projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
tty: the vhangup syscall is racy
[linux-2.6-block.git] / drivers / char / tty_io.c
CommitLineData
1da177e4
LT		 1/*
2 * linux/drivers/char/tty_io.c
3 *
4 * Copyright (C) 1991, 1992 Linus Torvalds
5 */
6
7/*
8 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
9 * or rs-channels. It also implements echoing, cooked mode etc.
10 *
11 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
12 *
13 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
14 * tty_struct and tty_queue structures. Previously there was an array
15 * of 256 tty_struct's which was statically allocated, and the
16 * tty_queue structures were allocated at boot time. Both are now
17 * dynamically allocated only when the tty is open.
18 *
19 * Also restructured routines so that there is more of a separation
20 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
21 * the low-level tty routines (serial.c, pty.c, console.c). This
37bdfb07 22 * makes for cleaner and more compact code. -TYT, 9/17/92
1da177e4
LT		 23 *
24 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
25 * which can be dynamically activated and de-activated by the line
26 * discipline handling modules (like SLIP).
27 *
28 * NOTE: pay no attention to the line discipline code (yet); its
29 * interface is still subject to change in this version...
30 * -- TYT, 1/31/92
31 *
32 * Added functionality to the OPOST tty handling. No delays, but all
33 * other bits should be there.
34 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
35 *
36 * Rewrote canonical mode and added more termios flags.
37 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
38 *
39 * Reorganized FASYNC support so mouse code can share it.
40 * -- ctm@ardi.com, 9Sep95
41 *
42 * New TIOCLINUX variants added.
43 * -- mj@k332.feld.cvut.cz, 19-Nov-95
37bdfb07 44 *
1da177e4
LT		 45 * Restrict vt switching via ioctl()
46 * -- grif@cs.ucr.edu, 5-Dec-95
47 *
48 * Move console and virtual terminal code to more appropriate files,
49 * implement CONFIG_VT and generalize console device interface.
50 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
51 *
52 * Rewrote init_dev and release_dev to eliminate races.
53 * -- Bill Hawes <whawes@star.net>, June 97
54 *
55 * Added devfs support.
56 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
57 *
58 * Added support for a Unix98-style ptmx device.
59 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
60 *
61 * Reduced memory usage for older ARM systems
62 * -- Russell King <rmk@arm.linux.org.uk>
63 *
64 * Move do_SAK() into process context. Less stack use in devfs functions.
37bdfb07
AC		 65 * alloc_tty_struct() always uses kmalloc()
66 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
1da177e4
LT		 67 */
68
1da177e4
LT		 69#include <linux/types.h>
70#include <linux/major.h>
71#include <linux/errno.h>
72#include <linux/signal.h>
73#include <linux/fcntl.h>
74#include <linux/sched.h>
75#include <linux/interrupt.h>
76#include <linux/tty.h>
77#include <linux/tty_driver.h>
78#include <linux/tty_flip.h>
79#include <linux/devpts_fs.h>
80#include <linux/file.h>
9f3acc31 81#include <linux/fdtable.h>
1da177e4
LT		 82#include <linux/console.h>
83#include <linux/timer.h>
84#include <linux/ctype.h>
85#include <linux/kd.h>
86#include <linux/mm.h>
87#include <linux/string.h>
88#include <linux/slab.h>
89#include <linux/poll.h>
90#include <linux/proc_fs.h>
91#include <linux/init.h>
92#include <linux/module.h>
93#include <linux/smp_lock.h>
94#include <linux/device.h>
1da177e4
LT		 95#include <linux/wait.h>
96#include <linux/bitops.h>
b20f3ae5 97#include <linux/delay.h>
a352def2 98#include <linux/seq_file.h>
1da177e4 99
a352def2 100#include <linux/uaccess.h>
1da177e4
LT		 101#include <asm/system.h>
102
103#include <linux/kbd_kern.h>
104#include <linux/vt_kern.h>
105#include <linux/selection.h>
1da177e4
LT		 106
107#include <linux/kmod.h>
b488893a 108#include <linux/nsproxy.h>
1da177e4
LT		 109
110#undef TTY_DEBUG_HANGUP
111
112#define TTY_PARANOIA_CHECK 1
113#define CHECK_TTY_COUNT 1
114
edc6afc5 115struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
1da177e4
LT		 116 .c_iflag = ICRNL | IXON,
117 .c_oflag = OPOST | ONLCR,
118 .c_cflag = B38400 | CS8 | CREAD | HUPCL,
119 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
120 ECHOCTL | ECHOKE | IEXTEN,
edc6afc5
AC		 121 .c_cc = INIT_C_CC,
122 .c_ispeed = 38400,
123 .c_ospeed = 38400
1da177e4
LT		 124};
125
126EXPORT_SYMBOL(tty_std_termios);
127
128/* This list gets poked at by procfs and various bits of boot up code. This
129 could do with some rationalisation such as pulling the tty proc function
130 into this file */
37bdfb07 131
1da177e4
LT		 132LIST_HEAD(tty_drivers); /* linked list of tty drivers */
133
24ec839c 134/* Mutex to protect creating and releasing a tty. This is shared with
1da177e4 135 vt.c for deeply disgusting hack reasons */
70522e12 136DEFINE_MUTEX(tty_mutex);
de2a84f2 137EXPORT_SYMBOL(tty_mutex);
1da177e4
LT		 138
139#ifdef CONFIG_UNIX98_PTYS
140extern struct tty_driver *ptm_driver; /* Unix98 pty masters; for /dev/ptmx */
1da177e4
LT		 141static int ptmx_open(struct inode *, struct file *);
142#endif
143
1da177e4
LT		 144static void initialize_tty_struct(struct tty_struct *tty);
145
146static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
147static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
37bdfb07
AC		 148ssize_t redirected_tty_write(struct file *, const char __user *,
149 size_t, loff_t *);
1da177e4
LT		 150static unsigned int tty_poll(struct file *, poll_table *);
151static int tty_open(struct inode *, struct file *);
152static int tty_release(struct inode *, struct file *);
04f378b1 153long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
e10cc1df 154#ifdef CONFIG_COMPAT
37bdfb07 155static long tty_compat_ioctl(struct file *file, unsigned int cmd,
e10cc1df
PF		 156 unsigned long arg);
157#else
158#define tty_compat_ioctl NULL
159#endif
37bdfb07 160static int tty_fasync(int fd, struct file *filp, int on);
d5698c28 161static void release_tty(struct tty_struct *tty, int idx);
2a65f1d9 162static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
98a27ba4 163static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
1da177e4 164
af9b897e
AC		 165/**
166 * alloc_tty_struct - allocate a tty object
167 *
168 * Return a new empty tty structure. The data fields have not
169 * been initialized in any way but has been zeroed
170 *
171 * Locking: none
af9b897e 172 */
1da177e4
LT		 173
174static struct tty_struct *alloc_tty_struct(void)
175{
1266b1e1 176 return kzalloc(sizeof(struct tty_struct), GFP_KERNEL);
1da177e4
LT		 177}
178
af9b897e
AC		 179/**
180 * free_tty_struct - free a disused tty
181 * @tty: tty struct to free
182 *
183 * Free the write buffers, tty queue and tty memory itself.
184 *
185 * Locking: none. Must be called after tty is definitely unused
186 */
187
1da177e4
LT		 188static inline void free_tty_struct(struct tty_struct *tty)
189{
190 kfree(tty->write_buf);
33f0f88f 191 tty_buffer_free_all(tty);
1da177e4
LT		 192 kfree(tty);
193}
194
195#define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
196
af9b897e
AC		 197/**
198 * tty_name - return tty naming
199 * @tty: tty structure
200 * @buf: buffer for output
201 *
202 * Convert a tty structure into a name. The name reflects the kernel
203 * naming policy and if udev is in use may not reflect user space
204 *
205 * Locking: none
206 */
207
1da177e4
LT		 208char *tty_name(struct tty_struct *tty, char *buf)
209{
210 if (!tty) /* Hmm. NULL pointer. That's fun. */
211 strcpy(buf, "NULL tty");
212 else
213 strcpy(buf, tty->name);
214 return buf;
215}
216
217EXPORT_SYMBOL(tty_name);
218
d769a669 219int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
1da177e4
LT		 220 const char *routine)
221{
222#ifdef TTY_PARANOIA_CHECK
223 if (!tty) {
224 printk(KERN_WARNING
225 "null TTY for (%d:%d) in %s\n",
226 imajor(inode), iminor(inode), routine);
227 return 1;
228 }
229 if (tty->magic != TTY_MAGIC) {
230 printk(KERN_WARNING
231 "bad magic number for tty struct (%d:%d) in %s\n",
232 imajor(inode), iminor(inode), routine);
233 return 1;
234 }
235#endif
236 return 0;
237}
238
239static int check_tty_count(struct tty_struct *tty, const char *routine)
240{
241#ifdef CHECK_TTY_COUNT
242 struct list_head *p;
243 int count = 0;
37bdfb07 244
1da177e4
LT		 245 file_list_lock();
246 list_for_each(p, &tty->tty_files) {
247 count++;
248 }
249 file_list_unlock();
250 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
251 tty->driver->subtype == PTY_TYPE_SLAVE &&
252 tty->link && tty->link->count)
253 count++;
254 if (tty->count != count) {
255 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
256 "!= #fd's(%d) in %s\n",
257 tty->name, tty->count, count, routine);
258 return count;
24ec839c 259 }
1da177e4
LT		 260#endif
261 return 0;
262}
263
af9b897e
AC		 264/**
265 * get_tty_driver - find device of a tty
266 * @dev_t: device identifier
267 * @index: returns the index of the tty
268 *
269 * This routine returns a tty driver structure, given a device number
270 * and also passes back the index number.
271 *
272 * Locking: caller must hold tty_mutex
1da177e4 273 */
af9b897e 274
1da177e4
LT		 275static struct tty_driver *get_tty_driver(dev_t device, int *index)
276{
277 struct tty_driver *p;
278
279 list_for_each_entry(p, &tty_drivers, tty_drivers) {
280 dev_t base = MKDEV(p->major, p->minor_start);
281 if (device < base || device >= base + p->num)
282 continue;
283 *index = device - base;
284 return p;
285 }
286 return NULL;
287}
288
f2d937f3
JW		 289#ifdef CONFIG_CONSOLE_POLL
290
291/**
292 * tty_find_polling_driver - find device of a polled tty
293 * @name: name string to match
294 * @line: pointer to resulting tty line nr
295 *
296 * This routine returns a tty driver structure, given a name
297 * and the condition that the tty driver is capable of polled
298 * operation.
299 */
300struct tty_driver *tty_find_polling_driver(char *name, int *line)
301{
302 struct tty_driver *p, *res = NULL;
303 int tty_line = 0;
0dca0fd2 304 int len;
f2d937f3
JW		 305 char *str;
306
0dca0fd2
JW		 307 for (str = name; *str; str++)
308 if ((*str >= '0' && *str <= '9') || *str == ',')
309 break;
310 if (!*str)
311 return NULL;
312
313 len = str - name;
314 tty_line = simple_strtoul(str, &str, 10);
315
f2d937f3
JW		 316 mutex_lock(&tty_mutex);
317 /* Search through the tty devices to look for a match */
318 list_for_each_entry(p, &tty_drivers, tty_drivers) {
0dca0fd2
JW		 319 if (strncmp(name, p->name, len) != 0)
320 continue;
f2d937f3
JW		 321 if (*str == ',')
322 str++;
323 if (*str == '\0')
8da56309 324 str = NULL;
f2d937f3 325
f34d7a5b
AC		 326 if (tty_line >= 0 && tty_line <= p->num && p->ops &&
327 p->ops->poll_init && !p->ops->poll_init(p, tty_line, str)) {
f2d937f3
JW		 328 res = p;
329 *line = tty_line;
330 break;
331 }
332 }
333 mutex_unlock(&tty_mutex);
334
335 return res;
336}
337EXPORT_SYMBOL_GPL(tty_find_polling_driver);
338#endif
339
af9b897e
AC		 340/**
341 * tty_check_change - check for POSIX terminal changes
342 * @tty: tty to check
343 *
344 * If we try to write to, or set the state of, a terminal and we're
345 * not in the foreground, send a SIGTTOU. If the signal is blocked or
346 * ignored, go ahead and perform the operation. (POSIX 7.2)
347 *
978e595f 348 * Locking: ctrl_lock
1da177e4 349 */
af9b897e 350
37bdfb07 351int tty_check_change(struct tty_struct *tty)
1da177e4 352{
47f86834
AC		 353 unsigned long flags;
354 int ret = 0;
355
1da177e4
LT		 356 if (current->signal->tty != tty)
357 return 0;
47f86834
AC		 358
359 spin_lock_irqsave(&tty->ctrl_lock, flags);
360
ab521dc0
EB		 361 if (!tty->pgrp) {
362 printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n");
9ffee4cb 363 goto out_unlock;
1da177e4 364 }
ab521dc0 365 if (task_pgrp(current) == tty->pgrp)
9ffee4cb
AM		 366 goto out_unlock;
367 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1da177e4 368 if (is_ignored(SIGTTOU))
47f86834
AC		 369 goto out;
370 if (is_current_pgrp_orphaned()) {
371 ret = -EIO;
372 goto out;
373 }
040b6362
ON		 374 kill_pgrp(task_pgrp(current), SIGTTOU, 1);
375 set_thread_flag(TIF_SIGPENDING);
47f86834
AC		 376 ret = -ERESTARTSYS;
377out:
9ffee4cb
AM		 378 return ret;
379out_unlock:
47f86834
AC		 380 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
381 return ret;
1da177e4
LT		 382}
383
384EXPORT_SYMBOL(tty_check_change);
385
37bdfb07 386static ssize_t hung_up_tty_read(struct file *file, char __user *buf,
1da177e4
LT		 387 size_t count, loff_t *ppos)
388{
389 return 0;
390}
391
37bdfb07 392static ssize_t hung_up_tty_write(struct file *file, const char __user *buf,
1da177e4
LT		 393 size_t count, loff_t *ppos)
394{
395 return -EIO;
396}
397
398/* No kernel lock held - none needed ;) */
37bdfb07 399static unsigned int hung_up_tty_poll(struct file *filp, poll_table *wait)
1da177e4
LT		 400{
401 return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
402}
403
04f378b1
AC		 404static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
405 unsigned long arg)
38ad2ed0
PF		 406{
407 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
408}
409
37bdfb07 410static long hung_up_tty_compat_ioctl(struct file *file,
38ad2ed0 411 unsigned int cmd, unsigned long arg)
1da177e4
LT		 412{
413 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
414}
415
62322d25 416static const struct file_operations tty_fops = {
1da177e4
LT		 417 .llseek = no_llseek,
418 .read = tty_read,
419 .write = tty_write,
420 .poll = tty_poll,
04f378b1 421 .unlocked_ioctl = tty_ioctl,
e10cc1df 422 .compat_ioctl = tty_compat_ioctl,
1da177e4
LT		 423 .open = tty_open,
424 .release = tty_release,
425 .fasync = tty_fasync,
426};
427
428#ifdef CONFIG_UNIX98_PTYS
62322d25 429static const struct file_operations ptmx_fops = {
1da177e4
LT		 430 .llseek = no_llseek,
431 .read = tty_read,
432 .write = tty_write,
433 .poll = tty_poll,
04f378b1 434 .unlocked_ioctl = tty_ioctl,
e10cc1df 435 .compat_ioctl = tty_compat_ioctl,
1da177e4
LT		 436 .open = ptmx_open,
437 .release = tty_release,
438 .fasync = tty_fasync,
439};
440#endif
441
62322d25 442static const struct file_operations console_fops = {
1da177e4
LT		 443 .llseek = no_llseek,
444 .read = tty_read,
445 .write = redirected_tty_write,
446 .poll = tty_poll,
04f378b1 447 .unlocked_ioctl = tty_ioctl,
e10cc1df 448 .compat_ioctl = tty_compat_ioctl,
1da177e4
LT		 449 .open = tty_open,
450 .release = tty_release,
451 .fasync = tty_fasync,
452};
453
62322d25 454static const struct file_operations hung_up_tty_fops = {
1da177e4
LT		 455 .llseek = no_llseek,
456 .read = hung_up_tty_read,
457 .write = hung_up_tty_write,
458 .poll = hung_up_tty_poll,
04f378b1 459 .unlocked_ioctl = hung_up_tty_ioctl,
38ad2ed0 460 .compat_ioctl = hung_up_tty_compat_ioctl,
1da177e4
LT		 461 .release = tty_release,
462};
463
464static DEFINE_SPINLOCK(redirect_lock);
465static struct file *redirect;
466
467/**
468 * tty_wakeup - request more data
469 * @tty: terminal
470 *
471 * Internal and external helper for wakeups of tty. This function
472 * informs the line discipline if present that the driver is ready
473 * to receive more output data.
474 */
37bdfb07 475
1da177e4
LT		 476void tty_wakeup(struct tty_struct *tty)
477{
478 struct tty_ldisc *ld;
37bdfb07 479
1da177e4
LT		 480 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
481 ld = tty_ldisc_ref(tty);
37bdfb07 482 if (ld) {
a352def2
AC		 483 if (ld->ops->write_wakeup)
484 ld->ops->write_wakeup(tty);
1da177e4
LT		 485 tty_ldisc_deref(ld);
486 }
487 }
488 wake_up_interruptible(&tty->write_wait);
489}
490
491EXPORT_SYMBOL_GPL(tty_wakeup);
492
493/**
494 * tty_ldisc_flush - flush line discipline queue
495 * @tty: tty
496 *
497 * Flush the line discipline queue (if any) for this tty. If there
498 * is no line discipline active this is a no-op.
499 */
37bdfb07 500
1da177e4
LT		 501void tty_ldisc_flush(struct tty_struct *tty)
502{
503 struct tty_ldisc *ld = tty_ldisc_ref(tty);
37bdfb07 504 if (ld) {
a352def2
AC		 505 if (ld->ops->flush_buffer)
506 ld->ops->flush_buffer(tty);
1da177e4
LT		 507 tty_ldisc_deref(ld);
508 }
c5c34d48 509 tty_buffer_flush(tty);
1da177e4
LT		 510}
511
512EXPORT_SYMBOL_GPL(tty_ldisc_flush);
edc6afc5
AC		 513
514/**
515 * tty_reset_termios - reset terminal state
516 * @tty: tty to reset
517 *
518 * Restore a terminal to the driver default state
519 */
520
521static void tty_reset_termios(struct tty_struct *tty)
522{
523 mutex_lock(&tty->termios_mutex);
524 *tty->termios = tty->driver->init_termios;
525 tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
526 tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
527 mutex_unlock(&tty->termios_mutex);
528}
37bdfb07 529
af9b897e
AC		 530/**
531 * do_tty_hangup - actual handler for hangup events
65f27f38 532 * @work: tty device
af9b897e 533 *
1bad879a 534 * This can be called by the "eventd" kernel thread. That is process
af9b897e
AC		 535 * synchronous but doesn't hold any locks, so we need to make sure we
536 * have the appropriate locks for what we're doing.
537 *
538 * The hangup event clears any pending redirections onto the hung up
539 * device. It ensures future writes will error and it does the needed
540 * line discipline hangup and signal delivery. The tty object itself
541 * remains intact.
542 *
543 * Locking:
544 * BKL
24ec839c
PZ		 545 * redirect lock for undoing redirection
546 * file list lock for manipulating list of ttys
547 * tty_ldisc_lock from called functions
548 * termios_mutex resetting termios data
549 * tasklist_lock to walk task list for hangup event
550 * ->siglock to protect ->signal/->sighand
1da177e4 551 */
65f27f38 552static void do_tty_hangup(struct work_struct *work)
1da177e4 553{
65f27f38
DH		 554 struct tty_struct *tty =
555 container_of(work, struct tty_struct, hangup_work);
37bdfb07 556 struct file *cons_filp = NULL;
1da177e4
LT		 557 struct file *filp, *f = NULL;
558 struct task_struct *p;
559 struct tty_ldisc *ld;
560 int closecount = 0, n;
47f86834 561 unsigned long flags;
9c9f4ded 562 int refs = 0;
1da177e4
LT		 563
564 if (!tty)
565 return;
566
567 /* inuse_filps is protected by the single kernel lock */
568 lock_kernel();
569
570 spin_lock(&redirect_lock);
571 if (redirect && redirect->private_data == tty) {
572 f = redirect;
573 redirect = NULL;
574 }
575 spin_unlock(&redirect_lock);
37bdfb07 576
1da177e4
LT		 577 check_tty_count(tty, "do_tty_hangup");
578 file_list_lock();
579 /* This breaks for file handles being sent over AF_UNIX sockets ? */
2f512016 580 list_for_each_entry(filp, &tty->tty_files, f_u.fu_list) {
1da177e4
LT		 581 if (filp->f_op->write == redirected_tty_write)
582 cons_filp = filp;
583 if (filp->f_op->write != tty_write)
584 continue;
585 closecount++;
586 tty_fasync(-1, filp, 0); /* can't block */
587 filp->f_op = &hung_up_tty_fops;
588 }
589 file_list_unlock();
37bdfb07
AC		 590 /*
591 * FIXME! What are the locking issues here? This may me overdoing
592 * things... This question is especially important now that we've
593 * removed the irqlock.
594 */
1da177e4 595 ld = tty_ldisc_ref(tty);
37bdfb07
AC		 596 if (ld != NULL) {
597 /* We may have no line discipline at this point */
a352def2
AC		 598 if (ld->ops->flush_buffer)
599 ld->ops->flush_buffer(tty);
f34d7a5b 600 tty_driver_flush_buffer(tty);
1da177e4 601 if ((test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) &&
a352def2
AC		 602 ld->ops->write_wakeup)
603 ld->ops->write_wakeup(tty);
604 if (ld->ops->hangup)
605 ld->ops->hangup(tty);
1da177e4 606 }
37bdfb07
AC		 607 /*
608 * FIXME: Once we trust the LDISC code better we can wait here for
609 * ldisc completion and fix the driver call race
610 */
1da177e4
LT		 611 wake_up_interruptible(&tty->write_wait);
612 wake_up_interruptible(&tty->read_wait);
1da177e4
LT		 613 /*
614 * Shutdown the current line discipline, and reset it to
615 * N_TTY.
616 */
617 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
edc6afc5 618 tty_reset_termios(tty);
1da177e4
LT		 619 /* Defer ldisc switch */
620 /* tty_deferred_ldisc_switch(N_TTY);
37bdfb07 621
1da177e4
LT		 622 This should get done automatically when the port closes and
623 tty_release is called */
37bdfb07 624
1da177e4 625 read_lock(&tasklist_lock);
ab521dc0
EB		 626 if (tty->session) {
627 do_each_pid_task(tty->session, PIDTYPE_SID, p) {
24ec839c 628 spin_lock_irq(&p->sighand->siglock);
9c9f4ded 629 if (p->signal->tty == tty) {
1da177e4 630 p->signal->tty = NULL;
9c9f4ded
AC		 631 /* We defer the dereferences outside fo
632 the tasklist lock */
633 refs++;
634 }
24ec839c
PZ		 635 if (!p->signal->leader) {
636 spin_unlock_irq(&p->sighand->siglock);
1da177e4 637 continue;
24ec839c
PZ		 638 }
639 __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
640 __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
ab521dc0 641 put_pid(p->signal->tty_old_pgrp); /* A noop */
47f86834 642 spin_lock_irqsave(&tty->ctrl_lock, flags);
ab521dc0
EB		 643 if (tty->pgrp)
644 p->signal->tty_old_pgrp = get_pid(tty->pgrp);
47f86834 645 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
24ec839c 646 spin_unlock_irq(&p->sighand->siglock);
ab521dc0 647 } while_each_pid_task(tty->session, PIDTYPE_SID, p);
1da177e4
LT		 648 }
649 read_unlock(&tasklist_lock);
650
47f86834 651 spin_lock_irqsave(&tty->ctrl_lock, flags);
1da177e4 652 tty->flags = 0;
d9c1e9a8
EB		 653 put_pid(tty->session);
654 put_pid(tty->pgrp);
ab521dc0
EB		 655 tty->session = NULL;
656 tty->pgrp = NULL;
1da177e4 657 tty->ctrl_status = 0;
47f86834
AC		 658 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
659
9c9f4ded
AC		 660 /* Account for the p->signal references we killed */
661 while (refs--)
662 tty_kref_put(tty);
663
1da177e4 664 /*
37bdfb07
AC		 665 * If one of the devices matches a console pointer, we
666 * cannot just call hangup() because that will cause
667 * tty->count and state->count to go out of sync.
668 * So we just call close() the right number of times.
1da177e4
LT		 669 */
670 if (cons_filp) {
f34d7a5b 671 if (tty->ops->close)
1da177e4 672 for (n = 0; n < closecount; n++)
f34d7a5b
AC		 673 tty->ops->close(tty, cons_filp);
674 } else if (tty->ops->hangup)
675 (tty->ops->hangup)(tty);
37bdfb07
AC		 676 /*
677 * We don't want to have driver/ldisc interactions beyond
678 * the ones we did here. The driver layer expects no
679 * calls after ->hangup() from the ldisc side. However we
680 * can't yet guarantee all that.
681 */
1da177e4
LT		 682 set_bit(TTY_HUPPED, &tty->flags);
683 if (ld) {
684 tty_ldisc_enable(tty);
685 tty_ldisc_deref(ld);
686 }
687 unlock_kernel();
688 if (f)
689 fput(f);
690}
691
af9b897e
AC		 692/**
693 * tty_hangup - trigger a hangup event
694 * @tty: tty to hangup
695 *
696 * A carrier loss (virtual or otherwise) has occurred on this like
697 * schedule a hangup sequence to run after this event.
698 */
699
37bdfb07 700void tty_hangup(struct tty_struct *tty)
1da177e4
LT		 701{
702#ifdef TTY_DEBUG_HANGUP
703 char buf[64];
1da177e4
LT		 704 printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
705#endif
706 schedule_work(&tty->hangup_work);
707}
708
709EXPORT_SYMBOL(tty_hangup);
710
af9b897e
AC		 711/**
712 * tty_vhangup - process vhangup
713 * @tty: tty to hangup
714 *
715 * The user has asked via system call for the terminal to be hung up.
716 * We do this synchronously so that when the syscall returns the process
3a4fa0a2 717 * is complete. That guarantee is necessary for security reasons.
af9b897e
AC		 718 */
719
37bdfb07 720void tty_vhangup(struct tty_struct *tty)
1da177e4
LT		 721{
722#ifdef TTY_DEBUG_HANGUP
723 char buf[64];
724
725 printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
726#endif
65f27f38 727 do_tty_hangup(&tty->hangup_work);
1da177e4 728}
37bdfb07 729
1da177e4
LT		 730EXPORT_SYMBOL(tty_vhangup);
731
2cb5998b
AC		 732/**
733 * tty_vhangup_self - process vhangup for own ctty
734 *
735 * Perform a vhangup on the current controlling tty
736 */
737
738void tty_vhangup_self(void)
739{
740 struct tty_struct *tty;
741
742 mutex_lock(&tty_mutex);
743 tty = get_current_tty();
744 if (tty) {
745 tty_vhangup(tty);
746 tty_kref_put(tty);
747 }
748 mutex_unlock(&tty_mutex);
749}
750
af9b897e
AC		 751/**
752 * tty_hung_up_p - was tty hung up
753 * @filp: file pointer of tty
754 *
755 * Return true if the tty has been subject to a vhangup or a carrier
756 * loss
757 */
758
37bdfb07 759int tty_hung_up_p(struct file *filp)
1da177e4
LT		 760{
761 return (filp->f_op == &hung_up_tty_fops);
762}
763
764EXPORT_SYMBOL(tty_hung_up_p);
765
ab521dc0 766static void session_clear_tty(struct pid *session)
24ec839c
PZ		 767{
768 struct task_struct *p;
ab521dc0 769 do_each_pid_task(session, PIDTYPE_SID, p) {
24ec839c 770 proc_clear_tty(p);
ab521dc0 771 } while_each_pid_task(session, PIDTYPE_SID, p);
24ec839c
PZ		 772}
773
af9b897e
AC		 774/**
775 * disassociate_ctty - disconnect controlling tty
776 * @on_exit: true if exiting so need to "hang up" the session
1da177e4 777 *
af9b897e
AC		 778 * This function is typically called only by the session leader, when
779 * it wants to disassociate itself from its controlling tty.
780 *
781 * It performs the following functions:
1da177e4
LT		 782 * (1) Sends a SIGHUP and SIGCONT to the foreground process group
783 * (2) Clears the tty from being controlling the session
784 * (3) Clears the controlling tty for all processes in the
785 * session group.
786 *
af9b897e
AC		 787 * The argument on_exit is set to 1 if called when a process is
788 * exiting; it is 0 if called by the ioctl TIOCNOTTY.
789 *
24ec839c 790 * Locking:
af9b897e 791 * BKL is taken for hysterical raisins
24ec839c
PZ		 792 * tty_mutex is taken to protect tty
793 * ->siglock is taken to protect ->signal/->sighand
794 * tasklist_lock is taken to walk process list for sessions
795 * ->siglock is taken to protect ->signal/->sighand
1da177e4 796 */
af9b897e 797
1da177e4
LT		 798void disassociate_ctty(int on_exit)
799{
800 struct tty_struct *tty;
ab521dc0 801 struct pid *tty_pgrp = NULL;
1da177e4 802
1da177e4 803
70522e12 804 mutex_lock(&tty_mutex);
24ec839c 805 tty = get_current_tty();
1da177e4 806 if (tty) {
ab521dc0 807 tty_pgrp = get_pid(tty->pgrp);
000b9151 808 mutex_unlock(&tty_mutex);
452a00d2 809 lock_kernel();
1da177e4
LT		 810 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY)
811 tty_vhangup(tty);
04f378b1 812 unlock_kernel();
452a00d2 813 tty_kref_put(tty);
680a9671 814 } else if (on_exit) {
ab521dc0 815 struct pid *old_pgrp;
680a9671
EB		 816 spin_lock_irq(&current->sighand->siglock);
817 old_pgrp = current->signal->tty_old_pgrp;
ab521dc0 818 current->signal->tty_old_pgrp = NULL;
680a9671 819 spin_unlock_irq(&current->sighand->siglock);
24ec839c 820 if (old_pgrp) {
ab521dc0
EB		 821 kill_pgrp(old_pgrp, SIGHUP, on_exit);
822 kill_pgrp(old_pgrp, SIGCONT, on_exit);
823 put_pid(old_pgrp);
1da177e4 824 }
70522e12 825 mutex_unlock(&tty_mutex);
1da177e4
LT		 826 return;
827 }
ab521dc0
EB		 828 if (tty_pgrp) {
829 kill_pgrp(tty_pgrp, SIGHUP, on_exit);
1da177e4 830 if (!on_exit)
ab521dc0
EB		 831 kill_pgrp(tty_pgrp, SIGCONT, on_exit);
832 put_pid(tty_pgrp);
1da177e4
LT		 833 }
834
24ec839c 835 spin_lock_irq(&current->sighand->siglock);
2a65f1d9 836 put_pid(current->signal->tty_old_pgrp);
23cac8de 837 current->signal->tty_old_pgrp = NULL;
24ec839c
PZ		 838 spin_unlock_irq(&current->sighand->siglock);
839
840 mutex_lock(&tty_mutex);
24ec839c
PZ		 841 tty = get_current_tty();
842 if (tty) {
47f86834
AC		 843 unsigned long flags;
844 spin_lock_irqsave(&tty->ctrl_lock, flags);
ab521dc0
EB		 845 put_pid(tty->session);
846 put_pid(tty->pgrp);
847 tty->session = NULL;
848 tty->pgrp = NULL;
47f86834 849 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
452a00d2 850 tty_kref_put(tty);
24ec839c
PZ		 851 } else {
852#ifdef TTY_DEBUG_HANGUP
853 printk(KERN_DEBUG "error attempted to write to tty [0x%p]"
854 " = NULL", tty);
855#endif
856 }
857 mutex_unlock(&tty_mutex);
1da177e4
LT		 858
859 /* Now clear signal->tty under the lock */
860 read_lock(&tasklist_lock);
ab521dc0 861 session_clear_tty(task_session(current));
1da177e4 862 read_unlock(&tasklist_lock);
1da177e4
LT		 863}
864
98a27ba4
EB		 865/**
866 *
867 * no_tty - Ensure the current process does not have a controlling tty
868 */
869void no_tty(void)
870{
871 struct task_struct *tsk = current;
04f378b1 872 lock_kernel();
98a27ba4
EB		 873 if (tsk->signal->leader)
874 disassociate_ctty(0);
04f378b1 875 unlock_kernel();
98a27ba4
EB		 876 proc_clear_tty(tsk);
877}
878
af9b897e
AC		 879
880/**
beb7dd86 881 * stop_tty - propagate flow control
af9b897e
AC		 882 * @tty: tty to stop
883 *
884 * Perform flow control to the driver. For PTY/TTY pairs we
beb7dd86 885 * must also propagate the TIOCKPKT status. May be called
af9b897e
AC		 886 * on an already stopped device and will not re-call the driver
887 * method.
888 *
889 * This functionality is used by both the line disciplines for
890 * halting incoming flow and by the driver. It may therefore be
891 * called from any context, may be under the tty atomic_write_lock
892 * but not always.
893 *
894 * Locking:
04f378b1 895 * Uses the tty control lock internally
af9b897e
AC		 896 */
897
1da177e4
LT		 898void stop_tty(struct tty_struct *tty)
899{
04f378b1
AC		 900 unsigned long flags;
901 spin_lock_irqsave(&tty->ctrl_lock, flags);
902 if (tty->stopped) {
903 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1da177e4 904 return;
04f378b1 905 }
1da177e4
LT		 906 tty->stopped = 1;
907 if (tty->link && tty->link->packet) {
908 tty->ctrl_status &= ~TIOCPKT_START;
909 tty->ctrl_status |= TIOCPKT_STOP;
910 wake_up_interruptible(&tty->link->read_wait);
911 }
04f378b1 912 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
f34d7a5b
AC		 913 if (tty->ops->stop)
914 (tty->ops->stop)(tty);
1da177e4
LT		 915}
916
917EXPORT_SYMBOL(stop_tty);
918
af9b897e 919/**
beb7dd86 920 * start_tty - propagate flow control
af9b897e
AC		 921 * @tty: tty to start
922 *
923 * Start a tty that has been stopped if at all possible. Perform
3a4fa0a2 924 * any necessary wakeups and propagate the TIOCPKT status. If this
af9b897e
AC		 925 * is the tty was previous stopped and is being started then the
926 * driver start method is invoked and the line discipline woken.
927 *
928 * Locking:
04f378b1 929 * ctrl_lock
af9b897e
AC		 930 */
931
1da177e4
LT		 932void start_tty(struct tty_struct *tty)
933{
04f378b1
AC		 934 unsigned long flags;
935 spin_lock_irqsave(&tty->ctrl_lock, flags);
936 if (!tty->stopped || tty->flow_stopped) {
937 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1da177e4 938 return;
04f378b1 939 }
1da177e4
LT		 940 tty->stopped = 0;
941 if (tty->link && tty->link->packet) {
942 tty->ctrl_status &= ~TIOCPKT_STOP;
943 tty->ctrl_status |= TIOCPKT_START;
944 wake_up_interruptible(&tty->link->read_wait);
945 }
04f378b1 946 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
f34d7a5b
AC		 947 if (tty->ops->start)
948 (tty->ops->start)(tty);
1da177e4
LT		 949 /* If we have a running line discipline it may need kicking */
950 tty_wakeup(tty);
1da177e4
LT		 951}
952
953EXPORT_SYMBOL(start_tty);
954
af9b897e
AC		 955/**
956 * tty_read - read method for tty device files
957 * @file: pointer to tty file
958 * @buf: user buffer
959 * @count: size of user buffer
960 * @ppos: unused
961 *
962 * Perform the read system call function on this terminal device. Checks
963 * for hung up devices before calling the line discipline method.
964 *
965 * Locking:
47f86834
AC		 966 * Locks the line discipline internally while needed. Multiple
967 * read calls may be outstanding in parallel.
af9b897e
AC		 968 */
969
37bdfb07 970static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
1da177e4
LT		 971 loff_t *ppos)
972{
973 int i;
37bdfb07 974 struct tty_struct *tty;
1da177e4
LT		 975 struct inode *inode;
976 struct tty_ldisc *ld;
977
978 tty = (struct tty_struct *)file->private_data;
a7113a96 979 inode = file->f_path.dentry->d_inode;
1da177e4
LT		 980 if (tty_paranoia_check(tty, inode, "tty_read"))
981 return -EIO;
982 if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
983 return -EIO;
984
985 /* We want to wait for the line discipline to sort out in this
986 situation */
987 ld = tty_ldisc_ref_wait(tty);
a352def2
AC		 988 if (ld->ops->read)
989 i = (ld->ops->read)(tty, file, buf, count);
1da177e4
LT		 990 else
991 i = -EIO;
992 tty_ldisc_deref(ld);
1da177e4
LT		 993 if (i > 0)
994 inode->i_atime = current_fs_time(inode->i_sb);
995 return i;
996}
997
9c1729db
AC		 998void tty_write_unlock(struct tty_struct *tty)
999{
1000 mutex_unlock(&tty->atomic_write_lock);
1001 wake_up_interruptible(&tty->write_wait);
1002}
1003
1004int tty_write_lock(struct tty_struct *tty, int ndelay)
1005{
1006 if (!mutex_trylock(&tty->atomic_write_lock)) {
1007 if (ndelay)
1008 return -EAGAIN;
1009 if (mutex_lock_interruptible(&tty->atomic_write_lock))
1010 return -ERESTARTSYS;
1011 }
1012 return 0;
1013}
1014
1da177e4
LT		 1015/*
1016 * Split writes up in sane blocksizes to avoid
1017 * denial-of-service type attacks
1018 */
1019static inline ssize_t do_tty_write(
1020 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1021 struct tty_struct *tty,
1022 struct file *file,
1023 const char __user *buf,
1024 size_t count)
1025{
9c1729db 1026 ssize_t ret, written = 0;
1da177e4 1027 unsigned int chunk;
37bdfb07 1028
9c1729db
AC		 1029 ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
1030 if (ret < 0)
1031 return ret;
1da177e4
LT		 1032
1033 /*
1034 * We chunk up writes into a temporary buffer. This
1035 * simplifies low-level drivers immensely, since they
1036 * don't have locking issues and user mode accesses.
1037 *
1038 * But if TTY_NO_WRITE_SPLIT is set, we should use a
1039 * big chunk-size..
1040 *
1041 * The default chunk-size is 2kB, because the NTTY
1042 * layer has problems with bigger chunks. It will
1043 * claim to be able to handle more characters than
1044 * it actually does.
af9b897e
AC		 1045 *
1046 * FIXME: This can probably go away now except that 64K chunks
1047 * are too likely to fail unless switched to vmalloc...
1da177e4
LT		 1048 */
1049 chunk = 2048;
1050 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1051 chunk = 65536;
1052 if (count < chunk)
1053 chunk = count;
1054
70522e12 1055 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1da177e4
LT		 1056 if (tty->write_cnt < chunk) {
1057 unsigned char *buf;
1058
1059 if (chunk < 1024)
1060 chunk = 1024;
1061
1062 buf = kmalloc(chunk, GFP_KERNEL);
1063 if (!buf) {
9c1729db
AC		 1064 ret = -ENOMEM;
1065 goto out;
1da177e4
LT		 1066 }
1067 kfree(tty->write_buf);
1068 tty->write_cnt = chunk;
1069 tty->write_buf = buf;
1070 }
1071
1072 /* Do the write .. */
1073 for (;;) {
1074 size_t size = count;
1075 if (size > chunk)
1076 size = chunk;
1077 ret = -EFAULT;
1078 if (copy_from_user(tty->write_buf, buf, size))
1079 break;
1da177e4 1080 ret = write(tty, file, tty->write_buf, size);
1da177e4
LT		 1081 if (ret <= 0)
1082 break;
1083 written += ret;
1084 buf += ret;
1085 count -= ret;
1086 if (!count)
1087 break;
1088 ret = -ERESTARTSYS;
1089 if (signal_pending(current))
1090 break;
1091 cond_resched();
1092 }
1093 if (written) {
a7113a96 1094 struct inode *inode = file->f_path.dentry->d_inode;
1da177e4
LT		 1095 inode->i_mtime = current_fs_time(inode->i_sb);
1096 ret = written;
1097 }
9c1729db
AC		 1098out:
1099 tty_write_unlock(tty);
1da177e4
LT		 1100 return ret;
1101}
1102
95f9bfc6
AC		 1103/**
1104 * tty_write_message - write a message to a certain tty, not just the console.
1105 * @tty: the destination tty_struct
1106 * @msg: the message to write
1107 *
1108 * This is used for messages that need to be redirected to a specific tty.
1109 * We don't put it into the syslog queue right now maybe in the future if
1110 * really needed.
1111 *
1112 * We must still hold the BKL and test the CLOSING flag for the moment.
1113 */
1114
1115void tty_write_message(struct tty_struct *tty, char *msg)
1116{
1117 lock_kernel();
1118 if (tty) {
1119 mutex_lock(&tty->atomic_write_lock);
1120 if (tty->ops->write && !test_bit(TTY_CLOSING, &tty->flags))
1121 tty->ops->write(tty, msg, strlen(msg));
1122 tty_write_unlock(tty);
1123 }
1124 unlock_kernel();
1125 return;
1126}
1127
1da177e4 1128
af9b897e
AC		 1129/**
1130 * tty_write - write method for tty device file
1131 * @file: tty file pointer
1132 * @buf: user data to write
1133 * @count: bytes to write
1134 * @ppos: unused
1135 *
1136 * Write data to a tty device via the line discipline.
1137 *
1138 * Locking:
1139 * Locks the line discipline as required
1140 * Writes to the tty driver are serialized by the atomic_write_lock
1141 * and are then processed in chunks to the device. The line discipline
1142 * write method will not be involked in parallel for each device
1143 * The line discipline write method is called under the big
1144 * kernel lock for historical reasons. New code should not rely on this.
1145 */
1146
37bdfb07
AC		 1147static ssize_t tty_write(struct file *file, const char __user *buf,
1148 size_t count, loff_t *ppos)
1da177e4 1149{
37bdfb07 1150 struct tty_struct *tty;
a7113a96 1151 struct inode *inode = file->f_path.dentry->d_inode;
1da177e4
LT		 1152 ssize_t ret;
1153 struct tty_ldisc *ld;
37bdfb07 1154
1da177e4
LT		 1155 tty = (struct tty_struct *)file->private_data;
1156 if (tty_paranoia_check(tty, inode, "tty_write"))
1157 return -EIO;
f34d7a5b 1158 if (!tty || !tty->ops->write ||
37bdfb07
AC		 1159 (test_bit(TTY_IO_ERROR, &tty->flags)))
1160 return -EIO;
f34d7a5b
AC		 1161 /* Short term debug to catch buggy drivers */
1162 if (tty->ops->write_room == NULL)
1163 printk(KERN_ERR "tty driver %s lacks a write_room method.\n",
1164 tty->driver->name);
37bdfb07 1165 ld = tty_ldisc_ref_wait(tty);
a352def2 1166 if (!ld->ops->write)
1da177e4
LT		 1167 ret = -EIO;
1168 else
a352def2 1169 ret = do_tty_write(ld->ops->write, tty, file, buf, count);
1da177e4
LT		 1170 tty_ldisc_deref(ld);
1171 return ret;
1172}
1173
37bdfb07
AC		 1174ssize_t redirected_tty_write(struct file *file, const char __user *buf,
1175 size_t count, loff_t *ppos)
1da177e4
LT		 1176{
1177 struct file *p = NULL;
1178
1179 spin_lock(&redirect_lock);
1180 if (redirect) {
1181 get_file(redirect);
1182 p = redirect;
1183 }
1184 spin_unlock(&redirect_lock);
1185
1186 if (p) {
1187 ssize_t res;
1188 res = vfs_write(p, buf, count, &p->f_pos);
1189 fput(p);
1190 return res;
1191 }
1da177e4
LT		 1192 return tty_write(file, buf, count, ppos);
1193}
1194
1195static char ptychar[] = "pqrstuvwxyzabcde";
1196
af9b897e
AC		 1197/**
1198 * pty_line_name - generate name for a pty
1199 * @driver: the tty driver in use
1200 * @index: the minor number
1201 * @p: output buffer of at least 6 bytes
1202 *
1203 * Generate a name from a driver reference and write it to the output
1204 * buffer.
1205 *
1206 * Locking: None
1207 */
1208static void pty_line_name(struct tty_driver *driver, int index, char *p)
1da177e4
LT		 1209{
1210 int i = index + driver->name_base;
1211 /* ->name is initialized to "ttyp", but "tty" is expected */
1212 sprintf(p, "%s%c%x",
37bdfb07
AC		 1213 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1214 ptychar[i >> 4 & 0xf], i & 0xf);
1da177e4
LT		 1215}
1216
af9b897e
AC		 1217/**
1218 * pty_line_name - generate name for a tty
1219 * @driver: the tty driver in use
1220 * @index: the minor number
1221 * @p: output buffer of at least 7 bytes
1222 *
1223 * Generate a name from a driver reference and write it to the output
1224 * buffer.
1225 *
1226 * Locking: None
1227 */
1228static void tty_line_name(struct tty_driver *driver, int index, char *p)
1da177e4
LT		 1229{
1230 sprintf(p, "%s%d", driver->name, index + driver->name_base);
1231}
1232
af9b897e
AC		 1233/**
1234 * init_dev - initialise a tty device
1235 * @driver: tty driver we are opening a device on
1236 * @idx: device index
1237 * @tty: returned tty structure
1238 *
1239 * Prepare a tty device. This may not be a "new" clean device but
1240 * could also be an active device. The pty drivers require special
1241 * handling because of this.
1242 *
1243 * Locking:
1244 * The function is called under the tty_mutex, which
1245 * protects us from the tty struct or driver itself going away.
1246 *
1247 * On exit the tty device has the line discipline attached and
1248 * a reference count of 1. If a pair was created for pty/tty use
1249 * and the other was a pty master then it too has a reference count of 1.
1250 *
1da177e4 1251 * WSH 06/09/97: Rewritten to remove races and properly clean up after a
70522e12
IM		 1252 * failed open. The new code protects the open with a mutex, so it's
1253 * really quite straightforward. The mutex locking can probably be
1da177e4
LT		 1254 * relaxed for the (most common) case of reopening a tty.
1255 */
af9b897e 1256
1da177e4
LT		 1257static int init_dev(struct tty_driver *driver, int idx,
1258 struct tty_struct **ret_tty)
1259{
1260 struct tty_struct *tty, *o_tty;
edc6afc5
AC		 1261 struct ktermios *tp, **tp_loc, *o_tp, **o_tp_loc;
1262 struct ktermios *ltp, **ltp_loc, *o_ltp, **o_ltp_loc;
af9b897e 1263 int retval = 0;
1da177e4
LT		 1264
1265 /* check whether we're reopening an existing tty */
1266 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1267 tty = devpts_get_tty(idx);
5a39e8c6
ASRF		 1268 /*
1269 * If we don't have a tty here on a slave open, it's because
1270 * the master already started the close process and there's
1271 * no relation between devpts file and tty anymore.
1272 */
1273 if (!tty && driver->subtype == PTY_TYPE_SLAVE) {
1274 retval = -EIO;
1275 goto end_init;
1276 }
1277 /*
1278 * It's safe from now on because init_dev() is called with
1279 * tty_mutex held and release_dev() won't change tty->count
1280 * or tty->flags without having to grab tty_mutex
1281 */
1da177e4
LT		 1282 if (tty && driver->subtype == PTY_TYPE_MASTER)
1283 tty = tty->link;
1284 } else {
1285 tty = driver->ttys[idx];
1286 }
1287 if (tty) goto fast_track;
1288
1289 /*
1290 * First time open is complex, especially for PTY devices.
1291 * This code guarantees that either everything succeeds and the
1292 * TTY is ready for operation, or else the table slots are vacated
37bdfb07 1293 * and the allocated memory released. (Except that the termios
1da177e4
LT		 1294 * and locked termios may be retained.)
1295 */
1296
1297 if (!try_module_get(driver->owner)) {
1298 retval = -ENODEV;
1299 goto end_init;
1300 }
1301
1302 o_tty = NULL;
1303 tp = o_tp = NULL;
1304 ltp = o_ltp = NULL;
1305
1306 tty = alloc_tty_struct();
37bdfb07 1307 if (!tty)
1da177e4
LT		 1308 goto fail_no_mem;
1309 initialize_tty_struct(tty);
1310 tty->driver = driver;
f34d7a5b 1311 tty->ops = driver->ops;
1da177e4
LT		 1312 tty->index = idx;
1313 tty_line_name(driver, idx, tty->name);
1314
1315 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1316 tp_loc = &tty->termios;
1317 ltp_loc = &tty->termios_locked;
1318 } else {
1319 tp_loc = &driver->termios[idx];
1320 ltp_loc = &driver->termios_locked[idx];
1321 }
1322
1323 if (!*tp_loc) {
abcb1ff3 1324 tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
1da177e4
LT		 1325 if (!tp)
1326 goto free_mem_out;
1327 *tp = driver->init_termios;
1328 }
1329
1330 if (!*ltp_loc) {
506eb99a 1331 ltp = kzalloc(sizeof(struct ktermios), GFP_KERNEL);
1da177e4
LT		 1332 if (!ltp)
1333 goto free_mem_out;
1da177e4
LT		 1334 }
1335
1336 if (driver->type == TTY_DRIVER_TYPE_PTY) {
1337 o_tty = alloc_tty_struct();
1338 if (!o_tty)
1339 goto free_mem_out;
6f967f78
AC		 1340 if (!try_module_get(driver->other->owner)) {
1341 /* This cannot in fact currently happen */
1342 free_tty_struct(o_tty);
1343 o_tty = NULL;
1344 goto free_mem_out;
1345 }
1da177e4
LT		 1346 initialize_tty_struct(o_tty);
1347 o_tty->driver = driver->other;
f34d7a5b 1348 o_tty->ops = driver->ops;
1da177e4
LT		 1349 o_tty->index = idx;
1350 tty_line_name(driver->other, idx, o_tty->name);
1351
1352 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1353 o_tp_loc = &o_tty->termios;
1354 o_ltp_loc = &o_tty->termios_locked;
1355 } else {
1356 o_tp_loc = &driver->other->termios[idx];
1357 o_ltp_loc = &driver->other->termios_locked[idx];
1358 }
1359
1360 if (!*o_tp_loc) {
abcb1ff3 1361 o_tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
1da177e4
LT		 1362 if (!o_tp)
1363 goto free_mem_out;
1364 *o_tp = driver->other->init_termios;
1365 }
1366
1367 if (!*o_ltp_loc) {
506eb99a 1368 o_ltp = kzalloc(sizeof(struct ktermios), GFP_KERNEL);
1da177e4
LT		 1369 if (!o_ltp)
1370 goto free_mem_out;
1da177e4
LT		 1371 }
1372
1373 /*
1374 * Everything allocated ... set up the o_tty structure.
1375 */
37bdfb07 1376 if (!(driver->other->flags & TTY_DRIVER_DEVPTS_MEM))
1da177e4 1377 driver->other->ttys[idx] = o_tty;
1da177e4
LT		 1378 if (!*o_tp_loc)
1379 *o_tp_loc = o_tp;
1380 if (!*o_ltp_loc)
1381 *o_ltp_loc = o_ltp;
1382 o_tty->termios = *o_tp_loc;
1383 o_tty->termios_locked = *o_ltp_loc;
1384 driver->other->refcount++;
1385 if (driver->subtype == PTY_TYPE_MASTER)
1386 o_tty->count++;
1387
1388 /* Establish the links in both directions */
1389 tty->link = o_tty;
1390 o_tty->link = tty;
1391 }
1392
37bdfb07 1393 /*
1da177e4 1394 * All structures have been allocated, so now we install them.
d5698c28 1395 * Failures after this point use release_tty to clean up, so
1da177e4
LT		 1396 * there's no need to null out the local pointers.
1397 */
37bdfb07 1398 if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM))
1da177e4 1399 driver->ttys[idx] = tty;
37bdfb07 1400
1da177e4
LT		 1401 if (!*tp_loc)
1402 *tp_loc = tp;
1403 if (!*ltp_loc)
1404 *ltp_loc = ltp;
1405 tty->termios = *tp_loc;
1406 tty->termios_locked = *ltp_loc;
edc6afc5
AC		 1407 /* Compatibility until drivers always set this */
1408 tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
1409 tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
1da177e4
LT		 1410 driver->refcount++;
1411 tty->count++;
1412
37bdfb07 1413 /*
1da177e4 1414 * Structures all installed ... call the ldisc open routines.
d5698c28
CH		 1415 * If we fail here just call release_tty to clean up. No need
1416 * to decrement the use counts, as release_tty doesn't care.
1da177e4
LT		 1417 */
1418
01e1abb2
AC		 1419 retval = tty_ldisc_setup(tty, o_tty);
1420
1421 if (retval)
1422 goto release_mem_out;
1423 goto success;
1da177e4
LT		 1424
1425 /*
1426 * This fast open can be used if the tty is already open.
1427 * No memory is allocated, and the only failures are from
1428 * attempting to open a closing tty or attempting multiple
1429 * opens on a pty master.
1430 */
1431fast_track:
1432 if (test_bit(TTY_CLOSING, &tty->flags)) {
1433 retval = -EIO;
1434 goto end_init;
1435 }
1436 if (driver->type == TTY_DRIVER_TYPE_PTY &&
1437 driver->subtype == PTY_TYPE_MASTER) {
1438 /*
37bdfb07 1439 * special case for PTY masters: only one open permitted,
1da177e4
LT		 1440 * and the slave side open count is incremented as well.
1441 */
1442 if (tty->count) {
1443 retval = -EIO;
1444 goto end_init;
1445 }
1446 tty->link->count++;
1447 }
1448 tty->count++;
1449 tty->driver = driver; /* N.B. why do this every time?? */
1450
1451 /* FIXME */
37bdfb07 1452 if (!test_bit(TTY_LDISC, &tty->flags))
1da177e4
LT		 1453 printk(KERN_ERR "init_dev but no ldisc\n");
1454success:
1455 *ret_tty = tty;
37bdfb07 1456
70522e12 1457 /* All paths come through here to release the mutex */
1da177e4
LT		 1458end_init:
1459 return retval;
1460
1461 /* Release locally allocated memory ... nothing placed in slots */
1462free_mem_out:
735d5661 1463 kfree(o_tp);
6f967f78
AC		 1464 if (o_tty) {
1465 module_put(o_tty->driver->owner);
1da177e4 1466 free_tty_struct(o_tty);
6f967f78 1467 }
735d5661
JJ		 1468 kfree(ltp);
1469 kfree(tp);
1da177e4
LT		 1470 free_tty_struct(tty);
1471
1472fail_no_mem:
1473 module_put(driver->owner);
1474 retval = -ENOMEM;
1475 goto end_init;
1476
d5698c28 1477 /* call the tty release_tty routine to clean out this slot */
1da177e4 1478release_mem_out:
4050914f
AM		 1479 if (printk_ratelimit())
1480 printk(KERN_INFO "init_dev: ldisc open failed, "
1481 "clearing slot %d\n", idx);
d5698c28 1482 release_tty(tty, idx);
1da177e4
LT		 1483 goto end_init;
1484}
1485
af9b897e 1486/**
d5698c28 1487 * release_one_tty - release tty structure memory
9c9f4ded 1488 * @kref: kref of tty we are obliterating
af9b897e
AC		 1489 *
1490 * Releases memory associated with a tty structure, and clears out the
1491 * driver table slots. This function is called when a device is no longer
1492 * in use. It also gets called when setup of a device fails.
1493 *
1494 * Locking:
1495 * tty_mutex - sometimes only
1496 * takes the file list lock internally when working on the list
1497 * of ttys that the driver keeps.
1da177e4 1498 */
9c9f4ded 1499static void release_one_tty(struct kref *kref)
1da177e4 1500{
9c9f4ded 1501 struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
6f967f78 1502 struct tty_driver *driver = tty->driver;
1da177e4 1503 int devpts = tty->driver->flags & TTY_DRIVER_DEVPTS_MEM;
d5698c28 1504 struct ktermios *tp;
9c9f4ded 1505 int idx = tty->index;
1da177e4
LT		 1506
1507 if (!devpts)
1508 tty->driver->ttys[idx] = NULL;
d5698c28 1509
1da177e4 1510 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
9c9f4ded 1511 /* FIXME: Locking on ->termios array */
1da177e4
LT		 1512 tp = tty->termios;
1513 if (!devpts)
1514 tty->driver->termios[idx] = NULL;
1515 kfree(tp);
1516
1517 tp = tty->termios_locked;
1518 if (!devpts)
1519 tty->driver->termios_locked[idx] = NULL;
1520 kfree(tp);
1521 }
1522
d5698c28 1523
1da177e4 1524 tty->magic = 0;
9c9f4ded 1525 /* FIXME: locking on tty->driver->refcount */
1da177e4 1526 tty->driver->refcount--;
6f967f78 1527 module_put(driver->owner);
d5698c28 1528
1da177e4
LT		 1529 file_list_lock();
1530 list_del_init(&tty->tty_files);
1531 file_list_unlock();
d5698c28 1532
1da177e4
LT		 1533 free_tty_struct(tty);
1534}
1535
9c9f4ded
AC		 1536/**
1537 * tty_kref_put - release a tty kref
1538 * @tty: tty device
1539 *
1540 * Release a reference to a tty device and if need be let the kref
1541 * layer destruct the object for us
1542 */
1543
1544void tty_kref_put(struct tty_struct *tty)
1545{
1546 if (tty)
1547 kref_put(&tty->kref, release_one_tty);
1548}
1549EXPORT_SYMBOL(tty_kref_put);
1550
d5698c28
CH		 1551/**
1552 * release_tty - release tty structure memory
1553 *
1554 * Release both @tty and a possible linked partner (think pty pair),
1555 * and decrement the refcount of the backing module.
1556 *
1557 * Locking:
1558 * tty_mutex - sometimes only
1559 * takes the file list lock internally when working on the list
1560 * of ttys that the driver keeps.
1561 * FIXME: should we require tty_mutex is held here ??
9c9f4ded 1562 *
d5698c28
CH		 1563 */
1564static void release_tty(struct tty_struct *tty, int idx)
1565{
9c9f4ded
AC		 1566 /* This should always be true but check for the moment */
1567 WARN_ON(tty->index != idx);
1568
d5698c28 1569 if (tty->link)
9c9f4ded
AC		 1570 tty_kref_put(tty->link);
1571 tty_kref_put(tty);
d5698c28
CH		 1572}
1573
1da177e4
LT		 1574/*
1575 * Even releasing the tty structures is a tricky business.. We have
1576 * to be very careful that the structures are all released at the
1577 * same time, as interrupts might otherwise get the wrong pointers.
1578 *
1579 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1580 * lead to double frees or releasing memory still in use.
1581 */
37bdfb07 1582static void release_dev(struct file *filp)
1da177e4
LT		 1583{
1584 struct tty_struct *tty, *o_tty;
1585 int pty_master, tty_closing, o_tty_closing, do_sleep;
14a6283e 1586 int devpts;
1da177e4
LT		 1587 int idx;
1588 char buf[64];
37bdfb07 1589
1da177e4 1590 tty = (struct tty_struct *)filp->private_data;
37bdfb07
AC		 1591 if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode,
1592 "release_dev"))
1da177e4
LT		 1593 return;
1594
1595 check_tty_count(tty, "release_dev");
1596
1597 tty_fasync(-1, filp, 0);
1598
1599 idx = tty->index;
1600 pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1601 tty->driver->subtype == PTY_TYPE_MASTER);
1602 devpts = (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) != 0;
1da177e4
LT		 1603 o_tty = tty->link;
1604
1605#ifdef TTY_PARANOIA_CHECK
1606 if (idx < 0 || idx >= tty->driver->num) {
1607 printk(KERN_DEBUG "release_dev: bad idx when trying to "
1608 "free (%s)\n", tty->name);
1609 return;
1610 }
1611 if (!(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
1612 if (tty != tty->driver->ttys[idx]) {
1613 printk(KERN_DEBUG "release_dev: driver.table[%d] not tty "
1614 "for (%s)\n", idx, tty->name);
1615 return;
1616 }
1617 if (tty->termios != tty->driver->termios[idx]) {
1618 printk(KERN_DEBUG "release_dev: driver.termios[%d] not termios "
1619 "for (%s)\n",
1620 idx, tty->name);
1621 return;
1622 }
1623 if (tty->termios_locked != tty->driver->termios_locked[idx]) {
1624 printk(KERN_DEBUG "release_dev: driver.termios_locked[%d] not "
1625 "termios_locked for (%s)\n",
1626 idx, tty->name);
1627 return;
1628 }
1629 }
1630#endif
1631
1632#ifdef TTY_DEBUG_HANGUP
1633 printk(KERN_DEBUG "release_dev of %s (tty count=%d)...",
1634 tty_name(tty, buf), tty->count);
1635#endif
1636
1637#ifdef TTY_PARANOIA_CHECK
1638 if (tty->driver->other &&
1639 !(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
1640 if (o_tty != tty->driver->other->ttys[idx]) {
1641 printk(KERN_DEBUG "release_dev: other->table[%d] "
1642 "not o_tty for (%s)\n",
1643 idx, tty->name);
1644 return;
1645 }
1646 if (o_tty->termios != tty->driver->other->termios[idx]) {
1647 printk(KERN_DEBUG "release_dev: other->termios[%d] "
1648 "not o_termios for (%s)\n",
1649 idx, tty->name);
1650 return;
1651 }
37bdfb07 1652 if (o_tty->termios_locked !=
1da177e4
LT		 1653 tty->driver->other->termios_locked[idx]) {
1654 printk(KERN_DEBUG "release_dev: other->termios_locked["
1655 "%d] not o_termios_locked for (%s)\n",
1656 idx, tty->name);
1657 return;
1658 }
1659 if (o_tty->link != tty) {
1660 printk(KERN_DEBUG "release_dev: bad pty pointers\n");
1661 return;
1662 }
1663 }
1664#endif
f34d7a5b
AC		 1665 if (tty->ops->close)
1666 tty->ops->close(tty, filp);
1da177e4
LT		 1667
1668 /*
1669 * Sanity check: if tty->count is going to zero, there shouldn't be
1670 * any waiters on tty->read_wait or tty->write_wait. We test the
1671 * wait queues and kick everyone out _before_ actually starting to
1672 * close. This ensures that we won't block while releasing the tty
1673 * structure.
1674 *
1675 * The test for the o_tty closing is necessary, since the master and
1676 * slave sides may close in any order. If the slave side closes out
1677 * first, its count will be one, since the master side holds an open.
1678 * Thus this test wouldn't be triggered at the time the slave closes,
1679 * so we do it now.
1680 *
1681 * Note that it's possible for the tty to be opened again while we're
1682 * flushing out waiters. By recalculating the closing flags before
1683 * each iteration we avoid any problems.
1684 */
1685 while (1) {
1686 /* Guard against races with tty->count changes elsewhere and
1687 opens on /dev/tty */
37bdfb07 1688
70522e12 1689 mutex_lock(&tty_mutex);
1da177e4
LT		 1690 tty_closing = tty->count <= 1;
1691 o_tty_closing = o_tty &&
1692 (o_tty->count <= (pty_master ? 1 : 0));
1da177e4
LT		 1693 do_sleep = 0;
1694
1695 if (tty_closing) {
1696 if (waitqueue_active(&tty->read_wait)) {
1697 wake_up(&tty->read_wait);
1698 do_sleep++;
1699 }
1700 if (waitqueue_active(&tty->write_wait)) {
1701 wake_up(&tty->write_wait);
1702 do_sleep++;
1703 }
1704 }
1705 if (o_tty_closing) {
1706 if (waitqueue_active(&o_tty->read_wait)) {
1707 wake_up(&o_tty->read_wait);
1708 do_sleep++;
1709 }
1710 if (waitqueue_active(&o_tty->write_wait)) {
1711 wake_up(&o_tty->write_wait);
1712 do_sleep++;
1713 }
1714 }
1715 if (!do_sleep)
1716 break;
1717
1718 printk(KERN_WARNING "release_dev: %s: read/write wait queue "
1719 "active!\n", tty_name(tty, buf));
70522e12 1720 mutex_unlock(&tty_mutex);
1da177e4 1721 schedule();
37bdfb07 1722 }
1da177e4
LT		 1723
1724 /*
37bdfb07
AC		 1725 * The closing flags are now consistent with the open counts on
1726 * both sides, and we've completed the last operation that could
1da177e4
LT		 1727 * block, so it's safe to proceed with closing.
1728 */
1da177e4
LT		 1729 if (pty_master) {
1730 if (--o_tty->count < 0) {
1731 printk(KERN_WARNING "release_dev: bad pty slave count "
1732 "(%d) for %s\n",
1733 o_tty->count, tty_name(o_tty, buf));
1734 o_tty->count = 0;
1735 }
1736 }
1737 if (--tty->count < 0) {
1738 printk(KERN_WARNING "release_dev: bad tty->count (%d) for %s\n",
1739 tty->count, tty_name(tty, buf));
1740 tty->count = 0;
1741 }
37bdfb07 1742
1da177e4
LT		 1743 /*
1744 * We've decremented tty->count, so we need to remove this file
1745 * descriptor off the tty->tty_files list; this serves two
1746 * purposes:
1747 * - check_tty_count sees the correct number of file descriptors
1748 * associated with this tty.
1749 * - do_tty_hangup no longer sees this file descriptor as
1750 * something that needs to be handled for hangups.
1751 */
1752 file_kill(filp);
1753 filp->private_data = NULL;
1754
1755 /*
1756 * Perform some housekeeping before deciding whether to return.
1757 *
1758 * Set the TTY_CLOSING flag if this was the last open. In the
1759 * case of a pty we may have to wait around for the other side
1760 * to close, and TTY_CLOSING makes sure we can't be reopened.
1761 */
37bdfb07 1762 if (tty_closing)
1da177e4 1763 set_bit(TTY_CLOSING, &tty->flags);
37bdfb07 1764 if (o_tty_closing)
1da177e4
LT		 1765 set_bit(TTY_CLOSING, &o_tty->flags);
1766
1767 /*
1768 * If _either_ side is closing, make sure there aren't any
1769 * processes that still think tty or o_tty is their controlling
1770 * tty.
1771 */
1772 if (tty_closing || o_tty_closing) {
1da177e4 1773 read_lock(&tasklist_lock);
24ec839c 1774 session_clear_tty(tty->session);
1da177e4 1775 if (o_tty)
24ec839c 1776 session_clear_tty(o_tty->session);
1da177e4
LT		 1777 read_unlock(&tasklist_lock);
1778 }
1779
70522e12 1780 mutex_unlock(&tty_mutex);
da965822 1781
1da177e4
LT		 1782 /* check whether both sides are closing ... */
1783 if (!tty_closing || (o_tty && !o_tty_closing))
1784 return;
37bdfb07 1785
1da177e4
LT		 1786#ifdef TTY_DEBUG_HANGUP
1787 printk(KERN_DEBUG "freeing tty structure...");
1788#endif
1789 /*
01e1abb2 1790 * Ask the line discipline code to release its structures
1da177e4 1791 */
01e1abb2 1792 tty_ldisc_release(tty, o_tty);
1da177e4 1793 /*
d5698c28 1794 * The release_tty function takes care of the details of clearing
1da177e4
LT		 1795 * the slots and preserving the termios structure.
1796 */
d5698c28 1797 release_tty(tty, idx);
1da177e4 1798
1da177e4 1799 /* Make this pty number available for reallocation */
718a9163
SB		 1800 if (devpts)
1801 devpts_kill_index(idx);
1da177e4
LT		 1802}
1803
af9b897e
AC		 1804/**
1805 * tty_open - open a tty device
1806 * @inode: inode of device file
1807 * @filp: file pointer to tty
1da177e4 1808 *
af9b897e
AC		 1809 * tty_open and tty_release keep up the tty count that contains the
1810 * number of opens done on a tty. We cannot use the inode-count, as
1811 * different inodes might point to the same tty.
1da177e4 1812 *
af9b897e
AC		 1813 * Open-counting is needed for pty masters, as well as for keeping
1814 * track of serial lines: DTR is dropped when the last close happens.
1815 * (This is not done solely through tty->count, now. - Ted 1/27/92)
1816 *
1817 * The termios state of a pty is reset on first open so that
1818 * settings don't persist across reuse.
1819 *
24ec839c
PZ		 1820 * Locking: tty_mutex protects tty, get_tty_driver and init_dev work.
1821 * tty->count should protect the rest.
1822 * ->siglock protects ->signal/->sighand
1da177e4 1823 */
af9b897e 1824
39d95b9d 1825static int __tty_open(struct inode *inode, struct file *filp)
1da177e4
LT		 1826{
1827 struct tty_struct *tty;
1828 int noctty, retval;
1829 struct tty_driver *driver;
1830 int index;
1831 dev_t device = inode->i_rdev;
1832 unsigned short saved_flags = filp->f_flags;
1833
1834 nonseekable_open(inode, filp);
37bdfb07 1835
1da177e4
LT		 1836retry_open:
1837 noctty = filp->f_flags & O_NOCTTY;
1838 index = -1;
1839 retval = 0;
37bdfb07 1840
70522e12 1841 mutex_lock(&tty_mutex);
1da177e4 1842
37bdfb07 1843 if (device == MKDEV(TTYAUX_MAJOR, 0)) {
24ec839c
PZ		 1844 tty = get_current_tty();
1845 if (!tty) {
70522e12 1846 mutex_unlock(&tty_mutex);
1da177e4
LT		 1847 return -ENXIO;
1848 }
24ec839c
PZ		 1849 driver = tty->driver;
1850 index = tty->index;
1da177e4
LT		 1851 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
1852 /* noctty = 1; */
452a00d2
AC		 1853 /* FIXME: Should we take a driver reference ? */
1854 tty_kref_put(tty);
1da177e4
LT		 1855 goto got_driver;
1856 }
1857#ifdef CONFIG_VT
37bdfb07 1858 if (device == MKDEV(TTY_MAJOR, 0)) {
1da177e4
LT		 1859 extern struct tty_driver *console_driver;
1860 driver = console_driver;
1861 index = fg_console;
1862 noctty = 1;
1863 goto got_driver;
1864 }
1865#endif
37bdfb07 1866 if (device == MKDEV(TTYAUX_MAJOR, 1)) {
1da177e4
LT		 1867 driver = console_device(&index);
1868 if (driver) {
1869 /* Don't let /dev/console block */
1870 filp->f_flags |= O_NONBLOCK;
1871 noctty = 1;
1872 goto got_driver;
1873 }
70522e12 1874 mutex_unlock(&tty_mutex);
1da177e4
LT		 1875 return -ENODEV;
1876 }
1877
1878 driver = get_tty_driver(device, &index);
1879 if (!driver) {
70522e12 1880 mutex_unlock(&tty_mutex);
1da177e4
LT		 1881 return -ENODEV;
1882 }
1883got_driver:
1884 retval = init_dev(driver, index, &tty);
70522e12 1885 mutex_unlock(&tty_mutex);
1da177e4
LT		 1886 if (retval)
1887 return retval;
1888
1889 filp->private_data = tty;
1890 file_move(filp, &tty->tty_files);
1891 check_tty_count(tty, "tty_open");
1892 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1893 tty->driver->subtype == PTY_TYPE_MASTER)
1894 noctty = 1;
1895#ifdef TTY_DEBUG_HANGUP
1896 printk(KERN_DEBUG "opening %s...", tty->name);
1897#endif
1898 if (!retval) {
f34d7a5b
AC		 1899 if (tty->ops->open)
1900 retval = tty->ops->open(tty, filp);
1da177e4
LT		 1901 else
1902 retval = -ENODEV;
1903 }
1904 filp->f_flags = saved_flags;
1905
37bdfb07
AC		 1906 if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) &&
1907 !capable(CAP_SYS_ADMIN))
1da177e4
LT		 1908 retval = -EBUSY;
1909
1910 if (retval) {
1911#ifdef TTY_DEBUG_HANGUP
1912 printk(KERN_DEBUG "error %d in opening %s...", retval,
1913 tty->name);
1914#endif
1915 release_dev(filp);
1916 if (retval != -ERESTARTSYS)
1917 return retval;
1918 if (signal_pending(current))
1919 return retval;
1920 schedule();
1921 /*
1922 * Need to reset f_op in case a hangup happened.
1923 */
1924 if (filp->f_op == &hung_up_tty_fops)
1925 filp->f_op = &tty_fops;
1926 goto retry_open;
1927 }
24ec839c
PZ		 1928
1929 mutex_lock(&tty_mutex);
1930 spin_lock_irq(&current->sighand->siglock);
1da177e4
LT		 1931 if (!noctty &&
1932 current->signal->leader &&
1933 !current->signal->tty &&
ab521dc0 1934 tty->session == NULL)
2a65f1d9 1935 __proc_set_tty(current, tty);
24ec839c
PZ		 1936 spin_unlock_irq(&current->sighand->siglock);
1937 mutex_unlock(&tty_mutex);
1da177e4
LT		 1938 return 0;
1939}
1940
39d95b9d
JC		 1941/* BKL pushdown: scary code avoidance wrapper */
1942static int tty_open(struct inode *inode, struct file *filp)
1943{
1944 int ret;
1945
1946 lock_kernel();
1947 ret = __tty_open(inode, filp);
1948 unlock_kernel();
1949 return ret;
1950}
1951
1952
1953
1da177e4 1954#ifdef CONFIG_UNIX98_PTYS
af9b897e
AC		 1955/**
1956 * ptmx_open - open a unix 98 pty master
1957 * @inode: inode of device file
1958 * @filp: file pointer to tty
1959 *
1960 * Allocate a unix98 pty master device from the ptmx driver.
1961 *
1962 * Locking: tty_mutex protects theinit_dev work. tty->count should
37bdfb07 1963 * protect the rest.
af9b897e
AC		 1964 * allocated_ptys_lock handles the list of free pty numbers
1965 */
1966
39d95b9d 1967static int __ptmx_open(struct inode *inode, struct file *filp)
1da177e4
LT		 1968{
1969 struct tty_struct *tty;
1970 int retval;
1971 int index;
1da177e4
LT		 1972
1973 nonseekable_open(inode, filp);
1974
1975 /* find a device that is not in use. */
718a9163
SB		 1976 index = devpts_new_index();
1977 if (index < 0)
1978 return index;
1da177e4 1979
70522e12 1980 mutex_lock(&tty_mutex);
1da177e4 1981 retval = init_dev(ptm_driver, index, &tty);
70522e12 1982 mutex_unlock(&tty_mutex);
37bdfb07 1983
1da177e4
LT		 1984 if (retval)
1985 goto out;
1986
1987 set_bit(TTY_PTY_LOCK, &tty->flags); /* LOCK THE SLAVE */
1988 filp->private_data = tty;
1989 file_move(filp, &tty->tty_files);
1990
4f8f9d66
SB		 1991 retval = devpts_pty_new(tty->link);
1992 if (retval)
1da177e4
LT		 1993 goto out1;
1994
86a96538 1995 check_tty_count(tty, "ptmx_open");
f34d7a5b 1996 retval = ptm_driver->ops->open(tty, filp);
41126226 1997 if (!retval)
1da177e4
LT		 1998 return 0;
1999out1:
2000 release_dev(filp);
9453a5ad 2001 return retval;
1da177e4 2002out:
718a9163 2003 devpts_kill_index(index);
1da177e4
LT		 2004 return retval;
2005}
39d95b9d
JC		 2006
2007static int ptmx_open(struct inode *inode, struct file *filp)
2008{
2009 int ret;
2010
2011 lock_kernel();
2012 ret = __ptmx_open(inode, filp);
2013 unlock_kernel();
2014 return ret;
2015}
1da177e4
LT		 2016#endif
2017
af9b897e
AC		 2018/**
2019 * tty_release - vfs callback for close
2020 * @inode: inode of tty
2021 * @filp: file pointer for handle to tty
2022 *
2023 * Called the last time each file handle is closed that references
2024 * this tty. There may however be several such references.
2025 *
2026 * Locking:
2027 * Takes bkl. See release_dev
2028 */
2029
37bdfb07 2030static int tty_release(struct inode *inode, struct file *filp)
1da177e4
LT		 2031{
2032 lock_kernel();
2033 release_dev(filp);
2034 unlock_kernel();
2035 return 0;
2036}
2037
af9b897e
AC		 2038/**
2039 * tty_poll - check tty status
2040 * @filp: file being polled
2041 * @wait: poll wait structures to update
2042 *
2043 * Call the line discipline polling method to obtain the poll
2044 * status of the device.
2045 *
2046 * Locking: locks called line discipline but ldisc poll method
2047 * may be re-entered freely by other callers.
2048 */
2049
37bdfb07 2050static unsigned int tty_poll(struct file *filp, poll_table *wait)
1da177e4 2051{
37bdfb07 2052 struct tty_struct *tty;
1da177e4
LT		 2053 struct tty_ldisc *ld;
2054 int ret = 0;
2055
2056 tty = (struct tty_struct *)filp->private_data;
a7113a96 2057 if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_poll"))
1da177e4 2058 return 0;
37bdfb07 2059
1da177e4 2060 ld = tty_ldisc_ref_wait(tty);
a352def2
AC		 2061 if (ld->ops->poll)
2062 ret = (ld->ops->poll)(tty, filp, wait);
1da177e4
LT		 2063 tty_ldisc_deref(ld);
2064 return ret;
2065}
2066
37bdfb07 2067static int tty_fasync(int fd, struct file *filp, int on)
1da177e4 2068{
37bdfb07 2069 struct tty_struct *tty;
47f86834 2070 unsigned long flags;
5d1e3230 2071 int retval = 0;
1da177e4 2072
5d1e3230 2073 lock_kernel();
1da177e4 2074 tty = (struct tty_struct *)filp->private_data;
a7113a96 2075 if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_fasync"))
5d1e3230 2076 goto out;
37bdfb07 2077
1da177e4
LT		 2078 retval = fasync_helper(fd, filp, on, &tty->fasync);
2079 if (retval <= 0)
5d1e3230 2080 goto out;
1da177e4
LT		 2081
2082 if (on) {
ab521dc0
EB		 2083 enum pid_type type;
2084 struct pid *pid;
1da177e4
LT		 2085 if (!waitqueue_active(&tty->read_wait))
2086 tty->minimum_to_wake = 1;
47f86834 2087 spin_lock_irqsave(&tty->ctrl_lock, flags);
ab521dc0
EB		 2088 if (tty->pgrp) {
2089 pid = tty->pgrp;
2090 type = PIDTYPE_PGID;
2091 } else {
2092 pid = task_pid(current);
2093 type = PIDTYPE_PID;
2094 }
47f86834 2095 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
ab521dc0 2096 retval = __f_setown(filp, pid, type, 0);
1da177e4 2097 if (retval)
5d1e3230 2098 goto out;
1da177e4
LT		 2099 } else {
2100 if (!tty->fasync && !waitqueue_active(&tty->read_wait))
2101 tty->minimum_to_wake = N_TTY_BUF_SIZE;
2102 }
5d1e3230
JC		 2103 retval = 0;
2104out:
2105 unlock_kernel();
2106 return retval;
1da177e4
LT		 2107}
2108
af9b897e
AC		 2109/**
2110 * tiocsti - fake input character
2111 * @tty: tty to fake input into
2112 * @p: pointer to character
2113 *
3a4fa0a2 2114 * Fake input to a tty device. Does the necessary locking and
af9b897e
AC		 2115 * input management.
2116 *
2117 * FIXME: does not honour flow control ??
2118 *
2119 * Locking:
2120 * Called functions take tty_ldisc_lock
2121 * current->signal->tty check is safe without locks
28298232
AC		 2122 *
2123 * FIXME: may race normal receive processing
af9b897e
AC		 2124 */
2125
1da177e4
LT		 2126static int tiocsti(struct tty_struct *tty, char __user *p)
2127{
2128 char ch, mbz = 0;
2129 struct tty_ldisc *ld;
37bdfb07 2130
1da177e4
LT		 2131 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2132 return -EPERM;
2133 if (get_user(ch, p))
2134 return -EFAULT;
2135 ld = tty_ldisc_ref_wait(tty);
a352def2 2136 ld->ops->receive_buf(tty, &ch, &mbz, 1);
1da177e4
LT		 2137 tty_ldisc_deref(ld);
2138 return 0;
2139}
2140
af9b897e
AC		 2141/**
2142 * tiocgwinsz - implement window query ioctl
2143 * @tty; tty
2144 * @arg: user buffer for result
2145 *
808a0d38 2146 * Copies the kernel idea of the window size into the user buffer.
af9b897e 2147 *
24ec839c 2148 * Locking: tty->termios_mutex is taken to ensure the winsize data
808a0d38 2149 * is consistent.
af9b897e
AC		 2150 */
2151
37bdfb07 2152static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
1da177e4 2153{
808a0d38
AC		 2154 int err;
2155
5785c95b 2156 mutex_lock(&tty->termios_mutex);
808a0d38 2157 err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
5785c95b 2158 mutex_unlock(&tty->termios_mutex);
808a0d38
AC		 2159
2160 return err ? -EFAULT: 0;
1da177e4
LT		 2161}
2162
af9b897e 2163/**
8c9a9dd0
AC		 2164 * tty_do_resize - resize event
2165 * @tty: tty being resized
a152db71 2166 * @real_tty: real tty (not the same as tty if using a pty/tty pair)
8c9a9dd0
AC		 2167 * @rows: rows (character)
2168 * @cols: cols (character)
2169 *
2170 * Update the termios variables and send the neccessary signals to
2171 * peform a terminal resize correctly
af9b897e
AC		 2172 */
2173
8c9a9dd0
AC		 2174int tty_do_resize(struct tty_struct *tty, struct tty_struct *real_tty,
2175 struct winsize *ws)
1da177e4 2176{
47f86834
AC		 2177 struct pid *pgrp, *rpgrp;
2178 unsigned long flags;
1da177e4 2179
a152db71
AC		 2180 /* For a PTY we need to lock the tty side */
2181 mutex_lock(&real_tty->termios_mutex);
f4d2a6c2 2182 if (!memcmp(ws, &real_tty->winsize, sizeof(*ws)))
ca9bda00 2183 goto done;
47f86834
AC		 2184 /* Get the PID values and reference them so we can
2185 avoid holding the tty ctrl lock while sending signals */
2186 spin_lock_irqsave(&tty->ctrl_lock, flags);
2187 pgrp = get_pid(tty->pgrp);
2188 rpgrp = get_pid(real_tty->pgrp);
2189 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2190
2191 if (pgrp)
2192 kill_pgrp(pgrp, SIGWINCH, 1);
2193 if (rpgrp != pgrp && rpgrp)
2194 kill_pgrp(rpgrp, SIGWINCH, 1);
2195
2196 put_pid(pgrp);
2197 put_pid(rpgrp);
2198
8c9a9dd0
AC		 2199 tty->winsize = *ws;
2200 real_tty->winsize = *ws;
ca9bda00 2201done:
a152db71 2202 mutex_unlock(&real_tty->termios_mutex);
1da177e4
LT		 2203 return 0;
2204}
2205
8c9a9dd0
AC		 2206/**
2207 * tiocswinsz - implement window size set ioctl
2208 * @tty; tty
2209 * @arg: user buffer for result
2210 *
2211 * Copies the user idea of the window size to the kernel. Traditionally
2212 * this is just advisory information but for the Linux console it
2213 * actually has driver level meaning and triggers a VC resize.
2214 *
2215 * Locking:
2216 * Driver dependant. The default do_resize method takes the
2217 * tty termios mutex and ctrl_lock. The console takes its own lock
2218 * then calls into the default method.
2219 */
2220
2221static int tiocswinsz(struct tty_struct *tty, struct tty_struct *real_tty,
2222 struct winsize __user *arg)
2223{
2224 struct winsize tmp_ws;
2225 if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2226 return -EFAULT;
2227
2228 if (tty->ops->resize)
2229 return tty->ops->resize(tty, real_tty, &tmp_ws);
2230 else
2231 return tty_do_resize(tty, real_tty, &tmp_ws);
2232}
2233
af9b897e
AC		 2234/**
2235 * tioccons - allow admin to move logical console
2236 * @file: the file to become console
2237 *
2238 * Allow the adminstrator to move the redirected console device
2239 *
2240 * Locking: uses redirect_lock to guard the redirect information
2241 */
2242
1da177e4
LT		 2243static int tioccons(struct file *file)
2244{
2245 if (!capable(CAP_SYS_ADMIN))
2246 return -EPERM;
2247 if (file->f_op->write == redirected_tty_write) {
2248 struct file *f;
2249 spin_lock(&redirect_lock);
2250 f = redirect;
2251 redirect = NULL;
2252 spin_unlock(&redirect_lock);
2253 if (f)
2254 fput(f);
2255 return 0;
2256 }
2257 spin_lock(&redirect_lock);
2258 if (redirect) {
2259 spin_unlock(&redirect_lock);
2260 return -EBUSY;
2261 }
2262 get_file(file);
2263 redirect = file;
2264 spin_unlock(&redirect_lock);
2265 return 0;
2266}
2267
af9b897e
AC		 2268/**
2269 * fionbio - non blocking ioctl
2270 * @file: file to set blocking value
2271 * @p: user parameter
2272 *
2273 * Historical tty interfaces had a blocking control ioctl before
2274 * the generic functionality existed. This piece of history is preserved
2275 * in the expected tty API of posix OS's.
2276 *
2277 * Locking: none, the open fle handle ensures it won't go away.
2278 */
1da177e4
LT		 2279
2280static int fionbio(struct file *file, int __user *p)
2281{
2282 int nonblock;
2283
2284 if (get_user(nonblock, p))
2285 return -EFAULT;
2286
04f378b1
AC		 2287 /* file->f_flags is still BKL protected in the fs layer - vomit */
2288 lock_kernel();
1da177e4
LT		 2289 if (nonblock)
2290 file->f_flags |= O_NONBLOCK;
2291 else
2292 file->f_flags &= ~O_NONBLOCK;
04f378b1 2293 unlock_kernel();
1da177e4
LT		 2294 return 0;
2295}
2296
af9b897e
AC		 2297/**
2298 * tiocsctty - set controlling tty
2299 * @tty: tty structure
2300 * @arg: user argument
2301 *
2302 * This ioctl is used to manage job control. It permits a session
2303 * leader to set this tty as the controlling tty for the session.
2304 *
2305 * Locking:
28298232 2306 * Takes tty_mutex() to protect tty instance
24ec839c
PZ		 2307 * Takes tasklist_lock internally to walk sessions
2308 * Takes ->siglock() when updating signal->tty
af9b897e
AC		 2309 */
2310
1da177e4
LT		 2311static int tiocsctty(struct tty_struct *tty, int arg)
2312{
24ec839c 2313 int ret = 0;
ab521dc0 2314 if (current->signal->leader && (task_session(current) == tty->session))
24ec839c
PZ		 2315 return ret;
2316
2317 mutex_lock(&tty_mutex);
1da177e4
LT		 2318 /*
2319 * The process must be a session leader and
2320 * not have a controlling tty already.
2321 */
24ec839c
PZ		 2322 if (!current->signal->leader || current->signal->tty) {
2323 ret = -EPERM;
2324 goto unlock;
2325 }
2326
ab521dc0 2327 if (tty->session) {
1da177e4
LT		 2328 /*
2329 * This tty is already the controlling
2330 * tty for another session group!
2331 */
37bdfb07 2332 if (arg == 1 && capable(CAP_SYS_ADMIN)) {
1da177e4
LT		 2333 /*
2334 * Steal it away
2335 */
1da177e4 2336 read_lock(&tasklist_lock);
24ec839c 2337 session_clear_tty(tty->session);
1da177e4 2338 read_unlock(&tasklist_lock);
24ec839c
PZ		 2339 } else {
2340 ret = -EPERM;
2341 goto unlock;
2342 }
1da177e4 2343 }
24ec839c
PZ		 2344 proc_set_tty(current, tty);
2345unlock:
28298232 2346 mutex_unlock(&tty_mutex);
24ec839c 2347 return ret;
1da177e4
LT		 2348}
2349
5d0fdf1e
AC		 2350/**
2351 * tty_get_pgrp - return a ref counted pgrp pid
2352 * @tty: tty to read
2353 *
2354 * Returns a refcounted instance of the pid struct for the process
2355 * group controlling the tty.
2356 */
2357
2358struct pid *tty_get_pgrp(struct tty_struct *tty)
2359{
2360 unsigned long flags;
2361 struct pid *pgrp;
2362
2363 spin_lock_irqsave(&tty->ctrl_lock, flags);
2364 pgrp = get_pid(tty->pgrp);
2365 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2366
2367 return pgrp;
2368}
2369EXPORT_SYMBOL_GPL(tty_get_pgrp);
2370
af9b897e
AC		 2371/**
2372 * tiocgpgrp - get process group
2373 * @tty: tty passed by user
2374 * @real_tty: tty side of the tty pased by the user if a pty else the tty
2375 * @p: returned pid
2376 *
2377 * Obtain the process group of the tty. If there is no process group
2378 * return an error.
2379 *
24ec839c 2380 * Locking: none. Reference to current->signal->tty is safe.
af9b897e
AC		 2381 */
2382
1da177e4
LT		 2383static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2384{
5d0fdf1e
AC		 2385 struct pid *pid;
2386 int ret;
1da177e4
LT		 2387 /*
2388 * (tty == real_tty) is a cheap way of
2389 * testing if the tty is NOT a master pty.
2390 */
2391 if (tty == real_tty && current->signal->tty != real_tty)
2392 return -ENOTTY;
5d0fdf1e
AC		 2393 pid = tty_get_pgrp(real_tty);
2394 ret = put_user(pid_vnr(pid), p);
2395 put_pid(pid);
2396 return ret;
1da177e4
LT		 2397}
2398
af9b897e
AC		 2399/**
2400 * tiocspgrp - attempt to set process group
2401 * @tty: tty passed by user
2402 * @real_tty: tty side device matching tty passed by user
2403 * @p: pid pointer
2404 *
2405 * Set the process group of the tty to the session passed. Only
2406 * permitted where the tty session is our session.
2407 *
47f86834 2408 * Locking: RCU, ctrl lock
af9b897e
AC		 2409 */
2410
1da177e4
LT		 2411static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2412{
04a2e6a5
EB		 2413 struct pid *pgrp;
2414 pid_t pgrp_nr;
1da177e4 2415 int retval = tty_check_change(real_tty);
47f86834 2416 unsigned long flags;
1da177e4
LT		 2417
2418 if (retval == -EIO)
2419 return -ENOTTY;
2420 if (retval)
2421 return retval;
2422 if (!current->signal->tty ||
2423 (current->signal->tty != real_tty) ||
ab521dc0 2424 (real_tty->session != task_session(current)))
1da177e4 2425 return -ENOTTY;
04a2e6a5 2426 if (get_user(pgrp_nr, p))
1da177e4 2427 return -EFAULT;
04a2e6a5 2428 if (pgrp_nr < 0)
1da177e4 2429 return -EINVAL;
04a2e6a5 2430 rcu_read_lock();
b488893a 2431 pgrp = find_vpid(pgrp_nr);
04a2e6a5
EB		 2432 retval = -ESRCH;
2433 if (!pgrp)
2434 goto out_unlock;
2435 retval = -EPERM;
2436 if (session_of_pgrp(pgrp) != task_session(current))
2437 goto out_unlock;
2438 retval = 0;
47f86834 2439 spin_lock_irqsave(&tty->ctrl_lock, flags);
ab521dc0
EB		 2440 put_pid(real_tty->pgrp);
2441 real_tty->pgrp = get_pid(pgrp);
47f86834 2442 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
04a2e6a5
EB		 2443out_unlock:
2444 rcu_read_unlock();
2445 return retval;
1da177e4
LT		 2446}
2447
af9b897e
AC		 2448/**
2449 * tiocgsid - get session id
2450 * @tty: tty passed by user
2451 * @real_tty: tty side of the tty pased by the user if a pty else the tty
2452 * @p: pointer to returned session id
2453 *
2454 * Obtain the session id of the tty. If there is no session
2455 * return an error.
2456 *
24ec839c 2457 * Locking: none. Reference to current->signal->tty is safe.
af9b897e
AC		 2458 */
2459
1da177e4
LT		 2460static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2461{
2462 /*
2463 * (tty == real_tty) is a cheap way of
2464 * testing if the tty is NOT a master pty.
2465 */
2466 if (tty == real_tty && current->signal->tty != real_tty)
2467 return -ENOTTY;
ab521dc0 2468 if (!real_tty->session)
1da177e4 2469 return -ENOTTY;
b488893a 2470 return put_user(pid_vnr(real_tty->session), p);
1da177e4
LT		 2471}
2472
af9b897e
AC		 2473/**
2474 * tiocsetd - set line discipline
2475 * @tty: tty device
2476 * @p: pointer to user data
2477 *
2478 * Set the line discipline according to user request.
2479 *
2480 * Locking: see tty_set_ldisc, this function is just a helper
2481 */
2482
1da177e4
LT		 2483static int tiocsetd(struct tty_struct *tty, int __user *p)
2484{
2485 int ldisc;
04f378b1 2486 int ret;
1da177e4
LT		 2487
2488 if (get_user(ldisc, p))
2489 return -EFAULT;
04f378b1
AC		 2490
2491 lock_kernel();
2492 ret = tty_set_ldisc(tty, ldisc);
2493 unlock_kernel();
2494
2495 return ret;
1da177e4
LT		 2496}
2497
af9b897e
AC		 2498/**
2499 * send_break - performed time break
2500 * @tty: device to break on
2501 * @duration: timeout in mS
2502 *
2503 * Perform a timed break on hardware that lacks its own driver level
2504 * timed break functionality.
2505 *
2506 * Locking:
28298232 2507 * atomic_write_lock serializes
af9b897e 2508 *
af9b897e
AC		 2509 */
2510
b20f3ae5 2511static int send_break(struct tty_struct *tty, unsigned int duration)
1da177e4 2512{
9e98966c
AC		 2513 int retval;
2514
2515 if (tty->ops->break_ctl == NULL)
2516 return 0;
2517
2518 if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
2519 retval = tty->ops->break_ctl(tty, duration);
2520 else {
2521 /* Do the work ourselves */
2522 if (tty_write_lock(tty, 0) < 0)
2523 return -EINTR;
2524 retval = tty->ops->break_ctl(tty, -1);
2525 if (retval)
2526 goto out;
2527 if (!signal_pending(current))
2528 msleep_interruptible(duration);
2529 retval = tty->ops->break_ctl(tty, 0);
2530out:
2531 tty_write_unlock(tty);
2532 if (signal_pending(current))
2533 retval = -EINTR;
2534 }
2535 return retval;
1da177e4
LT		 2536}
2537
af9b897e 2538/**
f34d7a5b 2539 * tty_tiocmget - get modem status
af9b897e
AC		 2540 * @tty: tty device
2541 * @file: user file pointer
2542 * @p: pointer to result
2543 *
2544 * Obtain the modem status bits from the tty driver if the feature
2545 * is supported. Return -EINVAL if it is not available.
2546 *
2547 * Locking: none (up to the driver)
2548 */
2549
2550static int tty_tiocmget(struct tty_struct *tty, struct file *file, int __user *p)
1da177e4
LT		 2551{
2552 int retval = -EINVAL;
2553
f34d7a5b
AC		 2554 if (tty->ops->tiocmget) {
2555 retval = tty->ops->tiocmget(tty, file);
1da177e4
LT		 2556
2557 if (retval >= 0)
2558 retval = put_user(retval, p);
2559 }
2560 return retval;
2561}
2562
af9b897e 2563/**
f34d7a5b 2564 * tty_tiocmset - set modem status
af9b897e
AC		 2565 * @tty: tty device
2566 * @file: user file pointer
2567 * @cmd: command - clear bits, set bits or set all
2568 * @p: pointer to desired bits
2569 *
2570 * Set the modem status bits from the tty driver if the feature
2571 * is supported. Return -EINVAL if it is not available.
2572 *
2573 * Locking: none (up to the driver)
2574 */
2575
2576static int tty_tiocmset(struct tty_struct *tty, struct file *file, unsigned int cmd,
1da177e4
LT		 2577 unsigned __user *p)
2578{
ae677517
AC		 2579 int retval;
2580 unsigned int set, clear, val;
1da177e4 2581
ae677517
AC		 2582 if (tty->ops->tiocmset == NULL)
2583 return -EINVAL;
1da177e4 2584
ae677517
AC		 2585 retval = get_user(val, p);
2586 if (retval)
2587 return retval;
2588 set = clear = 0;
2589 switch (cmd) {
2590 case TIOCMBIS:
2591 set = val;
2592 break;
2593 case TIOCMBIC:
2594 clear = val;
2595 break;
2596 case TIOCMSET:
2597 set = val;
2598 clear = ~val;
2599 break;
2600 }
2601 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2602 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2603 return tty->ops->tiocmset(tty, file, set, clear);
1da177e4
LT		 2604}
2605
2606/*
2607 * Split this up, as gcc can choke on it otherwise..
2608 */
04f378b1 2609long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1da177e4
LT		 2610{
2611 struct tty_struct *tty, *real_tty;
2612 void __user *p = (void __user *)arg;
2613 int retval;
2614 struct tty_ldisc *ld;
04f378b1 2615 struct inode *inode = file->f_dentry->d_inode;
37bdfb07 2616
1da177e4
LT		 2617 tty = (struct tty_struct *)file->private_data;
2618 if (tty_paranoia_check(tty, inode, "tty_ioctl"))
2619 return -EINVAL;
2620
2621 real_tty = tty;
2622 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2623 tty->driver->subtype == PTY_TYPE_MASTER)
2624 real_tty = tty->link;
2625
1da177e4
LT		 2626
2627 /*
2628 * Factor out some common prep work
2629 */
2630 switch (cmd) {
2631 case TIOCSETD:
2632 case TIOCSBRK:
2633 case TIOCCBRK:
2634 case TCSBRK:
37bdfb07 2635 case TCSBRKP:
1da177e4
LT		 2636 retval = tty_check_change(tty);
2637 if (retval)
2638 return retval;
2639 if (cmd != TIOCCBRK) {
2640 tty_wait_until_sent(tty, 0);
2641 if (signal_pending(current))
2642 return -EINTR;
2643 }
2644 break;
2645 }
2646
9e98966c
AC		 2647 /*
2648 * Now do the stuff.
2649 */
1da177e4 2650 switch (cmd) {
37bdfb07
AC		 2651 case TIOCSTI:
2652 return tiocsti(tty, p);
2653 case TIOCGWINSZ:
8f520021 2654 return tiocgwinsz(real_tty, p);
37bdfb07
AC		 2655 case TIOCSWINSZ:
2656 return tiocswinsz(tty, real_tty, p);
2657 case TIOCCONS:
2658 return real_tty != tty ? -EINVAL : tioccons(file);
2659 case FIONBIO:
2660 return fionbio(file, p);
2661 case TIOCEXCL:
2662 set_bit(TTY_EXCLUSIVE, &tty->flags);
2663 return 0;
2664 case TIOCNXCL:
2665 clear_bit(TTY_EXCLUSIVE, &tty->flags);
2666 return 0;
2667 case TIOCNOTTY:
2668 if (current->signal->tty != tty)
2669 return -ENOTTY;
2670 no_tty();
2671 return 0;
2672 case TIOCSCTTY:
2673 return tiocsctty(tty, arg);
2674 case TIOCGPGRP:
2675 return tiocgpgrp(tty, real_tty, p);
2676 case TIOCSPGRP:
2677 return tiocspgrp(tty, real_tty, p);
2678 case TIOCGSID:
2679 return tiocgsid(tty, real_tty, p);
2680 case TIOCGETD:
a352def2 2681 return put_user(tty->ldisc.ops->num, (int __user *)p);
37bdfb07
AC		 2682 case TIOCSETD:
2683 return tiocsetd(tty, p);
37bdfb07
AC		 2684 /*
2685 * Break handling
2686 */
2687 case TIOCSBRK: /* Turn break on, unconditionally */
f34d7a5b 2688 if (tty->ops->break_ctl)
9e98966c 2689 return tty->ops->break_ctl(tty, -1);
37bdfb07 2690 return 0;
37bdfb07 2691 case TIOCCBRK: /* Turn break off, unconditionally */
f34d7a5b 2692 if (tty->ops->break_ctl)
9e98966c 2693 return tty->ops->break_ctl(tty, 0);
37bdfb07
AC		 2694 return 0;
2695 case TCSBRK: /* SVID version: non-zero arg --> no break */
2696 /* non-zero arg means wait for all output data
2697 * to be sent (performed above) but don't send break.
2698 * This is used by the tcdrain() termios function.
2699 */
2700 if (!arg)
2701 return send_break(tty, 250);
2702 return 0;
2703 case TCSBRKP: /* support for POSIX tcsendbreak() */
2704 return send_break(tty, arg ? arg*100 : 250);
2705
2706 case TIOCMGET:
2707 return tty_tiocmget(tty, file, p);
2708 case TIOCMSET:
2709 case TIOCMBIC:
2710 case TIOCMBIS:
2711 return tty_tiocmset(tty, file, cmd, p);
2712 case TCFLSH:
2713 switch (arg) {
2714 case TCIFLUSH:
2715 case TCIOFLUSH:
2716 /* flush tty buffer and allow ldisc to process ioctl */
2717 tty_buffer_flush(tty);
c5c34d48 2718 break;
37bdfb07
AC		 2719 }
2720 break;
1da177e4 2721 }
f34d7a5b
AC		 2722 if (tty->ops->ioctl) {
2723 retval = (tty->ops->ioctl)(tty, file, cmd, arg);
1da177e4
LT		 2724 if (retval != -ENOIOCTLCMD)
2725 return retval;
2726 }
2727 ld = tty_ldisc_ref_wait(tty);
2728 retval = -EINVAL;
a352def2
AC		 2729 if (ld->ops->ioctl) {
2730 retval = ld->ops->ioctl(tty, file, cmd, arg);
1da177e4
LT		 2731 if (retval == -ENOIOCTLCMD)
2732 retval = -EINVAL;
2733 }
2734 tty_ldisc_deref(ld);
2735 return retval;
2736}
2737
e10cc1df 2738#ifdef CONFIG_COMPAT
37bdfb07 2739static long tty_compat_ioctl(struct file *file, unsigned int cmd,
e10cc1df
PF		 2740 unsigned long arg)
2741{
2742 struct inode *inode = file->f_dentry->d_inode;
2743 struct tty_struct *tty = file->private_data;
2744 struct tty_ldisc *ld;
2745 int retval = -ENOIOCTLCMD;
2746
2747 if (tty_paranoia_check(tty, inode, "tty_ioctl"))
2748 return -EINVAL;
2749
f34d7a5b
AC		 2750 if (tty->ops->compat_ioctl) {
2751 retval = (tty->ops->compat_ioctl)(tty, file, cmd, arg);
e10cc1df
PF		 2752 if (retval != -ENOIOCTLCMD)
2753 return retval;
2754 }
2755
2756 ld = tty_ldisc_ref_wait(tty);
a352def2
AC		 2757 if (ld->ops->compat_ioctl)
2758 retval = ld->ops->compat_ioctl(tty, file, cmd, arg);
e10cc1df
PF		 2759 tty_ldisc_deref(ld);
2760
2761 return retval;
2762}
2763#endif
1da177e4
LT		 2764
2765/*
2766 * This implements the "Secure Attention Key" --- the idea is to
2767 * prevent trojan horses by killing all processes associated with this
2768 * tty when the user hits the "Secure Attention Key". Required for
2769 * super-paranoid applications --- see the Orange Book for more details.
37bdfb07 2770 *
1da177e4
LT		 2771 * This code could be nicer; ideally it should send a HUP, wait a few
2772 * seconds, then send a INT, and then a KILL signal. But you then
2773 * have to coordinate with the init process, since all processes associated
2774 * with the current tty must be dead before the new getty is allowed
2775 * to spawn.
2776 *
2777 * Now, if it would be correct ;-/ The current code has a nasty hole -
2778 * it doesn't catch files in flight. We may send the descriptor to ourselves
2779 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
2780 *
2781 * Nasty bug: do_SAK is being called in interrupt context. This can
2782 * deadlock. We punt it up to process context. AKPM - 16Mar2001
2783 */
8b6312f4 2784void __do_SAK(struct tty_struct *tty)
1da177e4
LT		 2785{
2786#ifdef TTY_SOFT_SAK
2787 tty_hangup(tty);
2788#else
652486fb 2789 struct task_struct *g, *p;
ab521dc0 2790 struct pid *session;
1da177e4
LT		 2791 int i;
2792 struct file *filp;
badf1662 2793 struct fdtable *fdt;
37bdfb07 2794
1da177e4
LT		 2795 if (!tty)
2796 return;
24ec839c 2797 session = tty->session;
37bdfb07 2798
b3f13deb 2799 tty_ldisc_flush(tty);
1da177e4 2800
f34d7a5b 2801 tty_driver_flush_buffer(tty);
37bdfb07 2802
1da177e4 2803 read_lock(&tasklist_lock);
652486fb 2804 /* Kill the entire session */
ab521dc0 2805 do_each_pid_task(session, PIDTYPE_SID, p) {
652486fb 2806 printk(KERN_NOTICE "SAK: killed process %d"
a47afb0f 2807 " (%s): task_session_nr(p)==tty->session\n",
ba25f9dc 2808 task_pid_nr(p), p->comm);
652486fb 2809 send_sig(SIGKILL, p, 1);
ab521dc0 2810 } while_each_pid_task(session, PIDTYPE_SID, p);
652486fb
EB		 2811 /* Now kill any processes that happen to have the
2812 * tty open.
2813 */
2814 do_each_thread(g, p) {
2815 if (p->signal->tty == tty) {
1da177e4 2816 printk(KERN_NOTICE "SAK: killed process %d"
a47afb0f 2817 " (%s): task_session_nr(p)==tty->session\n",
ba25f9dc 2818 task_pid_nr(p), p->comm);
1da177e4
LT		 2819 send_sig(SIGKILL, p, 1);
2820 continue;
2821 }
2822 task_lock(p);
2823 if (p->files) {
ca99c1da
DS		 2824 /*
2825 * We don't take a ref to the file, so we must
2826 * hold ->file_lock instead.
2827 */
2828 spin_lock(&p->files->file_lock);
badf1662 2829 fdt = files_fdtable(p->files);
37bdfb07 2830 for (i = 0; i < fdt->max_fds; i++) {
1da177e4
LT		 2831 filp = fcheck_files(p->files, i);
2832 if (!filp)
2833 continue;
2834 if (filp->f_op->read == tty_read &&
2835 filp->private_data == tty) {
2836 printk(KERN_NOTICE "SAK: killed process %d"
2837 " (%s): fd#%d opened to the tty\n",
ba25f9dc 2838 task_pid_nr(p), p->comm, i);
20ac9437 2839 force_sig(SIGKILL, p);
1da177e4
LT		 2840 break;
2841 }
2842 }
ca99c1da 2843 spin_unlock(&p->files->file_lock);
1da177e4
LT		 2844 }
2845 task_unlock(p);
652486fb 2846 } while_each_thread(g, p);
1da177e4
LT		 2847 read_unlock(&tasklist_lock);
2848#endif
2849}
2850
8b6312f4
EB		 2851static void do_SAK_work(struct work_struct *work)
2852{
2853 struct tty_struct *tty =
2854 container_of(work, struct tty_struct, SAK_work);
2855 __do_SAK(tty);
2856}
2857
1da177e4
LT		 2858/*
2859 * The tq handling here is a little racy - tty->SAK_work may already be queued.
2860 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
2861 * the values which we write to it will be identical to the values which it
2862 * already has. --akpm
2863 */
2864void do_SAK(struct tty_struct *tty)
2865{
2866 if (!tty)
2867 return;
1da177e4
LT		 2868 schedule_work(&tty->SAK_work);
2869}
2870
2871EXPORT_SYMBOL(do_SAK);
2872
af9b897e
AC		 2873/**
2874 * initialize_tty_struct
2875 * @tty: tty to initialize
2876 *
2877 * This subroutine initializes a tty structure that has been newly
2878 * allocated.
2879 *
2880 * Locking: none - tty in question must not be exposed at this point
1da177e4 2881 */
af9b897e 2882
1da177e4
LT		 2883static void initialize_tty_struct(struct tty_struct *tty)
2884{
2885 memset(tty, 0, sizeof(struct tty_struct));
9c9f4ded 2886 kref_init(&tty->kref);
1da177e4 2887 tty->magic = TTY_MAGIC;
01e1abb2 2888 tty_ldisc_init(tty);
ab521dc0
EB		 2889 tty->session = NULL;
2890 tty->pgrp = NULL;
1da177e4 2891 tty->overrun_time = jiffies;
33f0f88f
AC		 2892 tty->buf.head = tty->buf.tail = NULL;
2893 tty_buffer_init(tty);
5785c95b 2894 mutex_init(&tty->termios_mutex);
1da177e4
LT		 2895 init_waitqueue_head(&tty->write_wait);
2896 init_waitqueue_head(&tty->read_wait);
65f27f38 2897 INIT_WORK(&tty->hangup_work, do_tty_hangup);
70522e12
IM		 2898 mutex_init(&tty->atomic_read_lock);
2899 mutex_init(&tty->atomic_write_lock);
1da177e4 2900 spin_lock_init(&tty->read_lock);
04f378b1 2901 spin_lock_init(&tty->ctrl_lock);
1da177e4 2902 INIT_LIST_HEAD(&tty->tty_files);
7f1f86a0 2903 INIT_WORK(&tty->SAK_work, do_SAK_work);
1da177e4
LT		 2904}
2905
f34d7a5b
AC		 2906/**
2907 * tty_put_char - write one character to a tty
2908 * @tty: tty
2909 * @ch: character
2910 *
2911 * Write one byte to the tty using the provided put_char method
2912 * if present. Returns the number of characters successfully output.
2913 *
2914 * Note: the specific put_char operation in the driver layer may go
2915 * away soon. Don't call it directly, use this method
1da177e4 2916 */
af9b897e 2917
f34d7a5b 2918int tty_put_char(struct tty_struct *tty, unsigned char ch)
1da177e4 2919{
f34d7a5b
AC		 2920 if (tty->ops->put_char)
2921 return tty->ops->put_char(tty, ch);
2922 return tty->ops->write(tty, &ch, 1);
1da177e4
LT		 2923}
2924
f34d7a5b
AC		 2925EXPORT_SYMBOL_GPL(tty_put_char);
2926
7fe845d1 2927static struct class *tty_class;
1da177e4
LT		 2928
2929/**
af9b897e
AC		 2930 * tty_register_device - register a tty device
2931 * @driver: the tty driver that describes the tty device
2932 * @index: the index in the tty driver for this tty device
2933 * @device: a struct device that is associated with this tty device.
2934 * This field is optional, if there is no known struct device
2935 * for this tty device it can be set to NULL safely.
1da177e4 2936 *
01107d34
GKH		 2937 * Returns a pointer to the struct device for this tty device
2938 * (or ERR_PTR(-EFOO) on error).
1cdcb6b4 2939 *
af9b897e
AC		 2940 * This call is required to be made to register an individual tty device
2941 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
2942 * that bit is not set, this function should not be called by a tty
2943 * driver.
2944 *
2945 * Locking: ??
1da177e4 2946 */
af9b897e 2947
01107d34
GKH		 2948struct device *tty_register_device(struct tty_driver *driver, unsigned index,
2949 struct device *device)
1da177e4
LT		 2950{
2951 char name[64];
2952 dev_t dev = MKDEV(driver->major, driver->minor_start) + index;
2953
2954 if (index >= driver->num) {
2955 printk(KERN_ERR "Attempt to register invalid tty line number "
2956 " (%d).\n", index);
1cdcb6b4 2957 return ERR_PTR(-EINVAL);
1da177e4
LT		 2958 }
2959
1da177e4
LT		 2960 if (driver->type == TTY_DRIVER_TYPE_PTY)
2961 pty_line_name(driver, index, name);
2962 else
2963 tty_line_name(driver, index, name);
1cdcb6b4 2964
47aa5793 2965 return device_create_drvdata(tty_class, device, dev, NULL, name);
1da177e4
LT		 2966}
2967
2968/**
af9b897e
AC		 2969 * tty_unregister_device - unregister a tty device
2970 * @driver: the tty driver that describes the tty device
2971 * @index: the index in the tty driver for this tty device
1da177e4 2972 *
af9b897e
AC		 2973 * If a tty device is registered with a call to tty_register_device() then
2974 * this function must be called when the tty device is gone.
2975 *
2976 * Locking: ??
1da177e4 2977 */
af9b897e 2978
1da177e4
LT		 2979void tty_unregister_device(struct tty_driver *driver, unsigned index)
2980{
37bdfb07
AC		 2981 device_destroy(tty_class,
2982 MKDEV(driver->major, driver->minor_start) + index);
1da177e4
LT		 2983}
2984
2985EXPORT_SYMBOL(tty_register_device);
2986EXPORT_SYMBOL(tty_unregister_device);
2987
2988struct tty_driver *alloc_tty_driver(int lines)
2989{
2990 struct tty_driver *driver;
2991
506eb99a 2992 driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL);
1da177e4 2993 if (driver) {
1da177e4
LT		 2994 driver->magic = TTY_DRIVER_MAGIC;
2995 driver->num = lines;
2996 /* later we'll move allocation of tables here */
2997 }
2998 return driver;
2999}
3000
3001void put_tty_driver(struct tty_driver *driver)
3002{
3003 kfree(driver);
3004}
3005
b68e31d0
JD		 3006void tty_set_operations(struct tty_driver *driver,
3007 const struct tty_operations *op)
1da177e4 3008{
f34d7a5b
AC		 3009 driver->ops = op;
3010};
1da177e4
LT		 3011
3012EXPORT_SYMBOL(alloc_tty_driver);
3013EXPORT_SYMBOL(put_tty_driver);
3014EXPORT_SYMBOL(tty_set_operations);
3015
3016/*
3017 * Called by a tty driver to register itself.
3018 */
3019int tty_register_driver(struct tty_driver *driver)
3020{
3021 int error;
37bdfb07 3022 int i;
1da177e4
LT		 3023 dev_t dev;
3024 void **p = NULL;
3025
3026 if (driver->flags & TTY_DRIVER_INSTALLED)
3027 return 0;
3028
543691a6
AW		 3029 if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM) && driver->num) {
3030 p = kzalloc(driver->num * 3 * sizeof(void *), GFP_KERNEL);
1da177e4
LT		 3031 if (!p)
3032 return -ENOMEM;
1da177e4
LT		 3033 }
3034
3035 if (!driver->major) {
37bdfb07
AC		 3036 error = alloc_chrdev_region(&dev, driver->minor_start,
3037 driver->num, driver->name);
1da177e4
LT		 3038 if (!error) {
3039 driver->major = MAJOR(dev);
3040 driver->minor_start = MINOR(dev);
3041 }
3042 } else {
3043 dev = MKDEV(driver->major, driver->minor_start);
e5717c48 3044 error = register_chrdev_region(dev, driver->num, driver->name);
1da177e4
LT		 3045 }
3046 if (error < 0) {
3047 kfree(p);
3048 return error;
3049 }
3050
3051 if (p) {
3052 driver->ttys = (struct tty_struct **)p;
edc6afc5 3053 driver->termios = (struct ktermios **)(p + driver->num);
37bdfb07
AC		 3054 driver->termios_locked = (struct ktermios **)
3055 (p + driver->num * 2);
1da177e4
LT		 3056 } else {
3057 driver->ttys = NULL;
3058 driver->termios = NULL;
3059 driver->termios_locked = NULL;
3060 }
3061
3062 cdev_init(&driver->cdev, &tty_fops);
3063 driver->cdev.owner = driver->owner;
3064 error = cdev_add(&driver->cdev, dev, driver->num);
3065 if (error) {
1da177e4
LT		 3066 unregister_chrdev_region(dev, driver->num);
3067 driver->ttys = NULL;
3068 driver->termios = driver->termios_locked = NULL;
3069 kfree(p);
3070 return error;
3071 }
3072
ca509f69 3073 mutex_lock(&tty_mutex);
1da177e4 3074 list_add(&driver->tty_drivers, &tty_drivers);
ca509f69 3075 mutex_unlock(&tty_mutex);
37bdfb07
AC		 3076
3077 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
3078 for (i = 0; i < driver->num; i++)
1da177e4
LT		 3079 tty_register_device(driver, i, NULL);
3080 }
3081 proc_tty_register_driver(driver);
3082 return 0;
3083}
3084
3085EXPORT_SYMBOL(tty_register_driver);
3086
3087/*
3088 * Called by a tty driver to unregister itself.
3089 */
3090int tty_unregister_driver(struct tty_driver *driver)
3091{
3092 int i;
edc6afc5 3093 struct ktermios *tp;
1da177e4
LT		 3094 void *p;
3095
3096 if (driver->refcount)
3097 return -EBUSY;
3098
3099 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3100 driver->num);
ca509f69 3101 mutex_lock(&tty_mutex);
1da177e4 3102 list_del(&driver->tty_drivers);
ca509f69 3103 mutex_unlock(&tty_mutex);
1da177e4
LT		 3104
3105 /*
3106 * Free the termios and termios_locked structures because
3107 * we don't want to get memory leaks when modular tty
3108 * drivers are removed from the kernel.
3109 */
3110 for (i = 0; i < driver->num; i++) {
3111 tp = driver->termios[i];
3112 if (tp) {
3113 driver->termios[i] = NULL;
3114 kfree(tp);
3115 }
3116 tp = driver->termios_locked[i];
3117 if (tp) {
3118 driver->termios_locked[i] = NULL;
3119 kfree(tp);
3120 }
331b8319 3121 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
1da177e4
LT		 3122 tty_unregister_device(driver, i);
3123 }
3124 p = driver->ttys;
3125 proc_tty_unregister_driver(driver);
3126 driver->ttys = NULL;
3127 driver->termios = driver->termios_locked = NULL;
3128 kfree(p);
3129 cdev_del(&driver->cdev);
3130 return 0;
3131}
1da177e4
LT		 3132EXPORT_SYMBOL(tty_unregister_driver);
3133
24ec839c
PZ		 3134dev_t tty_devnum(struct tty_struct *tty)
3135{
3136 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3137}
3138EXPORT_SYMBOL(tty_devnum);
3139
3140void proc_clear_tty(struct task_struct *p)
3141{
9c9f4ded 3142 struct tty_struct *tty;
24ec839c 3143 spin_lock_irq(&p->sighand->siglock);
9c9f4ded 3144 tty = p->signal->tty;
24ec839c
PZ		 3145 p->signal->tty = NULL;
3146 spin_unlock_irq(&p->sighand->siglock);
9c9f4ded 3147 tty_kref_put(tty);
24ec839c 3148}
24ec839c 3149
47f86834
AC		 3150/* Called under the sighand lock */
3151
2a65f1d9 3152static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
24ec839c
PZ		 3153{
3154 if (tty) {
47f86834
AC		 3155 unsigned long flags;
3156 /* We should not have a session or pgrp to put here but.... */
3157 spin_lock_irqsave(&tty->ctrl_lock, flags);
d9c1e9a8
EB		 3158 put_pid(tty->session);
3159 put_pid(tty->pgrp);
ab521dc0 3160 tty->pgrp = get_pid(task_pgrp(tsk));
47f86834
AC		 3161 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
3162 tty->session = get_pid(task_session(tsk));
9c9f4ded
AC		 3163 if (tsk->signal->tty) {
3164 printk(KERN_DEBUG "tty not NULL!!\n");
3165 tty_kref_put(tsk->signal->tty);
3166 }
24ec839c 3167 }
2a65f1d9 3168 put_pid(tsk->signal->tty_old_pgrp);
9c9f4ded 3169 tsk->signal->tty = tty_kref_get(tty);
ab521dc0 3170 tsk->signal->tty_old_pgrp = NULL;
24ec839c
PZ		 3171}
3172
98a27ba4 3173static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
24ec839c
PZ		 3174{
3175 spin_lock_irq(&tsk->sighand->siglock);
2a65f1d9 3176 __proc_set_tty(tsk, tty);
24ec839c
PZ		 3177 spin_unlock_irq(&tsk->sighand->siglock);
3178}
3179
3180struct tty_struct *get_current_tty(void)
3181{
3182 struct tty_struct *tty;
3183 WARN_ON_ONCE(!mutex_is_locked(&tty_mutex));
452a00d2 3184 tty = tty_kref_get(current->signal->tty);
24ec839c
PZ		 3185 /*
3186 * session->tty can be changed/cleared from under us, make sure we
3187 * issue the load. The obtained pointer, when not NULL, is valid as
3188 * long as we hold tty_mutex.
3189 */
3190 barrier();
3191 return tty;
3192}
a311f743 3193EXPORT_SYMBOL_GPL(get_current_tty);
1da177e4
LT		 3194
3195/*
3196 * Initialize the console device. This is called *early*, so
3197 * we can't necessarily depend on lots of kernel help here.
3198 * Just do some early initializations, and do the complex setup
3199 * later.
3200 */
3201void __init console_init(void)
3202{
3203 initcall_t *call;
3204
3205 /* Setup the default TTY line discipline. */
01e1abb2 3206 tty_ldisc_begin();
1da177e4
LT		 3207
3208 /*
37bdfb07 3209 * set up the console device so that later boot sequences can
1da177e4
LT		 3210 * inform about problems etc..
3211 */
1da177e4
LT		 3212 call = __con_initcall_start;
3213 while (call < __con_initcall_end) {
3214 (*call)();
3215 call++;
3216 }
3217}
3218
1da177e4
LT		 3219static int __init tty_class_init(void)
3220{
7fe845d1 3221 tty_class = class_create(THIS_MODULE, "tty");
1da177e4
LT		 3222 if (IS_ERR(tty_class))
3223 return PTR_ERR(tty_class);
3224 return 0;
3225}
3226
3227postcore_initcall(tty_class_init);
3228
3229/* 3/2004 jmc: why do these devices exist? */
3230
3231static struct cdev tty_cdev, console_cdev;
3232#ifdef CONFIG_UNIX98_PTYS
3233static struct cdev ptmx_cdev;
3234#endif
3235#ifdef CONFIG_VT
3236static struct cdev vc0_cdev;
3237#endif
3238
3239/*
3240 * Ok, now we can initialize the rest of the tty devices and can count
3241 * on memory allocations, interrupts etc..
3242 */
3243static int __init tty_init(void)
3244{
3245 cdev_init(&tty_cdev, &tty_fops);
3246 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3247 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3248 panic("Couldn't register /dev/tty driver\n");
47aa5793
GKH		 3249 device_create_drvdata(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL,
3250 "tty");
1da177e4
LT		 3251
3252 cdev_init(&console_cdev, &console_fops);
3253 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3254 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3255 panic("Couldn't register /dev/console driver\n");
47aa5793
GKH		 3256 device_create_drvdata(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), NULL,
3257 "console");
1da177e4
LT		 3258
3259#ifdef CONFIG_UNIX98_PTYS
3260 cdev_init(&ptmx_cdev, &ptmx_fops);
3261 if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) ||
3262 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 2), 1, "/dev/ptmx") < 0)
3263 panic("Couldn't register /dev/ptmx driver\n");
47aa5793 3264 device_create_drvdata(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 2), NULL, "ptmx");
1da177e4
LT		 3265#endif
3266
3267#ifdef CONFIG_VT
3268 cdev_init(&vc0_cdev, &console_fops);
3269 if (cdev_add(&vc0_cdev, MKDEV(TTY_MAJOR, 0), 1) ||
3270 register_chrdev_region(MKDEV(TTY_MAJOR, 0), 1, "/dev/vc/0") < 0)
3271 panic("Couldn't register /dev/tty0 driver\n");
47aa5793 3272 device_create_drvdata(tty_class, NULL, MKDEV(TTY_MAJOR, 0), NULL, "tty0");
1da177e4
LT		 3273
3274 vty_init();
3275#endif
3276 return 0;
3277}
3278module_init(tty_init);
Linux 6.x block layer and io_uring tree(s)