projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
[PATCH 2/2] audit: fix sparse shadowed variable warnings
[linux-2.6-block.git] / drivers / char / tty_io.c
CommitLineData
1da177e4
LT		 1/*
2 * linux/drivers/char/tty_io.c
3 *
4 * Copyright (C) 1991, 1992 Linus Torvalds
5 */
6
7/*
8 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
9 * or rs-channels. It also implements echoing, cooked mode etc.
10 *
11 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
12 *
13 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
14 * tty_struct and tty_queue structures. Previously there was an array
15 * of 256 tty_struct's which was statically allocated, and the
16 * tty_queue structures were allocated at boot time. Both are now
17 * dynamically allocated only when the tty is open.
18 *
19 * Also restructured routines so that there is more of a separation
20 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
21 * the low-level tty routines (serial.c, pty.c, console.c). This
37bdfb07 22 * makes for cleaner and more compact code. -TYT, 9/17/92
1da177e4
LT		 23 *
24 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
25 * which can be dynamically activated and de-activated by the line
26 * discipline handling modules (like SLIP).
27 *
28 * NOTE: pay no attention to the line discipline code (yet); its
29 * interface is still subject to change in this version...
30 * -- TYT, 1/31/92
31 *
32 * Added functionality to the OPOST tty handling. No delays, but all
33 * other bits should be there.
34 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
35 *
36 * Rewrote canonical mode and added more termios flags.
37 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
38 *
39 * Reorganized FASYNC support so mouse code can share it.
40 * -- ctm@ardi.com, 9Sep95
41 *
42 * New TIOCLINUX variants added.
43 * -- mj@k332.feld.cvut.cz, 19-Nov-95
37bdfb07 44 *
1da177e4
LT		 45 * Restrict vt switching via ioctl()
46 * -- grif@cs.ucr.edu, 5-Dec-95
47 *
48 * Move console and virtual terminal code to more appropriate files,
49 * implement CONFIG_VT and generalize console device interface.
50 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
51 *
52 * Rewrote init_dev and release_dev to eliminate races.
53 * -- Bill Hawes <whawes@star.net>, June 97
54 *
55 * Added devfs support.
56 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
57 *
58 * Added support for a Unix98-style ptmx device.
59 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
60 *
61 * Reduced memory usage for older ARM systems
62 * -- Russell King <rmk@arm.linux.org.uk>
63 *
64 * Move do_SAK() into process context. Less stack use in devfs functions.
37bdfb07
AC		 65 * alloc_tty_struct() always uses kmalloc()
66 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
1da177e4
LT		 67 */
68
1da177e4
LT		 69#include <linux/types.h>
70#include <linux/major.h>
71#include <linux/errno.h>
72#include <linux/signal.h>
73#include <linux/fcntl.h>
74#include <linux/sched.h>
75#include <linux/interrupt.h>
76#include <linux/tty.h>
77#include <linux/tty_driver.h>
78#include <linux/tty_flip.h>
79#include <linux/devpts_fs.h>
80#include <linux/file.h>
81#include <linux/console.h>
82#include <linux/timer.h>
83#include <linux/ctype.h>
84#include <linux/kd.h>
85#include <linux/mm.h>
86#include <linux/string.h>
87#include <linux/slab.h>
88#include <linux/poll.h>
89#include <linux/proc_fs.h>
90#include <linux/init.h>
91#include <linux/module.h>
92#include <linux/smp_lock.h>
93#include <linux/device.h>
94#include <linux/idr.h>
95#include <linux/wait.h>
96#include <linux/bitops.h>
b20f3ae5 97#include <linux/delay.h>
1da177e4
LT		 98
99#include <asm/uaccess.h>
100#include <asm/system.h>
101
102#include <linux/kbd_kern.h>
103#include <linux/vt_kern.h>
104#include <linux/selection.h>
1da177e4
LT		 105
106#include <linux/kmod.h>
b488893a 107#include <linux/nsproxy.h>
1da177e4
LT		 108
109#undef TTY_DEBUG_HANGUP
110
111#define TTY_PARANOIA_CHECK 1
112#define CHECK_TTY_COUNT 1
113
edc6afc5 114struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
1da177e4
LT		 115 .c_iflag = ICRNL | IXON,
116 .c_oflag = OPOST | ONLCR,
117 .c_cflag = B38400 | CS8 | CREAD | HUPCL,
118 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
119 ECHOCTL | ECHOKE | IEXTEN,
edc6afc5
AC		 120 .c_cc = INIT_C_CC,
121 .c_ispeed = 38400,
122 .c_ospeed = 38400
1da177e4
LT		 123};
124
125EXPORT_SYMBOL(tty_std_termios);
126
127/* This list gets poked at by procfs and various bits of boot up code. This
128 could do with some rationalisation such as pulling the tty proc function
129 into this file */
37bdfb07 130
1da177e4
LT		 131LIST_HEAD(tty_drivers); /* linked list of tty drivers */
132
24ec839c 133/* Mutex to protect creating and releasing a tty. This is shared with
1da177e4 134 vt.c for deeply disgusting hack reasons */
70522e12 135DEFINE_MUTEX(tty_mutex);
de2a84f2 136EXPORT_SYMBOL(tty_mutex);
1da177e4
LT		 137
138#ifdef CONFIG_UNIX98_PTYS
139extern struct tty_driver *ptm_driver; /* Unix98 pty masters; for /dev/ptmx */
37bdfb07 140extern int pty_limit; /* Config limit on Unix98 ptys */
1da177e4 141static DEFINE_IDR(allocated_ptys);
a6752f3f 142static DEFINE_MUTEX(allocated_ptys_lock);
1da177e4
LT		 143static int ptmx_open(struct inode *, struct file *);
144#endif
145
1da177e4
LT		 146static void initialize_tty_struct(struct tty_struct *tty);
147
148static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
149static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
37bdfb07
AC		 150ssize_t redirected_tty_write(struct file *, const char __user *,
151 size_t, loff_t *);
1da177e4
LT		 152static unsigned int tty_poll(struct file *, poll_table *);
153static int tty_open(struct inode *, struct file *);
154static int tty_release(struct inode *, struct file *);
37bdfb07 155int tty_ioctl(struct inode *inode, struct file *file,
1da177e4 156 unsigned int cmd, unsigned long arg);
e10cc1df 157#ifdef CONFIG_COMPAT
37bdfb07 158static long tty_compat_ioctl(struct file *file, unsigned int cmd,
e10cc1df
PF		 159 unsigned long arg);
160#else
161#define tty_compat_ioctl NULL
162#endif
37bdfb07 163static int tty_fasync(int fd, struct file *filp, int on);
d5698c28 164static void release_tty(struct tty_struct *tty, int idx);
2a65f1d9 165static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
98a27ba4 166static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
1da177e4 167
af9b897e
AC		 168/**
169 * alloc_tty_struct - allocate a tty object
170 *
171 * Return a new empty tty structure. The data fields have not
172 * been initialized in any way but has been zeroed
173 *
174 * Locking: none
af9b897e 175 */
1da177e4
LT		 176
177static struct tty_struct *alloc_tty_struct(void)
178{
1266b1e1 179 return kzalloc(sizeof(struct tty_struct), GFP_KERNEL);
1da177e4
LT		 180}
181
33f0f88f
AC		 182static void tty_buffer_free_all(struct tty_struct *);
183
af9b897e
AC		 184/**
185 * free_tty_struct - free a disused tty
186 * @tty: tty struct to free
187 *
188 * Free the write buffers, tty queue and tty memory itself.
189 *
190 * Locking: none. Must be called after tty is definitely unused
191 */
192
1da177e4
LT		 193static inline void free_tty_struct(struct tty_struct *tty)
194{
195 kfree(tty->write_buf);
33f0f88f 196 tty_buffer_free_all(tty);
1da177e4
LT		 197 kfree(tty);
198}
199
200#define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
201
af9b897e
AC		 202/**
203 * tty_name - return tty naming
204 * @tty: tty structure
205 * @buf: buffer for output
206 *
207 * Convert a tty structure into a name. The name reflects the kernel
208 * naming policy and if udev is in use may not reflect user space
209 *
210 * Locking: none
211 */
212
1da177e4
LT		 213char *tty_name(struct tty_struct *tty, char *buf)
214{
215 if (!tty) /* Hmm. NULL pointer. That's fun. */
216 strcpy(buf, "NULL tty");
217 else
218 strcpy(buf, tty->name);
219 return buf;
220}
221
222EXPORT_SYMBOL(tty_name);
223
d769a669 224int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
1da177e4
LT		 225 const char *routine)
226{
227#ifdef TTY_PARANOIA_CHECK
228 if (!tty) {
229 printk(KERN_WARNING
230 "null TTY for (%d:%d) in %s\n",
231 imajor(inode), iminor(inode), routine);
232 return 1;
233 }
234 if (tty->magic != TTY_MAGIC) {
235 printk(KERN_WARNING
236 "bad magic number for tty struct (%d:%d) in %s\n",
237 imajor(inode), iminor(inode), routine);
238 return 1;
239 }
240#endif
241 return 0;
242}
243
244static int check_tty_count(struct tty_struct *tty, const char *routine)
245{
246#ifdef CHECK_TTY_COUNT
247 struct list_head *p;
248 int count = 0;
37bdfb07 249
1da177e4
LT		 250 file_list_lock();
251 list_for_each(p, &tty->tty_files) {
252 count++;
253 }
254 file_list_unlock();
255 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
256 tty->driver->subtype == PTY_TYPE_SLAVE &&
257 tty->link && tty->link->count)
258 count++;
259 if (tty->count != count) {
260 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
261 "!= #fd's(%d) in %s\n",
262 tty->name, tty->count, count, routine);
263 return count;
24ec839c 264 }
1da177e4
LT		 265#endif
266 return 0;
267}
268
33f0f88f
AC		 269/*
270 * Tty buffer allocation management
271 */
272
af9b897e
AC		 273/**
274 * tty_buffer_free_all - free buffers used by a tty
275 * @tty: tty to free from
276 *
277 * Remove all the buffers pending on a tty whether queued with data
278 * or in the free ring. Must be called when the tty is no longer in use
279 *
280 * Locking: none
281 */
282
33f0f88f
AC		 283static void tty_buffer_free_all(struct tty_struct *tty)
284{
285 struct tty_buffer *thead;
37bdfb07 286 while ((thead = tty->buf.head) != NULL) {
33f0f88f
AC		 287 tty->buf.head = thead->next;
288 kfree(thead);
289 }
37bdfb07 290 while ((thead = tty->buf.free) != NULL) {
33f0f88f
AC		 291 tty->buf.free = thead->next;
292 kfree(thead);
293 }
294 tty->buf.tail = NULL;
01da5fd8 295 tty->buf.memory_used = 0;
33f0f88f
AC		 296}
297
01da5fd8
AC		 298/**
299 * tty_buffer_init - prepare a tty buffer structure
300 * @tty: tty to initialise
301 *
302 * Set up the initial state of the buffer management for a tty device.
303 * Must be called before the other tty buffer functions are used.
304 *
305 * Locking: none
306 */
307
33f0f88f
AC		 308static void tty_buffer_init(struct tty_struct *tty)
309{
808249ce 310 spin_lock_init(&tty->buf.lock);
33f0f88f
AC		 311 tty->buf.head = NULL;
312 tty->buf.tail = NULL;
313 tty->buf.free = NULL;
01da5fd8 314 tty->buf.memory_used = 0;
33f0f88f
AC		 315}
316
01da5fd8
AC		 317/**
318 * tty_buffer_alloc - allocate a tty buffer
319 * @tty: tty device
320 * @size: desired size (characters)
321 *
322 * Allocate a new tty buffer to hold the desired number of characters.
323 * Return NULL if out of memory or the allocation would exceed the
324 * per device queue
325 *
326 * Locking: Caller must hold tty->buf.lock
327 */
328
329static struct tty_buffer *tty_buffer_alloc(struct tty_struct *tty, size_t size)
33f0f88f 330{
01da5fd8
AC		 331 struct tty_buffer *p;
332
333 if (tty->buf.memory_used + size > 65536)
334 return NULL;
335 p = kmalloc(sizeof(struct tty_buffer) + 2 * size, GFP_ATOMIC);
37bdfb07 336 if (p == NULL)
33f0f88f
AC		 337 return NULL;
338 p->used = 0;
339 p->size = size;
340 p->next = NULL;
8977d929
PF		 341 p->commit = 0;
342 p->read = 0;
33f0f88f
AC		 343 p->char_buf_ptr = (char *)(p->data);
344 p->flag_buf_ptr = (unsigned char *)p->char_buf_ptr + size;
01da5fd8 345 tty->buf.memory_used += size;
33f0f88f
AC		 346 return p;
347}
348
01da5fd8
AC		 349/**
350 * tty_buffer_free - free a tty buffer
351 * @tty: tty owning the buffer
352 * @b: the buffer to free
353 *
354 * Free a tty buffer, or add it to the free list according to our
355 * internal strategy
356 *
357 * Locking: Caller must hold tty->buf.lock
358 */
33f0f88f
AC		 359
360static void tty_buffer_free(struct tty_struct *tty, struct tty_buffer *b)
361{
362 /* Dumb strategy for now - should keep some stats */
01da5fd8
AC		 363 tty->buf.memory_used -= b->size;
364 WARN_ON(tty->buf.memory_used < 0);
365
37bdfb07 366 if (b->size >= 512)
33f0f88f
AC		 367 kfree(b);
368 else {
369 b->next = tty->buf.free;
370 tty->buf.free = b;
371 }
372}
373
c5c34d48 374/**
42fd552e 375 * __tty_buffer_flush - flush full tty buffers
c5c34d48
PF		 376 * @tty: tty to flush
377 *
42fd552e
AC		 378 * flush all the buffers containing receive data. Caller must
379 * hold the buffer lock and must have ensured no parallel flush to
380 * ldisc is running.
c5c34d48 381 *
42fd552e 382 * Locking: Caller must hold tty->buf.lock
c5c34d48
PF		 383 */
384
42fd552e 385static void __tty_buffer_flush(struct tty_struct *tty)
c5c34d48
PF		 386{
387 struct tty_buffer *thead;
c5c34d48 388
37bdfb07 389 while ((thead = tty->buf.head) != NULL) {
c5c34d48
PF		 390 tty->buf.head = thead->next;
391 tty_buffer_free(tty, thead);
392 }
393 tty->buf.tail = NULL;
42fd552e
AC		 394}
395
396/**
397 * tty_buffer_flush - flush full tty buffers
398 * @tty: tty to flush
399 *
400 * flush all the buffers containing receive data. If the buffer is
401 * being processed by flush_to_ldisc then we defer the processing
402 * to that function
403 *
404 * Locking: none
405 */
406
407static void tty_buffer_flush(struct tty_struct *tty)
408{
409 unsigned long flags;
410 spin_lock_irqsave(&tty->buf.lock, flags);
411
412 /* If the data is being pushed to the tty layer then we can't
413 process it here. Instead set a flag and the flush_to_ldisc
414 path will process the flush request before it exits */
415 if (test_bit(TTY_FLUSHING, &tty->flags)) {
416 set_bit(TTY_FLUSHPENDING, &tty->flags);
417 spin_unlock_irqrestore(&tty->buf.lock, flags);
418 wait_event(tty->read_wait,
419 test_bit(TTY_FLUSHPENDING, &tty->flags) == 0);
420 return;
421 } else
422 __tty_buffer_flush(tty);
c5c34d48
PF		 423 spin_unlock_irqrestore(&tty->buf.lock, flags);
424}
425
01da5fd8
AC		 426/**
427 * tty_buffer_find - find a free tty buffer
428 * @tty: tty owning the buffer
429 * @size: characters wanted
430 *
431 * Locate an existing suitable tty buffer or if we are lacking one then
432 * allocate a new one. We round our buffers off in 256 character chunks
433 * to get better allocation behaviour.
434 *
435 * Locking: Caller must hold tty->buf.lock
436 */
437
33f0f88f
AC		 438static struct tty_buffer *tty_buffer_find(struct tty_struct *tty, size_t size)
439{
440 struct tty_buffer **tbh = &tty->buf.free;
37bdfb07 441 while ((*tbh) != NULL) {
33f0f88f 442 struct tty_buffer *t = *tbh;
37bdfb07 443 if (t->size >= size) {
33f0f88f
AC		 444 *tbh = t->next;
445 t->next = NULL;
446 t->used = 0;
8977d929
PF		 447 t->commit = 0;
448 t->read = 0;
01da5fd8 449 tty->buf.memory_used += t->size;
33f0f88f
AC		 450 return t;
451 }
452 tbh = &((*tbh)->next);
453 }
454 /* Round the buffer size out */
37bdfb07 455 size = (size + 0xFF) & ~0xFF;
01da5fd8 456 return tty_buffer_alloc(tty, size);
33f0f88f
AC		 457 /* Should possibly check if this fails for the largest buffer we
458 have queued and recycle that ? */
459}
460
01da5fd8
AC		 461/**
462 * tty_buffer_request_room - grow tty buffer if needed
463 * @tty: tty structure
464 * @size: size desired
465 *
466 * Make at least size bytes of linear space available for the tty
467 * buffer. If we fail return the size we managed to find.
468 *
469 * Locking: Takes tty->buf.lock
470 */
33f0f88f
AC		 471int tty_buffer_request_room(struct tty_struct *tty, size_t size)
472{
808249ce
PF		 473 struct tty_buffer *b, *n;
474 int left;
475 unsigned long flags;
476
477 spin_lock_irqsave(&tty->buf.lock, flags);
33f0f88f
AC		 478
479 /* OPTIMISATION: We could keep a per tty "zero" sized buffer to
480 remove this conditional if its worth it. This would be invisible
481 to the callers */
33b37a33 482 if ((b = tty->buf.tail) != NULL)
33f0f88f 483 left = b->size - b->used;
33b37a33 484 else
808249ce
PF		 485 left = 0;
486
487 if (left < size) {
488 /* This is the slow path - looking for new buffers to use */
489 if ((n = tty_buffer_find(tty, size)) != NULL) {
490 if (b != NULL) {
491 b->next = n;
8977d929 492 b->commit = b->used;
808249ce
PF		 493 } else
494 tty->buf.head = n;
495 tty->buf.tail = n;
808249ce
PF		 496 } else
497 size = left;
498 }
499
500 spin_unlock_irqrestore(&tty->buf.lock, flags);
33f0f88f
AC		 501 return size;
502}
33f0f88f
AC		 503EXPORT_SYMBOL_GPL(tty_buffer_request_room);
504
af9b897e
AC		 505/**
506 * tty_insert_flip_string - Add characters to the tty buffer
507 * @tty: tty structure
508 * @chars: characters
509 * @size: size
510 *
511 * Queue a series of bytes to the tty buffering. All the characters
512 * passed are marked as without error. Returns the number added.
513 *
514 * Locking: Called functions may take tty->buf.lock
515 */
516
e1a25090
AM		 517int tty_insert_flip_string(struct tty_struct *tty, const unsigned char *chars,
518 size_t size)
33f0f88f
AC		 519{
520 int copied = 0;
521 do {
522 int space = tty_buffer_request_room(tty, size - copied);
523 struct tty_buffer *tb = tty->buf.tail;
524 /* If there is no space then tb may be NULL */
37bdfb07 525 if (unlikely(space == 0))
33f0f88f
AC		 526 break;
527 memcpy(tb->char_buf_ptr + tb->used, chars, space);
528 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
529 tb->used += space;
530 copied += space;
531 chars += space;
527063ba
AD		 532 /* There is a small chance that we need to split the data over
533 several buffers. If this is the case we must loop */
534 } while (unlikely(size > copied));
33f0f88f
AC		 535 return copied;
536}
ee37df78 537EXPORT_SYMBOL(tty_insert_flip_string);
33f0f88f 538
af9b897e
AC		 539/**
540 * tty_insert_flip_string_flags - Add characters to the tty buffer
541 * @tty: tty structure
542 * @chars: characters
543 * @flags: flag bytes
544 * @size: size
545 *
546 * Queue a series of bytes to the tty buffering. For each character
547 * the flags array indicates the status of the character. Returns the
548 * number added.
549 *
550 * Locking: Called functions may take tty->buf.lock
551 */
552
e1a25090
AM		 553int tty_insert_flip_string_flags(struct tty_struct *tty,
554 const unsigned char *chars, const char *flags, size_t size)
33f0f88f
AC		 555{
556 int copied = 0;
557 do {
558 int space = tty_buffer_request_room(tty, size - copied);
559 struct tty_buffer *tb = tty->buf.tail;
560 /* If there is no space then tb may be NULL */
37bdfb07 561 if (unlikely(space == 0))
33f0f88f
AC		 562 break;
563 memcpy(tb->char_buf_ptr + tb->used, chars, space);
564 memcpy(tb->flag_buf_ptr + tb->used, flags, space);
565 tb->used += space;
566 copied += space;
567 chars += space;
568 flags += space;
527063ba
AD		 569 /* There is a small chance that we need to split the data over
570 several buffers. If this is the case we must loop */
571 } while (unlikely(size > copied));
33f0f88f
AC		 572 return copied;
573}
ff4547f4 574EXPORT_SYMBOL(tty_insert_flip_string_flags);
33f0f88f 575
af9b897e
AC		 576/**
577 * tty_schedule_flip - push characters to ldisc
578 * @tty: tty to push from
579 *
580 * Takes any pending buffers and transfers their ownership to the
581 * ldisc side of the queue. It then schedules those characters for
582 * processing by the line discipline.
583 *
584 * Locking: Takes tty->buf.lock
585 */
586
e1a25090
AM		 587void tty_schedule_flip(struct tty_struct *tty)
588{
589 unsigned long flags;
590 spin_lock_irqsave(&tty->buf.lock, flags);
33b37a33 591 if (tty->buf.tail != NULL)
e1a25090 592 tty->buf.tail->commit = tty->buf.tail->used;
e1a25090
AM		 593 spin_unlock_irqrestore(&tty->buf.lock, flags);
594 schedule_delayed_work(&tty->buf.work, 1);
595}
596EXPORT_SYMBOL(tty_schedule_flip);
33f0f88f 597
af9b897e
AC		 598/**
599 * tty_prepare_flip_string - make room for characters
600 * @tty: tty
601 * @chars: return pointer for character write area
602 * @size: desired size
603 *
33f0f88f
AC		 604 * Prepare a block of space in the buffer for data. Returns the length
605 * available and buffer pointer to the space which is now allocated and
606 * accounted for as ready for normal characters. This is used for drivers
607 * that need their own block copy routines into the buffer. There is no
608 * guarantee the buffer is a DMA target!
af9b897e
AC		 609 *
610 * Locking: May call functions taking tty->buf.lock
33f0f88f
AC		 611 */
612
37bdfb07
AC		 613int tty_prepare_flip_string(struct tty_struct *tty, unsigned char **chars,
614 size_t size)
33f0f88f
AC		 615{
616 int space = tty_buffer_request_room(tty, size);
808249ce
PF		 617 if (likely(space)) {
618 struct tty_buffer *tb = tty->buf.tail;
619 *chars = tb->char_buf_ptr + tb->used;
620 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
621 tb->used += space;
622 }
33f0f88f
AC		 623 return space;
624}
625
626EXPORT_SYMBOL_GPL(tty_prepare_flip_string);
627
af9b897e
AC		 628/**
629 * tty_prepare_flip_string_flags - make room for characters
630 * @tty: tty
631 * @chars: return pointer for character write area
632 * @flags: return pointer for status flag write area
633 * @size: desired size
634 *
33f0f88f
AC		 635 * Prepare a block of space in the buffer for data. Returns the length
636 * available and buffer pointer to the space which is now allocated and
637 * accounted for as ready for characters. This is used for drivers
638 * that need their own block copy routines into the buffer. There is no
639 * guarantee the buffer is a DMA target!
af9b897e
AC		 640 *
641 * Locking: May call functions taking tty->buf.lock
33f0f88f
AC		 642 */
643
37bdfb07
AC		 644int tty_prepare_flip_string_flags(struct tty_struct *tty,
645 unsigned char **chars, char **flags, size_t size)
33f0f88f
AC		 646{
647 int space = tty_buffer_request_room(tty, size);
808249ce
PF		 648 if (likely(space)) {
649 struct tty_buffer *tb = tty->buf.tail;
650 *chars = tb->char_buf_ptr + tb->used;
651 *flags = tb->flag_buf_ptr + tb->used;
652 tb->used += space;
653 }
33f0f88f
AC		 654 return space;
655}
656
657EXPORT_SYMBOL_GPL(tty_prepare_flip_string_flags);
658
659
660
af9b897e
AC		 661/**
662 * tty_set_termios_ldisc - set ldisc field
663 * @tty: tty structure
664 * @num: line discipline number
665 *
1da177e4 666 * This is probably overkill for real world processors but
37bdfb07 667 * they are not on hot paths so a little discipline won't do
1da177e4 668 * any harm.
af9b897e 669 *
24ec839c 670 * Locking: takes termios_mutex
1da177e4 671 */
37bdfb07 672
1da177e4
LT		 673static void tty_set_termios_ldisc(struct tty_struct *tty, int num)
674{
5785c95b 675 mutex_lock(&tty->termios_mutex);
1da177e4 676 tty->termios->c_line = num;
5785c95b 677 mutex_unlock(&tty->termios_mutex);
1da177e4
LT		 678}
679
680/*
681 * This guards the refcounted line discipline lists. The lock
682 * must be taken with irqs off because there are hangup path
683 * callers who will do ldisc lookups and cannot sleep.
684 */
37bdfb07 685
1da177e4
LT		 686static DEFINE_SPINLOCK(tty_ldisc_lock);
687static DECLARE_WAIT_QUEUE_HEAD(tty_ldisc_wait);
37bdfb07
AC		 688/* Line disc dispatch table */
689static struct tty_ldisc tty_ldiscs[NR_LDISCS];
1da177e4 690
af9b897e
AC		 691/**
692 * tty_register_ldisc - install a line discipline
693 * @disc: ldisc number
694 * @new_ldisc: pointer to the ldisc object
695 *
696 * Installs a new line discipline into the kernel. The discipline
697 * is set up as unreferenced and then made available to the kernel
698 * from this point onwards.
699 *
700 * Locking:
701 * takes tty_ldisc_lock to guard against ldisc races
702 */
703
1da177e4
LT		 704int tty_register_ldisc(int disc, struct tty_ldisc *new_ldisc)
705{
706 unsigned long flags;
707 int ret = 0;
37bdfb07 708
1da177e4
LT		 709 if (disc < N_TTY || disc >= NR_LDISCS)
710 return -EINVAL;
37bdfb07 711
1da177e4 712 spin_lock_irqsave(&tty_ldisc_lock, flags);
bfb07599
AD		 713 tty_ldiscs[disc] = *new_ldisc;
714 tty_ldiscs[disc].num = disc;
715 tty_ldiscs[disc].flags |= LDISC_FLAG_DEFINED;
716 tty_ldiscs[disc].refcount = 0;
1da177e4 717 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
37bdfb07 718
1da177e4
LT		 719 return ret;
720}
1da177e4
LT		 721EXPORT_SYMBOL(tty_register_ldisc);
722
af9b897e
AC		 723/**
724 * tty_unregister_ldisc - unload a line discipline
725 * @disc: ldisc number
726 * @new_ldisc: pointer to the ldisc object
727 *
728 * Remove a line discipline from the kernel providing it is not
729 * currently in use.
730 *
731 * Locking:
732 * takes tty_ldisc_lock to guard against ldisc races
733 */
734
bfb07599
AD		 735int tty_unregister_ldisc(int disc)
736{
737 unsigned long flags;
738 int ret = 0;
739
740 if (disc < N_TTY || disc >= NR_LDISCS)
741 return -EINVAL;
742
743 spin_lock_irqsave(&tty_ldisc_lock, flags);
744 if (tty_ldiscs[disc].refcount)
745 ret = -EBUSY;
746 else
747 tty_ldiscs[disc].flags &= ~LDISC_FLAG_DEFINED;
748 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
749
750 return ret;
751}
752EXPORT_SYMBOL(tty_unregister_ldisc);
753
af9b897e
AC		 754/**
755 * tty_ldisc_get - take a reference to an ldisc
756 * @disc: ldisc number
757 *
758 * Takes a reference to a line discipline. Deals with refcounts and
759 * module locking counts. Returns NULL if the discipline is not available.
760 * Returns a pointer to the discipline and bumps the ref count if it is
761 * available
762 *
763 * Locking:
764 * takes tty_ldisc_lock to guard against ldisc races
765 */
766
1da177e4
LT		 767struct tty_ldisc *tty_ldisc_get(int disc)
768{
769 unsigned long flags;
770 struct tty_ldisc *ld;
771
772 if (disc < N_TTY || disc >= NR_LDISCS)
773 return NULL;
37bdfb07 774
1da177e4
LT		 775 spin_lock_irqsave(&tty_ldisc_lock, flags);
776
777 ld = &tty_ldiscs[disc];
778 /* Check the entry is defined */
37bdfb07 779 if (ld->flags & LDISC_FLAG_DEFINED) {
1da177e4
LT		 780 /* If the module is being unloaded we can't use it */
781 if (!try_module_get(ld->owner))
37bdfb07 782 ld = NULL;
1da177e4
LT		 783 else /* lock it */
784 ld->refcount++;
37bdfb07 785 } else
1da177e4
LT		 786 ld = NULL;
787 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
788 return ld;
789}
790
791EXPORT_SYMBOL_GPL(tty_ldisc_get);
792
af9b897e
AC		 793/**
794 * tty_ldisc_put - drop ldisc reference
795 * @disc: ldisc number
796 *
797 * Drop a reference to a line discipline. Manage refcounts and
798 * module usage counts
799 *
800 * Locking:
801 * takes tty_ldisc_lock to guard against ldisc races
802 */
803
1da177e4
LT		 804void tty_ldisc_put(int disc)
805{
806 struct tty_ldisc *ld;
807 unsigned long flags;
37bdfb07 808
56ee4827 809 BUG_ON(disc < N_TTY || disc >= NR_LDISCS);
37bdfb07 810
1da177e4
LT		 811 spin_lock_irqsave(&tty_ldisc_lock, flags);
812 ld = &tty_ldiscs[disc];
56ee4827
ES		 813 BUG_ON(ld->refcount == 0);
814 ld->refcount--;
1da177e4
LT		 815 module_put(ld->owner);
816 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
817}
37bdfb07 818
1da177e4
LT		 819EXPORT_SYMBOL_GPL(tty_ldisc_put);
820
af9b897e
AC		 821/**
822 * tty_ldisc_assign - set ldisc on a tty
823 * @tty: tty to assign
824 * @ld: line discipline
825 *
826 * Install an instance of a line discipline into a tty structure. The
827 * ldisc must have a reference count above zero to ensure it remains/
828 * The tty instance refcount starts at zero.
829 *
830 * Locking:
831 * Caller must hold references
832 */
833
1da177e4
LT		 834static void tty_ldisc_assign(struct tty_struct *tty, struct tty_ldisc *ld)
835{
836 tty->ldisc = *ld;
837 tty->ldisc.refcount = 0;
838}
839
840/**
841 * tty_ldisc_try - internal helper
842 * @tty: the tty
843 *
844 * Make a single attempt to grab and bump the refcount on
845 * the tty ldisc. Return 0 on failure or 1 on success. This is
846 * used to implement both the waiting and non waiting versions
847 * of tty_ldisc_ref
af9b897e
AC		 848 *
849 * Locking: takes tty_ldisc_lock
1da177e4
LT		 850 */
851
852static int tty_ldisc_try(struct tty_struct *tty)
853{
854 unsigned long flags;
855 struct tty_ldisc *ld;
856 int ret = 0;
37bdfb07 857
1da177e4
LT		 858 spin_lock_irqsave(&tty_ldisc_lock, flags);
859 ld = &tty->ldisc;
37bdfb07 860 if (test_bit(TTY_LDISC, &tty->flags)) {
1da177e4
LT		 861 ld->refcount++;
862 ret = 1;
863 }
864 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
865 return ret;
866}
867
868/**
869 * tty_ldisc_ref_wait - wait for the tty ldisc
870 * @tty: tty device
871 *
37bdfb07
AC		 872 * Dereference the line discipline for the terminal and take a
873 * reference to it. If the line discipline is in flux then
1da177e4
LT		 874 * wait patiently until it changes.
875 *
876 * Note: Must not be called from an IRQ/timer context. The caller
877 * must also be careful not to hold other locks that will deadlock
878 * against a discipline change, such as an existing ldisc reference
879 * (which we check for)
af9b897e
AC		 880 *
881 * Locking: call functions take tty_ldisc_lock
1da177e4 882 */
37bdfb07 883
1da177e4
LT		 884struct tty_ldisc *tty_ldisc_ref_wait(struct tty_struct *tty)
885{
886 /* wait_event is a macro */
887 wait_event(tty_ldisc_wait, tty_ldisc_try(tty));
37bdfb07 888 if (tty->ldisc.refcount == 0)
1da177e4
LT		 889 printk(KERN_ERR "tty_ldisc_ref_wait\n");
890 return &tty->ldisc;
891}
892
893EXPORT_SYMBOL_GPL(tty_ldisc_ref_wait);
894
895/**
896 * tty_ldisc_ref - get the tty ldisc
897 * @tty: tty device
898 *
37bdfb07
AC		 899 * Dereference the line discipline for the terminal and take a
900 * reference to it. If the line discipline is in flux then
1da177e4 901 * return NULL. Can be called from IRQ and timer functions.
af9b897e
AC		 902 *
903 * Locking: called functions take tty_ldisc_lock
1da177e4 904 */
37bdfb07 905
1da177e4
LT		 906struct tty_ldisc *tty_ldisc_ref(struct tty_struct *tty)
907{
37bdfb07 908 if (tty_ldisc_try(tty))
1da177e4
LT		 909 return &tty->ldisc;
910 return NULL;
911}
912
913EXPORT_SYMBOL_GPL(tty_ldisc_ref);
914
915/**
916 * tty_ldisc_deref - free a tty ldisc reference
917 * @ld: reference to free up
918 *
919 * Undoes the effect of tty_ldisc_ref or tty_ldisc_ref_wait. May
920 * be called in IRQ context.
af9b897e
AC		 921 *
922 * Locking: takes tty_ldisc_lock
1da177e4 923 */
37bdfb07 924
1da177e4
LT		 925void tty_ldisc_deref(struct tty_ldisc *ld)
926{
927 unsigned long flags;
928
56ee4827 929 BUG_ON(ld == NULL);
37bdfb07 930
1da177e4 931 spin_lock_irqsave(&tty_ldisc_lock, flags);
37bdfb07 932 if (ld->refcount == 0)
1da177e4
LT		 933 printk(KERN_ERR "tty_ldisc_deref: no references.\n");
934 else
935 ld->refcount--;
37bdfb07 936 if (ld->refcount == 0)
1da177e4
LT		 937 wake_up(&tty_ldisc_wait);
938 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
939}
940
941EXPORT_SYMBOL_GPL(tty_ldisc_deref);
942
943/**
944 * tty_ldisc_enable - allow ldisc use
945 * @tty: terminal to activate ldisc on
946 *
947 * Set the TTY_LDISC flag when the line discipline can be called
3a4fa0a2 948 * again. Do necessary wakeups for existing sleepers.
1da177e4
LT		 949 *
950 * Note: nobody should set this bit except via this function. Clearing
951 * directly is allowed.
952 */
953
954static void tty_ldisc_enable(struct tty_struct *tty)
955{
956 set_bit(TTY_LDISC, &tty->flags);
957 wake_up(&tty_ldisc_wait);
958}
37bdfb07 959
1da177e4
LT		 960/**
961 * tty_set_ldisc - set line discipline
962 * @tty: the terminal to set
963 * @ldisc: the line discipline
964 *
965 * Set the discipline of a tty line. Must be called from a process
966 * context.
af9b897e
AC		 967 *
968 * Locking: takes tty_ldisc_lock.
24ec839c 969 * called functions take termios_mutex
1da177e4 970 */
37bdfb07 971
1da177e4
LT		 972static int tty_set_ldisc(struct tty_struct *tty, int ldisc)
973{
ff55fe20
JB		 974 int retval = 0;
975 struct tty_ldisc o_ldisc;
1da177e4
LT		 976 char buf[64];
977 int work;
978 unsigned long flags;
979 struct tty_ldisc *ld;
ff55fe20 980 struct tty_struct *o_tty;
1da177e4
LT		 981
982 if ((ldisc < N_TTY) || (ldisc >= NR_LDISCS))
983 return -EINVAL;
984
985restart:
986
1da177e4
LT		 987 ld = tty_ldisc_get(ldisc);
988 /* Eduardo Blanco <ejbs@cs.cs.com.uy> */
989 /* Cyrus Durgin <cider@speakeasy.org> */
990 if (ld == NULL) {
991 request_module("tty-ldisc-%d", ldisc);
992 ld = tty_ldisc_get(ldisc);
993 }
994 if (ld == NULL)
995 return -EINVAL;
996
33f0f88f
AC		 997 /*
998 * Problem: What do we do if this blocks ?
999 */
1000
1da177e4
LT		 1001 tty_wait_until_sent(tty, 0);
1002
ff55fe20
JB		 1003 if (tty->ldisc.num == ldisc) {
1004 tty_ldisc_put(ldisc);
1005 return 0;
1006 }
1007
ae030e43
PF		 1008 /*
1009 * No more input please, we are switching. The new ldisc
1010 * will update this value in the ldisc open function
1011 */
1012
1013 tty->receive_room = 0;
1014
ff55fe20
JB		 1015 o_ldisc = tty->ldisc;
1016 o_tty = tty->link;
1017
1da177e4
LT		 1018 /*
1019 * Make sure we don't change while someone holds a
1020 * reference to the line discipline. The TTY_LDISC bit
1021 * prevents anyone taking a reference once it is clear.
1022 * We need the lock to avoid racing reference takers.
1023 */
ff55fe20 1024
1da177e4 1025 spin_lock_irqsave(&tty_ldisc_lock, flags);
ff55fe20 1026 if (tty->ldisc.refcount || (o_tty && o_tty->ldisc.refcount)) {
37bdfb07 1027 if (tty->ldisc.refcount) {
ff55fe20
JB		 1028 /* Free the new ldisc we grabbed. Must drop the lock
1029 first. */
1030 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1031 tty_ldisc_put(ldisc);
1032 /*
1033 * There are several reasons we may be busy, including
1034 * random momentary I/O traffic. We must therefore
1035 * retry. We could distinguish between blocking ops
37bdfb07
AC		 1036 * and retries if we made tty_ldisc_wait() smarter.
1037 * That is up for discussion.
ff55fe20
JB		 1038 */
1039 if (wait_event_interruptible(tty_ldisc_wait, tty->ldisc.refcount == 0) < 0)
1040 return -ERESTARTSYS;
1041 goto restart;
1042 }
37bdfb07 1043 if (o_tty && o_tty->ldisc.refcount) {
ff55fe20
JB		 1044 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1045 tty_ldisc_put(ldisc);
1046 if (wait_event_interruptible(tty_ldisc_wait, o_tty->ldisc.refcount == 0) < 0)
1047 return -ERESTARTSYS;
1048 goto restart;
1049 }
1050 }
37bdfb07
AC		 1051 /*
1052 * If the TTY_LDISC bit is set, then we are racing against
1053 * another ldisc change
1054 */
ff55fe20 1055 if (!test_bit(TTY_LDISC, &tty->flags)) {
1da177e4
LT		 1056 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1057 tty_ldisc_put(ldisc);
ff55fe20
JB		 1058 ld = tty_ldisc_ref_wait(tty);
1059 tty_ldisc_deref(ld);
1da177e4
LT		 1060 goto restart;
1061 }
ff55fe20
JB		 1062
1063 clear_bit(TTY_LDISC, &tty->flags);
817d6d3b 1064 if (o_tty)
ff55fe20 1065 clear_bit(TTY_LDISC, &o_tty->flags);
1da177e4 1066 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
ff55fe20 1067
1da177e4
LT		 1068 /*
1069 * From this point on we know nobody has an ldisc
1070 * usage reference, nor can they obtain one until
1071 * we say so later on.
1072 */
ff55fe20 1073
33f0f88f 1074 work = cancel_delayed_work(&tty->buf.work);
1da177e4 1075 /*
33f0f88f 1076 * Wait for ->hangup_work and ->buf.work handlers to terminate
1da177e4 1077 */
1da177e4
LT		 1078 flush_scheduled_work();
1079 /* Shutdown the current discipline. */
1080 if (tty->ldisc.close)
1081 (tty->ldisc.close)(tty);
1082
1083 /* Now set up the new line discipline. */
1084 tty_ldisc_assign(tty, ld);
1085 tty_set_termios_ldisc(tty, ldisc);
1086 if (tty->ldisc.open)
1087 retval = (tty->ldisc.open)(tty);
1088 if (retval < 0) {
1089 tty_ldisc_put(ldisc);
1090 /* There is an outstanding reference here so this is safe */
1091 tty_ldisc_assign(tty, tty_ldisc_get(o_ldisc.num));
1092 tty_set_termios_ldisc(tty, tty->ldisc.num);
1093 if (tty->ldisc.open && (tty->ldisc.open(tty) < 0)) {
1094 tty_ldisc_put(o_ldisc.num);
1095 /* This driver is always present */
1096 tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
1097 tty_set_termios_ldisc(tty, N_TTY);
1098 if (tty->ldisc.open) {
1099 int r = tty->ldisc.open(tty);
1100
1101 if (r < 0)
1102 panic("Couldn't open N_TTY ldisc for "
1103 "%s --- error %d.",
1104 tty_name(tty, buf), r);
1105 }
1106 }
1107 }
1108 /* At this point we hold a reference to the new ldisc and a
1109 a reference to the old ldisc. If we ended up flipping back
1110 to the existing ldisc we have two references to it */
37bdfb07 1111
1da177e4
LT		 1112 if (tty->ldisc.num != o_ldisc.num && tty->driver->set_ldisc)
1113 tty->driver->set_ldisc(tty);
37bdfb07 1114
1da177e4 1115 tty_ldisc_put(o_ldisc.num);
37bdfb07 1116
1da177e4
LT		 1117 /*
1118 * Allow ldisc referencing to occur as soon as the driver
1119 * ldisc callback completes.
1120 */
37bdfb07 1121
1da177e4 1122 tty_ldisc_enable(tty);
ff55fe20
JB		 1123 if (o_tty)
1124 tty_ldisc_enable(o_tty);
37bdfb07 1125
1da177e4
LT		 1126 /* Restart it in case no characters kick it off. Safe if
1127 already running */
ff55fe20 1128 if (work)
33f0f88f 1129 schedule_delayed_work(&tty->buf.work, 1);
1da177e4
LT		 1130 return retval;
1131}
1132
af9b897e
AC		 1133/**
1134 * get_tty_driver - find device of a tty
1135 * @dev_t: device identifier
1136 * @index: returns the index of the tty
1137 *
1138 * This routine returns a tty driver structure, given a device number
1139 * and also passes back the index number.
1140 *
1141 * Locking: caller must hold tty_mutex
1da177e4 1142 */
af9b897e 1143
1da177e4
LT		 1144static struct tty_driver *get_tty_driver(dev_t device, int *index)
1145{
1146 struct tty_driver *p;
1147
1148 list_for_each_entry(p, &tty_drivers, tty_drivers) {
1149 dev_t base = MKDEV(p->major, p->minor_start);
1150 if (device < base || device >= base + p->num)
1151 continue;
1152 *index = device - base;
1153 return p;
1154 }
1155 return NULL;
1156}
1157
f2d937f3
JW		 1158#ifdef CONFIG_CONSOLE_POLL
1159
1160/**
1161 * tty_find_polling_driver - find device of a polled tty
1162 * @name: name string to match
1163 * @line: pointer to resulting tty line nr
1164 *
1165 * This routine returns a tty driver structure, given a name
1166 * and the condition that the tty driver is capable of polled
1167 * operation.
1168 */
1169struct tty_driver *tty_find_polling_driver(char *name, int *line)
1170{
1171 struct tty_driver *p, *res = NULL;
1172 int tty_line = 0;
1173 char *str;
1174
1175 mutex_lock(&tty_mutex);
1176 /* Search through the tty devices to look for a match */
1177 list_for_each_entry(p, &tty_drivers, tty_drivers) {
1178 str = name + strlen(p->name);
1179 tty_line = simple_strtoul(str, &str, 10);
1180 if (*str == ',')
1181 str++;
1182 if (*str == '\0')
1183 str = 0;
1184
1185 if (tty_line >= 0 && tty_line <= p->num && p->poll_init &&
1186 !p->poll_init(p, tty_line, str)) {
1187
1188 res = p;
1189 *line = tty_line;
1190 break;
1191 }
1192 }
1193 mutex_unlock(&tty_mutex);
1194
1195 return res;
1196}
1197EXPORT_SYMBOL_GPL(tty_find_polling_driver);
1198#endif
1199
af9b897e
AC		 1200/**
1201 * tty_check_change - check for POSIX terminal changes
1202 * @tty: tty to check
1203 *
1204 * If we try to write to, or set the state of, a terminal and we're
1205 * not in the foreground, send a SIGTTOU. If the signal is blocked or
1206 * ignored, go ahead and perform the operation. (POSIX 7.2)
1207 *
1208 * Locking: none
1da177e4 1209 */
af9b897e 1210
37bdfb07 1211int tty_check_change(struct tty_struct *tty)
1da177e4
LT		 1212{
1213 if (current->signal->tty != tty)
1214 return 0;
ab521dc0
EB		 1215 if (!tty->pgrp) {
1216 printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n");
1da177e4
LT		 1217 return 0;
1218 }
ab521dc0 1219 if (task_pgrp(current) == tty->pgrp)
1da177e4
LT		 1220 return 0;
1221 if (is_ignored(SIGTTOU))
1222 return 0;
3e7cd6c4 1223 if (is_current_pgrp_orphaned())
1da177e4 1224 return -EIO;
040b6362
ON		 1225 kill_pgrp(task_pgrp(current), SIGTTOU, 1);
1226 set_thread_flag(TIF_SIGPENDING);
1da177e4
LT		 1227 return -ERESTARTSYS;
1228}
1229
1230EXPORT_SYMBOL(tty_check_change);
1231
37bdfb07 1232static ssize_t hung_up_tty_read(struct file *file, char __user *buf,
1da177e4
LT		 1233 size_t count, loff_t *ppos)
1234{
1235 return 0;
1236}
1237
37bdfb07 1238static ssize_t hung_up_tty_write(struct file *file, const char __user *buf,
1da177e4
LT		 1239 size_t count, loff_t *ppos)
1240{
1241 return -EIO;
1242}
1243
1244/* No kernel lock held - none needed ;) */
37bdfb07 1245static unsigned int hung_up_tty_poll(struct file *filp, poll_table *wait)
1da177e4
LT		 1246{
1247 return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
1248}
1249
37bdfb07 1250static int hung_up_tty_ioctl(struct inode *inode, struct file *file,
38ad2ed0
PF		 1251 unsigned int cmd, unsigned long arg)
1252{
1253 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
1254}
1255
37bdfb07 1256static long hung_up_tty_compat_ioctl(struct file *file,
38ad2ed0 1257 unsigned int cmd, unsigned long arg)
1da177e4
LT		 1258{
1259 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
1260}
1261
62322d25 1262static const struct file_operations tty_fops = {
1da177e4
LT		 1263 .llseek = no_llseek,
1264 .read = tty_read,
1265 .write = tty_write,
1266 .poll = tty_poll,
1267 .ioctl = tty_ioctl,
e10cc1df 1268 .compat_ioctl = tty_compat_ioctl,
1da177e4
LT		 1269 .open = tty_open,
1270 .release = tty_release,
1271 .fasync = tty_fasync,
1272};
1273
1274#ifdef CONFIG_UNIX98_PTYS
62322d25 1275static const struct file_operations ptmx_fops = {
1da177e4
LT		 1276 .llseek = no_llseek,
1277 .read = tty_read,
1278 .write = tty_write,
1279 .poll = tty_poll,
1280 .ioctl = tty_ioctl,
e10cc1df 1281 .compat_ioctl = tty_compat_ioctl,
1da177e4
LT		 1282 .open = ptmx_open,
1283 .release = tty_release,
1284 .fasync = tty_fasync,
1285};
1286#endif
1287
62322d25 1288static const struct file_operations console_fops = {
1da177e4
LT		 1289 .llseek = no_llseek,
1290 .read = tty_read,
1291 .write = redirected_tty_write,
1292 .poll = tty_poll,
1293 .ioctl = tty_ioctl,
e10cc1df 1294 .compat_ioctl = tty_compat_ioctl,
1da177e4
LT		 1295 .open = tty_open,
1296 .release = tty_release,
1297 .fasync = tty_fasync,
1298};
1299
62322d25 1300static const struct file_operations hung_up_tty_fops = {
1da177e4
LT		 1301 .llseek = no_llseek,
1302 .read = hung_up_tty_read,
1303 .write = hung_up_tty_write,
1304 .poll = hung_up_tty_poll,
38ad2ed0
PF		 1305 .ioctl = hung_up_tty_ioctl,
1306 .compat_ioctl = hung_up_tty_compat_ioctl,
1da177e4
LT		 1307 .release = tty_release,
1308};
1309
1310static DEFINE_SPINLOCK(redirect_lock);
1311static struct file *redirect;
1312
1313/**
1314 * tty_wakeup - request more data
1315 * @tty: terminal
1316 *
1317 * Internal and external helper for wakeups of tty. This function
1318 * informs the line discipline if present that the driver is ready
1319 * to receive more output data.
1320 */
37bdfb07 1321
1da177e4
LT		 1322void tty_wakeup(struct tty_struct *tty)
1323{
1324 struct tty_ldisc *ld;
37bdfb07 1325
1da177e4
LT		 1326 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
1327 ld = tty_ldisc_ref(tty);
37bdfb07
AC		 1328 if (ld) {
1329 if (ld->write_wakeup)
1da177e4
LT		 1330 ld->write_wakeup(tty);
1331 tty_ldisc_deref(ld);
1332 }
1333 }
1334 wake_up_interruptible(&tty->write_wait);
1335}
1336
1337EXPORT_SYMBOL_GPL(tty_wakeup);
1338
1339/**
1340 * tty_ldisc_flush - flush line discipline queue
1341 * @tty: tty
1342 *
1343 * Flush the line discipline queue (if any) for this tty. If there
1344 * is no line discipline active this is a no-op.
1345 */
37bdfb07 1346
1da177e4
LT		 1347void tty_ldisc_flush(struct tty_struct *tty)
1348{
1349 struct tty_ldisc *ld = tty_ldisc_ref(tty);
37bdfb07
AC		 1350 if (ld) {
1351 if (ld->flush_buffer)
1da177e4
LT		 1352 ld->flush_buffer(tty);
1353 tty_ldisc_deref(ld);
1354 }
c5c34d48 1355 tty_buffer_flush(tty);
1da177e4
LT		 1356}
1357
1358EXPORT_SYMBOL_GPL(tty_ldisc_flush);
edc6afc5
AC		 1359
1360/**
1361 * tty_reset_termios - reset terminal state
1362 * @tty: tty to reset
1363 *
1364 * Restore a terminal to the driver default state
1365 */
1366
1367static void tty_reset_termios(struct tty_struct *tty)
1368{
1369 mutex_lock(&tty->termios_mutex);
1370 *tty->termios = tty->driver->init_termios;
1371 tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
1372 tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
1373 mutex_unlock(&tty->termios_mutex);
1374}
37bdfb07 1375
af9b897e
AC		 1376/**
1377 * do_tty_hangup - actual handler for hangup events
65f27f38 1378 * @work: tty device
af9b897e
AC		 1379 *
1380 * This can be called by the "eventd" kernel thread. That is process
1381 * synchronous but doesn't hold any locks, so we need to make sure we
1382 * have the appropriate locks for what we're doing.
1383 *
1384 * The hangup event clears any pending redirections onto the hung up
1385 * device. It ensures future writes will error and it does the needed
1386 * line discipline hangup and signal delivery. The tty object itself
1387 * remains intact.
1388 *
1389 * Locking:
1390 * BKL
24ec839c
PZ		 1391 * redirect lock for undoing redirection
1392 * file list lock for manipulating list of ttys
1393 * tty_ldisc_lock from called functions
1394 * termios_mutex resetting termios data
1395 * tasklist_lock to walk task list for hangup event
1396 * ->siglock to protect ->signal/->sighand
1da177e4 1397 */
65f27f38 1398static void do_tty_hangup(struct work_struct *work)
1da177e4 1399{
65f27f38
DH		 1400 struct tty_struct *tty =
1401 container_of(work, struct tty_struct, hangup_work);
37bdfb07 1402 struct file *cons_filp = NULL;
1da177e4
LT		 1403 struct file *filp, *f = NULL;
1404 struct task_struct *p;
1405 struct tty_ldisc *ld;
1406 int closecount = 0, n;
1407
1408 if (!tty)
1409 return;
1410
1411 /* inuse_filps is protected by the single kernel lock */
1412 lock_kernel();
1413
1414 spin_lock(&redirect_lock);
1415 if (redirect && redirect->private_data == tty) {
1416 f = redirect;
1417 redirect = NULL;
1418 }
1419 spin_unlock(&redirect_lock);
37bdfb07 1420
1da177e4
LT		 1421 check_tty_count(tty, "do_tty_hangup");
1422 file_list_lock();
1423 /* This breaks for file handles being sent over AF_UNIX sockets ? */
2f512016 1424 list_for_each_entry(filp, &tty->tty_files, f_u.fu_list) {
1da177e4
LT		 1425 if (filp->f_op->write == redirected_tty_write)
1426 cons_filp = filp;
1427 if (filp->f_op->write != tty_write)
1428 continue;
1429 closecount++;
1430 tty_fasync(-1, filp, 0); /* can't block */
1431 filp->f_op = &hung_up_tty_fops;
1432 }
1433 file_list_unlock();
37bdfb07
AC		 1434 /*
1435 * FIXME! What are the locking issues here? This may me overdoing
1436 * things... This question is especially important now that we've
1437 * removed the irqlock.
1438 */
1da177e4 1439 ld = tty_ldisc_ref(tty);
37bdfb07
AC		 1440 if (ld != NULL) {
1441 /* We may have no line discipline at this point */
1da177e4
LT		 1442 if (ld->flush_buffer)
1443 ld->flush_buffer(tty);
1444 if (tty->driver->flush_buffer)
1445 tty->driver->flush_buffer(tty);
1446 if ((test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) &&
1447 ld->write_wakeup)
1448 ld->write_wakeup(tty);
1449 if (ld->hangup)
1450 ld->hangup(tty);
1451 }
37bdfb07
AC		 1452 /*
1453 * FIXME: Once we trust the LDISC code better we can wait here for
1454 * ldisc completion and fix the driver call race
1455 */
1da177e4
LT		 1456 wake_up_interruptible(&tty->write_wait);
1457 wake_up_interruptible(&tty->read_wait);
1da177e4
LT		 1458 /*
1459 * Shutdown the current line discipline, and reset it to
1460 * N_TTY.
1461 */
1462 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
edc6afc5 1463 tty_reset_termios(tty);
1da177e4
LT		 1464 /* Defer ldisc switch */
1465 /* tty_deferred_ldisc_switch(N_TTY);
37bdfb07 1466
1da177e4
LT		 1467 This should get done automatically when the port closes and
1468 tty_release is called */
37bdfb07 1469
1da177e4 1470 read_lock(&tasklist_lock);
ab521dc0
EB		 1471 if (tty->session) {
1472 do_each_pid_task(tty->session, PIDTYPE_SID, p) {
24ec839c 1473 spin_lock_irq(&p->sighand->siglock);
1da177e4
LT		 1474 if (p->signal->tty == tty)
1475 p->signal->tty = NULL;
24ec839c
PZ		 1476 if (!p->signal->leader) {
1477 spin_unlock_irq(&p->sighand->siglock);
1da177e4 1478 continue;
24ec839c
PZ		 1479 }
1480 __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
1481 __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
ab521dc0
EB		 1482 put_pid(p->signal->tty_old_pgrp); /* A noop */
1483 if (tty->pgrp)
1484 p->signal->tty_old_pgrp = get_pid(tty->pgrp);
24ec839c 1485 spin_unlock_irq(&p->sighand->siglock);
ab521dc0 1486 } while_each_pid_task(tty->session, PIDTYPE_SID, p);
1da177e4
LT		 1487 }
1488 read_unlock(&tasklist_lock);
1489
1490 tty->flags = 0;
d9c1e9a8
EB		 1491 put_pid(tty->session);
1492 put_pid(tty->pgrp);
ab521dc0
EB		 1493 tty->session = NULL;
1494 tty->pgrp = NULL;
1da177e4
LT		 1495 tty->ctrl_status = 0;
1496 /*
37bdfb07
AC		 1497 * If one of the devices matches a console pointer, we
1498 * cannot just call hangup() because that will cause
1499 * tty->count and state->count to go out of sync.
1500 * So we just call close() the right number of times.
1da177e4
LT		 1501 */
1502 if (cons_filp) {
1503 if (tty->driver->close)
1504 for (n = 0; n < closecount; n++)
1505 tty->driver->close(tty, cons_filp);
1506 } else if (tty->driver->hangup)
1507 (tty->driver->hangup)(tty);
37bdfb07
AC		 1508 /*
1509 * We don't want to have driver/ldisc interactions beyond
1510 * the ones we did here. The driver layer expects no
1511 * calls after ->hangup() from the ldisc side. However we
1512 * can't yet guarantee all that.
1513 */
1da177e4
LT		 1514 set_bit(TTY_HUPPED, &tty->flags);
1515 if (ld) {
1516 tty_ldisc_enable(tty);
1517 tty_ldisc_deref(ld);
1518 }
1519 unlock_kernel();
1520 if (f)
1521 fput(f);
1522}
1523
af9b897e
AC		 1524/**
1525 * tty_hangup - trigger a hangup event
1526 * @tty: tty to hangup
1527 *
1528 * A carrier loss (virtual or otherwise) has occurred on this like
1529 * schedule a hangup sequence to run after this event.
1530 */
1531
37bdfb07 1532void tty_hangup(struct tty_struct *tty)
1da177e4
LT		 1533{
1534#ifdef TTY_DEBUG_HANGUP
1535 char buf[64];
1da177e4
LT		 1536 printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
1537#endif
1538 schedule_work(&tty->hangup_work);
1539}
1540
1541EXPORT_SYMBOL(tty_hangup);
1542
af9b897e
AC		 1543/**
1544 * tty_vhangup - process vhangup
1545 * @tty: tty to hangup
1546 *
1547 * The user has asked via system call for the terminal to be hung up.
1548 * We do this synchronously so that when the syscall returns the process
3a4fa0a2 1549 * is complete. That guarantee is necessary for security reasons.
af9b897e
AC		 1550 */
1551
37bdfb07 1552void tty_vhangup(struct tty_struct *tty)
1da177e4
LT		 1553{
1554#ifdef TTY_DEBUG_HANGUP
1555 char buf[64];
1556
1557 printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
1558#endif
65f27f38 1559 do_tty_hangup(&tty->hangup_work);
1da177e4 1560}
37bdfb07 1561
1da177e4
LT		 1562EXPORT_SYMBOL(tty_vhangup);
1563
af9b897e
AC		 1564/**
1565 * tty_hung_up_p - was tty hung up
1566 * @filp: file pointer of tty
1567 *
1568 * Return true if the tty has been subject to a vhangup or a carrier
1569 * loss
1570 */
1571
37bdfb07 1572int tty_hung_up_p(struct file *filp)
1da177e4
LT		 1573{
1574 return (filp->f_op == &hung_up_tty_fops);
1575}
1576
1577EXPORT_SYMBOL(tty_hung_up_p);
1578
522ed776 1579/**
37bdfb07
AC		 1580 * is_tty - checker whether file is a TTY
1581 * @filp: file handle that may be a tty
1582 *
1583 * Check if the file handle is a tty handle.
522ed776 1584 */
37bdfb07 1585
522ed776
MT		 1586int is_tty(struct file *filp)
1587{
1588 return filp->f_op->read == tty_read
1589 || filp->f_op->read == hung_up_tty_read;
1590}
1591
ab521dc0 1592static void session_clear_tty(struct pid *session)
24ec839c
PZ		 1593{
1594 struct task_struct *p;
ab521dc0 1595 do_each_pid_task(session, PIDTYPE_SID, p) {
24ec839c 1596 proc_clear_tty(p);
ab521dc0 1597 } while_each_pid_task(session, PIDTYPE_SID, p);
24ec839c
PZ		 1598}
1599
af9b897e
AC		 1600/**
1601 * disassociate_ctty - disconnect controlling tty
1602 * @on_exit: true if exiting so need to "hang up" the session
1da177e4 1603 *
af9b897e
AC		 1604 * This function is typically called only by the session leader, when
1605 * it wants to disassociate itself from its controlling tty.
1606 *
1607 * It performs the following functions:
1da177e4
LT		 1608 * (1) Sends a SIGHUP and SIGCONT to the foreground process group
1609 * (2) Clears the tty from being controlling the session
1610 * (3) Clears the controlling tty for all processes in the
1611 * session group.
1612 *
af9b897e
AC		 1613 * The argument on_exit is set to 1 if called when a process is
1614 * exiting; it is 0 if called by the ioctl TIOCNOTTY.
1615 *
24ec839c 1616 * Locking:
af9b897e 1617 * BKL is taken for hysterical raisins
24ec839c
PZ		 1618 * tty_mutex is taken to protect tty
1619 * ->siglock is taken to protect ->signal/->sighand
1620 * tasklist_lock is taken to walk process list for sessions
1621 * ->siglock is taken to protect ->signal/->sighand
1da177e4 1622 */
af9b897e 1623
1da177e4
LT		 1624void disassociate_ctty(int on_exit)
1625{
1626 struct tty_struct *tty;
ab521dc0 1627 struct pid *tty_pgrp = NULL;
1da177e4
LT		 1628
1629 lock_kernel();
1630
70522e12 1631 mutex_lock(&tty_mutex);
24ec839c 1632 tty = get_current_tty();
1da177e4 1633 if (tty) {
ab521dc0 1634 tty_pgrp = get_pid(tty->pgrp);
70522e12 1635 mutex_unlock(&tty_mutex);
24ec839c 1636 /* XXX: here we race, there is nothing protecting tty */
1da177e4
LT		 1637 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY)
1638 tty_vhangup(tty);
680a9671 1639 } else if (on_exit) {
ab521dc0 1640 struct pid *old_pgrp;
680a9671
EB		 1641 spin_lock_irq(&current->sighand->siglock);
1642 old_pgrp = current->signal->tty_old_pgrp;
ab521dc0 1643 current->signal->tty_old_pgrp = NULL;
680a9671 1644 spin_unlock_irq(&current->sighand->siglock);
24ec839c 1645 if (old_pgrp) {
ab521dc0
EB		 1646 kill_pgrp(old_pgrp, SIGHUP, on_exit);
1647 kill_pgrp(old_pgrp, SIGCONT, on_exit);
1648 put_pid(old_pgrp);
1da177e4 1649 }
70522e12 1650 mutex_unlock(&tty_mutex);
37bdfb07 1651 unlock_kernel();
1da177e4
LT		 1652 return;
1653 }
ab521dc0
EB		 1654 if (tty_pgrp) {
1655 kill_pgrp(tty_pgrp, SIGHUP, on_exit);
1da177e4 1656 if (!on_exit)
ab521dc0
EB		 1657 kill_pgrp(tty_pgrp, SIGCONT, on_exit);
1658 put_pid(tty_pgrp);
1da177e4
LT		 1659 }
1660
24ec839c 1661 spin_lock_irq(&current->sighand->siglock);
2a65f1d9 1662 put_pid(current->signal->tty_old_pgrp);
23cac8de 1663 current->signal->tty_old_pgrp = NULL;
24ec839c
PZ		 1664 spin_unlock_irq(&current->sighand->siglock);
1665
1666 mutex_lock(&tty_mutex);
1667 /* It is possible that do_tty_hangup has free'd this tty */
1668 tty = get_current_tty();
1669 if (tty) {
ab521dc0
EB		 1670 put_pid(tty->session);
1671 put_pid(tty->pgrp);
1672 tty->session = NULL;
1673 tty->pgrp = NULL;
24ec839c
PZ		 1674 } else {
1675#ifdef TTY_DEBUG_HANGUP
1676 printk(KERN_DEBUG "error attempted to write to tty [0x%p]"
1677 " = NULL", tty);
1678#endif
1679 }
1680 mutex_unlock(&tty_mutex);
1da177e4
LT		 1681
1682 /* Now clear signal->tty under the lock */
1683 read_lock(&tasklist_lock);
ab521dc0 1684 session_clear_tty(task_session(current));
1da177e4 1685 read_unlock(&tasklist_lock);
1da177e4
LT		 1686 unlock_kernel();
1687}
1688
98a27ba4
EB		 1689/**
1690 *
1691 * no_tty - Ensure the current process does not have a controlling tty
1692 */
1693void no_tty(void)
1694{
1695 struct task_struct *tsk = current;
1696 if (tsk->signal->leader)
1697 disassociate_ctty(0);
1698 proc_clear_tty(tsk);
1699}
1700
af9b897e
AC		 1701
1702/**
beb7dd86 1703 * stop_tty - propagate flow control
af9b897e
AC		 1704 * @tty: tty to stop
1705 *
1706 * Perform flow control to the driver. For PTY/TTY pairs we
beb7dd86 1707 * must also propagate the TIOCKPKT status. May be called
af9b897e
AC		 1708 * on an already stopped device and will not re-call the driver
1709 * method.
1710 *
1711 * This functionality is used by both the line disciplines for
1712 * halting incoming flow and by the driver. It may therefore be
1713 * called from any context, may be under the tty atomic_write_lock
1714 * but not always.
1715 *
1716 * Locking:
1717 * Broken. Relies on BKL which is unsafe here.
1718 */
1719
1da177e4
LT		 1720void stop_tty(struct tty_struct *tty)
1721{
1722 if (tty->stopped)
1723 return;
1724 tty->stopped = 1;
1725 if (tty->link && tty->link->packet) {
1726 tty->ctrl_status &= ~TIOCPKT_START;
1727 tty->ctrl_status |= TIOCPKT_STOP;
1728 wake_up_interruptible(&tty->link->read_wait);
1729 }
1730 if (tty->driver->stop)
1731 (tty->driver->stop)(tty);
1732}
1733
1734EXPORT_SYMBOL(stop_tty);
1735
af9b897e 1736/**
beb7dd86 1737 * start_tty - propagate flow control
af9b897e
AC		 1738 * @tty: tty to start
1739 *
1740 * Start a tty that has been stopped if at all possible. Perform
3a4fa0a2 1741 * any necessary wakeups and propagate the TIOCPKT status. If this
af9b897e
AC		 1742 * is the tty was previous stopped and is being started then the
1743 * driver start method is invoked and the line discipline woken.
1744 *
1745 * Locking:
1746 * Broken. Relies on BKL which is unsafe here.
1747 */
1748
1da177e4
LT		 1749void start_tty(struct tty_struct *tty)
1750{
1751 if (!tty->stopped || tty->flow_stopped)
1752 return;
1753 tty->stopped = 0;
1754 if (tty->link && tty->link->packet) {
1755 tty->ctrl_status &= ~TIOCPKT_STOP;
1756 tty->ctrl_status |= TIOCPKT_START;
1757 wake_up_interruptible(&tty->link->read_wait);
1758 }
1759 if (tty->driver->start)
1760 (tty->driver->start)(tty);
1da177e4
LT		 1761 /* If we have a running line discipline it may need kicking */
1762 tty_wakeup(tty);
1da177e4
LT		 1763}
1764
1765EXPORT_SYMBOL(start_tty);
1766
af9b897e
AC		 1767/**
1768 * tty_read - read method for tty device files
1769 * @file: pointer to tty file
1770 * @buf: user buffer
1771 * @count: size of user buffer
1772 * @ppos: unused
1773 *
1774 * Perform the read system call function on this terminal device. Checks
1775 * for hung up devices before calling the line discipline method.
1776 *
1777 * Locking:
1778 * Locks the line discipline internally while needed
1779 * For historical reasons the line discipline read method is
1780 * invoked under the BKL. This will go away in time so do not rely on it
1781 * in new code. Multiple read calls may be outstanding in parallel.
1782 */
1783
37bdfb07 1784static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
1da177e4
LT		 1785 loff_t *ppos)
1786{
1787 int i;
37bdfb07 1788 struct tty_struct *tty;
1da177e4
LT		 1789 struct inode *inode;
1790 struct tty_ldisc *ld;
1791
1792 tty = (struct tty_struct *)file->private_data;
a7113a96 1793 inode = file->f_path.dentry->d_inode;
1da177e4
LT		 1794 if (tty_paranoia_check(tty, inode, "tty_read"))
1795 return -EIO;
1796 if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
1797 return -EIO;
1798
1799 /* We want to wait for the line discipline to sort out in this
1800 situation */
1801 ld = tty_ldisc_ref_wait(tty);
1802 lock_kernel();
1803 if (ld->read)
37bdfb07 1804 i = (ld->read)(tty, file, buf, count);
1da177e4
LT		 1805 else
1806 i = -EIO;
1807 tty_ldisc_deref(ld);
1808 unlock_kernel();
1809 if (i > 0)
1810 inode->i_atime = current_fs_time(inode->i_sb);
1811 return i;
1812}
1813
9c1729db
AC		 1814void tty_write_unlock(struct tty_struct *tty)
1815{
1816 mutex_unlock(&tty->atomic_write_lock);
1817 wake_up_interruptible(&tty->write_wait);
1818}
1819
1820int tty_write_lock(struct tty_struct *tty, int ndelay)
1821{
1822 if (!mutex_trylock(&tty->atomic_write_lock)) {
1823 if (ndelay)
1824 return -EAGAIN;
1825 if (mutex_lock_interruptible(&tty->atomic_write_lock))
1826 return -ERESTARTSYS;
1827 }
1828 return 0;
1829}
1830
1da177e4
LT		 1831/*
1832 * Split writes up in sane blocksizes to avoid
1833 * denial-of-service type attacks
1834 */
1835static inline ssize_t do_tty_write(
1836 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1837 struct tty_struct *tty,
1838 struct file *file,
1839 const char __user *buf,
1840 size_t count)
1841{
9c1729db 1842 ssize_t ret, written = 0;
1da177e4 1843 unsigned int chunk;
37bdfb07 1844
9c1729db
AC		 1845 ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
1846 if (ret < 0)
1847 return ret;
1da177e4
LT		 1848
1849 /*
1850 * We chunk up writes into a temporary buffer. This
1851 * simplifies low-level drivers immensely, since they
1852 * don't have locking issues and user mode accesses.
1853 *
1854 * But if TTY_NO_WRITE_SPLIT is set, we should use a
1855 * big chunk-size..
1856 *
1857 * The default chunk-size is 2kB, because the NTTY
1858 * layer has problems with bigger chunks. It will
1859 * claim to be able to handle more characters than
1860 * it actually does.
af9b897e
AC		 1861 *
1862 * FIXME: This can probably go away now except that 64K chunks
1863 * are too likely to fail unless switched to vmalloc...
1da177e4
LT		 1864 */
1865 chunk = 2048;
1866 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1867 chunk = 65536;
1868 if (count < chunk)
1869 chunk = count;
1870
70522e12 1871 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1da177e4
LT		 1872 if (tty->write_cnt < chunk) {
1873 unsigned char *buf;
1874
1875 if (chunk < 1024)
1876 chunk = 1024;
1877
1878 buf = kmalloc(chunk, GFP_KERNEL);
1879 if (!buf) {
9c1729db
AC		 1880 ret = -ENOMEM;
1881 goto out;
1da177e4
LT		 1882 }
1883 kfree(tty->write_buf);
1884 tty->write_cnt = chunk;
1885 tty->write_buf = buf;
1886 }
1887
1888 /* Do the write .. */
1889 for (;;) {
1890 size_t size = count;
1891 if (size > chunk)
1892 size = chunk;
1893 ret = -EFAULT;
1894 if (copy_from_user(tty->write_buf, buf, size))
1895 break;
1896 lock_kernel();
1897 ret = write(tty, file, tty->write_buf, size);
1898 unlock_kernel();
1899 if (ret <= 0)
1900 break;
1901 written += ret;
1902 buf += ret;
1903 count -= ret;
1904 if (!count)
1905 break;
1906 ret = -ERESTARTSYS;
1907 if (signal_pending(current))
1908 break;
1909 cond_resched();
1910 }
1911 if (written) {
a7113a96 1912 struct inode *inode = file->f_path.dentry->d_inode;
1da177e4
LT		 1913 inode->i_mtime = current_fs_time(inode->i_sb);
1914 ret = written;
1915 }
9c1729db
AC		 1916out:
1917 tty_write_unlock(tty);
1da177e4
LT		 1918 return ret;
1919}
1920
1921
af9b897e
AC		 1922/**
1923 * tty_write - write method for tty device file
1924 * @file: tty file pointer
1925 * @buf: user data to write
1926 * @count: bytes to write
1927 * @ppos: unused
1928 *
1929 * Write data to a tty device via the line discipline.
1930 *
1931 * Locking:
1932 * Locks the line discipline as required
1933 * Writes to the tty driver are serialized by the atomic_write_lock
1934 * and are then processed in chunks to the device. The line discipline
1935 * write method will not be involked in parallel for each device
1936 * The line discipline write method is called under the big
1937 * kernel lock for historical reasons. New code should not rely on this.
1938 */
1939
37bdfb07
AC		 1940static ssize_t tty_write(struct file *file, const char __user *buf,
1941 size_t count, loff_t *ppos)
1da177e4 1942{
37bdfb07 1943 struct tty_struct *tty;
a7113a96 1944 struct inode *inode = file->f_path.dentry->d_inode;
1da177e4
LT		 1945 ssize_t ret;
1946 struct tty_ldisc *ld;
37bdfb07 1947
1da177e4
LT		 1948 tty = (struct tty_struct *)file->private_data;
1949 if (tty_paranoia_check(tty, inode, "tty_write"))
1950 return -EIO;
37bdfb07
AC		 1951 if (!tty || !tty->driver->write ||
1952 (test_bit(TTY_IO_ERROR, &tty->flags)))
1953 return -EIO;
1da177e4 1954
37bdfb07 1955 ld = tty_ldisc_ref_wait(tty);
1da177e4
LT		 1956 if (!ld->write)
1957 ret = -EIO;
1958 else
1959 ret = do_tty_write(ld->write, tty, file, buf, count);
1960 tty_ldisc_deref(ld);
1961 return ret;
1962}
1963
37bdfb07
AC		 1964ssize_t redirected_tty_write(struct file *file, const char __user *buf,
1965 size_t count, loff_t *ppos)
1da177e4
LT		 1966{
1967 struct file *p = NULL;
1968
1969 spin_lock(&redirect_lock);
1970 if (redirect) {
1971 get_file(redirect);
1972 p = redirect;
1973 }
1974 spin_unlock(&redirect_lock);
1975
1976 if (p) {
1977 ssize_t res;
1978 res = vfs_write(p, buf, count, &p->f_pos);
1979 fput(p);
1980 return res;
1981 }
1da177e4
LT		 1982 return tty_write(file, buf, count, ppos);
1983}
1984
1985static char ptychar[] = "pqrstuvwxyzabcde";
1986
af9b897e
AC		 1987/**
1988 * pty_line_name - generate name for a pty
1989 * @driver: the tty driver in use
1990 * @index: the minor number
1991 * @p: output buffer of at least 6 bytes
1992 *
1993 * Generate a name from a driver reference and write it to the output
1994 * buffer.
1995 *
1996 * Locking: None
1997 */
1998static void pty_line_name(struct tty_driver *driver, int index, char *p)
1da177e4
LT		 1999{
2000 int i = index + driver->name_base;
2001 /* ->name is initialized to "ttyp", but "tty" is expected */
2002 sprintf(p, "%s%c%x",
37bdfb07
AC		 2003 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
2004 ptychar[i >> 4 & 0xf], i & 0xf);
1da177e4
LT		 2005}
2006
af9b897e
AC		 2007/**
2008 * pty_line_name - generate name for a tty
2009 * @driver: the tty driver in use
2010 * @index: the minor number
2011 * @p: output buffer of at least 7 bytes
2012 *
2013 * Generate a name from a driver reference and write it to the output
2014 * buffer.
2015 *
2016 * Locking: None
2017 */
2018static void tty_line_name(struct tty_driver *driver, int index, char *p)
1da177e4
LT		 2019{
2020 sprintf(p, "%s%d", driver->name, index + driver->name_base);
2021}
2022
af9b897e
AC		 2023/**
2024 * init_dev - initialise a tty device
2025 * @driver: tty driver we are opening a device on
2026 * @idx: device index
2027 * @tty: returned tty structure
2028 *
2029 * Prepare a tty device. This may not be a "new" clean device but
2030 * could also be an active device. The pty drivers require special
2031 * handling because of this.
2032 *
2033 * Locking:
2034 * The function is called under the tty_mutex, which
2035 * protects us from the tty struct or driver itself going away.
2036 *
2037 * On exit the tty device has the line discipline attached and
2038 * a reference count of 1. If a pair was created for pty/tty use
2039 * and the other was a pty master then it too has a reference count of 1.
2040 *
1da177e4 2041 * WSH 06/09/97: Rewritten to remove races and properly clean up after a
70522e12
IM		 2042 * failed open. The new code protects the open with a mutex, so it's
2043 * really quite straightforward. The mutex locking can probably be
1da177e4
LT		 2044 * relaxed for the (most common) case of reopening a tty.
2045 */
af9b897e 2046
1da177e4
LT		 2047static int init_dev(struct tty_driver *driver, int idx,
2048 struct tty_struct **ret_tty)
2049{
2050 struct tty_struct *tty, *o_tty;
edc6afc5
AC		 2051 struct ktermios *tp, **tp_loc, *o_tp, **o_tp_loc;
2052 struct ktermios *ltp, **ltp_loc, *o_ltp, **o_ltp_loc;
af9b897e 2053 int retval = 0;
1da177e4
LT		 2054
2055 /* check whether we're reopening an existing tty */
2056 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
2057 tty = devpts_get_tty(idx);
5a39e8c6
ASRF		 2058 /*
2059 * If we don't have a tty here on a slave open, it's because
2060 * the master already started the close process and there's
2061 * no relation between devpts file and tty anymore.
2062 */
2063 if (!tty && driver->subtype == PTY_TYPE_SLAVE) {
2064 retval = -EIO;
2065 goto end_init;
2066 }
2067 /*
2068 * It's safe from now on because init_dev() is called with
2069 * tty_mutex held and release_dev() won't change tty->count
2070 * or tty->flags without having to grab tty_mutex
2071 */
1da177e4
LT		 2072 if (tty && driver->subtype == PTY_TYPE_MASTER)
2073 tty = tty->link;
2074 } else {
2075 tty = driver->ttys[idx];
2076 }
2077 if (tty) goto fast_track;
2078
2079 /*
2080 * First time open is complex, especially for PTY devices.
2081 * This code guarantees that either everything succeeds and the
2082 * TTY is ready for operation, or else the table slots are vacated
37bdfb07 2083 * and the allocated memory released. (Except that the termios
1da177e4
LT		 2084 * and locked termios may be retained.)
2085 */
2086
2087 if (!try_module_get(driver->owner)) {
2088 retval = -ENODEV;
2089 goto end_init;
2090 }
2091
2092 o_tty = NULL;
2093 tp = o_tp = NULL;
2094 ltp = o_ltp = NULL;
2095
2096 tty = alloc_tty_struct();
37bdfb07 2097 if (!tty)
1da177e4
LT		 2098 goto fail_no_mem;
2099 initialize_tty_struct(tty);
2100 tty->driver = driver;
2101 tty->index = idx;
2102 tty_line_name(driver, idx, tty->name);
2103
2104 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
2105 tp_loc = &tty->termios;
2106 ltp_loc = &tty->termios_locked;
2107 } else {
2108 tp_loc = &driver->termios[idx];
2109 ltp_loc = &driver->termios_locked[idx];
2110 }
2111
2112 if (!*tp_loc) {
abcb1ff3 2113 tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
1da177e4
LT		 2114 if (!tp)
2115 goto free_mem_out;
2116 *tp = driver->init_termios;
2117 }
2118
2119 if (!*ltp_loc) {
506eb99a 2120 ltp = kzalloc(sizeof(struct ktermios), GFP_KERNEL);
1da177e4
LT		 2121 if (!ltp)
2122 goto free_mem_out;
1da177e4
LT		 2123 }
2124
2125 if (driver->type == TTY_DRIVER_TYPE_PTY) {
2126 o_tty = alloc_tty_struct();
2127 if (!o_tty)
2128 goto free_mem_out;
2129 initialize_tty_struct(o_tty);
2130 o_tty->driver = driver->other;
2131 o_tty->index = idx;
2132 tty_line_name(driver->other, idx, o_tty->name);
2133
2134 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
2135 o_tp_loc = &o_tty->termios;
2136 o_ltp_loc = &o_tty->termios_locked;
2137 } else {
2138 o_tp_loc = &driver->other->termios[idx];
2139 o_ltp_loc = &driver->other->termios_locked[idx];
2140 }
2141
2142 if (!*o_tp_loc) {
abcb1ff3 2143 o_tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
1da177e4
LT		 2144 if (!o_tp)
2145 goto free_mem_out;
2146 *o_tp = driver->other->init_termios;
2147 }
2148
2149 if (!*o_ltp_loc) {
506eb99a 2150 o_ltp = kzalloc(sizeof(struct ktermios), GFP_KERNEL);
1da177e4
LT		 2151 if (!o_ltp)
2152 goto free_mem_out;
1da177e4
LT		 2153 }
2154
2155 /*
2156 * Everything allocated ... set up the o_tty structure.
2157 */
37bdfb07 2158 if (!(driver->other->flags & TTY_DRIVER_DEVPTS_MEM))
1da177e4 2159 driver->other->ttys[idx] = o_tty;
1da177e4
LT		 2160 if (!*o_tp_loc)
2161 *o_tp_loc = o_tp;
2162 if (!*o_ltp_loc)
2163 *o_ltp_loc = o_ltp;
2164 o_tty->termios = *o_tp_loc;
2165 o_tty->termios_locked = *o_ltp_loc;
2166 driver->other->refcount++;
2167 if (driver->subtype == PTY_TYPE_MASTER)
2168 o_tty->count++;
2169
2170 /* Establish the links in both directions */
2171 tty->link = o_tty;
2172 o_tty->link = tty;
2173 }
2174
37bdfb07 2175 /*
1da177e4 2176 * All structures have been allocated, so now we install them.
d5698c28 2177 * Failures after this point use release_tty to clean up, so
1da177e4
LT		 2178 * there's no need to null out the local pointers.
2179 */
37bdfb07 2180 if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM))
1da177e4 2181 driver->ttys[idx] = tty;
37bdfb07 2182
1da177e4
LT		 2183 if (!*tp_loc)
2184 *tp_loc = tp;
2185 if (!*ltp_loc)
2186 *ltp_loc = ltp;
2187 tty->termios = *tp_loc;
2188 tty->termios_locked = *ltp_loc;
edc6afc5
AC		 2189 /* Compatibility until drivers always set this */
2190 tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
2191 tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
1da177e4
LT		 2192 driver->refcount++;
2193 tty->count++;
2194
37bdfb07 2195 /*
1da177e4 2196 * Structures all installed ... call the ldisc open routines.
d5698c28
CH		 2197 * If we fail here just call release_tty to clean up. No need
2198 * to decrement the use counts, as release_tty doesn't care.
1da177e4
LT		 2199 */
2200
2201 if (tty->ldisc.open) {
2202 retval = (tty->ldisc.open)(tty);
2203 if (retval)
2204 goto release_mem_out;
2205 }
2206 if (o_tty && o_tty->ldisc.open) {
2207 retval = (o_tty->ldisc.open)(o_tty);
2208 if (retval) {
2209 if (tty->ldisc.close)
2210 (tty->ldisc.close)(tty);
2211 goto release_mem_out;
2212 }
2213 tty_ldisc_enable(o_tty);
2214 }
2215 tty_ldisc_enable(tty);
2216 goto success;
2217
2218 /*
2219 * This fast open can be used if the tty is already open.
2220 * No memory is allocated, and the only failures are from
2221 * attempting to open a closing tty or attempting multiple
2222 * opens on a pty master.
2223 */
2224fast_track:
2225 if (test_bit(TTY_CLOSING, &tty->flags)) {
2226 retval = -EIO;
2227 goto end_init;
2228 }
2229 if (driver->type == TTY_DRIVER_TYPE_PTY &&
2230 driver->subtype == PTY_TYPE_MASTER) {
2231 /*
37bdfb07 2232 * special case for PTY masters: only one open permitted,
1da177e4
LT		 2233 * and the slave side open count is incremented as well.
2234 */
2235 if (tty->count) {
2236 retval = -EIO;
2237 goto end_init;
2238 }
2239 tty->link->count++;
2240 }
2241 tty->count++;
2242 tty->driver = driver; /* N.B. why do this every time?? */
2243
2244 /* FIXME */
37bdfb07 2245 if (!test_bit(TTY_LDISC, &tty->flags))
1da177e4
LT		 2246 printk(KERN_ERR "init_dev but no ldisc\n");
2247success:
2248 *ret_tty = tty;
37bdfb07 2249
70522e12 2250 /* All paths come through here to release the mutex */
1da177e4
LT		 2251end_init:
2252 return retval;
2253
2254 /* Release locally allocated memory ... nothing placed in slots */
2255free_mem_out:
735d5661 2256 kfree(o_tp);
1da177e4
LT		 2257 if (o_tty)
2258 free_tty_struct(o_tty);
735d5661
JJ		 2259 kfree(ltp);
2260 kfree(tp);
1da177e4
LT		 2261 free_tty_struct(tty);
2262
2263fail_no_mem:
2264 module_put(driver->owner);
2265 retval = -ENOMEM;
2266 goto end_init;
2267
d5698c28 2268 /* call the tty release_tty routine to clean out this slot */
1da177e4 2269release_mem_out:
4050914f
AM		 2270 if (printk_ratelimit())
2271 printk(KERN_INFO "init_dev: ldisc open failed, "
2272 "clearing slot %d\n", idx);
d5698c28 2273 release_tty(tty, idx);
1da177e4
LT		 2274 goto end_init;
2275}
2276
af9b897e 2277/**
d5698c28 2278 * release_one_tty - release tty structure memory
af9b897e
AC		 2279 *
2280 * Releases memory associated with a tty structure, and clears out the
2281 * driver table slots. This function is called when a device is no longer
2282 * in use. It also gets called when setup of a device fails.
2283 *
2284 * Locking:
2285 * tty_mutex - sometimes only
2286 * takes the file list lock internally when working on the list
2287 * of ttys that the driver keeps.
2288 * FIXME: should we require tty_mutex is held here ??
1da177e4 2289 */
d5698c28 2290static void release_one_tty(struct tty_struct *tty, int idx)
1da177e4 2291{
1da177e4 2292 int devpts = tty->driver->flags & TTY_DRIVER_DEVPTS_MEM;
d5698c28 2293 struct ktermios *tp;
1da177e4
LT		 2294
2295 if (!devpts)
2296 tty->driver->ttys[idx] = NULL;
d5698c28 2297
1da177e4
LT		 2298 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
2299 tp = tty->termios;
2300 if (!devpts)
2301 tty->driver->termios[idx] = NULL;
2302 kfree(tp);
2303
2304 tp = tty->termios_locked;
2305 if (!devpts)
2306 tty->driver->termios_locked[idx] = NULL;
2307 kfree(tp);
2308 }
2309
d5698c28 2310
1da177e4
LT		 2311 tty->magic = 0;
2312 tty->driver->refcount--;
d5698c28 2313
1da177e4
LT		 2314 file_list_lock();
2315 list_del_init(&tty->tty_files);
2316 file_list_unlock();
d5698c28 2317
1da177e4
LT		 2318 free_tty_struct(tty);
2319}
2320
d5698c28
CH		 2321/**
2322 * release_tty - release tty structure memory
2323 *
2324 * Release both @tty and a possible linked partner (think pty pair),
2325 * and decrement the refcount of the backing module.
2326 *
2327 * Locking:
2328 * tty_mutex - sometimes only
2329 * takes the file list lock internally when working on the list
2330 * of ttys that the driver keeps.
2331 * FIXME: should we require tty_mutex is held here ??
2332 */
2333static void release_tty(struct tty_struct *tty, int idx)
2334{
2335 struct tty_driver *driver = tty->driver;
2336
2337 if (tty->link)
2338 release_one_tty(tty->link, idx);
2339 release_one_tty(tty, idx);
2340 module_put(driver->owner);
2341}
2342
1da177e4
LT		 2343/*
2344 * Even releasing the tty structures is a tricky business.. We have
2345 * to be very careful that the structures are all released at the
2346 * same time, as interrupts might otherwise get the wrong pointers.
2347 *
2348 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
2349 * lead to double frees or releasing memory still in use.
2350 */
37bdfb07 2351static void release_dev(struct file *filp)
1da177e4
LT		 2352{
2353 struct tty_struct *tty, *o_tty;
2354 int pty_master, tty_closing, o_tty_closing, do_sleep;
14a6283e 2355 int devpts;
1da177e4
LT		 2356 int idx;
2357 char buf[64];
2358 unsigned long flags;
37bdfb07 2359
1da177e4 2360 tty = (struct tty_struct *)filp->private_data;
37bdfb07
AC		 2361 if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode,
2362 "release_dev"))
1da177e4
LT		 2363 return;
2364
2365 check_tty_count(tty, "release_dev");
2366
2367 tty_fasync(-1, filp, 0);
2368
2369 idx = tty->index;
2370 pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2371 tty->driver->subtype == PTY_TYPE_MASTER);
2372 devpts = (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) != 0;
1da177e4
LT		 2373 o_tty = tty->link;
2374
2375#ifdef TTY_PARANOIA_CHECK
2376 if (idx < 0 || idx >= tty->driver->num) {
2377 printk(KERN_DEBUG "release_dev: bad idx when trying to "
2378 "free (%s)\n", tty->name);
2379 return;
2380 }
2381 if (!(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2382 if (tty != tty->driver->ttys[idx]) {
2383 printk(KERN_DEBUG "release_dev: driver.table[%d] not tty "
2384 "for (%s)\n", idx, tty->name);
2385 return;
2386 }
2387 if (tty->termios != tty->driver->termios[idx]) {
2388 printk(KERN_DEBUG "release_dev: driver.termios[%d] not termios "
2389 "for (%s)\n",
2390 idx, tty->name);
2391 return;
2392 }
2393 if (tty->termios_locked != tty->driver->termios_locked[idx]) {
2394 printk(KERN_DEBUG "release_dev: driver.termios_locked[%d] not "
2395 "termios_locked for (%s)\n",
2396 idx, tty->name);
2397 return;
2398 }
2399 }
2400#endif
2401
2402#ifdef TTY_DEBUG_HANGUP
2403 printk(KERN_DEBUG "release_dev of %s (tty count=%d)...",
2404 tty_name(tty, buf), tty->count);
2405#endif
2406
2407#ifdef TTY_PARANOIA_CHECK
2408 if (tty->driver->other &&
2409 !(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2410 if (o_tty != tty->driver->other->ttys[idx]) {
2411 printk(KERN_DEBUG "release_dev: other->table[%d] "
2412 "not o_tty for (%s)\n",
2413 idx, tty->name);
2414 return;
2415 }
2416 if (o_tty->termios != tty->driver->other->termios[idx]) {
2417 printk(KERN_DEBUG "release_dev: other->termios[%d] "
2418 "not o_termios for (%s)\n",
2419 idx, tty->name);
2420 return;
2421 }
37bdfb07 2422 if (o_tty->termios_locked !=
1da177e4
LT		 2423 tty->driver->other->termios_locked[idx]) {
2424 printk(KERN_DEBUG "release_dev: other->termios_locked["
2425 "%d] not o_termios_locked for (%s)\n",
2426 idx, tty->name);
2427 return;
2428 }
2429 if (o_tty->link != tty) {
2430 printk(KERN_DEBUG "release_dev: bad pty pointers\n");
2431 return;
2432 }
2433 }
2434#endif
2435 if (tty->driver->close)
2436 tty->driver->close(tty, filp);
2437
2438 /*
2439 * Sanity check: if tty->count is going to zero, there shouldn't be
2440 * any waiters on tty->read_wait or tty->write_wait. We test the
2441 * wait queues and kick everyone out _before_ actually starting to
2442 * close. This ensures that we won't block while releasing the tty
2443 * structure.
2444 *
2445 * The test for the o_tty closing is necessary, since the master and
2446 * slave sides may close in any order. If the slave side closes out
2447 * first, its count will be one, since the master side holds an open.
2448 * Thus this test wouldn't be triggered at the time the slave closes,
2449 * so we do it now.
2450 *
2451 * Note that it's possible for the tty to be opened again while we're
2452 * flushing out waiters. By recalculating the closing flags before
2453 * each iteration we avoid any problems.
2454 */
2455 while (1) {
2456 /* Guard against races with tty->count changes elsewhere and
2457 opens on /dev/tty */
37bdfb07 2458
70522e12 2459 mutex_lock(&tty_mutex);
1da177e4
LT		 2460 tty_closing = tty->count <= 1;
2461 o_tty_closing = o_tty &&
2462 (o_tty->count <= (pty_master ? 1 : 0));
1da177e4
LT		 2463 do_sleep = 0;
2464
2465 if (tty_closing) {
2466 if (waitqueue_active(&tty->read_wait)) {
2467 wake_up(&tty->read_wait);
2468 do_sleep++;
2469 }
2470 if (waitqueue_active(&tty->write_wait)) {
2471 wake_up(&tty->write_wait);
2472 do_sleep++;
2473 }
2474 }
2475 if (o_tty_closing) {
2476 if (waitqueue_active(&o_tty->read_wait)) {
2477 wake_up(&o_tty->read_wait);
2478 do_sleep++;
2479 }
2480 if (waitqueue_active(&o_tty->write_wait)) {
2481 wake_up(&o_tty->write_wait);
2482 do_sleep++;
2483 }
2484 }
2485 if (!do_sleep)
2486 break;
2487
2488 printk(KERN_WARNING "release_dev: %s: read/write wait queue "
2489 "active!\n", tty_name(tty, buf));
70522e12 2490 mutex_unlock(&tty_mutex);
1da177e4 2491 schedule();
37bdfb07 2492 }
1da177e4
LT		 2493
2494 /*
37bdfb07
AC		 2495 * The closing flags are now consistent with the open counts on
2496 * both sides, and we've completed the last operation that could
1da177e4
LT		 2497 * block, so it's safe to proceed with closing.
2498 */
1da177e4
LT		 2499 if (pty_master) {
2500 if (--o_tty->count < 0) {
2501 printk(KERN_WARNING "release_dev: bad pty slave count "
2502 "(%d) for %s\n",
2503 o_tty->count, tty_name(o_tty, buf));
2504 o_tty->count = 0;
2505 }
2506 }
2507 if (--tty->count < 0) {
2508 printk(KERN_WARNING "release_dev: bad tty->count (%d) for %s\n",
2509 tty->count, tty_name(tty, buf));
2510 tty->count = 0;
2511 }
37bdfb07 2512
1da177e4
LT		 2513 /*
2514 * We've decremented tty->count, so we need to remove this file
2515 * descriptor off the tty->tty_files list; this serves two
2516 * purposes:
2517 * - check_tty_count sees the correct number of file descriptors
2518 * associated with this tty.
2519 * - do_tty_hangup no longer sees this file descriptor as
2520 * something that needs to be handled for hangups.
2521 */
2522 file_kill(filp);
2523 filp->private_data = NULL;
2524
2525 /*
2526 * Perform some housekeeping before deciding whether to return.
2527 *
2528 * Set the TTY_CLOSING flag if this was the last open. In the
2529 * case of a pty we may have to wait around for the other side
2530 * to close, and TTY_CLOSING makes sure we can't be reopened.
2531 */
37bdfb07 2532 if (tty_closing)
1da177e4 2533 set_bit(TTY_CLOSING, &tty->flags);
37bdfb07 2534 if (o_tty_closing)
1da177e4
LT		 2535 set_bit(TTY_CLOSING, &o_tty->flags);
2536
2537 /*
2538 * If _either_ side is closing, make sure there aren't any
2539 * processes that still think tty or o_tty is their controlling
2540 * tty.
2541 */
2542 if (tty_closing || o_tty_closing) {
1da177e4 2543 read_lock(&tasklist_lock);
24ec839c 2544 session_clear_tty(tty->session);
1da177e4 2545 if (o_tty)
24ec839c 2546 session_clear_tty(o_tty->session);
1da177e4
LT		 2547 read_unlock(&tasklist_lock);
2548 }
2549
70522e12 2550 mutex_unlock(&tty_mutex);
da965822 2551
1da177e4
LT		 2552 /* check whether both sides are closing ... */
2553 if (!tty_closing || (o_tty && !o_tty_closing))
2554 return;
37bdfb07 2555
1da177e4
LT		 2556#ifdef TTY_DEBUG_HANGUP
2557 printk(KERN_DEBUG "freeing tty structure...");
2558#endif
2559 /*
2560 * Prevent flush_to_ldisc() from rescheduling the work for later. Then
2561 * kill any delayed work. As this is the final close it does not
2562 * race with the set_ldisc code path.
2563 */
2564 clear_bit(TTY_LDISC, &tty->flags);
33f0f88f 2565 cancel_delayed_work(&tty->buf.work);
1da177e4
LT		 2566
2567 /*
33f0f88f 2568 * Wait for ->hangup_work and ->buf.work handlers to terminate
1da177e4 2569 */
37bdfb07 2570
1da177e4 2571 flush_scheduled_work();
37bdfb07 2572
1da177e4
LT		 2573 /*
2574 * Wait for any short term users (we know they are just driver
2575 * side waiters as the file is closing so user count on the file
2576 * side is zero.
2577 */
2578 spin_lock_irqsave(&tty_ldisc_lock, flags);
37bdfb07 2579 while (tty->ldisc.refcount) {
1da177e4
LT		 2580 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
2581 wait_event(tty_ldisc_wait, tty->ldisc.refcount == 0);
2582 spin_lock_irqsave(&tty_ldisc_lock, flags);
2583 }
2584 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
2585 /*
2586 * Shutdown the current line discipline, and reset it to N_TTY.
2587 * N.B. why reset ldisc when we're releasing the memory??
2588 *
2589 * FIXME: this MUST get fixed for the new reflocking
2590 */
2591 if (tty->ldisc.close)
2592 (tty->ldisc.close)(tty);
2593 tty_ldisc_put(tty->ldisc.num);
37bdfb07 2594
1da177e4
LT		 2595 /*
2596 * Switch the line discipline back
2597 */
2598 tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
37bdfb07 2599 tty_set_termios_ldisc(tty, N_TTY);
1da177e4
LT		 2600 if (o_tty) {
2601 /* FIXME: could o_tty be in setldisc here ? */
2602 clear_bit(TTY_LDISC, &o_tty->flags);
2603 if (o_tty->ldisc.close)
2604 (o_tty->ldisc.close)(o_tty);
2605 tty_ldisc_put(o_tty->ldisc.num);
2606 tty_ldisc_assign(o_tty, tty_ldisc_get(N_TTY));
37bdfb07 2607 tty_set_termios_ldisc(o_tty, N_TTY);
1da177e4
LT		 2608 }
2609 /*
d5698c28 2610 * The release_tty function takes care of the details of clearing
1da177e4
LT		 2611 * the slots and preserving the termios structure.
2612 */
d5698c28 2613 release_tty(tty, idx);
1da177e4
LT		 2614
2615#ifdef CONFIG_UNIX98_PTYS
2616 /* Make this pty number available for reallocation */
2617 if (devpts) {
a6752f3f 2618 mutex_lock(&allocated_ptys_lock);
1da177e4 2619 idr_remove(&allocated_ptys, idx);
a6752f3f 2620 mutex_unlock(&allocated_ptys_lock);
1da177e4
LT		 2621 }
2622#endif
2623
2624}
2625
af9b897e
AC		 2626/**
2627 * tty_open - open a tty device
2628 * @inode: inode of device file
2629 * @filp: file pointer to tty
1da177e4 2630 *
af9b897e
AC		 2631 * tty_open and tty_release keep up the tty count that contains the
2632 * number of opens done on a tty. We cannot use the inode-count, as
2633 * different inodes might point to the same tty.
1da177e4 2634 *
af9b897e
AC		 2635 * Open-counting is needed for pty masters, as well as for keeping
2636 * track of serial lines: DTR is dropped when the last close happens.
2637 * (This is not done solely through tty->count, now. - Ted 1/27/92)
2638 *
2639 * The termios state of a pty is reset on first open so that
2640 * settings don't persist across reuse.
2641 *
24ec839c
PZ		 2642 * Locking: tty_mutex protects tty, get_tty_driver and init_dev work.
2643 * tty->count should protect the rest.
2644 * ->siglock protects ->signal/->sighand
1da177e4 2645 */
af9b897e 2646
37bdfb07 2647static int tty_open(struct inode *inode, struct file *filp)
1da177e4
LT		 2648{
2649 struct tty_struct *tty;
2650 int noctty, retval;
2651 struct tty_driver *driver;
2652 int index;
2653 dev_t device = inode->i_rdev;
2654 unsigned short saved_flags = filp->f_flags;
2655
2656 nonseekable_open(inode, filp);
37bdfb07 2657
1da177e4
LT		 2658retry_open:
2659 noctty = filp->f_flags & O_NOCTTY;
2660 index = -1;
2661 retval = 0;
37bdfb07 2662
70522e12 2663 mutex_lock(&tty_mutex);
1da177e4 2664
37bdfb07 2665 if (device == MKDEV(TTYAUX_MAJOR, 0)) {
24ec839c
PZ		 2666 tty = get_current_tty();
2667 if (!tty) {
70522e12 2668 mutex_unlock(&tty_mutex);
1da177e4
LT		 2669 return -ENXIO;
2670 }
24ec839c
PZ		 2671 driver = tty->driver;
2672 index = tty->index;
1da177e4
LT		 2673 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
2674 /* noctty = 1; */
2675 goto got_driver;
2676 }
2677#ifdef CONFIG_VT
37bdfb07 2678 if (device == MKDEV(TTY_MAJOR, 0)) {
1da177e4
LT		 2679 extern struct tty_driver *console_driver;
2680 driver = console_driver;
2681 index = fg_console;
2682 noctty = 1;
2683 goto got_driver;
2684 }
2685#endif
37bdfb07 2686 if (device == MKDEV(TTYAUX_MAJOR, 1)) {
1da177e4
LT		 2687 driver = console_device(&index);
2688 if (driver) {
2689 /* Don't let /dev/console block */
2690 filp->f_flags |= O_NONBLOCK;
2691 noctty = 1;
2692 goto got_driver;
2693 }
70522e12 2694 mutex_unlock(&tty_mutex);
1da177e4
LT		 2695 return -ENODEV;
2696 }
2697
2698 driver = get_tty_driver(device, &index);
2699 if (!driver) {
70522e12 2700 mutex_unlock(&tty_mutex);
1da177e4
LT		 2701 return -ENODEV;
2702 }
2703got_driver:
2704 retval = init_dev(driver, index, &tty);
70522e12 2705 mutex_unlock(&tty_mutex);
1da177e4
LT		 2706 if (retval)
2707 return retval;
2708
2709 filp->private_data = tty;
2710 file_move(filp, &tty->tty_files);
2711 check_tty_count(tty, "tty_open");
2712 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2713 tty->driver->subtype == PTY_TYPE_MASTER)
2714 noctty = 1;
2715#ifdef TTY_DEBUG_HANGUP
2716 printk(KERN_DEBUG "opening %s...", tty->name);
2717#endif
2718 if (!retval) {
2719 if (tty->driver->open)
2720 retval = tty->driver->open(tty, filp);
2721 else
2722 retval = -ENODEV;
2723 }
2724 filp->f_flags = saved_flags;
2725
37bdfb07
AC		 2726 if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) &&
2727 !capable(CAP_SYS_ADMIN))
1da177e4
LT		 2728 retval = -EBUSY;
2729
2730 if (retval) {
2731#ifdef TTY_DEBUG_HANGUP
2732 printk(KERN_DEBUG "error %d in opening %s...", retval,
2733 tty->name);
2734#endif
2735 release_dev(filp);
2736 if (retval != -ERESTARTSYS)
2737 return retval;
2738 if (signal_pending(current))
2739 return retval;
2740 schedule();
2741 /*
2742 * Need to reset f_op in case a hangup happened.
2743 */
2744 if (filp->f_op == &hung_up_tty_fops)
2745 filp->f_op = &tty_fops;
2746 goto retry_open;
2747 }
24ec839c
PZ		 2748
2749 mutex_lock(&tty_mutex);
2750 spin_lock_irq(&current->sighand->siglock);
1da177e4
LT		 2751 if (!noctty &&
2752 current->signal->leader &&
2753 !current->signal->tty &&
ab521dc0 2754 tty->session == NULL)
2a65f1d9 2755 __proc_set_tty(current, tty);
24ec839c
PZ		 2756 spin_unlock_irq(&current->sighand->siglock);
2757 mutex_unlock(&tty_mutex);
522ed776 2758 tty_audit_opening();
1da177e4
LT		 2759 return 0;
2760}
2761
2762#ifdef CONFIG_UNIX98_PTYS
af9b897e
AC		 2763/**
2764 * ptmx_open - open a unix 98 pty master
2765 * @inode: inode of device file
2766 * @filp: file pointer to tty
2767 *
2768 * Allocate a unix98 pty master device from the ptmx driver.
2769 *
2770 * Locking: tty_mutex protects theinit_dev work. tty->count should
37bdfb07 2771 * protect the rest.
af9b897e
AC		 2772 * allocated_ptys_lock handles the list of free pty numbers
2773 */
2774
37bdfb07 2775static int ptmx_open(struct inode *inode, struct file *filp)
1da177e4
LT		 2776{
2777 struct tty_struct *tty;
2778 int retval;
2779 int index;
2780 int idr_ret;
2781
2782 nonseekable_open(inode, filp);
2783
2784 /* find a device that is not in use. */
a6752f3f 2785 mutex_lock(&allocated_ptys_lock);
1da177e4 2786 if (!idr_pre_get(&allocated_ptys, GFP_KERNEL)) {
a6752f3f 2787 mutex_unlock(&allocated_ptys_lock);
1da177e4
LT		 2788 return -ENOMEM;
2789 }
2790 idr_ret = idr_get_new(&allocated_ptys, NULL, &index);
2791 if (idr_ret < 0) {
a6752f3f 2792 mutex_unlock(&allocated_ptys_lock);
1da177e4
LT		 2793 if (idr_ret == -EAGAIN)
2794 return -ENOMEM;
2795 return -EIO;
2796 }
2797 if (index >= pty_limit) {
2798 idr_remove(&allocated_ptys, index);
a6752f3f 2799 mutex_unlock(&allocated_ptys_lock);
1da177e4
LT		 2800 return -EIO;
2801 }
a6752f3f 2802 mutex_unlock(&allocated_ptys_lock);
1da177e4 2803
70522e12 2804 mutex_lock(&tty_mutex);
1da177e4 2805 retval = init_dev(ptm_driver, index, &tty);
70522e12 2806 mutex_unlock(&tty_mutex);
37bdfb07 2807
1da177e4
LT		 2808 if (retval)
2809 goto out;
2810
2811 set_bit(TTY_PTY_LOCK, &tty->flags); /* LOCK THE SLAVE */
2812 filp->private_data = tty;
2813 file_move(filp, &tty->tty_files);
2814
2815 retval = -ENOMEM;
2816 if (devpts_pty_new(tty->link))
2817 goto out1;
2818
2819 check_tty_count(tty, "tty_open");
2820 retval = ptm_driver->open(tty, filp);
522ed776
MT		 2821 if (!retval) {
2822 tty_audit_opening();
1da177e4 2823 return 0;
522ed776 2824 }
1da177e4
LT		 2825out1:
2826 release_dev(filp);
9453a5ad 2827 return retval;
1da177e4 2828out:
a6752f3f 2829 mutex_lock(&allocated_ptys_lock);
1da177e4 2830 idr_remove(&allocated_ptys, index);
a6752f3f 2831 mutex_unlock(&allocated_ptys_lock);
1da177e4
LT		 2832 return retval;
2833}
2834#endif
2835
af9b897e
AC		 2836/**
2837 * tty_release - vfs callback for close
2838 * @inode: inode of tty
2839 * @filp: file pointer for handle to tty
2840 *
2841 * Called the last time each file handle is closed that references
2842 * this tty. There may however be several such references.
2843 *
2844 * Locking:
2845 * Takes bkl. See release_dev
2846 */
2847
37bdfb07 2848static int tty_release(struct inode *inode, struct file *filp)
1da177e4
LT		 2849{
2850 lock_kernel();
2851 release_dev(filp);
2852 unlock_kernel();
2853 return 0;
2854}
2855
af9b897e
AC		 2856/**
2857 * tty_poll - check tty status
2858 * @filp: file being polled
2859 * @wait: poll wait structures to update
2860 *
2861 * Call the line discipline polling method to obtain the poll
2862 * status of the device.
2863 *
2864 * Locking: locks called line discipline but ldisc poll method
2865 * may be re-entered freely by other callers.
2866 */
2867
37bdfb07 2868static unsigned int tty_poll(struct file *filp, poll_table *wait)
1da177e4 2869{
37bdfb07 2870 struct tty_struct *tty;
1da177e4
LT		 2871 struct tty_ldisc *ld;
2872 int ret = 0;
2873
2874 tty = (struct tty_struct *)filp->private_data;
a7113a96 2875 if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_poll"))
1da177e4 2876 return 0;
37bdfb07 2877
1da177e4
LT		 2878 ld = tty_ldisc_ref_wait(tty);
2879 if (ld->poll)
2880 ret = (ld->poll)(tty, filp, wait);
2881 tty_ldisc_deref(ld);
2882 return ret;
2883}
2884
37bdfb07 2885static int tty_fasync(int fd, struct file *filp, int on)
1da177e4 2886{
37bdfb07 2887 struct tty_struct *tty;
1da177e4
LT		 2888 int retval;
2889
2890 tty = (struct tty_struct *)filp->private_data;
a7113a96 2891 if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_fasync"))
1da177e4 2892 return 0;
37bdfb07 2893
1da177e4
LT		 2894 retval = fasync_helper(fd, filp, on, &tty->fasync);
2895 if (retval <= 0)
2896 return retval;
2897
2898 if (on) {
ab521dc0
EB		 2899 enum pid_type type;
2900 struct pid *pid;
1da177e4
LT		 2901 if (!waitqueue_active(&tty->read_wait))
2902 tty->minimum_to_wake = 1;
ab521dc0
EB		 2903 if (tty->pgrp) {
2904 pid = tty->pgrp;
2905 type = PIDTYPE_PGID;
2906 } else {
2907 pid = task_pid(current);
2908 type = PIDTYPE_PID;
2909 }
2910 retval = __f_setown(filp, pid, type, 0);
1da177e4
LT		 2911 if (retval)
2912 return retval;
2913 } else {
2914 if (!tty->fasync && !waitqueue_active(&tty->read_wait))
2915 tty->minimum_to_wake = N_TTY_BUF_SIZE;
2916 }
2917 return 0;
2918}
2919
af9b897e
AC		 2920/**
2921 * tiocsti - fake input character
2922 * @tty: tty to fake input into
2923 * @p: pointer to character
2924 *
3a4fa0a2 2925 * Fake input to a tty device. Does the necessary locking and
af9b897e
AC		 2926 * input management.
2927 *
2928 * FIXME: does not honour flow control ??
2929 *
2930 * Locking:
2931 * Called functions take tty_ldisc_lock
2932 * current->signal->tty check is safe without locks
28298232
AC		 2933 *
2934 * FIXME: may race normal receive processing
af9b897e
AC		 2935 */
2936
1da177e4
LT		 2937static int tiocsti(struct tty_struct *tty, char __user *p)
2938{
2939 char ch, mbz = 0;
2940 struct tty_ldisc *ld;
37bdfb07 2941
1da177e4
LT		 2942 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2943 return -EPERM;
2944 if (get_user(ch, p))
2945 return -EFAULT;
2946 ld = tty_ldisc_ref_wait(tty);
2947 ld->receive_buf(tty, &ch, &mbz, 1);
2948 tty_ldisc_deref(ld);
2949 return 0;
2950}
2951
af9b897e
AC		 2952/**
2953 * tiocgwinsz - implement window query ioctl
2954 * @tty; tty
2955 * @arg: user buffer for result
2956 *
808a0d38 2957 * Copies the kernel idea of the window size into the user buffer.
af9b897e 2958 *
24ec839c 2959 * Locking: tty->termios_mutex is taken to ensure the winsize data
808a0d38 2960 * is consistent.
af9b897e
AC		 2961 */
2962
37bdfb07 2963static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
1da177e4 2964{
808a0d38
AC		 2965 int err;
2966
5785c95b 2967 mutex_lock(&tty->termios_mutex);
808a0d38 2968 err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
5785c95b 2969 mutex_unlock(&tty->termios_mutex);
808a0d38
AC		 2970
2971 return err ? -EFAULT: 0;
1da177e4
LT		 2972}
2973
af9b897e
AC		 2974/**
2975 * tiocswinsz - implement window size set ioctl
2976 * @tty; tty
2977 * @arg: user buffer for result
2978 *
2979 * Copies the user idea of the window size to the kernel. Traditionally
2980 * this is just advisory information but for the Linux console it
2981 * actually has driver level meaning and triggers a VC resize.
2982 *
2983 * Locking:
ca9bda00
AC		 2984 * Called function use the console_sem is used to ensure we do
2985 * not try and resize the console twice at once.
24ec839c
PZ		 2986 * The tty->termios_mutex is used to ensure we don't double
2987 * resize and get confused. Lock order - tty->termios_mutex before
ca9bda00 2988 * console sem
af9b897e
AC		 2989 */
2990
1da177e4 2991static int tiocswinsz(struct tty_struct *tty, struct tty_struct *real_tty,
37bdfb07 2992 struct winsize __user *arg)
1da177e4
LT		 2993{
2994 struct winsize tmp_ws;
2995
2996 if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2997 return -EFAULT;
ca9bda00 2998
5785c95b 2999 mutex_lock(&tty->termios_mutex);
1da177e4 3000 if (!memcmp(&tmp_ws, &tty->winsize, sizeof(*arg)))
ca9bda00
AC		 3001 goto done;
3002
1da177e4
LT		 3003#ifdef CONFIG_VT
3004 if (tty->driver->type == TTY_DRIVER_TYPE_CONSOLE) {
5785c95b
AV		 3005 if (vc_lock_resize(tty->driver_data, tmp_ws.ws_col,
3006 tmp_ws.ws_row)) {
3007 mutex_unlock(&tty->termios_mutex);
37bdfb07 3008 return -ENXIO;
ca9bda00 3009 }
1da177e4
LT		 3010 }
3011#endif
ab521dc0
EB		 3012 if (tty->pgrp)
3013 kill_pgrp(tty->pgrp, SIGWINCH, 1);
3014 if ((real_tty->pgrp != tty->pgrp) && real_tty->pgrp)
3015 kill_pgrp(real_tty->pgrp, SIGWINCH, 1);
1da177e4
LT		 3016 tty->winsize = tmp_ws;
3017 real_tty->winsize = tmp_ws;
ca9bda00 3018done:
5785c95b 3019 mutex_unlock(&tty->termios_mutex);
1da177e4
LT		 3020 return 0;
3021}
3022
af9b897e
AC		 3023/**
3024 * tioccons - allow admin to move logical console
3025 * @file: the file to become console
3026 *
3027 * Allow the adminstrator to move the redirected console device
3028 *
3029 * Locking: uses redirect_lock to guard the redirect information
3030 */
3031
1da177e4
LT		 3032static int tioccons(struct file *file)
3033{
3034 if (!capable(CAP_SYS_ADMIN))
3035 return -EPERM;
3036 if (file->f_op->write == redirected_tty_write) {
3037 struct file *f;
3038 spin_lock(&redirect_lock);
3039 f = redirect;
3040 redirect = NULL;
3041 spin_unlock(&redirect_lock);
3042 if (f)
3043 fput(f);
3044 return 0;
3045 }
3046 spin_lock(&redirect_lock);
3047 if (redirect) {
3048 spin_unlock(&redirect_lock);
3049 return -EBUSY;
3050 }
3051 get_file(file);
3052 redirect = file;
3053 spin_unlock(&redirect_lock);
3054 return 0;
3055}
3056
af9b897e
AC		 3057/**
3058 * fionbio - non blocking ioctl
3059 * @file: file to set blocking value
3060 * @p: user parameter
3061 *
3062 * Historical tty interfaces had a blocking control ioctl before
3063 * the generic functionality existed. This piece of history is preserved
3064 * in the expected tty API of posix OS's.
3065 *
3066 * Locking: none, the open fle handle ensures it won't go away.
3067 */
1da177e4
LT		 3068
3069static int fionbio(struct file *file, int __user *p)
3070{
3071 int nonblock;
3072
3073 if (get_user(nonblock, p))
3074 return -EFAULT;
3075
3076 if (nonblock)
3077 file->f_flags |= O_NONBLOCK;
3078 else
3079 file->f_flags &= ~O_NONBLOCK;
3080 return 0;
3081}
3082
af9b897e
AC		 3083/**
3084 * tiocsctty - set controlling tty
3085 * @tty: tty structure
3086 * @arg: user argument
3087 *
3088 * This ioctl is used to manage job control. It permits a session
3089 * leader to set this tty as the controlling tty for the session.
3090 *
3091 * Locking:
28298232 3092 * Takes tty_mutex() to protect tty instance
24ec839c
PZ		 3093 * Takes tasklist_lock internally to walk sessions
3094 * Takes ->siglock() when updating signal->tty
af9b897e
AC		 3095 */
3096
1da177e4
LT		 3097static int tiocsctty(struct tty_struct *tty, int arg)
3098{
24ec839c 3099 int ret = 0;
ab521dc0 3100 if (current->signal->leader && (task_session(current) == tty->session))
24ec839c
PZ		 3101 return ret;
3102
3103 mutex_lock(&tty_mutex);
1da177e4
LT		 3104 /*
3105 * The process must be a session leader and
3106 * not have a controlling tty already.
3107 */
24ec839c
PZ		 3108 if (!current->signal->leader || current->signal->tty) {
3109 ret = -EPERM;
3110 goto unlock;
3111 }
3112
ab521dc0 3113 if (tty->session) {
1da177e4
LT		 3114 /*
3115 * This tty is already the controlling
3116 * tty for another session group!
3117 */
37bdfb07 3118 if (arg == 1 && capable(CAP_SYS_ADMIN)) {
1da177e4
LT		 3119 /*
3120 * Steal it away
3121 */
1da177e4 3122 read_lock(&tasklist_lock);
24ec839c 3123 session_clear_tty(tty->session);
1da177e4 3124 read_unlock(&tasklist_lock);
24ec839c
PZ		 3125 } else {
3126 ret = -EPERM;
3127 goto unlock;
3128 }
1da177e4 3129 }
24ec839c
PZ		 3130 proc_set_tty(current, tty);
3131unlock:
28298232 3132 mutex_unlock(&tty_mutex);
24ec839c 3133 return ret;
1da177e4
LT		 3134}
3135
af9b897e
AC		 3136/**
3137 * tiocgpgrp - get process group
3138 * @tty: tty passed by user
3139 * @real_tty: tty side of the tty pased by the user if a pty else the tty
3140 * @p: returned pid
3141 *
3142 * Obtain the process group of the tty. If there is no process group
3143 * return an error.
3144 *
24ec839c 3145 * Locking: none. Reference to current->signal->tty is safe.
af9b897e
AC		 3146 */
3147
1da177e4
LT		 3148static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3149{
3150 /*
3151 * (tty == real_tty) is a cheap way of
3152 * testing if the tty is NOT a master pty.
3153 */
3154 if (tty == real_tty && current->signal->tty != real_tty)
3155 return -ENOTTY;
b488893a 3156 return put_user(pid_vnr(real_tty->pgrp), p);
1da177e4
LT		 3157}
3158
af9b897e
AC		 3159/**
3160 * tiocspgrp - attempt to set process group
3161 * @tty: tty passed by user
3162 * @real_tty: tty side device matching tty passed by user
3163 * @p: pid pointer
3164 *
3165 * Set the process group of the tty to the session passed. Only
3166 * permitted where the tty session is our session.
3167 *
3168 * Locking: None
af9b897e
AC		 3169 */
3170
1da177e4
LT		 3171static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3172{
04a2e6a5
EB		 3173 struct pid *pgrp;
3174 pid_t pgrp_nr;
1da177e4
LT		 3175 int retval = tty_check_change(real_tty);
3176
3177 if (retval == -EIO)
3178 return -ENOTTY;
3179 if (retval)
3180 return retval;
3181 if (!current->signal->tty ||
3182 (current->signal->tty != real_tty) ||
ab521dc0 3183 (real_tty->session != task_session(current)))
1da177e4 3184 return -ENOTTY;
04a2e6a5 3185 if (get_user(pgrp_nr, p))
1da177e4 3186 return -EFAULT;
04a2e6a5 3187 if (pgrp_nr < 0)
1da177e4 3188 return -EINVAL;
04a2e6a5 3189 rcu_read_lock();
b488893a 3190 pgrp = find_vpid(pgrp_nr);
04a2e6a5
EB		 3191 retval = -ESRCH;
3192 if (!pgrp)
3193 goto out_unlock;
3194 retval = -EPERM;
3195 if (session_of_pgrp(pgrp) != task_session(current))
3196 goto out_unlock;
3197 retval = 0;
ab521dc0
EB		 3198 put_pid(real_tty->pgrp);
3199 real_tty->pgrp = get_pid(pgrp);
04a2e6a5
EB		 3200out_unlock:
3201 rcu_read_unlock();
3202 return retval;
1da177e4
LT		 3203}
3204
af9b897e
AC		 3205/**
3206 * tiocgsid - get session id
3207 * @tty: tty passed by user
3208 * @real_tty: tty side of the tty pased by the user if a pty else the tty
3209 * @p: pointer to returned session id
3210 *
3211 * Obtain the session id of the tty. If there is no session
3212 * return an error.
3213 *
24ec839c 3214 * Locking: none. Reference to current->signal->tty is safe.
af9b897e
AC		 3215 */
3216
1da177e4
LT		 3217static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3218{
3219 /*
3220 * (tty == real_tty) is a cheap way of
3221 * testing if the tty is NOT a master pty.
3222 */
3223 if (tty == real_tty && current->signal->tty != real_tty)
3224 return -ENOTTY;
ab521dc0 3225 if (!real_tty->session)
1da177e4 3226 return -ENOTTY;
b488893a 3227 return put_user(pid_vnr(real_tty->session), p);
1da177e4
LT		 3228}
3229
af9b897e
AC		 3230/**
3231 * tiocsetd - set line discipline
3232 * @tty: tty device
3233 * @p: pointer to user data
3234 *
3235 * Set the line discipline according to user request.
3236 *
3237 * Locking: see tty_set_ldisc, this function is just a helper
3238 */
3239
1da177e4
LT		 3240static int tiocsetd(struct tty_struct *tty, int __user *p)
3241{
3242 int ldisc;
3243
3244 if (get_user(ldisc, p))
3245 return -EFAULT;
3246 return tty_set_ldisc(tty, ldisc);
3247}
3248
af9b897e
AC		 3249/**
3250 * send_break - performed time break
3251 * @tty: device to break on
3252 * @duration: timeout in mS
3253 *
3254 * Perform a timed break on hardware that lacks its own driver level
3255 * timed break functionality.
3256 *
3257 * Locking:
28298232 3258 * atomic_write_lock serializes
af9b897e 3259 *
af9b897e
AC		 3260 */
3261
b20f3ae5 3262static int send_break(struct tty_struct *tty, unsigned int duration)
1da177e4 3263{
9c1729db 3264 if (tty_write_lock(tty, 0) < 0)
28298232 3265 return -EINTR;
1da177e4 3266 tty->driver->break_ctl(tty, -1);
9c1729db 3267 if (!signal_pending(current))
b20f3ae5 3268 msleep_interruptible(duration);
1da177e4 3269 tty->driver->break_ctl(tty, 0);
9c1729db 3270 tty_write_unlock(tty);
1da177e4
LT		 3271 if (signal_pending(current))
3272 return -EINTR;
3273 return 0;
3274}
3275
af9b897e
AC		 3276/**
3277 * tiocmget - get modem status
3278 * @tty: tty device
3279 * @file: user file pointer
3280 * @p: pointer to result
3281 *
3282 * Obtain the modem status bits from the tty driver if the feature
3283 * is supported. Return -EINVAL if it is not available.
3284 *
3285 * Locking: none (up to the driver)
3286 */
3287
3288static int tty_tiocmget(struct tty_struct *tty, struct file *file, int __user *p)
1da177e4
LT		 3289{
3290 int retval = -EINVAL;
3291
3292 if (tty->driver->tiocmget) {
3293 retval = tty->driver->tiocmget(tty, file);
3294
3295 if (retval >= 0)
3296 retval = put_user(retval, p);
3297 }
3298 return retval;
3299}
3300
af9b897e
AC		 3301/**
3302 * tiocmset - set modem status
3303 * @tty: tty device
3304 * @file: user file pointer
3305 * @cmd: command - clear bits, set bits or set all
3306 * @p: pointer to desired bits
3307 *
3308 * Set the modem status bits from the tty driver if the feature
3309 * is supported. Return -EINVAL if it is not available.
3310 *
3311 * Locking: none (up to the driver)
3312 */
3313
3314static int tty_tiocmset(struct tty_struct *tty, struct file *file, unsigned int cmd,
1da177e4
LT		 3315 unsigned __user *p)
3316{
3317 int retval = -EINVAL;
3318
3319 if (tty->driver->tiocmset) {
3320 unsigned int set, clear, val;
3321
3322 retval = get_user(val, p);
3323 if (retval)
3324 return retval;
3325
3326 set = clear = 0;
3327 switch (cmd) {
3328 case TIOCMBIS:
3329 set = val;
3330 break;
3331 case TIOCMBIC:
3332 clear = val;
3333 break;
3334 case TIOCMSET:
3335 set = val;
3336 clear = ~val;
3337 break;
3338 }
3339
3340 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
3341 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
3342
3343 retval = tty->driver->tiocmset(tty, file, set, clear);
3344 }
3345 return retval;
3346}
3347
3348/*
3349 * Split this up, as gcc can choke on it otherwise..
3350 */
37bdfb07 3351int tty_ioctl(struct inode *inode, struct file *file,
1da177e4
LT		 3352 unsigned int cmd, unsigned long arg)
3353{
3354 struct tty_struct *tty, *real_tty;
3355 void __user *p = (void __user *)arg;
3356 int retval;
3357 struct tty_ldisc *ld;
37bdfb07 3358
1da177e4
LT		 3359 tty = (struct tty_struct *)file->private_data;
3360 if (tty_paranoia_check(tty, inode, "tty_ioctl"))
3361 return -EINVAL;
3362
28298232
AC		 3363 /* CHECKME: is this safe as one end closes ? */
3364
1da177e4
LT		 3365 real_tty = tty;
3366 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
3367 tty->driver->subtype == PTY_TYPE_MASTER)
3368 real_tty = tty->link;
3369
3370 /*
3371 * Break handling by driver
3372 */
3373 if (!tty->driver->break_ctl) {
37bdfb07 3374 switch (cmd) {
1da177e4
LT		 3375 case TIOCSBRK:
3376 case TIOCCBRK:
3377 if (tty->driver->ioctl)
3378 return tty->driver->ioctl(tty, file, cmd, arg);
3379 return -EINVAL;
37bdfb07 3380
1da177e4
LT		 3381 /* These two ioctl's always return success; even if */
3382 /* the driver doesn't support them. */
3383 case TCSBRK:
3384 case TCSBRKP:
3385 if (!tty->driver->ioctl)
3386 return 0;
3387 retval = tty->driver->ioctl(tty, file, cmd, arg);
3388 if (retval == -ENOIOCTLCMD)
3389 retval = 0;
3390 return retval;
3391 }
3392 }
3393
3394 /*
3395 * Factor out some common prep work
3396 */
3397 switch (cmd) {
3398 case TIOCSETD:
3399 case TIOCSBRK:
3400 case TIOCCBRK:
3401 case TCSBRK:
37bdfb07 3402 case TCSBRKP:
1da177e4
LT		 3403 retval = tty_check_change(tty);
3404 if (retval)
3405 return retval;
3406 if (cmd != TIOCCBRK) {
3407 tty_wait_until_sent(tty, 0);
3408 if (signal_pending(current))
3409 return -EINTR;
3410 }
3411 break;
3412 }
3413
3414 switch (cmd) {
37bdfb07
AC		 3415 case TIOCSTI:
3416 return tiocsti(tty, p);
3417 case TIOCGWINSZ:
3418 return tiocgwinsz(tty, p);
3419 case TIOCSWINSZ:
3420 return tiocswinsz(tty, real_tty, p);
3421 case TIOCCONS:
3422 return real_tty != tty ? -EINVAL : tioccons(file);
3423 case FIONBIO:
3424 return fionbio(file, p);
3425 case TIOCEXCL:
3426 set_bit(TTY_EXCLUSIVE, &tty->flags);
3427 return 0;
3428 case TIOCNXCL:
3429 clear_bit(TTY_EXCLUSIVE, &tty->flags);
3430 return 0;
3431 case TIOCNOTTY:
3432 if (current->signal->tty != tty)
3433 return -ENOTTY;
3434 no_tty();
3435 return 0;
3436 case TIOCSCTTY:
3437 return tiocsctty(tty, arg);
3438 case TIOCGPGRP:
3439 return tiocgpgrp(tty, real_tty, p);
3440 case TIOCSPGRP:
3441 return tiocspgrp(tty, real_tty, p);
3442 case TIOCGSID:
3443 return tiocgsid(tty, real_tty, p);
3444 case TIOCGETD:
3445 /* FIXME: check this is ok */
3446 return put_user(tty->ldisc.num, (int __user *)p);
3447 case TIOCSETD:
3448 return tiocsetd(tty, p);
1da177e4 3449#ifdef CONFIG_VT
37bdfb07
AC		 3450 case TIOCLINUX:
3451 return tioclinux(tty, arg);
1da177e4 3452#endif
37bdfb07
AC		 3453 /*
3454 * Break handling
3455 */
3456 case TIOCSBRK: /* Turn break on, unconditionally */
3457 tty->driver->break_ctl(tty, -1);
3458 return 0;
1da177e4 3459
37bdfb07
AC		 3460 case TIOCCBRK: /* Turn break off, unconditionally */
3461 tty->driver->break_ctl(tty, 0);
3462 return 0;
3463 case TCSBRK: /* SVID version: non-zero arg --> no break */
3464 /* non-zero arg means wait for all output data
3465 * to be sent (performed above) but don't send break.
3466 * This is used by the tcdrain() termios function.
3467 */
3468 if (!arg)
3469 return send_break(tty, 250);
3470 return 0;
3471 case TCSBRKP: /* support for POSIX tcsendbreak() */
3472 return send_break(tty, arg ? arg*100 : 250);
3473
3474 case TIOCMGET:
3475 return tty_tiocmget(tty, file, p);
3476 case TIOCMSET:
3477 case TIOCMBIC:
3478 case TIOCMBIS:
3479 return tty_tiocmset(tty, file, cmd, p);
3480 case TCFLSH:
3481 switch (arg) {
3482 case TCIFLUSH:
3483 case TCIOFLUSH:
3484 /* flush tty buffer and allow ldisc to process ioctl */
3485 tty_buffer_flush(tty);
c5c34d48 3486 break;
37bdfb07
AC		 3487 }
3488 break;
1da177e4
LT		 3489 }
3490 if (tty->driver->ioctl) {
3491 retval = (tty->driver->ioctl)(tty, file, cmd, arg);
3492 if (retval != -ENOIOCTLCMD)
3493 return retval;
3494 }
3495 ld = tty_ldisc_ref_wait(tty);
3496 retval = -EINVAL;
3497 if (ld->ioctl) {
3498 retval = ld->ioctl(tty, file, cmd, arg);
3499 if (retval == -ENOIOCTLCMD)
3500 retval = -EINVAL;
3501 }
3502 tty_ldisc_deref(ld);
3503 return retval;
3504}
3505
e10cc1df 3506#ifdef CONFIG_COMPAT
37bdfb07 3507static long tty_compat_ioctl(struct file *file, unsigned int cmd,
e10cc1df
PF		 3508 unsigned long arg)
3509{
3510 struct inode *inode = file->f_dentry->d_inode;
3511 struct tty_struct *tty = file->private_data;
3512 struct tty_ldisc *ld;
3513 int retval = -ENOIOCTLCMD;
3514
3515 if (tty_paranoia_check(tty, inode, "tty_ioctl"))
3516 return -EINVAL;
3517
3518 if (tty->driver->compat_ioctl) {
3519 retval = (tty->driver->compat_ioctl)(tty, file, cmd, arg);
3520 if (retval != -ENOIOCTLCMD)
3521 return retval;
3522 }
3523
3524 ld = tty_ldisc_ref_wait(tty);
3525 if (ld->compat_ioctl)
3526 retval = ld->compat_ioctl(tty, file, cmd, arg);
3527 tty_ldisc_deref(ld);
3528
3529 return retval;
3530}
3531#endif
1da177e4
LT		 3532
3533/*
3534 * This implements the "Secure Attention Key" --- the idea is to
3535 * prevent trojan horses by killing all processes associated with this
3536 * tty when the user hits the "Secure Attention Key". Required for
3537 * super-paranoid applications --- see the Orange Book for more details.
37bdfb07 3538 *
1da177e4
LT		 3539 * This code could be nicer; ideally it should send a HUP, wait a few
3540 * seconds, then send a INT, and then a KILL signal. But you then
3541 * have to coordinate with the init process, since all processes associated
3542 * with the current tty must be dead before the new getty is allowed
3543 * to spawn.
3544 *
3545 * Now, if it would be correct ;-/ The current code has a nasty hole -
3546 * it doesn't catch files in flight. We may send the descriptor to ourselves
3547 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
3548 *
3549 * Nasty bug: do_SAK is being called in interrupt context. This can
3550 * deadlock. We punt it up to process context. AKPM - 16Mar2001
3551 */
8b6312f4 3552void __do_SAK(struct tty_struct *tty)
1da177e4
LT		 3553{
3554#ifdef TTY_SOFT_SAK
3555 tty_hangup(tty);
3556#else
652486fb 3557 struct task_struct *g, *p;
ab521dc0 3558 struct pid *session;
1da177e4
LT		 3559 int i;
3560 struct file *filp;
badf1662 3561 struct fdtable *fdt;
37bdfb07 3562
1da177e4
LT		 3563 if (!tty)
3564 return;
24ec839c 3565 session = tty->session;
37bdfb07 3566
b3f13deb 3567 tty_ldisc_flush(tty);
1da177e4
LT		 3568
3569 if (tty->driver->flush_buffer)
3570 tty->driver->flush_buffer(tty);
37bdfb07 3571
1da177e4 3572 read_lock(&tasklist_lock);
652486fb 3573 /* Kill the entire session */
ab521dc0 3574 do_each_pid_task(session, PIDTYPE_SID, p) {
652486fb 3575 printk(KERN_NOTICE "SAK: killed process %d"
a47afb0f 3576 " (%s): task_session_nr(p)==tty->session\n",
ba25f9dc 3577 task_pid_nr(p), p->comm);
652486fb 3578 send_sig(SIGKILL, p, 1);
ab521dc0 3579 } while_each_pid_task(session, PIDTYPE_SID, p);
652486fb
EB		 3580 /* Now kill any processes that happen to have the
3581 * tty open.
3582 */
3583 do_each_thread(g, p) {
3584 if (p->signal->tty == tty) {
1da177e4 3585 printk(KERN_NOTICE "SAK: killed process %d"
a47afb0f 3586 " (%s): task_session_nr(p)==tty->session\n",
ba25f9dc 3587 task_pid_nr(p), p->comm);
1da177e4
LT		 3588 send_sig(SIGKILL, p, 1);
3589 continue;
3590 }
3591 task_lock(p);
3592 if (p->files) {
ca99c1da
DS		 3593 /*
3594 * We don't take a ref to the file, so we must
3595 * hold ->file_lock instead.
3596 */
3597 spin_lock(&p->files->file_lock);
badf1662 3598 fdt = files_fdtable(p->files);
37bdfb07 3599 for (i = 0; i < fdt->max_fds; i++) {
1da177e4
LT		 3600 filp = fcheck_files(p->files, i);
3601 if (!filp)
3602 continue;
3603 if (filp->f_op->read == tty_read &&
3604 filp->private_data == tty) {
3605 printk(KERN_NOTICE "SAK: killed process %d"
3606 " (%s): fd#%d opened to the tty\n",
ba25f9dc 3607 task_pid_nr(p), p->comm, i);
20ac9437 3608 force_sig(SIGKILL, p);
1da177e4
LT		 3609 break;
3610 }
3611 }
ca99c1da 3612 spin_unlock(&p->files->file_lock);
1da177e4
LT		 3613 }
3614 task_unlock(p);
652486fb 3615 } while_each_thread(g, p);
1da177e4
LT		 3616 read_unlock(&tasklist_lock);
3617#endif
3618}
3619
8b6312f4
EB		 3620static void do_SAK_work(struct work_struct *work)
3621{
3622 struct tty_struct *tty =
3623 container_of(work, struct tty_struct, SAK_work);
3624 __do_SAK(tty);
3625}
3626
1da177e4
LT		 3627/*
3628 * The tq handling here is a little racy - tty->SAK_work may already be queued.
3629 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3630 * the values which we write to it will be identical to the values which it
3631 * already has. --akpm
3632 */
3633void do_SAK(struct tty_struct *tty)
3634{
3635 if (!tty)
3636 return;
1da177e4
LT		 3637 schedule_work(&tty->SAK_work);
3638}
3639
3640EXPORT_SYMBOL(do_SAK);
3641
af9b897e
AC		 3642/**
3643 * flush_to_ldisc
65f27f38 3644 * @work: tty structure passed from work queue.
af9b897e
AC		 3645 *
3646 * This routine is called out of the software interrupt to flush data
3647 * from the buffer chain to the line discipline.
3648 *
3649 * Locking: holds tty->buf.lock to guard buffer list. Drops the lock
3650 * while invoking the line discipline receive_buf method. The
3651 * receive_buf method is single threaded for each tty instance.
1da177e4 3652 */
37bdfb07 3653
65f27f38 3654static void flush_to_ldisc(struct work_struct *work)
1da177e4 3655{
65f27f38
DH		 3656 struct tty_struct *tty =
3657 container_of(work, struct tty_struct, buf.work.work);
1da177e4
LT		 3658 unsigned long flags;
3659 struct tty_ldisc *disc;
2c3bb20f 3660 struct tty_buffer *tbuf, *head;
8977d929
PF		 3661 char *char_buf;
3662 unsigned char *flag_buf;
1da177e4
LT		 3663
3664 disc = tty_ldisc_ref(tty);
3665 if (disc == NULL) /* !TTY_LDISC */
3666 return;
3667
808249ce 3668 spin_lock_irqsave(&tty->buf.lock, flags);
37bdfb07
AC		 3669 /* So we know a flush is running */
3670 set_bit(TTY_FLUSHING, &tty->flags);
2c3bb20f
PF		 3671 head = tty->buf.head;
3672 if (head != NULL) {
3673 tty->buf.head = NULL;
3674 for (;;) {
3675 int count = head->commit - head->read;
3676 if (!count) {
3677 if (head->next == NULL)
3678 break;
3679 tbuf = head;
3680 head = head->next;
3681 tty_buffer_free(tty, tbuf);
3682 continue;
3683 }
42fd552e
AC		 3684 /* Ldisc or user is trying to flush the buffers
3685 we are feeding to the ldisc, stop feeding the
3686 line discipline as we want to empty the queue */
3687 if (test_bit(TTY_FLUSHPENDING, &tty->flags))
3688 break;
2c3bb20f
PF		 3689 if (!tty->receive_room) {
3690 schedule_delayed_work(&tty->buf.work, 1);
3691 break;
3692 }
3693 if (count > tty->receive_room)
3694 count = tty->receive_room;
3695 char_buf = head->char_buf_ptr + head->read;
3696 flag_buf = head->flag_buf_ptr + head->read;
3697 head->read += count;
8977d929
PF		 3698 spin_unlock_irqrestore(&tty->buf.lock, flags);
3699 disc->receive_buf(tty, char_buf, flag_buf, count);
3700 spin_lock_irqsave(&tty->buf.lock, flags);
3701 }
42fd552e 3702 /* Restore the queue head */
2c3bb20f 3703 tty->buf.head = head;
33f0f88f 3704 }
42fd552e
AC		 3705 /* We may have a deferred request to flush the input buffer,
3706 if so pull the chain under the lock and empty the queue */
3707 if (test_bit(TTY_FLUSHPENDING, &tty->flags)) {
3708 __tty_buffer_flush(tty);
3709 clear_bit(TTY_FLUSHPENDING, &tty->flags);
3710 wake_up(&tty->read_wait);
3711 }
3712 clear_bit(TTY_FLUSHING, &tty->flags);
808249ce 3713 spin_unlock_irqrestore(&tty->buf.lock, flags);
817d6d3b 3714
1da177e4
LT		 3715 tty_ldisc_deref(disc);
3716}
3717
1da177e4
LT		 3718/**
3719 * tty_flip_buffer_push - terminal
3720 * @tty: tty to push
3721 *
3722 * Queue a push of the terminal flip buffers to the line discipline. This
3723 * function must not be called from IRQ context if tty->low_latency is set.
3724 *
3725 * In the event of the queue being busy for flipping the work will be
3726 * held off and retried later.
af9b897e
AC		 3727 *
3728 * Locking: tty buffer lock. Driver locks in low latency mode.
1da177e4
LT		 3729 */
3730
3731void tty_flip_buffer_push(struct tty_struct *tty)
3732{
808249ce
PF		 3733 unsigned long flags;
3734 spin_lock_irqsave(&tty->buf.lock, flags);
33b37a33 3735 if (tty->buf.tail != NULL)
8977d929 3736 tty->buf.tail->commit = tty->buf.tail->used;
808249ce
PF		 3737 spin_unlock_irqrestore(&tty->buf.lock, flags);
3738
1da177e4 3739 if (tty->low_latency)
65f27f38 3740 flush_to_ldisc(&tty->buf.work.work);
1da177e4 3741 else
33f0f88f 3742 schedule_delayed_work(&tty->buf.work, 1);
1da177e4
LT		 3743}
3744
3745EXPORT_SYMBOL(tty_flip_buffer_push);
3746
33f0f88f 3747
af9b897e
AC		 3748/**
3749 * initialize_tty_struct
3750 * @tty: tty to initialize
3751 *
3752 * This subroutine initializes a tty structure that has been newly
3753 * allocated.
3754 *
3755 * Locking: none - tty in question must not be exposed at this point
1da177e4 3756 */
af9b897e 3757
1da177e4
LT		 3758static void initialize_tty_struct(struct tty_struct *tty)
3759{
3760 memset(tty, 0, sizeof(struct tty_struct));
3761 tty->magic = TTY_MAGIC;
3762 tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
ab521dc0
EB		 3763 tty->session = NULL;
3764 tty->pgrp = NULL;
1da177e4 3765 tty->overrun_time = jiffies;
33f0f88f
AC		 3766 tty->buf.head = tty->buf.tail = NULL;
3767 tty_buffer_init(tty);
65f27f38 3768 INIT_DELAYED_WORK(&tty->buf.work, flush_to_ldisc);
5785c95b 3769 mutex_init(&tty->termios_mutex);
1da177e4
LT		 3770 init_waitqueue_head(&tty->write_wait);
3771 init_waitqueue_head(&tty->read_wait);
65f27f38 3772 INIT_WORK(&tty->hangup_work, do_tty_hangup);
70522e12
IM		 3773 mutex_init(&tty->atomic_read_lock);
3774 mutex_init(&tty->atomic_write_lock);
1da177e4
LT		 3775 spin_lock_init(&tty->read_lock);
3776 INIT_LIST_HEAD(&tty->tty_files);
7f1f86a0 3777 INIT_WORK(&tty->SAK_work, do_SAK_work);
1da177e4
LT		 3778}
3779
3780/*
3781 * The default put_char routine if the driver did not define one.
3782 */
af9b897e 3783
1da177e4
LT		 3784static void tty_default_put_char(struct tty_struct *tty, unsigned char ch)
3785{
3786 tty->driver->write(tty, &ch, 1);
3787}
3788
7fe845d1 3789static struct class *tty_class;
1da177e4
LT		 3790
3791/**
af9b897e
AC		 3792 * tty_register_device - register a tty device
3793 * @driver: the tty driver that describes the tty device
3794 * @index: the index in the tty driver for this tty device
3795 * @device: a struct device that is associated with this tty device.
3796 * This field is optional, if there is no known struct device
3797 * for this tty device it can be set to NULL safely.
1da177e4 3798 *
01107d34
GKH		 3799 * Returns a pointer to the struct device for this tty device
3800 * (or ERR_PTR(-EFOO) on error).
1cdcb6b4 3801 *
af9b897e
AC		 3802 * This call is required to be made to register an individual tty device
3803 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3804 * that bit is not set, this function should not be called by a tty
3805 * driver.
3806 *
3807 * Locking: ??
1da177e4 3808 */
af9b897e 3809
01107d34
GKH		 3810struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3811 struct device *device)
1da177e4
LT		 3812{
3813 char name[64];
3814 dev_t dev = MKDEV(driver->major, driver->minor_start) + index;
3815
3816 if (index >= driver->num) {
3817 printk(KERN_ERR "Attempt to register invalid tty line number "
3818 " (%d).\n", index);
1cdcb6b4 3819 return ERR_PTR(-EINVAL);
1da177e4
LT		 3820 }
3821
1da177e4
LT		 3822 if (driver->type == TTY_DRIVER_TYPE_PTY)
3823 pty_line_name(driver, index, name);
3824 else
3825 tty_line_name(driver, index, name);
1cdcb6b4 3826
01107d34 3827 return device_create(tty_class, device, dev, name);
1da177e4
LT		 3828}
3829
3830/**
af9b897e
AC		 3831 * tty_unregister_device - unregister a tty device
3832 * @driver: the tty driver that describes the tty device
3833 * @index: the index in the tty driver for this tty device
1da177e4 3834 *
af9b897e
AC		 3835 * If a tty device is registered with a call to tty_register_device() then
3836 * this function must be called when the tty device is gone.
3837 *
3838 * Locking: ??
1da177e4 3839 */
af9b897e 3840
1da177e4
LT		 3841void tty_unregister_device(struct tty_driver *driver, unsigned index)
3842{
37bdfb07
AC		 3843 device_destroy(tty_class,
3844 MKDEV(driver->major, driver->minor_start) + index);
1da177e4
LT		 3845}
3846
3847EXPORT_SYMBOL(tty_register_device);
3848EXPORT_SYMBOL(tty_unregister_device);
3849
3850struct tty_driver *alloc_tty_driver(int lines)
3851{
3852 struct tty_driver *driver;
3853
506eb99a 3854 driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL);
1da177e4 3855 if (driver) {
1da177e4
LT		 3856 driver->magic = TTY_DRIVER_MAGIC;
3857 driver->num = lines;
3858 /* later we'll move allocation of tables here */
3859 }
3860 return driver;
3861}
3862
3863void put_tty_driver(struct tty_driver *driver)
3864{
3865 kfree(driver);
3866}
3867
b68e31d0
JD		 3868void tty_set_operations(struct tty_driver *driver,
3869 const struct tty_operations *op)
1da177e4
LT		 3870{
3871 driver->open = op->open;
3872 driver->close = op->close;
3873 driver->write = op->write;
3874 driver->put_char = op->put_char;
3875 driver->flush_chars = op->flush_chars;
3876 driver->write_room = op->write_room;
3877 driver->chars_in_buffer = op->chars_in_buffer;
3878 driver->ioctl = op->ioctl;
e10cc1df 3879 driver->compat_ioctl = op->compat_ioctl;
1da177e4
LT		 3880 driver->set_termios = op->set_termios;
3881 driver->throttle = op->throttle;
3882 driver->unthrottle = op->unthrottle;
3883 driver->stop = op->stop;
3884 driver->start = op->start;
3885 driver->hangup = op->hangup;
3886 driver->break_ctl = op->break_ctl;
3887 driver->flush_buffer = op->flush_buffer;
3888 driver->set_ldisc = op->set_ldisc;
3889 driver->wait_until_sent = op->wait_until_sent;
3890 driver->send_xchar = op->send_xchar;
3891 driver->read_proc = op->read_proc;
3892 driver->write_proc = op->write_proc;
3893 driver->tiocmget = op->tiocmget;
3894 driver->tiocmset = op->tiocmset;
f2d937f3
JW		 3895#ifdef CONFIG_CONSOLE_POLL
3896 driver->poll_init = op->poll_init;
3897 driver->poll_get_char = op->poll_get_char;
3898 driver->poll_put_char = op->poll_put_char;
3899#endif
1da177e4
LT		 3900}
3901
3902
3903EXPORT_SYMBOL(alloc_tty_driver);
3904EXPORT_SYMBOL(put_tty_driver);
3905EXPORT_SYMBOL(tty_set_operations);
3906
3907/*
3908 * Called by a tty driver to register itself.
3909 */
3910int tty_register_driver(struct tty_driver *driver)
3911{
3912 int error;
37bdfb07 3913 int i;
1da177e4
LT		 3914 dev_t dev;
3915 void **p = NULL;
3916
3917 if (driver->flags & TTY_DRIVER_INSTALLED)
3918 return 0;
3919
543691a6
AW		 3920 if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM) && driver->num) {
3921 p = kzalloc(driver->num * 3 * sizeof(void *), GFP_KERNEL);
1da177e4
LT		 3922 if (!p)
3923 return -ENOMEM;
1da177e4
LT		 3924 }
3925
3926 if (!driver->major) {
37bdfb07
AC		 3927 error = alloc_chrdev_region(&dev, driver->minor_start,
3928 driver->num, driver->name);
1da177e4
LT		 3929 if (!error) {
3930 driver->major = MAJOR(dev);
3931 driver->minor_start = MINOR(dev);
3932 }
3933 } else {
3934 dev = MKDEV(driver->major, driver->minor_start);
e5717c48 3935 error = register_chrdev_region(dev, driver->num, driver->name);
1da177e4
LT		 3936 }
3937 if (error < 0) {
3938 kfree(p);
3939 return error;
3940 }
3941
3942 if (p) {
3943 driver->ttys = (struct tty_struct **)p;
edc6afc5 3944 driver->termios = (struct ktermios **)(p + driver->num);
37bdfb07
AC		 3945 driver->termios_locked = (struct ktermios **)
3946 (p + driver->num * 2);
1da177e4
LT		 3947 } else {
3948 driver->ttys = NULL;
3949 driver->termios = NULL;
3950 driver->termios_locked = NULL;
3951 }
3952
3953 cdev_init(&driver->cdev, &tty_fops);
3954 driver->cdev.owner = driver->owner;
3955 error = cdev_add(&driver->cdev, dev, driver->num);
3956 if (error) {
1da177e4
LT		 3957 unregister_chrdev_region(dev, driver->num);
3958 driver->ttys = NULL;
3959 driver->termios = driver->termios_locked = NULL;
3960 kfree(p);
3961 return error;
3962 }
3963
3964 if (!driver->put_char)
3965 driver->put_char = tty_default_put_char;
37bdfb07 3966
ca509f69 3967 mutex_lock(&tty_mutex);
1da177e4 3968 list_add(&driver->tty_drivers, &tty_drivers);
ca509f69 3969 mutex_unlock(&tty_mutex);
37bdfb07
AC		 3970
3971 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
3972 for (i = 0; i < driver->num; i++)
1da177e4
LT		 3973 tty_register_device(driver, i, NULL);
3974 }
3975 proc_tty_register_driver(driver);
3976 return 0;
3977}
3978
3979EXPORT_SYMBOL(tty_register_driver);
3980
3981/*
3982 * Called by a tty driver to unregister itself.
3983 */
3984int tty_unregister_driver(struct tty_driver *driver)
3985{
3986 int i;
edc6afc5 3987 struct ktermios *tp;
1da177e4
LT		 3988 void *p;
3989
3990 if (driver->refcount)
3991 return -EBUSY;
3992
3993 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3994 driver->num);
ca509f69 3995 mutex_lock(&tty_mutex);
1da177e4 3996 list_del(&driver->tty_drivers);
ca509f69 3997 mutex_unlock(&tty_mutex);
1da177e4
LT		 3998
3999 /*
4000 * Free the termios and termios_locked structures because
4001 * we don't want to get memory leaks when modular tty
4002 * drivers are removed from the kernel.
4003 */
4004 for (i = 0; i < driver->num; i++) {
4005 tp = driver->termios[i];
4006 if (tp) {
4007 driver->termios[i] = NULL;
4008 kfree(tp);
4009 }
4010 tp = driver->termios_locked[i];
4011 if (tp) {
4012 driver->termios_locked[i] = NULL;
4013 kfree(tp);
4014 }
331b8319 4015 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
1da177e4
LT		 4016 tty_unregister_device(driver, i);
4017 }
4018 p = driver->ttys;
4019 proc_tty_unregister_driver(driver);
4020 driver->ttys = NULL;
4021 driver->termios = driver->termios_locked = NULL;
4022 kfree(p);
4023 cdev_del(&driver->cdev);
4024 return 0;
4025}
1da177e4
LT		 4026EXPORT_SYMBOL(tty_unregister_driver);
4027
24ec839c
PZ		 4028dev_t tty_devnum(struct tty_struct *tty)
4029{
4030 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
4031}
4032EXPORT_SYMBOL(tty_devnum);
4033
4034void proc_clear_tty(struct task_struct *p)
4035{
4036 spin_lock_irq(&p->sighand->siglock);
4037 p->signal->tty = NULL;
4038 spin_unlock_irq(&p->sighand->siglock);
4039}
7cac4ce5 4040EXPORT_SYMBOL(proc_clear_tty);
24ec839c 4041
2a65f1d9 4042static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
24ec839c
PZ		 4043{
4044 if (tty) {
d9c1e9a8
EB		 4045 /* We should not have a session or pgrp to here but.... */
4046 put_pid(tty->session);
4047 put_pid(tty->pgrp);
ab521dc0
EB		 4048 tty->session = get_pid(task_session(tsk));
4049 tty->pgrp = get_pid(task_pgrp(tsk));
24ec839c 4050 }
2a65f1d9 4051 put_pid(tsk->signal->tty_old_pgrp);
24ec839c 4052 tsk->signal->tty = tty;
ab521dc0 4053 tsk->signal->tty_old_pgrp = NULL;
24ec839c
PZ		 4054}
4055
98a27ba4 4056static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
24ec839c
PZ		 4057{
4058 spin_lock_irq(&tsk->sighand->siglock);
2a65f1d9 4059 __proc_set_tty(tsk, tty);
24ec839c
PZ		 4060 spin_unlock_irq(&tsk->sighand->siglock);
4061}
4062
4063struct tty_struct *get_current_tty(void)
4064{
4065 struct tty_struct *tty;
4066 WARN_ON_ONCE(!mutex_is_locked(&tty_mutex));
4067 tty = current->signal->tty;
4068 /*
4069 * session->tty can be changed/cleared from under us, make sure we
4070 * issue the load. The obtained pointer, when not NULL, is valid as
4071 * long as we hold tty_mutex.
4072 */
4073 barrier();
4074 return tty;
4075}
a311f743 4076EXPORT_SYMBOL_GPL(get_current_tty);
1da177e4
LT		 4077
4078/*
4079 * Initialize the console device. This is called *early*, so
4080 * we can't necessarily depend on lots of kernel help here.
4081 * Just do some early initializations, and do the complex setup
4082 * later.
4083 */
4084void __init console_init(void)
4085{
4086 initcall_t *call;
4087
4088 /* Setup the default TTY line discipline. */
4089 (void) tty_register_ldisc(N_TTY, &tty_ldisc_N_TTY);
4090
4091 /*
37bdfb07 4092 * set up the console device so that later boot sequences can
1da177e4
LT		 4093 * inform about problems etc..
4094 */
1da177e4
LT		 4095 call = __con_initcall_start;
4096 while (call < __con_initcall_end) {
4097 (*call)();
4098 call++;
4099 }
4100}
4101
1da177e4
LT		 4102static int __init tty_class_init(void)
4103{
7fe845d1 4104 tty_class = class_create(THIS_MODULE, "tty");
1da177e4
LT		 4105 if (IS_ERR(tty_class))
4106 return PTR_ERR(tty_class);
4107 return 0;
4108}
4109
4110postcore_initcall(tty_class_init);
4111
4112/* 3/2004 jmc: why do these devices exist? */
4113
4114static struct cdev tty_cdev, console_cdev;
4115#ifdef CONFIG_UNIX98_PTYS
4116static struct cdev ptmx_cdev;
4117#endif
4118#ifdef CONFIG_VT
4119static struct cdev vc0_cdev;
4120#endif
4121
4122/*
4123 * Ok, now we can initialize the rest of the tty devices and can count
4124 * on memory allocations, interrupts etc..
4125 */
4126static int __init tty_init(void)
4127{
4128 cdev_init(&tty_cdev, &tty_fops);
4129 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
4130 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
4131 panic("Couldn't register /dev/tty driver\n");
01107d34 4132 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), "tty");
1da177e4
LT		 4133
4134 cdev_init(&console_cdev, &console_fops);
4135 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
4136 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
4137 panic("Couldn't register /dev/console driver\n");
01107d34 4138 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), "console");
1da177e4
LT		 4139
4140#ifdef CONFIG_UNIX98_PTYS
4141 cdev_init(&ptmx_cdev, &ptmx_fops);
4142 if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) ||
4143 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 2), 1, "/dev/ptmx") < 0)
4144 panic("Couldn't register /dev/ptmx driver\n");
01107d34 4145 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 2), "ptmx");
1da177e4
LT		 4146#endif
4147
4148#ifdef CONFIG_VT
4149 cdev_init(&vc0_cdev, &console_fops);
4150 if (cdev_add(&vc0_cdev, MKDEV(TTY_MAJOR, 0), 1) ||
4151 register_chrdev_region(MKDEV(TTY_MAJOR, 0), 1, "/dev/vc/0") < 0)
4152 panic("Couldn't register /dev/tty0 driver\n");
01107d34 4153 device_create(tty_class, NULL, MKDEV(TTY_MAJOR, 0), "tty0");
1da177e4
LT		 4154
4155 vty_init();
4156#endif
4157 return 0;
4158}
4159module_init(tty_init);
Linux 6.x block layer and io_uring tree(s)