
1610 struct task_struct *p;
ab521dc0 1611 do_each_pid_task(session, PIDTYPE_SID, p) {
24ec839c 1612 proc_clear_tty(p);
ab521dc0 1613 } while_each_pid_task(session, PIDTYPE_SID, p);
24ec839c
PZ		 1614}
1615
af9b897e
AC		 1616/**
1617 * disassociate_ctty - disconnect controlling tty
1618 * @on_exit: true if exiting so need to "hang up" the session
1da177e4 1619 *
af9b897e
AC		 1620 * This function is typically called only by the session leader, when
1621 * it wants to disassociate itself from its controlling tty.
1622 *
1623 * It performs the following functions:
1da177e4
LT		 1624 * (1) Sends a SIGHUP and SIGCONT to the foreground process group
1625 * (2) Clears the tty from being controlling the session
1626 * (3) Clears the controlling tty for all processes in the
1627 * session group.
1628 *
af9b897e
AC		 1629 * The argument on_exit is set to 1 if called when a process is
1630 * exiting; it is 0 if called by the ioctl TIOCNOTTY.
1631 *
24ec839c 1632 * Locking:
af9b897e 1633 * BKL is taken for hysterical raisins
24ec839c
PZ		 1634 * tty_mutex is taken to protect tty
1635 * ->siglock is taken to protect ->signal/->sighand
1636 * tasklist_lock is taken to walk process list for sessions
1637 * ->siglock is taken to protect ->signal/->sighand
1da177e4 1638 */
af9b897e 1639
1da177e4
LT		 1640void disassociate_ctty(int on_exit)
1641{
1642 struct tty_struct *tty;
ab521dc0 1643 struct pid *tty_pgrp = NULL;
1da177e4 1644
1da177e4 1645
70522e12 1646 mutex_lock(&tty_mutex);
24ec839c 1647 tty = get_current_tty();
1da177e4 1648 if (tty) {
ab521dc0 1649 tty_pgrp = get_pid(tty->pgrp);
70522e12 1650 mutex_unlock(&tty_mutex);
04f378b1 1651 lock_kernel();
24ec839c 1652 /* XXX: here we race, there is nothing protecting tty */
1da177e4
LT		 1653 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY)
1654 tty_vhangup(tty);
04f378b1 1655 unlock_kernel();
680a9671 1656 } else if (on_exit) {
ab521dc0 1657 struct pid *old_pgrp;
680a9671
EB		 1658 spin_lock_irq(&current->sighand->siglock);
1659 old_pgrp = current->signal->tty_old_pgrp;
ab521dc0 1660 current->signal->tty_old_pgrp = NULL;
680a9671 1661 spin_unlock_irq(&current->sighand->siglock);
24ec839c 1662 if (old_pgrp) {
ab521dc0
EB		 1663 kill_pgrp(old_pgrp, SIGHUP, on_exit);
1664 kill_pgrp(old_pgrp, SIGCONT, on_exit);
1665 put_pid(old_pgrp);
1da177e4 1666 }
70522e12 1667 mutex_unlock(&tty_mutex);
1da177e4
LT		 1668 return;
1669 }
ab521dc0
EB		 1670 if (tty_pgrp) {
1671 kill_pgrp(tty_pgrp, SIGHUP, on_exit);
1da177e4 1672 if (!on_exit)
ab521dc0
EB		 1673 kill_pgrp(tty_pgrp, SIGCONT, on_exit);
1674 put_pid(tty_pgrp);
1da177e4
LT		 1675 }
1676
24ec839c 1677 spin_lock_irq(&current->sighand->siglock);
2a65f1d9 1678 put_pid(current->signal->tty_old_pgrp);
23cac8de 1679 current->signal->tty_old_pgrp = NULL;
24ec839c
PZ		 1680 spin_unlock_irq(&current->sighand->siglock);
1681
1682 mutex_lock(&tty_mutex);
1683 /* It is possible that do_tty_hangup has free'd this tty */
1684 tty = get_current_tty();
1685 if (tty) {
47f86834
AC		 1686 unsigned long flags;
1687 spin_lock_irqsave(&tty->ctrl_lock, flags);
ab521dc0
EB		 1688 put_pid(tty->session);
1689 put_pid(tty->pgrp);
1690 tty->session = NULL;
1691 tty->pgrp = NULL;
47f86834 1692 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
24ec839c
PZ		 1693 } else {
1694#ifdef TTY_DEBUG_HANGUP
1695 printk(KERN_DEBUG "error attempted to write to tty [0x%p]"
1696 " = NULL", tty);
1697#endif
1698 }
1699 mutex_unlock(&tty_mutex);
1da177e4
LT		 1700
1701 /* Now clear signal->tty under the lock */
1702 read_lock(&tasklist_lock);
ab521dc0 1703 session_clear_tty(task_session(current));
1da177e4 1704 read_unlock(&tasklist_lock);
1da177e4
LT		 1705}
1706
98a27ba4
EB		 1707/**
1708 *
1709 * no_tty - Ensure the current process does not have a controlling tty
1710 */
1711void no_tty(void)
1712{
1713 struct task_struct *tsk = current;
04f378b1 1714 lock_kernel();
98a27ba4
EB		 1715 if (tsk->signal->leader)
1716 disassociate_ctty(0);
04f378b1 1717 unlock_kernel();
98a27ba4
EB		 1718 proc_clear_tty(tsk);
1719}
1720
af9b897e
AC		 1721
1722/**
beb7dd86 1723 * stop_tty - propagate flow control
af9b897e
AC		 1724 * @tty: tty to stop
1725 *
1726 * Perform flow control to the driver. For PTY/TTY pairs we
beb7dd86 1727 * must also propagate the TIOCKPKT status. May be called
af9b897e
AC		 1728 * on an already stopped device and will not re-call the driver
1729 * method.
1730 *
1731 * This functionality is used by both the line disciplines for
1732 * halting incoming flow and by the driver. It may therefore be
1733 * called from any context, may be under the tty atomic_write_lock
1734 * but not always.
1735 *
1736 * Locking:
04f378b1 1737 * Uses the tty control lock internally
af9b897e
AC		 1738 */
1739
1da177e4
LT		 1740void stop_tty(struct tty_struct *tty)
1741{
04f378b1
AC		 1742 unsigned long flags;
1743 spin_lock_irqsave(&tty->ctrl_lock, flags);
1744 if (tty->stopped) {
1745 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1da177e4 1746 return;
04f378b1 1747 }
1da177e4
LT		 1748 tty->stopped = 1;
1749 if (tty->link && tty->link->packet) {
1750 tty->ctrl_status &= ~TIOCPKT_START;
1751 tty->ctrl_status |= TIOCPKT_STOP;
1752 wake_up_interruptible(&tty->link->read_wait);
1753 }
04f378b1 1754 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1da177e4
LT		 1755 if (tty->driver->stop)
1756 (tty->driver->stop)(tty);
1757}
1758
1759EXPORT_SYMBOL(stop_tty);
1760
af9b897e 1761/**
beb7dd86 1762 * start_tty - propagate flow control
af9b897e
AC		 1763 * @tty: tty to start
1764 *
1765 * Start a tty that has been stopped if at all possible. Perform
3a4fa0a2 1766 * any necessary wakeups and propagate the TIOCPKT status. If this
af9b897e
AC		 1767 * is the tty was previous stopped and is being started then the
1768 * driver start method is invoked and the line discipline woken.
1769 *
1770 * Locking:
04f378b1 1771 * ctrl_lock
af9b897e
AC		 1772 */
1773
1da177e4
LT		 1774void start_tty(struct tty_struct *tty)
1775{
04f378b1
AC		 1776 unsigned long flags;
1777 spin_lock_irqsave(&tty->ctrl_lock, flags);
1778 if (!tty->stopped || tty->flow_stopped) {
1779 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1da177e4 1780 return;
04f378b1 1781 }
1da177e4
LT		 1782 tty->stopped = 0;
1783 if (tty->link && tty->link->packet) {
1784 tty->ctrl_status &= ~TIOCPKT_STOP;
1785 tty->ctrl_status |= TIOCPKT_START;
1786 wake_up_interruptible(&tty->link->read_wait);
1787 }
04f378b1 1788 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1da177e4
LT		 1789 if (tty->driver->start)
1790 (tty->driver->start)(tty);
1da177e4
LT		 1791 /* If we have a running line discipline it may need kicking */
1792 tty_wakeup(tty);
1da177e4
LT		 1793}
1794
1795EXPORT_SYMBOL(start_tty);
1796
af9b897e
AC		 1797/**
1798 * tty_read - read method for tty device files
1799 * @file: pointer to tty file
1800 * @buf: user buffer
1801 * @count: size of user buffer
1802 * @ppos: unused
1803 *
1804 * Perform the read system call function on this terminal device. Checks
1805 * for hung up devices before calling the line discipline method.
1806 *
1807 * Locking:
47f86834
AC		 1808 * Locks the line discipline internally while needed. Multiple
1809 * read calls may be outstanding in parallel.
af9b897e
AC		 1810 */
1811
37bdfb07 1812static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
1da177e4
LT		 1813 loff_t *ppos)
1814{
1815 int i;
37bdfb07 1816 struct tty_struct *tty;
1da177e4
LT		 1817 struct inode *inode;
1818 struct tty_ldisc *ld;
1819
1820 tty = (struct tty_struct *)file->private_data;
a7113a96 1821 inode = file->f_path.dentry->d_inode;
1da177e4
LT		 1822 if (tty_paranoia_check(tty, inode, "tty_read"))
1823 return -EIO;
1824 if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
1825 return -EIO;
1826
1827 /* We want to wait for the line discipline to sort out in this
1828 situation */
1829 ld = tty_ldisc_ref_wait(tty);
1da177e4 1830 if (ld->read)
37bdfb07 1831 i = (ld->read)(tty, file, buf, count);
1da177e4
LT		 1832 else
1833 i = -EIO;
1834 tty_ldisc_deref(ld);
1da177e4
LT		 1835 if (i > 0)
1836 inode->i_atime = current_fs_time(inode->i_sb);
1837 return i;
1838}
1839
9c1729db
AC		 1840void tty_write_unlock(struct tty_struct *tty)
1841{
1842 mutex_unlock(&tty->atomic_write_lock);
1843 wake_up_interruptible(&tty->write_wait);
1844}
1845
1846int tty_write_lock(struct tty_struct *tty, int ndelay)
1847{
1848 if (!mutex_trylock(&tty->atomic_write_lock)) {
1849 if (ndelay)
1850 return -EAGAIN;
1851 if (mutex_lock_interruptible(&tty->atomic_write_lock))
1852 return -ERESTARTSYS;
1853 }
1854 return 0;
1855}
1856
1da177e4
LT		 1857/*
1858 * Split writes up in sane blocksizes to avoid
1859 * denial-of-service type attacks
1860 */
1861static inline ssize_t do_tty_write(
1862 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1863 struct tty_struct *tty,
1864 struct file *file,
1865 const char __user *buf,
1866 size_t count)
1867{
9c1729db 1868 ssize_t ret, written = 0;
1da177e4 1869 unsigned int chunk;
37bdfb07 1870
9c1729db
AC		 1871 ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
1872 if (ret < 0)
1873 return ret;
1da177e4
LT		 1874
1875 /*
1876 * We chunk up writes into a temporary buffer. This
1877 * simplifies low-level drivers immensely, since they
1878 * don't have locking issues and user mode accesses.
1879 *
1880 * But if TTY_NO_WRITE_SPLIT is set, we should use a
1881 * big chunk-size..
1882 *
1883 * The default chunk-size is 2kB, because the NTTY
1884 * layer has problems with bigger chunks. It will
1885 * claim to be able to handle more characters than
1886 * it actually does.
af9b897e
AC		 1887 *
1888 * FIXME: This can probably go away now except that 64K chunks
1889 * are too likely to fail unless switched to vmalloc...
1da177e4
LT		 1890 */
1891 chunk = 2048;
1892 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1893 chunk = 65536;
1894 if (count < chunk)
1895 chunk = count;
1896
70522e12 1897 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1da177e4
LT		 1898 if (tty->write_cnt < chunk) {
1899 unsigned char *buf;
1900
1901 if (chunk < 1024)
1902 chunk = 1024;
1903
1904 buf = kmalloc(chunk, GFP_KERNEL);
1905 if (!buf) {
9c1729db
AC		 1906 ret = -ENOMEM;
1907 goto out;
1da177e4
LT		 1908 }
1909 kfree(tty->write_buf);
1910 tty->write_cnt = chunk;
1911 tty->write_buf = buf;
1912 }
1913
1914 /* Do the write .. */
1915 for (;;) {
1916 size_t size = count;
1917 if (size > chunk)
1918 size = chunk;
1919 ret = -EFAULT;
1920 if (copy_from_user(tty->write_buf, buf, size))
1921 break;
1da177e4 1922 ret = write(tty, file, tty->write_buf, size);
1da177e4
LT		 1923 if (ret <= 0)
1924 break;
1925 written += ret;
1926 buf += ret;
1927 count -= ret;
1928 if (!count)
1929 break;
1930 ret = -ERESTARTSYS;
1931 if (signal_pending(current))
1932 break;
1933 cond_resched();
1934 }
1935 if (written) {
a7113a96 1936 struct inode *inode = file->f_path.dentry->d_inode;
1da177e4
LT		 1937 inode->i_mtime = current_fs_time(inode->i_sb);
1938 ret = written;
1939 }
9c1729db
AC		 1940out:
1941 tty_write_unlock(tty);
1da177e4
LT		 1942 return ret;
1943}
1944
1945
af9b897e
AC		 1946/**
1947 * tty_write - write method for tty device file
1948 * @file: tty file pointer
1949 * @buf: user data to write
1950 * @count: bytes to write
1951 * @ppos: unused
1952 *
1953 * Write data to a tty device via the line discipline.
1954 *
1955 * Locking:
1956 * Locks the line discipline as required
1957 * Writes to the tty driver are serialized by the atomic_write_lock
1958 * and are then processed in chunks to the device. The line discipline
1959 * write method will not be involked in parallel for each device
1960 * The line discipline write method is called under the big
1961 * kernel lock for historical reasons. New code should not rely on this.
1962 */
1963
37bdfb07
AC		 1964static ssize_t tty_write(struct file *file, const char __user *buf,
1965 size_t count, loff_t *ppos)
1da177e4 1966{
37bdfb07 1967 struct tty_struct *tty;
a7113a96 1968 struct inode *inode = file->f_path.dentry->d_inode;
1da177e4
LT		 1969 ssize_t ret;
1970 struct tty_ldisc *ld;
37bdfb07 1971
1da177e4
LT		 1972 tty = (struct tty_struct *)file->private_data;
1973 if (tty_paranoia_check(tty, inode, "tty_write"))
1974 return -EIO;
37bdfb07
AC		 1975 if (!tty || !tty->driver->write ||
1976 (test_bit(TTY_IO_ERROR, &tty->flags)))
1977 return -EIO;
1da177e4 1978
37bdfb07 1979 ld = tty_ldisc_ref_wait(tty);
1da177e4
LT		 1980 if (!ld->write)
1981 ret = -EIO;
1982 else
1983 ret = do_tty_write(ld->write, tty, file, buf, count);
1984 tty_ldisc_deref(ld);
1985 return ret;
1986}
1987
37bdfb07
AC		 1988ssize_t redirected_tty_write(struct file *file, const char __user *buf,
1989 size_t count, loff_t *ppos)
1da177e4
LT		 1990{
1991 struct file *p = NULL;
1992
1993 spin_lock(&redirect_lock);
1994 if (redirect) {
1995 get_file(redirect);
1996 p = redirect;
1997 }
1998 spin_unlock(&redirect_lock);
1999
2000 if (p) {
2001 ssize_t res;
2002 res = vfs_write(p, buf, count, &p->f_pos);
2003 fput(p);
2004 return res;
2005 }
1da177e4
LT		 2006 return tty_write(file, buf, count, ppos);
2007}
2008
2009static char ptychar[] = "pqrstuvwxyzabcde";
2010
af9b897e
AC		 2011/**
2012 * pty_line_name - generate name for a pty
2013 * @driver: the tty driver in use
2014 * @index: the minor number
2015 * @p: output buffer of at least 6 bytes
2016 *
2017 * Generate a name from a driver reference and write it to the output
2018 * buffer.
2019 *
2020 * Locking: None
2021 */
2022static void pty_line_name(struct tty_driver *driver, int index, char *p)
1da177e4
LT		 2023{
2024 int i = index + driver->name_base;
2025 /* ->name is initialized to "ttyp", but "tty" is expected */
2026 sprintf(p, "%s%c%x",
37bdfb07
AC		 2027 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
2028 ptychar[i >> 4 & 0xf], i & 0xf);
1da177e4
LT		 2029}
2030
af9b897e
AC		 2031/**
2032 * pty_line_name - generate name for a tty
2033 * @driver: the tty driver in use
2034 * @index: the minor number
2035 * @p: output buffer of at least 7 bytes
2036 *
2037 * Generate a name from a driver reference and write it to the output
2038 * buffer.
2039 *
2040 * Locking: None
2041 */
2042static void tty_line_name(struct tty_driver *driver, int index, char *p)
1da177e4
LT		 2043{
2044 sprintf(p, "%s%d", driver->name, index + driver->name_base);
2045}
2046
af9b897e
AC		 2047/**
2048 * init_dev - initialise a tty device
2049 * @driver: tty driver we are opening a device on
2050 * @idx: device index
2051 * @tty: returned tty structure
2052 *
2053 * Prepare a tty device. This may not be a "new" clean device but
2054 * could also be an active device. The pty drivers require special
2055 * handling because of this.
2056 *
2057 * Locking:
2058 * The function is called under the tty_mutex, which
2059 * protects us from the tty struct or driver itself going away.
2060 *
2061 * On exit the tty device has the line discipline attached and
2062 * a reference count of 1. If a pair was created for pty/tty use
2063 * and the other was a pty master then it too has a reference count of 1.
2064 *
1da177e4 2065 * WSH 06/09/97: Rewritten to remove races and properly clean up after a
70522e12
IM		 2066 * failed open. The new code protects the open with a mutex, so it's
2067 * really quite straightforward. The mutex locking can probably be
1da177e4
LT		 2068 * relaxed for the (most common) case of reopening a tty.
2069 */
af9b897e 2070
1da177e4
LT		 2071static int init_dev(struct tty_driver *driver, int idx,
2072 struct tty_struct **ret_tty)
2073{
2074 struct tty_struct *tty, *o_tty;
edc6afc5
AC		 2075 struct ktermios *tp, **tp_loc, *o_tp, **o_tp_loc;
2076 struct ktermios *ltp, **ltp_loc, *o_ltp, **o_ltp_loc;
af9b897e 2077 int retval = 0;
1da177e4
LT		 2078
2079 /* check whether we're reopening an existing tty */
2080 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
2081 tty = devpts_get_tty(idx);
5a39e8c6
ASRF		 2082 /*
2083 * If we don't have a tty here on a slave open, it's because
2084 * the master already started the close process and there's
2085 * no relation between devpts file and tty anymore.
2086 */
2087 if (!tty && driver->subtype == PTY_TYPE_SLAVE) {
2088 retval = -EIO;
2089 goto end_init;
2090 }
2091 /*
2092 * It's safe from now on because init_dev() is called with
2093 * tty_mutex held and release_dev() won't change tty->count
2094 * or tty->flags without having to grab tty_mutex
2095 */
1da177e4
LT		 2096 if (tty && driver->subtype == PTY_TYPE_MASTER)
2097 tty = tty->link;
2098 } else {
2099 tty = driver->ttys[idx];
2100 }
2101 if (tty) goto fast_track;
2102
2103 /*
2104 * First time open is complex, especially for PTY devices.
2105 * This code guarantees that either everything succeeds and the
2106 * TTY is ready for operation, or else the table slots are vacated
37bdfb07 2107 * and the allocated memory released. (Except that the termios
1da177e4
LT		 2108 * and locked termios may be retained.)
2109 */
2110
2111 if (!try_module_get(driver->owner)) {
2112 retval = -ENODEV;
2113 goto end_init;
2114 }
2115
2116 o_tty = NULL;
2117 tp = o_tp = NULL;
2118 ltp = o_ltp = NULL;
2119
2120 tty = alloc_tty_struct();
37bdfb07 2121 if (!tty)
1da177e4
LT		 2122 goto fail_no_mem;
2123 initialize_tty_struct(tty);
2124 tty->driver = driver;
2125 tty->index = idx;
2126 tty_line_name(driver, idx, tty->name);
2127
2128 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
2129 tp_loc = &tty->termios;
2130 ltp_loc = &tty->termios_locked;
2131 } else {
2132 tp_loc = &driver->termios[idx];
2133 ltp_loc = &driver->termios_locked[idx];
2134 }
2135
2136 if (!*tp_loc) {
abcb1ff3 2137 tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
1da177e4
LT		 2138 if (!tp)
2139 goto free_mem_out;
2140 *tp = driver->init_termios;
2141 }
2142
2143 if (!*ltp_loc) {
506eb99a 2144 ltp = kzalloc(sizeof(struct ktermios), GFP_KERNEL);
1da177e4
LT		 2145 if (!ltp)
2146 goto free_mem_out;
1da177e4
LT		 2147 }
2148
2149 if (driver->type == TTY_DRIVER_TYPE_PTY) {
2150 o_tty = alloc_tty_struct();
2151 if (!o_tty)
2152 goto free_mem_out;
2153 initialize_tty_struct(o_tty);
2154 o_tty->driver = driver->other;
2155 o_tty->index = idx;
2156 tty_line_name(driver->other, idx, o_tty->name);
2157
2158 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
2159 o_tp_loc = &o_tty->termios;
2160 o_ltp_loc = &o_tty->termios_locked;
2161 } else {
2162 o_tp_loc = &driver->other->termios[idx];
2163 o_ltp_loc = &driver->other->termios_locked[idx];
2164 }
2165
2166 if (!*o_tp_loc) {
abcb1ff3 2167 o_tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
1da177e4
LT		 2168 if (!o_tp)
2169 goto free_mem_out;
2170 *o_tp = driver->other->init_termios;
2171 }
2172
2173 if (!*o_ltp_loc) {
506eb99a 2174 o_ltp = kzalloc(sizeof(struct ktermios), GFP_KERNEL);
1da177e4
LT		 2175 if (!o_ltp)
2176 goto free_mem_out;
1da177e4
LT		 2177 }
2178
2179 /*
2180 * Everything allocated ... set up the o_tty structure.
2181 */
37bdfb07 2182 if (!(driver->other->flags & TTY_DRIVER_DEVPTS_MEM))
1da177e4 2183 driver->other->ttys[idx] = o_tty;
1da177e4
LT		 2184 if (!*o_tp_loc)
2185 *o_tp_loc = o_tp;
2186 if (!*o_ltp_loc)
2187 *o_ltp_loc = o_ltp;
2188 o_tty->termios = *o_tp_loc;
2189 o_tty->termios_locked = *o_ltp_loc;
2190 driver->other->refcount++;
2191 if (driver->subtype == PTY_TYPE_MASTER)
2192 o_tty->count++;
2193
2194 /* Establish the links in both directions */
2195 tty->link = o_tty;
2196 o_tty->link = tty;
2197 }
2198
37bdfb07 2199 /*
1da177e4 2200 * All structures have been allocated, so now we install them.
d5698c28 2201 * Failures after this point use release_tty to clean up, so
1da177e4
LT		 2202 * there's no need to null out the local pointers.
2203 */
37bdfb07 2204 if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM))
1da177e4 2205 driver->ttys[idx] = tty;
37bdfb07 2206
1da177e4
LT		 2207 if (!*tp_loc)
2208 *tp_loc = tp;
2209 if (!*ltp_loc)
2210 *ltp_loc = ltp;
2211 tty->termios = *tp_loc;
2212 tty->termios_locked = *ltp_loc;
edc6afc5
AC		 2213 /* Compatibility until drivers always set this */
2214 tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
2215 tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
1da177e4
LT		 2216 driver->refcount++;
2217 tty->count++;
2218
37bdfb07 2219 /*
1da177e4 2220 * Structures all installed ... call the ldisc open routines.
d5698c28
CH		 2221 * If we fail here just call release_tty to clean up. No need
2222 * to decrement the use counts, as release_tty doesn't care.
1da177e4
LT		 2223 */
2224
2225 if (tty->ldisc.open) {
2226 retval = (tty->ldisc.open)(tty);
2227 if (retval)
2228 goto release_mem_out;
2229 }
2230 if (o_tty && o_tty->ldisc.open) {
2231 retval = (o_tty->ldisc.open)(o_tty);
2232 if (retval) {
2233 if (tty->ldisc.close)
2234 (tty->ldisc.close)(tty);
2235 goto release_mem_out;
2236 }
2237 tty_ldisc_enable(o_tty);
2238 }
2239 tty_ldisc_enable(tty);
2240 goto success;
2241
2242 /*
2243 * This fast open can be used if the tty is already open.
2244 * No memory is allocated, and the only failures are from
2245 * attempting to open a closing tty or attempting multiple
2246 * opens on a pty master.
2247 */
2248fast_track:
2249 if (test_bit(TTY_CLOSING, &tty->flags)) {
2250 retval = -EIO;
2251 goto end_init;
2252 }
2253 if (driver->type == TTY_DRIVER_TYPE_PTY &&
2254 driver->subtype == PTY_TYPE_MASTER) {
2255 /*
37bdfb07 2256 * special case for PTY masters: only one open permitted,
1da177e4
LT		 2257 * and the slave side open count is incremented as well.
2258 */
2259 if (tty->count) {
2260 retval = -EIO;
2261 goto end_init;
2262 }
2263 tty->link->count++;
2264 }
2265 tty->count++;
2266 tty->driver = driver; /* N.B. why do this every time?? */
2267
2268 /* FIXME */
37bdfb07 2269 if (!test_bit(TTY_LDISC, &tty->flags))
1da177e4
LT		 2270 printk(KERN_ERR "init_dev but no ldisc\n");
2271success:
2272 *ret_tty = tty;
37bdfb07 2273
70522e12 2274 /* All paths come through here to release the mutex */
1da177e4
LT		 2275end_init:
2276 return retval;
2277
2278 /* Release locally allocated memory ... nothing placed in slots */
2279free_mem_out:
735d5661 2280 kfree(o_tp);
1da177e4
LT		 2281 if (o_tty)
2282 free_tty_struct(o_tty);
735d5661
JJ		 2283 kfree(ltp);
2284 kfree(tp);
1da177e4
LT		 2285 free_tty_struct(tty);
2286
2287fail_no_mem:
2288 module_put(driver->owner);
2289 retval = -ENOMEM;
2290 goto end_init;
2291
d5698c28 2292 /* call the tty release_tty routine to clean out this slot */
1da177e4 2293release_mem_out:
4050914f
AM		 2294 if (printk_ratelimit())
2295 printk(KERN_INFO "init_dev: ldisc open failed, "
2296 "clearing slot %d\n", idx);
d5698c28 2297 release_tty(tty, idx);
1da177e4
LT		 2298 goto end_init;
2299}
2300
af9b897e 2301/**
d5698c28 2302 * release_one_tty - release tty structure memory
af9b897e
AC		 2303 *
2304 * Releases memory associated with a tty structure, and clears out the
2305 * driver table slots. This function is called when a device is no longer
2306 * in use. It also gets called when setup of a device fails.
2307 *
2308 * Locking:
2309 * tty_mutex - sometimes only
2310 * takes the file list lock internally when working on the list
2311 * of ttys that the driver keeps.
2312 * FIXME: should we require tty_mutex is held here ??
1da177e4 2313 */
d5698c28 2314static void release_one_tty(struct tty_struct *tty, int idx)
1da177e4 2315{
1da177e4 2316 int devpts = tty->driver->flags & TTY_DRIVER_DEVPTS_MEM;
d5698c28 2317 struct ktermios *tp;
1da177e4
LT		 2318
2319 if (!devpts)
2320 tty->driver->ttys[idx] = NULL;
d5698c28 2321
1da177e4
LT		 2322 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
2323 tp = tty->termios;
2324 if (!devpts)
2325 tty->driver->termios[idx] = NULL;
2326 kfree(tp);
2327
2328 tp = tty->termios_locked;
2329 if (!devpts)
2330 tty->driver->termios_locked[idx] = NULL;
2331 kfree(tp);
2332 }
2333
d5698c28 2334
1da177e4
LT		 2335 tty->magic = 0;
2336 tty->driver->refcount--;
d5698c28 2337
1da177e4
LT		 2338 file_list_lock();
2339 list_del_init(&tty->tty_files);
2340 file_list_unlock();
d5698c28 2341
1da177e4
LT		 2342 free_tty_struct(tty);
2343}
2344
d5698c28
CH		 2345/**
2346 * release_tty - release tty structure memory
2347 *
2348 * Release both @tty and a possible linked partner (think pty pair),
2349 * and decrement the refcount of the backing module.
2350 *
2351 * Locking:
2352 * tty_mutex - sometimes only
2353 * takes the file list lock internally when working on the list
2354 * of ttys that the driver keeps.
2355 * FIXME: should we require tty_mutex is held here ??
2356 */
2357static void release_tty(struct tty_struct *tty, int idx)
2358{
2359 struct tty_driver *driver = tty->driver;
2360
2361 if (tty->link)
2362 release_one_tty(tty->link, idx);
2363 release_one_tty(tty, idx);
2364 module_put(driver->owner);
2365}
2366
1da177e4
LT		 2367/*
2368 * Even releasing the tty structures is a tricky business.. We have
2369 * to be very careful that the structures are all released at the
2370 * same time, as interrupts might otherwise get the wrong pointers.
2371 *
2372 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
2373 * lead to double frees or releasing memory still in use.
2374 */
37bdfb07 2375static void release_dev(struct file *filp)
1da177e4
LT		 2376{
2377 struct tty_struct *tty, *o_tty;
2378 int pty_master, tty_closing, o_tty_closing, do_sleep;
14a6283e 2379 int devpts;
1da177e4
LT		 2380 int idx;
2381 char buf[64];
2382 unsigned long flags;
37bdfb07 2383
1da177e4 2384 tty = (struct tty_struct *)filp->private_data;
37bdfb07
AC		 2385 if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode,
2386 "release_dev"))
1da177e4
LT		 2387 return;
2388
2389 check_tty_count(tty, "release_dev");
2390
2391 tty_fasync(-1, filp, 0);
2392
2393 idx = tty->index;
2394 pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2395 tty->driver->subtype == PTY_TYPE_MASTER);
2396 devpts = (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) != 0;
1da177e4
LT		 2397 o_tty = tty->link;
2398
2399#ifdef TTY_PARANOIA_CHECK
2400 if (idx < 0 || idx >= tty->driver->num) {
2401 printk(KERN_DEBUG "release_dev: bad idx when trying to "
2402 "free (%s)\n", tty->name);
2403 return;
2404 }
2405 if (!(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2406 if (tty != tty->driver->ttys[idx]) {
2407 printk(KERN_DEBUG "release_dev: driver.table[%d] not tty "
2408 "for (%s)\n", idx, tty->name);
2409 return;
2410 }
2411 if (tty->termios != tty->driver->termios[idx]) {
2412 printk(KERN_DEBUG "release_dev: driver.termios[%d] not termios "
2413 "for (%s)\n",
2414 idx, tty->name);
2415 return;
2416 }
2417 if (tty->termios_locked != tty->driver->termios_locked[idx]) {
2418 printk(KERN_DEBUG "release_dev: driver.termios_locked[%d] not "
2419 "termios_locked for (%s)\n",
2420 idx, tty->name);
2421 return;
2422 }
2423 }
2424#endif
2425
2426#ifdef TTY_DEBUG_HANGUP
2427 printk(KERN_DEBUG "release_dev of %s (tty count=%d)...",
2428 tty_name(tty, buf), tty->count);
2429#endif
2430
2431#ifdef TTY_PARANOIA_CHECK
2432 if (tty->driver->other &&
2433 !(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2434 if (o_tty != tty->driver->other->ttys[idx]) {
2435 printk(KERN_DEBUG "release_dev: other->table[%d] "
2436 "not o_tty for (%s)\n",
2437 idx, tty->name);
2438 return;
2439 }
2440 if (o_tty->termios != tty->driver->other->termios[idx]) {
2441 printk(KERN_DEBUG "release_dev: other->termios[%d] "
2442 "not o_termios for (%s)\n",
2443 idx, tty->name);
2444 return;
2445 }
37bdfb07 2446 if (o_tty->termios_locked !=
1da177e4
LT		 2447 tty->driver->other->termios_locked[idx]) {
2448 printk(KERN_DEBUG "release_dev: other->termios_locked["
2449 "%d] not o_termios_locked for (%s)\n",
2450 idx, tty->name);
2451 return;
2452 }
2453 if (o_tty->link != tty) {
2454 printk(KERN_DEBUG "release_dev: bad pty pointers\n");
2455 return;
2456 }
2457 }
2458#endif
2459 if (tty->driver->close)
2460 tty->driver->close(tty, filp);
2461
2462 /*
2463 * Sanity check: if tty->count is going to zero, there shouldn't be
2464 * any waiters on tty->read_wait or tty->write_wait. We test the
2465 * wait queues and kick everyone out _before_ actually starting to
2466 * close. This ensures that we won't block while releasing the tty
2467 * structure.
2468 *
2469 * The test for the o_tty closing is necessary, since the master and
2470 * slave sides may close in any order. If the slave side closes out
2471 * first, its count will be one, since the master side holds an open.
2472 * Thus this test wouldn't be triggered at the time the slave closes,
2473 * so we do it now.
2474 *
2475 * Note that it's possible for the tty to be opened again while we're
2476 * flushing out waiters. By recalculating the closing flags before
2477 * each iteration we avoid any problems.
2478 */
2479 while (1) {
2480 /* Guard against races with tty->count changes elsewhere and
2481 opens on /dev/tty */
37bdfb07 2482
70522e12 2483 mutex_lock(&tty_mutex);
1da177e4
LT		 2484 tty_closing = tty->count <= 1;
2485 o_tty_closing = o_tty &&
2486 (o_tty->count <= (pty_master ? 1 : 0));
1da177e4
LT		 2487 do_sleep = 0;
2488
2489 if (tty_closing) {
2490 if (waitqueue_active(&tty->read_wait)) {
2491 wake_up(&tty->read_wait);
2492 do_sleep++;
2493 }
2494 if (waitqueue_active(&tty->write_wait)) {
2495 wake_up(&tty->write_wait);
2496 do_sleep++;
2497 }
2498 }
2499 if (o_tty_closing) {
2500 if (waitqueue_active(&o_tty->read_wait)) {
2501 wake_up(&o_tty->read_wait);
2502 do_sleep++;
2503 }
2504 if (waitqueue_active(&o_tty->write_wait)) {
2505 wake_up(&o_tty->write_wait);
2506 do_sleep++;
2507 }
2508 }
2509 if (!do_sleep)
2510 break;
2511
2512 printk(KERN_WARNING "release_dev: %s: read/write wait queue "
2513 "active!\n", tty_name(tty, buf));
70522e12 2514 mutex_unlock(&tty_mutex);
1da177e4 2515 schedule();
37bdfb07 2516 }
1da177e4
LT		 2517
2518 /*
37bdfb07
AC		 2519 * The closing flags are now consistent with the open counts on
2520 * both sides, and we've completed the last operation that could
1da177e4
LT		 2521 * block, so it's safe to proceed with closing.
2522 */
1da177e4
LT		 2523 if (pty_master) {
2524 if (--o_tty->count < 0) {
2525 printk(KERN_WARNING "release_dev: bad pty slave count "
2526 "(%d) for %s\n",
2527 o_tty->count, tty_name(o_tty, buf));
2528 o_tty->count = 0;
2529 }
2530 }
2531 if (--tty->count < 0) {
2532 printk(KERN_WARNING "release_dev: bad tty->count (%d) for %s\n",
2533 tty->count, tty_name(tty, buf));
2534 tty->count = 0;
2535 }
37bdfb07 2536
1da177e4
LT		 2537 /*
2538 * We've decremented tty->count, so we need to remove this file
2539 * descriptor off the tty->tty_files list; this serves two
2540 * purposes:
2541 * - check_tty_count sees the correct number of file descriptors
2542 * associated with this tty.
2543 * - do_tty_hangup no longer sees this file descriptor as
2544 * something that needs to be handled for hangups.
2545 */
2546 file_kill(filp);
2547 filp->private_data = NULL;
2548
2549 /*
2550 * Perform some housekeeping before deciding whether to return.
2551 *
2552 * Set the TTY_CLOSING flag if this was the last open. In the
2553 * case of a pty we may have to wait around for the other side
2554 * to close, and TTY_CLOSING makes sure we can't be reopened.
2555 */
37bdfb07 2556 if (tty_closing)
1da177e4 2557 set_bit(TTY_CLOSING, &tty->flags);
37bdfb07 2558 if (o_tty_closing)
1da177e4
LT		 2559 set_bit(TTY_CLOSING, &o_tty->flags);
2560
2561 /*
2562 * If _either_ side is closing, make sure there aren't any
2563 * processes that still think tty or o_tty is their controlling
2564 * tty.
2565 */
2566 if (tty_closing || o_tty_closing) {
1da177e4 2567 read_lock(&tasklist_lock);
24ec839c 2568 session_clear_tty(tty->session);
1da177e4 2569 if (o_tty)
24ec839c 2570 session_clear_tty(o_tty->session);
1da177e4
LT		 2571 read_unlock(&tasklist_lock);
2572 }
2573
70522e12 2574 mutex_unlock(&tty_mutex);
da965822 2575
1da177e4
LT		 2576 /* check whether both sides are closing ... */
2577 if (!tty_closing || (o_tty && !o_tty_closing))
2578 return;
37bdfb07 2579
1da177e4
LT		 2580#ifdef TTY_DEBUG_HANGUP
2581 printk(KERN_DEBUG "freeing tty structure...");
2582#endif
2583 /*
2584 * Prevent flush_to_ldisc() from rescheduling the work for later. Then
2585 * kill any delayed work. As this is the final close it does not
2586 * race with the set_ldisc code path.
2587 */
2588 clear_bit(TTY_LDISC, &tty->flags);
33f0f88f 2589 cancel_delayed_work(&tty->buf.work);
1da177e4
LT		 2590
2591 /*
33f0f88f 2592 * Wait for ->hangup_work and ->buf.work handlers to terminate
1da177e4 2593 */
37bdfb07 2594
1da177e4 2595 flush_scheduled_work();
37bdfb07 2596
1da177e4
LT		 2597 /*
2598 * Wait for any short term users (we know they are just driver
2599 * side waiters as the file is closing so user count on the file
2600 * side is zero.
2601 */
2602 spin_lock_irqsave(&tty_ldisc_lock, flags);
37bdfb07 2603 while (tty->ldisc.refcount) {
1da177e4
LT		 2604 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
2605 wait_event(tty_ldisc_wait, tty->ldisc.refcount == 0);
2606 spin_lock_irqsave(&tty_ldisc_lock, flags);
2607 }
2608 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
2609 /*
2610 * Shutdown the current line discipline, and reset it to N_TTY.
2611 * N.B. why reset ldisc when we're releasing the memory??
2612 *
2613 * FIXME: this MUST get fixed for the new reflocking
2614 */
2615 if (tty->ldisc.close)
2616 (tty->ldisc.close)(tty);
2617 tty_ldisc_put(tty->ldisc.num);
37bdfb07 2618
1da177e4
LT		 2619 /*
2620 * Switch the line discipline back
2621 */
2622 tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
37bdfb07 2623 tty_set_termios_ldisc(tty, N_TTY);
1da177e4
LT		 2624 if (o_tty) {
2625 /* FIXME: could o_tty be in setldisc here ? */
2626 clear_bit(TTY_LDISC, &o_tty->flags);
2627 if (o_tty->ldisc.close)
2628 (o_tty->ldisc.close)(o_tty);
2629 tty_ldisc_put(o_tty->ldisc.num);
2630 tty_ldisc_assign(o_tty, tty_ldisc_get(N_TTY));
37bdfb07 2631 tty_set_termios_ldisc(o_tty, N_TTY);
1da177e4
LT		 2632 }
2633 /*
d5698c28 2634 * The release_tty function takes care of the details of clearing
1da177e4
LT		 2635 * the slots and preserving the termios structure.
2636 */
d5698c28 2637 release_tty(tty, idx);
1da177e4
LT		 2638
2639#ifdef CONFIG_UNIX98_PTYS
2640 /* Make this pty number available for reallocation */
2641 if (devpts) {
a6752f3f 2642 mutex_lock(&allocated_ptys_lock);
1da177e4 2643 idr_remove(&allocated_ptys, idx);
a6752f3f 2644 mutex_unlock(&allocated_ptys_lock);
1da177e4
LT		 2645 }
2646#endif
2647
2648}
2649
af9b897e
AC		 2650/**
2651 * tty_open - open a tty device
2652 * @inode: inode of device file
2653 * @filp: file pointer to tty
1da177e4 2654 *
af9b897e
AC		 2655 * tty_open and tty_release keep up the tty count that contains the
2656 * number of opens done on a tty. We cannot use the inode-count, as
2657 * different inodes might point to the same tty.
1da177e4 2658 *
af9b897e
AC		 2659 * Open-counting is needed for pty masters, as well as for keeping
2660 * track of serial lines: DTR is dropped when the last close happens.
2661 * (This is not done solely through tty->count, now. - Ted 1/27/92)
2662 *
2663 * The termios state of a pty is reset on first open so that
2664 * settings don't persist across reuse.
2665 *
24ec839c
PZ		 2666 * Locking: tty_mutex protects tty, get_tty_driver and init_dev work.
2667 * tty->count should protect the rest.
2668 * ->siglock protects ->signal/->sighand
1da177e4 2669 */
af9b897e 2670
37bdfb07 2671static int tty_open(struct inode *inode, struct file *filp)
1da177e4
LT		 2672{
2673 struct tty_struct *tty;
2674 int noctty, retval;
2675 struct tty_driver *driver;
2676 int index;
2677 dev_t device = inode->i_rdev;
2678 unsigned short saved_flags = filp->f_flags;
2679
2680 nonseekable_open(inode, filp);
37bdfb07 2681
1da177e4
LT		 2682retry_open:
2683 noctty = filp->f_flags & O_NOCTTY;
2684 index = -1;
2685 retval = 0;
37bdfb07 2686
70522e12 2687 mutex_lock(&tty_mutex);
1da177e4 2688
37bdfb07 2689 if (device == MKDEV(TTYAUX_MAJOR, 0)) {
24ec839c
PZ		 2690 tty = get_current_tty();
2691 if (!tty) {
70522e12 2692 mutex_unlock(&tty_mutex);
1da177e4
LT		 2693 return -ENXIO;
2694 }
24ec839c
PZ		 2695 driver = tty->driver;
2696 index = tty->index;
1da177e4
LT		 2697 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
2698 /* noctty = 1; */
2699 goto got_driver;
2700 }
2701#ifdef CONFIG_VT
37bdfb07 2702 if (device == MKDEV(TTY_MAJOR, 0)) {
1da177e4
LT		 2703 extern struct tty_driver *console_driver;
2704 driver = console_driver;
2705 index = fg_console;
2706 noctty = 1;
2707 goto got_driver;
2708 }
2709#endif
37bdfb07 2710 if (device == MKDEV(TTYAUX_MAJOR, 1)) {
1da177e4
LT		 2711 driver = console_device(&index);
2712 if (driver) {
2713 /* Don't let /dev/console block */
2714 filp->f_flags |= O_NONBLOCK;
2715 noctty = 1;
2716 goto got_driver;
2717 }
70522e12 2718 mutex_unlock(&tty_mutex);
1da177e4
LT		 2719 return -ENODEV;
2720 }
2721
2722 driver = get_tty_driver(device, &index);
2723 if (!driver) {
70522e12 2724 mutex_unlock(&tty_mutex);
1da177e4
LT		 2725 return -ENODEV;
2726 }
2727got_driver:
2728 retval = init_dev(driver, index, &tty);
70522e12 2729 mutex_unlock(&tty_mutex);
1da177e4
LT		 2730 if (retval)
2731 return retval;
2732
2733 filp->private_data = tty;
2734 file_move(filp, &tty->tty_files);
2735 check_tty_count(tty, "tty_open");
2736 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2737 tty->driver->subtype == PTY_TYPE_MASTER)
2738 noctty = 1;
2739#ifdef TTY_DEBUG_HANGUP
2740 printk(KERN_DEBUG "opening %s...", tty->name);
2741#endif
2742 if (!retval) {
2743 if (tty->driver->open)
2744 retval = tty->driver->open(tty, filp);
2745 else
2746 retval = -ENODEV;
2747 }
2748 filp->f_flags = saved_flags;
2749
37bdfb07
AC		 2750 if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) &&
2751 !capable(CAP_SYS_ADMIN))
1da177e4
LT		 2752 retval = -EBUSY;
2753
2754 if (retval) {
2755#ifdef TTY_DEBUG_HANGUP
2756 printk(KERN_DEBUG "error %d in opening %s...", retval,
2757 tty->name);
2758#endif
2759 release_dev(filp);
2760 if (retval != -ERESTARTSYS)
2761 return retval;
2762 if (signal_pending(current))
2763 return retval;
2764 schedule();
2765 /*
2766 * Need to reset f_op in case a hangup happened.
2767 */
2768 if (filp->f_op == &hung_up_tty_fops)
2769 filp->f_op = &tty_fops;
2770 goto retry_open;
2771 }
24ec839c
PZ		 2772
2773 mutex_lock(&tty_mutex);
2774 spin_lock_irq(&current->sighand->siglock);
1da177e4
LT		 2775 if (!noctty &&
2776 current->signal->leader &&
2777 !current->signal->tty &&
ab521dc0 2778 tty->session == NULL)
2a65f1d9 2779 __proc_set_tty(current, tty);
24ec839c
PZ		 2780 spin_unlock_irq(&current->sighand->siglock);
2781 mutex_unlock(&tty_mutex);
1da177e4
LT		 2782 return 0;
2783}
2784
2785#ifdef CONFIG_UNIX98_PTYS
af9b897e
AC		 2786/**
2787 * ptmx_open - open a unix 98 pty master
2788 * @inode: inode of device file
2789 * @filp: file pointer to tty
2790 *
2791 * Allocate a unix98 pty master device from the ptmx driver.
2792 *
2793 * Locking: tty_mutex protects theinit_dev work. tty->count should
37bdfb07 2794 * protect the rest.
af9b897e
AC		 2795 * allocated_ptys_lock handles the list of free pty numbers
2796 */
2797
37bdfb07 2798static int ptmx_open(struct inode *inode, struct file *filp)
1da177e4
LT		 2799{
2800 struct tty_struct *tty;
2801 int retval;
2802 int index;
2803 int idr_ret;
2804
2805 nonseekable_open(inode, filp);
2806
2807 /* find a device that is not in use. */
a6752f3f 2808 mutex_lock(&allocated_ptys_lock);
1da177e4 2809 if (!idr_pre_get(&allocated_ptys, GFP_KERNEL)) {
a6752f3f 2810 mutex_unlock(&allocated_ptys_lock);
1da177e4
LT		 2811 return -ENOMEM;
2812 }
2813 idr_ret = idr_get_new(&allocated_ptys, NULL, &index);
2814 if (idr_ret < 0) {
a6752f3f 2815 mutex_unlock(&allocated_ptys_lock);
1da177e4
LT		 2816 if (idr_ret == -EAGAIN)
2817 return -ENOMEM;
2818 return -EIO;
2819 }
2820 if (index >= pty_limit) {
2821 idr_remove(&allocated_ptys, index);
a6752f3f 2822 mutex_unlock(&allocated_ptys_lock);
1da177e4
LT		 2823 return -EIO;
2824 }
a6752f3f 2825 mutex_unlock(&allocated_ptys_lock);
1da177e4 2826
70522e12 2827 mutex_lock(&tty_mutex);
1da177e4 2828 retval = init_dev(ptm_driver, index, &tty);
70522e12 2829 mutex_unlock(&tty_mutex);
37bdfb07 2830
1da177e4
LT		 2831 if (retval)
2832 goto out;
2833
2834 set_bit(TTY_PTY_LOCK, &tty->flags); /* LOCK THE SLAVE */
2835 filp->private_data = tty;
2836 file_move(filp, &tty->tty_files);
2837
2838 retval = -ENOMEM;
2839 if (devpts_pty_new(tty->link))
2840 goto out1;
2841
2842 check_tty_count(tty, "tty_open");
2843 retval = ptm_driver->open(tty, filp);
41126226 2844 if (!retval)
1da177e4
LT		 2845 return 0;
2846out1:
2847 release_dev(filp);
9453a5ad 2848 return retval;
1da177e4 2849out:
a6752f3f 2850 mutex_lock(&allocated_ptys_lock);
1da177e4 2851 idr_remove(&allocated_ptys, index);
a6752f3f 2852 mutex_unlock(&allocated_ptys_lock);
1da177e4
LT		 2853 return retval;
2854}
2855#endif
2856
af9b897e
AC		 2857/**
2858 * tty_release - vfs callback for close
2859 * @inode: inode of tty
2860 * @filp: file pointer for handle to tty
2861 *
2862 * Called the last time each file handle is closed that references
2863 * this tty. There may however be several such references.
2864 *
2865 * Locking:
2866 * Takes bkl. See release_dev
2867 */
2868
37bdfb07 2869static int tty_release(struct inode *inode, struct file *filp)
1da177e4
LT		 2870{
2871 lock_kernel();
2872 release_dev(filp);
2873 unlock_kernel();
2874 return 0;
2875}
2876
af9b897e
AC		 2877/**
2878 * tty_poll - check tty status
2879 * @filp: file being polled
2880 * @wait: poll wait structures to update
2881 *
2882 * Call the line discipline polling method to obtain the poll
2883 * status of the device.
2884 *
2885 * Locking: locks called line discipline but ldisc poll method
2886 * may be re-entered freely by other callers.
2887 */
2888
37bdfb07 2889static unsigned int tty_poll(struct file *filp, poll_table *wait)
1da177e4 2890{
37bdfb07 2891 struct tty_struct *tty;
1da177e4
LT		 2892 struct tty_ldisc *ld;
2893 int ret = 0;
2894
2895 tty = (struct tty_struct *)filp->private_data;
a7113a96 2896 if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_poll"))
1da177e4 2897 return 0;
37bdfb07 2898
1da177e4
LT		 2899 ld = tty_ldisc_ref_wait(tty);
2900 if (ld->poll)
2901 ret = (ld->poll)(tty, filp, wait);
2902 tty_ldisc_deref(ld);
2903 return ret;
2904}
2905
37bdfb07 2906static int tty_fasync(int fd, struct file *filp, int on)
1da177e4 2907{
37bdfb07 2908 struct tty_struct *tty;
47f86834 2909 unsigned long flags;
1da177e4
LT		 2910 int retval;
2911
2912 tty = (struct tty_struct *)filp->private_data;
a7113a96 2913 if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_fasync"))
1da177e4 2914 return 0;
37bdfb07 2915
1da177e4
LT		 2916 retval = fasync_helper(fd, filp, on, &tty->fasync);
2917 if (retval <= 0)
2918 return retval;
2919
2920 if (on) {
ab521dc0
EB		 2921 enum pid_type type;
2922 struct pid *pid;
1da177e4
LT		 2923 if (!waitqueue_active(&tty->read_wait))
2924 tty->minimum_to_wake = 1;
47f86834 2925 spin_lock_irqsave(&tty->ctrl_lock, flags);
ab521dc0
EB		 2926 if (tty->pgrp) {
2927 pid = tty->pgrp;
2928 type = PIDTYPE_PGID;
2929 } else {
2930 pid = task_pid(current);
2931 type = PIDTYPE_PID;
2932 }
47f86834 2933 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
ab521dc0 2934 retval = __f_setown(filp, pid, type, 0);
1da177e4
LT		 2935 if (retval)
2936 return retval;
2937 } else {
2938 if (!tty->fasync && !waitqueue_active(&tty->read_wait))
2939 tty->minimum_to_wake = N_TTY_BUF_SIZE;
2940 }
2941 return 0;
2942}
2943
af9b897e
AC		 2944/**
2945 * tiocsti - fake input character
2946 * @tty: tty to fake input into
2947 * @p: pointer to character
2948 *
3a4fa0a2 2949 * Fake input to a tty device. Does the necessary locking and
af9b897e
AC		 2950 * input management.
2951 *
2952 * FIXME: does not honour flow control ??
2953 *
2954 * Locking:
2955 * Called functions take tty_ldisc_lock
2956 * current->signal->tty check is safe without locks
28298232
AC		 2957 *
2958 * FIXME: may race normal receive processing
af9b897e
AC		 2959 */
2960
1da177e4
LT		 2961static int tiocsti(struct tty_struct *tty, char __user *p)
2962{
2963 char ch, mbz = 0;
2964 struct tty_ldisc *ld;
37bdfb07 2965
1da177e4
LT		 2966 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2967 return -EPERM;
2968 if (get_user(ch, p))
2969 return -EFAULT;
2970 ld = tty_ldisc_ref_wait(tty);
2971 ld->receive_buf(tty, &ch, &mbz, 1);
2972 tty_ldisc_deref(ld);
2973 return 0;
2974}
2975
af9b897e
AC		 2976/**
2977 * tiocgwinsz - implement window query ioctl
2978 * @tty; tty
2979 * @arg: user buffer for result
2980 *
808a0d38 2981 * Copies the kernel idea of the window size into the user buffer.
af9b897e 2982 *
24ec839c 2983 * Locking: tty->termios_mutex is taken to ensure the winsize data
808a0d38 2984 * is consistent.
af9b897e
AC		 2985 */
2986
37bdfb07 2987static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
1da177e4 2988{
808a0d38
AC		 2989 int err;
2990
5785c95b 2991 mutex_lock(&tty->termios_mutex);
808a0d38 2992 err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
5785c95b 2993 mutex_unlock(&tty->termios_mutex);
808a0d38
AC		 2994
2995 return err ? -EFAULT: 0;
1da177e4
LT		 2996}
2997
af9b897e
AC		 2998/**
2999 * tiocswinsz - implement window size set ioctl
3000 * @tty; tty
3001 * @arg: user buffer for result
3002 *
3003 * Copies the user idea of the window size to the kernel. Traditionally
3004 * this is just advisory information but for the Linux console it
3005 * actually has driver level meaning and triggers a VC resize.
3006 *
3007 * Locking:
ca9bda00
AC		 3008 * Called function use the console_sem is used to ensure we do
3009 * not try and resize the console twice at once.
24ec839c
PZ		 3010 * The tty->termios_mutex is used to ensure we don't double
3011 * resize and get confused. Lock order - tty->termios_mutex before
ca9bda00 3012 * console sem
af9b897e
AC		 3013 */
3014
1da177e4 3015static int tiocswinsz(struct tty_struct *tty, struct tty_struct *real_tty,
37bdfb07 3016 struct winsize __user *arg)
1da177e4
LT		 3017{
3018 struct winsize tmp_ws;
47f86834
AC		 3019 struct pid *pgrp, *rpgrp;
3020 unsigned long flags;
1da177e4
LT		 3021
3022 if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
3023 return -EFAULT;
ca9bda00 3024
5785c95b 3025 mutex_lock(&tty->termios_mutex);
1da177e4 3026 if (!memcmp(&tmp_ws, &tty->winsize, sizeof(*arg)))
ca9bda00
AC		 3027 goto done;
3028
1da177e4
LT		 3029#ifdef CONFIG_VT
3030 if (tty->driver->type == TTY_DRIVER_TYPE_CONSOLE) {
5785c95b
AV		 3031 if (vc_lock_resize(tty->driver_data, tmp_ws.ws_col,
3032 tmp_ws.ws_row)) {
3033 mutex_unlock(&tty->termios_mutex);
37bdfb07 3034 return -ENXIO;
ca9bda00 3035 }
1da177e4
LT		 3036 }
3037#endif
47f86834
AC		 3038 /* Get the PID values and reference them so we can
3039 avoid holding the tty ctrl lock while sending signals */
3040 spin_lock_irqsave(&tty->ctrl_lock, flags);
3041 pgrp = get_pid(tty->pgrp);
3042 rpgrp = get_pid(real_tty->pgrp);
3043 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
3044
3045 if (pgrp)
3046 kill_pgrp(pgrp, SIGWINCH, 1);
3047 if (rpgrp != pgrp && rpgrp)
3048 kill_pgrp(rpgrp, SIGWINCH, 1);
3049
3050 put_pid(pgrp);
3051 put_pid(rpgrp);
3052
1da177e4
LT		 3053 tty->winsize = tmp_ws;
3054 real_tty->winsize = tmp_ws;
ca9bda00 3055done:
5785c95b 3056 mutex_unlock(&tty->termios_mutex);
1da177e4
LT		 3057 return 0;
3058}
3059
af9b897e
AC		 3060/**
3061 * tioccons - allow admin to move logical console
3062 * @file: the file to become console
3063 *
3064 * Allow the adminstrator to move the redirected console device
3065 *
3066 * Locking: uses redirect_lock to guard the redirect information
3067 */
3068
1da177e4
LT		 3069static int tioccons(struct file *file)
3070{
3071 if (!capable(CAP_SYS_ADMIN))
3072 return -EPERM;
3073 if (file->f_op->write == redirected_tty_write) {
3074 struct file *f;
3075 spin_lock(&redirect_lock);
3076 f = redirect;
3077 redirect = NULL;
3078 spin_unlock(&redirect_lock);
3079 if (f)
3080 fput(f);
3081 return 0;
3082 }
3083 spin_lock(&redirect_lock);
3084 if (redirect) {
3085 spin_unlock(&redirect_lock);
3086 return -EBUSY;
3087 }
3088 get_file(file);
3089 redirect = file;
3090 spin_unlock(&redirect_lock);
3091 return 0;
3092}
3093
af9b897e
AC		 3094/**
3095 * fionbio - non blocking ioctl
3096 * @file: file to set blocking value
3097 * @p: user parameter
3098 *
3099 * Historical tty interfaces had a blocking control ioctl before
3100 * the generic functionality existed. This piece of history is preserved
3101 * in the expected tty API of posix OS's.
3102 *
3103 * Locking: none, the open fle handle ensures it won't go away.
3104 */
1da177e4
LT		 3105
3106static int fionbio(struct file *file, int __user *p)
3107{
3108 int nonblock;
3109
3110 if (get_user(nonblock, p))
3111 return -EFAULT;
3112
04f378b1
AC		 3113 /* file->f_flags is still BKL protected in the fs layer - vomit */
3114 lock_kernel();
1da177e4
LT		 3115 if (nonblock)
3116 file->f_flags |= O_NONBLOCK;
3117 else
3118 file->f_flags &= ~O_NONBLOCK;
04f378b1 3119 unlock_kernel();
1da177e4
LT		 3120 return 0;
3121}
3122
af9b897e
AC		 3123/**
3124 * tiocsctty - set controlling tty
3125 * @tty: tty structure
3126 * @arg: user argument
3127 *
3128 * This ioctl is used to manage job control. It permits a session
3129 * leader to set this tty as the controlling tty for the session.
3130 *
3131 * Locking:
28298232 3132 * Takes tty_mutex() to protect tty instance
24ec839c
PZ		 3133 * Takes tasklist_lock internally to walk sessions
3134 * Takes ->siglock() when updating signal->tty
af9b897e
AC		 3135 */
3136
1da177e4
LT		 3137static int tiocsctty(struct tty_struct *tty, int arg)
3138{
24ec839c 3139 int ret = 0;
ab521dc0 3140 if (current->signal->leader && (task_session(current) == tty->session))
24ec839c
PZ		 3141 return ret;
3142
3143 mutex_lock(&tty_mutex);
1da177e4
LT		 3144 /*
3145 * The process must be a session leader and
3146 * not have a controlling tty already.
3147 */
24ec839c
PZ		 3148 if (!current->signal->leader || current->signal->tty) {
3149 ret = -EPERM;
3150 goto unlock;
3151 }
3152
ab521dc0 3153 if (tty->session) {
1da177e4
LT		 3154 /*
3155 * This tty is already the controlling
3156 * tty for another session group!
3157 */
37bdfb07 3158 if (arg == 1 && capable(CAP_SYS_ADMIN)) {
1da177e4
LT		 3159 /*
3160 * Steal it away
3161 */
1da177e4 3162 read_lock(&tasklist_lock);
24ec839c 3163 session_clear_tty(tty->session);
1da177e4 3164 read_unlock(&tasklist_lock);
24ec839c
PZ		 3165 } else {
3166 ret = -EPERM;
3167 goto unlock;
3168 }
1da177e4 3169 }
24ec839c
PZ		 3170 proc_set_tty(current, tty);
3171unlock:
28298232 3172 mutex_unlock(&tty_mutex);
24ec839c 3173 return ret;
1da177e4
LT		 3174}
3175
5d0fdf1e
AC		 3176/**
3177 * tty_get_pgrp - return a ref counted pgrp pid
3178 * @tty: tty to read
3179 *
3180 * Returns a refcounted instance of the pid struct for the process
3181 * group controlling the tty.
3182 */
3183
3184struct pid *tty_get_pgrp(struct tty_struct *tty)
3185{
3186 unsigned long flags;
3187 struct pid *pgrp;
3188
3189 spin_lock_irqsave(&tty->ctrl_lock, flags);
3190 pgrp = get_pid(tty->pgrp);
3191 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
3192
3193 return pgrp;
3194}
3195EXPORT_SYMBOL_GPL(tty_get_pgrp);
3196
af9b897e
AC		 3197/**
3198 * tiocgpgrp - get process group
3199 * @tty: tty passed by user
3200 * @real_tty: tty side of the tty pased by the user if a pty else the tty
3201 * @p: returned pid
3202 *
3203 * Obtain the process group of the tty. If there is no process group
3204 * return an error.
3205 *
24ec839c 3206 * Locking: none. Reference to current->signal->tty is safe.
af9b897e
AC		 3207 */
3208
1da177e4
LT		 3209static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3210{
5d0fdf1e
AC		 3211 struct pid *pid;
3212 int ret;
1da177e4
LT		 3213 /*
3214 * (tty == real_tty) is a cheap way of
3215 * testing if the tty is NOT a master pty.
3216 */
3217 if (tty == real_tty && current->signal->tty != real_tty)
3218 return -ENOTTY;
5d0fdf1e
AC		 3219 pid = tty_get_pgrp(real_tty);
3220 ret = put_user(pid_vnr(pid), p);
3221 put_pid(pid);
3222 return ret;
1da177e4
LT		 3223}
3224
af9b897e
AC		 3225/**
3226 * tiocspgrp - attempt to set process group
3227 * @tty: tty passed by user
3228 * @real_tty: tty side device matching tty passed by user
3229 * @p: pid pointer
3230 *
3231 * Set the process group of the tty to the session passed. Only
3232 * permitted where the tty session is our session.
3233 *
47f86834 3234 * Locking: RCU, ctrl lock
af9b897e
AC		 3235 */
3236
1da177e4
LT		 3237static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3238{
04a2e6a5
EB		 3239 struct pid *pgrp;
3240 pid_t pgrp_nr;
1da177e4 3241 int retval = tty_check_change(real_tty);
47f86834 3242 unsigned long flags;
1da177e4
LT		 3243
3244 if (retval == -EIO)
3245 return -ENOTTY;
3246 if (retval)
3247 return retval;
3248 if (!current->signal->tty ||
3249 (current->signal->tty != real_tty) ||
ab521dc0 3250 (real_tty->session != task_session(current)))
1da177e4 3251 return -ENOTTY;
04a2e6a5 3252 if (get_user(pgrp_nr, p))
1da177e4 3253 return -EFAULT;
04a2e6a5 3254 if (pgrp_nr < 0)
1da177e4 3255 return -EINVAL;
04a2e6a5 3256 rcu_read_lock();
b488893a 3257 pgrp = find_vpid(pgrp_nr);
04a2e6a5
EB		 3258 retval = -ESRCH;
3259 if (!pgrp)
3260 goto out_unlock;
3261 retval = -EPERM;
3262 if (session_of_pgrp(pgrp) != task_session(current))
3263 goto out_unlock;
3264 retval = 0;
47f86834 3265 spin_lock_irqsave(&tty->ctrl_lock, flags);
ab521dc0
EB		 3266 put_pid(real_tty->pgrp);
3267 real_tty->pgrp = get_pid(pgrp);
47f86834 3268 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
04a2e6a5
EB		 3269out_unlock:
3270 rcu_read_unlock();
3271 return retval;
1da177e4
LT		 3272}
3273
af9b897e
AC		 3274/**
3275 * tiocgsid - get session id
3276 * @tty: tty passed by user
3277 * @real_tty: tty side of the tty pased by the user if a pty else the tty
3278 * @p: pointer to returned session id
3279 *
3280 * Obtain the session id of the tty. If there is no session
3281 * return an error.
3282 *
24ec839c 3283 * Locking: none. Reference to current->signal->tty is safe.
af9b897e
AC		 3284 */
3285
1da177e4
LT		 3286static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3287{
3288 /*
3289 * (tty == real_tty) is a cheap way of
3290 * testing if the tty is NOT a master pty.
3291 */
3292 if (tty == real_tty && current->signal->tty != real_tty)
3293 return -ENOTTY;
ab521dc0 3294 if (!real_tty->session)
1da177e4 3295 return -ENOTTY;
b488893a 3296 return put_user(pid_vnr(real_tty->session), p);
1da177e4
LT		 3297}
3298
af9b897e
AC		 3299/**
3300 * tiocsetd - set line discipline
3301 * @tty: tty device
3302 * @p: pointer to user data
3303 *
3304 * Set the line discipline according to user request.
3305 *
3306 * Locking: see tty_set_ldisc, this function is just a helper
3307 */
3308
1da177e4
LT		 3309static int tiocsetd(struct tty_struct *tty, int __user *p)
3310{
3311 int ldisc;
04f378b1 3312 int ret;
1da177e4
LT		 3313
3314 if (get_user(ldisc, p))
3315 return -EFAULT;
04f378b1
AC		 3316
3317 lock_kernel();
3318 ret = tty_set_ldisc(tty, ldisc);
3319 unlock_kernel();
3320
3321 return ret;
1da177e4
LT		 3322}
3323
af9b897e
AC		 3324/**
3325 * send_break - performed time break
3326 * @tty: device to break on
3327 * @duration: timeout in mS
3328 *
3329 * Perform a timed break on hardware that lacks its own driver level
3330 * timed break functionality.
3331 *
3332 * Locking:
28298232 3333 * atomic_write_lock serializes
af9b897e 3334 *
af9b897e
AC		 3335 */
3336
b20f3ae5 3337static int send_break(struct tty_struct *tty, unsigned int duration)
1da177e4 3338{
04f378b1
AC		 3339 int retval = -EINTR;
3340
3341 lock_kernel();
9c1729db 3342 if (tty_write_lock(tty, 0) < 0)
04f378b1 3343 goto out;
1da177e4 3344 tty->driver->break_ctl(tty, -1);
9c1729db 3345 if (!signal_pending(current))
b20f3ae5 3346 msleep_interruptible(duration);
1da177e4 3347 tty->driver->break_ctl(tty, 0);
9c1729db 3348 tty_write_unlock(tty);
04f378b1
AC		 3349 if (!signal_pending(current))
3350 retval = 0;
3351out:
3352 unlock_kernel();
3353 return retval;
1da177e4
LT		 3354}
3355
af9b897e
AC		 3356/**
3357 * tiocmget - get modem status
3358 * @tty: tty device
3359 * @file: user file pointer
3360 * @p: pointer to result
3361 *
3362 * Obtain the modem status bits from the tty driver if the feature
3363 * is supported. Return -EINVAL if it is not available.
3364 *
3365 * Locking: none (up to the driver)
3366 */
3367
3368static int tty_tiocmget(struct tty_struct *tty, struct file *file, int __user *p)
1da177e4
LT		 3369{
3370 int retval = -EINVAL;
3371
3372 if (tty->driver->tiocmget) {
04f378b1 3373 lock_kernel();
1da177e4 3374 retval = tty->driver->tiocmget(tty, file);
04f378b1 3375 unlock_kernel();
1da177e4
LT		 3376
3377 if (retval >= 0)
3378 retval = put_user(retval, p);
3379 }
3380 return retval;
3381}
3382
af9b897e
AC		 3383/**
3384 * tiocmset - set modem status
3385 * @tty: tty device
3386 * @file: user file pointer
3387 * @cmd: command - clear bits, set bits or set all
3388 * @p: pointer to desired bits
3389 *
3390 * Set the modem status bits from the tty driver if the feature
3391 * is supported. Return -EINVAL if it is not available.
3392 *
3393 * Locking: none (up to the driver)
3394 */
3395
3396static int tty_tiocmset(struct tty_struct *tty, struct file *file, unsigned int cmd,
1da177e4
LT		 3397 unsigned __user *p)
3398{
3399 int retval = -EINVAL;
3400
3401 if (tty->driver->tiocmset) {
3402 unsigned int set, clear, val;
3403
3404 retval = get_user(val, p);
3405 if (retval)
3406 return retval;
3407
3408 set = clear = 0;
3409 switch (cmd) {
3410 case TIOCMBIS:
3411 set = val;
3412 break;
3413 case TIOCMBIC:
3414 clear = val;
3415 break;
3416 case TIOCMSET:
3417 set = val;
3418 clear = ~val;
3419 break;
3420 }
3421
3422 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
3423 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
3424
04f378b1 3425 lock_kernel();
1da177e4 3426 retval = tty->driver->tiocmset(tty, file, set, clear);
04f378b1 3427 unlock_kernel();
1da177e4
LT		 3428 }
3429 return retval;
3430}
3431
3432/*
3433 * Split this up, as gcc can choke on it otherwise..
3434 */
04f378b1 3435long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1da177e4
LT		 3436{
3437 struct tty_struct *tty, *real_tty;
3438 void __user *p = (void __user *)arg;
3439 int retval;
3440 struct tty_ldisc *ld;
04f378b1 3441 struct inode *inode = file->f_dentry->d_inode;
37bdfb07 3442
1da177e4
LT		 3443 tty = (struct tty_struct *)file->private_data;
3444 if (tty_paranoia_check(tty, inode, "tty_ioctl"))
3445 return -EINVAL;
3446
3447 real_tty = tty;
3448 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
3449 tty->driver->subtype == PTY_TYPE_MASTER)
3450 real_tty = tty->link;
3451
3452 /*
3453 * Break handling by driver
3454 */
04f378b1
AC		 3455
3456 retval = -EINVAL;
3457
1da177e4 3458 if (!tty->driver->break_ctl) {
37bdfb07 3459 switch (cmd) {
1da177e4
LT		 3460 case TIOCSBRK:
3461 case TIOCCBRK:
d17468c7 3462 if (tty->driver->ioctl)
04f378b1 3463 retval = tty->driver->ioctl(tty, file, cmd, arg);
04f378b1 3464 return retval;
37bdfb07 3465
1da177e4
LT		 3466 /* These two ioctl's always return success; even if */
3467 /* the driver doesn't support them. */
3468 case TCSBRK:
3469 case TCSBRKP:
3470 if (!tty->driver->ioctl)
3471 return 0;
04f378b1 3472 lock_kernel();
1da177e4 3473 retval = tty->driver->ioctl(tty, file, cmd, arg);
04f378b1 3474 unlock_kernel();
1da177e4
LT		 3475 if (retval == -ENOIOCTLCMD)
3476 retval = 0;
3477 return retval;
3478 }
3479 }
3480
3481 /*
3482 * Factor out some common prep work
3483 */
3484 switch (cmd) {
3485 case TIOCSETD:
3486 case TIOCSBRK:
3487 case TIOCCBRK:
3488 case TCSBRK:
37bdfb07 3489 case TCSBRKP:
1da177e4
LT		 3490 retval = tty_check_change(tty);
3491 if (retval)
3492 return retval;
3493 if (cmd != TIOCCBRK) {
04f378b1 3494 lock_kernel();
1da177e4 3495 tty_wait_until_sent(tty, 0);
04f378b1 3496 unlock_kernel();
1da177e4
LT		 3497 if (signal_pending(current))
3498 return -EINTR;
3499 }
3500 break;
3501 }
3502
3503 switch (cmd) {
37bdfb07
AC		 3504 case TIOCSTI:
3505 return tiocsti(tty, p);
3506 case TIOCGWINSZ:
3507 return tiocgwinsz(tty, p);
3508 case TIOCSWINSZ:
3509 return tiocswinsz(tty, real_tty, p);
3510 case TIOCCONS:
3511 return real_tty != tty ? -EINVAL : tioccons(file);
3512 case FIONBIO:
3513 return fionbio(file, p);
3514 case TIOCEXCL:
3515 set_bit(TTY_EXCLUSIVE, &tty->flags);
3516 return 0;
3517 case TIOCNXCL:
3518 clear_bit(TTY_EXCLUSIVE, &tty->flags);
3519 return 0;
3520 case TIOCNOTTY:
3521 if (current->signal->tty != tty)
3522 return -ENOTTY;
3523 no_tty();
3524 return 0;
3525 case TIOCSCTTY:
3526 return tiocsctty(tty, arg);
3527 case TIOCGPGRP:
3528 return tiocgpgrp(tty, real_tty, p);
3529 case TIOCSPGRP:
3530 return tiocspgrp(tty, real_tty, p);
3531 case TIOCGSID:
3532 return tiocgsid(tty, real_tty, p);
3533 case TIOCGETD:
3534 /* FIXME: check this is ok */
3535 return put_user(tty->ldisc.num, (int __user *)p);
3536 case TIOCSETD:
3537 return tiocsetd(tty, p);
1da177e4 3538#ifdef CONFIG_VT
37bdfb07
AC		 3539 case TIOCLINUX:
3540 return tioclinux(tty, arg);
1da177e4 3541#endif
37bdfb07
AC		 3542 /*
3543 * Break handling
3544 */
3545 case TIOCSBRK: /* Turn break on, unconditionally */
04f378b1 3546 lock_kernel();
37bdfb07 3547 tty->driver->break_ctl(tty, -1);
04f378b1 3548 unlock_kernel();
37bdfb07 3549 return 0;
1da177e4 3550
37bdfb07 3551 case TIOCCBRK: /* Turn break off, unconditionally */
04f378b1 3552 lock_kernel();
37bdfb07 3553 tty->driver->break_ctl(tty, 0);
04f378b1 3554 unlock_kernel();
37bdfb07
AC		 3555 return 0;
3556 case TCSBRK: /* SVID version: non-zero arg --> no break */
3557 /* non-zero arg means wait for all output data
3558 * to be sent (performed above) but don't send break.
3559 * This is used by the tcdrain() termios function.
3560 */
3561 if (!arg)
3562 return send_break(tty, 250);
3563 return 0;
3564 case TCSBRKP: /* support for POSIX tcsendbreak() */
3565 return send_break(tty, arg ? arg*100 : 250);
3566
3567 case TIOCMGET:
3568 return tty_tiocmget(tty, file, p);
3569 case TIOCMSET:
3570 case TIOCMBIC:
3571 case TIOCMBIS:
3572 return tty_tiocmset(tty, file, cmd, p);
3573 case TCFLSH:
3574 switch (arg) {
3575 case TCIFLUSH:
3576 case TCIOFLUSH:
3577 /* flush tty buffer and allow ldisc to process ioctl */
3578 tty_buffer_flush(tty);
c5c34d48 3579 break;
37bdfb07
AC		 3580 }
3581 break;
1da177e4
LT		 3582 }
3583 if (tty->driver->ioctl) {
3584 retval = (tty->driver->ioctl)(tty, file, cmd, arg);
3585 if (retval != -ENOIOCTLCMD)
3586 return retval;
3587 }
3588 ld = tty_ldisc_ref_wait(tty);
3589 retval = -EINVAL;
3590 if (ld->ioctl) {
3591 retval = ld->ioctl(tty, file, cmd, arg);
3592 if (retval == -ENOIOCTLCMD)
3593 retval = -EINVAL;
3594 }
3595 tty_ldisc_deref(ld);
3596 return retval;
3597}
3598
e10cc1df 3599#ifdef CONFIG_COMPAT
37bdfb07 3600static long tty_compat_ioctl(struct file *file, unsigned int cmd,
e10cc1df
PF		 3601 unsigned long arg)
3602{
3603 struct inode *inode = file->f_dentry->d_inode;
3604 struct tty_struct *tty = file->private_data;
3605 struct tty_ldisc *ld;
3606 int retval = -ENOIOCTLCMD;
3607
3608 if (tty_paranoia_check(tty, inode, "tty_ioctl"))
3609 return -EINVAL;
3610
3611 if (tty->driver->compat_ioctl) {
3612 retval = (tty->driver->compat_ioctl)(tty, file, cmd, arg);
3613 if (retval != -ENOIOCTLCMD)
3614 return retval;
3615 }
3616
3617 ld = tty_ldisc_ref_wait(tty);
3618 if (ld->compat_ioctl)
3619 retval = ld->compat_ioctl(tty, file, cmd, arg);
3620 tty_ldisc_deref(ld);
3621
3622 return retval;
3623}
3624#endif
1da177e4
LT		 3625
3626/*
3627 * This implements the "Secure Attention Key" --- the idea is to
3628 * prevent trojan horses by killing all processes associated with this
3629 * tty when the user hits the "Secure Attention Key". Required for
3630 * super-paranoid applications --- see the Orange Book for more details.
37bdfb07 3631 *
1da177e4
LT		 3632 * This code could be nicer; ideally it should send a HUP, wait a few
3633 * seconds, then send a INT, and then a KILL signal. But you then
3634 * have to coordinate with the init process, since all processes associated
3635 * with the current tty must be dead before the new getty is allowed
3636 * to spawn.
3637 *
3638 * Now, if it would be correct ;-/ The current code has a nasty hole -
3639 * it doesn't catch files in flight. We may send the descriptor to ourselves
3640 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
3641 *
3642 * Nasty bug: do_SAK is being called in interrupt context. This can
3643 * deadlock. We punt it up to process context. AKPM - 16Mar2001
3644 */
8b6312f4 3645void __do_SAK(struct tty_struct *tty)
1da177e4
LT		 3646{
3647#ifdef TTY_SOFT_SAK
3648 tty_hangup(tty);
3649#else
652486fb 3650 struct task_struct *g, *p;
ab521dc0 3651 struct pid *session;
1da177e4
LT		 3652 int i;
3653 struct file *filp;
badf1662 3654 struct fdtable *fdt;
37bdfb07 3655
1da177e4
LT		 3656 if (!tty)
3657 return;
24ec839c 3658 session = tty->session;
37bdfb07 3659
b3f13deb 3660 tty_ldisc_flush(tty);
1da177e4
LT		 3661
3662 if (tty->driver->flush_buffer)
3663 tty->driver->flush_buffer(tty);
37bdfb07 3664
1da177e4 3665 read_lock(&tasklist_lock);
652486fb 3666 /* Kill the entire session */
ab521dc0 3667 do_each_pid_task(session, PIDTYPE_SID, p) {
652486fb 3668 printk(KERN_NOTICE "SAK: killed process %d"
a47afb0f 3669 " (%s): task_session_nr(p)==tty->session\n",
ba25f9dc 3670 task_pid_nr(p), p->comm);
652486fb 3671 send_sig(SIGKILL, p, 1);
ab521dc0 3672 } while_each_pid_task(session, PIDTYPE_SID, p);
652486fb
EB		 3673 /* Now kill any processes that happen to have the
3674 * tty open.
3675 */
3676 do_each_thread(g, p) {
3677 if (p->signal->tty == tty) {
1da177e4 3678 printk(KERN_NOTICE "SAK: killed process %d"
a47afb0f 3679 " (%s): task_session_nr(p)==tty->session\n",
ba25f9dc 3680 task_pid_nr(p), p->comm);
1da177e4
LT		 3681 send_sig(SIGKILL, p, 1);
3682 continue;
3683 }
3684 task_lock(p);
3685 if (p->files) {
ca99c1da
DS		 3686 /*
3687 * We don't take a ref to the file, so we must
3688 * hold ->file_lock instead.
3689 */
3690 spin_lock(&p->files->file_lock);
badf1662 3691 fdt = files_fdtable(p->files);
37bdfb07 3692 for (i = 0; i < fdt->max_fds; i++) {
1da177e4
LT		 3693 filp = fcheck_files(p->files, i);
3694 if (!filp)
3695 continue;
3696 if (filp->f_op->read == tty_read &&
3697 filp->private_data == tty) {
3698 printk(KERN_NOTICE "SAK: killed process %d"
3699 " (%s): fd#%d opened to the tty\n",
ba25f9dc 3700 task_pid_nr(p), p->comm, i);
20ac9437 3701 force_sig(SIGKILL, p);
1da177e4
LT		 3702 break;
3703 }
3704 }
ca99c1da 3705 spin_unlock(&p->files->file_lock);
1da177e4
LT		 3706 }
3707 task_unlock(p);
652486fb 3708 } while_each_thread(g, p);
1da177e4
LT		 3709 read_unlock(&tasklist_lock);
3710#endif
3711}
3712
8b6312f4
EB		 3713static void do_SAK_work(struct work_struct *work)
3714{
3715 struct tty_struct *tty =
3716 container_of(work, struct tty_struct, SAK_work);
3717 __do_SAK(tty);
3718}
3719
1da177e4
LT		 3720/*
3721 * The tq handling here is a little racy - tty->SAK_work may already be queued.
3722 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3723 * the values which we write to it will be identical to the values which it
3724 * already has. --akpm
3725 */
3726void do_SAK(struct tty_struct *tty)
3727{
3728 if (!tty)
3729 return;
1da177e4
LT		 3730 schedule_work(&tty->SAK_work);
3731}
3732
3733EXPORT_SYMBOL(do_SAK);
3734
af9b897e
AC		 3735/**
3736 * flush_to_ldisc
65f27f38 3737 * @work: tty structure passed from work queue.
af9b897e
AC		 3738 *
3739 * This routine is called out of the software interrupt to flush data
3740 * from the buffer chain to the line discipline.
3741 *
3742 * Locking: holds tty->buf.lock to guard buffer list. Drops the lock
3743 * while invoking the line discipline receive_buf method. The
3744 * receive_buf method is single threaded for each tty instance.
1da177e4 3745 */
37bdfb07 3746
65f27f38 3747static void flush_to_ldisc(struct work_struct *work)
1da177e4 3748{
65f27f38
DH		 3749 struct tty_struct *tty =
3750 container_of(work, struct tty_struct, buf.work.work);
1da177e4
LT		 3751 unsigned long flags;
3752 struct tty_ldisc *disc;
2c3bb20f 3753 struct tty_buffer *tbuf, *head;
8977d929
PF		 3754 char *char_buf;
3755 unsigned char *flag_buf;
1da177e4
LT		 3756
3757 disc = tty_ldisc_ref(tty);
3758 if (disc == NULL) /* !TTY_LDISC */
3759 return;
3760
808249ce 3761 spin_lock_irqsave(&tty->buf.lock, flags);
37bdfb07
AC		 3762 /* So we know a flush is running */
3763 set_bit(TTY_FLUSHING, &tty->flags);
2c3bb20f
PF		 3764 head = tty->buf.head;
3765 if (head != NULL) {
3766 tty->buf.head = NULL;
3767 for (;;) {
3768 int count = head->commit - head->read;
3769 if (!count) {
3770 if (head->next == NULL)
3771 break;
3772 tbuf = head;
3773 head = head->next;
3774 tty_buffer_free(tty, tbuf);
3775 continue;
3776 }
42fd552e
AC		 3777 /* Ldisc or user is trying to flush the buffers
3778 we are feeding to the ldisc, stop feeding the
3779 line discipline as we want to empty the queue */
3780 if (test_bit(TTY_FLUSHPENDING, &tty->flags))
3781 break;
2c3bb20f
PF		 3782 if (!tty->receive_room) {
3783 schedule_delayed_work(&tty->buf.work, 1);
3784 break;
3785 }
3786 if (count > tty->receive_room)
3787 count = tty->receive_room;
3788 char_buf = head->char_buf_ptr + head->read;
3789 flag_buf = head->flag_buf_ptr + head->read;
3790 head->read += count;
8977d929
PF		 3791 spin_unlock_irqrestore(&tty->buf.lock, flags);
3792 disc->receive_buf(tty, char_buf, flag_buf, count);
3793 spin_lock_irqsave(&tty->buf.lock, flags);
3794 }
42fd552e 3795 /* Restore the queue head */
2c3bb20f 3796 tty->buf.head = head;
33f0f88f 3797 }
42fd552e
AC		 3798 /* We may have a deferred request to flush the input buffer,
3799 if so pull the chain under the lock and empty the queue */
3800 if (test_bit(TTY_FLUSHPENDING, &tty->flags)) {
3801 __tty_buffer_flush(tty);
3802 clear_bit(TTY_FLUSHPENDING, &tty->flags);
3803 wake_up(&tty->read_wait);
3804 }
3805 clear_bit(TTY_FLUSHING, &tty->flags);
808249ce 3806 spin_unlock_irqrestore(&tty->buf.lock, flags);
817d6d3b 3807
1da177e4
LT		 3808 tty_ldisc_deref(disc);
3809}
3810
1da177e4
LT		 3811/**
3812 * tty_flip_buffer_push - terminal
3813 * @tty: tty to push
3814 *
3815 * Queue a push of the terminal flip buffers to the line discipline. This
3816 * function must not be called from IRQ context if tty->low_latency is set.
3817 *
3818 * In the event of the queue being busy for flipping the work will be
3819 * held off and retried later.
af9b897e
AC		 3820 *
3821 * Locking: tty buffer lock. Driver locks in low latency mode.
1da177e4
LT		 3822 */
3823
3824void tty_flip_buffer_push(struct tty_struct *tty)
3825{
808249ce
PF		 3826 unsigned long flags;
3827 spin_lock_irqsave(&tty->buf.lock, flags);
33b37a33 3828 if (tty->buf.tail != NULL)
8977d929 3829 tty->buf.tail->commit = tty->buf.tail->used;
808249ce
PF		 3830 spin_unlock_irqrestore(&tty->buf.lock, flags);
3831
1da177e4 3832 if (tty->low_latency)
65f27f38 3833 flush_to_ldisc(&tty->buf.work.work);
1da177e4 3834 else
33f0f88f 3835 schedule_delayed_work(&tty->buf.work, 1);
1da177e4
LT		 3836}
3837
3838EXPORT_SYMBOL(tty_flip_buffer_push);
3839
33f0f88f 3840
af9b897e
AC		 3841/**
3842 * initialize_tty_struct
3843 * @tty: tty to initialize
3844 *
3845 * This subroutine initializes a tty structure that has been newly
3846 * allocated.
3847 *
3848 * Locking: none - tty in question must not be exposed at this point
1da177e4 3849 */
af9b897e 3850
1da177e4
LT		 3851static void initialize_tty_struct(struct tty_struct *tty)
3852{
3853 memset(tty, 0, sizeof(struct tty_struct));
3854 tty->magic = TTY_MAGIC;
3855 tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
ab521dc0
EB		 3856 tty->session = NULL;
3857 tty->pgrp = NULL;
1da177e4 3858 tty->overrun_time = jiffies;
33f0f88f
AC		 3859 tty->buf.head = tty->buf.tail = NULL;
3860 tty_buffer_init(tty);
65f27f38 3861 INIT_DELAYED_WORK(&tty->buf.work, flush_to_ldisc);
5785c95b 3862 mutex_init(&tty->termios_mutex);
1da177e4
LT		 3863 init_waitqueue_head(&tty->write_wait);
3864 init_waitqueue_head(&tty->read_wait);
65f27f38 3865 INIT_WORK(&tty->hangup_work, do_tty_hangup);
70522e12
IM		 3866 mutex_init(&tty->atomic_read_lock);
3867 mutex_init(&tty->atomic_write_lock);
1da177e4 3868 spin_lock_init(&tty->read_lock);
04f378b1 3869 spin_lock_init(&tty->ctrl_lock);
1da177e4 3870 INIT_LIST_HEAD(&tty->tty_files);
7f1f86a0 3871 INIT_WORK(&tty->SAK_work, do_SAK_work);
1da177e4
LT		 3872}
3873
3874/*
3875 * The default put_char routine if the driver did not define one.
3876 */
af9b897e 3877
1da177e4
LT		 3878static void tty_default_put_char(struct tty_struct *tty, unsigned char ch)
3879{
3880 tty->driver->write(tty, &ch, 1);
3881}
3882
7fe845d1 3883static struct class *tty_class;
1da177e4
LT		 3884
3885/**
af9b897e
AC		 3886 * tty_register_device - register a tty device
3887 * @driver: the tty driver that describes the tty device
3888 * @index: the index in the tty driver for this tty device
3889 * @device: a struct device that is associated with this tty device.
3890 * This field is optional, if there is no known struct device
3891 * for this tty device it can be set to NULL safely.
1da177e4 3892 *
01107d34
GKH		 3893 * Returns a pointer to the struct device for this tty device
3894 * (or ERR_PTR(-EFOO) on error).
1cdcb6b4 3895 *
af9b897e
AC		 3896 * This call is required to be made to register an individual tty device
3897 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3898 * that bit is not set, this function should not be called by a tty
3899 * driver.
3900 *
3901 * Locking: ??
1da177e4 3902 */
af9b897e 3903
01107d34
GKH		 3904struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3905 struct device *device)
1da177e4
LT		 3906{
3907 char name[64];
3908 dev_t dev = MKDEV(driver->major, driver->minor_start) + index;
3909
3910 if (index >= driver->num) {
3911 printk(KERN_ERR "Attempt to register invalid tty line number "
3912 " (%d).\n", index);
1cdcb6b4 3913 return ERR_PTR(-EINVAL);
1da177e4
LT		 3914 }
3915
1da177e4
LT		 3916 if (driver->type == TTY_DRIVER_TYPE_PTY)
3917 pty_line_name(driver, index, name);
3918 else
3919 tty_line_name(driver, index, name);
1cdcb6b4 3920
01107d34 3921 return device_create(tty_class, device, dev, name);
1da177e4
LT		 3922}
3923
3924/**
af9b897e
AC		 3925 * tty_unregister_device - unregister a tty device
3926 * @driver: the tty driver that describes the tty device
3927 * @index: the index in the tty driver for this tty device
1da177e4 3928 *
af9b897e
AC		 3929 * If a tty device is registered with a call to tty_register_device() then
3930 * this function must be called when the tty device is gone.
3931 *
3932 * Locking: ??
1da177e4 3933 */
af9b897e 3934
1da177e4
LT		 3935void tty_unregister_device(struct tty_driver *driver, unsigned index)
3936{
37bdfb07
AC		 3937 device_destroy(tty_class,
3938 MKDEV(driver->major, driver->minor_start) + index);
1da177e4
LT		 3939}
3940
3941EXPORT_SYMBOL(tty_register_device);
3942EXPORT_SYMBOL(tty_unregister_device);
3943
3944struct tty_driver *alloc_tty_driver(int lines)
3945{
3946 struct tty_driver *driver;
3947
506eb99a 3948 driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL);
1da177e4 3949 if (driver) {
1da177e4
LT		 3950 driver->magic = TTY_DRIVER_MAGIC;
3951 driver->num = lines;
3952 /* later we'll move allocation of tables here */
3953 }
3954 return driver;
3955}
3956
3957void put_tty_driver(struct tty_driver *driver)
3958{
3959 kfree(driver);
3960}
3961
b68e31d0
JD		 3962void tty_set_operations(struct tty_driver *driver,
3963 const struct tty_operations *op)
1da177e4
LT		 3964{
3965 driver->open = op->open;
3966 driver->close = op->close;
3967 driver->write = op->write;
3968 driver->put_char = op->put_char;
3969 driver->flush_chars = op->flush_chars;
3970 driver->write_room = op->write_room;
3971 driver->chars_in_buffer = op->chars_in_buffer;
3972 driver->ioctl = op->ioctl;
e10cc1df 3973 driver->compat_ioctl = op->compat_ioctl;
1da177e4
LT		 3974 driver->set_termios = op->set_termios;
3975 driver->throttle = op->throttle;
3976 driver->unthrottle = op->unthrottle;
3977 driver->stop = op->stop;
3978 driver->start = op->start;
3979 driver->hangup = op->hangup;
3980 driver->break_ctl = op->break_ctl;
3981 driver->flush_buffer = op->flush_buffer;
3982 driver->set_ldisc = op->set_ldisc;
3983 driver->wait_until_sent = op->wait_until_sent;
3984 driver->send_xchar = op->send_xchar;
3985 driver->read_proc = op->read_proc;
3986 driver->write_proc = op->write_proc;
3987 driver->tiocmget = op->tiocmget;
3988 driver->tiocmset = op->tiocmset;
f2d937f3
JW		 3989#ifdef CONFIG_CONSOLE_POLL
3990 driver->poll_init = op->poll_init;
3991 driver->poll_get_char = op->poll_get_char;
3992 driver->poll_put_char = op->poll_put_char;
3993#endif
1da177e4
LT		 3994}
3995
3996
3997EXPORT_SYMBOL(alloc_tty_driver);
3998EXPORT_SYMBOL(put_tty_driver);
3999EXPORT_SYMBOL(tty_set_operations);
4000
4001/*
4002 * Called by a tty driver to register itself.
4003 */
4004int tty_register_driver(struct tty_driver *driver)
4005{
4006 int error;
37bdfb07 4007 int i;
1da177e4
LT		 4008 dev_t dev;
4009 void **p = NULL;
4010
4011 if (driver->flags & TTY_DRIVER_INSTALLED)
4012 return 0;
4013
543691a6
AW		 4014 if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM) && driver->num) {
4015 p = kzalloc(driver->num * 3 * sizeof(void *), GFP_KERNEL);
1da177e4
LT		 4016 if (!p)
4017 return -ENOMEM;
1da177e4
LT		 4018 }
4019
4020 if (!driver->major) {
37bdfb07
AC		 4021 error = alloc_chrdev_region(&dev, driver->minor_start,
4022 driver->num, driver->name);
1da177e4
LT		 4023 if (!error) {
4024 driver->major = MAJOR(dev);
4025 driver->minor_start = MINOR(dev);
4026 }
4027 } else {
4028 dev = MKDEV(driver->major, driver->minor_start);
e5717c48 4029 error = register_chrdev_region(dev, driver->num, driver->name);
1da177e4
LT		 4030 }
4031 if (error < 0) {
4032 kfree(p);
4033 return error;
4034 }
4035
4036 if (p) {
4037 driver->ttys = (struct tty_struct **)p;
edc6afc5 4038 driver->termios = (struct ktermios **)(p + driver->num);
37bdfb07
AC		 4039 driver->termios_locked = (struct ktermios **)
4040 (p + driver->num * 2);
1da177e4
LT		 4041 } else {
4042 driver->ttys = NULL;
4043 driver->termios = NULL;
4044 driver->termios_locked = NULL;
4045 }
4046
4047 cdev_init(&driver->cdev, &tty_fops);
4048 driver->cdev.owner = driver->owner;
4049 error = cdev_add(&driver->cdev, dev, driver->num);
4050 if (error) {
1da177e4
LT		 4051 unregister_chrdev_region(dev, driver->num);
4052 driver->ttys = NULL;
4053 driver->termios = driver->termios_locked = NULL;
4054 kfree(p);
4055 return error;
4056 }
4057
4058 if (!driver->put_char)
4059 driver->put_char = tty_default_put_char;
37bdfb07 4060
ca509f69 4061 mutex_lock(&tty_mutex);
1da177e4 4062 list_add(&driver->tty_drivers, &tty_drivers);
ca509f69 4063 mutex_unlock(&tty_mutex);
37bdfb07
AC		 4064
4065 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
4066 for (i = 0; i < driver->num; i++)
1da177e4
LT		 4067 tty_register_device(driver, i, NULL);
4068 }
4069 proc_tty_register_driver(driver);
4070 return 0;
4071}
4072
4073EXPORT_SYMBOL(tty_register_driver);
4074
4075/*
4076 * Called by a tty driver to unregister itself.
4077 */
4078int tty_unregister_driver(struct tty_driver *driver)
4079{
4080 int i;
edc6afc5 4081 struct ktermios *tp;
1da177e4
LT		 4082 void *p;
4083
4084 if (driver->refcount)
4085 return -EBUSY;
4086
4087 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
4088 driver->num);
ca509f69 4089 mutex_lock(&tty_mutex);
1da177e4 4090 list_del(&driver->tty_drivers);
ca509f69 4091 mutex_unlock(&tty_mutex);
1da177e4
LT		 4092
4093 /*
4094 * Free the termios and termios_locked structures because
4095 * we don't want to get memory leaks when modular tty
4096 * drivers are removed from the kernel.
4097 */
4098 for (i = 0; i < driver->num; i++) {
4099 tp = driver->termios[i];
4100 if (tp) {
4101 driver->termios[i] = NULL;
4102 kfree(tp);
4103 }
4104 tp = driver->termios_locked[i];
4105 if (tp) {
4106 driver->termios_locked[i] = NULL;
4107 kfree(tp);
4108 }
331b8319 4109 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
1da177e4
LT		 4110 tty_unregister_device(driver, i);
4111 }
4112 p = driver->ttys;
4113 proc_tty_unregister_driver(driver);
4114 driver->ttys = NULL;
4115 driver->termios = driver->termios_locked = NULL;
4116 kfree(p);
4117 cdev_del(&driver->cdev);
4118 return 0;
4119}
1da177e4
LT		 4120EXPORT_SYMBOL(tty_unregister_driver);
4121
24ec839c
PZ		 4122dev_t tty_devnum(struct tty_struct *tty)
4123{
4124 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
4125}
4126EXPORT_SYMBOL(tty_devnum);
4127
4128void proc_clear_tty(struct task_struct *p)
4129{
4130 spin_lock_irq(&p->sighand->siglock);
4131 p->signal->tty = NULL;
4132 spin_unlock_irq(&p->sighand->siglock);
4133}
7cac4ce5 4134EXPORT_SYMBOL(proc_clear_tty);
24ec839c 4135
47f86834
AC		 4136/* Called under the sighand lock */
4137
2a65f1d9 4138static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
24ec839c
PZ		 4139{
4140 if (tty) {
47f86834
AC		 4141 unsigned long flags;
4142 /* We should not have a session or pgrp to put here but.... */
4143 spin_lock_irqsave(&tty->ctrl_lock, flags);
d9c1e9a8
EB		 4144 put_pid(tty->session);
4145 put_pid(tty->pgrp);
ab521dc0 4146 tty->pgrp = get_pid(task_pgrp(tsk));
47f86834
AC		 4147 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
4148 tty->session = get_pid(task_session(tsk));
24ec839c 4149 }
2a65f1d9 4150 put_pid(tsk->signal->tty_old_pgrp);
24ec839c 4151 tsk->signal->tty = tty;
ab521dc0 4152 tsk->signal->tty_old_pgrp = NULL;
24ec839c
PZ		 4153}
4154
98a27ba4 4155static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
24ec839c
PZ		 4156{
4157 spin_lock_irq(&tsk->sighand->siglock);
2a65f1d9 4158 __proc_set_tty(tsk, tty);
24ec839c
PZ		 4159 spin_unlock_irq(&tsk->sighand->siglock);
4160}
4161
4162struct tty_struct *get_current_tty(void)
4163{
4164 struct tty_struct *tty;
4165 WARN_ON_ONCE(!mutex_is_locked(&tty_mutex));
4166 tty = current->signal->tty;
4167 /*
4168 * session->tty can be changed/cleared from under us, make sure we
4169 * issue the load. The obtained pointer, when not NULL, is valid as
4170 * long as we hold tty_mutex.
4171 */
4172 barrier();
4173 return tty;
4174}
a311f743 4175EXPORT_SYMBOL_GPL(get_current_tty);
1da177e4
LT		 4176
4177/*
4178 * Initialize the console device. This is called *early*, so
4179 * we can't necessarily depend on lots of kernel help here.
4180 * Just do some early initializations, and do the complex setup
4181 * later.
4182 */
4183void __init console_init(void)
4184{
4185 initcall_t *call;
4186
4187 /* Setup the default TTY line discipline. */
4188 (void) tty_register_ldisc(N_TTY, &tty_ldisc_N_TTY);
4189
4190 /*
37bdfb07 4191 * set up the console device so that later boot sequences can
1da177e4
LT		 4192 * inform about problems etc..
4193 */
1da177e4
LT		 4194 call = __con_initcall_start;
4195 while (call < __con_initcall_end) {
4196 (*call)();
4197 call++;
4198 }
4199}
4200
1da177e4
LT		 4201static int __init tty_class_init(void)
4202{
7fe845d1 4203 tty_class = class_create(THIS_MODULE, "tty");
1da177e4
LT		 4204 if (IS_ERR(tty_class))
4205 return PTR_ERR(tty_class);
4206 return 0;
4207}
4208
4209postcore_initcall(tty_class_init);
4210
4211/* 3/2004 jmc: why do these devices exist? */
4212
4213static struct cdev tty_cdev, console_cdev;
4214#ifdef CONFIG_UNIX98_PTYS
4215static struct cdev ptmx_cdev;
4216#endif
4217#ifdef CONFIG_VT
4218static struct cdev vc0_cdev;
4219#endif
4220
4221/*
4222 * Ok, now we can initialize the rest of the tty devices and can count
4223 * on memory allocations, interrupts etc..
4224 */
4225static int __init tty_init(void)
4226{
4227 cdev_init(&tty_cdev, &tty_fops);
4228 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
4229 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
4230 panic("Couldn't register /dev/tty driver\n");
01107d34 4231 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), "tty");
1da177e4
LT		 4232
4233 cdev_init(&console_cdev, &console_fops);
4234 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
4235 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
4236 panic("Couldn't register /dev/console driver\n");
01107d34 4237 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), "console");
1da177e4
LT		 4238
4239#ifdef CONFIG_UNIX98_PTYS
4240 cdev_init(&ptmx_cdev, &ptmx_fops);
4241 if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) ||
4242 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 2), 1, "/dev/ptmx") < 0)
4243 panic("Couldn't register /dev/ptmx driver\n");
01107d34 4244 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 2), "ptmx");
1da177e4
LT		 4245#endif
4246
4247#ifdef CONFIG_VT
4248 cdev_init(&vc0_cdev, &console_fops);
4249 if (cdev_add(&vc0_cdev, MKDEV(TTY_MAJOR, 0), 1) ||
4250 register_chrdev_region(MKDEV(TTY_MAJOR, 0), 1, "/dev/vc/0") < 0)
4251 panic("Couldn't register /dev/tty0 driver\n");
01107d34 4252 device_create(tty_class, NULL, MKDEV(TTY_MAJOR, 0), "tty0");
1da177e4
LT		 4253
4254 vty_init();
4255#endif
4256 return 0;
4257}
4258module_init(tty_init);
Linux 6.x block layer and io_uring tree(s)