projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
[PATCH] exit: fix crash case
[linux-2.6-block.git] / drivers / char / tty_io.c
CommitLineData
1da177e4
LT		 1/*
2 * linux/drivers/char/tty_io.c
3 *
4 * Copyright (C) 1991, 1992 Linus Torvalds
5 */
6
7/*
8 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
9 * or rs-channels. It also implements echoing, cooked mode etc.
10 *
11 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
12 *
13 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
14 * tty_struct and tty_queue structures. Previously there was an array
15 * of 256 tty_struct's which was statically allocated, and the
16 * tty_queue structures were allocated at boot time. Both are now
17 * dynamically allocated only when the tty is open.
18 *
19 * Also restructured routines so that there is more of a separation
20 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
21 * the low-level tty routines (serial.c, pty.c, console.c). This
22 * makes for cleaner and more compact code. -TYT, 9/17/92
23 *
24 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
25 * which can be dynamically activated and de-activated by the line
26 * discipline handling modules (like SLIP).
27 *
28 * NOTE: pay no attention to the line discipline code (yet); its
29 * interface is still subject to change in this version...
30 * -- TYT, 1/31/92
31 *
32 * Added functionality to the OPOST tty handling. No delays, but all
33 * other bits should be there.
34 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
35 *
36 * Rewrote canonical mode and added more termios flags.
37 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
38 *
39 * Reorganized FASYNC support so mouse code can share it.
40 * -- ctm@ardi.com, 9Sep95
41 *
42 * New TIOCLINUX variants added.
43 * -- mj@k332.feld.cvut.cz, 19-Nov-95
44 *
45 * Restrict vt switching via ioctl()
46 * -- grif@cs.ucr.edu, 5-Dec-95
47 *
48 * Move console and virtual terminal code to more appropriate files,
49 * implement CONFIG_VT and generalize console device interface.
50 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
51 *
52 * Rewrote init_dev and release_dev to eliminate races.
53 * -- Bill Hawes <whawes@star.net>, June 97
54 *
55 * Added devfs support.
56 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
57 *
58 * Added support for a Unix98-style ptmx device.
59 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
60 *
61 * Reduced memory usage for older ARM systems
62 * -- Russell King <rmk@arm.linux.org.uk>
63 *
64 * Move do_SAK() into process context. Less stack use in devfs functions.
65 * alloc_tty_struct() always uses kmalloc() -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
66 */
67
1da177e4
LT		 68#include <linux/types.h>
69#include <linux/major.h>
70#include <linux/errno.h>
71#include <linux/signal.h>
72#include <linux/fcntl.h>
73#include <linux/sched.h>
74#include <linux/interrupt.h>
75#include <linux/tty.h>
76#include <linux/tty_driver.h>
77#include <linux/tty_flip.h>
78#include <linux/devpts_fs.h>
79#include <linux/file.h>
80#include <linux/console.h>
81#include <linux/timer.h>
82#include <linux/ctype.h>
83#include <linux/kd.h>
84#include <linux/mm.h>
85#include <linux/string.h>
86#include <linux/slab.h>
87#include <linux/poll.h>
88#include <linux/proc_fs.h>
89#include <linux/init.h>
90#include <linux/module.h>
91#include <linux/smp_lock.h>
92#include <linux/device.h>
93#include <linux/idr.h>
94#include <linux/wait.h>
95#include <linux/bitops.h>
b20f3ae5 96#include <linux/delay.h>
1da177e4
LT		 97
98#include <asm/uaccess.h>
99#include <asm/system.h>
100
101#include <linux/kbd_kern.h>
102#include <linux/vt_kern.h>
103#include <linux/selection.h>
1da177e4
LT		 104
105#include <linux/kmod.h>
106
107#undef TTY_DEBUG_HANGUP
108
109#define TTY_PARANOIA_CHECK 1
110#define CHECK_TTY_COUNT 1
111
112struct termios tty_std_termios = { /* for the benefit of tty drivers */
113 .c_iflag = ICRNL | IXON,
114 .c_oflag = OPOST | ONLCR,
115 .c_cflag = B38400 | CS8 | CREAD | HUPCL,
116 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
117 ECHOCTL | ECHOKE | IEXTEN,
118 .c_cc = INIT_C_CC
119};
120
121EXPORT_SYMBOL(tty_std_termios);
122
123/* This list gets poked at by procfs and various bits of boot up code. This
124 could do with some rationalisation such as pulling the tty proc function
125 into this file */
126
127LIST_HEAD(tty_drivers); /* linked list of tty drivers */
128
129/* Semaphore to protect creating and releasing a tty. This is shared with
130 vt.c for deeply disgusting hack reasons */
70522e12 131DEFINE_MUTEX(tty_mutex);
1da177e4
LT		 132
133#ifdef CONFIG_UNIX98_PTYS
134extern struct tty_driver *ptm_driver; /* Unix98 pty masters; for /dev/ptmx */
135extern int pty_limit; /* Config limit on Unix98 ptys */
136static DEFINE_IDR(allocated_ptys);
137static DECLARE_MUTEX(allocated_ptys_lock);
138static int ptmx_open(struct inode *, struct file *);
139#endif
140
141extern void disable_early_printk(void);
142
143static void initialize_tty_struct(struct tty_struct *tty);
144
145static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
146static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
147ssize_t redirected_tty_write(struct file *, const char __user *, size_t, loff_t *);
148static unsigned int tty_poll(struct file *, poll_table *);
149static int tty_open(struct inode *, struct file *);
150static int tty_release(struct inode *, struct file *);
151int tty_ioctl(struct inode * inode, struct file * file,
152 unsigned int cmd, unsigned long arg);
153static int tty_fasync(int fd, struct file * filp, int on);
1da177e4
LT		 154static void release_mem(struct tty_struct *tty, int idx);
155
af9b897e
AC		 156/**
157 * alloc_tty_struct - allocate a tty object
158 *
159 * Return a new empty tty structure. The data fields have not
160 * been initialized in any way but has been zeroed
161 *
162 * Locking: none
af9b897e 163 */
1da177e4
LT		 164
165static struct tty_struct *alloc_tty_struct(void)
166{
1266b1e1 167 return kzalloc(sizeof(struct tty_struct), GFP_KERNEL);
1da177e4
LT		 168}
169
33f0f88f
AC		 170static void tty_buffer_free_all(struct tty_struct *);
171
af9b897e
AC		 172/**
173 * free_tty_struct - free a disused tty
174 * @tty: tty struct to free
175 *
176 * Free the write buffers, tty queue and tty memory itself.
177 *
178 * Locking: none. Must be called after tty is definitely unused
179 */
180
1da177e4
LT		 181static inline void free_tty_struct(struct tty_struct *tty)
182{
183 kfree(tty->write_buf);
33f0f88f 184 tty_buffer_free_all(tty);
1da177e4
LT		 185 kfree(tty);
186}
187
188#define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
189
af9b897e
AC		 190/**
191 * tty_name - return tty naming
192 * @tty: tty structure
193 * @buf: buffer for output
194 *
195 * Convert a tty structure into a name. The name reflects the kernel
196 * naming policy and if udev is in use may not reflect user space
197 *
198 * Locking: none
199 */
200
1da177e4
LT		 201char *tty_name(struct tty_struct *tty, char *buf)
202{
203 if (!tty) /* Hmm. NULL pointer. That's fun. */
204 strcpy(buf, "NULL tty");
205 else
206 strcpy(buf, tty->name);
207 return buf;
208}
209
210EXPORT_SYMBOL(tty_name);
211
d769a669 212int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
1da177e4
LT		 213 const char *routine)
214{
215#ifdef TTY_PARANOIA_CHECK
216 if (!tty) {
217 printk(KERN_WARNING
218 "null TTY for (%d:%d) in %s\n",
219 imajor(inode), iminor(inode), routine);
220 return 1;
221 }
222 if (tty->magic != TTY_MAGIC) {
223 printk(KERN_WARNING
224 "bad magic number for tty struct (%d:%d) in %s\n",
225 imajor(inode), iminor(inode), routine);
226 return 1;
227 }
228#endif
229 return 0;
230}
231
232static int check_tty_count(struct tty_struct *tty, const char *routine)
233{
234#ifdef CHECK_TTY_COUNT
235 struct list_head *p;
236 int count = 0;
237
238 file_list_lock();
239 list_for_each(p, &tty->tty_files) {
240 count++;
241 }
242 file_list_unlock();
243 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
244 tty->driver->subtype == PTY_TYPE_SLAVE &&
245 tty->link && tty->link->count)
246 count++;
247 if (tty->count != count) {
248 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
249 "!= #fd's(%d) in %s\n",
250 tty->name, tty->count, count, routine);
251 return count;
252 }
253#endif
254 return 0;
255}
256
33f0f88f
AC		 257/*
258 * Tty buffer allocation management
259 */
260
af9b897e 261
01da5fd8
AC		 262/**
263 * tty_buffer_free_all - free buffers used by a tty
264 * @tty: tty to free from
265 *
266 * Remove all the buffers pending on a tty whether queued with data
267 * or in the free ring. Must be called when the tty is no longer in use
268 *
269 * Locking: none
270 */
271
272
af9b897e
AC		 273/**
274 * tty_buffer_free_all - free buffers used by a tty
275 * @tty: tty to free from
276 *
277 * Remove all the buffers pending on a tty whether queued with data
278 * or in the free ring. Must be called when the tty is no longer in use
279 *
280 * Locking: none
281 */
282
33f0f88f
AC		 283static void tty_buffer_free_all(struct tty_struct *tty)
284{
285 struct tty_buffer *thead;
286 while((thead = tty->buf.head) != NULL) {
287 tty->buf.head = thead->next;
288 kfree(thead);
289 }
290 while((thead = tty->buf.free) != NULL) {
291 tty->buf.free = thead->next;
292 kfree(thead);
293 }
294 tty->buf.tail = NULL;
01da5fd8 295 tty->buf.memory_used = 0;
33f0f88f
AC		 296}
297
01da5fd8
AC		 298/**
299 * tty_buffer_init - prepare a tty buffer structure
300 * @tty: tty to initialise
301 *
302 * Set up the initial state of the buffer management for a tty device.
303 * Must be called before the other tty buffer functions are used.
304 *
305 * Locking: none
306 */
307
33f0f88f
AC		 308static void tty_buffer_init(struct tty_struct *tty)
309{
808249ce 310 spin_lock_init(&tty->buf.lock);
33f0f88f
AC		 311 tty->buf.head = NULL;
312 tty->buf.tail = NULL;
313 tty->buf.free = NULL;
01da5fd8 314 tty->buf.memory_used = 0;
33f0f88f
AC		 315}
316
01da5fd8
AC		 317/**
318 * tty_buffer_alloc - allocate a tty buffer
319 * @tty: tty device
320 * @size: desired size (characters)
321 *
322 * Allocate a new tty buffer to hold the desired number of characters.
323 * Return NULL if out of memory or the allocation would exceed the
324 * per device queue
325 *
326 * Locking: Caller must hold tty->buf.lock
327 */
328
329static struct tty_buffer *tty_buffer_alloc(struct tty_struct *tty, size_t size)
33f0f88f 330{
01da5fd8
AC		 331 struct tty_buffer *p;
332
333 if (tty->buf.memory_used + size > 65536)
334 return NULL;
335 p = kmalloc(sizeof(struct tty_buffer) + 2 * size, GFP_ATOMIC);
33f0f88f
AC		 336 if(p == NULL)
337 return NULL;
338 p->used = 0;
339 p->size = size;
340 p->next = NULL;
8977d929
PF		 341 p->commit = 0;
342 p->read = 0;
33f0f88f
AC		 343 p->char_buf_ptr = (char *)(p->data);
344 p->flag_buf_ptr = (unsigned char *)p->char_buf_ptr + size;
01da5fd8 345 tty->buf.memory_used += size;
33f0f88f
AC		 346 return p;
347}
348
01da5fd8
AC		 349/**
350 * tty_buffer_free - free a tty buffer
351 * @tty: tty owning the buffer
352 * @b: the buffer to free
353 *
354 * Free a tty buffer, or add it to the free list according to our
355 * internal strategy
356 *
357 * Locking: Caller must hold tty->buf.lock
358 */
33f0f88f
AC		 359
360static void tty_buffer_free(struct tty_struct *tty, struct tty_buffer *b)
361{
362 /* Dumb strategy for now - should keep some stats */
01da5fd8
AC		 363 tty->buf.memory_used -= b->size;
364 WARN_ON(tty->buf.memory_used < 0);
365
33f0f88f
AC		 366 if(b->size >= 512)
367 kfree(b);
368 else {
369 b->next = tty->buf.free;
370 tty->buf.free = b;
371 }
372}
373
01da5fd8
AC		 374/**
375 * tty_buffer_find - find a free tty buffer
376 * @tty: tty owning the buffer
377 * @size: characters wanted
378 *
379 * Locate an existing suitable tty buffer or if we are lacking one then
380 * allocate a new one. We round our buffers off in 256 character chunks
381 * to get better allocation behaviour.
382 *
383 * Locking: Caller must hold tty->buf.lock
384 */
385
33f0f88f
AC		 386static struct tty_buffer *tty_buffer_find(struct tty_struct *tty, size_t size)
387{
388 struct tty_buffer **tbh = &tty->buf.free;
389 while((*tbh) != NULL) {
390 struct tty_buffer *t = *tbh;
391 if(t->size >= size) {
392 *tbh = t->next;
393 t->next = NULL;
394 t->used = 0;
8977d929
PF		 395 t->commit = 0;
396 t->read = 0;
01da5fd8 397 tty->buf.memory_used += t->size;
33f0f88f
AC		 398 return t;
399 }
400 tbh = &((*tbh)->next);
401 }
402 /* Round the buffer size out */
403 size = (size + 0xFF) & ~ 0xFF;
01da5fd8 404 return tty_buffer_alloc(tty, size);
33f0f88f
AC		 405 /* Should possibly check if this fails for the largest buffer we
406 have queued and recycle that ? */
407}
408
01da5fd8
AC		 409/**
410 * tty_buffer_request_room - grow tty buffer if needed
411 * @tty: tty structure
412 * @size: size desired
413 *
414 * Make at least size bytes of linear space available for the tty
415 * buffer. If we fail return the size we managed to find.
416 *
417 * Locking: Takes tty->buf.lock
418 */
33f0f88f
AC		 419int tty_buffer_request_room(struct tty_struct *tty, size_t size)
420{
808249ce
PF		 421 struct tty_buffer *b, *n;
422 int left;
423 unsigned long flags;
424
425 spin_lock_irqsave(&tty->buf.lock, flags);
33f0f88f
AC		 426
427 /* OPTIMISATION: We could keep a per tty "zero" sized buffer to
428 remove this conditional if its worth it. This would be invisible
429 to the callers */
33b37a33 430 if ((b = tty->buf.tail) != NULL)
33f0f88f 431 left = b->size - b->used;
33b37a33 432 else
808249ce
PF		 433 left = 0;
434
435 if (left < size) {
436 /* This is the slow path - looking for new buffers to use */
437 if ((n = tty_buffer_find(tty, size)) != NULL) {
438 if (b != NULL) {
439 b->next = n;
8977d929 440 b->commit = b->used;
808249ce
PF		 441 } else
442 tty->buf.head = n;
443 tty->buf.tail = n;
808249ce
PF		 444 } else
445 size = left;
446 }
447
448 spin_unlock_irqrestore(&tty->buf.lock, flags);
33f0f88f
AC		 449 return size;
450}
33f0f88f
AC		 451EXPORT_SYMBOL_GPL(tty_buffer_request_room);
452
af9b897e
AC		 453/**
454 * tty_insert_flip_string - Add characters to the tty buffer
455 * @tty: tty structure
456 * @chars: characters
457 * @size: size
458 *
459 * Queue a series of bytes to the tty buffering. All the characters
460 * passed are marked as without error. Returns the number added.
461 *
462 * Locking: Called functions may take tty->buf.lock
463 */
464
e1a25090
AM		 465int tty_insert_flip_string(struct tty_struct *tty, const unsigned char *chars,
466 size_t size)
33f0f88f
AC		 467{
468 int copied = 0;
469 do {
470 int space = tty_buffer_request_room(tty, size - copied);
471 struct tty_buffer *tb = tty->buf.tail;
472 /* If there is no space then tb may be NULL */
473 if(unlikely(space == 0))
474 break;
475 memcpy(tb->char_buf_ptr + tb->used, chars, space);
476 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
477 tb->used += space;
478 copied += space;
479 chars += space;
527063ba
AD		 480 /* There is a small chance that we need to split the data over
481 several buffers. If this is the case we must loop */
482 } while (unlikely(size > copied));
33f0f88f
AC		 483 return copied;
484}
ee37df78 485EXPORT_SYMBOL(tty_insert_flip_string);
33f0f88f 486
af9b897e
AC		 487/**
488 * tty_insert_flip_string_flags - Add characters to the tty buffer
489 * @tty: tty structure
490 * @chars: characters
491 * @flags: flag bytes
492 * @size: size
493 *
494 * Queue a series of bytes to the tty buffering. For each character
495 * the flags array indicates the status of the character. Returns the
496 * number added.
497 *
498 * Locking: Called functions may take tty->buf.lock
499 */
500
e1a25090
AM		 501int tty_insert_flip_string_flags(struct tty_struct *tty,
502 const unsigned char *chars, const char *flags, size_t size)
33f0f88f
AC		 503{
504 int copied = 0;
505 do {
506 int space = tty_buffer_request_room(tty, size - copied);
507 struct tty_buffer *tb = tty->buf.tail;
508 /* If there is no space then tb may be NULL */
509 if(unlikely(space == 0))
510 break;
511 memcpy(tb->char_buf_ptr + tb->used, chars, space);
512 memcpy(tb->flag_buf_ptr + tb->used, flags, space);
513 tb->used += space;
514 copied += space;
515 chars += space;
516 flags += space;
527063ba
AD		 517 /* There is a small chance that we need to split the data over
518 several buffers. If this is the case we must loop */
519 } while (unlikely(size > copied));
33f0f88f
AC		 520 return copied;
521}
ff4547f4 522EXPORT_SYMBOL(tty_insert_flip_string_flags);
33f0f88f 523
af9b897e
AC		 524/**
525 * tty_schedule_flip - push characters to ldisc
526 * @tty: tty to push from
527 *
528 * Takes any pending buffers and transfers their ownership to the
529 * ldisc side of the queue. It then schedules those characters for
530 * processing by the line discipline.
531 *
532 * Locking: Takes tty->buf.lock
533 */
534
e1a25090
AM		 535void tty_schedule_flip(struct tty_struct *tty)
536{
537 unsigned long flags;
538 spin_lock_irqsave(&tty->buf.lock, flags);
33b37a33 539 if (tty->buf.tail != NULL)
e1a25090 540 tty->buf.tail->commit = tty->buf.tail->used;
e1a25090
AM		 541 spin_unlock_irqrestore(&tty->buf.lock, flags);
542 schedule_delayed_work(&tty->buf.work, 1);
543}
544EXPORT_SYMBOL(tty_schedule_flip);
33f0f88f 545
af9b897e
AC		 546/**
547 * tty_prepare_flip_string - make room for characters
548 * @tty: tty
549 * @chars: return pointer for character write area
550 * @size: desired size
551 *
33f0f88f
AC		 552 * Prepare a block of space in the buffer for data. Returns the length
553 * available and buffer pointer to the space which is now allocated and
554 * accounted for as ready for normal characters. This is used for drivers
555 * that need their own block copy routines into the buffer. There is no
556 * guarantee the buffer is a DMA target!
af9b897e
AC		 557 *
558 * Locking: May call functions taking tty->buf.lock
33f0f88f
AC		 559 */
560
561int tty_prepare_flip_string(struct tty_struct *tty, unsigned char **chars, size_t size)
562{
563 int space = tty_buffer_request_room(tty, size);
808249ce
PF		 564 if (likely(space)) {
565 struct tty_buffer *tb = tty->buf.tail;
566 *chars = tb->char_buf_ptr + tb->used;
567 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
568 tb->used += space;
569 }
33f0f88f
AC		 570 return space;
571}
572
573EXPORT_SYMBOL_GPL(tty_prepare_flip_string);
574
af9b897e
AC		 575/**
576 * tty_prepare_flip_string_flags - make room for characters
577 * @tty: tty
578 * @chars: return pointer for character write area
579 * @flags: return pointer for status flag write area
580 * @size: desired size
581 *
33f0f88f
AC		 582 * Prepare a block of space in the buffer for data. Returns the length
583 * available and buffer pointer to the space which is now allocated and
584 * accounted for as ready for characters. This is used for drivers
585 * that need their own block copy routines into the buffer. There is no
586 * guarantee the buffer is a DMA target!
af9b897e
AC		 587 *
588 * Locking: May call functions taking tty->buf.lock
33f0f88f
AC		 589 */
590
591int tty_prepare_flip_string_flags(struct tty_struct *tty, unsigned char **chars, char **flags, size_t size)
592{
593 int space = tty_buffer_request_room(tty, size);
808249ce
PF		 594 if (likely(space)) {
595 struct tty_buffer *tb = tty->buf.tail;
596 *chars = tb->char_buf_ptr + tb->used;
597 *flags = tb->flag_buf_ptr + tb->used;
598 tb->used += space;
599 }
33f0f88f
AC		 600 return space;
601}
602
603EXPORT_SYMBOL_GPL(tty_prepare_flip_string_flags);
604
605
606
af9b897e
AC		 607/**
608 * tty_set_termios_ldisc - set ldisc field
609 * @tty: tty structure
610 * @num: line discipline number
611 *
1da177e4
LT		 612 * This is probably overkill for real world processors but
613 * they are not on hot paths so a little discipline won't do
614 * any harm.
af9b897e
AC		 615 *
616 * Locking: takes termios_sem
1da177e4
LT		 617 */
618
619static void tty_set_termios_ldisc(struct tty_struct *tty, int num)
620{
621 down(&tty->termios_sem);
622 tty->termios->c_line = num;
623 up(&tty->termios_sem);
624}
625
626/*
627 * This guards the refcounted line discipline lists. The lock
628 * must be taken with irqs off because there are hangup path
629 * callers who will do ldisc lookups and cannot sleep.
630 */
631
632static DEFINE_SPINLOCK(tty_ldisc_lock);
633static DECLARE_WAIT_QUEUE_HEAD(tty_ldisc_wait);
bfb07599 634static struct tty_ldisc tty_ldiscs[NR_LDISCS]; /* line disc dispatch table */
1da177e4 635
af9b897e
AC		 636/**
637 * tty_register_ldisc - install a line discipline
638 * @disc: ldisc number
639 * @new_ldisc: pointer to the ldisc object
640 *
641 * Installs a new line discipline into the kernel. The discipline
642 * is set up as unreferenced and then made available to the kernel
643 * from this point onwards.
644 *
645 * Locking:
646 * takes tty_ldisc_lock to guard against ldisc races
647 */
648
1da177e4
LT		 649int tty_register_ldisc(int disc, struct tty_ldisc *new_ldisc)
650{
651 unsigned long flags;
652 int ret = 0;
653
654 if (disc < N_TTY || disc >= NR_LDISCS)
655 return -EINVAL;
656
657 spin_lock_irqsave(&tty_ldisc_lock, flags);
bfb07599
AD		 658 tty_ldiscs[disc] = *new_ldisc;
659 tty_ldiscs[disc].num = disc;
660 tty_ldiscs[disc].flags |= LDISC_FLAG_DEFINED;
661 tty_ldiscs[disc].refcount = 0;
1da177e4
LT		 662 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
663
664 return ret;
665}
1da177e4
LT		 666EXPORT_SYMBOL(tty_register_ldisc);
667
af9b897e
AC		 668/**
669 * tty_unregister_ldisc - unload a line discipline
670 * @disc: ldisc number
671 * @new_ldisc: pointer to the ldisc object
672 *
673 * Remove a line discipline from the kernel providing it is not
674 * currently in use.
675 *
676 * Locking:
677 * takes tty_ldisc_lock to guard against ldisc races
678 */
679
bfb07599
AD		 680int tty_unregister_ldisc(int disc)
681{
682 unsigned long flags;
683 int ret = 0;
684
685 if (disc < N_TTY || disc >= NR_LDISCS)
686 return -EINVAL;
687
688 spin_lock_irqsave(&tty_ldisc_lock, flags);
689 if (tty_ldiscs[disc].refcount)
690 ret = -EBUSY;
691 else
692 tty_ldiscs[disc].flags &= ~LDISC_FLAG_DEFINED;
693 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
694
695 return ret;
696}
697EXPORT_SYMBOL(tty_unregister_ldisc);
698
af9b897e
AC		 699/**
700 * tty_ldisc_get - take a reference to an ldisc
701 * @disc: ldisc number
702 *
703 * Takes a reference to a line discipline. Deals with refcounts and
704 * module locking counts. Returns NULL if the discipline is not available.
705 * Returns a pointer to the discipline and bumps the ref count if it is
706 * available
707 *
708 * Locking:
709 * takes tty_ldisc_lock to guard against ldisc races
710 */
711
1da177e4
LT		 712struct tty_ldisc *tty_ldisc_get(int disc)
713{
714 unsigned long flags;
715 struct tty_ldisc *ld;
716
717 if (disc < N_TTY || disc >= NR_LDISCS)
718 return NULL;
719
720 spin_lock_irqsave(&tty_ldisc_lock, flags);
721
722 ld = &tty_ldiscs[disc];
723 /* Check the entry is defined */
724 if(ld->flags & LDISC_FLAG_DEFINED)
725 {
726 /* If the module is being unloaded we can't use it */
727 if (!try_module_get(ld->owner))
728 ld = NULL;
729 else /* lock it */
730 ld->refcount++;
731 }
732 else
733 ld = NULL;
734 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
735 return ld;
736}
737
738EXPORT_SYMBOL_GPL(tty_ldisc_get);
739
af9b897e
AC		 740/**
741 * tty_ldisc_put - drop ldisc reference
742 * @disc: ldisc number
743 *
744 * Drop a reference to a line discipline. Manage refcounts and
745 * module usage counts
746 *
747 * Locking:
748 * takes tty_ldisc_lock to guard against ldisc races
749 */
750
1da177e4
LT		 751void tty_ldisc_put(int disc)
752{
753 struct tty_ldisc *ld;
754 unsigned long flags;
755
56ee4827 756 BUG_ON(disc < N_TTY || disc >= NR_LDISCS);
1da177e4
LT		 757
758 spin_lock_irqsave(&tty_ldisc_lock, flags);
759 ld = &tty_ldiscs[disc];
56ee4827
ES		 760 BUG_ON(ld->refcount == 0);
761 ld->refcount--;
1da177e4
LT		 762 module_put(ld->owner);
763 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
764}
765
766EXPORT_SYMBOL_GPL(tty_ldisc_put);
767
af9b897e
AC		 768/**
769 * tty_ldisc_assign - set ldisc on a tty
770 * @tty: tty to assign
771 * @ld: line discipline
772 *
773 * Install an instance of a line discipline into a tty structure. The
774 * ldisc must have a reference count above zero to ensure it remains/
775 * The tty instance refcount starts at zero.
776 *
777 * Locking:
778 * Caller must hold references
779 */
780
1da177e4
LT		 781static void tty_ldisc_assign(struct tty_struct *tty, struct tty_ldisc *ld)
782{
783 tty->ldisc = *ld;
784 tty->ldisc.refcount = 0;
785}
786
787/**
788 * tty_ldisc_try - internal helper
789 * @tty: the tty
790 *
791 * Make a single attempt to grab and bump the refcount on
792 * the tty ldisc. Return 0 on failure or 1 on success. This is
793 * used to implement both the waiting and non waiting versions
794 * of tty_ldisc_ref
af9b897e
AC		 795 *
796 * Locking: takes tty_ldisc_lock
1da177e4
LT		 797 */
798
799static int tty_ldisc_try(struct tty_struct *tty)
800{
801 unsigned long flags;
802 struct tty_ldisc *ld;
803 int ret = 0;
804
805 spin_lock_irqsave(&tty_ldisc_lock, flags);
806 ld = &tty->ldisc;
807 if(test_bit(TTY_LDISC, &tty->flags))
808 {
809 ld->refcount++;
810 ret = 1;
811 }
812 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
813 return ret;
814}
815
816/**
817 * tty_ldisc_ref_wait - wait for the tty ldisc
818 * @tty: tty device
819 *
820 * Dereference the line discipline for the terminal and take a
821 * reference to it. If the line discipline is in flux then
822 * wait patiently until it changes.
823 *
824 * Note: Must not be called from an IRQ/timer context. The caller
825 * must also be careful not to hold other locks that will deadlock
826 * against a discipline change, such as an existing ldisc reference
827 * (which we check for)
af9b897e
AC		 828 *
829 * Locking: call functions take tty_ldisc_lock
1da177e4
LT		 830 */
831
832struct tty_ldisc *tty_ldisc_ref_wait(struct tty_struct *tty)
833{
834 /* wait_event is a macro */
835 wait_event(tty_ldisc_wait, tty_ldisc_try(tty));
836 if(tty->ldisc.refcount == 0)
837 printk(KERN_ERR "tty_ldisc_ref_wait\n");
838 return &tty->ldisc;
839}
840
841EXPORT_SYMBOL_GPL(tty_ldisc_ref_wait);
842
843/**
844 * tty_ldisc_ref - get the tty ldisc
845 * @tty: tty device
846 *
847 * Dereference the line discipline for the terminal and take a
848 * reference to it. If the line discipline is in flux then
849 * return NULL. Can be called from IRQ and timer functions.
af9b897e
AC		 850 *
851 * Locking: called functions take tty_ldisc_lock
1da177e4
LT		 852 */
853
854struct tty_ldisc *tty_ldisc_ref(struct tty_struct *tty)
855{
856 if(tty_ldisc_try(tty))
857 return &tty->ldisc;
858 return NULL;
859}
860
861EXPORT_SYMBOL_GPL(tty_ldisc_ref);
862
863/**
864 * tty_ldisc_deref - free a tty ldisc reference
865 * @ld: reference to free up
866 *
867 * Undoes the effect of tty_ldisc_ref or tty_ldisc_ref_wait. May
868 * be called in IRQ context.
af9b897e
AC		 869 *
870 * Locking: takes tty_ldisc_lock
1da177e4
LT		 871 */
872
873void tty_ldisc_deref(struct tty_ldisc *ld)
874{
875 unsigned long flags;
876
56ee4827 877 BUG_ON(ld == NULL);
1da177e4
LT		 878
879 spin_lock_irqsave(&tty_ldisc_lock, flags);
880 if(ld->refcount == 0)
881 printk(KERN_ERR "tty_ldisc_deref: no references.\n");
882 else
883 ld->refcount--;
884 if(ld->refcount == 0)
885 wake_up(&tty_ldisc_wait);
886 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
887}
888
889EXPORT_SYMBOL_GPL(tty_ldisc_deref);
890
891/**
892 * tty_ldisc_enable - allow ldisc use
893 * @tty: terminal to activate ldisc on
894 *
895 * Set the TTY_LDISC flag when the line discipline can be called
896 * again. Do neccessary wakeups for existing sleepers.
897 *
898 * Note: nobody should set this bit except via this function. Clearing
899 * directly is allowed.
900 */
901
902static void tty_ldisc_enable(struct tty_struct *tty)
903{
904 set_bit(TTY_LDISC, &tty->flags);
905 wake_up(&tty_ldisc_wait);
906}
907
908/**
909 * tty_set_ldisc - set line discipline
910 * @tty: the terminal to set
911 * @ldisc: the line discipline
912 *
913 * Set the discipline of a tty line. Must be called from a process
914 * context.
af9b897e
AC		 915 *
916 * Locking: takes tty_ldisc_lock.
917 * called functions take termios_sem
1da177e4
LT		 918 */
919
920static int tty_set_ldisc(struct tty_struct *tty, int ldisc)
921{
ff55fe20
JB		 922 int retval = 0;
923 struct tty_ldisc o_ldisc;
1da177e4
LT		 924 char buf[64];
925 int work;
926 unsigned long flags;
927 struct tty_ldisc *ld;
ff55fe20 928 struct tty_struct *o_tty;
1da177e4
LT		 929
930 if ((ldisc < N_TTY) || (ldisc >= NR_LDISCS))
931 return -EINVAL;
932
933restart:
934
1da177e4
LT		 935 ld = tty_ldisc_get(ldisc);
936 /* Eduardo Blanco <ejbs@cs.cs.com.uy> */
937 /* Cyrus Durgin <cider@speakeasy.org> */
938 if (ld == NULL) {
939 request_module("tty-ldisc-%d", ldisc);
940 ld = tty_ldisc_get(ldisc);
941 }
942 if (ld == NULL)
943 return -EINVAL;
944
33f0f88f
AC		 945 /*
946 * No more input please, we are switching. The new ldisc
947 * will update this value in the ldisc open function
948 */
949
950 tty->receive_room = 0;
951
952 /*
953 * Problem: What do we do if this blocks ?
954 */
955
1da177e4
LT		 956 tty_wait_until_sent(tty, 0);
957
ff55fe20
JB		 958 if (tty->ldisc.num == ldisc) {
959 tty_ldisc_put(ldisc);
960 return 0;
961 }
962
963 o_ldisc = tty->ldisc;
964 o_tty = tty->link;
965
1da177e4
LT		 966 /*
967 * Make sure we don't change while someone holds a
968 * reference to the line discipline. The TTY_LDISC bit
969 * prevents anyone taking a reference once it is clear.
970 * We need the lock to avoid racing reference takers.
971 */
ff55fe20 972
1da177e4 973 spin_lock_irqsave(&tty_ldisc_lock, flags);
ff55fe20
JB		 974 if (tty->ldisc.refcount || (o_tty && o_tty->ldisc.refcount)) {
975 if(tty->ldisc.refcount) {
976 /* Free the new ldisc we grabbed. Must drop the lock
977 first. */
978 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
979 tty_ldisc_put(ldisc);
980 /*
981 * There are several reasons we may be busy, including
982 * random momentary I/O traffic. We must therefore
983 * retry. We could distinguish between blocking ops
984 * and retries if we made tty_ldisc_wait() smarter. That
985 * is up for discussion.
986 */
987 if (wait_event_interruptible(tty_ldisc_wait, tty->ldisc.refcount == 0) < 0)
988 return -ERESTARTSYS;
989 goto restart;
990 }
991 if(o_tty && o_tty->ldisc.refcount) {
992 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
993 tty_ldisc_put(ldisc);
994 if (wait_event_interruptible(tty_ldisc_wait, o_tty->ldisc.refcount == 0) < 0)
995 return -ERESTARTSYS;
996 goto restart;
997 }
998 }
999
1000 /* if the TTY_LDISC bit is set, then we are racing against another ldisc change */
1001
1002 if (!test_bit(TTY_LDISC, &tty->flags)) {
1da177e4
LT		 1003 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1004 tty_ldisc_put(ldisc);
ff55fe20
JB		 1005 ld = tty_ldisc_ref_wait(tty);
1006 tty_ldisc_deref(ld);
1da177e4
LT		 1007 goto restart;
1008 }
ff55fe20
JB		 1009
1010 clear_bit(TTY_LDISC, &tty->flags);
817d6d3b 1011 if (o_tty)
ff55fe20 1012 clear_bit(TTY_LDISC, &o_tty->flags);
1da177e4 1013 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
ff55fe20 1014
1da177e4
LT		 1015 /*
1016 * From this point on we know nobody has an ldisc
1017 * usage reference, nor can they obtain one until
1018 * we say so later on.
1019 */
ff55fe20 1020
33f0f88f 1021 work = cancel_delayed_work(&tty->buf.work);
1da177e4 1022 /*
33f0f88f 1023 * Wait for ->hangup_work and ->buf.work handlers to terminate
1da177e4
LT		 1024 */
1025
1026 flush_scheduled_work();
1027 /* Shutdown the current discipline. */
1028 if (tty->ldisc.close)
1029 (tty->ldisc.close)(tty);
1030
1031 /* Now set up the new line discipline. */
1032 tty_ldisc_assign(tty, ld);
1033 tty_set_termios_ldisc(tty, ldisc);
1034 if (tty->ldisc.open)
1035 retval = (tty->ldisc.open)(tty);
1036 if (retval < 0) {
1037 tty_ldisc_put(ldisc);
1038 /* There is an outstanding reference here so this is safe */
1039 tty_ldisc_assign(tty, tty_ldisc_get(o_ldisc.num));
1040 tty_set_termios_ldisc(tty, tty->ldisc.num);
1041 if (tty->ldisc.open && (tty->ldisc.open(tty) < 0)) {
1042 tty_ldisc_put(o_ldisc.num);
1043 /* This driver is always present */
1044 tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
1045 tty_set_termios_ldisc(tty, N_TTY);
1046 if (tty->ldisc.open) {
1047 int r = tty->ldisc.open(tty);
1048
1049 if (r < 0)
1050 panic("Couldn't open N_TTY ldisc for "
1051 "%s --- error %d.",
1052 tty_name(tty, buf), r);
1053 }
1054 }
1055 }
1056 /* At this point we hold a reference to the new ldisc and a
1057 a reference to the old ldisc. If we ended up flipping back
1058 to the existing ldisc we have two references to it */
1059
1060 if (tty->ldisc.num != o_ldisc.num && tty->driver->set_ldisc)
1061 tty->driver->set_ldisc(tty);
1062
1063 tty_ldisc_put(o_ldisc.num);
1064
1065 /*
1066 * Allow ldisc referencing to occur as soon as the driver
1067 * ldisc callback completes.
1068 */
1069
1070 tty_ldisc_enable(tty);
ff55fe20
JB		 1071 if (o_tty)
1072 tty_ldisc_enable(o_tty);
1da177e4
LT		 1073
1074 /* Restart it in case no characters kick it off. Safe if
1075 already running */
ff55fe20 1076 if (work)
33f0f88f 1077 schedule_delayed_work(&tty->buf.work, 1);
1da177e4
LT		 1078 return retval;
1079}
1080
af9b897e
AC		 1081/**
1082 * get_tty_driver - find device of a tty
1083 * @dev_t: device identifier
1084 * @index: returns the index of the tty
1085 *
1086 * This routine returns a tty driver structure, given a device number
1087 * and also passes back the index number.
1088 *
1089 * Locking: caller must hold tty_mutex
1da177e4 1090 */
af9b897e 1091
1da177e4
LT		 1092static struct tty_driver *get_tty_driver(dev_t device, int *index)
1093{
1094 struct tty_driver *p;
1095
1096 list_for_each_entry(p, &tty_drivers, tty_drivers) {
1097 dev_t base = MKDEV(p->major, p->minor_start);
1098 if (device < base || device >= base + p->num)
1099 continue;
1100 *index = device - base;
1101 return p;
1102 }
1103 return NULL;
1104}
1105
af9b897e
AC		 1106/**
1107 * tty_check_change - check for POSIX terminal changes
1108 * @tty: tty to check
1109 *
1110 * If we try to write to, or set the state of, a terminal and we're
1111 * not in the foreground, send a SIGTTOU. If the signal is blocked or
1112 * ignored, go ahead and perform the operation. (POSIX 7.2)
1113 *
1114 * Locking: none
1da177e4 1115 */
af9b897e 1116
1da177e4
LT		 1117int tty_check_change(struct tty_struct * tty)
1118{
1119 if (current->signal->tty != tty)
1120 return 0;
1121 if (tty->pgrp <= 0) {
1122 printk(KERN_WARNING "tty_check_change: tty->pgrp <= 0!\n");
1123 return 0;
1124 }
1125 if (process_group(current) == tty->pgrp)
1126 return 0;
1127 if (is_ignored(SIGTTOU))
1128 return 0;
1129 if (is_orphaned_pgrp(process_group(current)))
1130 return -EIO;
1131 (void) kill_pg(process_group(current), SIGTTOU, 1);
1132 return -ERESTARTSYS;
1133}
1134
1135EXPORT_SYMBOL(tty_check_change);
1136
1137static ssize_t hung_up_tty_read(struct file * file, char __user * buf,
1138 size_t count, loff_t *ppos)
1139{
1140 return 0;
1141}
1142
1143static ssize_t hung_up_tty_write(struct file * file, const char __user * buf,
1144 size_t count, loff_t *ppos)
1145{
1146 return -EIO;
1147}
1148
1149/* No kernel lock held - none needed ;) */
1150static unsigned int hung_up_tty_poll(struct file * filp, poll_table * wait)
1151{
1152 return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
1153}
1154
1155static int hung_up_tty_ioctl(struct inode * inode, struct file * file,
1156 unsigned int cmd, unsigned long arg)
1157{
1158 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
1159}
1160
62322d25 1161static const struct file_operations tty_fops = {
1da177e4
LT		 1162 .llseek = no_llseek,
1163 .read = tty_read,
1164 .write = tty_write,
1165 .poll = tty_poll,
1166 .ioctl = tty_ioctl,
1167 .open = tty_open,
1168 .release = tty_release,
1169 .fasync = tty_fasync,
1170};
1171
1172#ifdef CONFIG_UNIX98_PTYS
62322d25 1173static const struct file_operations ptmx_fops = {
1da177e4
LT		 1174 .llseek = no_llseek,
1175 .read = tty_read,
1176 .write = tty_write,
1177 .poll = tty_poll,
1178 .ioctl = tty_ioctl,
1179 .open = ptmx_open,
1180 .release = tty_release,
1181 .fasync = tty_fasync,
1182};
1183#endif
1184
62322d25 1185static const struct file_operations console_fops = {
1da177e4
LT		 1186 .llseek = no_llseek,
1187 .read = tty_read,
1188 .write = redirected_tty_write,
1189 .poll = tty_poll,
1190 .ioctl = tty_ioctl,
1191 .open = tty_open,
1192 .release = tty_release,
1193 .fasync = tty_fasync,
1194};
1195
62322d25 1196static const struct file_operations hung_up_tty_fops = {
1da177e4
LT		 1197 .llseek = no_llseek,
1198 .read = hung_up_tty_read,
1199 .write = hung_up_tty_write,
1200 .poll = hung_up_tty_poll,
1201 .ioctl = hung_up_tty_ioctl,
1202 .release = tty_release,
1203};
1204
1205static DEFINE_SPINLOCK(redirect_lock);
1206static struct file *redirect;
1207
1208/**
1209 * tty_wakeup - request more data
1210 * @tty: terminal
1211 *
1212 * Internal and external helper for wakeups of tty. This function
1213 * informs the line discipline if present that the driver is ready
1214 * to receive more output data.
1215 */
1216
1217void tty_wakeup(struct tty_struct *tty)
1218{
1219 struct tty_ldisc *ld;
1220
1221 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
1222 ld = tty_ldisc_ref(tty);
1223 if(ld) {
1224 if(ld->write_wakeup)
1225 ld->write_wakeup(tty);
1226 tty_ldisc_deref(ld);
1227 }
1228 }
1229 wake_up_interruptible(&tty->write_wait);
1230}
1231
1232EXPORT_SYMBOL_GPL(tty_wakeup);
1233
1234/**
1235 * tty_ldisc_flush - flush line discipline queue
1236 * @tty: tty
1237 *
1238 * Flush the line discipline queue (if any) for this tty. If there
1239 * is no line discipline active this is a no-op.
1240 */
1241
1242void tty_ldisc_flush(struct tty_struct *tty)
1243{
1244 struct tty_ldisc *ld = tty_ldisc_ref(tty);
1245 if(ld) {
1246 if(ld->flush_buffer)
1247 ld->flush_buffer(tty);
1248 tty_ldisc_deref(ld);
1249 }
1250}
1251
1252EXPORT_SYMBOL_GPL(tty_ldisc_flush);
1253
af9b897e
AC		 1254/**
1255 * do_tty_hangup - actual handler for hangup events
1256 * @data: tty device
1257 *
1258 * This can be called by the "eventd" kernel thread. That is process
1259 * synchronous but doesn't hold any locks, so we need to make sure we
1260 * have the appropriate locks for what we're doing.
1261 *
1262 * The hangup event clears any pending redirections onto the hung up
1263 * device. It ensures future writes will error and it does the needed
1264 * line discipline hangup and signal delivery. The tty object itself
1265 * remains intact.
1266 *
1267 * Locking:
1268 * BKL
1269 * redirect lock for undoing redirection
1270 * file list lock for manipulating list of ttys
1271 * tty_ldisc_lock from called functions
1272 * termios_sem resetting termios data
1273 * tasklist_lock to walk task list for hangup event
1274 *
1da177e4
LT		 1275 */
1276static void do_tty_hangup(void *data)
1277{
1278 struct tty_struct *tty = (struct tty_struct *) data;
1279 struct file * cons_filp = NULL;
1280 struct file *filp, *f = NULL;
1281 struct task_struct *p;
1282 struct tty_ldisc *ld;
1283 int closecount = 0, n;
1284
1285 if (!tty)
1286 return;
1287
1288 /* inuse_filps is protected by the single kernel lock */
1289 lock_kernel();
1290
1291 spin_lock(&redirect_lock);
1292 if (redirect && redirect->private_data == tty) {
1293 f = redirect;
1294 redirect = NULL;
1295 }
1296 spin_unlock(&redirect_lock);
1297
1298 check_tty_count(tty, "do_tty_hangup");
1299 file_list_lock();
1300 /* This breaks for file handles being sent over AF_UNIX sockets ? */
2f512016 1301 list_for_each_entry(filp, &tty->tty_files, f_u.fu_list) {
1da177e4
LT		 1302 if (filp->f_op->write == redirected_tty_write)
1303 cons_filp = filp;
1304 if (filp->f_op->write != tty_write)
1305 continue;
1306 closecount++;
1307 tty_fasync(-1, filp, 0); /* can't block */
1308 filp->f_op = &hung_up_tty_fops;
1309 }
1310 file_list_unlock();
1311
1312 /* FIXME! What are the locking issues here? This may me overdoing things..
1313 * this question is especially important now that we've removed the irqlock. */
1314
1315 ld = tty_ldisc_ref(tty);
1316 if(ld != NULL) /* We may have no line discipline at this point */
1317 {
1318 if (ld->flush_buffer)
1319 ld->flush_buffer(tty);
1320 if (tty->driver->flush_buffer)
1321 tty->driver->flush_buffer(tty);
1322 if ((test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) &&
1323 ld->write_wakeup)
1324 ld->write_wakeup(tty);
1325 if (ld->hangup)
1326 ld->hangup(tty);
1327 }
1328
1329 /* FIXME: Once we trust the LDISC code better we can wait here for
1330 ldisc completion and fix the driver call race */
1331
1332 wake_up_interruptible(&tty->write_wait);
1333 wake_up_interruptible(&tty->read_wait);
1334
1335 /*
1336 * Shutdown the current line discipline, and reset it to
1337 * N_TTY.
1338 */
1339 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1340 {
1341 down(&tty->termios_sem);
1342 *tty->termios = tty->driver->init_termios;
1343 up(&tty->termios_sem);
1344 }
1345
1346 /* Defer ldisc switch */
1347 /* tty_deferred_ldisc_switch(N_TTY);
1348
1349 This should get done automatically when the port closes and
1350 tty_release is called */
1351
1352 read_lock(&tasklist_lock);
1353 if (tty->session > 0) {
1354 do_each_task_pid(tty->session, PIDTYPE_SID, p) {
1355 if (p->signal->tty == tty)
1356 p->signal->tty = NULL;
1357 if (!p->signal->leader)
1358 continue;
f96a795d
EB		 1359 group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
1360 group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
1da177e4
LT		 1361 if (tty->pgrp > 0)
1362 p->signal->tty_old_pgrp = tty->pgrp;
1363 } while_each_task_pid(tty->session, PIDTYPE_SID, p);
1364 }
1365 read_unlock(&tasklist_lock);
1366
1367 tty->flags = 0;
1368 tty->session = 0;
1369 tty->pgrp = -1;
1370 tty->ctrl_status = 0;
1371 /*
1372 * If one of the devices matches a console pointer, we
1373 * cannot just call hangup() because that will cause
1374 * tty->count and state->count to go out of sync.
1375 * So we just call close() the right number of times.
1376 */
1377 if (cons_filp) {
1378 if (tty->driver->close)
1379 for (n = 0; n < closecount; n++)
1380 tty->driver->close(tty, cons_filp);
1381 } else if (tty->driver->hangup)
1382 (tty->driver->hangup)(tty);
1383
1384 /* We don't want to have driver/ldisc interactions beyond
1385 the ones we did here. The driver layer expects no
1386 calls after ->hangup() from the ldisc side. However we
1387 can't yet guarantee all that */
1388
1389 set_bit(TTY_HUPPED, &tty->flags);
1390 if (ld) {
1391 tty_ldisc_enable(tty);
1392 tty_ldisc_deref(ld);
1393 }
1394 unlock_kernel();
1395 if (f)
1396 fput(f);
1397}
1398
af9b897e
AC		 1399/**
1400 * tty_hangup - trigger a hangup event
1401 * @tty: tty to hangup
1402 *
1403 * A carrier loss (virtual or otherwise) has occurred on this like
1404 * schedule a hangup sequence to run after this event.
1405 */
1406
1da177e4
LT		 1407void tty_hangup(struct tty_struct * tty)
1408{
1409#ifdef TTY_DEBUG_HANGUP
1410 char buf[64];
1411
1412 printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
1413#endif
1414 schedule_work(&tty->hangup_work);
1415}
1416
1417EXPORT_SYMBOL(tty_hangup);
1418
af9b897e
AC		 1419/**
1420 * tty_vhangup - process vhangup
1421 * @tty: tty to hangup
1422 *
1423 * The user has asked via system call for the terminal to be hung up.
1424 * We do this synchronously so that when the syscall returns the process
1425 * is complete. That guarantee is neccessary for security reasons.
1426 */
1427
1da177e4
LT		 1428void tty_vhangup(struct tty_struct * tty)
1429{
1430#ifdef TTY_DEBUG_HANGUP
1431 char buf[64];
1432
1433 printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
1434#endif
1435 do_tty_hangup((void *) tty);
1436}
1437EXPORT_SYMBOL(tty_vhangup);
1438
af9b897e
AC		 1439/**
1440 * tty_hung_up_p - was tty hung up
1441 * @filp: file pointer of tty
1442 *
1443 * Return true if the tty has been subject to a vhangup or a carrier
1444 * loss
1445 */
1446
1da177e4
LT		 1447int tty_hung_up_p(struct file * filp)
1448{
1449 return (filp->f_op == &hung_up_tty_fops);
1450}
1451
1452EXPORT_SYMBOL(tty_hung_up_p);
1453
af9b897e
AC		 1454/**
1455 * disassociate_ctty - disconnect controlling tty
1456 * @on_exit: true if exiting so need to "hang up" the session
1da177e4 1457 *
af9b897e
AC		 1458 * This function is typically called only by the session leader, when
1459 * it wants to disassociate itself from its controlling tty.
1460 *
1461 * It performs the following functions:
1da177e4
LT		 1462 * (1) Sends a SIGHUP and SIGCONT to the foreground process group
1463 * (2) Clears the tty from being controlling the session
1464 * (3) Clears the controlling tty for all processes in the
1465 * session group.
1466 *
af9b897e
AC		 1467 * The argument on_exit is set to 1 if called when a process is
1468 * exiting; it is 0 if called by the ioctl TIOCNOTTY.
1469 *
1470 * Locking: tty_mutex is taken to protect current->signal->tty
1471 * BKL is taken for hysterical raisins
1472 * Tasklist lock is taken (under tty_mutex) to walk process
1473 * lists for the session.
1da177e4 1474 */
af9b897e 1475
1da177e4
LT		 1476void disassociate_ctty(int on_exit)
1477{
1478 struct tty_struct *tty;
1479 struct task_struct *p;
1480 int tty_pgrp = -1;
1481
1482 lock_kernel();
1483
70522e12 1484 mutex_lock(&tty_mutex);
1da177e4
LT		 1485 tty = current->signal->tty;
1486 if (tty) {
1487 tty_pgrp = tty->pgrp;
70522e12 1488 mutex_unlock(&tty_mutex);
1da177e4
LT		 1489 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY)
1490 tty_vhangup(tty);
1491 } else {
1492 if (current->signal->tty_old_pgrp) {
1493 kill_pg(current->signal->tty_old_pgrp, SIGHUP, on_exit);
1494 kill_pg(current->signal->tty_old_pgrp, SIGCONT, on_exit);
1495 }
70522e12 1496 mutex_unlock(&tty_mutex);
1da177e4
LT		 1497 unlock_kernel();
1498 return;
1499 }
1500 if (tty_pgrp > 0) {
1501 kill_pg(tty_pgrp, SIGHUP, on_exit);
1502 if (!on_exit)
1503 kill_pg(tty_pgrp, SIGCONT, on_exit);
1504 }
1505
1506 /* Must lock changes to tty_old_pgrp */
70522e12 1507 mutex_lock(&tty_mutex);
1da177e4
LT		 1508 current->signal->tty_old_pgrp = 0;
1509 tty->session = 0;
1510 tty->pgrp = -1;
1511
1512 /* Now clear signal->tty under the lock */
1513 read_lock(&tasklist_lock);
1514 do_each_task_pid(current->signal->session, PIDTYPE_SID, p) {
1515 p->signal->tty = NULL;
1516 } while_each_task_pid(current->signal->session, PIDTYPE_SID, p);
1517 read_unlock(&tasklist_lock);
70522e12 1518 mutex_unlock(&tty_mutex);
1da177e4
LT		 1519 unlock_kernel();
1520}
1521
af9b897e
AC		 1522
1523/**
1524 * stop_tty - propogate flow control
1525 * @tty: tty to stop
1526 *
1527 * Perform flow control to the driver. For PTY/TTY pairs we
1528 * must also propogate the TIOCKPKT status. May be called
1529 * on an already stopped device and will not re-call the driver
1530 * method.
1531 *
1532 * This functionality is used by both the line disciplines for
1533 * halting incoming flow and by the driver. It may therefore be
1534 * called from any context, may be under the tty atomic_write_lock
1535 * but not always.
1536 *
1537 * Locking:
1538 * Broken. Relies on BKL which is unsafe here.
1539 */
1540
1da177e4
LT		 1541void stop_tty(struct tty_struct *tty)
1542{
1543 if (tty->stopped)
1544 return;
1545 tty->stopped = 1;
1546 if (tty->link && tty->link->packet) {
1547 tty->ctrl_status &= ~TIOCPKT_START;
1548 tty->ctrl_status |= TIOCPKT_STOP;
1549 wake_up_interruptible(&tty->link->read_wait);
1550 }
1551 if (tty->driver->stop)
1552 (tty->driver->stop)(tty);
1553}
1554
1555EXPORT_SYMBOL(stop_tty);
1556
af9b897e
AC		 1557/**
1558 * start_tty - propogate flow control
1559 * @tty: tty to start
1560 *
1561 * Start a tty that has been stopped if at all possible. Perform
1562 * any neccessary wakeups and propogate the TIOCPKT status. If this
1563 * is the tty was previous stopped and is being started then the
1564 * driver start method is invoked and the line discipline woken.
1565 *
1566 * Locking:
1567 * Broken. Relies on BKL which is unsafe here.
1568 */
1569
1da177e4
LT		 1570void start_tty(struct tty_struct *tty)
1571{
1572 if (!tty->stopped || tty->flow_stopped)
1573 return;
1574 tty->stopped = 0;
1575 if (tty->link && tty->link->packet) {
1576 tty->ctrl_status &= ~TIOCPKT_STOP;
1577 tty->ctrl_status |= TIOCPKT_START;
1578 wake_up_interruptible(&tty->link->read_wait);
1579 }
1580 if (tty->driver->start)
1581 (tty->driver->start)(tty);
1582
1583 /* If we have a running line discipline it may need kicking */
1584 tty_wakeup(tty);
1585 wake_up_interruptible(&tty->write_wait);
1586}
1587
1588EXPORT_SYMBOL(start_tty);
1589
af9b897e
AC		 1590/**
1591 * tty_read - read method for tty device files
1592 * @file: pointer to tty file
1593 * @buf: user buffer
1594 * @count: size of user buffer
1595 * @ppos: unused
1596 *
1597 * Perform the read system call function on this terminal device. Checks
1598 * for hung up devices before calling the line discipline method.
1599 *
1600 * Locking:
1601 * Locks the line discipline internally while needed
1602 * For historical reasons the line discipline read method is
1603 * invoked under the BKL. This will go away in time so do not rely on it
1604 * in new code. Multiple read calls may be outstanding in parallel.
1605 */
1606
1da177e4
LT		 1607static ssize_t tty_read(struct file * file, char __user * buf, size_t count,
1608 loff_t *ppos)
1609{
1610 int i;
1611 struct tty_struct * tty;
1612 struct inode *inode;
1613 struct tty_ldisc *ld;
1614
1615 tty = (struct tty_struct *)file->private_data;
1616 inode = file->f_dentry->d_inode;
1617 if (tty_paranoia_check(tty, inode, "tty_read"))
1618 return -EIO;
1619 if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
1620 return -EIO;
1621
1622 /* We want to wait for the line discipline to sort out in this
1623 situation */
1624 ld = tty_ldisc_ref_wait(tty);
1625 lock_kernel();
1626 if (ld->read)
1627 i = (ld->read)(tty,file,buf,count);
1628 else
1629 i = -EIO;
1630 tty_ldisc_deref(ld);
1631 unlock_kernel();
1632 if (i > 0)
1633 inode->i_atime = current_fs_time(inode->i_sb);
1634 return i;
1635}
1636
1637/*
1638 * Split writes up in sane blocksizes to avoid
1639 * denial-of-service type attacks
1640 */
1641static inline ssize_t do_tty_write(
1642 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1643 struct tty_struct *tty,
1644 struct file *file,
1645 const char __user *buf,
1646 size_t count)
1647{
1648 ssize_t ret = 0, written = 0;
1649 unsigned int chunk;
1650
af9b897e 1651 /* FIXME: O_NDELAY ... */
70522e12 1652 if (mutex_lock_interruptible(&tty->atomic_write_lock)) {
1da177e4
LT		 1653 return -ERESTARTSYS;
1654 }
1655
1656 /*
1657 * We chunk up writes into a temporary buffer. This
1658 * simplifies low-level drivers immensely, since they
1659 * don't have locking issues and user mode accesses.
1660 *
1661 * But if TTY_NO_WRITE_SPLIT is set, we should use a
1662 * big chunk-size..
1663 *
1664 * The default chunk-size is 2kB, because the NTTY
1665 * layer has problems with bigger chunks. It will
1666 * claim to be able to handle more characters than
1667 * it actually does.
af9b897e
AC		 1668 *
1669 * FIXME: This can probably go away now except that 64K chunks
1670 * are too likely to fail unless switched to vmalloc...
1da177e4
LT		 1671 */
1672 chunk = 2048;
1673 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1674 chunk = 65536;
1675 if (count < chunk)
1676 chunk = count;
1677
70522e12 1678 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1da177e4
LT		 1679 if (tty->write_cnt < chunk) {
1680 unsigned char *buf;
1681
1682 if (chunk < 1024)
1683 chunk = 1024;
1684
1685 buf = kmalloc(chunk, GFP_KERNEL);
1686 if (!buf) {
70522e12 1687 mutex_unlock(&tty->atomic_write_lock);
1da177e4
LT		 1688 return -ENOMEM;
1689 }
1690 kfree(tty->write_buf);
1691 tty->write_cnt = chunk;
1692 tty->write_buf = buf;
1693 }
1694
1695 /* Do the write .. */
1696 for (;;) {
1697 size_t size = count;
1698 if (size > chunk)
1699 size = chunk;
1700 ret = -EFAULT;
1701 if (copy_from_user(tty->write_buf, buf, size))
1702 break;
1703 lock_kernel();
1704 ret = write(tty, file, tty->write_buf, size);
1705 unlock_kernel();
1706 if (ret <= 0)
1707 break;
1708 written += ret;
1709 buf += ret;
1710 count -= ret;
1711 if (!count)
1712 break;
1713 ret = -ERESTARTSYS;
1714 if (signal_pending(current))
1715 break;
1716 cond_resched();
1717 }
1718 if (written) {
1719 struct inode *inode = file->f_dentry->d_inode;
1720 inode->i_mtime = current_fs_time(inode->i_sb);
1721 ret = written;
1722 }
70522e12 1723 mutex_unlock(&tty->atomic_write_lock);
1da177e4
LT		 1724 return ret;
1725}
1726
1727
af9b897e
AC		 1728/**
1729 * tty_write - write method for tty device file
1730 * @file: tty file pointer
1731 * @buf: user data to write
1732 * @count: bytes to write
1733 * @ppos: unused
1734 *
1735 * Write data to a tty device via the line discipline.
1736 *
1737 * Locking:
1738 * Locks the line discipline as required
1739 * Writes to the tty driver are serialized by the atomic_write_lock
1740 * and are then processed in chunks to the device. The line discipline
1741 * write method will not be involked in parallel for each device
1742 * The line discipline write method is called under the big
1743 * kernel lock for historical reasons. New code should not rely on this.
1744 */
1745
1da177e4
LT		 1746static ssize_t tty_write(struct file * file, const char __user * buf, size_t count,
1747 loff_t *ppos)
1748{
1749 struct tty_struct * tty;
1750 struct inode *inode = file->f_dentry->d_inode;
1751 ssize_t ret;
1752 struct tty_ldisc *ld;
1753
1754 tty = (struct tty_struct *)file->private_data;
1755 if (tty_paranoia_check(tty, inode, "tty_write"))
1756 return -EIO;
1757 if (!tty || !tty->driver->write || (test_bit(TTY_IO_ERROR, &tty->flags)))
1758 return -EIO;
1759
1760 ld = tty_ldisc_ref_wait(tty);
1761 if (!ld->write)
1762 ret = -EIO;
1763 else
1764 ret = do_tty_write(ld->write, tty, file, buf, count);
1765 tty_ldisc_deref(ld);
1766 return ret;
1767}
1768
1769ssize_t redirected_tty_write(struct file * file, const char __user * buf, size_t count,
1770 loff_t *ppos)
1771{
1772 struct file *p = NULL;
1773
1774 spin_lock(&redirect_lock);
1775 if (redirect) {
1776 get_file(redirect);
1777 p = redirect;
1778 }
1779 spin_unlock(&redirect_lock);
1780
1781 if (p) {
1782 ssize_t res;
1783 res = vfs_write(p, buf, count, &p->f_pos);
1784 fput(p);
1785 return res;
1786 }
1787
1788 return tty_write(file, buf, count, ppos);
1789}
1790
1791static char ptychar[] = "pqrstuvwxyzabcde";
1792
af9b897e
AC		 1793/**
1794 * pty_line_name - generate name for a pty
1795 * @driver: the tty driver in use
1796 * @index: the minor number
1797 * @p: output buffer of at least 6 bytes
1798 *
1799 * Generate a name from a driver reference and write it to the output
1800 * buffer.
1801 *
1802 * Locking: None
1803 */
1804static void pty_line_name(struct tty_driver *driver, int index, char *p)
1da177e4
LT		 1805{
1806 int i = index + driver->name_base;
1807 /* ->name is initialized to "ttyp", but "tty" is expected */
1808 sprintf(p, "%s%c%x",
1809 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1810 ptychar[i >> 4 & 0xf], i & 0xf);
1811}
1812
af9b897e
AC		 1813/**
1814 * pty_line_name - generate name for a tty
1815 * @driver: the tty driver in use
1816 * @index: the minor number
1817 * @p: output buffer of at least 7 bytes
1818 *
1819 * Generate a name from a driver reference and write it to the output
1820 * buffer.
1821 *
1822 * Locking: None
1823 */
1824static void tty_line_name(struct tty_driver *driver, int index, char *p)
1da177e4
LT		 1825{
1826 sprintf(p, "%s%d", driver->name, index + driver->name_base);
1827}
1828
af9b897e
AC		 1829/**
1830 * init_dev - initialise a tty device
1831 * @driver: tty driver we are opening a device on
1832 * @idx: device index
1833 * @tty: returned tty structure
1834 *
1835 * Prepare a tty device. This may not be a "new" clean device but
1836 * could also be an active device. The pty drivers require special
1837 * handling because of this.
1838 *
1839 * Locking:
1840 * The function is called under the tty_mutex, which
1841 * protects us from the tty struct or driver itself going away.
1842 *
1843 * On exit the tty device has the line discipline attached and
1844 * a reference count of 1. If a pair was created for pty/tty use
1845 * and the other was a pty master then it too has a reference count of 1.
1846 *
1da177e4 1847 * WSH 06/09/97: Rewritten to remove races and properly clean up after a
70522e12
IM		 1848 * failed open. The new code protects the open with a mutex, so it's
1849 * really quite straightforward. The mutex locking can probably be
1da177e4
LT		 1850 * relaxed for the (most common) case of reopening a tty.
1851 */
af9b897e 1852
1da177e4
LT		 1853static int init_dev(struct tty_driver *driver, int idx,
1854 struct tty_struct **ret_tty)
1855{
1856 struct tty_struct *tty, *o_tty;
1857 struct termios *tp, **tp_loc, *o_tp, **o_tp_loc;
1858 struct termios *ltp, **ltp_loc, *o_ltp, **o_ltp_loc;
af9b897e 1859 int retval = 0;
1da177e4
LT		 1860
1861 /* check whether we're reopening an existing tty */
1862 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1863 tty = devpts_get_tty(idx);
1864 if (tty && driver->subtype == PTY_TYPE_MASTER)
1865 tty = tty->link;
1866 } else {
1867 tty = driver->ttys[idx];
1868 }
1869 if (tty) goto fast_track;
1870
1871 /*
1872 * First time open is complex, especially for PTY devices.
1873 * This code guarantees that either everything succeeds and the
1874 * TTY is ready for operation, or else the table slots are vacated
1875 * and the allocated memory released. (Except that the termios
1876 * and locked termios may be retained.)
1877 */
1878
1879 if (!try_module_get(driver->owner)) {
1880 retval = -ENODEV;
1881 goto end_init;
1882 }
1883
1884 o_tty = NULL;
1885 tp = o_tp = NULL;
1886 ltp = o_ltp = NULL;
1887
1888 tty = alloc_tty_struct();
1889 if(!tty)
1890 goto fail_no_mem;
1891 initialize_tty_struct(tty);
1892 tty->driver = driver;
1893 tty->index = idx;
1894 tty_line_name(driver, idx, tty->name);
1895
1896 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1897 tp_loc = &tty->termios;
1898 ltp_loc = &tty->termios_locked;
1899 } else {
1900 tp_loc = &driver->termios[idx];
1901 ltp_loc = &driver->termios_locked[idx];
1902 }
1903
1904 if (!*tp_loc) {
1905 tp = (struct termios *) kmalloc(sizeof(struct termios),
1906 GFP_KERNEL);
1907 if (!tp)
1908 goto free_mem_out;
1909 *tp = driver->init_termios;
1910 }
1911
1912 if (!*ltp_loc) {
1913 ltp = (struct termios *) kmalloc(sizeof(struct termios),
1914 GFP_KERNEL);
1915 if (!ltp)
1916 goto free_mem_out;
1917 memset(ltp, 0, sizeof(struct termios));
1918 }
1919
1920 if (driver->type == TTY_DRIVER_TYPE_PTY) {
1921 o_tty = alloc_tty_struct();
1922 if (!o_tty)
1923 goto free_mem_out;
1924 initialize_tty_struct(o_tty);
1925 o_tty->driver = driver->other;
1926 o_tty->index = idx;
1927 tty_line_name(driver->other, idx, o_tty->name);
1928
1929 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1930 o_tp_loc = &o_tty->termios;
1931 o_ltp_loc = &o_tty->termios_locked;
1932 } else {
1933 o_tp_loc = &driver->other->termios[idx];
1934 o_ltp_loc = &driver->other->termios_locked[idx];
1935 }
1936
1937 if (!*o_tp_loc) {
1938 o_tp = (struct termios *)
1939 kmalloc(sizeof(struct termios), GFP_KERNEL);
1940 if (!o_tp)
1941 goto free_mem_out;
1942 *o_tp = driver->other->init_termios;
1943 }
1944
1945 if (!*o_ltp_loc) {
1946 o_ltp = (struct termios *)
1947 kmalloc(sizeof(struct termios), GFP_KERNEL);
1948 if (!o_ltp)
1949 goto free_mem_out;
1950 memset(o_ltp, 0, sizeof(struct termios));
1951 }
1952
1953 /*
1954 * Everything allocated ... set up the o_tty structure.
1955 */
1956 if (!(driver->other->flags & TTY_DRIVER_DEVPTS_MEM)) {
1957 driver->other->ttys[idx] = o_tty;
1958 }
1959 if (!*o_tp_loc)
1960 *o_tp_loc = o_tp;
1961 if (!*o_ltp_loc)
1962 *o_ltp_loc = o_ltp;
1963 o_tty->termios = *o_tp_loc;
1964 o_tty->termios_locked = *o_ltp_loc;
1965 driver->other->refcount++;
1966 if (driver->subtype == PTY_TYPE_MASTER)
1967 o_tty->count++;
1968
1969 /* Establish the links in both directions */
1970 tty->link = o_tty;
1971 o_tty->link = tty;
1972 }
1973
1974 /*
1975 * All structures have been allocated, so now we install them.
1976 * Failures after this point use release_mem to clean up, so
1977 * there's no need to null out the local pointers.
1978 */
1979 if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
1980 driver->ttys[idx] = tty;
1981 }
1982
1983 if (!*tp_loc)
1984 *tp_loc = tp;
1985 if (!*ltp_loc)
1986 *ltp_loc = ltp;
1987 tty->termios = *tp_loc;
1988 tty->termios_locked = *ltp_loc;
1989 driver->refcount++;
1990 tty->count++;
1991
1992 /*
1993 * Structures all installed ... call the ldisc open routines.
1994 * If we fail here just call release_mem to clean up. No need
1995 * to decrement the use counts, as release_mem doesn't care.
1996 */
1997
1998 if (tty->ldisc.open) {
1999 retval = (tty->ldisc.open)(tty);
2000 if (retval)
2001 goto release_mem_out;
2002 }
2003 if (o_tty && o_tty->ldisc.open) {
2004 retval = (o_tty->ldisc.open)(o_tty);
2005 if (retval) {
2006 if (tty->ldisc.close)
2007 (tty->ldisc.close)(tty);
2008 goto release_mem_out;
2009 }
2010 tty_ldisc_enable(o_tty);
2011 }
2012 tty_ldisc_enable(tty);
2013 goto success;
2014
2015 /*
2016 * This fast open can be used if the tty is already open.
2017 * No memory is allocated, and the only failures are from
2018 * attempting to open a closing tty or attempting multiple
2019 * opens on a pty master.
2020 */
2021fast_track:
2022 if (test_bit(TTY_CLOSING, &tty->flags)) {
2023 retval = -EIO;
2024 goto end_init;
2025 }
2026 if (driver->type == TTY_DRIVER_TYPE_PTY &&
2027 driver->subtype == PTY_TYPE_MASTER) {
2028 /*
2029 * special case for PTY masters: only one open permitted,
2030 * and the slave side open count is incremented as well.
2031 */
2032 if (tty->count) {
2033 retval = -EIO;
2034 goto end_init;
2035 }
2036 tty->link->count++;
2037 }
2038 tty->count++;
2039 tty->driver = driver; /* N.B. why do this every time?? */
2040
2041 /* FIXME */
2042 if(!test_bit(TTY_LDISC, &tty->flags))
2043 printk(KERN_ERR "init_dev but no ldisc\n");
2044success:
2045 *ret_tty = tty;
2046
70522e12 2047 /* All paths come through here to release the mutex */
1da177e4
LT		 2048end_init:
2049 return retval;
2050
2051 /* Release locally allocated memory ... nothing placed in slots */
2052free_mem_out:
735d5661 2053 kfree(o_tp);
1da177e4
LT		 2054 if (o_tty)
2055 free_tty_struct(o_tty);
735d5661
JJ		 2056 kfree(ltp);
2057 kfree(tp);
1da177e4
LT		 2058 free_tty_struct(tty);
2059
2060fail_no_mem:
2061 module_put(driver->owner);
2062 retval = -ENOMEM;
2063 goto end_init;
2064
2065 /* call the tty release_mem routine to clean out this slot */
2066release_mem_out:
2067 printk(KERN_INFO "init_dev: ldisc open failed, "
2068 "clearing slot %d\n", idx);
2069 release_mem(tty, idx);
2070 goto end_init;
2071}
2072
af9b897e
AC		 2073/**
2074 * release_mem - release tty structure memory
2075 *
2076 * Releases memory associated with a tty structure, and clears out the
2077 * driver table slots. This function is called when a device is no longer
2078 * in use. It also gets called when setup of a device fails.
2079 *
2080 * Locking:
2081 * tty_mutex - sometimes only
2082 * takes the file list lock internally when working on the list
2083 * of ttys that the driver keeps.
2084 * FIXME: should we require tty_mutex is held here ??
1da177e4 2085 */
af9b897e 2086
1da177e4
LT		 2087static void release_mem(struct tty_struct *tty, int idx)
2088{
2089 struct tty_struct *o_tty;
2090 struct termios *tp;
2091 int devpts = tty->driver->flags & TTY_DRIVER_DEVPTS_MEM;
2092
2093 if ((o_tty = tty->link) != NULL) {
2094 if (!devpts)
2095 o_tty->driver->ttys[idx] = NULL;
2096 if (o_tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
2097 tp = o_tty->termios;
2098 if (!devpts)
2099 o_tty->driver->termios[idx] = NULL;
2100 kfree(tp);
2101
2102 tp = o_tty->termios_locked;
2103 if (!devpts)
2104 o_tty->driver->termios_locked[idx] = NULL;
2105 kfree(tp);
2106 }
2107 o_tty->magic = 0;
2108 o_tty->driver->refcount--;
2109 file_list_lock();
2110 list_del_init(&o_tty->tty_files);
2111 file_list_unlock();
2112 free_tty_struct(o_tty);
2113 }
2114
2115 if (!devpts)
2116 tty->driver->ttys[idx] = NULL;
2117 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
2118 tp = tty->termios;
2119 if (!devpts)
2120 tty->driver->termios[idx] = NULL;
2121 kfree(tp);
2122
2123 tp = tty->termios_locked;
2124 if (!devpts)
2125 tty->driver->termios_locked[idx] = NULL;
2126 kfree(tp);
2127 }
2128
2129 tty->magic = 0;
2130 tty->driver->refcount--;
2131 file_list_lock();
2132 list_del_init(&tty->tty_files);
2133 file_list_unlock();
2134 module_put(tty->driver->owner);
2135 free_tty_struct(tty);
2136}
2137
2138/*
2139 * Even releasing the tty structures is a tricky business.. We have
2140 * to be very careful that the structures are all released at the
2141 * same time, as interrupts might otherwise get the wrong pointers.
2142 *
2143 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
2144 * lead to double frees or releasing memory still in use.
2145 */
2146static void release_dev(struct file * filp)
2147{
2148 struct tty_struct *tty, *o_tty;
2149 int pty_master, tty_closing, o_tty_closing, do_sleep;
14a6283e 2150 int devpts;
1da177e4
LT		 2151 int idx;
2152 char buf[64];
2153 unsigned long flags;
2154
2155 tty = (struct tty_struct *)filp->private_data;
2156 if (tty_paranoia_check(tty, filp->f_dentry->d_inode, "release_dev"))
2157 return;
2158
2159 check_tty_count(tty, "release_dev");
2160
2161 tty_fasync(-1, filp, 0);
2162
2163 idx = tty->index;
2164 pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2165 tty->driver->subtype == PTY_TYPE_MASTER);
2166 devpts = (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) != 0;
1da177e4
LT		 2167 o_tty = tty->link;
2168
2169#ifdef TTY_PARANOIA_CHECK
2170 if (idx < 0 || idx >= tty->driver->num) {
2171 printk(KERN_DEBUG "release_dev: bad idx when trying to "
2172 "free (%s)\n", tty->name);
2173 return;
2174 }
2175 if (!(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2176 if (tty != tty->driver->ttys[idx]) {
2177 printk(KERN_DEBUG "release_dev: driver.table[%d] not tty "
2178 "for (%s)\n", idx, tty->name);
2179 return;
2180 }
2181 if (tty->termios != tty->driver->termios[idx]) {
2182 printk(KERN_DEBUG "release_dev: driver.termios[%d] not termios "
2183 "for (%s)\n",
2184 idx, tty->name);
2185 return;
2186 }
2187 if (tty->termios_locked != tty->driver->termios_locked[idx]) {
2188 printk(KERN_DEBUG "release_dev: driver.termios_locked[%d] not "
2189 "termios_locked for (%s)\n",
2190 idx, tty->name);
2191 return;
2192 }
2193 }
2194#endif
2195
2196#ifdef TTY_DEBUG_HANGUP
2197 printk(KERN_DEBUG "release_dev of %s (tty count=%d)...",
2198 tty_name(tty, buf), tty->count);
2199#endif
2200
2201#ifdef TTY_PARANOIA_CHECK
2202 if (tty->driver->other &&
2203 !(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2204 if (o_tty != tty->driver->other->ttys[idx]) {
2205 printk(KERN_DEBUG "release_dev: other->table[%d] "
2206 "not o_tty for (%s)\n",
2207 idx, tty->name);
2208 return;
2209 }
2210 if (o_tty->termios != tty->driver->other->termios[idx]) {
2211 printk(KERN_DEBUG "release_dev: other->termios[%d] "
2212 "not o_termios for (%s)\n",
2213 idx, tty->name);
2214 return;
2215 }
2216 if (o_tty->termios_locked !=
2217 tty->driver->other->termios_locked[idx]) {
2218 printk(KERN_DEBUG "release_dev: other->termios_locked["
2219 "%d] not o_termios_locked for (%s)\n",
2220 idx, tty->name);
2221 return;
2222 }
2223 if (o_tty->link != tty) {
2224 printk(KERN_DEBUG "release_dev: bad pty pointers\n");
2225 return;
2226 }
2227 }
2228#endif
2229 if (tty->driver->close)
2230 tty->driver->close(tty, filp);
2231
2232 /*
2233 * Sanity check: if tty->count is going to zero, there shouldn't be
2234 * any waiters on tty->read_wait or tty->write_wait. We test the
2235 * wait queues and kick everyone out _before_ actually starting to
2236 * close. This ensures that we won't block while releasing the tty
2237 * structure.
2238 *
2239 * The test for the o_tty closing is necessary, since the master and
2240 * slave sides may close in any order. If the slave side closes out
2241 * first, its count will be one, since the master side holds an open.
2242 * Thus this test wouldn't be triggered at the time the slave closes,
2243 * so we do it now.
2244 *
2245 * Note that it's possible for the tty to be opened again while we're
2246 * flushing out waiters. By recalculating the closing flags before
2247 * each iteration we avoid any problems.
2248 */
2249 while (1) {
2250 /* Guard against races with tty->count changes elsewhere and
2251 opens on /dev/tty */
2252
70522e12 2253 mutex_lock(&tty_mutex);
1da177e4
LT		 2254 tty_closing = tty->count <= 1;
2255 o_tty_closing = o_tty &&
2256 (o_tty->count <= (pty_master ? 1 : 0));
1da177e4
LT		 2257 do_sleep = 0;
2258
2259 if (tty_closing) {
2260 if (waitqueue_active(&tty->read_wait)) {
2261 wake_up(&tty->read_wait);
2262 do_sleep++;
2263 }
2264 if (waitqueue_active(&tty->write_wait)) {
2265 wake_up(&tty->write_wait);
2266 do_sleep++;
2267 }
2268 }
2269 if (o_tty_closing) {
2270 if (waitqueue_active(&o_tty->read_wait)) {
2271 wake_up(&o_tty->read_wait);
2272 do_sleep++;
2273 }
2274 if (waitqueue_active(&o_tty->write_wait)) {
2275 wake_up(&o_tty->write_wait);
2276 do_sleep++;
2277 }
2278 }
2279 if (!do_sleep)
2280 break;
2281
2282 printk(KERN_WARNING "release_dev: %s: read/write wait queue "
2283 "active!\n", tty_name(tty, buf));
70522e12 2284 mutex_unlock(&tty_mutex);
1da177e4
LT		 2285 schedule();
2286 }
2287
2288 /*
2289 * The closing flags are now consistent with the open counts on
2290 * both sides, and we've completed the last operation that could
2291 * block, so it's safe to proceed with closing.
2292 */
1da177e4
LT		 2293 if (pty_master) {
2294 if (--o_tty->count < 0) {
2295 printk(KERN_WARNING "release_dev: bad pty slave count "
2296 "(%d) for %s\n",
2297 o_tty->count, tty_name(o_tty, buf));
2298 o_tty->count = 0;
2299 }
2300 }
2301 if (--tty->count < 0) {
2302 printk(KERN_WARNING "release_dev: bad tty->count (%d) for %s\n",
2303 tty->count, tty_name(tty, buf));
2304 tty->count = 0;
2305 }
1da177e4
LT		 2306
2307 /*
2308 * We've decremented tty->count, so we need to remove this file
2309 * descriptor off the tty->tty_files list; this serves two
2310 * purposes:
2311 * - check_tty_count sees the correct number of file descriptors
2312 * associated with this tty.
2313 * - do_tty_hangup no longer sees this file descriptor as
2314 * something that needs to be handled for hangups.
2315 */
2316 file_kill(filp);
2317 filp->private_data = NULL;
2318
2319 /*
2320 * Perform some housekeeping before deciding whether to return.
2321 *
2322 * Set the TTY_CLOSING flag if this was the last open. In the
2323 * case of a pty we may have to wait around for the other side
2324 * to close, and TTY_CLOSING makes sure we can't be reopened.
2325 */
2326 if(tty_closing)
2327 set_bit(TTY_CLOSING, &tty->flags);
2328 if(o_tty_closing)
2329 set_bit(TTY_CLOSING, &o_tty->flags);
2330
2331 /*
2332 * If _either_ side is closing, make sure there aren't any
2333 * processes that still think tty or o_tty is their controlling
2334 * tty.
2335 */
2336 if (tty_closing || o_tty_closing) {
2337 struct task_struct *p;
2338
2339 read_lock(&tasklist_lock);
2340 do_each_task_pid(tty->session, PIDTYPE_SID, p) {
2341 p->signal->tty = NULL;
2342 } while_each_task_pid(tty->session, PIDTYPE_SID, p);
2343 if (o_tty)
2344 do_each_task_pid(o_tty->session, PIDTYPE_SID, p) {
2345 p->signal->tty = NULL;
2346 } while_each_task_pid(o_tty->session, PIDTYPE_SID, p);
2347 read_unlock(&tasklist_lock);
2348 }
2349
70522e12 2350 mutex_unlock(&tty_mutex);
da965822 2351
1da177e4
LT		 2352 /* check whether both sides are closing ... */
2353 if (!tty_closing || (o_tty && !o_tty_closing))
2354 return;
2355
2356#ifdef TTY_DEBUG_HANGUP
2357 printk(KERN_DEBUG "freeing tty structure...");
2358#endif
2359 /*
2360 * Prevent flush_to_ldisc() from rescheduling the work for later. Then
2361 * kill any delayed work. As this is the final close it does not
2362 * race with the set_ldisc code path.
2363 */
2364 clear_bit(TTY_LDISC, &tty->flags);
33f0f88f 2365 cancel_delayed_work(&tty->buf.work);
1da177e4
LT		 2366
2367 /*
33f0f88f 2368 * Wait for ->hangup_work and ->buf.work handlers to terminate
1da177e4
LT		 2369 */
2370
2371 flush_scheduled_work();
2372
2373 /*
2374 * Wait for any short term users (we know they are just driver
2375 * side waiters as the file is closing so user count on the file
2376 * side is zero.
2377 */
2378 spin_lock_irqsave(&tty_ldisc_lock, flags);
2379 while(tty->ldisc.refcount)
2380 {
2381 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
2382 wait_event(tty_ldisc_wait, tty->ldisc.refcount == 0);
2383 spin_lock_irqsave(&tty_ldisc_lock, flags);
2384 }
2385 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
2386 /*
2387 * Shutdown the current line discipline, and reset it to N_TTY.
2388 * N.B. why reset ldisc when we're releasing the memory??
2389 *
2390 * FIXME: this MUST get fixed for the new reflocking
2391 */
2392 if (tty->ldisc.close)
2393 (tty->ldisc.close)(tty);
2394 tty_ldisc_put(tty->ldisc.num);
2395
2396 /*
2397 * Switch the line discipline back
2398 */
2399 tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
2400 tty_set_termios_ldisc(tty,N_TTY);
2401 if (o_tty) {
2402 /* FIXME: could o_tty be in setldisc here ? */
2403 clear_bit(TTY_LDISC, &o_tty->flags);
2404 if (o_tty->ldisc.close)
2405 (o_tty->ldisc.close)(o_tty);
2406 tty_ldisc_put(o_tty->ldisc.num);
2407 tty_ldisc_assign(o_tty, tty_ldisc_get(N_TTY));
2408 tty_set_termios_ldisc(o_tty,N_TTY);
2409 }
2410 /*
2411 * The release_mem function takes care of the details of clearing
2412 * the slots and preserving the termios structure.
2413 */
2414 release_mem(tty, idx);
2415
2416#ifdef CONFIG_UNIX98_PTYS
2417 /* Make this pty number available for reallocation */
2418 if (devpts) {
2419 down(&allocated_ptys_lock);
2420 idr_remove(&allocated_ptys, idx);
2421 up(&allocated_ptys_lock);
2422 }
2423#endif
2424
2425}
2426
af9b897e
AC		 2427/**
2428 * tty_open - open a tty device
2429 * @inode: inode of device file
2430 * @filp: file pointer to tty
1da177e4 2431 *
af9b897e
AC		 2432 * tty_open and tty_release keep up the tty count that contains the
2433 * number of opens done on a tty. We cannot use the inode-count, as
2434 * different inodes might point to the same tty.
1da177e4 2435 *
af9b897e
AC		 2436 * Open-counting is needed for pty masters, as well as for keeping
2437 * track of serial lines: DTR is dropped when the last close happens.
2438 * (This is not done solely through tty->count, now. - Ted 1/27/92)
2439 *
2440 * The termios state of a pty is reset on first open so that
2441 * settings don't persist across reuse.
2442 *
2443 * Locking: tty_mutex protects current->signal->tty, get_tty_driver and
2444 * init_dev work. tty->count should protect the rest.
2445 * task_lock is held to update task details for sessions
1da177e4 2446 */
af9b897e 2447
1da177e4
LT		 2448static int tty_open(struct inode * inode, struct file * filp)
2449{
2450 struct tty_struct *tty;
2451 int noctty, retval;
2452 struct tty_driver *driver;
2453 int index;
2454 dev_t device = inode->i_rdev;
2455 unsigned short saved_flags = filp->f_flags;
2456
2457 nonseekable_open(inode, filp);
2458
2459retry_open:
2460 noctty = filp->f_flags & O_NOCTTY;
2461 index = -1;
2462 retval = 0;
2463
70522e12 2464 mutex_lock(&tty_mutex);
1da177e4
LT		 2465
2466 if (device == MKDEV(TTYAUX_MAJOR,0)) {
2467 if (!current->signal->tty) {
70522e12 2468 mutex_unlock(&tty_mutex);
1da177e4
LT		 2469 return -ENXIO;
2470 }
2471 driver = current->signal->tty->driver;
2472 index = current->signal->tty->index;
2473 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
2474 /* noctty = 1; */
2475 goto got_driver;
2476 }
2477#ifdef CONFIG_VT
2478 if (device == MKDEV(TTY_MAJOR,0)) {
2479 extern struct tty_driver *console_driver;
2480 driver = console_driver;
2481 index = fg_console;
2482 noctty = 1;
2483 goto got_driver;
2484 }
2485#endif
2486 if (device == MKDEV(TTYAUX_MAJOR,1)) {
2487 driver = console_device(&index);
2488 if (driver) {
2489 /* Don't let /dev/console block */
2490 filp->f_flags |= O_NONBLOCK;
2491 noctty = 1;
2492 goto got_driver;
2493 }
70522e12 2494 mutex_unlock(&tty_mutex);
1da177e4
LT		 2495 return -ENODEV;
2496 }
2497
2498 driver = get_tty_driver(device, &index);
2499 if (!driver) {
70522e12 2500 mutex_unlock(&tty_mutex);
1da177e4
LT		 2501 return -ENODEV;
2502 }
2503got_driver:
2504 retval = init_dev(driver, index, &tty);
70522e12 2505 mutex_unlock(&tty_mutex);
1da177e4
LT		 2506 if (retval)
2507 return retval;
2508
2509 filp->private_data = tty;
2510 file_move(filp, &tty->tty_files);
2511 check_tty_count(tty, "tty_open");
2512 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2513 tty->driver->subtype == PTY_TYPE_MASTER)
2514 noctty = 1;
2515#ifdef TTY_DEBUG_HANGUP
2516 printk(KERN_DEBUG "opening %s...", tty->name);
2517#endif
2518 if (!retval) {
2519 if (tty->driver->open)
2520 retval = tty->driver->open(tty, filp);
2521 else
2522 retval = -ENODEV;
2523 }
2524 filp->f_flags = saved_flags;
2525
2526 if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN))
2527 retval = -EBUSY;
2528
2529 if (retval) {
2530#ifdef TTY_DEBUG_HANGUP
2531 printk(KERN_DEBUG "error %d in opening %s...", retval,
2532 tty->name);
2533#endif
2534 release_dev(filp);
2535 if (retval != -ERESTARTSYS)
2536 return retval;
2537 if (signal_pending(current))
2538 return retval;
2539 schedule();
2540 /*
2541 * Need to reset f_op in case a hangup happened.
2542 */
2543 if (filp->f_op == &hung_up_tty_fops)
2544 filp->f_op = &tty_fops;
2545 goto retry_open;
2546 }
2547 if (!noctty &&
2548 current->signal->leader &&
2549 !current->signal->tty &&
2550 tty->session == 0) {
2551 task_lock(current);
2552 current->signal->tty = tty;
2553 task_unlock(current);
2554 current->signal->tty_old_pgrp = 0;
2555 tty->session = current->signal->session;
2556 tty->pgrp = process_group(current);
2557 }
2558 return 0;
2559}
2560
2561#ifdef CONFIG_UNIX98_PTYS
af9b897e
AC		 2562/**
2563 * ptmx_open - open a unix 98 pty master
2564 * @inode: inode of device file
2565 * @filp: file pointer to tty
2566 *
2567 * Allocate a unix98 pty master device from the ptmx driver.
2568 *
2569 * Locking: tty_mutex protects theinit_dev work. tty->count should
2570 protect the rest.
2571 * allocated_ptys_lock handles the list of free pty numbers
2572 */
2573
1da177e4
LT		 2574static int ptmx_open(struct inode * inode, struct file * filp)
2575{
2576 struct tty_struct *tty;
2577 int retval;
2578 int index;
2579 int idr_ret;
2580
2581 nonseekable_open(inode, filp);
2582
2583 /* find a device that is not in use. */
2584 down(&allocated_ptys_lock);
2585 if (!idr_pre_get(&allocated_ptys, GFP_KERNEL)) {
2586 up(&allocated_ptys_lock);
2587 return -ENOMEM;
2588 }
2589 idr_ret = idr_get_new(&allocated_ptys, NULL, &index);
2590 if (idr_ret < 0) {
2591 up(&allocated_ptys_lock);
2592 if (idr_ret == -EAGAIN)
2593 return -ENOMEM;
2594 return -EIO;
2595 }
2596 if (index >= pty_limit) {
2597 idr_remove(&allocated_ptys, index);
2598 up(&allocated_ptys_lock);
2599 return -EIO;
2600 }
2601 up(&allocated_ptys_lock);
2602
70522e12 2603 mutex_lock(&tty_mutex);
1da177e4 2604 retval = init_dev(ptm_driver, index, &tty);
70522e12 2605 mutex_unlock(&tty_mutex);
1da177e4
LT		 2606
2607 if (retval)
2608 goto out;
2609
2610 set_bit(TTY_PTY_LOCK, &tty->flags); /* LOCK THE SLAVE */
2611 filp->private_data = tty;
2612 file_move(filp, &tty->tty_files);
2613
2614 retval = -ENOMEM;
2615 if (devpts_pty_new(tty->link))
2616 goto out1;
2617
2618 check_tty_count(tty, "tty_open");
2619 retval = ptm_driver->open(tty, filp);
2620 if (!retval)
2621 return 0;
2622out1:
2623 release_dev(filp);
9453a5ad 2624 return retval;
1da177e4
LT		 2625out:
2626 down(&allocated_ptys_lock);
2627 idr_remove(&allocated_ptys, index);
2628 up(&allocated_ptys_lock);
2629 return retval;
2630}
2631#endif
2632
af9b897e
AC		 2633/**
2634 * tty_release - vfs callback for close
2635 * @inode: inode of tty
2636 * @filp: file pointer for handle to tty
2637 *
2638 * Called the last time each file handle is closed that references
2639 * this tty. There may however be several such references.
2640 *
2641 * Locking:
2642 * Takes bkl. See release_dev
2643 */
2644
1da177e4
LT		 2645static int tty_release(struct inode * inode, struct file * filp)
2646{
2647 lock_kernel();
2648 release_dev(filp);
2649 unlock_kernel();
2650 return 0;
2651}
2652
af9b897e
AC		 2653/**
2654 * tty_poll - check tty status
2655 * @filp: file being polled
2656 * @wait: poll wait structures to update
2657 *
2658 * Call the line discipline polling method to obtain the poll
2659 * status of the device.
2660 *
2661 * Locking: locks called line discipline but ldisc poll method
2662 * may be re-entered freely by other callers.
2663 */
2664
1da177e4
LT		 2665static unsigned int tty_poll(struct file * filp, poll_table * wait)
2666{
2667 struct tty_struct * tty;
2668 struct tty_ldisc *ld;
2669 int ret = 0;
2670
2671 tty = (struct tty_struct *)filp->private_data;
2672 if (tty_paranoia_check(tty, filp->f_dentry->d_inode, "tty_poll"))
2673 return 0;
2674
2675 ld = tty_ldisc_ref_wait(tty);
2676 if (ld->poll)
2677 ret = (ld->poll)(tty, filp, wait);
2678 tty_ldisc_deref(ld);
2679 return ret;
2680}
2681
2682static int tty_fasync(int fd, struct file * filp, int on)
2683{
2684 struct tty_struct * tty;
2685 int retval;
2686
2687 tty = (struct tty_struct *)filp->private_data;
2688 if (tty_paranoia_check(tty, filp->f_dentry->d_inode, "tty_fasync"))
2689 return 0;
2690
2691 retval = fasync_helper(fd, filp, on, &tty->fasync);
2692 if (retval <= 0)
2693 return retval;
2694
2695 if (on) {
2696 if (!waitqueue_active(&tty->read_wait))
2697 tty->minimum_to_wake = 1;
2698 retval = f_setown(filp, (-tty->pgrp) ? : current->pid, 0);
2699 if (retval)
2700 return retval;
2701 } else {
2702 if (!tty->fasync && !waitqueue_active(&tty->read_wait))
2703 tty->minimum_to_wake = N_TTY_BUF_SIZE;
2704 }
2705 return 0;
2706}
2707
af9b897e
AC		 2708/**
2709 * tiocsti - fake input character
2710 * @tty: tty to fake input into
2711 * @p: pointer to character
2712 *
2713 * Fake input to a tty device. Does the neccessary locking and
2714 * input management.
2715 *
2716 * FIXME: does not honour flow control ??
2717 *
2718 * Locking:
2719 * Called functions take tty_ldisc_lock
2720 * current->signal->tty check is safe without locks
2721 */
2722
1da177e4
LT		 2723static int tiocsti(struct tty_struct *tty, char __user *p)
2724{
2725 char ch, mbz = 0;
2726 struct tty_ldisc *ld;
2727
2728 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2729 return -EPERM;
2730 if (get_user(ch, p))
2731 return -EFAULT;
2732 ld = tty_ldisc_ref_wait(tty);
2733 ld->receive_buf(tty, &ch, &mbz, 1);
2734 tty_ldisc_deref(ld);
2735 return 0;
2736}
2737
af9b897e
AC		 2738/**
2739 * tiocgwinsz - implement window query ioctl
2740 * @tty; tty
2741 * @arg: user buffer for result
2742 *
808a0d38 2743 * Copies the kernel idea of the window size into the user buffer.
af9b897e 2744 *
808a0d38
AC		 2745 * Locking: tty->termios_sem is taken to ensure the winsize data
2746 * is consistent.
af9b897e
AC		 2747 */
2748
1da177e4
LT		 2749static int tiocgwinsz(struct tty_struct *tty, struct winsize __user * arg)
2750{
808a0d38
AC		 2751 int err;
2752
2753 down(&tty->termios_sem);
2754 err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2755 up(&tty->termios_sem);
2756
2757 return err ? -EFAULT: 0;
1da177e4
LT		 2758}
2759
af9b897e
AC		 2760/**
2761 * tiocswinsz - implement window size set ioctl
2762 * @tty; tty
2763 * @arg: user buffer for result
2764 *
2765 * Copies the user idea of the window size to the kernel. Traditionally
2766 * this is just advisory information but for the Linux console it
2767 * actually has driver level meaning and triggers a VC resize.
2768 *
2769 * Locking:
ca9bda00
AC		 2770 * Called function use the console_sem is used to ensure we do
2771 * not try and resize the console twice at once.
2772 * The tty->termios_sem is used to ensure we don't double
2773 * resize and get confused. Lock order - tty->termios.sem before
2774 * console sem
af9b897e
AC		 2775 */
2776
1da177e4
LT		 2777static int tiocswinsz(struct tty_struct *tty, struct tty_struct *real_tty,
2778 struct winsize __user * arg)
2779{
2780 struct winsize tmp_ws;
2781
2782 if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2783 return -EFAULT;
ca9bda00
AC		 2784
2785 down(&tty->termios_sem);
1da177e4 2786 if (!memcmp(&tmp_ws, &tty->winsize, sizeof(*arg)))
ca9bda00
AC		 2787 goto done;
2788
1da177e4
LT		 2789#ifdef CONFIG_VT
2790 if (tty->driver->type == TTY_DRIVER_TYPE_CONSOLE) {
ca9bda00
AC		 2791 if (vc_lock_resize(tty->driver_data, tmp_ws.ws_col, tmp_ws.ws_row)) {
2792 up(&tty->termios_sem);
2793 return -ENXIO;
2794 }
1da177e4
LT		 2795 }
2796#endif
2797 if (tty->pgrp > 0)
2798 kill_pg(tty->pgrp, SIGWINCH, 1);
2799 if ((real_tty->pgrp != tty->pgrp) && (real_tty->pgrp > 0))
2800 kill_pg(real_tty->pgrp, SIGWINCH, 1);
2801 tty->winsize = tmp_ws;
2802 real_tty->winsize = tmp_ws;
ca9bda00
AC		 2803done:
2804 up(&tty->termios_sem);
1da177e4
LT		 2805 return 0;
2806}
2807
af9b897e
AC		 2808/**
2809 * tioccons - allow admin to move logical console
2810 * @file: the file to become console
2811 *
2812 * Allow the adminstrator to move the redirected console device
2813 *
2814 * Locking: uses redirect_lock to guard the redirect information
2815 */
2816
1da177e4
LT		 2817static int tioccons(struct file *file)
2818{
2819 if (!capable(CAP_SYS_ADMIN))
2820 return -EPERM;
2821 if (file->f_op->write == redirected_tty_write) {
2822 struct file *f;
2823 spin_lock(&redirect_lock);
2824 f = redirect;
2825 redirect = NULL;
2826 spin_unlock(&redirect_lock);
2827 if (f)
2828 fput(f);
2829 return 0;
2830 }
2831 spin_lock(&redirect_lock);
2832 if (redirect) {
2833 spin_unlock(&redirect_lock);
2834 return -EBUSY;
2835 }
2836 get_file(file);
2837 redirect = file;
2838 spin_unlock(&redirect_lock);
2839 return 0;
2840}
2841
af9b897e
AC		 2842/**
2843 * fionbio - non blocking ioctl
2844 * @file: file to set blocking value
2845 * @p: user parameter
2846 *
2847 * Historical tty interfaces had a blocking control ioctl before
2848 * the generic functionality existed. This piece of history is preserved
2849 * in the expected tty API of posix OS's.
2850 *
2851 * Locking: none, the open fle handle ensures it won't go away.
2852 */
1da177e4
LT		 2853
2854static int fionbio(struct file *file, int __user *p)
2855{
2856 int nonblock;
2857
2858 if (get_user(nonblock, p))
2859 return -EFAULT;
2860
2861 if (nonblock)
2862 file->f_flags |= O_NONBLOCK;
2863 else
2864 file->f_flags &= ~O_NONBLOCK;
2865 return 0;
2866}
2867
af9b897e
AC		 2868/**
2869 * tiocsctty - set controlling tty
2870 * @tty: tty structure
2871 * @arg: user argument
2872 *
2873 * This ioctl is used to manage job control. It permits a session
2874 * leader to set this tty as the controlling tty for the session.
2875 *
2876 * Locking:
2877 * Takes tasklist lock internally to walk sessions
2878 * Takes task_lock() when updating signal->tty
2879 *
2880 * FIXME: tty_mutex is needed to protect signal->tty references.
2881 * FIXME: why task_lock on the signal->tty reference ??
2882 *
2883 */
2884
1da177e4
LT		 2885static int tiocsctty(struct tty_struct *tty, int arg)
2886{
36c8b586 2887 struct task_struct *p;
1da177e4
LT		 2888
2889 if (current->signal->leader &&
2890 (current->signal->session == tty->session))
2891 return 0;
2892 /*
2893 * The process must be a session leader and
2894 * not have a controlling tty already.
2895 */
2896 if (!current->signal->leader || current->signal->tty)
2897 return -EPERM;
2898 if (tty->session > 0) {
2899 /*
2900 * This tty is already the controlling
2901 * tty for another session group!
2902 */
2903 if ((arg == 1) && capable(CAP_SYS_ADMIN)) {
2904 /*
2905 * Steal it away
2906 */
2907
2908 read_lock(&tasklist_lock);
2909 do_each_task_pid(tty->session, PIDTYPE_SID, p) {
2910 p->signal->tty = NULL;
2911 } while_each_task_pid(tty->session, PIDTYPE_SID, p);
2912 read_unlock(&tasklist_lock);
2913 } else
2914 return -EPERM;
2915 }
2916 task_lock(current);
2917 current->signal->tty = tty;
2918 task_unlock(current);
2919 current->signal->tty_old_pgrp = 0;
2920 tty->session = current->signal->session;
2921 tty->pgrp = process_group(current);
2922 return 0;
2923}
2924
af9b897e
AC		 2925/**
2926 * tiocgpgrp - get process group
2927 * @tty: tty passed by user
2928 * @real_tty: tty side of the tty pased by the user if a pty else the tty
2929 * @p: returned pid
2930 *
2931 * Obtain the process group of the tty. If there is no process group
2932 * return an error.
2933 *
2934 * Locking: none. Reference to ->signal->tty is safe.
2935 */
2936
1da177e4
LT		 2937static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2938{
2939 /*
2940 * (tty == real_tty) is a cheap way of
2941 * testing if the tty is NOT a master pty.
2942 */
2943 if (tty == real_tty && current->signal->tty != real_tty)
2944 return -ENOTTY;
2945 return put_user(real_tty->pgrp, p);
2946}
2947
af9b897e
AC		 2948/**
2949 * tiocspgrp - attempt to set process group
2950 * @tty: tty passed by user
2951 * @real_tty: tty side device matching tty passed by user
2952 * @p: pid pointer
2953 *
2954 * Set the process group of the tty to the session passed. Only
2955 * permitted where the tty session is our session.
2956 *
2957 * Locking: None
2958 *
2959 * FIXME: current->signal->tty referencing is unsafe.
2960 */
2961
1da177e4
LT		 2962static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2963{
2964 pid_t pgrp;
2965 int retval = tty_check_change(real_tty);
2966
2967 if (retval == -EIO)
2968 return -ENOTTY;
2969 if (retval)
2970 return retval;
2971 if (!current->signal->tty ||
2972 (current->signal->tty != real_tty) ||
2973 (real_tty->session != current->signal->session))
2974 return -ENOTTY;
2975 if (get_user(pgrp, p))
2976 return -EFAULT;
2977 if (pgrp < 0)
2978 return -EINVAL;
2979 if (session_of_pgrp(pgrp) != current->signal->session)
2980 return -EPERM;
2981 real_tty->pgrp = pgrp;
2982 return 0;
2983}
2984
af9b897e
AC		 2985/**
2986 * tiocgsid - get session id
2987 * @tty: tty passed by user
2988 * @real_tty: tty side of the tty pased by the user if a pty else the tty
2989 * @p: pointer to returned session id
2990 *
2991 * Obtain the session id of the tty. If there is no session
2992 * return an error.
2993 *
2994 * Locking: none. Reference to ->signal->tty is safe.
2995 */
2996
1da177e4
LT		 2997static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2998{
2999 /*
3000 * (tty == real_tty) is a cheap way of
3001 * testing if the tty is NOT a master pty.
3002 */
3003 if (tty == real_tty && current->signal->tty != real_tty)
3004 return -ENOTTY;
3005 if (real_tty->session <= 0)
3006 return -ENOTTY;
3007 return put_user(real_tty->session, p);
3008}
3009
af9b897e
AC		 3010/**
3011 * tiocsetd - set line discipline
3012 * @tty: tty device
3013 * @p: pointer to user data
3014 *
3015 * Set the line discipline according to user request.
3016 *
3017 * Locking: see tty_set_ldisc, this function is just a helper
3018 */
3019
1da177e4
LT		 3020static int tiocsetd(struct tty_struct *tty, int __user *p)
3021{
3022 int ldisc;
3023
3024 if (get_user(ldisc, p))
3025 return -EFAULT;
3026 return tty_set_ldisc(tty, ldisc);
3027}
3028
af9b897e
AC		 3029/**
3030 * send_break - performed time break
3031 * @tty: device to break on
3032 * @duration: timeout in mS
3033 *
3034 * Perform a timed break on hardware that lacks its own driver level
3035 * timed break functionality.
3036 *
3037 * Locking:
3038 * None
3039 *
3040 * FIXME:
3041 * What if two overlap
3042 */
3043
b20f3ae5 3044static int send_break(struct tty_struct *tty, unsigned int duration)
1da177e4
LT		 3045{
3046 tty->driver->break_ctl(tty, -1);
3047 if (!signal_pending(current)) {
b20f3ae5 3048 msleep_interruptible(duration);
1da177e4
LT		 3049 }
3050 tty->driver->break_ctl(tty, 0);
3051 if (signal_pending(current))
3052 return -EINTR;
3053 return 0;
3054}
3055
af9b897e
AC		 3056/**
3057 * tiocmget - get modem status
3058 * @tty: tty device
3059 * @file: user file pointer
3060 * @p: pointer to result
3061 *
3062 * Obtain the modem status bits from the tty driver if the feature
3063 * is supported. Return -EINVAL if it is not available.
3064 *
3065 * Locking: none (up to the driver)
3066 */
3067
3068static int tty_tiocmget(struct tty_struct *tty, struct file *file, int __user *p)
1da177e4
LT		 3069{
3070 int retval = -EINVAL;
3071
3072 if (tty->driver->tiocmget) {
3073 retval = tty->driver->tiocmget(tty, file);
3074
3075 if (retval >= 0)
3076 retval = put_user(retval, p);
3077 }
3078 return retval;
3079}
3080
af9b897e
AC		 3081/**
3082 * tiocmset - set modem status
3083 * @tty: tty device
3084 * @file: user file pointer
3085 * @cmd: command - clear bits, set bits or set all
3086 * @p: pointer to desired bits
3087 *
3088 * Set the modem status bits from the tty driver if the feature
3089 * is supported. Return -EINVAL if it is not available.
3090 *
3091 * Locking: none (up to the driver)
3092 */
3093
3094static int tty_tiocmset(struct tty_struct *tty, struct file *file, unsigned int cmd,
1da177e4
LT		 3095 unsigned __user *p)
3096{
3097 int retval = -EINVAL;
3098
3099 if (tty->driver->tiocmset) {
3100 unsigned int set, clear, val;
3101
3102 retval = get_user(val, p);
3103 if (retval)
3104 return retval;
3105
3106 set = clear = 0;
3107 switch (cmd) {
3108 case TIOCMBIS:
3109 set = val;
3110 break;
3111 case TIOCMBIC:
3112 clear = val;
3113 break;
3114 case TIOCMSET:
3115 set = val;
3116 clear = ~val;
3117 break;
3118 }
3119
3120 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
3121 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
3122
3123 retval = tty->driver->tiocmset(tty, file, set, clear);
3124 }
3125 return retval;
3126}
3127
3128/*
3129 * Split this up, as gcc can choke on it otherwise..
3130 */
3131int tty_ioctl(struct inode * inode, struct file * file,
3132 unsigned int cmd, unsigned long arg)
3133{
3134 struct tty_struct *tty, *real_tty;
3135 void __user *p = (void __user *)arg;
3136 int retval;
3137 struct tty_ldisc *ld;
3138
3139 tty = (struct tty_struct *)file->private_data;
3140 if (tty_paranoia_check(tty, inode, "tty_ioctl"))
3141 return -EINVAL;
3142
3143 real_tty = tty;
3144 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
3145 tty->driver->subtype == PTY_TYPE_MASTER)
3146 real_tty = tty->link;
3147
3148 /*
3149 * Break handling by driver
3150 */
3151 if (!tty->driver->break_ctl) {
3152 switch(cmd) {
3153 case TIOCSBRK:
3154 case TIOCCBRK:
3155 if (tty->driver->ioctl)
3156 return tty->driver->ioctl(tty, file, cmd, arg);
3157 return -EINVAL;
3158
3159 /* These two ioctl's always return success; even if */
3160 /* the driver doesn't support them. */
3161 case TCSBRK:
3162 case TCSBRKP:
3163 if (!tty->driver->ioctl)
3164 return 0;
3165 retval = tty->driver->ioctl(tty, file, cmd, arg);
3166 if (retval == -ENOIOCTLCMD)
3167 retval = 0;
3168 return retval;
3169 }
3170 }
3171
3172 /*
3173 * Factor out some common prep work
3174 */
3175 switch (cmd) {
3176 case TIOCSETD:
3177 case TIOCSBRK:
3178 case TIOCCBRK:
3179 case TCSBRK:
3180 case TCSBRKP:
3181 retval = tty_check_change(tty);
3182 if (retval)
3183 return retval;
3184 if (cmd != TIOCCBRK) {
3185 tty_wait_until_sent(tty, 0);
3186 if (signal_pending(current))
3187 return -EINTR;
3188 }
3189 break;
3190 }
3191
3192 switch (cmd) {
3193 case TIOCSTI:
3194 return tiocsti(tty, p);
3195 case TIOCGWINSZ:
3196 return tiocgwinsz(tty, p);
3197 case TIOCSWINSZ:
3198 return tiocswinsz(tty, real_tty, p);
3199 case TIOCCONS:
3200 return real_tty!=tty ? -EINVAL : tioccons(file);
3201 case FIONBIO:
3202 return fionbio(file, p);
3203 case TIOCEXCL:
3204 set_bit(TTY_EXCLUSIVE, &tty->flags);
3205 return 0;
3206 case TIOCNXCL:
3207 clear_bit(TTY_EXCLUSIVE, &tty->flags);
3208 return 0;
3209 case TIOCNOTTY:
af9b897e 3210 /* FIXME: taks lock or tty_mutex ? */
1da177e4
LT		 3211 if (current->signal->tty != tty)
3212 return -ENOTTY;
3213 if (current->signal->leader)
3214 disassociate_ctty(0);
3215 task_lock(current);
3216 current->signal->tty = NULL;
3217 task_unlock(current);
3218 return 0;
3219 case TIOCSCTTY:
3220 return tiocsctty(tty, arg);
3221 case TIOCGPGRP:
3222 return tiocgpgrp(tty, real_tty, p);
3223 case TIOCSPGRP:
3224 return tiocspgrp(tty, real_tty, p);
3225 case TIOCGSID:
3226 return tiocgsid(tty, real_tty, p);
3227 case TIOCGETD:
3228 /* FIXME: check this is ok */
3229 return put_user(tty->ldisc.num, (int __user *)p);
3230 case TIOCSETD:
3231 return tiocsetd(tty, p);
3232#ifdef CONFIG_VT
3233 case TIOCLINUX:
3234 return tioclinux(tty, arg);
3235#endif
3236 /*
3237 * Break handling
3238 */
3239 case TIOCSBRK: /* Turn break on, unconditionally */
3240 tty->driver->break_ctl(tty, -1);
3241 return 0;
3242
3243 case TIOCCBRK: /* Turn break off, unconditionally */
3244 tty->driver->break_ctl(tty, 0);
3245 return 0;
3246 case TCSBRK: /* SVID version: non-zero arg --> no break */
283fef59
PF		 3247 /* non-zero arg means wait for all output data
3248 * to be sent (performed above) but don't send break.
3249 * This is used by the tcdrain() termios function.
1da177e4
LT		 3250 */
3251 if (!arg)
b20f3ae5 3252 return send_break(tty, 250);
1da177e4
LT		 3253 return 0;
3254 case TCSBRKP: /* support for POSIX tcsendbreak() */
b20f3ae5 3255 return send_break(tty, arg ? arg*100 : 250);
1da177e4
LT		 3256
3257 case TIOCMGET:
3258 return tty_tiocmget(tty, file, p);
3259
3260 case TIOCMSET:
3261 case TIOCMBIC:
3262 case TIOCMBIS:
3263 return tty_tiocmset(tty, file, cmd, p);
3264 }
3265 if (tty->driver->ioctl) {
3266 retval = (tty->driver->ioctl)(tty, file, cmd, arg);
3267 if (retval != -ENOIOCTLCMD)
3268 return retval;
3269 }
3270 ld = tty_ldisc_ref_wait(tty);
3271 retval = -EINVAL;
3272 if (ld->ioctl) {
3273 retval = ld->ioctl(tty, file, cmd, arg);
3274 if (retval == -ENOIOCTLCMD)
3275 retval = -EINVAL;
3276 }
3277 tty_ldisc_deref(ld);
3278 return retval;
3279}
3280
3281
3282/*
3283 * This implements the "Secure Attention Key" --- the idea is to
3284 * prevent trojan horses by killing all processes associated with this
3285 * tty when the user hits the "Secure Attention Key". Required for
3286 * super-paranoid applications --- see the Orange Book for more details.
3287 *
3288 * This code could be nicer; ideally it should send a HUP, wait a few
3289 * seconds, then send a INT, and then a KILL signal. But you then
3290 * have to coordinate with the init process, since all processes associated
3291 * with the current tty must be dead before the new getty is allowed
3292 * to spawn.
3293 *
3294 * Now, if it would be correct ;-/ The current code has a nasty hole -
3295 * it doesn't catch files in flight. We may send the descriptor to ourselves
3296 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
3297 *
3298 * Nasty bug: do_SAK is being called in interrupt context. This can
3299 * deadlock. We punt it up to process context. AKPM - 16Mar2001
3300 */
3301static void __do_SAK(void *arg)
3302{
3303#ifdef TTY_SOFT_SAK
3304 tty_hangup(tty);
3305#else
3306 struct tty_struct *tty = arg;
652486fb 3307 struct task_struct *g, *p;
1da177e4
LT		 3308 int session;
3309 int i;
3310 struct file *filp;
3311 struct tty_ldisc *disc;
badf1662 3312 struct fdtable *fdt;
1da177e4
LT		 3313
3314 if (!tty)
3315 return;
3316 session = tty->session;
3317
3318 /* We don't want an ldisc switch during this */
3319 disc = tty_ldisc_ref(tty);
3320 if (disc && disc->flush_buffer)
3321 disc->flush_buffer(tty);
3322 tty_ldisc_deref(disc);
3323
3324 if (tty->driver->flush_buffer)
3325 tty->driver->flush_buffer(tty);
3326
3327 read_lock(&tasklist_lock);
652486fb 3328 /* Kill the entire session */
1da177e4 3329 do_each_task_pid(session, PIDTYPE_SID, p) {
652486fb
EB		 3330 printk(KERN_NOTICE "SAK: killed process %d"
3331 " (%s): p->signal->session==tty->session\n",
3332 p->pid, p->comm);
3333 send_sig(SIGKILL, p, 1);
3334 } while_each_task_pid(session, PIDTYPE_SID, p);
3335 /* Now kill any processes that happen to have the
3336 * tty open.
3337 */
3338 do_each_thread(g, p) {
3339 if (p->signal->tty == tty) {
1da177e4
LT		 3340 printk(KERN_NOTICE "SAK: killed process %d"
3341 " (%s): p->signal->session==tty->session\n",
3342 p->pid, p->comm);
3343 send_sig(SIGKILL, p, 1);
3344 continue;
3345 }
3346 task_lock(p);
3347 if (p->files) {
ca99c1da
DS		 3348 /*
3349 * We don't take a ref to the file, so we must
3350 * hold ->file_lock instead.
3351 */
3352 spin_lock(&p->files->file_lock);
badf1662
DS		 3353 fdt = files_fdtable(p->files);
3354 for (i=0; i < fdt->max_fds; i++) {
1da177e4
LT		 3355 filp = fcheck_files(p->files, i);
3356 if (!filp)
3357 continue;
3358 if (filp->f_op->read == tty_read &&
3359 filp->private_data == tty) {
3360 printk(KERN_NOTICE "SAK: killed process %d"
3361 " (%s): fd#%d opened to the tty\n",
3362 p->pid, p->comm, i);
20ac9437 3363 force_sig(SIGKILL, p);
1da177e4
LT		 3364 break;
3365 }
3366 }
ca99c1da 3367 spin_unlock(&p->files->file_lock);
1da177e4
LT		 3368 }
3369 task_unlock(p);
652486fb 3370 } while_each_thread(g, p);
1da177e4
LT		 3371 read_unlock(&tasklist_lock);
3372#endif
3373}
3374
3375/*
3376 * The tq handling here is a little racy - tty->SAK_work may already be queued.
3377 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3378 * the values which we write to it will be identical to the values which it
3379 * already has. --akpm
3380 */
3381void do_SAK(struct tty_struct *tty)
3382{
3383 if (!tty)
3384 return;
3385 PREPARE_WORK(&tty->SAK_work, __do_SAK, tty);
3386 schedule_work(&tty->SAK_work);
3387}
3388
3389EXPORT_SYMBOL(do_SAK);
3390
af9b897e
AC		 3391/**
3392 * flush_to_ldisc
3393 * @private_: tty structure passed from work queue.
3394 *
3395 * This routine is called out of the software interrupt to flush data
3396 * from the buffer chain to the line discipline.
3397 *
3398 * Locking: holds tty->buf.lock to guard buffer list. Drops the lock
3399 * while invoking the line discipline receive_buf method. The
3400 * receive_buf method is single threaded for each tty instance.
1da177e4
LT		 3401 */
3402
3403static void flush_to_ldisc(void *private_)
3404{
3405 struct tty_struct *tty = (struct tty_struct *) private_;
1da177e4
LT		 3406 unsigned long flags;
3407 struct tty_ldisc *disc;
2c3bb20f 3408 struct tty_buffer *tbuf, *head;
8977d929
PF		 3409 char *char_buf;
3410 unsigned char *flag_buf;
1da177e4
LT		 3411
3412 disc = tty_ldisc_ref(tty);
3413 if (disc == NULL) /* !TTY_LDISC */
3414 return;
3415
808249ce 3416 spin_lock_irqsave(&tty->buf.lock, flags);
2c3bb20f
PF		 3417 head = tty->buf.head;
3418 if (head != NULL) {
3419 tty->buf.head = NULL;
3420 for (;;) {
3421 int count = head->commit - head->read;
3422 if (!count) {
3423 if (head->next == NULL)
3424 break;
3425 tbuf = head;
3426 head = head->next;
3427 tty_buffer_free(tty, tbuf);
3428 continue;
3429 }
3430 if (!tty->receive_room) {
3431 schedule_delayed_work(&tty->buf.work, 1);
3432 break;
3433 }
3434 if (count > tty->receive_room)
3435 count = tty->receive_room;
3436 char_buf = head->char_buf_ptr + head->read;
3437 flag_buf = head->flag_buf_ptr + head->read;
3438 head->read += count;
8977d929
PF		 3439 spin_unlock_irqrestore(&tty->buf.lock, flags);
3440 disc->receive_buf(tty, char_buf, flag_buf, count);
3441 spin_lock_irqsave(&tty->buf.lock, flags);
3442 }
2c3bb20f 3443 tty->buf.head = head;
33f0f88f 3444 }
808249ce 3445 spin_unlock_irqrestore(&tty->buf.lock, flags);
817d6d3b 3446
1da177e4
LT		 3447 tty_ldisc_deref(disc);
3448}
3449
3450/*
3451 * Routine which returns the baud rate of the tty
3452 *
3453 * Note that the baud_table needs to be kept in sync with the
3454 * include/asm/termbits.h file.
3455 */
3456static int baud_table[] = {
3457 0, 50, 75, 110, 134, 150, 200, 300, 600, 1200, 1800, 2400, 4800,
3458 9600, 19200, 38400, 57600, 115200, 230400, 460800,
3459#ifdef __sparc__
3460 76800, 153600, 307200, 614400, 921600
3461#else
3462 500000, 576000, 921600, 1000000, 1152000, 1500000, 2000000,
3463 2500000, 3000000, 3500000, 4000000
3464#endif
3465};
3466
3467static int n_baud_table = ARRAY_SIZE(baud_table);
3468
3469/**
3470 * tty_termios_baud_rate
3471 * @termios: termios structure
3472 *
3473 * Convert termios baud rate data into a speed. This should be called
3474 * with the termios lock held if this termios is a terminal termios
3475 * structure. May change the termios data.
af9b897e
AC		 3476 *
3477 * Locking: none
1da177e4
LT		 3478 */
3479
3480int tty_termios_baud_rate(struct termios *termios)
3481{
3482 unsigned int cbaud;
3483
3484 cbaud = termios->c_cflag & CBAUD;
3485
3486 if (cbaud & CBAUDEX) {
3487 cbaud &= ~CBAUDEX;
3488
3489 if (cbaud < 1 || cbaud + 15 > n_baud_table)
3490 termios->c_cflag &= ~CBAUDEX;
3491 else
3492 cbaud += 15;
3493 }
3494 return baud_table[cbaud];
3495}
3496
3497EXPORT_SYMBOL(tty_termios_baud_rate);
3498
3499/**
3500 * tty_get_baud_rate - get tty bit rates
3501 * @tty: tty to query
3502 *
3503 * Returns the baud rate as an integer for this terminal. The
3504 * termios lock must be held by the caller and the terminal bit
3505 * flags may be updated.
af9b897e
AC		 3506 *
3507 * Locking: none
1da177e4
LT		 3508 */
3509
3510int tty_get_baud_rate(struct tty_struct *tty)
3511{
3512 int baud = tty_termios_baud_rate(tty->termios);
3513
3514 if (baud == 38400 && tty->alt_speed) {
3515 if (!tty->warned) {
3516 printk(KERN_WARNING "Use of setserial/setrocket to "
3517 "set SPD_* flags is deprecated\n");
3518 tty->warned = 1;
3519 }
3520 baud = tty->alt_speed;
3521 }
3522
3523 return baud;
3524}
3525
3526EXPORT_SYMBOL(tty_get_baud_rate);
3527
3528/**
3529 * tty_flip_buffer_push - terminal
3530 * @tty: tty to push
3531 *
3532 * Queue a push of the terminal flip buffers to the line discipline. This
3533 * function must not be called from IRQ context if tty->low_latency is set.
3534 *
3535 * In the event of the queue being busy for flipping the work will be
3536 * held off and retried later.
af9b897e
AC		 3537 *
3538 * Locking: tty buffer lock. Driver locks in low latency mode.
1da177e4
LT		 3539 */
3540
3541void tty_flip_buffer_push(struct tty_struct *tty)
3542{
808249ce
PF		 3543 unsigned long flags;
3544 spin_lock_irqsave(&tty->buf.lock, flags);
33b37a33 3545 if (tty->buf.tail != NULL)
8977d929 3546 tty->buf.tail->commit = tty->buf.tail->used;
808249ce
PF		 3547 spin_unlock_irqrestore(&tty->buf.lock, flags);
3548
1da177e4
LT		 3549 if (tty->low_latency)
3550 flush_to_ldisc((void *) tty);
3551 else
33f0f88f 3552 schedule_delayed_work(&tty->buf.work, 1);
1da177e4
LT		 3553}
3554
3555EXPORT_SYMBOL(tty_flip_buffer_push);
3556
33f0f88f 3557
af9b897e
AC		 3558/**
3559 * initialize_tty_struct
3560 * @tty: tty to initialize
3561 *
3562 * This subroutine initializes a tty structure that has been newly
3563 * allocated.
3564 *
3565 * Locking: none - tty in question must not be exposed at this point
1da177e4 3566 */
af9b897e 3567
1da177e4
LT		 3568static void initialize_tty_struct(struct tty_struct *tty)
3569{
3570 memset(tty, 0, sizeof(struct tty_struct));
3571 tty->magic = TTY_MAGIC;
3572 tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
3573 tty->pgrp = -1;
3574 tty->overrun_time = jiffies;
33f0f88f
AC		 3575 tty->buf.head = tty->buf.tail = NULL;
3576 tty_buffer_init(tty);
3577 INIT_WORK(&tty->buf.work, flush_to_ldisc, tty);
3578 init_MUTEX(&tty->buf.pty_sem);
1da177e4
LT		 3579 init_MUTEX(&tty->termios_sem);
3580 init_waitqueue_head(&tty->write_wait);
3581 init_waitqueue_head(&tty->read_wait);
3582 INIT_WORK(&tty->hangup_work, do_tty_hangup, tty);
70522e12
IM		 3583 mutex_init(&tty->atomic_read_lock);
3584 mutex_init(&tty->atomic_write_lock);
1da177e4
LT		 3585 spin_lock_init(&tty->read_lock);
3586 INIT_LIST_HEAD(&tty->tty_files);
3587 INIT_WORK(&tty->SAK_work, NULL, NULL);
3588}
3589
3590/*
3591 * The default put_char routine if the driver did not define one.
3592 */
af9b897e 3593
1da177e4
LT		 3594static void tty_default_put_char(struct tty_struct *tty, unsigned char ch)
3595{
3596 tty->driver->write(tty, &ch, 1);
3597}
3598
7fe845d1 3599static struct class *tty_class;
1da177e4
LT		 3600
3601/**
af9b897e
AC		 3602 * tty_register_device - register a tty device
3603 * @driver: the tty driver that describes the tty device
3604 * @index: the index in the tty driver for this tty device
3605 * @device: a struct device that is associated with this tty device.
3606 * This field is optional, if there is no known struct device
3607 * for this tty device it can be set to NULL safely.
1da177e4 3608 *
af9b897e 3609 * Returns a pointer to the class device (or ERR_PTR(-EFOO) on error).
1cdcb6b4 3610 *
af9b897e
AC		 3611 * This call is required to be made to register an individual tty device
3612 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3613 * that bit is not set, this function should not be called by a tty
3614 * driver.
3615 *
3616 * Locking: ??
1da177e4 3617 */
af9b897e 3618
1cdcb6b4
HL		 3619struct class_device *tty_register_device(struct tty_driver *driver,
3620 unsigned index, struct device *device)
1da177e4
LT		 3621{
3622 char name[64];
3623 dev_t dev = MKDEV(driver->major, driver->minor_start) + index;
3624
3625 if (index >= driver->num) {
3626 printk(KERN_ERR "Attempt to register invalid tty line number "
3627 " (%d).\n", index);
1cdcb6b4 3628 return ERR_PTR(-EINVAL);
1da177e4
LT		 3629 }
3630
1da177e4
LT		 3631 if (driver->type == TTY_DRIVER_TYPE_PTY)
3632 pty_line_name(driver, index, name);
3633 else
3634 tty_line_name(driver, index, name);
1cdcb6b4
HL		 3635
3636 return class_device_create(tty_class, NULL, dev, device, "%s", name);
1da177e4
LT		 3637}
3638
3639/**
af9b897e
AC		 3640 * tty_unregister_device - unregister a tty device
3641 * @driver: the tty driver that describes the tty device
3642 * @index: the index in the tty driver for this tty device
1da177e4 3643 *
af9b897e
AC		 3644 * If a tty device is registered with a call to tty_register_device() then
3645 * this function must be called when the tty device is gone.
3646 *
3647 * Locking: ??
1da177e4 3648 */
af9b897e 3649
1da177e4
LT		 3650void tty_unregister_device(struct tty_driver *driver, unsigned index)
3651{
7fe845d1 3652 class_device_destroy(tty_class, MKDEV(driver->major, driver->minor_start) + index);
1da177e4
LT		 3653}
3654
3655EXPORT_SYMBOL(tty_register_device);
3656EXPORT_SYMBOL(tty_unregister_device);
3657
3658struct tty_driver *alloc_tty_driver(int lines)
3659{
3660 struct tty_driver *driver;
3661
3662 driver = kmalloc(sizeof(struct tty_driver), GFP_KERNEL);
3663 if (driver) {
3664 memset(driver, 0, sizeof(struct tty_driver));
3665 driver->magic = TTY_DRIVER_MAGIC;
3666 driver->num = lines;
3667 /* later we'll move allocation of tables here */
3668 }
3669 return driver;
3670}
3671
3672void put_tty_driver(struct tty_driver *driver)
3673{
3674 kfree(driver);
3675}
3676
3677void tty_set_operations(struct tty_driver *driver, struct tty_operations *op)
3678{
3679 driver->open = op->open;
3680 driver->close = op->close;
3681 driver->write = op->write;
3682 driver->put_char = op->put_char;
3683 driver->flush_chars = op->flush_chars;
3684 driver->write_room = op->write_room;
3685 driver->chars_in_buffer = op->chars_in_buffer;
3686 driver->ioctl = op->ioctl;
3687 driver->set_termios = op->set_termios;
3688 driver->throttle = op->throttle;
3689 driver->unthrottle = op->unthrottle;
3690 driver->stop = op->stop;
3691 driver->start = op->start;
3692 driver->hangup = op->hangup;
3693 driver->break_ctl = op->break_ctl;
3694 driver->flush_buffer = op->flush_buffer;
3695 driver->set_ldisc = op->set_ldisc;
3696 driver->wait_until_sent = op->wait_until_sent;
3697 driver->send_xchar = op->send_xchar;
3698 driver->read_proc = op->read_proc;
3699 driver->write_proc = op->write_proc;
3700 driver->tiocmget = op->tiocmget;
3701 driver->tiocmset = op->tiocmset;
3702}
3703
3704
3705EXPORT_SYMBOL(alloc_tty_driver);
3706EXPORT_SYMBOL(put_tty_driver);
3707EXPORT_SYMBOL(tty_set_operations);
3708
3709/*
3710 * Called by a tty driver to register itself.
3711 */
3712int tty_register_driver(struct tty_driver *driver)
3713{
3714 int error;
3715 int i;
3716 dev_t dev;
3717 void **p = NULL;
3718
3719 if (driver->flags & TTY_DRIVER_INSTALLED)
3720 return 0;
3721
3722 if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
3723 p = kmalloc(driver->num * 3 * sizeof(void *), GFP_KERNEL);
3724 if (!p)
3725 return -ENOMEM;
3726 memset(p, 0, driver->num * 3 * sizeof(void *));
3727 }
3728
3729 if (!driver->major) {
3730 error = alloc_chrdev_region(&dev, driver->minor_start, driver->num,
3731 (char*)driver->name);
3732 if (!error) {
3733 driver->major = MAJOR(dev);
3734 driver->minor_start = MINOR(dev);
3735 }
3736 } else {
3737 dev = MKDEV(driver->major, driver->minor_start);
3738 error = register_chrdev_region(dev, driver->num,
3739 (char*)driver->name);
3740 }
3741 if (error < 0) {
3742 kfree(p);
3743 return error;
3744 }
3745
3746 if (p) {
3747 driver->ttys = (struct tty_struct **)p;
3748 driver->termios = (struct termios **)(p + driver->num);
3749 driver->termios_locked = (struct termios **)(p + driver->num * 2);
3750 } else {
3751 driver->ttys = NULL;
3752 driver->termios = NULL;
3753 driver->termios_locked = NULL;
3754 }
3755
3756 cdev_init(&driver->cdev, &tty_fops);
3757 driver->cdev.owner = driver->owner;
3758 error = cdev_add(&driver->cdev, dev, driver->num);
3759 if (error) {
1da177e4
LT		 3760 unregister_chrdev_region(dev, driver->num);
3761 driver->ttys = NULL;
3762 driver->termios = driver->termios_locked = NULL;
3763 kfree(p);
3764 return error;
3765 }
3766
3767 if (!driver->put_char)
3768 driver->put_char = tty_default_put_char;
3769
3770 list_add(&driver->tty_drivers, &tty_drivers);
3771
331b8319 3772 if ( !(driver->flags & TTY_DRIVER_DYNAMIC_DEV) ) {
1da177e4
LT		 3773 for(i = 0; i < driver->num; i++)
3774 tty_register_device(driver, i, NULL);
3775 }
3776 proc_tty_register_driver(driver);
3777 return 0;
3778}
3779
3780EXPORT_SYMBOL(tty_register_driver);
3781
3782/*
3783 * Called by a tty driver to unregister itself.
3784 */
3785int tty_unregister_driver(struct tty_driver *driver)
3786{
3787 int i;
3788 struct termios *tp;
3789 void *p;
3790
3791 if (driver->refcount)
3792 return -EBUSY;
3793
3794 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3795 driver->num);
3796
3797 list_del(&driver->tty_drivers);
3798
3799 /*
3800 * Free the termios and termios_locked structures because
3801 * we don't want to get memory leaks when modular tty
3802 * drivers are removed from the kernel.
3803 */
3804 for (i = 0; i < driver->num; i++) {
3805 tp = driver->termios[i];
3806 if (tp) {
3807 driver->termios[i] = NULL;
3808 kfree(tp);
3809 }
3810 tp = driver->termios_locked[i];
3811 if (tp) {
3812 driver->termios_locked[i] = NULL;
3813 kfree(tp);
3814 }
331b8319 3815 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
1da177e4
LT		 3816 tty_unregister_device(driver, i);
3817 }
3818 p = driver->ttys;
3819 proc_tty_unregister_driver(driver);
3820 driver->ttys = NULL;
3821 driver->termios = driver->termios_locked = NULL;
3822 kfree(p);
3823 cdev_del(&driver->cdev);
3824 return 0;
3825}
3826
3827EXPORT_SYMBOL(tty_unregister_driver);
3828
3829
3830/*
3831 * Initialize the console device. This is called *early*, so
3832 * we can't necessarily depend on lots of kernel help here.
3833 * Just do some early initializations, and do the complex setup
3834 * later.
3835 */
3836void __init console_init(void)
3837{
3838 initcall_t *call;
3839
3840 /* Setup the default TTY line discipline. */
3841 (void) tty_register_ldisc(N_TTY, &tty_ldisc_N_TTY);
3842
3843 /*
3844 * set up the console device so that later boot sequences can
3845 * inform about problems etc..
3846 */
3847#ifdef CONFIG_EARLY_PRINTK
3848 disable_early_printk();
1da177e4
LT		 3849#endif
3850 call = __con_initcall_start;
3851 while (call < __con_initcall_end) {
3852 (*call)();
3853 call++;
3854 }
3855}
3856
3857#ifdef CONFIG_VT
3858extern int vty_init(void);
3859#endif
3860
3861static int __init tty_class_init(void)
3862{
7fe845d1 3863 tty_class = class_create(THIS_MODULE, "tty");
1da177e4
LT		 3864 if (IS_ERR(tty_class))
3865 return PTR_ERR(tty_class);
3866 return 0;
3867}
3868
3869postcore_initcall(tty_class_init);
3870
3871/* 3/2004 jmc: why do these devices exist? */
3872
3873static struct cdev tty_cdev, console_cdev;
3874#ifdef CONFIG_UNIX98_PTYS
3875static struct cdev ptmx_cdev;
3876#endif
3877#ifdef CONFIG_VT
3878static struct cdev vc0_cdev;
3879#endif
3880
3881/*
3882 * Ok, now we can initialize the rest of the tty devices and can count
3883 * on memory allocations, interrupts etc..
3884 */
3885static int __init tty_init(void)
3886{
3887 cdev_init(&tty_cdev, &tty_fops);
3888 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3889 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3890 panic("Couldn't register /dev/tty driver\n");
53f46542 3891 class_device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty");
1da177e4
LT		 3892
3893 cdev_init(&console_cdev, &console_fops);
3894 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3895 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3896 panic("Couldn't register /dev/console driver\n");
53f46542 3897 class_device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), NULL, "console");
1da177e4
LT		 3898
3899#ifdef CONFIG_UNIX98_PTYS
3900 cdev_init(&ptmx_cdev, &ptmx_fops);
3901 if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) ||
3902 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 2), 1, "/dev/ptmx") < 0)
3903 panic("Couldn't register /dev/ptmx driver\n");
53f46542 3904 class_device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 2), NULL, "ptmx");
1da177e4
LT		 3905#endif
3906
3907#ifdef CONFIG_VT
3908 cdev_init(&vc0_cdev, &console_fops);
3909 if (cdev_add(&vc0_cdev, MKDEV(TTY_MAJOR, 0), 1) ||
3910 register_chrdev_region(MKDEV(TTY_MAJOR, 0), 1, "/dev/vc/0") < 0)
3911 panic("Couldn't register /dev/tty0 driver\n");
53f46542 3912 class_device_create(tty_class, NULL, MKDEV(TTY_MAJOR, 0), NULL, "tty0");
1da177e4
LT		 3913
3914 vty_init();
3915#endif
3916 return 0;
3917}
3918module_init(tty_init);
Linux 6.x block layer and io_uring tree(s)