projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
[PATCH] LSM: remove BSD secure level security module
[linux-2.6-block.git] / drivers / char / tty_io.c
CommitLineData
1da177e4
LT		 1/*
2 * linux/drivers/char/tty_io.c
3 *
4 * Copyright (C) 1991, 1992 Linus Torvalds
5 */
6
7/*
8 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
9 * or rs-channels. It also implements echoing, cooked mode etc.
10 *
11 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
12 *
13 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
14 * tty_struct and tty_queue structures. Previously there was an array
15 * of 256 tty_struct's which was statically allocated, and the
16 * tty_queue structures were allocated at boot time. Both are now
17 * dynamically allocated only when the tty is open.
18 *
19 * Also restructured routines so that there is more of a separation
20 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
21 * the low-level tty routines (serial.c, pty.c, console.c). This
22 * makes for cleaner and more compact code. -TYT, 9/17/92
23 *
24 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
25 * which can be dynamically activated and de-activated by the line
26 * discipline handling modules (like SLIP).
27 *
28 * NOTE: pay no attention to the line discipline code (yet); its
29 * interface is still subject to change in this version...
30 * -- TYT, 1/31/92
31 *
32 * Added functionality to the OPOST tty handling. No delays, but all
33 * other bits should be there.
34 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
35 *
36 * Rewrote canonical mode and added more termios flags.
37 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
38 *
39 * Reorganized FASYNC support so mouse code can share it.
40 * -- ctm@ardi.com, 9Sep95
41 *
42 * New TIOCLINUX variants added.
43 * -- mj@k332.feld.cvut.cz, 19-Nov-95
44 *
45 * Restrict vt switching via ioctl()
46 * -- grif@cs.ucr.edu, 5-Dec-95
47 *
48 * Move console and virtual terminal code to more appropriate files,
49 * implement CONFIG_VT and generalize console device interface.
50 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
51 *
52 * Rewrote init_dev and release_dev to eliminate races.
53 * -- Bill Hawes <whawes@star.net>, June 97
54 *
55 * Added devfs support.
56 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
57 *
58 * Added support for a Unix98-style ptmx device.
59 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
60 *
61 * Reduced memory usage for older ARM systems
62 * -- Russell King <rmk@arm.linux.org.uk>
63 *
64 * Move do_SAK() into process context. Less stack use in devfs functions.
65 * alloc_tty_struct() always uses kmalloc() -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
66 */
67
1da177e4
LT		 68#include <linux/types.h>
69#include <linux/major.h>
70#include <linux/errno.h>
71#include <linux/signal.h>
72#include <linux/fcntl.h>
73#include <linux/sched.h>
74#include <linux/interrupt.h>
75#include <linux/tty.h>
76#include <linux/tty_driver.h>
77#include <linux/tty_flip.h>
78#include <linux/devpts_fs.h>
79#include <linux/file.h>
80#include <linux/console.h>
81#include <linux/timer.h>
82#include <linux/ctype.h>
83#include <linux/kd.h>
84#include <linux/mm.h>
85#include <linux/string.h>
86#include <linux/slab.h>
87#include <linux/poll.h>
88#include <linux/proc_fs.h>
89#include <linux/init.h>
90#include <linux/module.h>
91#include <linux/smp_lock.h>
92#include <linux/device.h>
93#include <linux/idr.h>
94#include <linux/wait.h>
95#include <linux/bitops.h>
b20f3ae5 96#include <linux/delay.h>
1da177e4
LT		 97
98#include <asm/uaccess.h>
99#include <asm/system.h>
100
101#include <linux/kbd_kern.h>
102#include <linux/vt_kern.h>
103#include <linux/selection.h>
1da177e4
LT		 104
105#include <linux/kmod.h>
106
107#undef TTY_DEBUG_HANGUP
108
109#define TTY_PARANOIA_CHECK 1
110#define CHECK_TTY_COUNT 1
111
112struct termios tty_std_termios = { /* for the benefit of tty drivers */
113 .c_iflag = ICRNL | IXON,
114 .c_oflag = OPOST | ONLCR,
115 .c_cflag = B38400 | CS8 | CREAD | HUPCL,
116 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
117 ECHOCTL | ECHOKE | IEXTEN,
118 .c_cc = INIT_C_CC
119};
120
121EXPORT_SYMBOL(tty_std_termios);
122
123/* This list gets poked at by procfs and various bits of boot up code. This
124 could do with some rationalisation such as pulling the tty proc function
125 into this file */
126
127LIST_HEAD(tty_drivers); /* linked list of tty drivers */
128
129/* Semaphore to protect creating and releasing a tty. This is shared with
130 vt.c for deeply disgusting hack reasons */
70522e12 131DEFINE_MUTEX(tty_mutex);
1da177e4
LT		 132
133#ifdef CONFIG_UNIX98_PTYS
134extern struct tty_driver *ptm_driver; /* Unix98 pty masters; for /dev/ptmx */
135extern int pty_limit; /* Config limit on Unix98 ptys */
136static DEFINE_IDR(allocated_ptys);
137static DECLARE_MUTEX(allocated_ptys_lock);
138static int ptmx_open(struct inode *, struct file *);
139#endif
140
141extern void disable_early_printk(void);
142
143static void initialize_tty_struct(struct tty_struct *tty);
144
145static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
146static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
147ssize_t redirected_tty_write(struct file *, const char __user *, size_t, loff_t *);
148static unsigned int tty_poll(struct file *, poll_table *);
149static int tty_open(struct inode *, struct file *);
150static int tty_release(struct inode *, struct file *);
151int tty_ioctl(struct inode * inode, struct file * file,
152 unsigned int cmd, unsigned long arg);
153static int tty_fasync(int fd, struct file * filp, int on);
1da177e4
LT		 154static void release_mem(struct tty_struct *tty, int idx);
155
af9b897e
AC		 156/**
157 * alloc_tty_struct - allocate a tty object
158 *
159 * Return a new empty tty structure. The data fields have not
160 * been initialized in any way but has been zeroed
161 *
162 * Locking: none
163 * FIXME: use kzalloc
164 */
1da177e4
LT		 165
166static struct tty_struct *alloc_tty_struct(void)
167{
168 struct tty_struct *tty;
169
170 tty = kmalloc(sizeof(struct tty_struct), GFP_KERNEL);
171 if (tty)
172 memset(tty, 0, sizeof(struct tty_struct));
173 return tty;
174}
175
33f0f88f
AC		 176static void tty_buffer_free_all(struct tty_struct *);
177
af9b897e
AC		 178/**
179 * free_tty_struct - free a disused tty
180 * @tty: tty struct to free
181 *
182 * Free the write buffers, tty queue and tty memory itself.
183 *
184 * Locking: none. Must be called after tty is definitely unused
185 */
186
1da177e4
LT		 187static inline void free_tty_struct(struct tty_struct *tty)
188{
189 kfree(tty->write_buf);
33f0f88f 190 tty_buffer_free_all(tty);
1da177e4
LT		 191 kfree(tty);
192}
193
194#define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
195
af9b897e
AC		 196/**
197 * tty_name - return tty naming
198 * @tty: tty structure
199 * @buf: buffer for output
200 *
201 * Convert a tty structure into a name. The name reflects the kernel
202 * naming policy and if udev is in use may not reflect user space
203 *
204 * Locking: none
205 */
206
1da177e4
LT		 207char *tty_name(struct tty_struct *tty, char *buf)
208{
209 if (!tty) /* Hmm. NULL pointer. That's fun. */
210 strcpy(buf, "NULL tty");
211 else
212 strcpy(buf, tty->name);
213 return buf;
214}
215
216EXPORT_SYMBOL(tty_name);
217
d769a669 218int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
1da177e4
LT		 219 const char *routine)
220{
221#ifdef TTY_PARANOIA_CHECK
222 if (!tty) {
223 printk(KERN_WARNING
224 "null TTY for (%d:%d) in %s\n",
225 imajor(inode), iminor(inode), routine);
226 return 1;
227 }
228 if (tty->magic != TTY_MAGIC) {
229 printk(KERN_WARNING
230 "bad magic number for tty struct (%d:%d) in %s\n",
231 imajor(inode), iminor(inode), routine);
232 return 1;
233 }
234#endif
235 return 0;
236}
237
238static int check_tty_count(struct tty_struct *tty, const char *routine)
239{
240#ifdef CHECK_TTY_COUNT
241 struct list_head *p;
242 int count = 0;
243
244 file_list_lock();
245 list_for_each(p, &tty->tty_files) {
246 count++;
247 }
248 file_list_unlock();
249 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
250 tty->driver->subtype == PTY_TYPE_SLAVE &&
251 tty->link && tty->link->count)
252 count++;
253 if (tty->count != count) {
254 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
255 "!= #fd's(%d) in %s\n",
256 tty->name, tty->count, count, routine);
257 return count;
258 }
259#endif
260 return 0;
261}
262
33f0f88f
AC		 263/*
264 * Tty buffer allocation management
265 */
266
af9b897e 267
01da5fd8
AC		 268/**
269 * tty_buffer_free_all - free buffers used by a tty
270 * @tty: tty to free from
271 *
272 * Remove all the buffers pending on a tty whether queued with data
273 * or in the free ring. Must be called when the tty is no longer in use
274 *
275 * Locking: none
276 */
277
278
af9b897e
AC		 279/**
280 * tty_buffer_free_all - free buffers used by a tty
281 * @tty: tty to free from
282 *
283 * Remove all the buffers pending on a tty whether queued with data
284 * or in the free ring. Must be called when the tty is no longer in use
285 *
286 * Locking: none
287 */
288
33f0f88f
AC		 289static void tty_buffer_free_all(struct tty_struct *tty)
290{
291 struct tty_buffer *thead;
292 while((thead = tty->buf.head) != NULL) {
293 tty->buf.head = thead->next;
294 kfree(thead);
295 }
296 while((thead = tty->buf.free) != NULL) {
297 tty->buf.free = thead->next;
298 kfree(thead);
299 }
300 tty->buf.tail = NULL;
01da5fd8 301 tty->buf.memory_used = 0;
33f0f88f
AC		 302}
303
01da5fd8
AC		 304/**
305 * tty_buffer_init - prepare a tty buffer structure
306 * @tty: tty to initialise
307 *
308 * Set up the initial state of the buffer management for a tty device.
309 * Must be called before the other tty buffer functions are used.
310 *
311 * Locking: none
312 */
313
33f0f88f
AC		 314static void tty_buffer_init(struct tty_struct *tty)
315{
808249ce 316 spin_lock_init(&tty->buf.lock);
33f0f88f
AC		 317 tty->buf.head = NULL;
318 tty->buf.tail = NULL;
319 tty->buf.free = NULL;
01da5fd8 320 tty->buf.memory_used = 0;
33f0f88f
AC		 321}
322
01da5fd8
AC		 323/**
324 * tty_buffer_alloc - allocate a tty buffer
325 * @tty: tty device
326 * @size: desired size (characters)
327 *
328 * Allocate a new tty buffer to hold the desired number of characters.
329 * Return NULL if out of memory or the allocation would exceed the
330 * per device queue
331 *
332 * Locking: Caller must hold tty->buf.lock
333 */
334
335static struct tty_buffer *tty_buffer_alloc(struct tty_struct *tty, size_t size)
33f0f88f 336{
01da5fd8
AC		 337 struct tty_buffer *p;
338
339 if (tty->buf.memory_used + size > 65536)
340 return NULL;
341 p = kmalloc(sizeof(struct tty_buffer) + 2 * size, GFP_ATOMIC);
33f0f88f
AC		 342 if(p == NULL)
343 return NULL;
344 p->used = 0;
345 p->size = size;
346 p->next = NULL;
8977d929
PF		 347 p->commit = 0;
348 p->read = 0;
33f0f88f
AC		 349 p->char_buf_ptr = (char *)(p->data);
350 p->flag_buf_ptr = (unsigned char *)p->char_buf_ptr + size;
01da5fd8 351 tty->buf.memory_used += size;
33f0f88f
AC		 352 return p;
353}
354
01da5fd8
AC		 355/**
356 * tty_buffer_free - free a tty buffer
357 * @tty: tty owning the buffer
358 * @b: the buffer to free
359 *
360 * Free a tty buffer, or add it to the free list according to our
361 * internal strategy
362 *
363 * Locking: Caller must hold tty->buf.lock
364 */
33f0f88f
AC		 365
366static void tty_buffer_free(struct tty_struct *tty, struct tty_buffer *b)
367{
368 /* Dumb strategy for now - should keep some stats */
01da5fd8
AC		 369 tty->buf.memory_used -= b->size;
370 WARN_ON(tty->buf.memory_used < 0);
371
33f0f88f
AC		 372 if(b->size >= 512)
373 kfree(b);
374 else {
375 b->next = tty->buf.free;
376 tty->buf.free = b;
377 }
378}
379
01da5fd8
AC		 380/**
381 * tty_buffer_find - find a free tty buffer
382 * @tty: tty owning the buffer
383 * @size: characters wanted
384 *
385 * Locate an existing suitable tty buffer or if we are lacking one then
386 * allocate a new one. We round our buffers off in 256 character chunks
387 * to get better allocation behaviour.
388 *
389 * Locking: Caller must hold tty->buf.lock
390 */
391
33f0f88f
AC		 392static struct tty_buffer *tty_buffer_find(struct tty_struct *tty, size_t size)
393{
394 struct tty_buffer **tbh = &tty->buf.free;
395 while((*tbh) != NULL) {
396 struct tty_buffer *t = *tbh;
397 if(t->size >= size) {
398 *tbh = t->next;
399 t->next = NULL;
400 t->used = 0;
8977d929
PF		 401 t->commit = 0;
402 t->read = 0;
01da5fd8 403 tty->buf.memory_used += t->size;
33f0f88f
AC		 404 return t;
405 }
406 tbh = &((*tbh)->next);
407 }
408 /* Round the buffer size out */
409 size = (size + 0xFF) & ~ 0xFF;
01da5fd8 410 return tty_buffer_alloc(tty, size);
33f0f88f
AC		 411 /* Should possibly check if this fails for the largest buffer we
412 have queued and recycle that ? */
413}
414
01da5fd8
AC		 415/**
416 * tty_buffer_request_room - grow tty buffer if needed
417 * @tty: tty structure
418 * @size: size desired
419 *
420 * Make at least size bytes of linear space available for the tty
421 * buffer. If we fail return the size we managed to find.
422 *
423 * Locking: Takes tty->buf.lock
424 */
33f0f88f
AC		 425int tty_buffer_request_room(struct tty_struct *tty, size_t size)
426{
808249ce
PF		 427 struct tty_buffer *b, *n;
428 int left;
429 unsigned long flags;
430
431 spin_lock_irqsave(&tty->buf.lock, flags);
33f0f88f
AC		 432
433 /* OPTIMISATION: We could keep a per tty "zero" sized buffer to
434 remove this conditional if its worth it. This would be invisible
435 to the callers */
33b37a33 436 if ((b = tty->buf.tail) != NULL)
33f0f88f 437 left = b->size - b->used;
33b37a33 438 else
808249ce
PF		 439 left = 0;
440
441 if (left < size) {
442 /* This is the slow path - looking for new buffers to use */
443 if ((n = tty_buffer_find(tty, size)) != NULL) {
444 if (b != NULL) {
445 b->next = n;
8977d929 446 b->commit = b->used;
808249ce
PF		 447 } else
448 tty->buf.head = n;
449 tty->buf.tail = n;
808249ce
PF		 450 } else
451 size = left;
452 }
453
454 spin_unlock_irqrestore(&tty->buf.lock, flags);
33f0f88f
AC		 455 return size;
456}
33f0f88f
AC		 457EXPORT_SYMBOL_GPL(tty_buffer_request_room);
458
af9b897e
AC		 459/**
460 * tty_insert_flip_string - Add characters to the tty buffer
461 * @tty: tty structure
462 * @chars: characters
463 * @size: size
464 *
465 * Queue a series of bytes to the tty buffering. All the characters
466 * passed are marked as without error. Returns the number added.
467 *
468 * Locking: Called functions may take tty->buf.lock
469 */
470
e1a25090
AM		 471int tty_insert_flip_string(struct tty_struct *tty, const unsigned char *chars,
472 size_t size)
33f0f88f
AC		 473{
474 int copied = 0;
475 do {
476 int space = tty_buffer_request_room(tty, size - copied);
477 struct tty_buffer *tb = tty->buf.tail;
478 /* If there is no space then tb may be NULL */
479 if(unlikely(space == 0))
480 break;
481 memcpy(tb->char_buf_ptr + tb->used, chars, space);
482 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
483 tb->used += space;
484 copied += space;
485 chars += space;
33f0f88f
AC		 486 }
487 /* There is a small chance that we need to split the data over
488 several buffers. If this is the case we must loop */
489 while (unlikely(size > copied));
490 return copied;
491}
ee37df78 492EXPORT_SYMBOL(tty_insert_flip_string);
33f0f88f 493
af9b897e
AC		 494/**
495 * tty_insert_flip_string_flags - Add characters to the tty buffer
496 * @tty: tty structure
497 * @chars: characters
498 * @flags: flag bytes
499 * @size: size
500 *
501 * Queue a series of bytes to the tty buffering. For each character
502 * the flags array indicates the status of the character. Returns the
503 * number added.
504 *
505 * Locking: Called functions may take tty->buf.lock
506 */
507
e1a25090
AM		 508int tty_insert_flip_string_flags(struct tty_struct *tty,
509 const unsigned char *chars, const char *flags, size_t size)
33f0f88f
AC		 510{
511 int copied = 0;
512 do {
513 int space = tty_buffer_request_room(tty, size - copied);
514 struct tty_buffer *tb = tty->buf.tail;
515 /* If there is no space then tb may be NULL */
516 if(unlikely(space == 0))
517 break;
518 memcpy(tb->char_buf_ptr + tb->used, chars, space);
519 memcpy(tb->flag_buf_ptr + tb->used, flags, space);
520 tb->used += space;
521 copied += space;
522 chars += space;
523 flags += space;
524 }
525 /* There is a small chance that we need to split the data over
526 several buffers. If this is the case we must loop */
527 while (unlikely(size > copied));
528 return copied;
529}
ff4547f4 530EXPORT_SYMBOL(tty_insert_flip_string_flags);
33f0f88f 531
af9b897e
AC		 532/**
533 * tty_schedule_flip - push characters to ldisc
534 * @tty: tty to push from
535 *
536 * Takes any pending buffers and transfers their ownership to the
537 * ldisc side of the queue. It then schedules those characters for
538 * processing by the line discipline.
539 *
540 * Locking: Takes tty->buf.lock
541 */
542
e1a25090
AM		 543void tty_schedule_flip(struct tty_struct *tty)
544{
545 unsigned long flags;
546 spin_lock_irqsave(&tty->buf.lock, flags);
33b37a33 547 if (tty->buf.tail != NULL)
e1a25090 548 tty->buf.tail->commit = tty->buf.tail->used;
e1a25090
AM		 549 spin_unlock_irqrestore(&tty->buf.lock, flags);
550 schedule_delayed_work(&tty->buf.work, 1);
551}
552EXPORT_SYMBOL(tty_schedule_flip);
33f0f88f 553
af9b897e
AC		 554/**
555 * tty_prepare_flip_string - make room for characters
556 * @tty: tty
557 * @chars: return pointer for character write area
558 * @size: desired size
559 *
33f0f88f
AC		 560 * Prepare a block of space in the buffer for data. Returns the length
561 * available and buffer pointer to the space which is now allocated and
562 * accounted for as ready for normal characters. This is used for drivers
563 * that need their own block copy routines into the buffer. There is no
564 * guarantee the buffer is a DMA target!
af9b897e
AC		 565 *
566 * Locking: May call functions taking tty->buf.lock
33f0f88f
AC		 567 */
568
569int tty_prepare_flip_string(struct tty_struct *tty, unsigned char **chars, size_t size)
570{
571 int space = tty_buffer_request_room(tty, size);
808249ce
PF		 572 if (likely(space)) {
573 struct tty_buffer *tb = tty->buf.tail;
574 *chars = tb->char_buf_ptr + tb->used;
575 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
576 tb->used += space;
577 }
33f0f88f
AC		 578 return space;
579}
580
581EXPORT_SYMBOL_GPL(tty_prepare_flip_string);
582
af9b897e
AC		 583/**
584 * tty_prepare_flip_string_flags - make room for characters
585 * @tty: tty
586 * @chars: return pointer for character write area
587 * @flags: return pointer for status flag write area
588 * @size: desired size
589 *
33f0f88f
AC		 590 * Prepare a block of space in the buffer for data. Returns the length
591 * available and buffer pointer to the space which is now allocated and
592 * accounted for as ready for characters. This is used for drivers
593 * that need their own block copy routines into the buffer. There is no
594 * guarantee the buffer is a DMA target!
af9b897e
AC		 595 *
596 * Locking: May call functions taking tty->buf.lock
33f0f88f
AC		 597 */
598
599int tty_prepare_flip_string_flags(struct tty_struct *tty, unsigned char **chars, char **flags, size_t size)
600{
601 int space = tty_buffer_request_room(tty, size);
808249ce
PF		 602 if (likely(space)) {
603 struct tty_buffer *tb = tty->buf.tail;
604 *chars = tb->char_buf_ptr + tb->used;
605 *flags = tb->flag_buf_ptr + tb->used;
606 tb->used += space;
607 }
33f0f88f
AC		 608 return space;
609}
610
611EXPORT_SYMBOL_GPL(tty_prepare_flip_string_flags);
612
613
614
af9b897e
AC		 615/**
616 * tty_set_termios_ldisc - set ldisc field
617 * @tty: tty structure
618 * @num: line discipline number
619 *
1da177e4
LT		 620 * This is probably overkill for real world processors but
621 * they are not on hot paths so a little discipline won't do
622 * any harm.
af9b897e
AC		 623 *
624 * Locking: takes termios_sem
1da177e4
LT		 625 */
626
627static void tty_set_termios_ldisc(struct tty_struct *tty, int num)
628{
629 down(&tty->termios_sem);
630 tty->termios->c_line = num;
631 up(&tty->termios_sem);
632}
633
634/*
635 * This guards the refcounted line discipline lists. The lock
636 * must be taken with irqs off because there are hangup path
637 * callers who will do ldisc lookups and cannot sleep.
638 */
639
640static DEFINE_SPINLOCK(tty_ldisc_lock);
641static DECLARE_WAIT_QUEUE_HEAD(tty_ldisc_wait);
bfb07599 642static struct tty_ldisc tty_ldiscs[NR_LDISCS]; /* line disc dispatch table */
1da177e4 643
af9b897e
AC		 644/**
645 * tty_register_ldisc - install a line discipline
646 * @disc: ldisc number
647 * @new_ldisc: pointer to the ldisc object
648 *
649 * Installs a new line discipline into the kernel. The discipline
650 * is set up as unreferenced and then made available to the kernel
651 * from this point onwards.
652 *
653 * Locking:
654 * takes tty_ldisc_lock to guard against ldisc races
655 */
656
1da177e4
LT		 657int tty_register_ldisc(int disc, struct tty_ldisc *new_ldisc)
658{
659 unsigned long flags;
660 int ret = 0;
661
662 if (disc < N_TTY || disc >= NR_LDISCS)
663 return -EINVAL;
664
665 spin_lock_irqsave(&tty_ldisc_lock, flags);
bfb07599
AD		 666 tty_ldiscs[disc] = *new_ldisc;
667 tty_ldiscs[disc].num = disc;
668 tty_ldiscs[disc].flags |= LDISC_FLAG_DEFINED;
669 tty_ldiscs[disc].refcount = 0;
1da177e4
LT		 670 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
671
672 return ret;
673}
1da177e4
LT		 674EXPORT_SYMBOL(tty_register_ldisc);
675
af9b897e
AC		 676/**
677 * tty_unregister_ldisc - unload a line discipline
678 * @disc: ldisc number
679 * @new_ldisc: pointer to the ldisc object
680 *
681 * Remove a line discipline from the kernel providing it is not
682 * currently in use.
683 *
684 * Locking:
685 * takes tty_ldisc_lock to guard against ldisc races
686 */
687
bfb07599
AD		 688int tty_unregister_ldisc(int disc)
689{
690 unsigned long flags;
691 int ret = 0;
692
693 if (disc < N_TTY || disc >= NR_LDISCS)
694 return -EINVAL;
695
696 spin_lock_irqsave(&tty_ldisc_lock, flags);
697 if (tty_ldiscs[disc].refcount)
698 ret = -EBUSY;
699 else
700 tty_ldiscs[disc].flags &= ~LDISC_FLAG_DEFINED;
701 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
702
703 return ret;
704}
705EXPORT_SYMBOL(tty_unregister_ldisc);
706
af9b897e
AC		 707/**
708 * tty_ldisc_get - take a reference to an ldisc
709 * @disc: ldisc number
710 *
711 * Takes a reference to a line discipline. Deals with refcounts and
712 * module locking counts. Returns NULL if the discipline is not available.
713 * Returns a pointer to the discipline and bumps the ref count if it is
714 * available
715 *
716 * Locking:
717 * takes tty_ldisc_lock to guard against ldisc races
718 */
719
1da177e4
LT		 720struct tty_ldisc *tty_ldisc_get(int disc)
721{
722 unsigned long flags;
723 struct tty_ldisc *ld;
724
725 if (disc < N_TTY || disc >= NR_LDISCS)
726 return NULL;
727
728 spin_lock_irqsave(&tty_ldisc_lock, flags);
729
730 ld = &tty_ldiscs[disc];
731 /* Check the entry is defined */
732 if(ld->flags & LDISC_FLAG_DEFINED)
733 {
734 /* If the module is being unloaded we can't use it */
735 if (!try_module_get(ld->owner))
736 ld = NULL;
737 else /* lock it */
738 ld->refcount++;
739 }
740 else
741 ld = NULL;
742 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
743 return ld;
744}
745
746EXPORT_SYMBOL_GPL(tty_ldisc_get);
747
af9b897e
AC		 748/**
749 * tty_ldisc_put - drop ldisc reference
750 * @disc: ldisc number
751 *
752 * Drop a reference to a line discipline. Manage refcounts and
753 * module usage counts
754 *
755 * Locking:
756 * takes tty_ldisc_lock to guard against ldisc races
757 */
758
1da177e4
LT		 759void tty_ldisc_put(int disc)
760{
761 struct tty_ldisc *ld;
762 unsigned long flags;
763
56ee4827 764 BUG_ON(disc < N_TTY || disc >= NR_LDISCS);
1da177e4
LT		 765
766 spin_lock_irqsave(&tty_ldisc_lock, flags);
767 ld = &tty_ldiscs[disc];
56ee4827
ES		 768 BUG_ON(ld->refcount == 0);
769 ld->refcount--;
1da177e4
LT		 770 module_put(ld->owner);
771 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
772}
773
774EXPORT_SYMBOL_GPL(tty_ldisc_put);
775
af9b897e
AC		 776/**
777 * tty_ldisc_assign - set ldisc on a tty
778 * @tty: tty to assign
779 * @ld: line discipline
780 *
781 * Install an instance of a line discipline into a tty structure. The
782 * ldisc must have a reference count above zero to ensure it remains/
783 * The tty instance refcount starts at zero.
784 *
785 * Locking:
786 * Caller must hold references
787 */
788
1da177e4
LT		 789static void tty_ldisc_assign(struct tty_struct *tty, struct tty_ldisc *ld)
790{
791 tty->ldisc = *ld;
792 tty->ldisc.refcount = 0;
793}
794
795/**
796 * tty_ldisc_try - internal helper
797 * @tty: the tty
798 *
799 * Make a single attempt to grab and bump the refcount on
800 * the tty ldisc. Return 0 on failure or 1 on success. This is
801 * used to implement both the waiting and non waiting versions
802 * of tty_ldisc_ref
af9b897e
AC		 803 *
804 * Locking: takes tty_ldisc_lock
1da177e4
LT		 805 */
806
807static int tty_ldisc_try(struct tty_struct *tty)
808{
809 unsigned long flags;
810 struct tty_ldisc *ld;
811 int ret = 0;
812
813 spin_lock_irqsave(&tty_ldisc_lock, flags);
814 ld = &tty->ldisc;
815 if(test_bit(TTY_LDISC, &tty->flags))
816 {
817 ld->refcount++;
818 ret = 1;
819 }
820 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
821 return ret;
822}
823
824/**
825 * tty_ldisc_ref_wait - wait for the tty ldisc
826 * @tty: tty device
827 *
828 * Dereference the line discipline for the terminal and take a
829 * reference to it. If the line discipline is in flux then
830 * wait patiently until it changes.
831 *
832 * Note: Must not be called from an IRQ/timer context. The caller
833 * must also be careful not to hold other locks that will deadlock
834 * against a discipline change, such as an existing ldisc reference
835 * (which we check for)
af9b897e
AC		 836 *
837 * Locking: call functions take tty_ldisc_lock
1da177e4
LT		 838 */
839
840struct tty_ldisc *tty_ldisc_ref_wait(struct tty_struct *tty)
841{
842 /* wait_event is a macro */
843 wait_event(tty_ldisc_wait, tty_ldisc_try(tty));
844 if(tty->ldisc.refcount == 0)
845 printk(KERN_ERR "tty_ldisc_ref_wait\n");
846 return &tty->ldisc;
847}
848
849EXPORT_SYMBOL_GPL(tty_ldisc_ref_wait);
850
851/**
852 * tty_ldisc_ref - get the tty ldisc
853 * @tty: tty device
854 *
855 * Dereference the line discipline for the terminal and take a
856 * reference to it. If the line discipline is in flux then
857 * return NULL. Can be called from IRQ and timer functions.
af9b897e
AC		 858 *
859 * Locking: called functions take tty_ldisc_lock
1da177e4
LT		 860 */
861
862struct tty_ldisc *tty_ldisc_ref(struct tty_struct *tty)
863{
864 if(tty_ldisc_try(tty))
865 return &tty->ldisc;
866 return NULL;
867}
868
869EXPORT_SYMBOL_GPL(tty_ldisc_ref);
870
871/**
872 * tty_ldisc_deref - free a tty ldisc reference
873 * @ld: reference to free up
874 *
875 * Undoes the effect of tty_ldisc_ref or tty_ldisc_ref_wait. May
876 * be called in IRQ context.
af9b897e
AC		 877 *
878 * Locking: takes tty_ldisc_lock
1da177e4
LT		 879 */
880
881void tty_ldisc_deref(struct tty_ldisc *ld)
882{
883 unsigned long flags;
884
56ee4827 885 BUG_ON(ld == NULL);
1da177e4
LT		 886
887 spin_lock_irqsave(&tty_ldisc_lock, flags);
888 if(ld->refcount == 0)
889 printk(KERN_ERR "tty_ldisc_deref: no references.\n");
890 else
891 ld->refcount--;
892 if(ld->refcount == 0)
893 wake_up(&tty_ldisc_wait);
894 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
895}
896
897EXPORT_SYMBOL_GPL(tty_ldisc_deref);
898
899/**
900 * tty_ldisc_enable - allow ldisc use
901 * @tty: terminal to activate ldisc on
902 *
903 * Set the TTY_LDISC flag when the line discipline can be called
904 * again. Do neccessary wakeups for existing sleepers.
905 *
906 * Note: nobody should set this bit except via this function. Clearing
907 * directly is allowed.
908 */
909
910static void tty_ldisc_enable(struct tty_struct *tty)
911{
912 set_bit(TTY_LDISC, &tty->flags);
913 wake_up(&tty_ldisc_wait);
914}
915
916/**
917 * tty_set_ldisc - set line discipline
918 * @tty: the terminal to set
919 * @ldisc: the line discipline
920 *
921 * Set the discipline of a tty line. Must be called from a process
922 * context.
af9b897e
AC		 923 *
924 * Locking: takes tty_ldisc_lock.
925 * called functions take termios_sem
1da177e4
LT		 926 */
927
928static int tty_set_ldisc(struct tty_struct *tty, int ldisc)
929{
ff55fe20
JB		 930 int retval = 0;
931 struct tty_ldisc o_ldisc;
1da177e4
LT		 932 char buf[64];
933 int work;
934 unsigned long flags;
935 struct tty_ldisc *ld;
ff55fe20 936 struct tty_struct *o_tty;
1da177e4
LT		 937
938 if ((ldisc < N_TTY) || (ldisc >= NR_LDISCS))
939 return -EINVAL;
940
941restart:
942
1da177e4
LT		 943 ld = tty_ldisc_get(ldisc);
944 /* Eduardo Blanco <ejbs@cs.cs.com.uy> */
945 /* Cyrus Durgin <cider@speakeasy.org> */
946 if (ld == NULL) {
947 request_module("tty-ldisc-%d", ldisc);
948 ld = tty_ldisc_get(ldisc);
949 }
950 if (ld == NULL)
951 return -EINVAL;
952
33f0f88f
AC		 953 /*
954 * No more input please, we are switching. The new ldisc
955 * will update this value in the ldisc open function
956 */
957
958 tty->receive_room = 0;
959
960 /*
961 * Problem: What do we do if this blocks ?
962 */
963
1da177e4
LT		 964 tty_wait_until_sent(tty, 0);
965
ff55fe20
JB		 966 if (tty->ldisc.num == ldisc) {
967 tty_ldisc_put(ldisc);
968 return 0;
969 }
970
971 o_ldisc = tty->ldisc;
972 o_tty = tty->link;
973
1da177e4
LT		 974 /*
975 * Make sure we don't change while someone holds a
976 * reference to the line discipline. The TTY_LDISC bit
977 * prevents anyone taking a reference once it is clear.
978 * We need the lock to avoid racing reference takers.
979 */
ff55fe20 980
1da177e4 981 spin_lock_irqsave(&tty_ldisc_lock, flags);
ff55fe20
JB		 982 if (tty->ldisc.refcount || (o_tty && o_tty->ldisc.refcount)) {
983 if(tty->ldisc.refcount) {
984 /* Free the new ldisc we grabbed. Must drop the lock
985 first. */
986 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
987 tty_ldisc_put(ldisc);
988 /*
989 * There are several reasons we may be busy, including
990 * random momentary I/O traffic. We must therefore
991 * retry. We could distinguish between blocking ops
992 * and retries if we made tty_ldisc_wait() smarter. That
993 * is up for discussion.
994 */
995 if (wait_event_interruptible(tty_ldisc_wait, tty->ldisc.refcount == 0) < 0)
996 return -ERESTARTSYS;
997 goto restart;
998 }
999 if(o_tty && o_tty->ldisc.refcount) {
1000 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1001 tty_ldisc_put(ldisc);
1002 if (wait_event_interruptible(tty_ldisc_wait, o_tty->ldisc.refcount == 0) < 0)
1003 return -ERESTARTSYS;
1004 goto restart;
1005 }
1006 }
1007
1008 /* if the TTY_LDISC bit is set, then we are racing against another ldisc change */
1009
1010 if (!test_bit(TTY_LDISC, &tty->flags)) {
1da177e4
LT		 1011 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1012 tty_ldisc_put(ldisc);
ff55fe20
JB		 1013 ld = tty_ldisc_ref_wait(tty);
1014 tty_ldisc_deref(ld);
1da177e4
LT		 1015 goto restart;
1016 }
ff55fe20
JB		 1017
1018 clear_bit(TTY_LDISC, &tty->flags);
817d6d3b 1019 if (o_tty)
ff55fe20 1020 clear_bit(TTY_LDISC, &o_tty->flags);
1da177e4 1021 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
ff55fe20 1022
1da177e4
LT		 1023 /*
1024 * From this point on we know nobody has an ldisc
1025 * usage reference, nor can they obtain one until
1026 * we say so later on.
1027 */
ff55fe20 1028
33f0f88f 1029 work = cancel_delayed_work(&tty->buf.work);
1da177e4 1030 /*
33f0f88f 1031 * Wait for ->hangup_work and ->buf.work handlers to terminate
1da177e4
LT		 1032 */
1033
1034 flush_scheduled_work();
1035 /* Shutdown the current discipline. */
1036 if (tty->ldisc.close)
1037 (tty->ldisc.close)(tty);
1038
1039 /* Now set up the new line discipline. */
1040 tty_ldisc_assign(tty, ld);
1041 tty_set_termios_ldisc(tty, ldisc);
1042 if (tty->ldisc.open)
1043 retval = (tty->ldisc.open)(tty);
1044 if (retval < 0) {
1045 tty_ldisc_put(ldisc);
1046 /* There is an outstanding reference here so this is safe */
1047 tty_ldisc_assign(tty, tty_ldisc_get(o_ldisc.num));
1048 tty_set_termios_ldisc(tty, tty->ldisc.num);
1049 if (tty->ldisc.open && (tty->ldisc.open(tty) < 0)) {
1050 tty_ldisc_put(o_ldisc.num);
1051 /* This driver is always present */
1052 tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
1053 tty_set_termios_ldisc(tty, N_TTY);
1054 if (tty->ldisc.open) {
1055 int r = tty->ldisc.open(tty);
1056
1057 if (r < 0)
1058 panic("Couldn't open N_TTY ldisc for "
1059 "%s --- error %d.",
1060 tty_name(tty, buf), r);
1061 }
1062 }
1063 }
1064 /* At this point we hold a reference to the new ldisc and a
1065 a reference to the old ldisc. If we ended up flipping back
1066 to the existing ldisc we have two references to it */
1067
1068 if (tty->ldisc.num != o_ldisc.num && tty->driver->set_ldisc)
1069 tty->driver->set_ldisc(tty);
1070
1071 tty_ldisc_put(o_ldisc.num);
1072
1073 /*
1074 * Allow ldisc referencing to occur as soon as the driver
1075 * ldisc callback completes.
1076 */
1077
1078 tty_ldisc_enable(tty);
ff55fe20
JB		 1079 if (o_tty)
1080 tty_ldisc_enable(o_tty);
1da177e4
LT		 1081
1082 /* Restart it in case no characters kick it off. Safe if
1083 already running */
ff55fe20 1084 if (work)
33f0f88f 1085 schedule_delayed_work(&tty->buf.work, 1);
1da177e4
LT		 1086 return retval;
1087}
1088
af9b897e
AC		 1089/**
1090 * get_tty_driver - find device of a tty
1091 * @dev_t: device identifier
1092 * @index: returns the index of the tty
1093 *
1094 * This routine returns a tty driver structure, given a device number
1095 * and also passes back the index number.
1096 *
1097 * Locking: caller must hold tty_mutex
1da177e4 1098 */
af9b897e 1099
1da177e4
LT		 1100static struct tty_driver *get_tty_driver(dev_t device, int *index)
1101{
1102 struct tty_driver *p;
1103
1104 list_for_each_entry(p, &tty_drivers, tty_drivers) {
1105 dev_t base = MKDEV(p->major, p->minor_start);
1106 if (device < base || device >= base + p->num)
1107 continue;
1108 *index = device - base;
1109 return p;
1110 }
1111 return NULL;
1112}
1113
af9b897e
AC		 1114/**
1115 * tty_check_change - check for POSIX terminal changes
1116 * @tty: tty to check
1117 *
1118 * If we try to write to, or set the state of, a terminal and we're
1119 * not in the foreground, send a SIGTTOU. If the signal is blocked or
1120 * ignored, go ahead and perform the operation. (POSIX 7.2)
1121 *
1122 * Locking: none
1da177e4 1123 */
af9b897e 1124
1da177e4
LT		 1125int tty_check_change(struct tty_struct * tty)
1126{
1127 if (current->signal->tty != tty)
1128 return 0;
1129 if (tty->pgrp <= 0) {
1130 printk(KERN_WARNING "tty_check_change: tty->pgrp <= 0!\n");
1131 return 0;
1132 }
1133 if (process_group(current) == tty->pgrp)
1134 return 0;
1135 if (is_ignored(SIGTTOU))
1136 return 0;
1137 if (is_orphaned_pgrp(process_group(current)))
1138 return -EIO;
1139 (void) kill_pg(process_group(current), SIGTTOU, 1);
1140 return -ERESTARTSYS;
1141}
1142
1143EXPORT_SYMBOL(tty_check_change);
1144
1145static ssize_t hung_up_tty_read(struct file * file, char __user * buf,
1146 size_t count, loff_t *ppos)
1147{
1148 return 0;
1149}
1150
1151static ssize_t hung_up_tty_write(struct file * file, const char __user * buf,
1152 size_t count, loff_t *ppos)
1153{
1154 return -EIO;
1155}
1156
1157/* No kernel lock held - none needed ;) */
1158static unsigned int hung_up_tty_poll(struct file * filp, poll_table * wait)
1159{
1160 return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
1161}
1162
1163static int hung_up_tty_ioctl(struct inode * inode, struct file * file,
1164 unsigned int cmd, unsigned long arg)
1165{
1166 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
1167}
1168
62322d25 1169static const struct file_operations tty_fops = {
1da177e4
LT		 1170 .llseek = no_llseek,
1171 .read = tty_read,
1172 .write = tty_write,
1173 .poll = tty_poll,
1174 .ioctl = tty_ioctl,
1175 .open = tty_open,
1176 .release = tty_release,
1177 .fasync = tty_fasync,
1178};
1179
1180#ifdef CONFIG_UNIX98_PTYS
62322d25 1181static const struct file_operations ptmx_fops = {
1da177e4
LT		 1182 .llseek = no_llseek,
1183 .read = tty_read,
1184 .write = tty_write,
1185 .poll = tty_poll,
1186 .ioctl = tty_ioctl,
1187 .open = ptmx_open,
1188 .release = tty_release,
1189 .fasync = tty_fasync,
1190};
1191#endif
1192
62322d25 1193static const struct file_operations console_fops = {
1da177e4
LT		 1194 .llseek = no_llseek,
1195 .read = tty_read,
1196 .write = redirected_tty_write,
1197 .poll = tty_poll,
1198 .ioctl = tty_ioctl,
1199 .open = tty_open,
1200 .release = tty_release,
1201 .fasync = tty_fasync,
1202};
1203
62322d25 1204static const struct file_operations hung_up_tty_fops = {
1da177e4
LT		 1205 .llseek = no_llseek,
1206 .read = hung_up_tty_read,
1207 .write = hung_up_tty_write,
1208 .poll = hung_up_tty_poll,
1209 .ioctl = hung_up_tty_ioctl,
1210 .release = tty_release,
1211};
1212
1213static DEFINE_SPINLOCK(redirect_lock);
1214static struct file *redirect;
1215
1216/**
1217 * tty_wakeup - request more data
1218 * @tty: terminal
1219 *
1220 * Internal and external helper for wakeups of tty. This function
1221 * informs the line discipline if present that the driver is ready
1222 * to receive more output data.
1223 */
1224
1225void tty_wakeup(struct tty_struct *tty)
1226{
1227 struct tty_ldisc *ld;
1228
1229 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
1230 ld = tty_ldisc_ref(tty);
1231 if(ld) {
1232 if(ld->write_wakeup)
1233 ld->write_wakeup(tty);
1234 tty_ldisc_deref(ld);
1235 }
1236 }
1237 wake_up_interruptible(&tty->write_wait);
1238}
1239
1240EXPORT_SYMBOL_GPL(tty_wakeup);
1241
1242/**
1243 * tty_ldisc_flush - flush line discipline queue
1244 * @tty: tty
1245 *
1246 * Flush the line discipline queue (if any) for this tty. If there
1247 * is no line discipline active this is a no-op.
1248 */
1249
1250void tty_ldisc_flush(struct tty_struct *tty)
1251{
1252 struct tty_ldisc *ld = tty_ldisc_ref(tty);
1253 if(ld) {
1254 if(ld->flush_buffer)
1255 ld->flush_buffer(tty);
1256 tty_ldisc_deref(ld);
1257 }
1258}
1259
1260EXPORT_SYMBOL_GPL(tty_ldisc_flush);
1261
af9b897e
AC		 1262/**
1263 * do_tty_hangup - actual handler for hangup events
1264 * @data: tty device
1265 *
1266 * This can be called by the "eventd" kernel thread. That is process
1267 * synchronous but doesn't hold any locks, so we need to make sure we
1268 * have the appropriate locks for what we're doing.
1269 *
1270 * The hangup event clears any pending redirections onto the hung up
1271 * device. It ensures future writes will error and it does the needed
1272 * line discipline hangup and signal delivery. The tty object itself
1273 * remains intact.
1274 *
1275 * Locking:
1276 * BKL
1277 * redirect lock for undoing redirection
1278 * file list lock for manipulating list of ttys
1279 * tty_ldisc_lock from called functions
1280 * termios_sem resetting termios data
1281 * tasklist_lock to walk task list for hangup event
1282 *
1da177e4
LT		 1283 */
1284static void do_tty_hangup(void *data)
1285{
1286 struct tty_struct *tty = (struct tty_struct *) data;
1287 struct file * cons_filp = NULL;
1288 struct file *filp, *f = NULL;
1289 struct task_struct *p;
1290 struct tty_ldisc *ld;
1291 int closecount = 0, n;
1292
1293 if (!tty)
1294 return;
1295
1296 /* inuse_filps is protected by the single kernel lock */
1297 lock_kernel();
1298
1299 spin_lock(&redirect_lock);
1300 if (redirect && redirect->private_data == tty) {
1301 f = redirect;
1302 redirect = NULL;
1303 }
1304 spin_unlock(&redirect_lock);
1305
1306 check_tty_count(tty, "do_tty_hangup");
1307 file_list_lock();
1308 /* This breaks for file handles being sent over AF_UNIX sockets ? */
2f512016 1309 list_for_each_entry(filp, &tty->tty_files, f_u.fu_list) {
1da177e4
LT		 1310 if (filp->f_op->write == redirected_tty_write)
1311 cons_filp = filp;
1312 if (filp->f_op->write != tty_write)
1313 continue;
1314 closecount++;
1315 tty_fasync(-1, filp, 0); /* can't block */
1316 filp->f_op = &hung_up_tty_fops;
1317 }
1318 file_list_unlock();
1319
1320 /* FIXME! What are the locking issues here? This may me overdoing things..
1321 * this question is especially important now that we've removed the irqlock. */
1322
1323 ld = tty_ldisc_ref(tty);
1324 if(ld != NULL) /* We may have no line discipline at this point */
1325 {
1326 if (ld->flush_buffer)
1327 ld->flush_buffer(tty);
1328 if (tty->driver->flush_buffer)
1329 tty->driver->flush_buffer(tty);
1330 if ((test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) &&
1331 ld->write_wakeup)
1332 ld->write_wakeup(tty);
1333 if (ld->hangup)
1334 ld->hangup(tty);
1335 }
1336
1337 /* FIXME: Once we trust the LDISC code better we can wait here for
1338 ldisc completion and fix the driver call race */
1339
1340 wake_up_interruptible(&tty->write_wait);
1341 wake_up_interruptible(&tty->read_wait);
1342
1343 /*
1344 * Shutdown the current line discipline, and reset it to
1345 * N_TTY.
1346 */
1347 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1348 {
1349 down(&tty->termios_sem);
1350 *tty->termios = tty->driver->init_termios;
1351 up(&tty->termios_sem);
1352 }
1353
1354 /* Defer ldisc switch */
1355 /* tty_deferred_ldisc_switch(N_TTY);
1356
1357 This should get done automatically when the port closes and
1358 tty_release is called */
1359
1360 read_lock(&tasklist_lock);
1361 if (tty->session > 0) {
1362 do_each_task_pid(tty->session, PIDTYPE_SID, p) {
1363 if (p->signal->tty == tty)
1364 p->signal->tty = NULL;
1365 if (!p->signal->leader)
1366 continue;
f96a795d
EB		 1367 group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
1368 group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
1da177e4
LT		 1369 if (tty->pgrp > 0)
1370 p->signal->tty_old_pgrp = tty->pgrp;
1371 } while_each_task_pid(tty->session, PIDTYPE_SID, p);
1372 }
1373 read_unlock(&tasklist_lock);
1374
1375 tty->flags = 0;
1376 tty->session = 0;
1377 tty->pgrp = -1;
1378 tty->ctrl_status = 0;
1379 /*
1380 * If one of the devices matches a console pointer, we
1381 * cannot just call hangup() because that will cause
1382 * tty->count and state->count to go out of sync.
1383 * So we just call close() the right number of times.
1384 */
1385 if (cons_filp) {
1386 if (tty->driver->close)
1387 for (n = 0; n < closecount; n++)
1388 tty->driver->close(tty, cons_filp);
1389 } else if (tty->driver->hangup)
1390 (tty->driver->hangup)(tty);
1391
1392 /* We don't want to have driver/ldisc interactions beyond
1393 the ones we did here. The driver layer expects no
1394 calls after ->hangup() from the ldisc side. However we
1395 can't yet guarantee all that */
1396
1397 set_bit(TTY_HUPPED, &tty->flags);
1398 if (ld) {
1399 tty_ldisc_enable(tty);
1400 tty_ldisc_deref(ld);
1401 }
1402 unlock_kernel();
1403 if (f)
1404 fput(f);
1405}
1406
af9b897e
AC		 1407/**
1408 * tty_hangup - trigger a hangup event
1409 * @tty: tty to hangup
1410 *
1411 * A carrier loss (virtual or otherwise) has occurred on this like
1412 * schedule a hangup sequence to run after this event.
1413 */
1414
1da177e4
LT		 1415void tty_hangup(struct tty_struct * tty)
1416{
1417#ifdef TTY_DEBUG_HANGUP
1418 char buf[64];
1419
1420 printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
1421#endif
1422 schedule_work(&tty->hangup_work);
1423}
1424
1425EXPORT_SYMBOL(tty_hangup);
1426
af9b897e
AC		 1427/**
1428 * tty_vhangup - process vhangup
1429 * @tty: tty to hangup
1430 *
1431 * The user has asked via system call for the terminal to be hung up.
1432 * We do this synchronously so that when the syscall returns the process
1433 * is complete. That guarantee is neccessary for security reasons.
1434 */
1435
1da177e4
LT		 1436void tty_vhangup(struct tty_struct * tty)
1437{
1438#ifdef TTY_DEBUG_HANGUP
1439 char buf[64];
1440
1441 printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
1442#endif
1443 do_tty_hangup((void *) tty);
1444}
1445EXPORT_SYMBOL(tty_vhangup);
1446
af9b897e
AC		 1447/**
1448 * tty_hung_up_p - was tty hung up
1449 * @filp: file pointer of tty
1450 *
1451 * Return true if the tty has been subject to a vhangup or a carrier
1452 * loss
1453 */
1454
1da177e4
LT		 1455int tty_hung_up_p(struct file * filp)
1456{
1457 return (filp->f_op == &hung_up_tty_fops);
1458}
1459
1460EXPORT_SYMBOL(tty_hung_up_p);
1461
af9b897e
AC		 1462/**
1463 * disassociate_ctty - disconnect controlling tty
1464 * @on_exit: true if exiting so need to "hang up" the session
1da177e4 1465 *
af9b897e
AC		 1466 * This function is typically called only by the session leader, when
1467 * it wants to disassociate itself from its controlling tty.
1468 *
1469 * It performs the following functions:
1da177e4
LT		 1470 * (1) Sends a SIGHUP and SIGCONT to the foreground process group
1471 * (2) Clears the tty from being controlling the session
1472 * (3) Clears the controlling tty for all processes in the
1473 * session group.
1474 *
af9b897e
AC		 1475 * The argument on_exit is set to 1 if called when a process is
1476 * exiting; it is 0 if called by the ioctl TIOCNOTTY.
1477 *
1478 * Locking: tty_mutex is taken to protect current->signal->tty
1479 * BKL is taken for hysterical raisins
1480 * Tasklist lock is taken (under tty_mutex) to walk process
1481 * lists for the session.
1da177e4 1482 */
af9b897e 1483
1da177e4
LT		 1484void disassociate_ctty(int on_exit)
1485{
1486 struct tty_struct *tty;
1487 struct task_struct *p;
1488 int tty_pgrp = -1;
1489
1490 lock_kernel();
1491
70522e12 1492 mutex_lock(&tty_mutex);
1da177e4
LT		 1493 tty = current->signal->tty;
1494 if (tty) {
1495 tty_pgrp = tty->pgrp;
70522e12 1496 mutex_unlock(&tty_mutex);
1da177e4
LT		 1497 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY)
1498 tty_vhangup(tty);
1499 } else {
1500 if (current->signal->tty_old_pgrp) {
1501 kill_pg(current->signal->tty_old_pgrp, SIGHUP, on_exit);
1502 kill_pg(current->signal->tty_old_pgrp, SIGCONT, on_exit);
1503 }
70522e12 1504 mutex_unlock(&tty_mutex);
1da177e4
LT		 1505 unlock_kernel();
1506 return;
1507 }
1508 if (tty_pgrp > 0) {
1509 kill_pg(tty_pgrp, SIGHUP, on_exit);
1510 if (!on_exit)
1511 kill_pg(tty_pgrp, SIGCONT, on_exit);
1512 }
1513
1514 /* Must lock changes to tty_old_pgrp */
70522e12 1515 mutex_lock(&tty_mutex);
1da177e4
LT		 1516 current->signal->tty_old_pgrp = 0;
1517 tty->session = 0;
1518 tty->pgrp = -1;
1519
1520 /* Now clear signal->tty under the lock */
1521 read_lock(&tasklist_lock);
1522 do_each_task_pid(current->signal->session, PIDTYPE_SID, p) {
1523 p->signal->tty = NULL;
1524 } while_each_task_pid(current->signal->session, PIDTYPE_SID, p);
1525 read_unlock(&tasklist_lock);
70522e12 1526 mutex_unlock(&tty_mutex);
1da177e4
LT		 1527 unlock_kernel();
1528}
1529
af9b897e
AC		 1530
1531/**
1532 * stop_tty - propogate flow control
1533 * @tty: tty to stop
1534 *
1535 * Perform flow control to the driver. For PTY/TTY pairs we
1536 * must also propogate the TIOCKPKT status. May be called
1537 * on an already stopped device and will not re-call the driver
1538 * method.
1539 *
1540 * This functionality is used by both the line disciplines for
1541 * halting incoming flow and by the driver. It may therefore be
1542 * called from any context, may be under the tty atomic_write_lock
1543 * but not always.
1544 *
1545 * Locking:
1546 * Broken. Relies on BKL which is unsafe here.
1547 */
1548
1da177e4
LT		 1549void stop_tty(struct tty_struct *tty)
1550{
1551 if (tty->stopped)
1552 return;
1553 tty->stopped = 1;
1554 if (tty->link && tty->link->packet) {
1555 tty->ctrl_status &= ~TIOCPKT_START;
1556 tty->ctrl_status |= TIOCPKT_STOP;
1557 wake_up_interruptible(&tty->link->read_wait);
1558 }
1559 if (tty->driver->stop)
1560 (tty->driver->stop)(tty);
1561}
1562
1563EXPORT_SYMBOL(stop_tty);
1564
af9b897e
AC		 1565/**
1566 * start_tty - propogate flow control
1567 * @tty: tty to start
1568 *
1569 * Start a tty that has been stopped if at all possible. Perform
1570 * any neccessary wakeups and propogate the TIOCPKT status. If this
1571 * is the tty was previous stopped and is being started then the
1572 * driver start method is invoked and the line discipline woken.
1573 *
1574 * Locking:
1575 * Broken. Relies on BKL which is unsafe here.
1576 */
1577
1da177e4
LT		 1578void start_tty(struct tty_struct *tty)
1579{
1580 if (!tty->stopped || tty->flow_stopped)
1581 return;
1582 tty->stopped = 0;
1583 if (tty->link && tty->link->packet) {
1584 tty->ctrl_status &= ~TIOCPKT_STOP;
1585 tty->ctrl_status |= TIOCPKT_START;
1586 wake_up_interruptible(&tty->link->read_wait);
1587 }
1588 if (tty->driver->start)
1589 (tty->driver->start)(tty);
1590
1591 /* If we have a running line discipline it may need kicking */
1592 tty_wakeup(tty);
1593 wake_up_interruptible(&tty->write_wait);
1594}
1595
1596EXPORT_SYMBOL(start_tty);
1597
af9b897e
AC		 1598/**
1599 * tty_read - read method for tty device files
1600 * @file: pointer to tty file
1601 * @buf: user buffer
1602 * @count: size of user buffer
1603 * @ppos: unused
1604 *
1605 * Perform the read system call function on this terminal device. Checks
1606 * for hung up devices before calling the line discipline method.
1607 *
1608 * Locking:
1609 * Locks the line discipline internally while needed
1610 * For historical reasons the line discipline read method is
1611 * invoked under the BKL. This will go away in time so do not rely on it
1612 * in new code. Multiple read calls may be outstanding in parallel.
1613 */
1614
1da177e4
LT		 1615static ssize_t tty_read(struct file * file, char __user * buf, size_t count,
1616 loff_t *ppos)
1617{
1618 int i;
1619 struct tty_struct * tty;
1620 struct inode *inode;
1621 struct tty_ldisc *ld;
1622
1623 tty = (struct tty_struct *)file->private_data;
1624 inode = file->f_dentry->d_inode;
1625 if (tty_paranoia_check(tty, inode, "tty_read"))
1626 return -EIO;
1627 if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
1628 return -EIO;
1629
1630 /* We want to wait for the line discipline to sort out in this
1631 situation */
1632 ld = tty_ldisc_ref_wait(tty);
1633 lock_kernel();
1634 if (ld->read)
1635 i = (ld->read)(tty,file,buf,count);
1636 else
1637 i = -EIO;
1638 tty_ldisc_deref(ld);
1639 unlock_kernel();
1640 if (i > 0)
1641 inode->i_atime = current_fs_time(inode->i_sb);
1642 return i;
1643}
1644
1645/*
1646 * Split writes up in sane blocksizes to avoid
1647 * denial-of-service type attacks
1648 */
1649static inline ssize_t do_tty_write(
1650 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1651 struct tty_struct *tty,
1652 struct file *file,
1653 const char __user *buf,
1654 size_t count)
1655{
1656 ssize_t ret = 0, written = 0;
1657 unsigned int chunk;
1658
af9b897e 1659 /* FIXME: O_NDELAY ... */
70522e12 1660 if (mutex_lock_interruptible(&tty->atomic_write_lock)) {
1da177e4
LT		 1661 return -ERESTARTSYS;
1662 }
1663
1664 /*
1665 * We chunk up writes into a temporary buffer. This
1666 * simplifies low-level drivers immensely, since they
1667 * don't have locking issues and user mode accesses.
1668 *
1669 * But if TTY_NO_WRITE_SPLIT is set, we should use a
1670 * big chunk-size..
1671 *
1672 * The default chunk-size is 2kB, because the NTTY
1673 * layer has problems with bigger chunks. It will
1674 * claim to be able to handle more characters than
1675 * it actually does.
af9b897e
AC		 1676 *
1677 * FIXME: This can probably go away now except that 64K chunks
1678 * are too likely to fail unless switched to vmalloc...
1da177e4
LT		 1679 */
1680 chunk = 2048;
1681 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1682 chunk = 65536;
1683 if (count < chunk)
1684 chunk = count;
1685
70522e12 1686 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1da177e4
LT		 1687 if (tty->write_cnt < chunk) {
1688 unsigned char *buf;
1689
1690 if (chunk < 1024)
1691 chunk = 1024;
1692
1693 buf = kmalloc(chunk, GFP_KERNEL);
1694 if (!buf) {
70522e12 1695 mutex_unlock(&tty->atomic_write_lock);
1da177e4
LT		 1696 return -ENOMEM;
1697 }
1698 kfree(tty->write_buf);
1699 tty->write_cnt = chunk;
1700 tty->write_buf = buf;
1701 }
1702
1703 /* Do the write .. */
1704 for (;;) {
1705 size_t size = count;
1706 if (size > chunk)
1707 size = chunk;
1708 ret = -EFAULT;
1709 if (copy_from_user(tty->write_buf, buf, size))
1710 break;
1711 lock_kernel();
1712 ret = write(tty, file, tty->write_buf, size);
1713 unlock_kernel();
1714 if (ret <= 0)
1715 break;
1716 written += ret;
1717 buf += ret;
1718 count -= ret;
1719 if (!count)
1720 break;
1721 ret = -ERESTARTSYS;
1722 if (signal_pending(current))
1723 break;
1724 cond_resched();
1725 }
1726 if (written) {
1727 struct inode *inode = file->f_dentry->d_inode;
1728 inode->i_mtime = current_fs_time(inode->i_sb);
1729 ret = written;
1730 }
70522e12 1731 mutex_unlock(&tty->atomic_write_lock);
1da177e4
LT		 1732 return ret;
1733}
1734
1735
af9b897e
AC		 1736/**
1737 * tty_write - write method for tty device file
1738 * @file: tty file pointer
1739 * @buf: user data to write
1740 * @count: bytes to write
1741 * @ppos: unused
1742 *
1743 * Write data to a tty device via the line discipline.
1744 *
1745 * Locking:
1746 * Locks the line discipline as required
1747 * Writes to the tty driver are serialized by the atomic_write_lock
1748 * and are then processed in chunks to the device. The line discipline
1749 * write method will not be involked in parallel for each device
1750 * The line discipline write method is called under the big
1751 * kernel lock for historical reasons. New code should not rely on this.
1752 */
1753
1da177e4
LT		 1754static ssize_t tty_write(struct file * file, const char __user * buf, size_t count,
1755 loff_t *ppos)
1756{
1757 struct tty_struct * tty;
1758 struct inode *inode = file->f_dentry->d_inode;
1759 ssize_t ret;
1760 struct tty_ldisc *ld;
1761
1762 tty = (struct tty_struct *)file->private_data;
1763 if (tty_paranoia_check(tty, inode, "tty_write"))
1764 return -EIO;
1765 if (!tty || !tty->driver->write || (test_bit(TTY_IO_ERROR, &tty->flags)))
1766 return -EIO;
1767
1768 ld = tty_ldisc_ref_wait(tty);
1769 if (!ld->write)
1770 ret = -EIO;
1771 else
1772 ret = do_tty_write(ld->write, tty, file, buf, count);
1773 tty_ldisc_deref(ld);
1774 return ret;
1775}
1776
1777ssize_t redirected_tty_write(struct file * file, const char __user * buf, size_t count,
1778 loff_t *ppos)
1779{
1780 struct file *p = NULL;
1781
1782 spin_lock(&redirect_lock);
1783 if (redirect) {
1784 get_file(redirect);
1785 p = redirect;
1786 }
1787 spin_unlock(&redirect_lock);
1788
1789 if (p) {
1790 ssize_t res;
1791 res = vfs_write(p, buf, count, &p->f_pos);
1792 fput(p);
1793 return res;
1794 }
1795
1796 return tty_write(file, buf, count, ppos);
1797}
1798
1799static char ptychar[] = "pqrstuvwxyzabcde";
1800
af9b897e
AC		 1801/**
1802 * pty_line_name - generate name for a pty
1803 * @driver: the tty driver in use
1804 * @index: the minor number
1805 * @p: output buffer of at least 6 bytes
1806 *
1807 * Generate a name from a driver reference and write it to the output
1808 * buffer.
1809 *
1810 * Locking: None
1811 */
1812static void pty_line_name(struct tty_driver *driver, int index, char *p)
1da177e4
LT		 1813{
1814 int i = index + driver->name_base;
1815 /* ->name is initialized to "ttyp", but "tty" is expected */
1816 sprintf(p, "%s%c%x",
1817 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1818 ptychar[i >> 4 & 0xf], i & 0xf);
1819}
1820
af9b897e
AC		 1821/**
1822 * pty_line_name - generate name for a tty
1823 * @driver: the tty driver in use
1824 * @index: the minor number
1825 * @p: output buffer of at least 7 bytes
1826 *
1827 * Generate a name from a driver reference and write it to the output
1828 * buffer.
1829 *
1830 * Locking: None
1831 */
1832static void tty_line_name(struct tty_driver *driver, int index, char *p)
1da177e4
LT		 1833{
1834 sprintf(p, "%s%d", driver->name, index + driver->name_base);
1835}
1836
af9b897e
AC		 1837/**
1838 * init_dev - initialise a tty device
1839 * @driver: tty driver we are opening a device on
1840 * @idx: device index
1841 * @tty: returned tty structure
1842 *
1843 * Prepare a tty device. This may not be a "new" clean device but
1844 * could also be an active device. The pty drivers require special
1845 * handling because of this.
1846 *
1847 * Locking:
1848 * The function is called under the tty_mutex, which
1849 * protects us from the tty struct or driver itself going away.
1850 *
1851 * On exit the tty device has the line discipline attached and
1852 * a reference count of 1. If a pair was created for pty/tty use
1853 * and the other was a pty master then it too has a reference count of 1.
1854 *
1da177e4 1855 * WSH 06/09/97: Rewritten to remove races and properly clean up after a
70522e12
IM		 1856 * failed open. The new code protects the open with a mutex, so it's
1857 * really quite straightforward. The mutex locking can probably be
1da177e4
LT		 1858 * relaxed for the (most common) case of reopening a tty.
1859 */
af9b897e 1860
1da177e4
LT		 1861static int init_dev(struct tty_driver *driver, int idx,
1862 struct tty_struct **ret_tty)
1863{
1864 struct tty_struct *tty, *o_tty;
1865 struct termios *tp, **tp_loc, *o_tp, **o_tp_loc;
1866 struct termios *ltp, **ltp_loc, *o_ltp, **o_ltp_loc;
af9b897e 1867 int retval = 0;
1da177e4
LT		 1868
1869 /* check whether we're reopening an existing tty */
1870 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1871 tty = devpts_get_tty(idx);
1872 if (tty && driver->subtype == PTY_TYPE_MASTER)
1873 tty = tty->link;
1874 } else {
1875 tty = driver->ttys[idx];
1876 }
1877 if (tty) goto fast_track;
1878
1879 /*
1880 * First time open is complex, especially for PTY devices.
1881 * This code guarantees that either everything succeeds and the
1882 * TTY is ready for operation, or else the table slots are vacated
1883 * and the allocated memory released. (Except that the termios
1884 * and locked termios may be retained.)
1885 */
1886
1887 if (!try_module_get(driver->owner)) {
1888 retval = -ENODEV;
1889 goto end_init;
1890 }
1891
1892 o_tty = NULL;
1893 tp = o_tp = NULL;
1894 ltp = o_ltp = NULL;
1895
1896 tty = alloc_tty_struct();
1897 if(!tty)
1898 goto fail_no_mem;
1899 initialize_tty_struct(tty);
1900 tty->driver = driver;
1901 tty->index = idx;
1902 tty_line_name(driver, idx, tty->name);
1903
1904 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1905 tp_loc = &tty->termios;
1906 ltp_loc = &tty->termios_locked;
1907 } else {
1908 tp_loc = &driver->termios[idx];
1909 ltp_loc = &driver->termios_locked[idx];
1910 }
1911
1912 if (!*tp_loc) {
1913 tp = (struct termios *) kmalloc(sizeof(struct termios),
1914 GFP_KERNEL);
1915 if (!tp)
1916 goto free_mem_out;
1917 *tp = driver->init_termios;
1918 }
1919
1920 if (!*ltp_loc) {
1921 ltp = (struct termios *) kmalloc(sizeof(struct termios),
1922 GFP_KERNEL);
1923 if (!ltp)
1924 goto free_mem_out;
1925 memset(ltp, 0, sizeof(struct termios));
1926 }
1927
1928 if (driver->type == TTY_DRIVER_TYPE_PTY) {
1929 o_tty = alloc_tty_struct();
1930 if (!o_tty)
1931 goto free_mem_out;
1932 initialize_tty_struct(o_tty);
1933 o_tty->driver = driver->other;
1934 o_tty->index = idx;
1935 tty_line_name(driver->other, idx, o_tty->name);
1936
1937 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1938 o_tp_loc = &o_tty->termios;
1939 o_ltp_loc = &o_tty->termios_locked;
1940 } else {
1941 o_tp_loc = &driver->other->termios[idx];
1942 o_ltp_loc = &driver->other->termios_locked[idx];
1943 }
1944
1945 if (!*o_tp_loc) {
1946 o_tp = (struct termios *)
1947 kmalloc(sizeof(struct termios), GFP_KERNEL);
1948 if (!o_tp)
1949 goto free_mem_out;
1950 *o_tp = driver->other->init_termios;
1951 }
1952
1953 if (!*o_ltp_loc) {
1954 o_ltp = (struct termios *)
1955 kmalloc(sizeof(struct termios), GFP_KERNEL);
1956 if (!o_ltp)
1957 goto free_mem_out;
1958 memset(o_ltp, 0, sizeof(struct termios));
1959 }
1960
1961 /*
1962 * Everything allocated ... set up the o_tty structure.
1963 */
1964 if (!(driver->other->flags & TTY_DRIVER_DEVPTS_MEM)) {
1965 driver->other->ttys[idx] = o_tty;
1966 }
1967 if (!*o_tp_loc)
1968 *o_tp_loc = o_tp;
1969 if (!*o_ltp_loc)
1970 *o_ltp_loc = o_ltp;
1971 o_tty->termios = *o_tp_loc;
1972 o_tty->termios_locked = *o_ltp_loc;
1973 driver->other->refcount++;
1974 if (driver->subtype == PTY_TYPE_MASTER)
1975 o_tty->count++;
1976
1977 /* Establish the links in both directions */
1978 tty->link = o_tty;
1979 o_tty->link = tty;
1980 }
1981
1982 /*
1983 * All structures have been allocated, so now we install them.
1984 * Failures after this point use release_mem to clean up, so
1985 * there's no need to null out the local pointers.
1986 */
1987 if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
1988 driver->ttys[idx] = tty;
1989 }
1990
1991 if (!*tp_loc)
1992 *tp_loc = tp;
1993 if (!*ltp_loc)
1994 *ltp_loc = ltp;
1995 tty->termios = *tp_loc;
1996 tty->termios_locked = *ltp_loc;
1997 driver->refcount++;
1998 tty->count++;
1999
2000 /*
2001 * Structures all installed ... call the ldisc open routines.
2002 * If we fail here just call release_mem to clean up. No need
2003 * to decrement the use counts, as release_mem doesn't care.
2004 */
2005
2006 if (tty->ldisc.open) {
2007 retval = (tty->ldisc.open)(tty);
2008 if (retval)
2009 goto release_mem_out;
2010 }
2011 if (o_tty && o_tty->ldisc.open) {
2012 retval = (o_tty->ldisc.open)(o_tty);
2013 if (retval) {
2014 if (tty->ldisc.close)
2015 (tty->ldisc.close)(tty);
2016 goto release_mem_out;
2017 }
2018 tty_ldisc_enable(o_tty);
2019 }
2020 tty_ldisc_enable(tty);
2021 goto success;
2022
2023 /*
2024 * This fast open can be used if the tty is already open.
2025 * No memory is allocated, and the only failures are from
2026 * attempting to open a closing tty or attempting multiple
2027 * opens on a pty master.
2028 */
2029fast_track:
2030 if (test_bit(TTY_CLOSING, &tty->flags)) {
2031 retval = -EIO;
2032 goto end_init;
2033 }
2034 if (driver->type == TTY_DRIVER_TYPE_PTY &&
2035 driver->subtype == PTY_TYPE_MASTER) {
2036 /*
2037 * special case for PTY masters: only one open permitted,
2038 * and the slave side open count is incremented as well.
2039 */
2040 if (tty->count) {
2041 retval = -EIO;
2042 goto end_init;
2043 }
2044 tty->link->count++;
2045 }
2046 tty->count++;
2047 tty->driver = driver; /* N.B. why do this every time?? */
2048
2049 /* FIXME */
2050 if(!test_bit(TTY_LDISC, &tty->flags))
2051 printk(KERN_ERR "init_dev but no ldisc\n");
2052success:
2053 *ret_tty = tty;
2054
70522e12 2055 /* All paths come through here to release the mutex */
1da177e4
LT		 2056end_init:
2057 return retval;
2058
2059 /* Release locally allocated memory ... nothing placed in slots */
2060free_mem_out:
735d5661 2061 kfree(o_tp);
1da177e4
LT		 2062 if (o_tty)
2063 free_tty_struct(o_tty);
735d5661
JJ		 2064 kfree(ltp);
2065 kfree(tp);
1da177e4
LT		 2066 free_tty_struct(tty);
2067
2068fail_no_mem:
2069 module_put(driver->owner);
2070 retval = -ENOMEM;
2071 goto end_init;
2072
2073 /* call the tty release_mem routine to clean out this slot */
2074release_mem_out:
2075 printk(KERN_INFO "init_dev: ldisc open failed, "
2076 "clearing slot %d\n", idx);
2077 release_mem(tty, idx);
2078 goto end_init;
2079}
2080
af9b897e
AC		 2081/**
2082 * release_mem - release tty structure memory
2083 *
2084 * Releases memory associated with a tty structure, and clears out the
2085 * driver table slots. This function is called when a device is no longer
2086 * in use. It also gets called when setup of a device fails.
2087 *
2088 * Locking:
2089 * tty_mutex - sometimes only
2090 * takes the file list lock internally when working on the list
2091 * of ttys that the driver keeps.
2092 * FIXME: should we require tty_mutex is held here ??
1da177e4 2093 */
af9b897e 2094
1da177e4
LT		 2095static void release_mem(struct tty_struct *tty, int idx)
2096{
2097 struct tty_struct *o_tty;
2098 struct termios *tp;
2099 int devpts = tty->driver->flags & TTY_DRIVER_DEVPTS_MEM;
2100
2101 if ((o_tty = tty->link) != NULL) {
2102 if (!devpts)
2103 o_tty->driver->ttys[idx] = NULL;
2104 if (o_tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
2105 tp = o_tty->termios;
2106 if (!devpts)
2107 o_tty->driver->termios[idx] = NULL;
2108 kfree(tp);
2109
2110 tp = o_tty->termios_locked;
2111 if (!devpts)
2112 o_tty->driver->termios_locked[idx] = NULL;
2113 kfree(tp);
2114 }
2115 o_tty->magic = 0;
2116 o_tty->driver->refcount--;
2117 file_list_lock();
2118 list_del_init(&o_tty->tty_files);
2119 file_list_unlock();
2120 free_tty_struct(o_tty);
2121 }
2122
2123 if (!devpts)
2124 tty->driver->ttys[idx] = NULL;
2125 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
2126 tp = tty->termios;
2127 if (!devpts)
2128 tty->driver->termios[idx] = NULL;
2129 kfree(tp);
2130
2131 tp = tty->termios_locked;
2132 if (!devpts)
2133 tty->driver->termios_locked[idx] = NULL;
2134 kfree(tp);
2135 }
2136
2137 tty->magic = 0;
2138 tty->driver->refcount--;
2139 file_list_lock();
2140 list_del_init(&tty->tty_files);
2141 file_list_unlock();
2142 module_put(tty->driver->owner);
2143 free_tty_struct(tty);
2144}
2145
2146/*
2147 * Even releasing the tty structures is a tricky business.. We have
2148 * to be very careful that the structures are all released at the
2149 * same time, as interrupts might otherwise get the wrong pointers.
2150 *
2151 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
2152 * lead to double frees or releasing memory still in use.
2153 */
2154static void release_dev(struct file * filp)
2155{
2156 struct tty_struct *tty, *o_tty;
2157 int pty_master, tty_closing, o_tty_closing, do_sleep;
14a6283e 2158 int devpts;
1da177e4
LT		 2159 int idx;
2160 char buf[64];
2161 unsigned long flags;
2162
2163 tty = (struct tty_struct *)filp->private_data;
2164 if (tty_paranoia_check(tty, filp->f_dentry->d_inode, "release_dev"))
2165 return;
2166
2167 check_tty_count(tty, "release_dev");
2168
2169 tty_fasync(-1, filp, 0);
2170
2171 idx = tty->index;
2172 pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2173 tty->driver->subtype == PTY_TYPE_MASTER);
2174 devpts = (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) != 0;
1da177e4
LT		 2175 o_tty = tty->link;
2176
2177#ifdef TTY_PARANOIA_CHECK
2178 if (idx < 0 || idx >= tty->driver->num) {
2179 printk(KERN_DEBUG "release_dev: bad idx when trying to "
2180 "free (%s)\n", tty->name);
2181 return;
2182 }
2183 if (!(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2184 if (tty != tty->driver->ttys[idx]) {
2185 printk(KERN_DEBUG "release_dev: driver.table[%d] not tty "
2186 "for (%s)\n", idx, tty->name);
2187 return;
2188 }
2189 if (tty->termios != tty->driver->termios[idx]) {
2190 printk(KERN_DEBUG "release_dev: driver.termios[%d] not termios "
2191 "for (%s)\n",
2192 idx, tty->name);
2193 return;
2194 }
2195 if (tty->termios_locked != tty->driver->termios_locked[idx]) {
2196 printk(KERN_DEBUG "release_dev: driver.termios_locked[%d] not "
2197 "termios_locked for (%s)\n",
2198 idx, tty->name);
2199 return;
2200 }
2201 }
2202#endif
2203
2204#ifdef TTY_DEBUG_HANGUP
2205 printk(KERN_DEBUG "release_dev of %s (tty count=%d)...",
2206 tty_name(tty, buf), tty->count);
2207#endif
2208
2209#ifdef TTY_PARANOIA_CHECK
2210 if (tty->driver->other &&
2211 !(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2212 if (o_tty != tty->driver->other->ttys[idx]) {
2213 printk(KERN_DEBUG "release_dev: other->table[%d] "
2214 "not o_tty for (%s)\n",
2215 idx, tty->name);
2216 return;
2217 }
2218 if (o_tty->termios != tty->driver->other->termios[idx]) {
2219 printk(KERN_DEBUG "release_dev: other->termios[%d] "
2220 "not o_termios for (%s)\n",
2221 idx, tty->name);
2222 return;
2223 }
2224 if (o_tty->termios_locked !=
2225 tty->driver->other->termios_locked[idx]) {
2226 printk(KERN_DEBUG "release_dev: other->termios_locked["
2227 "%d] not o_termios_locked for (%s)\n",
2228 idx, tty->name);
2229 return;
2230 }
2231 if (o_tty->link != tty) {
2232 printk(KERN_DEBUG "release_dev: bad pty pointers\n");
2233 return;
2234 }
2235 }
2236#endif
2237 if (tty->driver->close)
2238 tty->driver->close(tty, filp);
2239
2240 /*
2241 * Sanity check: if tty->count is going to zero, there shouldn't be
2242 * any waiters on tty->read_wait or tty->write_wait. We test the
2243 * wait queues and kick everyone out _before_ actually starting to
2244 * close. This ensures that we won't block while releasing the tty
2245 * structure.
2246 *
2247 * The test for the o_tty closing is necessary, since the master and
2248 * slave sides may close in any order. If the slave side closes out
2249 * first, its count will be one, since the master side holds an open.
2250 * Thus this test wouldn't be triggered at the time the slave closes,
2251 * so we do it now.
2252 *
2253 * Note that it's possible for the tty to be opened again while we're
2254 * flushing out waiters. By recalculating the closing flags before
2255 * each iteration we avoid any problems.
2256 */
2257 while (1) {
2258 /* Guard against races with tty->count changes elsewhere and
2259 opens on /dev/tty */
2260
70522e12 2261 mutex_lock(&tty_mutex);
1da177e4
LT		 2262 tty_closing = tty->count <= 1;
2263 o_tty_closing = o_tty &&
2264 (o_tty->count <= (pty_master ? 1 : 0));
1da177e4
LT		 2265 do_sleep = 0;
2266
2267 if (tty_closing) {
2268 if (waitqueue_active(&tty->read_wait)) {
2269 wake_up(&tty->read_wait);
2270 do_sleep++;
2271 }
2272 if (waitqueue_active(&tty->write_wait)) {
2273 wake_up(&tty->write_wait);
2274 do_sleep++;
2275 }
2276 }
2277 if (o_tty_closing) {
2278 if (waitqueue_active(&o_tty->read_wait)) {
2279 wake_up(&o_tty->read_wait);
2280 do_sleep++;
2281 }
2282 if (waitqueue_active(&o_tty->write_wait)) {
2283 wake_up(&o_tty->write_wait);
2284 do_sleep++;
2285 }
2286 }
2287 if (!do_sleep)
2288 break;
2289
2290 printk(KERN_WARNING "release_dev: %s: read/write wait queue "
2291 "active!\n", tty_name(tty, buf));
70522e12 2292 mutex_unlock(&tty_mutex);
1da177e4
LT		 2293 schedule();
2294 }
2295
2296 /*
2297 * The closing flags are now consistent with the open counts on
2298 * both sides, and we've completed the last operation that could
2299 * block, so it's safe to proceed with closing.
2300 */
1da177e4
LT		 2301 if (pty_master) {
2302 if (--o_tty->count < 0) {
2303 printk(KERN_WARNING "release_dev: bad pty slave count "
2304 "(%d) for %s\n",
2305 o_tty->count, tty_name(o_tty, buf));
2306 o_tty->count = 0;
2307 }
2308 }
2309 if (--tty->count < 0) {
2310 printk(KERN_WARNING "release_dev: bad tty->count (%d) for %s\n",
2311 tty->count, tty_name(tty, buf));
2312 tty->count = 0;
2313 }
1da177e4
LT		 2314
2315 /*
2316 * We've decremented tty->count, so we need to remove this file
2317 * descriptor off the tty->tty_files list; this serves two
2318 * purposes:
2319 * - check_tty_count sees the correct number of file descriptors
2320 * associated with this tty.
2321 * - do_tty_hangup no longer sees this file descriptor as
2322 * something that needs to be handled for hangups.
2323 */
2324 file_kill(filp);
2325 filp->private_data = NULL;
2326
2327 /*
2328 * Perform some housekeeping before deciding whether to return.
2329 *
2330 * Set the TTY_CLOSING flag if this was the last open. In the
2331 * case of a pty we may have to wait around for the other side
2332 * to close, and TTY_CLOSING makes sure we can't be reopened.
2333 */
2334 if(tty_closing)
2335 set_bit(TTY_CLOSING, &tty->flags);
2336 if(o_tty_closing)
2337 set_bit(TTY_CLOSING, &o_tty->flags);
2338
2339 /*
2340 * If _either_ side is closing, make sure there aren't any
2341 * processes that still think tty or o_tty is their controlling
2342 * tty.
2343 */
2344 if (tty_closing || o_tty_closing) {
2345 struct task_struct *p;
2346
2347 read_lock(&tasklist_lock);
2348 do_each_task_pid(tty->session, PIDTYPE_SID, p) {
2349 p->signal->tty = NULL;
2350 } while_each_task_pid(tty->session, PIDTYPE_SID, p);
2351 if (o_tty)
2352 do_each_task_pid(o_tty->session, PIDTYPE_SID, p) {
2353 p->signal->tty = NULL;
2354 } while_each_task_pid(o_tty->session, PIDTYPE_SID, p);
2355 read_unlock(&tasklist_lock);
2356 }
2357
70522e12 2358 mutex_unlock(&tty_mutex);
da965822 2359
1da177e4
LT		 2360 /* check whether both sides are closing ... */
2361 if (!tty_closing || (o_tty && !o_tty_closing))
2362 return;
2363
2364#ifdef TTY_DEBUG_HANGUP
2365 printk(KERN_DEBUG "freeing tty structure...");
2366#endif
2367 /*
2368 * Prevent flush_to_ldisc() from rescheduling the work for later. Then
2369 * kill any delayed work. As this is the final close it does not
2370 * race with the set_ldisc code path.
2371 */
2372 clear_bit(TTY_LDISC, &tty->flags);
33f0f88f 2373 cancel_delayed_work(&tty->buf.work);
1da177e4
LT		 2374
2375 /*
33f0f88f 2376 * Wait for ->hangup_work and ->buf.work handlers to terminate
1da177e4
LT		 2377 */
2378
2379 flush_scheduled_work();
2380
2381 /*
2382 * Wait for any short term users (we know they are just driver
2383 * side waiters as the file is closing so user count on the file
2384 * side is zero.
2385 */
2386 spin_lock_irqsave(&tty_ldisc_lock, flags);
2387 while(tty->ldisc.refcount)
2388 {
2389 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
2390 wait_event(tty_ldisc_wait, tty->ldisc.refcount == 0);
2391 spin_lock_irqsave(&tty_ldisc_lock, flags);
2392 }
2393 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
2394 /*
2395 * Shutdown the current line discipline, and reset it to N_TTY.
2396 * N.B. why reset ldisc when we're releasing the memory??
2397 *
2398 * FIXME: this MUST get fixed for the new reflocking
2399 */
2400 if (tty->ldisc.close)
2401 (tty->ldisc.close)(tty);
2402 tty_ldisc_put(tty->ldisc.num);
2403
2404 /*
2405 * Switch the line discipline back
2406 */
2407 tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
2408 tty_set_termios_ldisc(tty,N_TTY);
2409 if (o_tty) {
2410 /* FIXME: could o_tty be in setldisc here ? */
2411 clear_bit(TTY_LDISC, &o_tty->flags);
2412 if (o_tty->ldisc.close)
2413 (o_tty->ldisc.close)(o_tty);
2414 tty_ldisc_put(o_tty->ldisc.num);
2415 tty_ldisc_assign(o_tty, tty_ldisc_get(N_TTY));
2416 tty_set_termios_ldisc(o_tty,N_TTY);
2417 }
2418 /*
2419 * The release_mem function takes care of the details of clearing
2420 * the slots and preserving the termios structure.
2421 */
2422 release_mem(tty, idx);
2423
2424#ifdef CONFIG_UNIX98_PTYS
2425 /* Make this pty number available for reallocation */
2426 if (devpts) {
2427 down(&allocated_ptys_lock);
2428 idr_remove(&allocated_ptys, idx);
2429 up(&allocated_ptys_lock);
2430 }
2431#endif
2432
2433}
2434
af9b897e
AC		 2435/**
2436 * tty_open - open a tty device
2437 * @inode: inode of device file
2438 * @filp: file pointer to tty
1da177e4 2439 *
af9b897e
AC		 2440 * tty_open and tty_release keep up the tty count that contains the
2441 * number of opens done on a tty. We cannot use the inode-count, as
2442 * different inodes might point to the same tty.
1da177e4 2443 *
af9b897e
AC		 2444 * Open-counting is needed for pty masters, as well as for keeping
2445 * track of serial lines: DTR is dropped when the last close happens.
2446 * (This is not done solely through tty->count, now. - Ted 1/27/92)
2447 *
2448 * The termios state of a pty is reset on first open so that
2449 * settings don't persist across reuse.
2450 *
2451 * Locking: tty_mutex protects current->signal->tty, get_tty_driver and
2452 * init_dev work. tty->count should protect the rest.
2453 * task_lock is held to update task details for sessions
1da177e4 2454 */
af9b897e 2455
1da177e4
LT		 2456static int tty_open(struct inode * inode, struct file * filp)
2457{
2458 struct tty_struct *tty;
2459 int noctty, retval;
2460 struct tty_driver *driver;
2461 int index;
2462 dev_t device = inode->i_rdev;
2463 unsigned short saved_flags = filp->f_flags;
2464
2465 nonseekable_open(inode, filp);
2466
2467retry_open:
2468 noctty = filp->f_flags & O_NOCTTY;
2469 index = -1;
2470 retval = 0;
2471
70522e12 2472 mutex_lock(&tty_mutex);
1da177e4
LT		 2473
2474 if (device == MKDEV(TTYAUX_MAJOR,0)) {
2475 if (!current->signal->tty) {
70522e12 2476 mutex_unlock(&tty_mutex);
1da177e4
LT		 2477 return -ENXIO;
2478 }
2479 driver = current->signal->tty->driver;
2480 index = current->signal->tty->index;
2481 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
2482 /* noctty = 1; */
2483 goto got_driver;
2484 }
2485#ifdef CONFIG_VT
2486 if (device == MKDEV(TTY_MAJOR,0)) {
2487 extern struct tty_driver *console_driver;
2488 driver = console_driver;
2489 index = fg_console;
2490 noctty = 1;
2491 goto got_driver;
2492 }
2493#endif
2494 if (device == MKDEV(TTYAUX_MAJOR,1)) {
2495 driver = console_device(&index);
2496 if (driver) {
2497 /* Don't let /dev/console block */
2498 filp->f_flags |= O_NONBLOCK;
2499 noctty = 1;
2500 goto got_driver;
2501 }
70522e12 2502 mutex_unlock(&tty_mutex);
1da177e4
LT		 2503 return -ENODEV;
2504 }
2505
2506 driver = get_tty_driver(device, &index);
2507 if (!driver) {
70522e12 2508 mutex_unlock(&tty_mutex);
1da177e4
LT		 2509 return -ENODEV;
2510 }
2511got_driver:
2512 retval = init_dev(driver, index, &tty);
70522e12 2513 mutex_unlock(&tty_mutex);
1da177e4
LT		 2514 if (retval)
2515 return retval;
2516
2517 filp->private_data = tty;
2518 file_move(filp, &tty->tty_files);
2519 check_tty_count(tty, "tty_open");
2520 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2521 tty->driver->subtype == PTY_TYPE_MASTER)
2522 noctty = 1;
2523#ifdef TTY_DEBUG_HANGUP
2524 printk(KERN_DEBUG "opening %s...", tty->name);
2525#endif
2526 if (!retval) {
2527 if (tty->driver->open)
2528 retval = tty->driver->open(tty, filp);
2529 else
2530 retval = -ENODEV;
2531 }
2532 filp->f_flags = saved_flags;
2533
2534 if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN))
2535 retval = -EBUSY;
2536
2537 if (retval) {
2538#ifdef TTY_DEBUG_HANGUP
2539 printk(KERN_DEBUG "error %d in opening %s...", retval,
2540 tty->name);
2541#endif
2542 release_dev(filp);
2543 if (retval != -ERESTARTSYS)
2544 return retval;
2545 if (signal_pending(current))
2546 return retval;
2547 schedule();
2548 /*
2549 * Need to reset f_op in case a hangup happened.
2550 */
2551 if (filp->f_op == &hung_up_tty_fops)
2552 filp->f_op = &tty_fops;
2553 goto retry_open;
2554 }
2555 if (!noctty &&
2556 current->signal->leader &&
2557 !current->signal->tty &&
2558 tty->session == 0) {
2559 task_lock(current);
2560 current->signal->tty = tty;
2561 task_unlock(current);
2562 current->signal->tty_old_pgrp = 0;
2563 tty->session = current->signal->session;
2564 tty->pgrp = process_group(current);
2565 }
2566 return 0;
2567}
2568
2569#ifdef CONFIG_UNIX98_PTYS
af9b897e
AC		 2570/**
2571 * ptmx_open - open a unix 98 pty master
2572 * @inode: inode of device file
2573 * @filp: file pointer to tty
2574 *
2575 * Allocate a unix98 pty master device from the ptmx driver.
2576 *
2577 * Locking: tty_mutex protects theinit_dev work. tty->count should
2578 protect the rest.
2579 * allocated_ptys_lock handles the list of free pty numbers
2580 */
2581
1da177e4
LT		 2582static int ptmx_open(struct inode * inode, struct file * filp)
2583{
2584 struct tty_struct *tty;
2585 int retval;
2586 int index;
2587 int idr_ret;
2588
2589 nonseekable_open(inode, filp);
2590
2591 /* find a device that is not in use. */
2592 down(&allocated_ptys_lock);
2593 if (!idr_pre_get(&allocated_ptys, GFP_KERNEL)) {
2594 up(&allocated_ptys_lock);
2595 return -ENOMEM;
2596 }
2597 idr_ret = idr_get_new(&allocated_ptys, NULL, &index);
2598 if (idr_ret < 0) {
2599 up(&allocated_ptys_lock);
2600 if (idr_ret == -EAGAIN)
2601 return -ENOMEM;
2602 return -EIO;
2603 }
2604 if (index >= pty_limit) {
2605 idr_remove(&allocated_ptys, index);
2606 up(&allocated_ptys_lock);
2607 return -EIO;
2608 }
2609 up(&allocated_ptys_lock);
2610
70522e12 2611 mutex_lock(&tty_mutex);
1da177e4 2612 retval = init_dev(ptm_driver, index, &tty);
70522e12 2613 mutex_unlock(&tty_mutex);
1da177e4
LT		 2614
2615 if (retval)
2616 goto out;
2617
2618 set_bit(TTY_PTY_LOCK, &tty->flags); /* LOCK THE SLAVE */
2619 filp->private_data = tty;
2620 file_move(filp, &tty->tty_files);
2621
2622 retval = -ENOMEM;
2623 if (devpts_pty_new(tty->link))
2624 goto out1;
2625
2626 check_tty_count(tty, "tty_open");
2627 retval = ptm_driver->open(tty, filp);
2628 if (!retval)
2629 return 0;
2630out1:
2631 release_dev(filp);
9453a5ad 2632 return retval;
1da177e4
LT		 2633out:
2634 down(&allocated_ptys_lock);
2635 idr_remove(&allocated_ptys, index);
2636 up(&allocated_ptys_lock);
2637 return retval;
2638}
2639#endif
2640
af9b897e
AC		 2641/**
2642 * tty_release - vfs callback for close
2643 * @inode: inode of tty
2644 * @filp: file pointer for handle to tty
2645 *
2646 * Called the last time each file handle is closed that references
2647 * this tty. There may however be several such references.
2648 *
2649 * Locking:
2650 * Takes bkl. See release_dev
2651 */
2652
1da177e4
LT		 2653static int tty_release(struct inode * inode, struct file * filp)
2654{
2655 lock_kernel();
2656 release_dev(filp);
2657 unlock_kernel();
2658 return 0;
2659}
2660
af9b897e
AC		 2661/**
2662 * tty_poll - check tty status
2663 * @filp: file being polled
2664 * @wait: poll wait structures to update
2665 *
2666 * Call the line discipline polling method to obtain the poll
2667 * status of the device.
2668 *
2669 * Locking: locks called line discipline but ldisc poll method
2670 * may be re-entered freely by other callers.
2671 */
2672
1da177e4
LT		 2673static unsigned int tty_poll(struct file * filp, poll_table * wait)
2674{
2675 struct tty_struct * tty;
2676 struct tty_ldisc *ld;
2677 int ret = 0;
2678
2679 tty = (struct tty_struct *)filp->private_data;
2680 if (tty_paranoia_check(tty, filp->f_dentry->d_inode, "tty_poll"))
2681 return 0;
2682
2683 ld = tty_ldisc_ref_wait(tty);
2684 if (ld->poll)
2685 ret = (ld->poll)(tty, filp, wait);
2686 tty_ldisc_deref(ld);
2687 return ret;
2688}
2689
2690static int tty_fasync(int fd, struct file * filp, int on)
2691{
2692 struct tty_struct * tty;
2693 int retval;
2694
2695 tty = (struct tty_struct *)filp->private_data;
2696 if (tty_paranoia_check(tty, filp->f_dentry->d_inode, "tty_fasync"))
2697 return 0;
2698
2699 retval = fasync_helper(fd, filp, on, &tty->fasync);
2700 if (retval <= 0)
2701 return retval;
2702
2703 if (on) {
2704 if (!waitqueue_active(&tty->read_wait))
2705 tty->minimum_to_wake = 1;
2706 retval = f_setown(filp, (-tty->pgrp) ? : current->pid, 0);
2707 if (retval)
2708 return retval;
2709 } else {
2710 if (!tty->fasync && !waitqueue_active(&tty->read_wait))
2711 tty->minimum_to_wake = N_TTY_BUF_SIZE;
2712 }
2713 return 0;
2714}
2715
af9b897e
AC		 2716/**
2717 * tiocsti - fake input character
2718 * @tty: tty to fake input into
2719 * @p: pointer to character
2720 *
2721 * Fake input to a tty device. Does the neccessary locking and
2722 * input management.
2723 *
2724 * FIXME: does not honour flow control ??
2725 *
2726 * Locking:
2727 * Called functions take tty_ldisc_lock
2728 * current->signal->tty check is safe without locks
2729 */
2730
1da177e4
LT		 2731static int tiocsti(struct tty_struct *tty, char __user *p)
2732{
2733 char ch, mbz = 0;
2734 struct tty_ldisc *ld;
2735
2736 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2737 return -EPERM;
2738 if (get_user(ch, p))
2739 return -EFAULT;
2740 ld = tty_ldisc_ref_wait(tty);
2741 ld->receive_buf(tty, &ch, &mbz, 1);
2742 tty_ldisc_deref(ld);
2743 return 0;
2744}
2745
af9b897e
AC		 2746/**
2747 * tiocgwinsz - implement window query ioctl
2748 * @tty; tty
2749 * @arg: user buffer for result
2750 *
2751 * Copies the kernel idea of the window size into the user buffer. No
2752 * locking is done.
2753 *
2754 * FIXME: Returning random values racing a window size set is wrong
2755 * should lock here against that
2756 */
2757
1da177e4
LT		 2758static int tiocgwinsz(struct tty_struct *tty, struct winsize __user * arg)
2759{
2760 if (copy_to_user(arg, &tty->winsize, sizeof(*arg)))
2761 return -EFAULT;
2762 return 0;
2763}
2764
af9b897e
AC		 2765/**
2766 * tiocswinsz - implement window size set ioctl
2767 * @tty; tty
2768 * @arg: user buffer for result
2769 *
2770 * Copies the user idea of the window size to the kernel. Traditionally
2771 * this is just advisory information but for the Linux console it
2772 * actually has driver level meaning and triggers a VC resize.
2773 *
2774 * Locking:
2775 * The console_sem is used to ensure we do not try and resize
2776 * the console twice at once.
2777 * FIXME: Two racing size sets may leave the console and kernel
2778 * parameters disagreeing. Is this exploitable ?
2779 * FIXME: Random values racing a window size get is wrong
2780 * should lock here against that
2781 */
2782
1da177e4
LT		 2783static int tiocswinsz(struct tty_struct *tty, struct tty_struct *real_tty,
2784 struct winsize __user * arg)
2785{
2786 struct winsize tmp_ws;
2787
2788 if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2789 return -EFAULT;
2790 if (!memcmp(&tmp_ws, &tty->winsize, sizeof(*arg)))
2791 return 0;
2792#ifdef CONFIG_VT
2793 if (tty->driver->type == TTY_DRIVER_TYPE_CONSOLE) {
2794 int rc;
2795
2796 acquire_console_sem();
2797 rc = vc_resize(tty->driver_data, tmp_ws.ws_col, tmp_ws.ws_row);
2798 release_console_sem();
2799 if (rc)
2800 return -ENXIO;
2801 }
2802#endif
2803 if (tty->pgrp > 0)
2804 kill_pg(tty->pgrp, SIGWINCH, 1);
2805 if ((real_tty->pgrp != tty->pgrp) && (real_tty->pgrp > 0))
2806 kill_pg(real_tty->pgrp, SIGWINCH, 1);
2807 tty->winsize = tmp_ws;
2808 real_tty->winsize = tmp_ws;
2809 return 0;
2810}
2811
af9b897e
AC		 2812/**
2813 * tioccons - allow admin to move logical console
2814 * @file: the file to become console
2815 *
2816 * Allow the adminstrator to move the redirected console device
2817 *
2818 * Locking: uses redirect_lock to guard the redirect information
2819 */
2820
1da177e4
LT		 2821static int tioccons(struct file *file)
2822{
2823 if (!capable(CAP_SYS_ADMIN))
2824 return -EPERM;
2825 if (file->f_op->write == redirected_tty_write) {
2826 struct file *f;
2827 spin_lock(&redirect_lock);
2828 f = redirect;
2829 redirect = NULL;
2830 spin_unlock(&redirect_lock);
2831 if (f)
2832 fput(f);
2833 return 0;
2834 }
2835 spin_lock(&redirect_lock);
2836 if (redirect) {
2837 spin_unlock(&redirect_lock);
2838 return -EBUSY;
2839 }
2840 get_file(file);
2841 redirect = file;
2842 spin_unlock(&redirect_lock);
2843 return 0;
2844}
2845
af9b897e
AC		 2846/**
2847 * fionbio - non blocking ioctl
2848 * @file: file to set blocking value
2849 * @p: user parameter
2850 *
2851 * Historical tty interfaces had a blocking control ioctl before
2852 * the generic functionality existed. This piece of history is preserved
2853 * in the expected tty API of posix OS's.
2854 *
2855 * Locking: none, the open fle handle ensures it won't go away.
2856 */
1da177e4
LT		 2857
2858static int fionbio(struct file *file, int __user *p)
2859{
2860 int nonblock;
2861
2862 if (get_user(nonblock, p))
2863 return -EFAULT;
2864
2865 if (nonblock)
2866 file->f_flags |= O_NONBLOCK;
2867 else
2868 file->f_flags &= ~O_NONBLOCK;
2869 return 0;
2870}
2871
af9b897e
AC		 2872/**
2873 * tiocsctty - set controlling tty
2874 * @tty: tty structure
2875 * @arg: user argument
2876 *
2877 * This ioctl is used to manage job control. It permits a session
2878 * leader to set this tty as the controlling tty for the session.
2879 *
2880 * Locking:
2881 * Takes tasklist lock internally to walk sessions
2882 * Takes task_lock() when updating signal->tty
2883 *
2884 * FIXME: tty_mutex is needed to protect signal->tty references.
2885 * FIXME: why task_lock on the signal->tty reference ??
2886 *
2887 */
2888
1da177e4
LT		 2889static int tiocsctty(struct tty_struct *tty, int arg)
2890{
36c8b586 2891 struct task_struct *p;
1da177e4
LT		 2892
2893 if (current->signal->leader &&
2894 (current->signal->session == tty->session))
2895 return 0;
2896 /*
2897 * The process must be a session leader and
2898 * not have a controlling tty already.
2899 */
2900 if (!current->signal->leader || current->signal->tty)
2901 return -EPERM;
2902 if (tty->session > 0) {
2903 /*
2904 * This tty is already the controlling
2905 * tty for another session group!
2906 */
2907 if ((arg == 1) && capable(CAP_SYS_ADMIN)) {
2908 /*
2909 * Steal it away
2910 */
2911
2912 read_lock(&tasklist_lock);
2913 do_each_task_pid(tty->session, PIDTYPE_SID, p) {
2914 p->signal->tty = NULL;
2915 } while_each_task_pid(tty->session, PIDTYPE_SID, p);
2916 read_unlock(&tasklist_lock);
2917 } else
2918 return -EPERM;
2919 }
2920 task_lock(current);
2921 current->signal->tty = tty;
2922 task_unlock(current);
2923 current->signal->tty_old_pgrp = 0;
2924 tty->session = current->signal->session;
2925 tty->pgrp = process_group(current);
2926 return 0;
2927}
2928
af9b897e
AC		 2929/**
2930 * tiocgpgrp - get process group
2931 * @tty: tty passed by user
2932 * @real_tty: tty side of the tty pased by the user if a pty else the tty
2933 * @p: returned pid
2934 *
2935 * Obtain the process group of the tty. If there is no process group
2936 * return an error.
2937 *
2938 * Locking: none. Reference to ->signal->tty is safe.
2939 */
2940
1da177e4
LT		 2941static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2942{
2943 /*
2944 * (tty == real_tty) is a cheap way of
2945 * testing if the tty is NOT a master pty.
2946 */
2947 if (tty == real_tty && current->signal->tty != real_tty)
2948 return -ENOTTY;
2949 return put_user(real_tty->pgrp, p);
2950}
2951
af9b897e
AC		 2952/**
2953 * tiocspgrp - attempt to set process group
2954 * @tty: tty passed by user
2955 * @real_tty: tty side device matching tty passed by user
2956 * @p: pid pointer
2957 *
2958 * Set the process group of the tty to the session passed. Only
2959 * permitted where the tty session is our session.
2960 *
2961 * Locking: None
2962 *
2963 * FIXME: current->signal->tty referencing is unsafe.
2964 */
2965
1da177e4
LT		 2966static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2967{
2968 pid_t pgrp;
2969 int retval = tty_check_change(real_tty);
2970
2971 if (retval == -EIO)
2972 return -ENOTTY;
2973 if (retval)
2974 return retval;
2975 if (!current->signal->tty ||
2976 (current->signal->tty != real_tty) ||
2977 (real_tty->session != current->signal->session))
2978 return -ENOTTY;
2979 if (get_user(pgrp, p))
2980 return -EFAULT;
2981 if (pgrp < 0)
2982 return -EINVAL;
2983 if (session_of_pgrp(pgrp) != current->signal->session)
2984 return -EPERM;
2985 real_tty->pgrp = pgrp;
2986 return 0;
2987}
2988
af9b897e
AC		 2989/**
2990 * tiocgsid - get session id
2991 * @tty: tty passed by user
2992 * @real_tty: tty side of the tty pased by the user if a pty else the tty
2993 * @p: pointer to returned session id
2994 *
2995 * Obtain the session id of the tty. If there is no session
2996 * return an error.
2997 *
2998 * Locking: none. Reference to ->signal->tty is safe.
2999 */
3000
1da177e4
LT		 3001static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3002{
3003 /*
3004 * (tty == real_tty) is a cheap way of
3005 * testing if the tty is NOT a master pty.
3006 */
3007 if (tty == real_tty && current->signal->tty != real_tty)
3008 return -ENOTTY;
3009 if (real_tty->session <= 0)
3010 return -ENOTTY;
3011 return put_user(real_tty->session, p);
3012}
3013
af9b897e
AC		 3014/**
3015 * tiocsetd - set line discipline
3016 * @tty: tty device
3017 * @p: pointer to user data
3018 *
3019 * Set the line discipline according to user request.
3020 *
3021 * Locking: see tty_set_ldisc, this function is just a helper
3022 */
3023
1da177e4
LT		 3024static int tiocsetd(struct tty_struct *tty, int __user *p)
3025{
3026 int ldisc;
3027
3028 if (get_user(ldisc, p))
3029 return -EFAULT;
3030 return tty_set_ldisc(tty, ldisc);
3031}
3032
af9b897e
AC		 3033/**
3034 * send_break - performed time break
3035 * @tty: device to break on
3036 * @duration: timeout in mS
3037 *
3038 * Perform a timed break on hardware that lacks its own driver level
3039 * timed break functionality.
3040 *
3041 * Locking:
3042 * None
3043 *
3044 * FIXME:
3045 * What if two overlap
3046 */
3047
b20f3ae5 3048static int send_break(struct tty_struct *tty, unsigned int duration)
1da177e4
LT		 3049{
3050 tty->driver->break_ctl(tty, -1);
3051 if (!signal_pending(current)) {
b20f3ae5 3052 msleep_interruptible(duration);
1da177e4
LT		 3053 }
3054 tty->driver->break_ctl(tty, 0);
3055 if (signal_pending(current))
3056 return -EINTR;
3057 return 0;
3058}
3059
af9b897e
AC		 3060/**
3061 * tiocmget - get modem status
3062 * @tty: tty device
3063 * @file: user file pointer
3064 * @p: pointer to result
3065 *
3066 * Obtain the modem status bits from the tty driver if the feature
3067 * is supported. Return -EINVAL if it is not available.
3068 *
3069 * Locking: none (up to the driver)
3070 */
3071
3072static int tty_tiocmget(struct tty_struct *tty, struct file *file, int __user *p)
1da177e4
LT		 3073{
3074 int retval = -EINVAL;
3075
3076 if (tty->driver->tiocmget) {
3077 retval = tty->driver->tiocmget(tty, file);
3078
3079 if (retval >= 0)
3080 retval = put_user(retval, p);
3081 }
3082 return retval;
3083}
3084
af9b897e
AC		 3085/**
3086 * tiocmset - set modem status
3087 * @tty: tty device
3088 * @file: user file pointer
3089 * @cmd: command - clear bits, set bits or set all
3090 * @p: pointer to desired bits
3091 *
3092 * Set the modem status bits from the tty driver if the feature
3093 * is supported. Return -EINVAL if it is not available.
3094 *
3095 * Locking: none (up to the driver)
3096 */
3097
3098static int tty_tiocmset(struct tty_struct *tty, struct file *file, unsigned int cmd,
1da177e4
LT		 3099 unsigned __user *p)
3100{
3101 int retval = -EINVAL;
3102
3103 if (tty->driver->tiocmset) {
3104 unsigned int set, clear, val;
3105
3106 retval = get_user(val, p);
3107 if (retval)
3108 return retval;
3109
3110 set = clear = 0;
3111 switch (cmd) {
3112 case TIOCMBIS:
3113 set = val;
3114 break;
3115 case TIOCMBIC:
3116 clear = val;
3117 break;
3118 case TIOCMSET:
3119 set = val;
3120 clear = ~val;
3121 break;
3122 }
3123
3124 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
3125 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
3126
3127 retval = tty->driver->tiocmset(tty, file, set, clear);
3128 }
3129 return retval;
3130}
3131
3132/*
3133 * Split this up, as gcc can choke on it otherwise..
3134 */
3135int tty_ioctl(struct inode * inode, struct file * file,
3136 unsigned int cmd, unsigned long arg)
3137{
3138 struct tty_struct *tty, *real_tty;
3139 void __user *p = (void __user *)arg;
3140 int retval;
3141 struct tty_ldisc *ld;
3142
3143 tty = (struct tty_struct *)file->private_data;
3144 if (tty_paranoia_check(tty, inode, "tty_ioctl"))
3145 return -EINVAL;
3146
3147 real_tty = tty;
3148 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
3149 tty->driver->subtype == PTY_TYPE_MASTER)
3150 real_tty = tty->link;
3151
3152 /*
3153 * Break handling by driver
3154 */
3155 if (!tty->driver->break_ctl) {
3156 switch(cmd) {
3157 case TIOCSBRK:
3158 case TIOCCBRK:
3159 if (tty->driver->ioctl)
3160 return tty->driver->ioctl(tty, file, cmd, arg);
3161 return -EINVAL;
3162
3163 /* These two ioctl's always return success; even if */
3164 /* the driver doesn't support them. */
3165 case TCSBRK:
3166 case TCSBRKP:
3167 if (!tty->driver->ioctl)
3168 return 0;
3169 retval = tty->driver->ioctl(tty, file, cmd, arg);
3170 if (retval == -ENOIOCTLCMD)
3171 retval = 0;
3172 return retval;
3173 }
3174 }
3175
3176 /*
3177 * Factor out some common prep work
3178 */
3179 switch (cmd) {
3180 case TIOCSETD:
3181 case TIOCSBRK:
3182 case TIOCCBRK:
3183 case TCSBRK:
3184 case TCSBRKP:
3185 retval = tty_check_change(tty);
3186 if (retval)
3187 return retval;
3188 if (cmd != TIOCCBRK) {
3189 tty_wait_until_sent(tty, 0);
3190 if (signal_pending(current))
3191 return -EINTR;
3192 }
3193 break;
3194 }
3195
3196 switch (cmd) {
3197 case TIOCSTI:
3198 return tiocsti(tty, p);
3199 case TIOCGWINSZ:
3200 return tiocgwinsz(tty, p);
3201 case TIOCSWINSZ:
3202 return tiocswinsz(tty, real_tty, p);
3203 case TIOCCONS:
3204 return real_tty!=tty ? -EINVAL : tioccons(file);
3205 case FIONBIO:
3206 return fionbio(file, p);
3207 case TIOCEXCL:
3208 set_bit(TTY_EXCLUSIVE, &tty->flags);
3209 return 0;
3210 case TIOCNXCL:
3211 clear_bit(TTY_EXCLUSIVE, &tty->flags);
3212 return 0;
3213 case TIOCNOTTY:
af9b897e 3214 /* FIXME: taks lock or tty_mutex ? */
1da177e4
LT		 3215 if (current->signal->tty != tty)
3216 return -ENOTTY;
3217 if (current->signal->leader)
3218 disassociate_ctty(0);
3219 task_lock(current);
3220 current->signal->tty = NULL;
3221 task_unlock(current);
3222 return 0;
3223 case TIOCSCTTY:
3224 return tiocsctty(tty, arg);
3225 case TIOCGPGRP:
3226 return tiocgpgrp(tty, real_tty, p);
3227 case TIOCSPGRP:
3228 return tiocspgrp(tty, real_tty, p);
3229 case TIOCGSID:
3230 return tiocgsid(tty, real_tty, p);
3231 case TIOCGETD:
3232 /* FIXME: check this is ok */
3233 return put_user(tty->ldisc.num, (int __user *)p);
3234 case TIOCSETD:
3235 return tiocsetd(tty, p);
3236#ifdef CONFIG_VT
3237 case TIOCLINUX:
3238 return tioclinux(tty, arg);
3239#endif
3240 /*
3241 * Break handling
3242 */
3243 case TIOCSBRK: /* Turn break on, unconditionally */
3244 tty->driver->break_ctl(tty, -1);
3245 return 0;
3246
3247 case TIOCCBRK: /* Turn break off, unconditionally */
3248 tty->driver->break_ctl(tty, 0);
3249 return 0;
3250 case TCSBRK: /* SVID version: non-zero arg --> no break */
283fef59
PF		 3251 /* non-zero arg means wait for all output data
3252 * to be sent (performed above) but don't send break.
3253 * This is used by the tcdrain() termios function.
1da177e4
LT		 3254 */
3255 if (!arg)
b20f3ae5 3256 return send_break(tty, 250);
1da177e4
LT		 3257 return 0;
3258 case TCSBRKP: /* support for POSIX tcsendbreak() */
b20f3ae5 3259 return send_break(tty, arg ? arg*100 : 250);
1da177e4
LT		 3260
3261 case TIOCMGET:
3262 return tty_tiocmget(tty, file, p);
3263
3264 case TIOCMSET:
3265 case TIOCMBIC:
3266 case TIOCMBIS:
3267 return tty_tiocmset(tty, file, cmd, p);
3268 }
3269 if (tty->driver->ioctl) {
3270 retval = (tty->driver->ioctl)(tty, file, cmd, arg);
3271 if (retval != -ENOIOCTLCMD)
3272 return retval;
3273 }
3274 ld = tty_ldisc_ref_wait(tty);
3275 retval = -EINVAL;
3276 if (ld->ioctl) {
3277 retval = ld->ioctl(tty, file, cmd, arg);
3278 if (retval == -ENOIOCTLCMD)
3279 retval = -EINVAL;
3280 }
3281 tty_ldisc_deref(ld);
3282 return retval;
3283}
3284
3285
3286/*
3287 * This implements the "Secure Attention Key" --- the idea is to
3288 * prevent trojan horses by killing all processes associated with this
3289 * tty when the user hits the "Secure Attention Key". Required for
3290 * super-paranoid applications --- see the Orange Book for more details.
3291 *
3292 * This code could be nicer; ideally it should send a HUP, wait a few
3293 * seconds, then send a INT, and then a KILL signal. But you then
3294 * have to coordinate with the init process, since all processes associated
3295 * with the current tty must be dead before the new getty is allowed
3296 * to spawn.
3297 *
3298 * Now, if it would be correct ;-/ The current code has a nasty hole -
3299 * it doesn't catch files in flight. We may send the descriptor to ourselves
3300 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
3301 *
3302 * Nasty bug: do_SAK is being called in interrupt context. This can
3303 * deadlock. We punt it up to process context. AKPM - 16Mar2001
3304 */
3305static void __do_SAK(void *arg)
3306{
3307#ifdef TTY_SOFT_SAK
3308 tty_hangup(tty);
3309#else
3310 struct tty_struct *tty = arg;
652486fb 3311 struct task_struct *g, *p;
1da177e4
LT		 3312 int session;
3313 int i;
3314 struct file *filp;
3315 struct tty_ldisc *disc;
badf1662 3316 struct fdtable *fdt;
1da177e4
LT		 3317
3318 if (!tty)
3319 return;
3320 session = tty->session;
3321
3322 /* We don't want an ldisc switch during this */
3323 disc = tty_ldisc_ref(tty);
3324 if (disc && disc->flush_buffer)
3325 disc->flush_buffer(tty);
3326 tty_ldisc_deref(disc);
3327
3328 if (tty->driver->flush_buffer)
3329 tty->driver->flush_buffer(tty);
3330
3331 read_lock(&tasklist_lock);
652486fb 3332 /* Kill the entire session */
1da177e4 3333 do_each_task_pid(session, PIDTYPE_SID, p) {
652486fb
EB		 3334 printk(KERN_NOTICE "SAK: killed process %d"
3335 " (%s): p->signal->session==tty->session\n",
3336 p->pid, p->comm);
3337 send_sig(SIGKILL, p, 1);
3338 } while_each_task_pid(session, PIDTYPE_SID, p);
3339 /* Now kill any processes that happen to have the
3340 * tty open.
3341 */
3342 do_each_thread(g, p) {
3343 if (p->signal->tty == tty) {
1da177e4
LT		 3344 printk(KERN_NOTICE "SAK: killed process %d"
3345 " (%s): p->signal->session==tty->session\n",
3346 p->pid, p->comm);
3347 send_sig(SIGKILL, p, 1);
3348 continue;
3349 }
3350 task_lock(p);
3351 if (p->files) {
ca99c1da
DS		 3352 /*
3353 * We don't take a ref to the file, so we must
3354 * hold ->file_lock instead.
3355 */
3356 spin_lock(&p->files->file_lock);
badf1662
DS		 3357 fdt = files_fdtable(p->files);
3358 for (i=0; i < fdt->max_fds; i++) {
1da177e4
LT		 3359 filp = fcheck_files(p->files, i);
3360 if (!filp)
3361 continue;
3362 if (filp->f_op->read == tty_read &&
3363 filp->private_data == tty) {
3364 printk(KERN_NOTICE "SAK: killed process %d"
3365 " (%s): fd#%d opened to the tty\n",
3366 p->pid, p->comm, i);
20ac9437 3367 force_sig(SIGKILL, p);
1da177e4
LT		 3368 break;
3369 }
3370 }
ca99c1da 3371 spin_unlock(&p->files->file_lock);
1da177e4
LT		 3372 }
3373 task_unlock(p);
652486fb 3374 } while_each_thread(g, p);
1da177e4
LT		 3375 read_unlock(&tasklist_lock);
3376#endif
3377}
3378
3379/*
3380 * The tq handling here is a little racy - tty->SAK_work may already be queued.
3381 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3382 * the values which we write to it will be identical to the values which it
3383 * already has. --akpm
3384 */
3385void do_SAK(struct tty_struct *tty)
3386{
3387 if (!tty)
3388 return;
3389 PREPARE_WORK(&tty->SAK_work, __do_SAK, tty);
3390 schedule_work(&tty->SAK_work);
3391}
3392
3393EXPORT_SYMBOL(do_SAK);
3394
af9b897e
AC		 3395/**
3396 * flush_to_ldisc
3397 * @private_: tty structure passed from work queue.
3398 *
3399 * This routine is called out of the software interrupt to flush data
3400 * from the buffer chain to the line discipline.
3401 *
3402 * Locking: holds tty->buf.lock to guard buffer list. Drops the lock
3403 * while invoking the line discipline receive_buf method. The
3404 * receive_buf method is single threaded for each tty instance.
1da177e4
LT		 3405 */
3406
3407static void flush_to_ldisc(void *private_)
3408{
3409 struct tty_struct *tty = (struct tty_struct *) private_;
1da177e4
LT		 3410 unsigned long flags;
3411 struct tty_ldisc *disc;
2c3bb20f 3412 struct tty_buffer *tbuf, *head;
8977d929
PF		 3413 char *char_buf;
3414 unsigned char *flag_buf;
1da177e4
LT		 3415
3416 disc = tty_ldisc_ref(tty);
3417 if (disc == NULL) /* !TTY_LDISC */
3418 return;
3419
808249ce 3420 spin_lock_irqsave(&tty->buf.lock, flags);
2c3bb20f
PF		 3421 head = tty->buf.head;
3422 if (head != NULL) {
3423 tty->buf.head = NULL;
3424 for (;;) {
3425 int count = head->commit - head->read;
3426 if (!count) {
3427 if (head->next == NULL)
3428 break;
3429 tbuf = head;
3430 head = head->next;
3431 tty_buffer_free(tty, tbuf);
3432 continue;
3433 }
3434 if (!tty->receive_room) {
3435 schedule_delayed_work(&tty->buf.work, 1);
3436 break;
3437 }
3438 if (count > tty->receive_room)
3439 count = tty->receive_room;
3440 char_buf = head->char_buf_ptr + head->read;
3441 flag_buf = head->flag_buf_ptr + head->read;
3442 head->read += count;
8977d929
PF		 3443 spin_unlock_irqrestore(&tty->buf.lock, flags);
3444 disc->receive_buf(tty, char_buf, flag_buf, count);
3445 spin_lock_irqsave(&tty->buf.lock, flags);
3446 }
2c3bb20f 3447 tty->buf.head = head;
33f0f88f 3448 }
808249ce 3449 spin_unlock_irqrestore(&tty->buf.lock, flags);
817d6d3b 3450
1da177e4
LT		 3451 tty_ldisc_deref(disc);
3452}
3453
3454/*
3455 * Routine which returns the baud rate of the tty
3456 *
3457 * Note that the baud_table needs to be kept in sync with the
3458 * include/asm/termbits.h file.
3459 */
3460static int baud_table[] = {
3461 0, 50, 75, 110, 134, 150, 200, 300, 600, 1200, 1800, 2400, 4800,
3462 9600, 19200, 38400, 57600, 115200, 230400, 460800,
3463#ifdef __sparc__
3464 76800, 153600, 307200, 614400, 921600
3465#else
3466 500000, 576000, 921600, 1000000, 1152000, 1500000, 2000000,
3467 2500000, 3000000, 3500000, 4000000
3468#endif
3469};
3470
3471static int n_baud_table = ARRAY_SIZE(baud_table);
3472
3473/**
3474 * tty_termios_baud_rate
3475 * @termios: termios structure
3476 *
3477 * Convert termios baud rate data into a speed. This should be called
3478 * with the termios lock held if this termios is a terminal termios
3479 * structure. May change the termios data.
af9b897e
AC		 3480 *
3481 * Locking: none
1da177e4
LT		 3482 */
3483
3484int tty_termios_baud_rate(struct termios *termios)
3485{
3486 unsigned int cbaud;
3487
3488 cbaud = termios->c_cflag & CBAUD;
3489
3490 if (cbaud & CBAUDEX) {
3491 cbaud &= ~CBAUDEX;
3492
3493 if (cbaud < 1 || cbaud + 15 > n_baud_table)
3494 termios->c_cflag &= ~CBAUDEX;
3495 else
3496 cbaud += 15;
3497 }
3498 return baud_table[cbaud];
3499}
3500
3501EXPORT_SYMBOL(tty_termios_baud_rate);
3502
3503/**
3504 * tty_get_baud_rate - get tty bit rates
3505 * @tty: tty to query
3506 *
3507 * Returns the baud rate as an integer for this terminal. The
3508 * termios lock must be held by the caller and the terminal bit
3509 * flags may be updated.
af9b897e
AC		 3510 *
3511 * Locking: none
1da177e4
LT		 3512 */
3513
3514int tty_get_baud_rate(struct tty_struct *tty)
3515{
3516 int baud = tty_termios_baud_rate(tty->termios);
3517
3518 if (baud == 38400 && tty->alt_speed) {
3519 if (!tty->warned) {
3520 printk(KERN_WARNING "Use of setserial/setrocket to "
3521 "set SPD_* flags is deprecated\n");
3522 tty->warned = 1;
3523 }
3524 baud = tty->alt_speed;
3525 }
3526
3527 return baud;
3528}
3529
3530EXPORT_SYMBOL(tty_get_baud_rate);
3531
3532/**
3533 * tty_flip_buffer_push - terminal
3534 * @tty: tty to push
3535 *
3536 * Queue a push of the terminal flip buffers to the line discipline. This
3537 * function must not be called from IRQ context if tty->low_latency is set.
3538 *
3539 * In the event of the queue being busy for flipping the work will be
3540 * held off and retried later.
af9b897e
AC		 3541 *
3542 * Locking: tty buffer lock. Driver locks in low latency mode.
1da177e4
LT		 3543 */
3544
3545void tty_flip_buffer_push(struct tty_struct *tty)
3546{
808249ce
PF		 3547 unsigned long flags;
3548 spin_lock_irqsave(&tty->buf.lock, flags);
33b37a33 3549 if (tty->buf.tail != NULL)
8977d929 3550 tty->buf.tail->commit = tty->buf.tail->used;
808249ce
PF		 3551 spin_unlock_irqrestore(&tty->buf.lock, flags);
3552
1da177e4
LT		 3553 if (tty->low_latency)
3554 flush_to_ldisc((void *) tty);
3555 else
33f0f88f 3556 schedule_delayed_work(&tty->buf.work, 1);
1da177e4
LT		 3557}
3558
3559EXPORT_SYMBOL(tty_flip_buffer_push);
3560
33f0f88f 3561
af9b897e
AC		 3562/**
3563 * initialize_tty_struct
3564 * @tty: tty to initialize
3565 *
3566 * This subroutine initializes a tty structure that has been newly
3567 * allocated.
3568 *
3569 * Locking: none - tty in question must not be exposed at this point
1da177e4 3570 */
af9b897e 3571
1da177e4
LT		 3572static void initialize_tty_struct(struct tty_struct *tty)
3573{
3574 memset(tty, 0, sizeof(struct tty_struct));
3575 tty->magic = TTY_MAGIC;
3576 tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
3577 tty->pgrp = -1;
3578 tty->overrun_time = jiffies;
33f0f88f
AC		 3579 tty->buf.head = tty->buf.tail = NULL;
3580 tty_buffer_init(tty);
3581 INIT_WORK(&tty->buf.work, flush_to_ldisc, tty);
3582 init_MUTEX(&tty->buf.pty_sem);
1da177e4
LT		 3583 init_MUTEX(&tty->termios_sem);
3584 init_waitqueue_head(&tty->write_wait);
3585 init_waitqueue_head(&tty->read_wait);
3586 INIT_WORK(&tty->hangup_work, do_tty_hangup, tty);
70522e12
IM		 3587 mutex_init(&tty->atomic_read_lock);
3588 mutex_init(&tty->atomic_write_lock);
1da177e4
LT		 3589 spin_lock_init(&tty->read_lock);
3590 INIT_LIST_HEAD(&tty->tty_files);
3591 INIT_WORK(&tty->SAK_work, NULL, NULL);
3592}
3593
3594/*
3595 * The default put_char routine if the driver did not define one.
3596 */
af9b897e 3597
1da177e4
LT		 3598static void tty_default_put_char(struct tty_struct *tty, unsigned char ch)
3599{
3600 tty->driver->write(tty, &ch, 1);
3601}
3602
7fe845d1 3603static struct class *tty_class;
1da177e4
LT		 3604
3605/**
af9b897e
AC		 3606 * tty_register_device - register a tty device
3607 * @driver: the tty driver that describes the tty device
3608 * @index: the index in the tty driver for this tty device
3609 * @device: a struct device that is associated with this tty device.
3610 * This field is optional, if there is no known struct device
3611 * for this tty device it can be set to NULL safely.
1da177e4 3612 *
af9b897e 3613 * Returns a pointer to the class device (or ERR_PTR(-EFOO) on error).
1cdcb6b4 3614 *
af9b897e
AC		 3615 * This call is required to be made to register an individual tty device
3616 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3617 * that bit is not set, this function should not be called by a tty
3618 * driver.
3619 *
3620 * Locking: ??
1da177e4 3621 */
af9b897e 3622
1cdcb6b4
HL		 3623struct class_device *tty_register_device(struct tty_driver *driver,
3624 unsigned index, struct device *device)
1da177e4
LT		 3625{
3626 char name[64];
3627 dev_t dev = MKDEV(driver->major, driver->minor_start) + index;
3628
3629 if (index >= driver->num) {
3630 printk(KERN_ERR "Attempt to register invalid tty line number "
3631 " (%d).\n", index);
1cdcb6b4 3632 return ERR_PTR(-EINVAL);
1da177e4
LT		 3633 }
3634
1da177e4
LT		 3635 if (driver->type == TTY_DRIVER_TYPE_PTY)
3636 pty_line_name(driver, index, name);
3637 else
3638 tty_line_name(driver, index, name);
1cdcb6b4
HL		 3639
3640 return class_device_create(tty_class, NULL, dev, device, "%s", name);
1da177e4
LT		 3641}
3642
3643/**
af9b897e
AC		 3644 * tty_unregister_device - unregister a tty device
3645 * @driver: the tty driver that describes the tty device
3646 * @index: the index in the tty driver for this tty device
1da177e4 3647 *
af9b897e
AC		 3648 * If a tty device is registered with a call to tty_register_device() then
3649 * this function must be called when the tty device is gone.
3650 *
3651 * Locking: ??
1da177e4 3652 */
af9b897e 3653
1da177e4
LT		 3654void tty_unregister_device(struct tty_driver *driver, unsigned index)
3655{
7fe845d1 3656 class_device_destroy(tty_class, MKDEV(driver->major, driver->minor_start) + index);
1da177e4
LT		 3657}
3658
3659EXPORT_SYMBOL(tty_register_device);
3660EXPORT_SYMBOL(tty_unregister_device);
3661
3662struct tty_driver *alloc_tty_driver(int lines)
3663{
3664 struct tty_driver *driver;
3665
3666 driver = kmalloc(sizeof(struct tty_driver), GFP_KERNEL);
3667 if (driver) {
3668 memset(driver, 0, sizeof(struct tty_driver));
3669 driver->magic = TTY_DRIVER_MAGIC;
3670 driver->num = lines;
3671 /* later we'll move allocation of tables here */
3672 }
3673 return driver;
3674}
3675
3676void put_tty_driver(struct tty_driver *driver)
3677{
3678 kfree(driver);
3679}
3680
3681void tty_set_operations(struct tty_driver *driver, struct tty_operations *op)
3682{
3683 driver->open = op->open;
3684 driver->close = op->close;
3685 driver->write = op->write;
3686 driver->put_char = op->put_char;
3687 driver->flush_chars = op->flush_chars;
3688 driver->write_room = op->write_room;
3689 driver->chars_in_buffer = op->chars_in_buffer;
3690 driver->ioctl = op->ioctl;
3691 driver->set_termios = op->set_termios;
3692 driver->throttle = op->throttle;
3693 driver->unthrottle = op->unthrottle;
3694 driver->stop = op->stop;
3695 driver->start = op->start;
3696 driver->hangup = op->hangup;
3697 driver->break_ctl = op->break_ctl;
3698 driver->flush_buffer = op->flush_buffer;
3699 driver->set_ldisc = op->set_ldisc;
3700 driver->wait_until_sent = op->wait_until_sent;
3701 driver->send_xchar = op->send_xchar;
3702 driver->read_proc = op->read_proc;
3703 driver->write_proc = op->write_proc;
3704 driver->tiocmget = op->tiocmget;
3705 driver->tiocmset = op->tiocmset;
3706}
3707
3708
3709EXPORT_SYMBOL(alloc_tty_driver);
3710EXPORT_SYMBOL(put_tty_driver);
3711EXPORT_SYMBOL(tty_set_operations);
3712
3713/*
3714 * Called by a tty driver to register itself.
3715 */
3716int tty_register_driver(struct tty_driver *driver)
3717{
3718 int error;
3719 int i;
3720 dev_t dev;
3721 void **p = NULL;
3722
3723 if (driver->flags & TTY_DRIVER_INSTALLED)
3724 return 0;
3725
3726 if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
3727 p = kmalloc(driver->num * 3 * sizeof(void *), GFP_KERNEL);
3728 if (!p)
3729 return -ENOMEM;
3730 memset(p, 0, driver->num * 3 * sizeof(void *));
3731 }
3732
3733 if (!driver->major) {
3734 error = alloc_chrdev_region(&dev, driver->minor_start, driver->num,
3735 (char*)driver->name);
3736 if (!error) {
3737 driver->major = MAJOR(dev);
3738 driver->minor_start = MINOR(dev);
3739 }
3740 } else {
3741 dev = MKDEV(driver->major, driver->minor_start);
3742 error = register_chrdev_region(dev, driver->num,
3743 (char*)driver->name);
3744 }
3745 if (error < 0) {
3746 kfree(p);
3747 return error;
3748 }
3749
3750 if (p) {
3751 driver->ttys = (struct tty_struct **)p;
3752 driver->termios = (struct termios **)(p + driver->num);
3753 driver->termios_locked = (struct termios **)(p + driver->num * 2);
3754 } else {
3755 driver->ttys = NULL;
3756 driver->termios = NULL;
3757 driver->termios_locked = NULL;
3758 }
3759
3760 cdev_init(&driver->cdev, &tty_fops);
3761 driver->cdev.owner = driver->owner;
3762 error = cdev_add(&driver->cdev, dev, driver->num);
3763 if (error) {
1da177e4
LT		 3764 unregister_chrdev_region(dev, driver->num);
3765 driver->ttys = NULL;
3766 driver->termios = driver->termios_locked = NULL;
3767 kfree(p);
3768 return error;
3769 }
3770
3771 if (!driver->put_char)
3772 driver->put_char = tty_default_put_char;
3773
3774 list_add(&driver->tty_drivers, &tty_drivers);
3775
331b8319 3776 if ( !(driver->flags & TTY_DRIVER_DYNAMIC_DEV) ) {
1da177e4
LT		 3777 for(i = 0; i < driver->num; i++)
3778 tty_register_device(driver, i, NULL);
3779 }
3780 proc_tty_register_driver(driver);
3781 return 0;
3782}
3783
3784EXPORT_SYMBOL(tty_register_driver);
3785
3786/*
3787 * Called by a tty driver to unregister itself.
3788 */
3789int tty_unregister_driver(struct tty_driver *driver)
3790{
3791 int i;
3792 struct termios *tp;
3793 void *p;
3794
3795 if (driver->refcount)
3796 return -EBUSY;
3797
3798 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3799 driver->num);
3800
3801 list_del(&driver->tty_drivers);
3802
3803 /*
3804 * Free the termios and termios_locked structures because
3805 * we don't want to get memory leaks when modular tty
3806 * drivers are removed from the kernel.
3807 */
3808 for (i = 0; i < driver->num; i++) {
3809 tp = driver->termios[i];
3810 if (tp) {
3811 driver->termios[i] = NULL;
3812 kfree(tp);
3813 }
3814 tp = driver->termios_locked[i];
3815 if (tp) {
3816 driver->termios_locked[i] = NULL;
3817 kfree(tp);
3818 }
331b8319 3819 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
1da177e4
LT		 3820 tty_unregister_device(driver, i);
3821 }
3822 p = driver->ttys;
3823 proc_tty_unregister_driver(driver);
3824 driver->ttys = NULL;
3825 driver->termios = driver->termios_locked = NULL;
3826 kfree(p);
3827 cdev_del(&driver->cdev);
3828 return 0;
3829}
3830
3831EXPORT_SYMBOL(tty_unregister_driver);
3832
3833
3834/*
3835 * Initialize the console device. This is called *early*, so
3836 * we can't necessarily depend on lots of kernel help here.
3837 * Just do some early initializations, and do the complex setup
3838 * later.
3839 */
3840void __init console_init(void)
3841{
3842 initcall_t *call;
3843
3844 /* Setup the default TTY line discipline. */
3845 (void) tty_register_ldisc(N_TTY, &tty_ldisc_N_TTY);
3846
3847 /*
3848 * set up the console device so that later boot sequences can
3849 * inform about problems etc..
3850 */
3851#ifdef CONFIG_EARLY_PRINTK
3852 disable_early_printk();
1da177e4
LT		 3853#endif
3854 call = __con_initcall_start;
3855 while (call < __con_initcall_end) {
3856 (*call)();
3857 call++;
3858 }
3859}
3860
3861#ifdef CONFIG_VT
3862extern int vty_init(void);
3863#endif
3864
3865static int __init tty_class_init(void)
3866{
7fe845d1 3867 tty_class = class_create(THIS_MODULE, "tty");
1da177e4
LT		 3868 if (IS_ERR(tty_class))
3869 return PTR_ERR(tty_class);
3870 return 0;
3871}
3872
3873postcore_initcall(tty_class_init);
3874
3875/* 3/2004 jmc: why do these devices exist? */
3876
3877static struct cdev tty_cdev, console_cdev;
3878#ifdef CONFIG_UNIX98_PTYS
3879static struct cdev ptmx_cdev;
3880#endif
3881#ifdef CONFIG_VT
3882static struct cdev vc0_cdev;
3883#endif
3884
3885/*
3886 * Ok, now we can initialize the rest of the tty devices and can count
3887 * on memory allocations, interrupts etc..
3888 */
3889static int __init tty_init(void)
3890{
3891 cdev_init(&tty_cdev, &tty_fops);
3892 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3893 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3894 panic("Couldn't register /dev/tty driver\n");
53f46542 3895 class_device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty");
1da177e4
LT		 3896
3897 cdev_init(&console_cdev, &console_fops);
3898 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3899 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3900 panic("Couldn't register /dev/console driver\n");
53f46542 3901 class_device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), NULL, "console");
1da177e4
LT		 3902
3903#ifdef CONFIG_UNIX98_PTYS
3904 cdev_init(&ptmx_cdev, &ptmx_fops);
3905 if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) ||
3906 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 2), 1, "/dev/ptmx") < 0)
3907 panic("Couldn't register /dev/ptmx driver\n");
53f46542 3908 class_device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 2), NULL, "ptmx");
1da177e4
LT		 3909#endif
3910
3911#ifdef CONFIG_VT
3912 cdev_init(&vc0_cdev, &console_fops);
3913 if (cdev_add(&vc0_cdev, MKDEV(TTY_MAJOR, 0), 1) ||
3914 register_chrdev_region(MKDEV(TTY_MAJOR, 0), 1, "/dev/vc/0") < 0)
3915 panic("Couldn't register /dev/tty0 driver\n");
53f46542 3916 class_device_create(tty_class, NULL, MKDEV(TTY_MAJOR, 0), NULL, "tty0");
1da177e4
LT		 3917
3918 vty_init();
3919#endif
3920 return 0;
3921}
3922module_init(tty_init);
Linux 6.x block layer and io_uring tree(s)