projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
[PATCH] time: re-add verify_pmtmr_rate
[linux-2.6-block.git] / drivers / char / tty_io.c
CommitLineData
1da177e4
LT		 1/*
2 * linux/drivers/char/tty_io.c
3 *
4 * Copyright (C) 1991, 1992 Linus Torvalds
5 */
6
7/*
8 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
9 * or rs-channels. It also implements echoing, cooked mode etc.
10 *
11 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
12 *
13 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
14 * tty_struct and tty_queue structures. Previously there was an array
15 * of 256 tty_struct's which was statically allocated, and the
16 * tty_queue structures were allocated at boot time. Both are now
17 * dynamically allocated only when the tty is open.
18 *
19 * Also restructured routines so that there is more of a separation
20 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
21 * the low-level tty routines (serial.c, pty.c, console.c). This
22 * makes for cleaner and more compact code. -TYT, 9/17/92
23 *
24 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
25 * which can be dynamically activated and de-activated by the line
26 * discipline handling modules (like SLIP).
27 *
28 * NOTE: pay no attention to the line discipline code (yet); its
29 * interface is still subject to change in this version...
30 * -- TYT, 1/31/92
31 *
32 * Added functionality to the OPOST tty handling. No delays, but all
33 * other bits should be there.
34 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
35 *
36 * Rewrote canonical mode and added more termios flags.
37 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
38 *
39 * Reorganized FASYNC support so mouse code can share it.
40 * -- ctm@ardi.com, 9Sep95
41 *
42 * New TIOCLINUX variants added.
43 * -- mj@k332.feld.cvut.cz, 19-Nov-95
44 *
45 * Restrict vt switching via ioctl()
46 * -- grif@cs.ucr.edu, 5-Dec-95
47 *
48 * Move console and virtual terminal code to more appropriate files,
49 * implement CONFIG_VT and generalize console device interface.
50 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
51 *
52 * Rewrote init_dev and release_dev to eliminate races.
53 * -- Bill Hawes <whawes@star.net>, June 97
54 *
55 * Added devfs support.
56 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
57 *
58 * Added support for a Unix98-style ptmx device.
59 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
60 *
61 * Reduced memory usage for older ARM systems
62 * -- Russell King <rmk@arm.linux.org.uk>
63 *
64 * Move do_SAK() into process context. Less stack use in devfs functions.
65 * alloc_tty_struct() always uses kmalloc() -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
66 */
67
1da177e4
LT		 68#include <linux/types.h>
69#include <linux/major.h>
70#include <linux/errno.h>
71#include <linux/signal.h>
72#include <linux/fcntl.h>
73#include <linux/sched.h>
74#include <linux/interrupt.h>
75#include <linux/tty.h>
76#include <linux/tty_driver.h>
77#include <linux/tty_flip.h>
78#include <linux/devpts_fs.h>
79#include <linux/file.h>
80#include <linux/console.h>
81#include <linux/timer.h>
82#include <linux/ctype.h>
83#include <linux/kd.h>
84#include <linux/mm.h>
85#include <linux/string.h>
86#include <linux/slab.h>
87#include <linux/poll.h>
88#include <linux/proc_fs.h>
89#include <linux/init.h>
90#include <linux/module.h>
91#include <linux/smp_lock.h>
92#include <linux/device.h>
93#include <linux/idr.h>
94#include <linux/wait.h>
95#include <linux/bitops.h>
b20f3ae5 96#include <linux/delay.h>
1da177e4
LT		 97
98#include <asm/uaccess.h>
99#include <asm/system.h>
100
101#include <linux/kbd_kern.h>
102#include <linux/vt_kern.h>
103#include <linux/selection.h>
1da177e4
LT		 104
105#include <linux/kmod.h>
106
107#undef TTY_DEBUG_HANGUP
108
109#define TTY_PARANOIA_CHECK 1
110#define CHECK_TTY_COUNT 1
111
112struct termios tty_std_termios = { /* for the benefit of tty drivers */
113 .c_iflag = ICRNL | IXON,
114 .c_oflag = OPOST | ONLCR,
115 .c_cflag = B38400 | CS8 | CREAD | HUPCL,
116 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
117 ECHOCTL | ECHOKE | IEXTEN,
118 .c_cc = INIT_C_CC
119};
120
121EXPORT_SYMBOL(tty_std_termios);
122
123/* This list gets poked at by procfs and various bits of boot up code. This
124 could do with some rationalisation such as pulling the tty proc function
125 into this file */
126
127LIST_HEAD(tty_drivers); /* linked list of tty drivers */
128
129/* Semaphore to protect creating and releasing a tty. This is shared with
130 vt.c for deeply disgusting hack reasons */
70522e12 131DEFINE_MUTEX(tty_mutex);
de2a84f2 132EXPORT_SYMBOL(tty_mutex);
1da177e4
LT		 133
134#ifdef CONFIG_UNIX98_PTYS
135extern struct tty_driver *ptm_driver; /* Unix98 pty masters; for /dev/ptmx */
136extern int pty_limit; /* Config limit on Unix98 ptys */
137static DEFINE_IDR(allocated_ptys);
138static DECLARE_MUTEX(allocated_ptys_lock);
139static int ptmx_open(struct inode *, struct file *);
140#endif
141
142extern void disable_early_printk(void);
143
144static void initialize_tty_struct(struct tty_struct *tty);
145
146static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
147static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
148ssize_t redirected_tty_write(struct file *, const char __user *, size_t, loff_t *);
149static unsigned int tty_poll(struct file *, poll_table *);
150static int tty_open(struct inode *, struct file *);
151static int tty_release(struct inode *, struct file *);
152int tty_ioctl(struct inode * inode, struct file * file,
153 unsigned int cmd, unsigned long arg);
154static int tty_fasync(int fd, struct file * filp, int on);
1da177e4
LT		 155static void release_mem(struct tty_struct *tty, int idx);
156
af9b897e
AC		 157/**
158 * alloc_tty_struct - allocate a tty object
159 *
160 * Return a new empty tty structure. The data fields have not
161 * been initialized in any way but has been zeroed
162 *
163 * Locking: none
af9b897e 164 */
1da177e4
LT		 165
166static struct tty_struct *alloc_tty_struct(void)
167{
1266b1e1 168 return kzalloc(sizeof(struct tty_struct), GFP_KERNEL);
1da177e4
LT		 169}
170
33f0f88f
AC		 171static void tty_buffer_free_all(struct tty_struct *);
172
af9b897e
AC		 173/**
174 * free_tty_struct - free a disused tty
175 * @tty: tty struct to free
176 *
177 * Free the write buffers, tty queue and tty memory itself.
178 *
179 * Locking: none. Must be called after tty is definitely unused
180 */
181
1da177e4
LT		 182static inline void free_tty_struct(struct tty_struct *tty)
183{
184 kfree(tty->write_buf);
33f0f88f 185 tty_buffer_free_all(tty);
1da177e4
LT		 186 kfree(tty);
187}
188
189#define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
190
af9b897e
AC		 191/**
192 * tty_name - return tty naming
193 * @tty: tty structure
194 * @buf: buffer for output
195 *
196 * Convert a tty structure into a name. The name reflects the kernel
197 * naming policy and if udev is in use may not reflect user space
198 *
199 * Locking: none
200 */
201
1da177e4
LT		 202char *tty_name(struct tty_struct *tty, char *buf)
203{
204 if (!tty) /* Hmm. NULL pointer. That's fun. */
205 strcpy(buf, "NULL tty");
206 else
207 strcpy(buf, tty->name);
208 return buf;
209}
210
211EXPORT_SYMBOL(tty_name);
212
d769a669 213int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
1da177e4
LT		 214 const char *routine)
215{
216#ifdef TTY_PARANOIA_CHECK
217 if (!tty) {
218 printk(KERN_WARNING
219 "null TTY for (%d:%d) in %s\n",
220 imajor(inode), iminor(inode), routine);
221 return 1;
222 }
223 if (tty->magic != TTY_MAGIC) {
224 printk(KERN_WARNING
225 "bad magic number for tty struct (%d:%d) in %s\n",
226 imajor(inode), iminor(inode), routine);
227 return 1;
228 }
229#endif
230 return 0;
231}
232
233static int check_tty_count(struct tty_struct *tty, const char *routine)
234{
235#ifdef CHECK_TTY_COUNT
236 struct list_head *p;
237 int count = 0;
238
239 file_list_lock();
240 list_for_each(p, &tty->tty_files) {
241 count++;
242 }
243 file_list_unlock();
244 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
245 tty->driver->subtype == PTY_TYPE_SLAVE &&
246 tty->link && tty->link->count)
247 count++;
248 if (tty->count != count) {
249 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
250 "!= #fd's(%d) in %s\n",
251 tty->name, tty->count, count, routine);
252 return count;
253 }
254#endif
255 return 0;
256}
257
33f0f88f
AC		 258/*
259 * Tty buffer allocation management
260 */
261
af9b897e 262
01da5fd8
AC		 263/**
264 * tty_buffer_free_all - free buffers used by a tty
265 * @tty: tty to free from
266 *
267 * Remove all the buffers pending on a tty whether queued with data
268 * or in the free ring. Must be called when the tty is no longer in use
269 *
270 * Locking: none
271 */
272
273
af9b897e
AC		 274/**
275 * tty_buffer_free_all - free buffers used by a tty
276 * @tty: tty to free from
277 *
278 * Remove all the buffers pending on a tty whether queued with data
279 * or in the free ring. Must be called when the tty is no longer in use
280 *
281 * Locking: none
282 */
283
33f0f88f
AC		 284static void tty_buffer_free_all(struct tty_struct *tty)
285{
286 struct tty_buffer *thead;
287 while((thead = tty->buf.head) != NULL) {
288 tty->buf.head = thead->next;
289 kfree(thead);
290 }
291 while((thead = tty->buf.free) != NULL) {
292 tty->buf.free = thead->next;
293 kfree(thead);
294 }
295 tty->buf.tail = NULL;
01da5fd8 296 tty->buf.memory_used = 0;
33f0f88f
AC		 297}
298
01da5fd8
AC		 299/**
300 * tty_buffer_init - prepare a tty buffer structure
301 * @tty: tty to initialise
302 *
303 * Set up the initial state of the buffer management for a tty device.
304 * Must be called before the other tty buffer functions are used.
305 *
306 * Locking: none
307 */
308
33f0f88f
AC		 309static void tty_buffer_init(struct tty_struct *tty)
310{
808249ce 311 spin_lock_init(&tty->buf.lock);
33f0f88f
AC		 312 tty->buf.head = NULL;
313 tty->buf.tail = NULL;
314 tty->buf.free = NULL;
01da5fd8 315 tty->buf.memory_used = 0;
33f0f88f
AC		 316}
317
01da5fd8
AC		 318/**
319 * tty_buffer_alloc - allocate a tty buffer
320 * @tty: tty device
321 * @size: desired size (characters)
322 *
323 * Allocate a new tty buffer to hold the desired number of characters.
324 * Return NULL if out of memory or the allocation would exceed the
325 * per device queue
326 *
327 * Locking: Caller must hold tty->buf.lock
328 */
329
330static struct tty_buffer *tty_buffer_alloc(struct tty_struct *tty, size_t size)
33f0f88f 331{
01da5fd8
AC		 332 struct tty_buffer *p;
333
334 if (tty->buf.memory_used + size > 65536)
335 return NULL;
336 p = kmalloc(sizeof(struct tty_buffer) + 2 * size, GFP_ATOMIC);
33f0f88f
AC		 337 if(p == NULL)
338 return NULL;
339 p->used = 0;
340 p->size = size;
341 p->next = NULL;
8977d929
PF		 342 p->commit = 0;
343 p->read = 0;
33f0f88f
AC		 344 p->char_buf_ptr = (char *)(p->data);
345 p->flag_buf_ptr = (unsigned char *)p->char_buf_ptr + size;
01da5fd8 346 tty->buf.memory_used += size;
33f0f88f
AC		 347 return p;
348}
349
01da5fd8
AC		 350/**
351 * tty_buffer_free - free a tty buffer
352 * @tty: tty owning the buffer
353 * @b: the buffer to free
354 *
355 * Free a tty buffer, or add it to the free list according to our
356 * internal strategy
357 *
358 * Locking: Caller must hold tty->buf.lock
359 */
33f0f88f
AC		 360
361static void tty_buffer_free(struct tty_struct *tty, struct tty_buffer *b)
362{
363 /* Dumb strategy for now - should keep some stats */
01da5fd8
AC		 364 tty->buf.memory_used -= b->size;
365 WARN_ON(tty->buf.memory_used < 0);
366
33f0f88f
AC		 367 if(b->size >= 512)
368 kfree(b);
369 else {
370 b->next = tty->buf.free;
371 tty->buf.free = b;
372 }
373}
374
01da5fd8
AC		 375/**
376 * tty_buffer_find - find a free tty buffer
377 * @tty: tty owning the buffer
378 * @size: characters wanted
379 *
380 * Locate an existing suitable tty buffer or if we are lacking one then
381 * allocate a new one. We round our buffers off in 256 character chunks
382 * to get better allocation behaviour.
383 *
384 * Locking: Caller must hold tty->buf.lock
385 */
386
33f0f88f
AC		 387static struct tty_buffer *tty_buffer_find(struct tty_struct *tty, size_t size)
388{
389 struct tty_buffer **tbh = &tty->buf.free;
390 while((*tbh) != NULL) {
391 struct tty_buffer *t = *tbh;
392 if(t->size >= size) {
393 *tbh = t->next;
394 t->next = NULL;
395 t->used = 0;
8977d929
PF		 396 t->commit = 0;
397 t->read = 0;
01da5fd8 398 tty->buf.memory_used += t->size;
33f0f88f
AC		 399 return t;
400 }
401 tbh = &((*tbh)->next);
402 }
403 /* Round the buffer size out */
404 size = (size + 0xFF) & ~ 0xFF;
01da5fd8 405 return tty_buffer_alloc(tty, size);
33f0f88f
AC		 406 /* Should possibly check if this fails for the largest buffer we
407 have queued and recycle that ? */
408}
409
01da5fd8
AC		 410/**
411 * tty_buffer_request_room - grow tty buffer if needed
412 * @tty: tty structure
413 * @size: size desired
414 *
415 * Make at least size bytes of linear space available for the tty
416 * buffer. If we fail return the size we managed to find.
417 *
418 * Locking: Takes tty->buf.lock
419 */
33f0f88f
AC		 420int tty_buffer_request_room(struct tty_struct *tty, size_t size)
421{
808249ce
PF		 422 struct tty_buffer *b, *n;
423 int left;
424 unsigned long flags;
425
426 spin_lock_irqsave(&tty->buf.lock, flags);
33f0f88f
AC		 427
428 /* OPTIMISATION: We could keep a per tty "zero" sized buffer to
429 remove this conditional if its worth it. This would be invisible
430 to the callers */
33b37a33 431 if ((b = tty->buf.tail) != NULL)
33f0f88f 432 left = b->size - b->used;
33b37a33 433 else
808249ce
PF		 434 left = 0;
435
436 if (left < size) {
437 /* This is the slow path - looking for new buffers to use */
438 if ((n = tty_buffer_find(tty, size)) != NULL) {
439 if (b != NULL) {
440 b->next = n;
8977d929 441 b->commit = b->used;
808249ce
PF		 442 } else
443 tty->buf.head = n;
444 tty->buf.tail = n;
808249ce
PF		 445 } else
446 size = left;
447 }
448
449 spin_unlock_irqrestore(&tty->buf.lock, flags);
33f0f88f
AC		 450 return size;
451}
33f0f88f
AC		 452EXPORT_SYMBOL_GPL(tty_buffer_request_room);
453
af9b897e
AC		 454/**
455 * tty_insert_flip_string - Add characters to the tty buffer
456 * @tty: tty structure
457 * @chars: characters
458 * @size: size
459 *
460 * Queue a series of bytes to the tty buffering. All the characters
461 * passed are marked as without error. Returns the number added.
462 *
463 * Locking: Called functions may take tty->buf.lock
464 */
465
e1a25090
AM		 466int tty_insert_flip_string(struct tty_struct *tty, const unsigned char *chars,
467 size_t size)
33f0f88f
AC		 468{
469 int copied = 0;
470 do {
471 int space = tty_buffer_request_room(tty, size - copied);
472 struct tty_buffer *tb = tty->buf.tail;
473 /* If there is no space then tb may be NULL */
474 if(unlikely(space == 0))
475 break;
476 memcpy(tb->char_buf_ptr + tb->used, chars, space);
477 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
478 tb->used += space;
479 copied += space;
480 chars += space;
527063ba
AD		 481 /* There is a small chance that we need to split the data over
482 several buffers. If this is the case we must loop */
483 } while (unlikely(size > copied));
33f0f88f
AC		 484 return copied;
485}
ee37df78 486EXPORT_SYMBOL(tty_insert_flip_string);
33f0f88f 487
af9b897e
AC		 488/**
489 * tty_insert_flip_string_flags - Add characters to the tty buffer
490 * @tty: tty structure
491 * @chars: characters
492 * @flags: flag bytes
493 * @size: size
494 *
495 * Queue a series of bytes to the tty buffering. For each character
496 * the flags array indicates the status of the character. Returns the
497 * number added.
498 *
499 * Locking: Called functions may take tty->buf.lock
500 */
501
e1a25090
AM		 502int tty_insert_flip_string_flags(struct tty_struct *tty,
503 const unsigned char *chars, const char *flags, size_t size)
33f0f88f
AC		 504{
505 int copied = 0;
506 do {
507 int space = tty_buffer_request_room(tty, size - copied);
508 struct tty_buffer *tb = tty->buf.tail;
509 /* If there is no space then tb may be NULL */
510 if(unlikely(space == 0))
511 break;
512 memcpy(tb->char_buf_ptr + tb->used, chars, space);
513 memcpy(tb->flag_buf_ptr + tb->used, flags, space);
514 tb->used += space;
515 copied += space;
516 chars += space;
517 flags += space;
527063ba
AD		 518 /* There is a small chance that we need to split the data over
519 several buffers. If this is the case we must loop */
520 } while (unlikely(size > copied));
33f0f88f
AC		 521 return copied;
522}
ff4547f4 523EXPORT_SYMBOL(tty_insert_flip_string_flags);
33f0f88f 524
af9b897e
AC		 525/**
526 * tty_schedule_flip - push characters to ldisc
527 * @tty: tty to push from
528 *
529 * Takes any pending buffers and transfers their ownership to the
530 * ldisc side of the queue. It then schedules those characters for
531 * processing by the line discipline.
532 *
533 * Locking: Takes tty->buf.lock
534 */
535
e1a25090
AM		 536void tty_schedule_flip(struct tty_struct *tty)
537{
538 unsigned long flags;
539 spin_lock_irqsave(&tty->buf.lock, flags);
33b37a33 540 if (tty->buf.tail != NULL)
e1a25090 541 tty->buf.tail->commit = tty->buf.tail->used;
e1a25090
AM		 542 spin_unlock_irqrestore(&tty->buf.lock, flags);
543 schedule_delayed_work(&tty->buf.work, 1);
544}
545EXPORT_SYMBOL(tty_schedule_flip);
33f0f88f 546
af9b897e
AC		 547/**
548 * tty_prepare_flip_string - make room for characters
549 * @tty: tty
550 * @chars: return pointer for character write area
551 * @size: desired size
552 *
33f0f88f
AC		 553 * Prepare a block of space in the buffer for data. Returns the length
554 * available and buffer pointer to the space which is now allocated and
555 * accounted for as ready for normal characters. This is used for drivers
556 * that need their own block copy routines into the buffer. There is no
557 * guarantee the buffer is a DMA target!
af9b897e
AC		 558 *
559 * Locking: May call functions taking tty->buf.lock
33f0f88f
AC		 560 */
561
562int tty_prepare_flip_string(struct tty_struct *tty, unsigned char **chars, size_t size)
563{
564 int space = tty_buffer_request_room(tty, size);
808249ce
PF		 565 if (likely(space)) {
566 struct tty_buffer *tb = tty->buf.tail;
567 *chars = tb->char_buf_ptr + tb->used;
568 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
569 tb->used += space;
570 }
33f0f88f
AC		 571 return space;
572}
573
574EXPORT_SYMBOL_GPL(tty_prepare_flip_string);
575
af9b897e
AC		 576/**
577 * tty_prepare_flip_string_flags - make room for characters
578 * @tty: tty
579 * @chars: return pointer for character write area
580 * @flags: return pointer for status flag write area
581 * @size: desired size
582 *
33f0f88f
AC		 583 * Prepare a block of space in the buffer for data. Returns the length
584 * available and buffer pointer to the space which is now allocated and
585 * accounted for as ready for characters. This is used for drivers
586 * that need their own block copy routines into the buffer. There is no
587 * guarantee the buffer is a DMA target!
af9b897e
AC		 588 *
589 * Locking: May call functions taking tty->buf.lock
33f0f88f
AC		 590 */
591
592int tty_prepare_flip_string_flags(struct tty_struct *tty, unsigned char **chars, char **flags, size_t size)
593{
594 int space = tty_buffer_request_room(tty, size);
808249ce
PF		 595 if (likely(space)) {
596 struct tty_buffer *tb = tty->buf.tail;
597 *chars = tb->char_buf_ptr + tb->used;
598 *flags = tb->flag_buf_ptr + tb->used;
599 tb->used += space;
600 }
33f0f88f
AC		 601 return space;
602}
603
604EXPORT_SYMBOL_GPL(tty_prepare_flip_string_flags);
605
606
607
af9b897e
AC		 608/**
609 * tty_set_termios_ldisc - set ldisc field
610 * @tty: tty structure
611 * @num: line discipline number
612 *
1da177e4
LT		 613 * This is probably overkill for real world processors but
614 * they are not on hot paths so a little discipline won't do
615 * any harm.
af9b897e
AC		 616 *
617 * Locking: takes termios_sem
1da177e4
LT		 618 */
619
620static void tty_set_termios_ldisc(struct tty_struct *tty, int num)
621{
5785c95b 622 mutex_lock(&tty->termios_mutex);
1da177e4 623 tty->termios->c_line = num;
5785c95b 624 mutex_unlock(&tty->termios_mutex);
1da177e4
LT		 625}
626
627/*
628 * This guards the refcounted line discipline lists. The lock
629 * must be taken with irqs off because there are hangup path
630 * callers who will do ldisc lookups and cannot sleep.
631 */
632
633static DEFINE_SPINLOCK(tty_ldisc_lock);
634static DECLARE_WAIT_QUEUE_HEAD(tty_ldisc_wait);
bfb07599 635static struct tty_ldisc tty_ldiscs[NR_LDISCS]; /* line disc dispatch table */
1da177e4 636
af9b897e
AC		 637/**
638 * tty_register_ldisc - install a line discipline
639 * @disc: ldisc number
640 * @new_ldisc: pointer to the ldisc object
641 *
642 * Installs a new line discipline into the kernel. The discipline
643 * is set up as unreferenced and then made available to the kernel
644 * from this point onwards.
645 *
646 * Locking:
647 * takes tty_ldisc_lock to guard against ldisc races
648 */
649
1da177e4
LT		 650int tty_register_ldisc(int disc, struct tty_ldisc *new_ldisc)
651{
652 unsigned long flags;
653 int ret = 0;
654
655 if (disc < N_TTY || disc >= NR_LDISCS)
656 return -EINVAL;
657
658 spin_lock_irqsave(&tty_ldisc_lock, flags);
bfb07599
AD		 659 tty_ldiscs[disc] = *new_ldisc;
660 tty_ldiscs[disc].num = disc;
661 tty_ldiscs[disc].flags |= LDISC_FLAG_DEFINED;
662 tty_ldiscs[disc].refcount = 0;
1da177e4
LT		 663 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
664
665 return ret;
666}
1da177e4
LT		 667EXPORT_SYMBOL(tty_register_ldisc);
668
af9b897e
AC		 669/**
670 * tty_unregister_ldisc - unload a line discipline
671 * @disc: ldisc number
672 * @new_ldisc: pointer to the ldisc object
673 *
674 * Remove a line discipline from the kernel providing it is not
675 * currently in use.
676 *
677 * Locking:
678 * takes tty_ldisc_lock to guard against ldisc races
679 */
680
bfb07599
AD		 681int tty_unregister_ldisc(int disc)
682{
683 unsigned long flags;
684 int ret = 0;
685
686 if (disc < N_TTY || disc >= NR_LDISCS)
687 return -EINVAL;
688
689 spin_lock_irqsave(&tty_ldisc_lock, flags);
690 if (tty_ldiscs[disc].refcount)
691 ret = -EBUSY;
692 else
693 tty_ldiscs[disc].flags &= ~LDISC_FLAG_DEFINED;
694 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
695
696 return ret;
697}
698EXPORT_SYMBOL(tty_unregister_ldisc);
699
af9b897e
AC		 700/**
701 * tty_ldisc_get - take a reference to an ldisc
702 * @disc: ldisc number
703 *
704 * Takes a reference to a line discipline. Deals with refcounts and
705 * module locking counts. Returns NULL if the discipline is not available.
706 * Returns a pointer to the discipline and bumps the ref count if it is
707 * available
708 *
709 * Locking:
710 * takes tty_ldisc_lock to guard against ldisc races
711 */
712
1da177e4
LT		 713struct tty_ldisc *tty_ldisc_get(int disc)
714{
715 unsigned long flags;
716 struct tty_ldisc *ld;
717
718 if (disc < N_TTY || disc >= NR_LDISCS)
719 return NULL;
720
721 spin_lock_irqsave(&tty_ldisc_lock, flags);
722
723 ld = &tty_ldiscs[disc];
724 /* Check the entry is defined */
725 if(ld->flags & LDISC_FLAG_DEFINED)
726 {
727 /* If the module is being unloaded we can't use it */
728 if (!try_module_get(ld->owner))
729 ld = NULL;
730 else /* lock it */
731 ld->refcount++;
732 }
733 else
734 ld = NULL;
735 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
736 return ld;
737}
738
739EXPORT_SYMBOL_GPL(tty_ldisc_get);
740
af9b897e
AC		 741/**
742 * tty_ldisc_put - drop ldisc reference
743 * @disc: ldisc number
744 *
745 * Drop a reference to a line discipline. Manage refcounts and
746 * module usage counts
747 *
748 * Locking:
749 * takes tty_ldisc_lock to guard against ldisc races
750 */
751
1da177e4
LT		 752void tty_ldisc_put(int disc)
753{
754 struct tty_ldisc *ld;
755 unsigned long flags;
756
56ee4827 757 BUG_ON(disc < N_TTY || disc >= NR_LDISCS);
1da177e4
LT		 758
759 spin_lock_irqsave(&tty_ldisc_lock, flags);
760 ld = &tty_ldiscs[disc];
56ee4827
ES		 761 BUG_ON(ld->refcount == 0);
762 ld->refcount--;
1da177e4
LT		 763 module_put(ld->owner);
764 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
765}
766
767EXPORT_SYMBOL_GPL(tty_ldisc_put);
768
af9b897e
AC		 769/**
770 * tty_ldisc_assign - set ldisc on a tty
771 * @tty: tty to assign
772 * @ld: line discipline
773 *
774 * Install an instance of a line discipline into a tty structure. The
775 * ldisc must have a reference count above zero to ensure it remains/
776 * The tty instance refcount starts at zero.
777 *
778 * Locking:
779 * Caller must hold references
780 */
781
1da177e4
LT		 782static void tty_ldisc_assign(struct tty_struct *tty, struct tty_ldisc *ld)
783{
784 tty->ldisc = *ld;
785 tty->ldisc.refcount = 0;
786}
787
788/**
789 * tty_ldisc_try - internal helper
790 * @tty: the tty
791 *
792 * Make a single attempt to grab and bump the refcount on
793 * the tty ldisc. Return 0 on failure or 1 on success. This is
794 * used to implement both the waiting and non waiting versions
795 * of tty_ldisc_ref
af9b897e
AC		 796 *
797 * Locking: takes tty_ldisc_lock
1da177e4
LT		 798 */
799
800static int tty_ldisc_try(struct tty_struct *tty)
801{
802 unsigned long flags;
803 struct tty_ldisc *ld;
804 int ret = 0;
805
806 spin_lock_irqsave(&tty_ldisc_lock, flags);
807 ld = &tty->ldisc;
808 if(test_bit(TTY_LDISC, &tty->flags))
809 {
810 ld->refcount++;
811 ret = 1;
812 }
813 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
814 return ret;
815}
816
817/**
818 * tty_ldisc_ref_wait - wait for the tty ldisc
819 * @tty: tty device
820 *
821 * Dereference the line discipline for the terminal and take a
822 * reference to it. If the line discipline is in flux then
823 * wait patiently until it changes.
824 *
825 * Note: Must not be called from an IRQ/timer context. The caller
826 * must also be careful not to hold other locks that will deadlock
827 * against a discipline change, such as an existing ldisc reference
828 * (which we check for)
af9b897e
AC		 829 *
830 * Locking: call functions take tty_ldisc_lock
1da177e4
LT		 831 */
832
833struct tty_ldisc *tty_ldisc_ref_wait(struct tty_struct *tty)
834{
835 /* wait_event is a macro */
836 wait_event(tty_ldisc_wait, tty_ldisc_try(tty));
837 if(tty->ldisc.refcount == 0)
838 printk(KERN_ERR "tty_ldisc_ref_wait\n");
839 return &tty->ldisc;
840}
841
842EXPORT_SYMBOL_GPL(tty_ldisc_ref_wait);
843
844/**
845 * tty_ldisc_ref - get the tty ldisc
846 * @tty: tty device
847 *
848 * Dereference the line discipline for the terminal and take a
849 * reference to it. If the line discipline is in flux then
850 * return NULL. Can be called from IRQ and timer functions.
af9b897e
AC		 851 *
852 * Locking: called functions take tty_ldisc_lock
1da177e4
LT		 853 */
854
855struct tty_ldisc *tty_ldisc_ref(struct tty_struct *tty)
856{
857 if(tty_ldisc_try(tty))
858 return &tty->ldisc;
859 return NULL;
860}
861
862EXPORT_SYMBOL_GPL(tty_ldisc_ref);
863
864/**
865 * tty_ldisc_deref - free a tty ldisc reference
866 * @ld: reference to free up
867 *
868 * Undoes the effect of tty_ldisc_ref or tty_ldisc_ref_wait. May
869 * be called in IRQ context.
af9b897e
AC		 870 *
871 * Locking: takes tty_ldisc_lock
1da177e4
LT		 872 */
873
874void tty_ldisc_deref(struct tty_ldisc *ld)
875{
876 unsigned long flags;
877
56ee4827 878 BUG_ON(ld == NULL);
1da177e4
LT		 879
880 spin_lock_irqsave(&tty_ldisc_lock, flags);
881 if(ld->refcount == 0)
882 printk(KERN_ERR "tty_ldisc_deref: no references.\n");
883 else
884 ld->refcount--;
885 if(ld->refcount == 0)
886 wake_up(&tty_ldisc_wait);
887 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
888}
889
890EXPORT_SYMBOL_GPL(tty_ldisc_deref);
891
892/**
893 * tty_ldisc_enable - allow ldisc use
894 * @tty: terminal to activate ldisc on
895 *
896 * Set the TTY_LDISC flag when the line discipline can be called
897 * again. Do neccessary wakeups for existing sleepers.
898 *
899 * Note: nobody should set this bit except via this function. Clearing
900 * directly is allowed.
901 */
902
903static void tty_ldisc_enable(struct tty_struct *tty)
904{
905 set_bit(TTY_LDISC, &tty->flags);
906 wake_up(&tty_ldisc_wait);
907}
908
909/**
910 * tty_set_ldisc - set line discipline
911 * @tty: the terminal to set
912 * @ldisc: the line discipline
913 *
914 * Set the discipline of a tty line. Must be called from a process
915 * context.
af9b897e
AC		 916 *
917 * Locking: takes tty_ldisc_lock.
918 * called functions take termios_sem
1da177e4
LT		 919 */
920
921static int tty_set_ldisc(struct tty_struct *tty, int ldisc)
922{
ff55fe20
JB		 923 int retval = 0;
924 struct tty_ldisc o_ldisc;
1da177e4
LT		 925 char buf[64];
926 int work;
927 unsigned long flags;
928 struct tty_ldisc *ld;
ff55fe20 929 struct tty_struct *o_tty;
1da177e4
LT		 930
931 if ((ldisc < N_TTY) || (ldisc >= NR_LDISCS))
932 return -EINVAL;
933
934restart:
935
1da177e4
LT		 936 ld = tty_ldisc_get(ldisc);
937 /* Eduardo Blanco <ejbs@cs.cs.com.uy> */
938 /* Cyrus Durgin <cider@speakeasy.org> */
939 if (ld == NULL) {
940 request_module("tty-ldisc-%d", ldisc);
941 ld = tty_ldisc_get(ldisc);
942 }
943 if (ld == NULL)
944 return -EINVAL;
945
33f0f88f
AC		 946 /*
947 * No more input please, we are switching. The new ldisc
948 * will update this value in the ldisc open function
949 */
950
951 tty->receive_room = 0;
952
953 /*
954 * Problem: What do we do if this blocks ?
955 */
956
1da177e4
LT		 957 tty_wait_until_sent(tty, 0);
958
ff55fe20
JB		 959 if (tty->ldisc.num == ldisc) {
960 tty_ldisc_put(ldisc);
961 return 0;
962 }
963
964 o_ldisc = tty->ldisc;
965 o_tty = tty->link;
966
1da177e4
LT		 967 /*
968 * Make sure we don't change while someone holds a
969 * reference to the line discipline. The TTY_LDISC bit
970 * prevents anyone taking a reference once it is clear.
971 * We need the lock to avoid racing reference takers.
972 */
ff55fe20 973
1da177e4 974 spin_lock_irqsave(&tty_ldisc_lock, flags);
ff55fe20
JB		 975 if (tty->ldisc.refcount || (o_tty && o_tty->ldisc.refcount)) {
976 if(tty->ldisc.refcount) {
977 /* Free the new ldisc we grabbed. Must drop the lock
978 first. */
979 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
980 tty_ldisc_put(ldisc);
981 /*
982 * There are several reasons we may be busy, including
983 * random momentary I/O traffic. We must therefore
984 * retry. We could distinguish between blocking ops
985 * and retries if we made tty_ldisc_wait() smarter. That
986 * is up for discussion.
987 */
988 if (wait_event_interruptible(tty_ldisc_wait, tty->ldisc.refcount == 0) < 0)
989 return -ERESTARTSYS;
990 goto restart;
991 }
992 if(o_tty && o_tty->ldisc.refcount) {
993 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
994 tty_ldisc_put(ldisc);
995 if (wait_event_interruptible(tty_ldisc_wait, o_tty->ldisc.refcount == 0) < 0)
996 return -ERESTARTSYS;
997 goto restart;
998 }
999 }
1000
1001 /* if the TTY_LDISC bit is set, then we are racing against another ldisc change */
1002
1003 if (!test_bit(TTY_LDISC, &tty->flags)) {
1da177e4
LT		 1004 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1005 tty_ldisc_put(ldisc);
ff55fe20
JB		 1006 ld = tty_ldisc_ref_wait(tty);
1007 tty_ldisc_deref(ld);
1da177e4
LT		 1008 goto restart;
1009 }
ff55fe20
JB		 1010
1011 clear_bit(TTY_LDISC, &tty->flags);
817d6d3b 1012 if (o_tty)
ff55fe20 1013 clear_bit(TTY_LDISC, &o_tty->flags);
1da177e4 1014 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
ff55fe20 1015
1da177e4
LT		 1016 /*
1017 * From this point on we know nobody has an ldisc
1018 * usage reference, nor can they obtain one until
1019 * we say so later on.
1020 */
ff55fe20 1021
33f0f88f 1022 work = cancel_delayed_work(&tty->buf.work);
1da177e4 1023 /*
33f0f88f 1024 * Wait for ->hangup_work and ->buf.work handlers to terminate
1da177e4
LT		 1025 */
1026
1027 flush_scheduled_work();
1028 /* Shutdown the current discipline. */
1029 if (tty->ldisc.close)
1030 (tty->ldisc.close)(tty);
1031
1032 /* Now set up the new line discipline. */
1033 tty_ldisc_assign(tty, ld);
1034 tty_set_termios_ldisc(tty, ldisc);
1035 if (tty->ldisc.open)
1036 retval = (tty->ldisc.open)(tty);
1037 if (retval < 0) {
1038 tty_ldisc_put(ldisc);
1039 /* There is an outstanding reference here so this is safe */
1040 tty_ldisc_assign(tty, tty_ldisc_get(o_ldisc.num));
1041 tty_set_termios_ldisc(tty, tty->ldisc.num);
1042 if (tty->ldisc.open && (tty->ldisc.open(tty) < 0)) {
1043 tty_ldisc_put(o_ldisc.num);
1044 /* This driver is always present */
1045 tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
1046 tty_set_termios_ldisc(tty, N_TTY);
1047 if (tty->ldisc.open) {
1048 int r = tty->ldisc.open(tty);
1049
1050 if (r < 0)
1051 panic("Couldn't open N_TTY ldisc for "
1052 "%s --- error %d.",
1053 tty_name(tty, buf), r);
1054 }
1055 }
1056 }
1057 /* At this point we hold a reference to the new ldisc and a
1058 a reference to the old ldisc. If we ended up flipping back
1059 to the existing ldisc we have two references to it */
1060
1061 if (tty->ldisc.num != o_ldisc.num && tty->driver->set_ldisc)
1062 tty->driver->set_ldisc(tty);
1063
1064 tty_ldisc_put(o_ldisc.num);
1065
1066 /*
1067 * Allow ldisc referencing to occur as soon as the driver
1068 * ldisc callback completes.
1069 */
1070
1071 tty_ldisc_enable(tty);
ff55fe20
JB		 1072 if (o_tty)
1073 tty_ldisc_enable(o_tty);
1da177e4
LT		 1074
1075 /* Restart it in case no characters kick it off. Safe if
1076 already running */
ff55fe20 1077 if (work)
33f0f88f 1078 schedule_delayed_work(&tty->buf.work, 1);
1da177e4
LT		 1079 return retval;
1080}
1081
af9b897e
AC		 1082/**
1083 * get_tty_driver - find device of a tty
1084 * @dev_t: device identifier
1085 * @index: returns the index of the tty
1086 *
1087 * This routine returns a tty driver structure, given a device number
1088 * and also passes back the index number.
1089 *
1090 * Locking: caller must hold tty_mutex
1da177e4 1091 */
af9b897e 1092
1da177e4
LT		 1093static struct tty_driver *get_tty_driver(dev_t device, int *index)
1094{
1095 struct tty_driver *p;
1096
1097 list_for_each_entry(p, &tty_drivers, tty_drivers) {
1098 dev_t base = MKDEV(p->major, p->minor_start);
1099 if (device < base || device >= base + p->num)
1100 continue;
1101 *index = device - base;
1102 return p;
1103 }
1104 return NULL;
1105}
1106
af9b897e
AC		 1107/**
1108 * tty_check_change - check for POSIX terminal changes
1109 * @tty: tty to check
1110 *
1111 * If we try to write to, or set the state of, a terminal and we're
1112 * not in the foreground, send a SIGTTOU. If the signal is blocked or
1113 * ignored, go ahead and perform the operation. (POSIX 7.2)
1114 *
1115 * Locking: none
1da177e4 1116 */
af9b897e 1117
1da177e4
LT		 1118int tty_check_change(struct tty_struct * tty)
1119{
1120 if (current->signal->tty != tty)
1121 return 0;
1122 if (tty->pgrp <= 0) {
1123 printk(KERN_WARNING "tty_check_change: tty->pgrp <= 0!\n");
1124 return 0;
1125 }
1126 if (process_group(current) == tty->pgrp)
1127 return 0;
1128 if (is_ignored(SIGTTOU))
1129 return 0;
1130 if (is_orphaned_pgrp(process_group(current)))
1131 return -EIO;
1132 (void) kill_pg(process_group(current), SIGTTOU, 1);
1133 return -ERESTARTSYS;
1134}
1135
1136EXPORT_SYMBOL(tty_check_change);
1137
1138static ssize_t hung_up_tty_read(struct file * file, char __user * buf,
1139 size_t count, loff_t *ppos)
1140{
1141 return 0;
1142}
1143
1144static ssize_t hung_up_tty_write(struct file * file, const char __user * buf,
1145 size_t count, loff_t *ppos)
1146{
1147 return -EIO;
1148}
1149
1150/* No kernel lock held - none needed ;) */
1151static unsigned int hung_up_tty_poll(struct file * filp, poll_table * wait)
1152{
1153 return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
1154}
1155
1156static int hung_up_tty_ioctl(struct inode * inode, struct file * file,
1157 unsigned int cmd, unsigned long arg)
1158{
1159 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
1160}
1161
62322d25 1162static const struct file_operations tty_fops = {
1da177e4
LT		 1163 .llseek = no_llseek,
1164 .read = tty_read,
1165 .write = tty_write,
1166 .poll = tty_poll,
1167 .ioctl = tty_ioctl,
1168 .open = tty_open,
1169 .release = tty_release,
1170 .fasync = tty_fasync,
1171};
1172
1173#ifdef CONFIG_UNIX98_PTYS
62322d25 1174static const struct file_operations ptmx_fops = {
1da177e4
LT		 1175 .llseek = no_llseek,
1176 .read = tty_read,
1177 .write = tty_write,
1178 .poll = tty_poll,
1179 .ioctl = tty_ioctl,
1180 .open = ptmx_open,
1181 .release = tty_release,
1182 .fasync = tty_fasync,
1183};
1184#endif
1185
62322d25 1186static const struct file_operations console_fops = {
1da177e4
LT		 1187 .llseek = no_llseek,
1188 .read = tty_read,
1189 .write = redirected_tty_write,
1190 .poll = tty_poll,
1191 .ioctl = tty_ioctl,
1192 .open = tty_open,
1193 .release = tty_release,
1194 .fasync = tty_fasync,
1195};
1196
62322d25 1197static const struct file_operations hung_up_tty_fops = {
1da177e4
LT		 1198 .llseek = no_llseek,
1199 .read = hung_up_tty_read,
1200 .write = hung_up_tty_write,
1201 .poll = hung_up_tty_poll,
1202 .ioctl = hung_up_tty_ioctl,
1203 .release = tty_release,
1204};
1205
1206static DEFINE_SPINLOCK(redirect_lock);
1207static struct file *redirect;
1208
1209/**
1210 * tty_wakeup - request more data
1211 * @tty: terminal
1212 *
1213 * Internal and external helper for wakeups of tty. This function
1214 * informs the line discipline if present that the driver is ready
1215 * to receive more output data.
1216 */
1217
1218void tty_wakeup(struct tty_struct *tty)
1219{
1220 struct tty_ldisc *ld;
1221
1222 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
1223 ld = tty_ldisc_ref(tty);
1224 if(ld) {
1225 if(ld->write_wakeup)
1226 ld->write_wakeup(tty);
1227 tty_ldisc_deref(ld);
1228 }
1229 }
1230 wake_up_interruptible(&tty->write_wait);
1231}
1232
1233EXPORT_SYMBOL_GPL(tty_wakeup);
1234
1235/**
1236 * tty_ldisc_flush - flush line discipline queue
1237 * @tty: tty
1238 *
1239 * Flush the line discipline queue (if any) for this tty. If there
1240 * is no line discipline active this is a no-op.
1241 */
1242
1243void tty_ldisc_flush(struct tty_struct *tty)
1244{
1245 struct tty_ldisc *ld = tty_ldisc_ref(tty);
1246 if(ld) {
1247 if(ld->flush_buffer)
1248 ld->flush_buffer(tty);
1249 tty_ldisc_deref(ld);
1250 }
1251}
1252
1253EXPORT_SYMBOL_GPL(tty_ldisc_flush);
1254
af9b897e
AC		 1255/**
1256 * do_tty_hangup - actual handler for hangup events
65f27f38 1257 * @work: tty device
af9b897e
AC		 1258 *
1259 * This can be called by the "eventd" kernel thread. That is process
1260 * synchronous but doesn't hold any locks, so we need to make sure we
1261 * have the appropriate locks for what we're doing.
1262 *
1263 * The hangup event clears any pending redirections onto the hung up
1264 * device. It ensures future writes will error and it does the needed
1265 * line discipline hangup and signal delivery. The tty object itself
1266 * remains intact.
1267 *
1268 * Locking:
1269 * BKL
1270 * redirect lock for undoing redirection
1271 * file list lock for manipulating list of ttys
1272 * tty_ldisc_lock from called functions
1273 * termios_sem resetting termios data
1274 * tasklist_lock to walk task list for hangup event
1275 *
1da177e4 1276 */
65f27f38 1277static void do_tty_hangup(struct work_struct *work)
1da177e4 1278{
65f27f38
DH		 1279 struct tty_struct *tty =
1280 container_of(work, struct tty_struct, hangup_work);
1da177e4
LT		 1281 struct file * cons_filp = NULL;
1282 struct file *filp, *f = NULL;
1283 struct task_struct *p;
1284 struct tty_ldisc *ld;
1285 int closecount = 0, n;
1286
1287 if (!tty)
1288 return;
1289
1290 /* inuse_filps is protected by the single kernel lock */
1291 lock_kernel();
1292
1293 spin_lock(&redirect_lock);
1294 if (redirect && redirect->private_data == tty) {
1295 f = redirect;
1296 redirect = NULL;
1297 }
1298 spin_unlock(&redirect_lock);
1299
1300 check_tty_count(tty, "do_tty_hangup");
1301 file_list_lock();
1302 /* This breaks for file handles being sent over AF_UNIX sockets ? */
2f512016 1303 list_for_each_entry(filp, &tty->tty_files, f_u.fu_list) {
1da177e4
LT		 1304 if (filp->f_op->write == redirected_tty_write)
1305 cons_filp = filp;
1306 if (filp->f_op->write != tty_write)
1307 continue;
1308 closecount++;
1309 tty_fasync(-1, filp, 0); /* can't block */
1310 filp->f_op = &hung_up_tty_fops;
1311 }
1312 file_list_unlock();
1313
1314 /* FIXME! What are the locking issues here? This may me overdoing things..
1315 * this question is especially important now that we've removed the irqlock. */
1316
1317 ld = tty_ldisc_ref(tty);
1318 if(ld != NULL) /* We may have no line discipline at this point */
1319 {
1320 if (ld->flush_buffer)
1321 ld->flush_buffer(tty);
1322 if (tty->driver->flush_buffer)
1323 tty->driver->flush_buffer(tty);
1324 if ((test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) &&
1325 ld->write_wakeup)
1326 ld->write_wakeup(tty);
1327 if (ld->hangup)
1328 ld->hangup(tty);
1329 }
1330
1331 /* FIXME: Once we trust the LDISC code better we can wait here for
1332 ldisc completion and fix the driver call race */
1333
1334 wake_up_interruptible(&tty->write_wait);
1335 wake_up_interruptible(&tty->read_wait);
1336
1337 /*
1338 * Shutdown the current line discipline, and reset it to
1339 * N_TTY.
1340 */
1341 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1342 {
5785c95b 1343 mutex_lock(&tty->termios_mutex);
1da177e4 1344 *tty->termios = tty->driver->init_termios;
5785c95b 1345 mutex_unlock(&tty->termios_mutex);
1da177e4
LT		 1346 }
1347
1348 /* Defer ldisc switch */
1349 /* tty_deferred_ldisc_switch(N_TTY);
1350
1351 This should get done automatically when the port closes and
1352 tty_release is called */
1353
1354 read_lock(&tasklist_lock);
1355 if (tty->session > 0) {
1356 do_each_task_pid(tty->session, PIDTYPE_SID, p) {
1357 if (p->signal->tty == tty)
1358 p->signal->tty = NULL;
1359 if (!p->signal->leader)
1360 continue;
f96a795d
EB		 1361 group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
1362 group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
1da177e4
LT		 1363 if (tty->pgrp > 0)
1364 p->signal->tty_old_pgrp = tty->pgrp;
1365 } while_each_task_pid(tty->session, PIDTYPE_SID, p);
1366 }
1367 read_unlock(&tasklist_lock);
1368
1369 tty->flags = 0;
1370 tty->session = 0;
1371 tty->pgrp = -1;
1372 tty->ctrl_status = 0;
1373 /*
1374 * If one of the devices matches a console pointer, we
1375 * cannot just call hangup() because that will cause
1376 * tty->count and state->count to go out of sync.
1377 * So we just call close() the right number of times.
1378 */
1379 if (cons_filp) {
1380 if (tty->driver->close)
1381 for (n = 0; n < closecount; n++)
1382 tty->driver->close(tty, cons_filp);
1383 } else if (tty->driver->hangup)
1384 (tty->driver->hangup)(tty);
1385
1386 /* We don't want to have driver/ldisc interactions beyond
1387 the ones we did here. The driver layer expects no
1388 calls after ->hangup() from the ldisc side. However we
1389 can't yet guarantee all that */
1390
1391 set_bit(TTY_HUPPED, &tty->flags);
1392 if (ld) {
1393 tty_ldisc_enable(tty);
1394 tty_ldisc_deref(ld);
1395 }
1396 unlock_kernel();
1397 if (f)
1398 fput(f);
1399}
1400
af9b897e
AC		 1401/**
1402 * tty_hangup - trigger a hangup event
1403 * @tty: tty to hangup
1404 *
1405 * A carrier loss (virtual or otherwise) has occurred on this like
1406 * schedule a hangup sequence to run after this event.
1407 */
1408
1da177e4
LT		 1409void tty_hangup(struct tty_struct * tty)
1410{
1411#ifdef TTY_DEBUG_HANGUP
1412 char buf[64];
1413
1414 printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
1415#endif
1416 schedule_work(&tty->hangup_work);
1417}
1418
1419EXPORT_SYMBOL(tty_hangup);
1420
af9b897e
AC		 1421/**
1422 * tty_vhangup - process vhangup
1423 * @tty: tty to hangup
1424 *
1425 * The user has asked via system call for the terminal to be hung up.
1426 * We do this synchronously so that when the syscall returns the process
1427 * is complete. That guarantee is neccessary for security reasons.
1428 */
1429
1da177e4
LT		 1430void tty_vhangup(struct tty_struct * tty)
1431{
1432#ifdef TTY_DEBUG_HANGUP
1433 char buf[64];
1434
1435 printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
1436#endif
65f27f38 1437 do_tty_hangup(&tty->hangup_work);
1da177e4
LT		 1438}
1439EXPORT_SYMBOL(tty_vhangup);
1440
af9b897e
AC		 1441/**
1442 * tty_hung_up_p - was tty hung up
1443 * @filp: file pointer of tty
1444 *
1445 * Return true if the tty has been subject to a vhangup or a carrier
1446 * loss
1447 */
1448
1da177e4
LT		 1449int tty_hung_up_p(struct file * filp)
1450{
1451 return (filp->f_op == &hung_up_tty_fops);
1452}
1453
1454EXPORT_SYMBOL(tty_hung_up_p);
1455
af9b897e
AC		 1456/**
1457 * disassociate_ctty - disconnect controlling tty
1458 * @on_exit: true if exiting so need to "hang up" the session
1da177e4 1459 *
af9b897e
AC		 1460 * This function is typically called only by the session leader, when
1461 * it wants to disassociate itself from its controlling tty.
1462 *
1463 * It performs the following functions:
1da177e4
LT		 1464 * (1) Sends a SIGHUP and SIGCONT to the foreground process group
1465 * (2) Clears the tty from being controlling the session
1466 * (3) Clears the controlling tty for all processes in the
1467 * session group.
1468 *
af9b897e
AC		 1469 * The argument on_exit is set to 1 if called when a process is
1470 * exiting; it is 0 if called by the ioctl TIOCNOTTY.
1471 *
1472 * Locking: tty_mutex is taken to protect current->signal->tty
1473 * BKL is taken for hysterical raisins
1474 * Tasklist lock is taken (under tty_mutex) to walk process
1475 * lists for the session.
1da177e4 1476 */
af9b897e 1477
1da177e4
LT		 1478void disassociate_ctty(int on_exit)
1479{
1480 struct tty_struct *tty;
1481 struct task_struct *p;
1482 int tty_pgrp = -1;
1483
1484 lock_kernel();
1485
70522e12 1486 mutex_lock(&tty_mutex);
1da177e4
LT		 1487 tty = current->signal->tty;
1488 if (tty) {
1489 tty_pgrp = tty->pgrp;
70522e12 1490 mutex_unlock(&tty_mutex);
1da177e4
LT		 1491 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY)
1492 tty_vhangup(tty);
1493 } else {
1494 if (current->signal->tty_old_pgrp) {
1495 kill_pg(current->signal->tty_old_pgrp, SIGHUP, on_exit);
1496 kill_pg(current->signal->tty_old_pgrp, SIGCONT, on_exit);
1497 }
70522e12 1498 mutex_unlock(&tty_mutex);
1da177e4
LT		 1499 unlock_kernel();
1500 return;
1501 }
1502 if (tty_pgrp > 0) {
1503 kill_pg(tty_pgrp, SIGHUP, on_exit);
1504 if (!on_exit)
1505 kill_pg(tty_pgrp, SIGCONT, on_exit);
1506 }
1507
1508 /* Must lock changes to tty_old_pgrp */
70522e12 1509 mutex_lock(&tty_mutex);
1da177e4
LT		 1510 current->signal->tty_old_pgrp = 0;
1511 tty->session = 0;
1512 tty->pgrp = -1;
1513
1514 /* Now clear signal->tty under the lock */
1515 read_lock(&tasklist_lock);
1516 do_each_task_pid(current->signal->session, PIDTYPE_SID, p) {
1517 p->signal->tty = NULL;
1518 } while_each_task_pid(current->signal->session, PIDTYPE_SID, p);
1519 read_unlock(&tasklist_lock);
70522e12 1520 mutex_unlock(&tty_mutex);
1da177e4
LT		 1521 unlock_kernel();
1522}
1523
af9b897e
AC		 1524
1525/**
1526 * stop_tty - propogate flow control
1527 * @tty: tty to stop
1528 *
1529 * Perform flow control to the driver. For PTY/TTY pairs we
1530 * must also propogate the TIOCKPKT status. May be called
1531 * on an already stopped device and will not re-call the driver
1532 * method.
1533 *
1534 * This functionality is used by both the line disciplines for
1535 * halting incoming flow and by the driver. It may therefore be
1536 * called from any context, may be under the tty atomic_write_lock
1537 * but not always.
1538 *
1539 * Locking:
1540 * Broken. Relies on BKL which is unsafe here.
1541 */
1542
1da177e4
LT		 1543void stop_tty(struct tty_struct *tty)
1544{
1545 if (tty->stopped)
1546 return;
1547 tty->stopped = 1;
1548 if (tty->link && tty->link->packet) {
1549 tty->ctrl_status &= ~TIOCPKT_START;
1550 tty->ctrl_status |= TIOCPKT_STOP;
1551 wake_up_interruptible(&tty->link->read_wait);
1552 }
1553 if (tty->driver->stop)
1554 (tty->driver->stop)(tty);
1555}
1556
1557EXPORT_SYMBOL(stop_tty);
1558
af9b897e
AC		 1559/**
1560 * start_tty - propogate flow control
1561 * @tty: tty to start
1562 *
1563 * Start a tty that has been stopped if at all possible. Perform
1564 * any neccessary wakeups and propogate the TIOCPKT status. If this
1565 * is the tty was previous stopped and is being started then the
1566 * driver start method is invoked and the line discipline woken.
1567 *
1568 * Locking:
1569 * Broken. Relies on BKL which is unsafe here.
1570 */
1571
1da177e4
LT		 1572void start_tty(struct tty_struct *tty)
1573{
1574 if (!tty->stopped || tty->flow_stopped)
1575 return;
1576 tty->stopped = 0;
1577 if (tty->link && tty->link->packet) {
1578 tty->ctrl_status &= ~TIOCPKT_STOP;
1579 tty->ctrl_status |= TIOCPKT_START;
1580 wake_up_interruptible(&tty->link->read_wait);
1581 }
1582 if (tty->driver->start)
1583 (tty->driver->start)(tty);
1584
1585 /* If we have a running line discipline it may need kicking */
1586 tty_wakeup(tty);
1587 wake_up_interruptible(&tty->write_wait);
1588}
1589
1590EXPORT_SYMBOL(start_tty);
1591
af9b897e
AC		 1592/**
1593 * tty_read - read method for tty device files
1594 * @file: pointer to tty file
1595 * @buf: user buffer
1596 * @count: size of user buffer
1597 * @ppos: unused
1598 *
1599 * Perform the read system call function on this terminal device. Checks
1600 * for hung up devices before calling the line discipline method.
1601 *
1602 * Locking:
1603 * Locks the line discipline internally while needed
1604 * For historical reasons the line discipline read method is
1605 * invoked under the BKL. This will go away in time so do not rely on it
1606 * in new code. Multiple read calls may be outstanding in parallel.
1607 */
1608
1da177e4
LT		 1609static ssize_t tty_read(struct file * file, char __user * buf, size_t count,
1610 loff_t *ppos)
1611{
1612 int i;
1613 struct tty_struct * tty;
1614 struct inode *inode;
1615 struct tty_ldisc *ld;
1616
1617 tty = (struct tty_struct *)file->private_data;
1618 inode = file->f_dentry->d_inode;
1619 if (tty_paranoia_check(tty, inode, "tty_read"))
1620 return -EIO;
1621 if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
1622 return -EIO;
1623
1624 /* We want to wait for the line discipline to sort out in this
1625 situation */
1626 ld = tty_ldisc_ref_wait(tty);
1627 lock_kernel();
1628 if (ld->read)
1629 i = (ld->read)(tty,file,buf,count);
1630 else
1631 i = -EIO;
1632 tty_ldisc_deref(ld);
1633 unlock_kernel();
1634 if (i > 0)
1635 inode->i_atime = current_fs_time(inode->i_sb);
1636 return i;
1637}
1638
1639/*
1640 * Split writes up in sane blocksizes to avoid
1641 * denial-of-service type attacks
1642 */
1643static inline ssize_t do_tty_write(
1644 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1645 struct tty_struct *tty,
1646 struct file *file,
1647 const char __user *buf,
1648 size_t count)
1649{
1650 ssize_t ret = 0, written = 0;
1651 unsigned int chunk;
1652
af9b897e 1653 /* FIXME: O_NDELAY ... */
70522e12 1654 if (mutex_lock_interruptible(&tty->atomic_write_lock)) {
1da177e4
LT		 1655 return -ERESTARTSYS;
1656 }
1657
1658 /*
1659 * We chunk up writes into a temporary buffer. This
1660 * simplifies low-level drivers immensely, since they
1661 * don't have locking issues and user mode accesses.
1662 *
1663 * But if TTY_NO_WRITE_SPLIT is set, we should use a
1664 * big chunk-size..
1665 *
1666 * The default chunk-size is 2kB, because the NTTY
1667 * layer has problems with bigger chunks. It will
1668 * claim to be able to handle more characters than
1669 * it actually does.
af9b897e
AC		 1670 *
1671 * FIXME: This can probably go away now except that 64K chunks
1672 * are too likely to fail unless switched to vmalloc...
1da177e4
LT		 1673 */
1674 chunk = 2048;
1675 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1676 chunk = 65536;
1677 if (count < chunk)
1678 chunk = count;
1679
70522e12 1680 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1da177e4
LT		 1681 if (tty->write_cnt < chunk) {
1682 unsigned char *buf;
1683
1684 if (chunk < 1024)
1685 chunk = 1024;
1686
1687 buf = kmalloc(chunk, GFP_KERNEL);
1688 if (!buf) {
70522e12 1689 mutex_unlock(&tty->atomic_write_lock);
1da177e4
LT		 1690 return -ENOMEM;
1691 }
1692 kfree(tty->write_buf);
1693 tty->write_cnt = chunk;
1694 tty->write_buf = buf;
1695 }
1696
1697 /* Do the write .. */
1698 for (;;) {
1699 size_t size = count;
1700 if (size > chunk)
1701 size = chunk;
1702 ret = -EFAULT;
1703 if (copy_from_user(tty->write_buf, buf, size))
1704 break;
1705 lock_kernel();
1706 ret = write(tty, file, tty->write_buf, size);
1707 unlock_kernel();
1708 if (ret <= 0)
1709 break;
1710 written += ret;
1711 buf += ret;
1712 count -= ret;
1713 if (!count)
1714 break;
1715 ret = -ERESTARTSYS;
1716 if (signal_pending(current))
1717 break;
1718 cond_resched();
1719 }
1720 if (written) {
1721 struct inode *inode = file->f_dentry->d_inode;
1722 inode->i_mtime = current_fs_time(inode->i_sb);
1723 ret = written;
1724 }
70522e12 1725 mutex_unlock(&tty->atomic_write_lock);
1da177e4
LT		 1726 return ret;
1727}
1728
1729
af9b897e
AC		 1730/**
1731 * tty_write - write method for tty device file
1732 * @file: tty file pointer
1733 * @buf: user data to write
1734 * @count: bytes to write
1735 * @ppos: unused
1736 *
1737 * Write data to a tty device via the line discipline.
1738 *
1739 * Locking:
1740 * Locks the line discipline as required
1741 * Writes to the tty driver are serialized by the atomic_write_lock
1742 * and are then processed in chunks to the device. The line discipline
1743 * write method will not be involked in parallel for each device
1744 * The line discipline write method is called under the big
1745 * kernel lock for historical reasons. New code should not rely on this.
1746 */
1747
1da177e4
LT		 1748static ssize_t tty_write(struct file * file, const char __user * buf, size_t count,
1749 loff_t *ppos)
1750{
1751 struct tty_struct * tty;
1752 struct inode *inode = file->f_dentry->d_inode;
1753 ssize_t ret;
1754 struct tty_ldisc *ld;
1755
1756 tty = (struct tty_struct *)file->private_data;
1757 if (tty_paranoia_check(tty, inode, "tty_write"))
1758 return -EIO;
1759 if (!tty || !tty->driver->write || (test_bit(TTY_IO_ERROR, &tty->flags)))
1760 return -EIO;
1761
1762 ld = tty_ldisc_ref_wait(tty);
1763 if (!ld->write)
1764 ret = -EIO;
1765 else
1766 ret = do_tty_write(ld->write, tty, file, buf, count);
1767 tty_ldisc_deref(ld);
1768 return ret;
1769}
1770
1771ssize_t redirected_tty_write(struct file * file, const char __user * buf, size_t count,
1772 loff_t *ppos)
1773{
1774 struct file *p = NULL;
1775
1776 spin_lock(&redirect_lock);
1777 if (redirect) {
1778 get_file(redirect);
1779 p = redirect;
1780 }
1781 spin_unlock(&redirect_lock);
1782
1783 if (p) {
1784 ssize_t res;
1785 res = vfs_write(p, buf, count, &p->f_pos);
1786 fput(p);
1787 return res;
1788 }
1789
1790 return tty_write(file, buf, count, ppos);
1791}
1792
1793static char ptychar[] = "pqrstuvwxyzabcde";
1794
af9b897e
AC		 1795/**
1796 * pty_line_name - generate name for a pty
1797 * @driver: the tty driver in use
1798 * @index: the minor number
1799 * @p: output buffer of at least 6 bytes
1800 *
1801 * Generate a name from a driver reference and write it to the output
1802 * buffer.
1803 *
1804 * Locking: None
1805 */
1806static void pty_line_name(struct tty_driver *driver, int index, char *p)
1da177e4
LT		 1807{
1808 int i = index + driver->name_base;
1809 /* ->name is initialized to "ttyp", but "tty" is expected */
1810 sprintf(p, "%s%c%x",
1811 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1812 ptychar[i >> 4 & 0xf], i & 0xf);
1813}
1814
af9b897e
AC		 1815/**
1816 * pty_line_name - generate name for a tty
1817 * @driver: the tty driver in use
1818 * @index: the minor number
1819 * @p: output buffer of at least 7 bytes
1820 *
1821 * Generate a name from a driver reference and write it to the output
1822 * buffer.
1823 *
1824 * Locking: None
1825 */
1826static void tty_line_name(struct tty_driver *driver, int index, char *p)
1da177e4
LT		 1827{
1828 sprintf(p, "%s%d", driver->name, index + driver->name_base);
1829}
1830
af9b897e
AC		 1831/**
1832 * init_dev - initialise a tty device
1833 * @driver: tty driver we are opening a device on
1834 * @idx: device index
1835 * @tty: returned tty structure
1836 *
1837 * Prepare a tty device. This may not be a "new" clean device but
1838 * could also be an active device. The pty drivers require special
1839 * handling because of this.
1840 *
1841 * Locking:
1842 * The function is called under the tty_mutex, which
1843 * protects us from the tty struct or driver itself going away.
1844 *
1845 * On exit the tty device has the line discipline attached and
1846 * a reference count of 1. If a pair was created for pty/tty use
1847 * and the other was a pty master then it too has a reference count of 1.
1848 *
1da177e4 1849 * WSH 06/09/97: Rewritten to remove races and properly clean up after a
70522e12
IM		 1850 * failed open. The new code protects the open with a mutex, so it's
1851 * really quite straightforward. The mutex locking can probably be
1da177e4
LT		 1852 * relaxed for the (most common) case of reopening a tty.
1853 */
af9b897e 1854
1da177e4
LT		 1855static int init_dev(struct tty_driver *driver, int idx,
1856 struct tty_struct **ret_tty)
1857{
1858 struct tty_struct *tty, *o_tty;
1859 struct termios *tp, **tp_loc, *o_tp, **o_tp_loc;
1860 struct termios *ltp, **ltp_loc, *o_ltp, **o_ltp_loc;
af9b897e 1861 int retval = 0;
1da177e4
LT		 1862
1863 /* check whether we're reopening an existing tty */
1864 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1865 tty = devpts_get_tty(idx);
1866 if (tty && driver->subtype == PTY_TYPE_MASTER)
1867 tty = tty->link;
1868 } else {
1869 tty = driver->ttys[idx];
1870 }
1871 if (tty) goto fast_track;
1872
1873 /*
1874 * First time open is complex, especially for PTY devices.
1875 * This code guarantees that either everything succeeds and the
1876 * TTY is ready for operation, or else the table slots are vacated
1877 * and the allocated memory released. (Except that the termios
1878 * and locked termios may be retained.)
1879 */
1880
1881 if (!try_module_get(driver->owner)) {
1882 retval = -ENODEV;
1883 goto end_init;
1884 }
1885
1886 o_tty = NULL;
1887 tp = o_tp = NULL;
1888 ltp = o_ltp = NULL;
1889
1890 tty = alloc_tty_struct();
1891 if(!tty)
1892 goto fail_no_mem;
1893 initialize_tty_struct(tty);
1894 tty->driver = driver;
1895 tty->index = idx;
1896 tty_line_name(driver, idx, tty->name);
1897
1898 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1899 tp_loc = &tty->termios;
1900 ltp_loc = &tty->termios_locked;
1901 } else {
1902 tp_loc = &driver->termios[idx];
1903 ltp_loc = &driver->termios_locked[idx];
1904 }
1905
1906 if (!*tp_loc) {
1907 tp = (struct termios *) kmalloc(sizeof(struct termios),
1908 GFP_KERNEL);
1909 if (!tp)
1910 goto free_mem_out;
1911 *tp = driver->init_termios;
1912 }
1913
1914 if (!*ltp_loc) {
1915 ltp = (struct termios *) kmalloc(sizeof(struct termios),
1916 GFP_KERNEL);
1917 if (!ltp)
1918 goto free_mem_out;
1919 memset(ltp, 0, sizeof(struct termios));
1920 }
1921
1922 if (driver->type == TTY_DRIVER_TYPE_PTY) {
1923 o_tty = alloc_tty_struct();
1924 if (!o_tty)
1925 goto free_mem_out;
1926 initialize_tty_struct(o_tty);
1927 o_tty->driver = driver->other;
1928 o_tty->index = idx;
1929 tty_line_name(driver->other, idx, o_tty->name);
1930
1931 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1932 o_tp_loc = &o_tty->termios;
1933 o_ltp_loc = &o_tty->termios_locked;
1934 } else {
1935 o_tp_loc = &driver->other->termios[idx];
1936 o_ltp_loc = &driver->other->termios_locked[idx];
1937 }
1938
1939 if (!*o_tp_loc) {
1940 o_tp = (struct termios *)
1941 kmalloc(sizeof(struct termios), GFP_KERNEL);
1942 if (!o_tp)
1943 goto free_mem_out;
1944 *o_tp = driver->other->init_termios;
1945 }
1946
1947 if (!*o_ltp_loc) {
1948 o_ltp = (struct termios *)
1949 kmalloc(sizeof(struct termios), GFP_KERNEL);
1950 if (!o_ltp)
1951 goto free_mem_out;
1952 memset(o_ltp, 0, sizeof(struct termios));
1953 }
1954
1955 /*
1956 * Everything allocated ... set up the o_tty structure.
1957 */
1958 if (!(driver->other->flags & TTY_DRIVER_DEVPTS_MEM)) {
1959 driver->other->ttys[idx] = o_tty;
1960 }
1961 if (!*o_tp_loc)
1962 *o_tp_loc = o_tp;
1963 if (!*o_ltp_loc)
1964 *o_ltp_loc = o_ltp;
1965 o_tty->termios = *o_tp_loc;
1966 o_tty->termios_locked = *o_ltp_loc;
1967 driver->other->refcount++;
1968 if (driver->subtype == PTY_TYPE_MASTER)
1969 o_tty->count++;
1970
1971 /* Establish the links in both directions */
1972 tty->link = o_tty;
1973 o_tty->link = tty;
1974 }
1975
1976 /*
1977 * All structures have been allocated, so now we install them.
1978 * Failures after this point use release_mem to clean up, so
1979 * there's no need to null out the local pointers.
1980 */
1981 if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
1982 driver->ttys[idx] = tty;
1983 }
1984
1985 if (!*tp_loc)
1986 *tp_loc = tp;
1987 if (!*ltp_loc)
1988 *ltp_loc = ltp;
1989 tty->termios = *tp_loc;
1990 tty->termios_locked = *ltp_loc;
1991 driver->refcount++;
1992 tty->count++;
1993
1994 /*
1995 * Structures all installed ... call the ldisc open routines.
1996 * If we fail here just call release_mem to clean up. No need
1997 * to decrement the use counts, as release_mem doesn't care.
1998 */
1999
2000 if (tty->ldisc.open) {
2001 retval = (tty->ldisc.open)(tty);
2002 if (retval)
2003 goto release_mem_out;
2004 }
2005 if (o_tty && o_tty->ldisc.open) {
2006 retval = (o_tty->ldisc.open)(o_tty);
2007 if (retval) {
2008 if (tty->ldisc.close)
2009 (tty->ldisc.close)(tty);
2010 goto release_mem_out;
2011 }
2012 tty_ldisc_enable(o_tty);
2013 }
2014 tty_ldisc_enable(tty);
2015 goto success;
2016
2017 /*
2018 * This fast open can be used if the tty is already open.
2019 * No memory is allocated, and the only failures are from
2020 * attempting to open a closing tty or attempting multiple
2021 * opens on a pty master.
2022 */
2023fast_track:
2024 if (test_bit(TTY_CLOSING, &tty->flags)) {
2025 retval = -EIO;
2026 goto end_init;
2027 }
2028 if (driver->type == TTY_DRIVER_TYPE_PTY &&
2029 driver->subtype == PTY_TYPE_MASTER) {
2030 /*
2031 * special case for PTY masters: only one open permitted,
2032 * and the slave side open count is incremented as well.
2033 */
2034 if (tty->count) {
2035 retval = -EIO;
2036 goto end_init;
2037 }
2038 tty->link->count++;
2039 }
2040 tty->count++;
2041 tty->driver = driver; /* N.B. why do this every time?? */
2042
2043 /* FIXME */
2044 if(!test_bit(TTY_LDISC, &tty->flags))
2045 printk(KERN_ERR "init_dev but no ldisc\n");
2046success:
2047 *ret_tty = tty;
2048
70522e12 2049 /* All paths come through here to release the mutex */
1da177e4
LT		 2050end_init:
2051 return retval;
2052
2053 /* Release locally allocated memory ... nothing placed in slots */
2054free_mem_out:
735d5661 2055 kfree(o_tp);
1da177e4
LT		 2056 if (o_tty)
2057 free_tty_struct(o_tty);
735d5661
JJ		 2058 kfree(ltp);
2059 kfree(tp);
1da177e4
LT		 2060 free_tty_struct(tty);
2061
2062fail_no_mem:
2063 module_put(driver->owner);
2064 retval = -ENOMEM;
2065 goto end_init;
2066
2067 /* call the tty release_mem routine to clean out this slot */
2068release_mem_out:
4050914f
AM		 2069 if (printk_ratelimit())
2070 printk(KERN_INFO "init_dev: ldisc open failed, "
2071 "clearing slot %d\n", idx);
1da177e4
LT		 2072 release_mem(tty, idx);
2073 goto end_init;
2074}
2075
af9b897e
AC		 2076/**
2077 * release_mem - release tty structure memory
2078 *
2079 * Releases memory associated with a tty structure, and clears out the
2080 * driver table slots. This function is called when a device is no longer
2081 * in use. It also gets called when setup of a device fails.
2082 *
2083 * Locking:
2084 * tty_mutex - sometimes only
2085 * takes the file list lock internally when working on the list
2086 * of ttys that the driver keeps.
2087 * FIXME: should we require tty_mutex is held here ??
1da177e4 2088 */
af9b897e 2089
1da177e4
LT		 2090static void release_mem(struct tty_struct *tty, int idx)
2091{
2092 struct tty_struct *o_tty;
2093 struct termios *tp;
2094 int devpts = tty->driver->flags & TTY_DRIVER_DEVPTS_MEM;
2095
2096 if ((o_tty = tty->link) != NULL) {
2097 if (!devpts)
2098 o_tty->driver->ttys[idx] = NULL;
2099 if (o_tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
2100 tp = o_tty->termios;
2101 if (!devpts)
2102 o_tty->driver->termios[idx] = NULL;
2103 kfree(tp);
2104
2105 tp = o_tty->termios_locked;
2106 if (!devpts)
2107 o_tty->driver->termios_locked[idx] = NULL;
2108 kfree(tp);
2109 }
2110 o_tty->magic = 0;
2111 o_tty->driver->refcount--;
2112 file_list_lock();
2113 list_del_init(&o_tty->tty_files);
2114 file_list_unlock();
2115 free_tty_struct(o_tty);
2116 }
2117
2118 if (!devpts)
2119 tty->driver->ttys[idx] = NULL;
2120 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
2121 tp = tty->termios;
2122 if (!devpts)
2123 tty->driver->termios[idx] = NULL;
2124 kfree(tp);
2125
2126 tp = tty->termios_locked;
2127 if (!devpts)
2128 tty->driver->termios_locked[idx] = NULL;
2129 kfree(tp);
2130 }
2131
2132 tty->magic = 0;
2133 tty->driver->refcount--;
2134 file_list_lock();
2135 list_del_init(&tty->tty_files);
2136 file_list_unlock();
2137 module_put(tty->driver->owner);
2138 free_tty_struct(tty);
2139}
2140
2141/*
2142 * Even releasing the tty structures is a tricky business.. We have
2143 * to be very careful that the structures are all released at the
2144 * same time, as interrupts might otherwise get the wrong pointers.
2145 *
2146 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
2147 * lead to double frees or releasing memory still in use.
2148 */
2149static void release_dev(struct file * filp)
2150{
2151 struct tty_struct *tty, *o_tty;
2152 int pty_master, tty_closing, o_tty_closing, do_sleep;
14a6283e 2153 int devpts;
1da177e4
LT		 2154 int idx;
2155 char buf[64];
2156 unsigned long flags;
2157
2158 tty = (struct tty_struct *)filp->private_data;
2159 if (tty_paranoia_check(tty, filp->f_dentry->d_inode, "release_dev"))
2160 return;
2161
2162 check_tty_count(tty, "release_dev");
2163
2164 tty_fasync(-1, filp, 0);
2165
2166 idx = tty->index;
2167 pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2168 tty->driver->subtype == PTY_TYPE_MASTER);
2169 devpts = (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) != 0;
1da177e4
LT		 2170 o_tty = tty->link;
2171
2172#ifdef TTY_PARANOIA_CHECK
2173 if (idx < 0 || idx >= tty->driver->num) {
2174 printk(KERN_DEBUG "release_dev: bad idx when trying to "
2175 "free (%s)\n", tty->name);
2176 return;
2177 }
2178 if (!(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2179 if (tty != tty->driver->ttys[idx]) {
2180 printk(KERN_DEBUG "release_dev: driver.table[%d] not tty "
2181 "for (%s)\n", idx, tty->name);
2182 return;
2183 }
2184 if (tty->termios != tty->driver->termios[idx]) {
2185 printk(KERN_DEBUG "release_dev: driver.termios[%d] not termios "
2186 "for (%s)\n",
2187 idx, tty->name);
2188 return;
2189 }
2190 if (tty->termios_locked != tty->driver->termios_locked[idx]) {
2191 printk(KERN_DEBUG "release_dev: driver.termios_locked[%d] not "
2192 "termios_locked for (%s)\n",
2193 idx, tty->name);
2194 return;
2195 }
2196 }
2197#endif
2198
2199#ifdef TTY_DEBUG_HANGUP
2200 printk(KERN_DEBUG "release_dev of %s (tty count=%d)...",
2201 tty_name(tty, buf), tty->count);
2202#endif
2203
2204#ifdef TTY_PARANOIA_CHECK
2205 if (tty->driver->other &&
2206 !(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2207 if (o_tty != tty->driver->other->ttys[idx]) {
2208 printk(KERN_DEBUG "release_dev: other->table[%d] "
2209 "not o_tty for (%s)\n",
2210 idx, tty->name);
2211 return;
2212 }
2213 if (o_tty->termios != tty->driver->other->termios[idx]) {
2214 printk(KERN_DEBUG "release_dev: other->termios[%d] "
2215 "not o_termios for (%s)\n",
2216 idx, tty->name);
2217 return;
2218 }
2219 if (o_tty->termios_locked !=
2220 tty->driver->other->termios_locked[idx]) {
2221 printk(KERN_DEBUG "release_dev: other->termios_locked["
2222 "%d] not o_termios_locked for (%s)\n",
2223 idx, tty->name);
2224 return;
2225 }
2226 if (o_tty->link != tty) {
2227 printk(KERN_DEBUG "release_dev: bad pty pointers\n");
2228 return;
2229 }
2230 }
2231#endif
2232 if (tty->driver->close)
2233 tty->driver->close(tty, filp);
2234
2235 /*
2236 * Sanity check: if tty->count is going to zero, there shouldn't be
2237 * any waiters on tty->read_wait or tty->write_wait. We test the
2238 * wait queues and kick everyone out _before_ actually starting to
2239 * close. This ensures that we won't block while releasing the tty
2240 * structure.
2241 *
2242 * The test for the o_tty closing is necessary, since the master and
2243 * slave sides may close in any order. If the slave side closes out
2244 * first, its count will be one, since the master side holds an open.
2245 * Thus this test wouldn't be triggered at the time the slave closes,
2246 * so we do it now.
2247 *
2248 * Note that it's possible for the tty to be opened again while we're
2249 * flushing out waiters. By recalculating the closing flags before
2250 * each iteration we avoid any problems.
2251 */
2252 while (1) {
2253 /* Guard against races with tty->count changes elsewhere and
2254 opens on /dev/tty */
2255
70522e12 2256 mutex_lock(&tty_mutex);
1da177e4
LT		 2257 tty_closing = tty->count <= 1;
2258 o_tty_closing = o_tty &&
2259 (o_tty->count <= (pty_master ? 1 : 0));
1da177e4
LT		 2260 do_sleep = 0;
2261
2262 if (tty_closing) {
2263 if (waitqueue_active(&tty->read_wait)) {
2264 wake_up(&tty->read_wait);
2265 do_sleep++;
2266 }
2267 if (waitqueue_active(&tty->write_wait)) {
2268 wake_up(&tty->write_wait);
2269 do_sleep++;
2270 }
2271 }
2272 if (o_tty_closing) {
2273 if (waitqueue_active(&o_tty->read_wait)) {
2274 wake_up(&o_tty->read_wait);
2275 do_sleep++;
2276 }
2277 if (waitqueue_active(&o_tty->write_wait)) {
2278 wake_up(&o_tty->write_wait);
2279 do_sleep++;
2280 }
2281 }
2282 if (!do_sleep)
2283 break;
2284
2285 printk(KERN_WARNING "release_dev: %s: read/write wait queue "
2286 "active!\n", tty_name(tty, buf));
70522e12 2287 mutex_unlock(&tty_mutex);
1da177e4
LT		 2288 schedule();
2289 }
2290
2291 /*
2292 * The closing flags are now consistent with the open counts on
2293 * both sides, and we've completed the last operation that could
2294 * block, so it's safe to proceed with closing.
2295 */
1da177e4
LT		 2296 if (pty_master) {
2297 if (--o_tty->count < 0) {
2298 printk(KERN_WARNING "release_dev: bad pty slave count "
2299 "(%d) for %s\n",
2300 o_tty->count, tty_name(o_tty, buf));
2301 o_tty->count = 0;
2302 }
2303 }
2304 if (--tty->count < 0) {
2305 printk(KERN_WARNING "release_dev: bad tty->count (%d) for %s\n",
2306 tty->count, tty_name(tty, buf));
2307 tty->count = 0;
2308 }
1da177e4
LT		 2309
2310 /*
2311 * We've decremented tty->count, so we need to remove this file
2312 * descriptor off the tty->tty_files list; this serves two
2313 * purposes:
2314 * - check_tty_count sees the correct number of file descriptors
2315 * associated with this tty.
2316 * - do_tty_hangup no longer sees this file descriptor as
2317 * something that needs to be handled for hangups.
2318 */
2319 file_kill(filp);
2320 filp->private_data = NULL;
2321
2322 /*
2323 * Perform some housekeeping before deciding whether to return.
2324 *
2325 * Set the TTY_CLOSING flag if this was the last open. In the
2326 * case of a pty we may have to wait around for the other side
2327 * to close, and TTY_CLOSING makes sure we can't be reopened.
2328 */
2329 if(tty_closing)
2330 set_bit(TTY_CLOSING, &tty->flags);
2331 if(o_tty_closing)
2332 set_bit(TTY_CLOSING, &o_tty->flags);
2333
2334 /*
2335 * If _either_ side is closing, make sure there aren't any
2336 * processes that still think tty or o_tty is their controlling
2337 * tty.
2338 */
2339 if (tty_closing || o_tty_closing) {
2340 struct task_struct *p;
2341
2342 read_lock(&tasklist_lock);
2343 do_each_task_pid(tty->session, PIDTYPE_SID, p) {
2344 p->signal->tty = NULL;
2345 } while_each_task_pid(tty->session, PIDTYPE_SID, p);
2346 if (o_tty)
2347 do_each_task_pid(o_tty->session, PIDTYPE_SID, p) {
2348 p->signal->tty = NULL;
2349 } while_each_task_pid(o_tty->session, PIDTYPE_SID, p);
2350 read_unlock(&tasklist_lock);
2351 }
2352
70522e12 2353 mutex_unlock(&tty_mutex);
da965822 2354
1da177e4
LT		 2355 /* check whether both sides are closing ... */
2356 if (!tty_closing || (o_tty && !o_tty_closing))
2357 return;
2358
2359#ifdef TTY_DEBUG_HANGUP
2360 printk(KERN_DEBUG "freeing tty structure...");
2361#endif
2362 /*
2363 * Prevent flush_to_ldisc() from rescheduling the work for later. Then
2364 * kill any delayed work. As this is the final close it does not
2365 * race with the set_ldisc code path.
2366 */
2367 clear_bit(TTY_LDISC, &tty->flags);
33f0f88f 2368 cancel_delayed_work(&tty->buf.work);
1da177e4
LT		 2369
2370 /*
33f0f88f 2371 * Wait for ->hangup_work and ->buf.work handlers to terminate
1da177e4
LT		 2372 */
2373
2374 flush_scheduled_work();
2375
2376 /*
2377 * Wait for any short term users (we know they are just driver
2378 * side waiters as the file is closing so user count on the file
2379 * side is zero.
2380 */
2381 spin_lock_irqsave(&tty_ldisc_lock, flags);
2382 while(tty->ldisc.refcount)
2383 {
2384 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
2385 wait_event(tty_ldisc_wait, tty->ldisc.refcount == 0);
2386 spin_lock_irqsave(&tty_ldisc_lock, flags);
2387 }
2388 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
2389 /*
2390 * Shutdown the current line discipline, and reset it to N_TTY.
2391 * N.B. why reset ldisc when we're releasing the memory??
2392 *
2393 * FIXME: this MUST get fixed for the new reflocking
2394 */
2395 if (tty->ldisc.close)
2396 (tty->ldisc.close)(tty);
2397 tty_ldisc_put(tty->ldisc.num);
2398
2399 /*
2400 * Switch the line discipline back
2401 */
2402 tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
2403 tty_set_termios_ldisc(tty,N_TTY);
2404 if (o_tty) {
2405 /* FIXME: could o_tty be in setldisc here ? */
2406 clear_bit(TTY_LDISC, &o_tty->flags);
2407 if (o_tty->ldisc.close)
2408 (o_tty->ldisc.close)(o_tty);
2409 tty_ldisc_put(o_tty->ldisc.num);
2410 tty_ldisc_assign(o_tty, tty_ldisc_get(N_TTY));
2411 tty_set_termios_ldisc(o_tty,N_TTY);
2412 }
2413 /*
2414 * The release_mem function takes care of the details of clearing
2415 * the slots and preserving the termios structure.
2416 */
2417 release_mem(tty, idx);
2418
2419#ifdef CONFIG_UNIX98_PTYS
2420 /* Make this pty number available for reallocation */
2421 if (devpts) {
2422 down(&allocated_ptys_lock);
2423 idr_remove(&allocated_ptys, idx);
2424 up(&allocated_ptys_lock);
2425 }
2426#endif
2427
2428}
2429
af9b897e
AC		 2430/**
2431 * tty_open - open a tty device
2432 * @inode: inode of device file
2433 * @filp: file pointer to tty
1da177e4 2434 *
af9b897e
AC		 2435 * tty_open and tty_release keep up the tty count that contains the
2436 * number of opens done on a tty. We cannot use the inode-count, as
2437 * different inodes might point to the same tty.
1da177e4 2438 *
af9b897e
AC		 2439 * Open-counting is needed for pty masters, as well as for keeping
2440 * track of serial lines: DTR is dropped when the last close happens.
2441 * (This is not done solely through tty->count, now. - Ted 1/27/92)
2442 *
2443 * The termios state of a pty is reset on first open so that
2444 * settings don't persist across reuse.
2445 *
2446 * Locking: tty_mutex protects current->signal->tty, get_tty_driver and
2447 * init_dev work. tty->count should protect the rest.
2448 * task_lock is held to update task details for sessions
1da177e4 2449 */
af9b897e 2450
1da177e4
LT		 2451static int tty_open(struct inode * inode, struct file * filp)
2452{
2453 struct tty_struct *tty;
2454 int noctty, retval;
2455 struct tty_driver *driver;
2456 int index;
2457 dev_t device = inode->i_rdev;
2458 unsigned short saved_flags = filp->f_flags;
2459
2460 nonseekable_open(inode, filp);
2461
2462retry_open:
2463 noctty = filp->f_flags & O_NOCTTY;
2464 index = -1;
2465 retval = 0;
2466
70522e12 2467 mutex_lock(&tty_mutex);
1da177e4
LT		 2468
2469 if (device == MKDEV(TTYAUX_MAJOR,0)) {
2470 if (!current->signal->tty) {
70522e12 2471 mutex_unlock(&tty_mutex);
1da177e4
LT		 2472 return -ENXIO;
2473 }
2474 driver = current->signal->tty->driver;
2475 index = current->signal->tty->index;
2476 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
2477 /* noctty = 1; */
2478 goto got_driver;
2479 }
2480#ifdef CONFIG_VT
2481 if (device == MKDEV(TTY_MAJOR,0)) {
2482 extern struct tty_driver *console_driver;
2483 driver = console_driver;
2484 index = fg_console;
2485 noctty = 1;
2486 goto got_driver;
2487 }
2488#endif
2489 if (device == MKDEV(TTYAUX_MAJOR,1)) {
2490 driver = console_device(&index);
2491 if (driver) {
2492 /* Don't let /dev/console block */
2493 filp->f_flags |= O_NONBLOCK;
2494 noctty = 1;
2495 goto got_driver;
2496 }
70522e12 2497 mutex_unlock(&tty_mutex);
1da177e4
LT		 2498 return -ENODEV;
2499 }
2500
2501 driver = get_tty_driver(device, &index);
2502 if (!driver) {
70522e12 2503 mutex_unlock(&tty_mutex);
1da177e4
LT		 2504 return -ENODEV;
2505 }
2506got_driver:
2507 retval = init_dev(driver, index, &tty);
70522e12 2508 mutex_unlock(&tty_mutex);
1da177e4
LT		 2509 if (retval)
2510 return retval;
2511
2512 filp->private_data = tty;
2513 file_move(filp, &tty->tty_files);
2514 check_tty_count(tty, "tty_open");
2515 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2516 tty->driver->subtype == PTY_TYPE_MASTER)
2517 noctty = 1;
2518#ifdef TTY_DEBUG_HANGUP
2519 printk(KERN_DEBUG "opening %s...", tty->name);
2520#endif
2521 if (!retval) {
2522 if (tty->driver->open)
2523 retval = tty->driver->open(tty, filp);
2524 else
2525 retval = -ENODEV;
2526 }
2527 filp->f_flags = saved_flags;
2528
2529 if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN))
2530 retval = -EBUSY;
2531
2532 if (retval) {
2533#ifdef TTY_DEBUG_HANGUP
2534 printk(KERN_DEBUG "error %d in opening %s...", retval,
2535 tty->name);
2536#endif
2537 release_dev(filp);
2538 if (retval != -ERESTARTSYS)
2539 return retval;
2540 if (signal_pending(current))
2541 return retval;
2542 schedule();
2543 /*
2544 * Need to reset f_op in case a hangup happened.
2545 */
2546 if (filp->f_op == &hung_up_tty_fops)
2547 filp->f_op = &tty_fops;
2548 goto retry_open;
2549 }
2550 if (!noctty &&
2551 current->signal->leader &&
2552 !current->signal->tty &&
2553 tty->session == 0) {
2554 task_lock(current);
2555 current->signal->tty = tty;
2556 task_unlock(current);
2557 current->signal->tty_old_pgrp = 0;
2558 tty->session = current->signal->session;
2559 tty->pgrp = process_group(current);
2560 }
2561 return 0;
2562}
2563
2564#ifdef CONFIG_UNIX98_PTYS
af9b897e
AC		 2565/**
2566 * ptmx_open - open a unix 98 pty master
2567 * @inode: inode of device file
2568 * @filp: file pointer to tty
2569 *
2570 * Allocate a unix98 pty master device from the ptmx driver.
2571 *
2572 * Locking: tty_mutex protects theinit_dev work. tty->count should
2573 protect the rest.
2574 * allocated_ptys_lock handles the list of free pty numbers
2575 */
2576
1da177e4
LT		 2577static int ptmx_open(struct inode * inode, struct file * filp)
2578{
2579 struct tty_struct *tty;
2580 int retval;
2581 int index;
2582 int idr_ret;
2583
2584 nonseekable_open(inode, filp);
2585
2586 /* find a device that is not in use. */
2587 down(&allocated_ptys_lock);
2588 if (!idr_pre_get(&allocated_ptys, GFP_KERNEL)) {
2589 up(&allocated_ptys_lock);
2590 return -ENOMEM;
2591 }
2592 idr_ret = idr_get_new(&allocated_ptys, NULL, &index);
2593 if (idr_ret < 0) {
2594 up(&allocated_ptys_lock);
2595 if (idr_ret == -EAGAIN)
2596 return -ENOMEM;
2597 return -EIO;
2598 }
2599 if (index >= pty_limit) {
2600 idr_remove(&allocated_ptys, index);
2601 up(&allocated_ptys_lock);
2602 return -EIO;
2603 }
2604 up(&allocated_ptys_lock);
2605
70522e12 2606 mutex_lock(&tty_mutex);
1da177e4 2607 retval = init_dev(ptm_driver, index, &tty);
70522e12 2608 mutex_unlock(&tty_mutex);
1da177e4
LT		 2609
2610 if (retval)
2611 goto out;
2612
2613 set_bit(TTY_PTY_LOCK, &tty->flags); /* LOCK THE SLAVE */
2614 filp->private_data = tty;
2615 file_move(filp, &tty->tty_files);
2616
2617 retval = -ENOMEM;
2618 if (devpts_pty_new(tty->link))
2619 goto out1;
2620
2621 check_tty_count(tty, "tty_open");
2622 retval = ptm_driver->open(tty, filp);
2623 if (!retval)
2624 return 0;
2625out1:
2626 release_dev(filp);
9453a5ad 2627 return retval;
1da177e4
LT		 2628out:
2629 down(&allocated_ptys_lock);
2630 idr_remove(&allocated_ptys, index);
2631 up(&allocated_ptys_lock);
2632 return retval;
2633}
2634#endif
2635
af9b897e
AC		 2636/**
2637 * tty_release - vfs callback for close
2638 * @inode: inode of tty
2639 * @filp: file pointer for handle to tty
2640 *
2641 * Called the last time each file handle is closed that references
2642 * this tty. There may however be several such references.
2643 *
2644 * Locking:
2645 * Takes bkl. See release_dev
2646 */
2647
1da177e4
LT		 2648static int tty_release(struct inode * inode, struct file * filp)
2649{
2650 lock_kernel();
2651 release_dev(filp);
2652 unlock_kernel();
2653 return 0;
2654}
2655
af9b897e
AC		 2656/**
2657 * tty_poll - check tty status
2658 * @filp: file being polled
2659 * @wait: poll wait structures to update
2660 *
2661 * Call the line discipline polling method to obtain the poll
2662 * status of the device.
2663 *
2664 * Locking: locks called line discipline but ldisc poll method
2665 * may be re-entered freely by other callers.
2666 */
2667
1da177e4
LT		 2668static unsigned int tty_poll(struct file * filp, poll_table * wait)
2669{
2670 struct tty_struct * tty;
2671 struct tty_ldisc *ld;
2672 int ret = 0;
2673
2674 tty = (struct tty_struct *)filp->private_data;
2675 if (tty_paranoia_check(tty, filp->f_dentry->d_inode, "tty_poll"))
2676 return 0;
2677
2678 ld = tty_ldisc_ref_wait(tty);
2679 if (ld->poll)
2680 ret = (ld->poll)(tty, filp, wait);
2681 tty_ldisc_deref(ld);
2682 return ret;
2683}
2684
2685static int tty_fasync(int fd, struct file * filp, int on)
2686{
2687 struct tty_struct * tty;
2688 int retval;
2689
2690 tty = (struct tty_struct *)filp->private_data;
2691 if (tty_paranoia_check(tty, filp->f_dentry->d_inode, "tty_fasync"))
2692 return 0;
2693
2694 retval = fasync_helper(fd, filp, on, &tty->fasync);
2695 if (retval <= 0)
2696 return retval;
2697
2698 if (on) {
2699 if (!waitqueue_active(&tty->read_wait))
2700 tty->minimum_to_wake = 1;
2701 retval = f_setown(filp, (-tty->pgrp) ? : current->pid, 0);
2702 if (retval)
2703 return retval;
2704 } else {
2705 if (!tty->fasync && !waitqueue_active(&tty->read_wait))
2706 tty->minimum_to_wake = N_TTY_BUF_SIZE;
2707 }
2708 return 0;
2709}
2710
af9b897e
AC		 2711/**
2712 * tiocsti - fake input character
2713 * @tty: tty to fake input into
2714 * @p: pointer to character
2715 *
2716 * Fake input to a tty device. Does the neccessary locking and
2717 * input management.
2718 *
2719 * FIXME: does not honour flow control ??
2720 *
2721 * Locking:
2722 * Called functions take tty_ldisc_lock
2723 * current->signal->tty check is safe without locks
28298232
AC		 2724 *
2725 * FIXME: may race normal receive processing
af9b897e
AC		 2726 */
2727
1da177e4
LT		 2728static int tiocsti(struct tty_struct *tty, char __user *p)
2729{
2730 char ch, mbz = 0;
2731 struct tty_ldisc *ld;
2732
2733 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2734 return -EPERM;
2735 if (get_user(ch, p))
2736 return -EFAULT;
2737 ld = tty_ldisc_ref_wait(tty);
2738 ld->receive_buf(tty, &ch, &mbz, 1);
2739 tty_ldisc_deref(ld);
2740 return 0;
2741}
2742
af9b897e
AC		 2743/**
2744 * tiocgwinsz - implement window query ioctl
2745 * @tty; tty
2746 * @arg: user buffer for result
2747 *
808a0d38 2748 * Copies the kernel idea of the window size into the user buffer.
af9b897e 2749 *
808a0d38
AC		 2750 * Locking: tty->termios_sem is taken to ensure the winsize data
2751 * is consistent.
af9b897e
AC		 2752 */
2753
1da177e4
LT		 2754static int tiocgwinsz(struct tty_struct *tty, struct winsize __user * arg)
2755{
808a0d38
AC		 2756 int err;
2757
5785c95b 2758 mutex_lock(&tty->termios_mutex);
808a0d38 2759 err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
5785c95b 2760 mutex_unlock(&tty->termios_mutex);
808a0d38
AC		 2761
2762 return err ? -EFAULT: 0;
1da177e4
LT		 2763}
2764
af9b897e
AC		 2765/**
2766 * tiocswinsz - implement window size set ioctl
2767 * @tty; tty
2768 * @arg: user buffer for result
2769 *
2770 * Copies the user idea of the window size to the kernel. Traditionally
2771 * this is just advisory information but for the Linux console it
2772 * actually has driver level meaning and triggers a VC resize.
2773 *
2774 * Locking:
ca9bda00
AC		 2775 * Called function use the console_sem is used to ensure we do
2776 * not try and resize the console twice at once.
2777 * The tty->termios_sem is used to ensure we don't double
2778 * resize and get confused. Lock order - tty->termios.sem before
2779 * console sem
af9b897e
AC		 2780 */
2781
1da177e4
LT		 2782static int tiocswinsz(struct tty_struct *tty, struct tty_struct *real_tty,
2783 struct winsize __user * arg)
2784{
2785 struct winsize tmp_ws;
2786
2787 if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2788 return -EFAULT;
ca9bda00 2789
5785c95b 2790 mutex_lock(&tty->termios_mutex);
1da177e4 2791 if (!memcmp(&tmp_ws, &tty->winsize, sizeof(*arg)))
ca9bda00
AC		 2792 goto done;
2793
1da177e4
LT		 2794#ifdef CONFIG_VT
2795 if (tty->driver->type == TTY_DRIVER_TYPE_CONSOLE) {
5785c95b
AV		 2796 if (vc_lock_resize(tty->driver_data, tmp_ws.ws_col,
2797 tmp_ws.ws_row)) {
2798 mutex_unlock(&tty->termios_mutex);
ca9bda00
AC		 2799 return -ENXIO;
2800 }
1da177e4
LT		 2801 }
2802#endif
2803 if (tty->pgrp > 0)
2804 kill_pg(tty->pgrp, SIGWINCH, 1);
2805 if ((real_tty->pgrp != tty->pgrp) && (real_tty->pgrp > 0))
2806 kill_pg(real_tty->pgrp, SIGWINCH, 1);
2807 tty->winsize = tmp_ws;
2808 real_tty->winsize = tmp_ws;
ca9bda00 2809done:
5785c95b 2810 mutex_unlock(&tty->termios_mutex);
1da177e4
LT		 2811 return 0;
2812}
2813
af9b897e
AC		 2814/**
2815 * tioccons - allow admin to move logical console
2816 * @file: the file to become console
2817 *
2818 * Allow the adminstrator to move the redirected console device
2819 *
2820 * Locking: uses redirect_lock to guard the redirect information
2821 */
2822
1da177e4
LT		 2823static int tioccons(struct file *file)
2824{
2825 if (!capable(CAP_SYS_ADMIN))
2826 return -EPERM;
2827 if (file->f_op->write == redirected_tty_write) {
2828 struct file *f;
2829 spin_lock(&redirect_lock);
2830 f = redirect;
2831 redirect = NULL;
2832 spin_unlock(&redirect_lock);
2833 if (f)
2834 fput(f);
2835 return 0;
2836 }
2837 spin_lock(&redirect_lock);
2838 if (redirect) {
2839 spin_unlock(&redirect_lock);
2840 return -EBUSY;
2841 }
2842 get_file(file);
2843 redirect = file;
2844 spin_unlock(&redirect_lock);
2845 return 0;
2846}
2847
af9b897e
AC		 2848/**
2849 * fionbio - non blocking ioctl
2850 * @file: file to set blocking value
2851 * @p: user parameter
2852 *
2853 * Historical tty interfaces had a blocking control ioctl before
2854 * the generic functionality existed. This piece of history is preserved
2855 * in the expected tty API of posix OS's.
2856 *
2857 * Locking: none, the open fle handle ensures it won't go away.
2858 */
1da177e4
LT		 2859
2860static int fionbio(struct file *file, int __user *p)
2861{
2862 int nonblock;
2863
2864 if (get_user(nonblock, p))
2865 return -EFAULT;
2866
2867 if (nonblock)
2868 file->f_flags |= O_NONBLOCK;
2869 else
2870 file->f_flags &= ~O_NONBLOCK;
2871 return 0;
2872}
2873
af9b897e
AC		 2874/**
2875 * tiocsctty - set controlling tty
2876 * @tty: tty structure
2877 * @arg: user argument
2878 *
2879 * This ioctl is used to manage job control. It permits a session
2880 * leader to set this tty as the controlling tty for the session.
2881 *
2882 * Locking:
2883 * Takes tasklist lock internally to walk sessions
2884 * Takes task_lock() when updating signal->tty
28298232 2885 * Takes tty_mutex() to protect tty instance
af9b897e
AC		 2886 *
2887 */
2888
1da177e4
LT		 2889static int tiocsctty(struct tty_struct *tty, int arg)
2890{
36c8b586 2891 struct task_struct *p;
1da177e4
LT		 2892
2893 if (current->signal->leader &&
2894 (current->signal->session == tty->session))
2895 return 0;
2896 /*
2897 * The process must be a session leader and
2898 * not have a controlling tty already.
2899 */
2900 if (!current->signal->leader || current->signal->tty)
2901 return -EPERM;
2902 if (tty->session > 0) {
2903 /*
2904 * This tty is already the controlling
2905 * tty for another session group!
2906 */
2907 if ((arg == 1) && capable(CAP_SYS_ADMIN)) {
2908 /*
2909 * Steal it away
2910 */
2911
2912 read_lock(&tasklist_lock);
2913 do_each_task_pid(tty->session, PIDTYPE_SID, p) {
2914 p->signal->tty = NULL;
2915 } while_each_task_pid(tty->session, PIDTYPE_SID, p);
2916 read_unlock(&tasklist_lock);
2917 } else
2918 return -EPERM;
2919 }
28298232 2920 mutex_lock(&tty_mutex);
1da177e4
LT		 2921 task_lock(current);
2922 current->signal->tty = tty;
2923 task_unlock(current);
28298232 2924 mutex_unlock(&tty_mutex);
1da177e4
LT		 2925 current->signal->tty_old_pgrp = 0;
2926 tty->session = current->signal->session;
2927 tty->pgrp = process_group(current);
2928 return 0;
2929}
2930
af9b897e
AC		 2931/**
2932 * tiocgpgrp - get process group
2933 * @tty: tty passed by user
2934 * @real_tty: tty side of the tty pased by the user if a pty else the tty
2935 * @p: returned pid
2936 *
2937 * Obtain the process group of the tty. If there is no process group
2938 * return an error.
2939 *
2940 * Locking: none. Reference to ->signal->tty is safe.
2941 */
2942
1da177e4
LT		 2943static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2944{
2945 /*
2946 * (tty == real_tty) is a cheap way of
2947 * testing if the tty is NOT a master pty.
2948 */
2949 if (tty == real_tty && current->signal->tty != real_tty)
2950 return -ENOTTY;
2951 return put_user(real_tty->pgrp, p);
2952}
2953
af9b897e
AC		 2954/**
2955 * tiocspgrp - attempt to set process group
2956 * @tty: tty passed by user
2957 * @real_tty: tty side device matching tty passed by user
2958 * @p: pid pointer
2959 *
2960 * Set the process group of the tty to the session passed. Only
2961 * permitted where the tty session is our session.
2962 *
2963 * Locking: None
af9b897e
AC		 2964 */
2965
1da177e4
LT		 2966static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2967{
2968 pid_t pgrp;
2969 int retval = tty_check_change(real_tty);
2970
2971 if (retval == -EIO)
2972 return -ENOTTY;
2973 if (retval)
2974 return retval;
2975 if (!current->signal->tty ||
2976 (current->signal->tty != real_tty) ||
2977 (real_tty->session != current->signal->session))
2978 return -ENOTTY;
2979 if (get_user(pgrp, p))
2980 return -EFAULT;
2981 if (pgrp < 0)
2982 return -EINVAL;
2983 if (session_of_pgrp(pgrp) != current->signal->session)
2984 return -EPERM;
2985 real_tty->pgrp = pgrp;
2986 return 0;
2987}
2988
af9b897e
AC		 2989/**
2990 * tiocgsid - get session id
2991 * @tty: tty passed by user
2992 * @real_tty: tty side of the tty pased by the user if a pty else the tty
2993 * @p: pointer to returned session id
2994 *
2995 * Obtain the session id of the tty. If there is no session
2996 * return an error.
2997 *
2998 * Locking: none. Reference to ->signal->tty is safe.
2999 */
3000
1da177e4
LT		 3001static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3002{
3003 /*
3004 * (tty == real_tty) is a cheap way of
3005 * testing if the tty is NOT a master pty.
3006 */
3007 if (tty == real_tty && current->signal->tty != real_tty)
3008 return -ENOTTY;
3009 if (real_tty->session <= 0)
3010 return -ENOTTY;
3011 return put_user(real_tty->session, p);
3012}
3013
af9b897e
AC		 3014/**
3015 * tiocsetd - set line discipline
3016 * @tty: tty device
3017 * @p: pointer to user data
3018 *
3019 * Set the line discipline according to user request.
3020 *
3021 * Locking: see tty_set_ldisc, this function is just a helper
3022 */
3023
1da177e4
LT		 3024static int tiocsetd(struct tty_struct *tty, int __user *p)
3025{
3026 int ldisc;
3027
3028 if (get_user(ldisc, p))
3029 return -EFAULT;
3030 return tty_set_ldisc(tty, ldisc);
3031}
3032
af9b897e
AC		 3033/**
3034 * send_break - performed time break
3035 * @tty: device to break on
3036 * @duration: timeout in mS
3037 *
3038 * Perform a timed break on hardware that lacks its own driver level
3039 * timed break functionality.
3040 *
3041 * Locking:
28298232 3042 * atomic_write_lock serializes
af9b897e 3043 *
af9b897e
AC		 3044 */
3045
b20f3ae5 3046static int send_break(struct tty_struct *tty, unsigned int duration)
1da177e4 3047{
28298232
AC		 3048 if (mutex_lock_interruptible(&tty->atomic_write_lock))
3049 return -EINTR;
1da177e4
LT		 3050 tty->driver->break_ctl(tty, -1);
3051 if (!signal_pending(current)) {
b20f3ae5 3052 msleep_interruptible(duration);
1da177e4
LT		 3053 }
3054 tty->driver->break_ctl(tty, 0);
28298232 3055 mutex_unlock(&tty->atomic_write_lock);
1da177e4
LT		 3056 if (signal_pending(current))
3057 return -EINTR;
3058 return 0;
3059}
3060
af9b897e
AC		 3061/**
3062 * tiocmget - get modem status
3063 * @tty: tty device
3064 * @file: user file pointer
3065 * @p: pointer to result
3066 *
3067 * Obtain the modem status bits from the tty driver if the feature
3068 * is supported. Return -EINVAL if it is not available.
3069 *
3070 * Locking: none (up to the driver)
3071 */
3072
3073static int tty_tiocmget(struct tty_struct *tty, struct file *file, int __user *p)
1da177e4
LT		 3074{
3075 int retval = -EINVAL;
3076
3077 if (tty->driver->tiocmget) {
3078 retval = tty->driver->tiocmget(tty, file);
3079
3080 if (retval >= 0)
3081 retval = put_user(retval, p);
3082 }
3083 return retval;
3084}
3085
af9b897e
AC		 3086/**
3087 * tiocmset - set modem status
3088 * @tty: tty device
3089 * @file: user file pointer
3090 * @cmd: command - clear bits, set bits or set all
3091 * @p: pointer to desired bits
3092 *
3093 * Set the modem status bits from the tty driver if the feature
3094 * is supported. Return -EINVAL if it is not available.
3095 *
3096 * Locking: none (up to the driver)
3097 */
3098
3099static int tty_tiocmset(struct tty_struct *tty, struct file *file, unsigned int cmd,
1da177e4
LT		 3100 unsigned __user *p)
3101{
3102 int retval = -EINVAL;
3103
3104 if (tty->driver->tiocmset) {
3105 unsigned int set, clear, val;
3106
3107 retval = get_user(val, p);
3108 if (retval)
3109 return retval;
3110
3111 set = clear = 0;
3112 switch (cmd) {
3113 case TIOCMBIS:
3114 set = val;
3115 break;
3116 case TIOCMBIC:
3117 clear = val;
3118 break;
3119 case TIOCMSET:
3120 set = val;
3121 clear = ~val;
3122 break;
3123 }
3124
3125 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
3126 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
3127
3128 retval = tty->driver->tiocmset(tty, file, set, clear);
3129 }
3130 return retval;
3131}
3132
3133/*
3134 * Split this up, as gcc can choke on it otherwise..
3135 */
3136int tty_ioctl(struct inode * inode, struct file * file,
3137 unsigned int cmd, unsigned long arg)
3138{
3139 struct tty_struct *tty, *real_tty;
3140 void __user *p = (void __user *)arg;
3141 int retval;
3142 struct tty_ldisc *ld;
3143
3144 tty = (struct tty_struct *)file->private_data;
3145 if (tty_paranoia_check(tty, inode, "tty_ioctl"))
3146 return -EINVAL;
3147
28298232
AC		 3148 /* CHECKME: is this safe as one end closes ? */
3149
1da177e4
LT		 3150 real_tty = tty;
3151 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
3152 tty->driver->subtype == PTY_TYPE_MASTER)
3153 real_tty = tty->link;
3154
3155 /*
3156 * Break handling by driver
3157 */
3158 if (!tty->driver->break_ctl) {
3159 switch(cmd) {
3160 case TIOCSBRK:
3161 case TIOCCBRK:
3162 if (tty->driver->ioctl)
3163 return tty->driver->ioctl(tty, file, cmd, arg);
3164 return -EINVAL;
3165
3166 /* These two ioctl's always return success; even if */
3167 /* the driver doesn't support them. */
3168 case TCSBRK:
3169 case TCSBRKP:
3170 if (!tty->driver->ioctl)
3171 return 0;
3172 retval = tty->driver->ioctl(tty, file, cmd, arg);
3173 if (retval == -ENOIOCTLCMD)
3174 retval = 0;
3175 return retval;
3176 }
3177 }
3178
3179 /*
3180 * Factor out some common prep work
3181 */
3182 switch (cmd) {
3183 case TIOCSETD:
3184 case TIOCSBRK:
3185 case TIOCCBRK:
3186 case TCSBRK:
3187 case TCSBRKP:
3188 retval = tty_check_change(tty);
3189 if (retval)
3190 return retval;
3191 if (cmd != TIOCCBRK) {
3192 tty_wait_until_sent(tty, 0);
3193 if (signal_pending(current))
3194 return -EINTR;
3195 }
3196 break;
3197 }
3198
3199 switch (cmd) {
3200 case TIOCSTI:
3201 return tiocsti(tty, p);
3202 case TIOCGWINSZ:
3203 return tiocgwinsz(tty, p);
3204 case TIOCSWINSZ:
3205 return tiocswinsz(tty, real_tty, p);
3206 case TIOCCONS:
3207 return real_tty!=tty ? -EINVAL : tioccons(file);
3208 case FIONBIO:
3209 return fionbio(file, p);
3210 case TIOCEXCL:
3211 set_bit(TTY_EXCLUSIVE, &tty->flags);
3212 return 0;
3213 case TIOCNXCL:
3214 clear_bit(TTY_EXCLUSIVE, &tty->flags);
3215 return 0;
3216 case TIOCNOTTY:
af9b897e 3217 /* FIXME: taks lock or tty_mutex ? */
1da177e4
LT		 3218 if (current->signal->tty != tty)
3219 return -ENOTTY;
3220 if (current->signal->leader)
3221 disassociate_ctty(0);
3222 task_lock(current);
3223 current->signal->tty = NULL;
3224 task_unlock(current);
3225 return 0;
3226 case TIOCSCTTY:
3227 return tiocsctty(tty, arg);
3228 case TIOCGPGRP:
3229 return tiocgpgrp(tty, real_tty, p);
3230 case TIOCSPGRP:
3231 return tiocspgrp(tty, real_tty, p);
3232 case TIOCGSID:
3233 return tiocgsid(tty, real_tty, p);
3234 case TIOCGETD:
3235 /* FIXME: check this is ok */
3236 return put_user(tty->ldisc.num, (int __user *)p);
3237 case TIOCSETD:
3238 return tiocsetd(tty, p);
3239#ifdef CONFIG_VT
3240 case TIOCLINUX:
3241 return tioclinux(tty, arg);
3242#endif
3243 /*
3244 * Break handling
3245 */
3246 case TIOCSBRK: /* Turn break on, unconditionally */
3247 tty->driver->break_ctl(tty, -1);
3248 return 0;
3249
3250 case TIOCCBRK: /* Turn break off, unconditionally */
3251 tty->driver->break_ctl(tty, 0);
3252 return 0;
3253 case TCSBRK: /* SVID version: non-zero arg --> no break */
283fef59
PF		 3254 /* non-zero arg means wait for all output data
3255 * to be sent (performed above) but don't send break.
3256 * This is used by the tcdrain() termios function.
1da177e4
LT		 3257 */
3258 if (!arg)
b20f3ae5 3259 return send_break(tty, 250);
1da177e4
LT		 3260 return 0;
3261 case TCSBRKP: /* support for POSIX tcsendbreak() */
b20f3ae5 3262 return send_break(tty, arg ? arg*100 : 250);
1da177e4
LT		 3263
3264 case TIOCMGET:
3265 return tty_tiocmget(tty, file, p);
3266
3267 case TIOCMSET:
3268 case TIOCMBIC:
3269 case TIOCMBIS:
3270 return tty_tiocmset(tty, file, cmd, p);
3271 }
3272 if (tty->driver->ioctl) {
3273 retval = (tty->driver->ioctl)(tty, file, cmd, arg);
3274 if (retval != -ENOIOCTLCMD)
3275 return retval;
3276 }
3277 ld = tty_ldisc_ref_wait(tty);
3278 retval = -EINVAL;
3279 if (ld->ioctl) {
3280 retval = ld->ioctl(tty, file, cmd, arg);
3281 if (retval == -ENOIOCTLCMD)
3282 retval = -EINVAL;
3283 }
3284 tty_ldisc_deref(ld);
3285 return retval;
3286}
3287
3288
3289/*
3290 * This implements the "Secure Attention Key" --- the idea is to
3291 * prevent trojan horses by killing all processes associated with this
3292 * tty when the user hits the "Secure Attention Key". Required for
3293 * super-paranoid applications --- see the Orange Book for more details.
3294 *
3295 * This code could be nicer; ideally it should send a HUP, wait a few
3296 * seconds, then send a INT, and then a KILL signal. But you then
3297 * have to coordinate with the init process, since all processes associated
3298 * with the current tty must be dead before the new getty is allowed
3299 * to spawn.
3300 *
3301 * Now, if it would be correct ;-/ The current code has a nasty hole -
3302 * it doesn't catch files in flight. We may send the descriptor to ourselves
3303 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
3304 *
3305 * Nasty bug: do_SAK is being called in interrupt context. This can
3306 * deadlock. We punt it up to process context. AKPM - 16Mar2001
3307 */
65f27f38 3308static void __do_SAK(struct work_struct *work)
1da177e4 3309{
65f27f38
DH		 3310 struct tty_struct *tty =
3311 container_of(work, struct tty_struct, SAK_work);
1da177e4
LT		 3312#ifdef TTY_SOFT_SAK
3313 tty_hangup(tty);
3314#else
652486fb 3315 struct task_struct *g, *p;
1da177e4
LT		 3316 int session;
3317 int i;
3318 struct file *filp;
3319 struct tty_ldisc *disc;
badf1662 3320 struct fdtable *fdt;
1da177e4
LT		 3321
3322 if (!tty)
3323 return;
3324 session = tty->session;
3325
3326 /* We don't want an ldisc switch during this */
3327 disc = tty_ldisc_ref(tty);
3328 if (disc && disc->flush_buffer)
3329 disc->flush_buffer(tty);
3330 tty_ldisc_deref(disc);
3331
3332 if (tty->driver->flush_buffer)
3333 tty->driver->flush_buffer(tty);
3334
3335 read_lock(&tasklist_lock);
652486fb 3336 /* Kill the entire session */
1da177e4 3337 do_each_task_pid(session, PIDTYPE_SID, p) {
652486fb
EB		 3338 printk(KERN_NOTICE "SAK: killed process %d"
3339 " (%s): p->signal->session==tty->session\n",
3340 p->pid, p->comm);
3341 send_sig(SIGKILL, p, 1);
3342 } while_each_task_pid(session, PIDTYPE_SID, p);
3343 /* Now kill any processes that happen to have the
3344 * tty open.
3345 */
3346 do_each_thread(g, p) {
3347 if (p->signal->tty == tty) {
1da177e4
LT		 3348 printk(KERN_NOTICE "SAK: killed process %d"
3349 " (%s): p->signal->session==tty->session\n",
3350 p->pid, p->comm);
3351 send_sig(SIGKILL, p, 1);
3352 continue;
3353 }
3354 task_lock(p);
3355 if (p->files) {
ca99c1da
DS		 3356 /*
3357 * We don't take a ref to the file, so we must
3358 * hold ->file_lock instead.
3359 */
3360 spin_lock(&p->files->file_lock);
badf1662
DS		 3361 fdt = files_fdtable(p->files);
3362 for (i=0; i < fdt->max_fds; i++) {
1da177e4
LT		 3363 filp = fcheck_files(p->files, i);
3364 if (!filp)
3365 continue;
3366 if (filp->f_op->read == tty_read &&
3367 filp->private_data == tty) {
3368 printk(KERN_NOTICE "SAK: killed process %d"
3369 " (%s): fd#%d opened to the tty\n",
3370 p->pid, p->comm, i);
20ac9437 3371 force_sig(SIGKILL, p);
1da177e4
LT		 3372 break;
3373 }
3374 }
ca99c1da 3375 spin_unlock(&p->files->file_lock);
1da177e4
LT		 3376 }
3377 task_unlock(p);
652486fb 3378 } while_each_thread(g, p);
1da177e4
LT		 3379 read_unlock(&tasklist_lock);
3380#endif
3381}
3382
3383/*
3384 * The tq handling here is a little racy - tty->SAK_work may already be queued.
3385 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3386 * the values which we write to it will be identical to the values which it
3387 * already has. --akpm
3388 */
3389void do_SAK(struct tty_struct *tty)
3390{
3391 if (!tty)
3392 return;
65f27f38 3393 PREPARE_WORK(&tty->SAK_work, __do_SAK);
1da177e4
LT		 3394 schedule_work(&tty->SAK_work);
3395}
3396
3397EXPORT_SYMBOL(do_SAK);
3398
af9b897e
AC		 3399/**
3400 * flush_to_ldisc
65f27f38 3401 * @work: tty structure passed from work queue.
af9b897e
AC		 3402 *
3403 * This routine is called out of the software interrupt to flush data
3404 * from the buffer chain to the line discipline.
3405 *
3406 * Locking: holds tty->buf.lock to guard buffer list. Drops the lock
3407 * while invoking the line discipline receive_buf method. The
3408 * receive_buf method is single threaded for each tty instance.
1da177e4
LT		 3409 */
3410
65f27f38 3411static void flush_to_ldisc(struct work_struct *work)
1da177e4 3412{
65f27f38
DH		 3413 struct tty_struct *tty =
3414 container_of(work, struct tty_struct, buf.work.work);
1da177e4
LT		 3415 unsigned long flags;
3416 struct tty_ldisc *disc;
2c3bb20f 3417 struct tty_buffer *tbuf, *head;
8977d929
PF		 3418 char *char_buf;
3419 unsigned char *flag_buf;
1da177e4
LT		 3420
3421 disc = tty_ldisc_ref(tty);
3422 if (disc == NULL) /* !TTY_LDISC */
3423 return;
3424
808249ce 3425 spin_lock_irqsave(&tty->buf.lock, flags);
2c3bb20f
PF		 3426 head = tty->buf.head;
3427 if (head != NULL) {
3428 tty->buf.head = NULL;
3429 for (;;) {
3430 int count = head->commit - head->read;
3431 if (!count) {
3432 if (head->next == NULL)
3433 break;
3434 tbuf = head;
3435 head = head->next;
3436 tty_buffer_free(tty, tbuf);
3437 continue;
3438 }
3439 if (!tty->receive_room) {
3440 schedule_delayed_work(&tty->buf.work, 1);
3441 break;
3442 }
3443 if (count > tty->receive_room)
3444 count = tty->receive_room;
3445 char_buf = head->char_buf_ptr + head->read;
3446 flag_buf = head->flag_buf_ptr + head->read;
3447 head->read += count;
8977d929
PF		 3448 spin_unlock_irqrestore(&tty->buf.lock, flags);
3449 disc->receive_buf(tty, char_buf, flag_buf, count);
3450 spin_lock_irqsave(&tty->buf.lock, flags);
3451 }
2c3bb20f 3452 tty->buf.head = head;
33f0f88f 3453 }
808249ce 3454 spin_unlock_irqrestore(&tty->buf.lock, flags);
817d6d3b 3455
1da177e4
LT		 3456 tty_ldisc_deref(disc);
3457}
3458
3459/*
3460 * Routine which returns the baud rate of the tty
3461 *
3462 * Note that the baud_table needs to be kept in sync with the
3463 * include/asm/termbits.h file.
3464 */
3465static int baud_table[] = {
3466 0, 50, 75, 110, 134, 150, 200, 300, 600, 1200, 1800, 2400, 4800,
3467 9600, 19200, 38400, 57600, 115200, 230400, 460800,
3468#ifdef __sparc__
3469 76800, 153600, 307200, 614400, 921600
3470#else
3471 500000, 576000, 921600, 1000000, 1152000, 1500000, 2000000,
3472 2500000, 3000000, 3500000, 4000000
3473#endif
3474};
3475
3476static int n_baud_table = ARRAY_SIZE(baud_table);
3477
3478/**
3479 * tty_termios_baud_rate
3480 * @termios: termios structure
3481 *
3482 * Convert termios baud rate data into a speed. This should be called
3483 * with the termios lock held if this termios is a terminal termios
3484 * structure. May change the termios data.
af9b897e
AC		 3485 *
3486 * Locking: none
1da177e4
LT		 3487 */
3488
3489int tty_termios_baud_rate(struct termios *termios)
3490{
3491 unsigned int cbaud;
3492
3493 cbaud = termios->c_cflag & CBAUD;
3494
3495 if (cbaud & CBAUDEX) {
3496 cbaud &= ~CBAUDEX;
3497
3498 if (cbaud < 1 || cbaud + 15 > n_baud_table)
3499 termios->c_cflag &= ~CBAUDEX;
3500 else
3501 cbaud += 15;
3502 }
3503 return baud_table[cbaud];
3504}
3505
3506EXPORT_SYMBOL(tty_termios_baud_rate);
3507
3508/**
3509 * tty_get_baud_rate - get tty bit rates
3510 * @tty: tty to query
3511 *
3512 * Returns the baud rate as an integer for this terminal. The
3513 * termios lock must be held by the caller and the terminal bit
3514 * flags may be updated.
af9b897e
AC		 3515 *
3516 * Locking: none
1da177e4
LT		 3517 */
3518
3519int tty_get_baud_rate(struct tty_struct *tty)
3520{
3521 int baud = tty_termios_baud_rate(tty->termios);
3522
3523 if (baud == 38400 && tty->alt_speed) {
3524 if (!tty->warned) {
3525 printk(KERN_WARNING "Use of setserial/setrocket to "
3526 "set SPD_* flags is deprecated\n");
3527 tty->warned = 1;
3528 }
3529 baud = tty->alt_speed;
3530 }
3531
3532 return baud;
3533}
3534
3535EXPORT_SYMBOL(tty_get_baud_rate);
3536
3537/**
3538 * tty_flip_buffer_push - terminal
3539 * @tty: tty to push
3540 *
3541 * Queue a push of the terminal flip buffers to the line discipline. This
3542 * function must not be called from IRQ context if tty->low_latency is set.
3543 *
3544 * In the event of the queue being busy for flipping the work will be
3545 * held off and retried later.
af9b897e
AC		 3546 *
3547 * Locking: tty buffer lock. Driver locks in low latency mode.
1da177e4
LT		 3548 */
3549
3550void tty_flip_buffer_push(struct tty_struct *tty)
3551{
808249ce
PF		 3552 unsigned long flags;
3553 spin_lock_irqsave(&tty->buf.lock, flags);
33b37a33 3554 if (tty->buf.tail != NULL)
8977d929 3555 tty->buf.tail->commit = tty->buf.tail->used;
808249ce
PF		 3556 spin_unlock_irqrestore(&tty->buf.lock, flags);
3557
1da177e4 3558 if (tty->low_latency)
65f27f38 3559 flush_to_ldisc(&tty->buf.work.work);
1da177e4 3560 else
33f0f88f 3561 schedule_delayed_work(&tty->buf.work, 1);
1da177e4
LT		 3562}
3563
3564EXPORT_SYMBOL(tty_flip_buffer_push);
3565
33f0f88f 3566
af9b897e
AC		 3567/**
3568 * initialize_tty_struct
3569 * @tty: tty to initialize
3570 *
3571 * This subroutine initializes a tty structure that has been newly
3572 * allocated.
3573 *
3574 * Locking: none - tty in question must not be exposed at this point
1da177e4 3575 */
af9b897e 3576
1da177e4
LT		 3577static void initialize_tty_struct(struct tty_struct *tty)
3578{
3579 memset(tty, 0, sizeof(struct tty_struct));
3580 tty->magic = TTY_MAGIC;
3581 tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
3582 tty->pgrp = -1;
3583 tty->overrun_time = jiffies;
33f0f88f
AC		 3584 tty->buf.head = tty->buf.tail = NULL;
3585 tty_buffer_init(tty);
65f27f38 3586 INIT_DELAYED_WORK(&tty->buf.work, flush_to_ldisc);
33f0f88f 3587 init_MUTEX(&tty->buf.pty_sem);
5785c95b 3588 mutex_init(&tty->termios_mutex);
1da177e4
LT		 3589 init_waitqueue_head(&tty->write_wait);
3590 init_waitqueue_head(&tty->read_wait);
65f27f38 3591 INIT_WORK(&tty->hangup_work, do_tty_hangup);
70522e12
IM		 3592 mutex_init(&tty->atomic_read_lock);
3593 mutex_init(&tty->atomic_write_lock);
1da177e4
LT		 3594 spin_lock_init(&tty->read_lock);
3595 INIT_LIST_HEAD(&tty->tty_files);
65f27f38 3596 INIT_WORK(&tty->SAK_work, NULL);
1da177e4
LT		 3597}
3598
3599/*
3600 * The default put_char routine if the driver did not define one.
3601 */
af9b897e 3602
1da177e4
LT		 3603static void tty_default_put_char(struct tty_struct *tty, unsigned char ch)
3604{
3605 tty->driver->write(tty, &ch, 1);
3606}
3607
7fe845d1 3608static struct class *tty_class;
1da177e4
LT		 3609
3610/**
af9b897e
AC		 3611 * tty_register_device - register a tty device
3612 * @driver: the tty driver that describes the tty device
3613 * @index: the index in the tty driver for this tty device
3614 * @device: a struct device that is associated with this tty device.
3615 * This field is optional, if there is no known struct device
3616 * for this tty device it can be set to NULL safely.
1da177e4 3617 *
01107d34
GKH		 3618 * Returns a pointer to the struct device for this tty device
3619 * (or ERR_PTR(-EFOO) on error).
1cdcb6b4 3620 *
af9b897e
AC		 3621 * This call is required to be made to register an individual tty device
3622 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3623 * that bit is not set, this function should not be called by a tty
3624 * driver.
3625 *
3626 * Locking: ??
1da177e4 3627 */
af9b897e 3628
01107d34
GKH		 3629struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3630 struct device *device)
1da177e4
LT		 3631{
3632 char name[64];
3633 dev_t dev = MKDEV(driver->major, driver->minor_start) + index;
3634
3635 if (index >= driver->num) {
3636 printk(KERN_ERR "Attempt to register invalid tty line number "
3637 " (%d).\n", index);
1cdcb6b4 3638 return ERR_PTR(-EINVAL);
1da177e4
LT		 3639 }
3640
1da177e4
LT		 3641 if (driver->type == TTY_DRIVER_TYPE_PTY)
3642 pty_line_name(driver, index, name);
3643 else
3644 tty_line_name(driver, index, name);
1cdcb6b4 3645
01107d34 3646 return device_create(tty_class, device, dev, name);
1da177e4
LT		 3647}
3648
3649/**
af9b897e
AC		 3650 * tty_unregister_device - unregister a tty device
3651 * @driver: the tty driver that describes the tty device
3652 * @index: the index in the tty driver for this tty device
1da177e4 3653 *
af9b897e
AC		 3654 * If a tty device is registered with a call to tty_register_device() then
3655 * this function must be called when the tty device is gone.
3656 *
3657 * Locking: ??
1da177e4 3658 */
af9b897e 3659
1da177e4
LT		 3660void tty_unregister_device(struct tty_driver *driver, unsigned index)
3661{
01107d34 3662 device_destroy(tty_class, MKDEV(driver->major, driver->minor_start) + index);
1da177e4
LT		 3663}
3664
3665EXPORT_SYMBOL(tty_register_device);
3666EXPORT_SYMBOL(tty_unregister_device);
3667
3668struct tty_driver *alloc_tty_driver(int lines)
3669{
3670 struct tty_driver *driver;
3671
3672 driver = kmalloc(sizeof(struct tty_driver), GFP_KERNEL);
3673 if (driver) {
3674 memset(driver, 0, sizeof(struct tty_driver));
3675 driver->magic = TTY_DRIVER_MAGIC;
3676 driver->num = lines;
3677 /* later we'll move allocation of tables here */
3678 }
3679 return driver;
3680}
3681
3682void put_tty_driver(struct tty_driver *driver)
3683{
3684 kfree(driver);
3685}
3686
b68e31d0
JD		 3687void tty_set_operations(struct tty_driver *driver,
3688 const struct tty_operations *op)
1da177e4
LT		 3689{
3690 driver->open = op->open;
3691 driver->close = op->close;
3692 driver->write = op->write;
3693 driver->put_char = op->put_char;
3694 driver->flush_chars = op->flush_chars;
3695 driver->write_room = op->write_room;
3696 driver->chars_in_buffer = op->chars_in_buffer;
3697 driver->ioctl = op->ioctl;
3698 driver->set_termios = op->set_termios;
3699 driver->throttle = op->throttle;
3700 driver->unthrottle = op->unthrottle;
3701 driver->stop = op->stop;
3702 driver->start = op->start;
3703 driver->hangup = op->hangup;
3704 driver->break_ctl = op->break_ctl;
3705 driver->flush_buffer = op->flush_buffer;
3706 driver->set_ldisc = op->set_ldisc;
3707 driver->wait_until_sent = op->wait_until_sent;
3708 driver->send_xchar = op->send_xchar;
3709 driver->read_proc = op->read_proc;
3710 driver->write_proc = op->write_proc;
3711 driver->tiocmget = op->tiocmget;
3712 driver->tiocmset = op->tiocmset;
3713}
3714
3715
3716EXPORT_SYMBOL(alloc_tty_driver);
3717EXPORT_SYMBOL(put_tty_driver);
3718EXPORT_SYMBOL(tty_set_operations);
3719
3720/*
3721 * Called by a tty driver to register itself.
3722 */
3723int tty_register_driver(struct tty_driver *driver)
3724{
3725 int error;
3726 int i;
3727 dev_t dev;
3728 void **p = NULL;
3729
3730 if (driver->flags & TTY_DRIVER_INSTALLED)
3731 return 0;
3732
3733 if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
3734 p = kmalloc(driver->num * 3 * sizeof(void *), GFP_KERNEL);
3735 if (!p)
3736 return -ENOMEM;
3737 memset(p, 0, driver->num * 3 * sizeof(void *));
3738 }
3739
3740 if (!driver->major) {
3741 error = alloc_chrdev_region(&dev, driver->minor_start, driver->num,
3742 (char*)driver->name);
3743 if (!error) {
3744 driver->major = MAJOR(dev);
3745 driver->minor_start = MINOR(dev);
3746 }
3747 } else {
3748 dev = MKDEV(driver->major, driver->minor_start);
3749 error = register_chrdev_region(dev, driver->num,
3750 (char*)driver->name);
3751 }
3752 if (error < 0) {
3753 kfree(p);
3754 return error;
3755 }
3756
3757 if (p) {
3758 driver->ttys = (struct tty_struct **)p;
3759 driver->termios = (struct termios **)(p + driver->num);
3760 driver->termios_locked = (struct termios **)(p + driver->num * 2);
3761 } else {
3762 driver->ttys = NULL;
3763 driver->termios = NULL;
3764 driver->termios_locked = NULL;
3765 }
3766
3767 cdev_init(&driver->cdev, &tty_fops);
3768 driver->cdev.owner = driver->owner;
3769 error = cdev_add(&driver->cdev, dev, driver->num);
3770 if (error) {
1da177e4
LT		 3771 unregister_chrdev_region(dev, driver->num);
3772 driver->ttys = NULL;
3773 driver->termios = driver->termios_locked = NULL;
3774 kfree(p);
3775 return error;
3776 }
3777
3778 if (!driver->put_char)
3779 driver->put_char = tty_default_put_char;
3780
3781 list_add(&driver->tty_drivers, &tty_drivers);
3782
331b8319 3783 if ( !(driver->flags & TTY_DRIVER_DYNAMIC_DEV) ) {
1da177e4
LT		 3784 for(i = 0; i < driver->num; i++)
3785 tty_register_device(driver, i, NULL);
3786 }
3787 proc_tty_register_driver(driver);
3788 return 0;
3789}
3790
3791EXPORT_SYMBOL(tty_register_driver);
3792
3793/*
3794 * Called by a tty driver to unregister itself.
3795 */
3796int tty_unregister_driver(struct tty_driver *driver)
3797{
3798 int i;
3799 struct termios *tp;
3800 void *p;
3801
3802 if (driver->refcount)
3803 return -EBUSY;
3804
3805 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3806 driver->num);
3807
3808 list_del(&driver->tty_drivers);
3809
3810 /*
3811 * Free the termios and termios_locked structures because
3812 * we don't want to get memory leaks when modular tty
3813 * drivers are removed from the kernel.
3814 */
3815 for (i = 0; i < driver->num; i++) {
3816 tp = driver->termios[i];
3817 if (tp) {
3818 driver->termios[i] = NULL;
3819 kfree(tp);
3820 }
3821 tp = driver->termios_locked[i];
3822 if (tp) {
3823 driver->termios_locked[i] = NULL;
3824 kfree(tp);
3825 }
331b8319 3826 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
1da177e4
LT		 3827 tty_unregister_device(driver, i);
3828 }
3829 p = driver->ttys;
3830 proc_tty_unregister_driver(driver);
3831 driver->ttys = NULL;
3832 driver->termios = driver->termios_locked = NULL;
3833 kfree(p);
3834 cdev_del(&driver->cdev);
3835 return 0;
3836}
3837
3838EXPORT_SYMBOL(tty_unregister_driver);
3839
3840
3841/*
3842 * Initialize the console device. This is called *early*, so
3843 * we can't necessarily depend on lots of kernel help here.
3844 * Just do some early initializations, and do the complex setup
3845 * later.
3846 */
3847void __init console_init(void)
3848{
3849 initcall_t *call;
3850
3851 /* Setup the default TTY line discipline. */
3852 (void) tty_register_ldisc(N_TTY, &tty_ldisc_N_TTY);
3853
3854 /*
3855 * set up the console device so that later boot sequences can
3856 * inform about problems etc..
3857 */
3858#ifdef CONFIG_EARLY_PRINTK
3859 disable_early_printk();
1da177e4
LT		 3860#endif
3861 call = __con_initcall_start;
3862 while (call < __con_initcall_end) {
3863 (*call)();
3864 call++;
3865 }
3866}
3867
3868#ifdef CONFIG_VT
3869extern int vty_init(void);
3870#endif
3871
3872static int __init tty_class_init(void)
3873{
7fe845d1 3874 tty_class = class_create(THIS_MODULE, "tty");
1da177e4
LT		 3875 if (IS_ERR(tty_class))
3876 return PTR_ERR(tty_class);
3877 return 0;
3878}
3879
3880postcore_initcall(tty_class_init);
3881
3882/* 3/2004 jmc: why do these devices exist? */
3883
3884static struct cdev tty_cdev, console_cdev;
3885#ifdef CONFIG_UNIX98_PTYS
3886static struct cdev ptmx_cdev;
3887#endif
3888#ifdef CONFIG_VT
3889static struct cdev vc0_cdev;
3890#endif
3891
3892/*
3893 * Ok, now we can initialize the rest of the tty devices and can count
3894 * on memory allocations, interrupts etc..
3895 */
3896static int __init tty_init(void)
3897{
3898 cdev_init(&tty_cdev, &tty_fops);
3899 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3900 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3901 panic("Couldn't register /dev/tty driver\n");
01107d34 3902 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), "tty");
1da177e4
LT		 3903
3904 cdev_init(&console_cdev, &console_fops);
3905 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3906 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3907 panic("Couldn't register /dev/console driver\n");
01107d34 3908 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), "console");
1da177e4
LT		 3909
3910#ifdef CONFIG_UNIX98_PTYS
3911 cdev_init(&ptmx_cdev, &ptmx_fops);
3912 if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) ||
3913 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 2), 1, "/dev/ptmx") < 0)
3914 panic("Couldn't register /dev/ptmx driver\n");
01107d34 3915 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 2), "ptmx");
1da177e4
LT		 3916#endif
3917
3918#ifdef CONFIG_VT
3919 cdev_init(&vc0_cdev, &console_fops);
3920 if (cdev_add(&vc0_cdev, MKDEV(TTY_MAJOR, 0), 1) ||
3921 register_chrdev_region(MKDEV(TTY_MAJOR, 0), 1, "/dev/vc/0") < 0)
3922 panic("Couldn't register /dev/tty0 driver\n");
01107d34 3923 device_create(tty_class, NULL, MKDEV(TTY_MAJOR, 0), "tty0");
1da177e4
LT		 3924
3925 vty_init();
3926#endif
3927 return 0;
3928}
3929module_init(tty_init);
Linux 6.x block layer and io_uring tree(s)