projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
[PATCH] solaris emulation: incorrect tty locking
[linux-2.6-block.git] / drivers / char / tty_io.c
CommitLineData
1da177e4
LT		 1/*
2 * linux/drivers/char/tty_io.c
3 *
4 * Copyright (C) 1991, 1992 Linus Torvalds
5 */
6
7/*
8 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
9 * or rs-channels. It also implements echoing, cooked mode etc.
10 *
11 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
12 *
13 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
14 * tty_struct and tty_queue structures. Previously there was an array
15 * of 256 tty_struct's which was statically allocated, and the
16 * tty_queue structures were allocated at boot time. Both are now
17 * dynamically allocated only when the tty is open.
18 *
19 * Also restructured routines so that there is more of a separation
20 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
21 * the low-level tty routines (serial.c, pty.c, console.c). This
22 * makes for cleaner and more compact code. -TYT, 9/17/92
23 *
24 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
25 * which can be dynamically activated and de-activated by the line
26 * discipline handling modules (like SLIP).
27 *
28 * NOTE: pay no attention to the line discipline code (yet); its
29 * interface is still subject to change in this version...
30 * -- TYT, 1/31/92
31 *
32 * Added functionality to the OPOST tty handling. No delays, but all
33 * other bits should be there.
34 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
35 *
36 * Rewrote canonical mode and added more termios flags.
37 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
38 *
39 * Reorganized FASYNC support so mouse code can share it.
40 * -- ctm@ardi.com, 9Sep95
41 *
42 * New TIOCLINUX variants added.
43 * -- mj@k332.feld.cvut.cz, 19-Nov-95
44 *
45 * Restrict vt switching via ioctl()
46 * -- grif@cs.ucr.edu, 5-Dec-95
47 *
48 * Move console and virtual terminal code to more appropriate files,
49 * implement CONFIG_VT and generalize console device interface.
50 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
51 *
52 * Rewrote init_dev and release_dev to eliminate races.
53 * -- Bill Hawes <whawes@star.net>, June 97
54 *
55 * Added devfs support.
56 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
57 *
58 * Added support for a Unix98-style ptmx device.
59 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
60 *
61 * Reduced memory usage for older ARM systems
62 * -- Russell King <rmk@arm.linux.org.uk>
63 *
64 * Move do_SAK() into process context. Less stack use in devfs functions.
65 * alloc_tty_struct() always uses kmalloc() -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
66 */
67
1da177e4
LT		 68#include <linux/types.h>
69#include <linux/major.h>
70#include <linux/errno.h>
71#include <linux/signal.h>
72#include <linux/fcntl.h>
73#include <linux/sched.h>
74#include <linux/interrupt.h>
75#include <linux/tty.h>
76#include <linux/tty_driver.h>
77#include <linux/tty_flip.h>
78#include <linux/devpts_fs.h>
79#include <linux/file.h>
80#include <linux/console.h>
81#include <linux/timer.h>
82#include <linux/ctype.h>
83#include <linux/kd.h>
84#include <linux/mm.h>
85#include <linux/string.h>
86#include <linux/slab.h>
87#include <linux/poll.h>
88#include <linux/proc_fs.h>
89#include <linux/init.h>
90#include <linux/module.h>
91#include <linux/smp_lock.h>
92#include <linux/device.h>
93#include <linux/idr.h>
94#include <linux/wait.h>
95#include <linux/bitops.h>
b20f3ae5 96#include <linux/delay.h>
1da177e4
LT		 97
98#include <asm/uaccess.h>
99#include <asm/system.h>
100
101#include <linux/kbd_kern.h>
102#include <linux/vt_kern.h>
103#include <linux/selection.h>
1da177e4
LT		 104
105#include <linux/kmod.h>
106
107#undef TTY_DEBUG_HANGUP
108
109#define TTY_PARANOIA_CHECK 1
110#define CHECK_TTY_COUNT 1
111
112struct termios tty_std_termios = { /* for the benefit of tty drivers */
113 .c_iflag = ICRNL | IXON,
114 .c_oflag = OPOST | ONLCR,
115 .c_cflag = B38400 | CS8 | CREAD | HUPCL,
116 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
117 ECHOCTL | ECHOKE | IEXTEN,
118 .c_cc = INIT_C_CC
119};
120
121EXPORT_SYMBOL(tty_std_termios);
122
123/* This list gets poked at by procfs and various bits of boot up code. This
124 could do with some rationalisation such as pulling the tty proc function
125 into this file */
126
127LIST_HEAD(tty_drivers); /* linked list of tty drivers */
128
129/* Semaphore to protect creating and releasing a tty. This is shared with
130 vt.c for deeply disgusting hack reasons */
70522e12 131DEFINE_MUTEX(tty_mutex);
de2a84f2 132EXPORT_SYMBOL(tty_mutex);
1da177e4
LT		 133
134#ifdef CONFIG_UNIX98_PTYS
135extern struct tty_driver *ptm_driver; /* Unix98 pty masters; for /dev/ptmx */
136extern int pty_limit; /* Config limit on Unix98 ptys */
137static DEFINE_IDR(allocated_ptys);
138static DECLARE_MUTEX(allocated_ptys_lock);
139static int ptmx_open(struct inode *, struct file *);
140#endif
141
142extern void disable_early_printk(void);
143
144static void initialize_tty_struct(struct tty_struct *tty);
145
146static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
147static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
148ssize_t redirected_tty_write(struct file *, const char __user *, size_t, loff_t *);
149static unsigned int tty_poll(struct file *, poll_table *);
150static int tty_open(struct inode *, struct file *);
151static int tty_release(struct inode *, struct file *);
152int tty_ioctl(struct inode * inode, struct file * file,
153 unsigned int cmd, unsigned long arg);
154static int tty_fasync(int fd, struct file * filp, int on);
1da177e4
LT		 155static void release_mem(struct tty_struct *tty, int idx);
156
af9b897e
AC		 157/**
158 * alloc_tty_struct - allocate a tty object
159 *
160 * Return a new empty tty structure. The data fields have not
161 * been initialized in any way but has been zeroed
162 *
163 * Locking: none
af9b897e 164 */
1da177e4
LT		 165
166static struct tty_struct *alloc_tty_struct(void)
167{
1266b1e1 168 return kzalloc(sizeof(struct tty_struct), GFP_KERNEL);
1da177e4
LT		 169}
170
33f0f88f
AC		 171static void tty_buffer_free_all(struct tty_struct *);
172
af9b897e
AC		 173/**
174 * free_tty_struct - free a disused tty
175 * @tty: tty struct to free
176 *
177 * Free the write buffers, tty queue and tty memory itself.
178 *
179 * Locking: none. Must be called after tty is definitely unused
180 */
181
1da177e4
LT		 182static inline void free_tty_struct(struct tty_struct *tty)
183{
184 kfree(tty->write_buf);
33f0f88f 185 tty_buffer_free_all(tty);
1da177e4
LT		 186 kfree(tty);
187}
188
189#define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
190
af9b897e
AC		 191/**
192 * tty_name - return tty naming
193 * @tty: tty structure
194 * @buf: buffer for output
195 *
196 * Convert a tty structure into a name. The name reflects the kernel
197 * naming policy and if udev is in use may not reflect user space
198 *
199 * Locking: none
200 */
201
1da177e4
LT		 202char *tty_name(struct tty_struct *tty, char *buf)
203{
204 if (!tty) /* Hmm. NULL pointer. That's fun. */
205 strcpy(buf, "NULL tty");
206 else
207 strcpy(buf, tty->name);
208 return buf;
209}
210
211EXPORT_SYMBOL(tty_name);
212
d769a669 213int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
1da177e4
LT		 214 const char *routine)
215{
216#ifdef TTY_PARANOIA_CHECK
217 if (!tty) {
218 printk(KERN_WARNING
219 "null TTY for (%d:%d) in %s\n",
220 imajor(inode), iminor(inode), routine);
221 return 1;
222 }
223 if (tty->magic != TTY_MAGIC) {
224 printk(KERN_WARNING
225 "bad magic number for tty struct (%d:%d) in %s\n",
226 imajor(inode), iminor(inode), routine);
227 return 1;
228 }
229#endif
230 return 0;
231}
232
233static int check_tty_count(struct tty_struct *tty, const char *routine)
234{
235#ifdef CHECK_TTY_COUNT
236 struct list_head *p;
237 int count = 0;
238
239 file_list_lock();
240 list_for_each(p, &tty->tty_files) {
241 count++;
242 }
243 file_list_unlock();
244 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
245 tty->driver->subtype == PTY_TYPE_SLAVE &&
246 tty->link && tty->link->count)
247 count++;
248 if (tty->count != count) {
249 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
250 "!= #fd's(%d) in %s\n",
251 tty->name, tty->count, count, routine);
252 return count;
253 }
254#endif
255 return 0;
256}
257
33f0f88f
AC		 258/*
259 * Tty buffer allocation management
260 */
261
af9b897e 262
01da5fd8
AC		 263/**
264 * tty_buffer_free_all - free buffers used by a tty
265 * @tty: tty to free from
266 *
267 * Remove all the buffers pending on a tty whether queued with data
268 * or in the free ring. Must be called when the tty is no longer in use
269 *
270 * Locking: none
271 */
272
273
af9b897e
AC		 274/**
275 * tty_buffer_free_all - free buffers used by a tty
276 * @tty: tty to free from
277 *
278 * Remove all the buffers pending on a tty whether queued with data
279 * or in the free ring. Must be called when the tty is no longer in use
280 *
281 * Locking: none
282 */
283
33f0f88f
AC		 284static void tty_buffer_free_all(struct tty_struct *tty)
285{
286 struct tty_buffer *thead;
287 while((thead = tty->buf.head) != NULL) {
288 tty->buf.head = thead->next;
289 kfree(thead);
290 }
291 while((thead = tty->buf.free) != NULL) {
292 tty->buf.free = thead->next;
293 kfree(thead);
294 }
295 tty->buf.tail = NULL;
01da5fd8 296 tty->buf.memory_used = 0;
33f0f88f
AC		 297}
298
01da5fd8
AC		 299/**
300 * tty_buffer_init - prepare a tty buffer structure
301 * @tty: tty to initialise
302 *
303 * Set up the initial state of the buffer management for a tty device.
304 * Must be called before the other tty buffer functions are used.
305 *
306 * Locking: none
307 */
308
33f0f88f
AC		 309static void tty_buffer_init(struct tty_struct *tty)
310{
808249ce 311 spin_lock_init(&tty->buf.lock);
33f0f88f
AC		 312 tty->buf.head = NULL;
313 tty->buf.tail = NULL;
314 tty->buf.free = NULL;
01da5fd8 315 tty->buf.memory_used = 0;
33f0f88f
AC		 316}
317
01da5fd8
AC		 318/**
319 * tty_buffer_alloc - allocate a tty buffer
320 * @tty: tty device
321 * @size: desired size (characters)
322 *
323 * Allocate a new tty buffer to hold the desired number of characters.
324 * Return NULL if out of memory or the allocation would exceed the
325 * per device queue
326 *
327 * Locking: Caller must hold tty->buf.lock
328 */
329
330static struct tty_buffer *tty_buffer_alloc(struct tty_struct *tty, size_t size)
33f0f88f 331{
01da5fd8
AC		 332 struct tty_buffer *p;
333
334 if (tty->buf.memory_used + size > 65536)
335 return NULL;
336 p = kmalloc(sizeof(struct tty_buffer) + 2 * size, GFP_ATOMIC);
33f0f88f
AC		 337 if(p == NULL)
338 return NULL;
339 p->used = 0;
340 p->size = size;
341 p->next = NULL;
8977d929
PF		 342 p->commit = 0;
343 p->read = 0;
33f0f88f
AC		 344 p->char_buf_ptr = (char *)(p->data);
345 p->flag_buf_ptr = (unsigned char *)p->char_buf_ptr + size;
01da5fd8 346 tty->buf.memory_used += size;
33f0f88f
AC		 347 return p;
348}
349
01da5fd8
AC		 350/**
351 * tty_buffer_free - free a tty buffer
352 * @tty: tty owning the buffer
353 * @b: the buffer to free
354 *
355 * Free a tty buffer, or add it to the free list according to our
356 * internal strategy
357 *
358 * Locking: Caller must hold tty->buf.lock
359 */
33f0f88f
AC		 360
361static void tty_buffer_free(struct tty_struct *tty, struct tty_buffer *b)
362{
363 /* Dumb strategy for now - should keep some stats */
01da5fd8
AC		 364 tty->buf.memory_used -= b->size;
365 WARN_ON(tty->buf.memory_used < 0);
366
33f0f88f
AC		 367 if(b->size >= 512)
368 kfree(b);
369 else {
370 b->next = tty->buf.free;
371 tty->buf.free = b;
372 }
373}
374
01da5fd8
AC		 375/**
376 * tty_buffer_find - find a free tty buffer
377 * @tty: tty owning the buffer
378 * @size: characters wanted
379 *
380 * Locate an existing suitable tty buffer or if we are lacking one then
381 * allocate a new one. We round our buffers off in 256 character chunks
382 * to get better allocation behaviour.
383 *
384 * Locking: Caller must hold tty->buf.lock
385 */
386
33f0f88f
AC		 387static struct tty_buffer *tty_buffer_find(struct tty_struct *tty, size_t size)
388{
389 struct tty_buffer **tbh = &tty->buf.free;
390 while((*tbh) != NULL) {
391 struct tty_buffer *t = *tbh;
392 if(t->size >= size) {
393 *tbh = t->next;
394 t->next = NULL;
395 t->used = 0;
8977d929
PF		 396 t->commit = 0;
397 t->read = 0;
01da5fd8 398 tty->buf.memory_used += t->size;
33f0f88f
AC		 399 return t;
400 }
401 tbh = &((*tbh)->next);
402 }
403 /* Round the buffer size out */
404 size = (size + 0xFF) & ~ 0xFF;
01da5fd8 405 return tty_buffer_alloc(tty, size);
33f0f88f
AC		 406 /* Should possibly check if this fails for the largest buffer we
407 have queued and recycle that ? */
408}
409
01da5fd8
AC		 410/**
411 * tty_buffer_request_room - grow tty buffer if needed
412 * @tty: tty structure
413 * @size: size desired
414 *
415 * Make at least size bytes of linear space available for the tty
416 * buffer. If we fail return the size we managed to find.
417 *
418 * Locking: Takes tty->buf.lock
419 */
33f0f88f
AC		 420int tty_buffer_request_room(struct tty_struct *tty, size_t size)
421{
808249ce
PF		 422 struct tty_buffer *b, *n;
423 int left;
424 unsigned long flags;
425
426 spin_lock_irqsave(&tty->buf.lock, flags);
33f0f88f
AC		 427
428 /* OPTIMISATION: We could keep a per tty "zero" sized buffer to
429 remove this conditional if its worth it. This would be invisible
430 to the callers */
33b37a33 431 if ((b = tty->buf.tail) != NULL)
33f0f88f 432 left = b->size - b->used;
33b37a33 433 else
808249ce
PF		 434 left = 0;
435
436 if (left < size) {
437 /* This is the slow path - looking for new buffers to use */
438 if ((n = tty_buffer_find(tty, size)) != NULL) {
439 if (b != NULL) {
440 b->next = n;
8977d929 441 b->commit = b->used;
808249ce
PF		 442 } else
443 tty->buf.head = n;
444 tty->buf.tail = n;
808249ce
PF		 445 } else
446 size = left;
447 }
448
449 spin_unlock_irqrestore(&tty->buf.lock, flags);
33f0f88f
AC		 450 return size;
451}
33f0f88f
AC		 452EXPORT_SYMBOL_GPL(tty_buffer_request_room);
453
af9b897e
AC		 454/**
455 * tty_insert_flip_string - Add characters to the tty buffer
456 * @tty: tty structure
457 * @chars: characters
458 * @size: size
459 *
460 * Queue a series of bytes to the tty buffering. All the characters
461 * passed are marked as without error. Returns the number added.
462 *
463 * Locking: Called functions may take tty->buf.lock
464 */
465
e1a25090
AM		 466int tty_insert_flip_string(struct tty_struct *tty, const unsigned char *chars,
467 size_t size)
33f0f88f
AC		 468{
469 int copied = 0;
470 do {
471 int space = tty_buffer_request_room(tty, size - copied);
472 struct tty_buffer *tb = tty->buf.tail;
473 /* If there is no space then tb may be NULL */
474 if(unlikely(space == 0))
475 break;
476 memcpy(tb->char_buf_ptr + tb->used, chars, space);
477 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
478 tb->used += space;
479 copied += space;
480 chars += space;
527063ba
AD		 481 /* There is a small chance that we need to split the data over
482 several buffers. If this is the case we must loop */
483 } while (unlikely(size > copied));
33f0f88f
AC		 484 return copied;
485}
ee37df78 486EXPORT_SYMBOL(tty_insert_flip_string);
33f0f88f 487
af9b897e
AC		 488/**
489 * tty_insert_flip_string_flags - Add characters to the tty buffer
490 * @tty: tty structure
491 * @chars: characters
492 * @flags: flag bytes
493 * @size: size
494 *
495 * Queue a series of bytes to the tty buffering. For each character
496 * the flags array indicates the status of the character. Returns the
497 * number added.
498 *
499 * Locking: Called functions may take tty->buf.lock
500 */
501
e1a25090
AM		 502int tty_insert_flip_string_flags(struct tty_struct *tty,
503 const unsigned char *chars, const char *flags, size_t size)
33f0f88f
AC		 504{
505 int copied = 0;
506 do {
507 int space = tty_buffer_request_room(tty, size - copied);
508 struct tty_buffer *tb = tty->buf.tail;
509 /* If there is no space then tb may be NULL */
510 if(unlikely(space == 0))
511 break;
512 memcpy(tb->char_buf_ptr + tb->used, chars, space);
513 memcpy(tb->flag_buf_ptr + tb->used, flags, space);
514 tb->used += space;
515 copied += space;
516 chars += space;
517 flags += space;
527063ba
AD		 518 /* There is a small chance that we need to split the data over
519 several buffers. If this is the case we must loop */
520 } while (unlikely(size > copied));
33f0f88f
AC		 521 return copied;
522}
ff4547f4 523EXPORT_SYMBOL(tty_insert_flip_string_flags);
33f0f88f 524
af9b897e
AC		 525/**
526 * tty_schedule_flip - push characters to ldisc
527 * @tty: tty to push from
528 *
529 * Takes any pending buffers and transfers their ownership to the
530 * ldisc side of the queue. It then schedules those characters for
531 * processing by the line discipline.
532 *
533 * Locking: Takes tty->buf.lock
534 */
535
e1a25090
AM		 536void tty_schedule_flip(struct tty_struct *tty)
537{
538 unsigned long flags;
539 spin_lock_irqsave(&tty->buf.lock, flags);
33b37a33 540 if (tty->buf.tail != NULL)
e1a25090 541 tty->buf.tail->commit = tty->buf.tail->used;
e1a25090
AM		 542 spin_unlock_irqrestore(&tty->buf.lock, flags);
543 schedule_delayed_work(&tty->buf.work, 1);
544}
545EXPORT_SYMBOL(tty_schedule_flip);
33f0f88f 546
af9b897e
AC		 547/**
548 * tty_prepare_flip_string - make room for characters
549 * @tty: tty
550 * @chars: return pointer for character write area
551 * @size: desired size
552 *
33f0f88f
AC		 553 * Prepare a block of space in the buffer for data. Returns the length
554 * available and buffer pointer to the space which is now allocated and
555 * accounted for as ready for normal characters. This is used for drivers
556 * that need their own block copy routines into the buffer. There is no
557 * guarantee the buffer is a DMA target!
af9b897e
AC		 558 *
559 * Locking: May call functions taking tty->buf.lock
33f0f88f
AC		 560 */
561
562int tty_prepare_flip_string(struct tty_struct *tty, unsigned char **chars, size_t size)
563{
564 int space = tty_buffer_request_room(tty, size);
808249ce
PF		 565 if (likely(space)) {
566 struct tty_buffer *tb = tty->buf.tail;
567 *chars = tb->char_buf_ptr + tb->used;
568 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
569 tb->used += space;
570 }
33f0f88f
AC		 571 return space;
572}
573
574EXPORT_SYMBOL_GPL(tty_prepare_flip_string);
575
af9b897e
AC		 576/**
577 * tty_prepare_flip_string_flags - make room for characters
578 * @tty: tty
579 * @chars: return pointer for character write area
580 * @flags: return pointer for status flag write area
581 * @size: desired size
582 *
33f0f88f
AC		 583 * Prepare a block of space in the buffer for data. Returns the length
584 * available and buffer pointer to the space which is now allocated and
585 * accounted for as ready for characters. This is used for drivers
586 * that need their own block copy routines into the buffer. There is no
587 * guarantee the buffer is a DMA target!
af9b897e
AC		 588 *
589 * Locking: May call functions taking tty->buf.lock
33f0f88f
AC		 590 */
591
592int tty_prepare_flip_string_flags(struct tty_struct *tty, unsigned char **chars, char **flags, size_t size)
593{
594 int space = tty_buffer_request_room(tty, size);
808249ce
PF		 595 if (likely(space)) {
596 struct tty_buffer *tb = tty->buf.tail;
597 *chars = tb->char_buf_ptr + tb->used;
598 *flags = tb->flag_buf_ptr + tb->used;
599 tb->used += space;
600 }
33f0f88f
AC		 601 return space;
602}
603
604EXPORT_SYMBOL_GPL(tty_prepare_flip_string_flags);
605
606
607
af9b897e
AC		 608/**
609 * tty_set_termios_ldisc - set ldisc field
610 * @tty: tty structure
611 * @num: line discipline number
612 *
1da177e4
LT		 613 * This is probably overkill for real world processors but
614 * they are not on hot paths so a little discipline won't do
615 * any harm.
af9b897e
AC		 616 *
617 * Locking: takes termios_sem
1da177e4
LT		 618 */
619
620static void tty_set_termios_ldisc(struct tty_struct *tty, int num)
621{
5785c95b 622 mutex_lock(&tty->termios_mutex);
1da177e4 623 tty->termios->c_line = num;
5785c95b 624 mutex_unlock(&tty->termios_mutex);
1da177e4
LT		 625}
626
627/*
628 * This guards the refcounted line discipline lists. The lock
629 * must be taken with irqs off because there are hangup path
630 * callers who will do ldisc lookups and cannot sleep.
631 */
632
633static DEFINE_SPINLOCK(tty_ldisc_lock);
634static DECLARE_WAIT_QUEUE_HEAD(tty_ldisc_wait);
bfb07599 635static struct tty_ldisc tty_ldiscs[NR_LDISCS]; /* line disc dispatch table */
1da177e4 636
af9b897e
AC		 637/**
638 * tty_register_ldisc - install a line discipline
639 * @disc: ldisc number
640 * @new_ldisc: pointer to the ldisc object
641 *
642 * Installs a new line discipline into the kernel. The discipline
643 * is set up as unreferenced and then made available to the kernel
644 * from this point onwards.
645 *
646 * Locking:
647 * takes tty_ldisc_lock to guard against ldisc races
648 */
649
1da177e4
LT		 650int tty_register_ldisc(int disc, struct tty_ldisc *new_ldisc)
651{
652 unsigned long flags;
653 int ret = 0;
654
655 if (disc < N_TTY || disc >= NR_LDISCS)
656 return -EINVAL;
657
658 spin_lock_irqsave(&tty_ldisc_lock, flags);
bfb07599
AD		 659 tty_ldiscs[disc] = *new_ldisc;
660 tty_ldiscs[disc].num = disc;
661 tty_ldiscs[disc].flags |= LDISC_FLAG_DEFINED;
662 tty_ldiscs[disc].refcount = 0;
1da177e4
LT		 663 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
664
665 return ret;
666}
1da177e4
LT		 667EXPORT_SYMBOL(tty_register_ldisc);
668
af9b897e
AC		 669/**
670 * tty_unregister_ldisc - unload a line discipline
671 * @disc: ldisc number
672 * @new_ldisc: pointer to the ldisc object
673 *
674 * Remove a line discipline from the kernel providing it is not
675 * currently in use.
676 *
677 * Locking:
678 * takes tty_ldisc_lock to guard against ldisc races
679 */
680
bfb07599
AD		 681int tty_unregister_ldisc(int disc)
682{
683 unsigned long flags;
684 int ret = 0;
685
686 if (disc < N_TTY || disc >= NR_LDISCS)
687 return -EINVAL;
688
689 spin_lock_irqsave(&tty_ldisc_lock, flags);
690 if (tty_ldiscs[disc].refcount)
691 ret = -EBUSY;
692 else
693 tty_ldiscs[disc].flags &= ~LDISC_FLAG_DEFINED;
694 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
695
696 return ret;
697}
698EXPORT_SYMBOL(tty_unregister_ldisc);
699
af9b897e
AC		 700/**
701 * tty_ldisc_get - take a reference to an ldisc
702 * @disc: ldisc number
703 *
704 * Takes a reference to a line discipline. Deals with refcounts and
705 * module locking counts. Returns NULL if the discipline is not available.
706 * Returns a pointer to the discipline and bumps the ref count if it is
707 * available
708 *
709 * Locking:
710 * takes tty_ldisc_lock to guard against ldisc races
711 */
712
1da177e4
LT		 713struct tty_ldisc *tty_ldisc_get(int disc)
714{
715 unsigned long flags;
716 struct tty_ldisc *ld;
717
718 if (disc < N_TTY || disc >= NR_LDISCS)
719 return NULL;
720
721 spin_lock_irqsave(&tty_ldisc_lock, flags);
722
723 ld = &tty_ldiscs[disc];
724 /* Check the entry is defined */
725 if(ld->flags & LDISC_FLAG_DEFINED)
726 {
727 /* If the module is being unloaded we can't use it */
728 if (!try_module_get(ld->owner))
729 ld = NULL;
730 else /* lock it */
731 ld->refcount++;
732 }
733 else
734 ld = NULL;
735 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
736 return ld;
737}
738
739EXPORT_SYMBOL_GPL(tty_ldisc_get);
740
af9b897e
AC		 741/**
742 * tty_ldisc_put - drop ldisc reference
743 * @disc: ldisc number
744 *
745 * Drop a reference to a line discipline. Manage refcounts and
746 * module usage counts
747 *
748 * Locking:
749 * takes tty_ldisc_lock to guard against ldisc races
750 */
751
1da177e4
LT		 752void tty_ldisc_put(int disc)
753{
754 struct tty_ldisc *ld;
755 unsigned long flags;
756
56ee4827 757 BUG_ON(disc < N_TTY || disc >= NR_LDISCS);
1da177e4
LT		 758
759 spin_lock_irqsave(&tty_ldisc_lock, flags);
760 ld = &tty_ldiscs[disc];
56ee4827
ES		 761 BUG_ON(ld->refcount == 0);
762 ld->refcount--;
1da177e4
LT		 763 module_put(ld->owner);
764 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
765}
766
767EXPORT_SYMBOL_GPL(tty_ldisc_put);
768
af9b897e
AC		 769/**
770 * tty_ldisc_assign - set ldisc on a tty
771 * @tty: tty to assign
772 * @ld: line discipline
773 *
774 * Install an instance of a line discipline into a tty structure. The
775 * ldisc must have a reference count above zero to ensure it remains/
776 * The tty instance refcount starts at zero.
777 *
778 * Locking:
779 * Caller must hold references
780 */
781
1da177e4
LT		 782static void tty_ldisc_assign(struct tty_struct *tty, struct tty_ldisc *ld)
783{
784 tty->ldisc = *ld;
785 tty->ldisc.refcount = 0;
786}
787
788/**
789 * tty_ldisc_try - internal helper
790 * @tty: the tty
791 *
792 * Make a single attempt to grab and bump the refcount on
793 * the tty ldisc. Return 0 on failure or 1 on success. This is
794 * used to implement both the waiting and non waiting versions
795 * of tty_ldisc_ref
af9b897e
AC		 796 *
797 * Locking: takes tty_ldisc_lock
1da177e4
LT		 798 */
799
800static int tty_ldisc_try(struct tty_struct *tty)
801{
802 unsigned long flags;
803 struct tty_ldisc *ld;
804 int ret = 0;
805
806 spin_lock_irqsave(&tty_ldisc_lock, flags);
807 ld = &tty->ldisc;
808 if(test_bit(TTY_LDISC, &tty->flags))
809 {
810 ld->refcount++;
811 ret = 1;
812 }
813 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
814 return ret;
815}
816
817/**
818 * tty_ldisc_ref_wait - wait for the tty ldisc
819 * @tty: tty device
820 *
821 * Dereference the line discipline for the terminal and take a
822 * reference to it. If the line discipline is in flux then
823 * wait patiently until it changes.
824 *
825 * Note: Must not be called from an IRQ/timer context. The caller
826 * must also be careful not to hold other locks that will deadlock
827 * against a discipline change, such as an existing ldisc reference
828 * (which we check for)
af9b897e
AC		 829 *
830 * Locking: call functions take tty_ldisc_lock
1da177e4
LT		 831 */
832
833struct tty_ldisc *tty_ldisc_ref_wait(struct tty_struct *tty)
834{
835 /* wait_event is a macro */
836 wait_event(tty_ldisc_wait, tty_ldisc_try(tty));
837 if(tty->ldisc.refcount == 0)
838 printk(KERN_ERR "tty_ldisc_ref_wait\n");
839 return &tty->ldisc;
840}
841
842EXPORT_SYMBOL_GPL(tty_ldisc_ref_wait);
843
844/**
845 * tty_ldisc_ref - get the tty ldisc
846 * @tty: tty device
847 *
848 * Dereference the line discipline for the terminal and take a
849 * reference to it. If the line discipline is in flux then
850 * return NULL. Can be called from IRQ and timer functions.
af9b897e
AC		 851 *
852 * Locking: called functions take tty_ldisc_lock
1da177e4
LT		 853 */
854
855struct tty_ldisc *tty_ldisc_ref(struct tty_struct *tty)
856{
857 if(tty_ldisc_try(tty))
858 return &tty->ldisc;
859 return NULL;
860}
861
862EXPORT_SYMBOL_GPL(tty_ldisc_ref);
863
864/**
865 * tty_ldisc_deref - free a tty ldisc reference
866 * @ld: reference to free up
867 *
868 * Undoes the effect of tty_ldisc_ref or tty_ldisc_ref_wait. May
869 * be called in IRQ context.
af9b897e
AC		 870 *
871 * Locking: takes tty_ldisc_lock
1da177e4
LT		 872 */
873
874void tty_ldisc_deref(struct tty_ldisc *ld)
875{
876 unsigned long flags;
877
56ee4827 878 BUG_ON(ld == NULL);
1da177e4
LT		 879
880 spin_lock_irqsave(&tty_ldisc_lock, flags);
881 if(ld->refcount == 0)
882 printk(KERN_ERR "tty_ldisc_deref: no references.\n");
883 else
884 ld->refcount--;
885 if(ld->refcount == 0)
886 wake_up(&tty_ldisc_wait);
887 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
888}
889
890EXPORT_SYMBOL_GPL(tty_ldisc_deref);
891
892/**
893 * tty_ldisc_enable - allow ldisc use
894 * @tty: terminal to activate ldisc on
895 *
896 * Set the TTY_LDISC flag when the line discipline can be called
897 * again. Do neccessary wakeups for existing sleepers.
898 *
899 * Note: nobody should set this bit except via this function. Clearing
900 * directly is allowed.
901 */
902
903static void tty_ldisc_enable(struct tty_struct *tty)
904{
905 set_bit(TTY_LDISC, &tty->flags);
906 wake_up(&tty_ldisc_wait);
907}
908
909/**
910 * tty_set_ldisc - set line discipline
911 * @tty: the terminal to set
912 * @ldisc: the line discipline
913 *
914 * Set the discipline of a tty line. Must be called from a process
915 * context.
af9b897e
AC		 916 *
917 * Locking: takes tty_ldisc_lock.
918 * called functions take termios_sem
1da177e4
LT		 919 */
920
921static int tty_set_ldisc(struct tty_struct *tty, int ldisc)
922{
ff55fe20
JB		 923 int retval = 0;
924 struct tty_ldisc o_ldisc;
1da177e4
LT		 925 char buf[64];
926 int work;
927 unsigned long flags;
928 struct tty_ldisc *ld;
ff55fe20 929 struct tty_struct *o_tty;
1da177e4
LT		 930
931 if ((ldisc < N_TTY) || (ldisc >= NR_LDISCS))
932 return -EINVAL;
933
934restart:
935
1da177e4
LT		 936 ld = tty_ldisc_get(ldisc);
937 /* Eduardo Blanco <ejbs@cs.cs.com.uy> */
938 /* Cyrus Durgin <cider@speakeasy.org> */
939 if (ld == NULL) {
940 request_module("tty-ldisc-%d", ldisc);
941 ld = tty_ldisc_get(ldisc);
942 }
943 if (ld == NULL)
944 return -EINVAL;
945
33f0f88f
AC		 946 /*
947 * No more input please, we are switching. The new ldisc
948 * will update this value in the ldisc open function
949 */
950
951 tty->receive_room = 0;
952
953 /*
954 * Problem: What do we do if this blocks ?
955 */
956
1da177e4
LT		 957 tty_wait_until_sent(tty, 0);
958
ff55fe20
JB		 959 if (tty->ldisc.num == ldisc) {
960 tty_ldisc_put(ldisc);
961 return 0;
962 }
963
964 o_ldisc = tty->ldisc;
965 o_tty = tty->link;
966
1da177e4
LT		 967 /*
968 * Make sure we don't change while someone holds a
969 * reference to the line discipline. The TTY_LDISC bit
970 * prevents anyone taking a reference once it is clear.
971 * We need the lock to avoid racing reference takers.
972 */
ff55fe20 973
1da177e4 974 spin_lock_irqsave(&tty_ldisc_lock, flags);
ff55fe20
JB		 975 if (tty->ldisc.refcount || (o_tty && o_tty->ldisc.refcount)) {
976 if(tty->ldisc.refcount) {
977 /* Free the new ldisc we grabbed. Must drop the lock
978 first. */
979 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
980 tty_ldisc_put(ldisc);
981 /*
982 * There are several reasons we may be busy, including
983 * random momentary I/O traffic. We must therefore
984 * retry. We could distinguish between blocking ops
985 * and retries if we made tty_ldisc_wait() smarter. That
986 * is up for discussion.
987 */
988 if (wait_event_interruptible(tty_ldisc_wait, tty->ldisc.refcount == 0) < 0)
989 return -ERESTARTSYS;
990 goto restart;
991 }
992 if(o_tty && o_tty->ldisc.refcount) {
993 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
994 tty_ldisc_put(ldisc);
995 if (wait_event_interruptible(tty_ldisc_wait, o_tty->ldisc.refcount == 0) < 0)
996 return -ERESTARTSYS;
997 goto restart;
998 }
999 }
1000
1001 /* if the TTY_LDISC bit is set, then we are racing against another ldisc change */
1002
1003 if (!test_bit(TTY_LDISC, &tty->flags)) {
1da177e4
LT		 1004 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1005 tty_ldisc_put(ldisc);
ff55fe20
JB		 1006 ld = tty_ldisc_ref_wait(tty);
1007 tty_ldisc_deref(ld);
1da177e4
LT		 1008 goto restart;
1009 }
ff55fe20
JB		 1010
1011 clear_bit(TTY_LDISC, &tty->flags);
817d6d3b 1012 if (o_tty)
ff55fe20 1013 clear_bit(TTY_LDISC, &o_tty->flags);
1da177e4 1014 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
ff55fe20 1015
1da177e4
LT		 1016 /*
1017 * From this point on we know nobody has an ldisc
1018 * usage reference, nor can they obtain one until
1019 * we say so later on.
1020 */
ff55fe20 1021
33f0f88f 1022 work = cancel_delayed_work(&tty->buf.work);
1da177e4 1023 /*
33f0f88f 1024 * Wait for ->hangup_work and ->buf.work handlers to terminate
1da177e4
LT		 1025 */
1026
1027 flush_scheduled_work();
1028 /* Shutdown the current discipline. */
1029 if (tty->ldisc.close)
1030 (tty->ldisc.close)(tty);
1031
1032 /* Now set up the new line discipline. */
1033 tty_ldisc_assign(tty, ld);
1034 tty_set_termios_ldisc(tty, ldisc);
1035 if (tty->ldisc.open)
1036 retval = (tty->ldisc.open)(tty);
1037 if (retval < 0) {
1038 tty_ldisc_put(ldisc);
1039 /* There is an outstanding reference here so this is safe */
1040 tty_ldisc_assign(tty, tty_ldisc_get(o_ldisc.num));
1041 tty_set_termios_ldisc(tty, tty->ldisc.num);
1042 if (tty->ldisc.open && (tty->ldisc.open(tty) < 0)) {
1043 tty_ldisc_put(o_ldisc.num);
1044 /* This driver is always present */
1045 tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
1046 tty_set_termios_ldisc(tty, N_TTY);
1047 if (tty->ldisc.open) {
1048 int r = tty->ldisc.open(tty);
1049
1050 if (r < 0)
1051 panic("Couldn't open N_TTY ldisc for "
1052 "%s --- error %d.",
1053 tty_name(tty, buf), r);
1054 }
1055 }
1056 }
1057 /* At this point we hold a reference to the new ldisc and a
1058 a reference to the old ldisc. If we ended up flipping back
1059 to the existing ldisc we have two references to it */
1060
1061 if (tty->ldisc.num != o_ldisc.num && tty->driver->set_ldisc)
1062 tty->driver->set_ldisc(tty);
1063
1064 tty_ldisc_put(o_ldisc.num);
1065
1066 /*
1067 * Allow ldisc referencing to occur as soon as the driver
1068 * ldisc callback completes.
1069 */
1070
1071 tty_ldisc_enable(tty);
ff55fe20
JB		 1072 if (o_tty)
1073 tty_ldisc_enable(o_tty);
1da177e4
LT		 1074
1075 /* Restart it in case no characters kick it off. Safe if
1076 already running */
ff55fe20 1077 if (work)
33f0f88f 1078 schedule_delayed_work(&tty->buf.work, 1);
1da177e4
LT		 1079 return retval;
1080}
1081
af9b897e
AC		 1082/**
1083 * get_tty_driver - find device of a tty
1084 * @dev_t: device identifier
1085 * @index: returns the index of the tty
1086 *
1087 * This routine returns a tty driver structure, given a device number
1088 * and also passes back the index number.
1089 *
1090 * Locking: caller must hold tty_mutex
1da177e4 1091 */
af9b897e 1092
1da177e4
LT		 1093static struct tty_driver *get_tty_driver(dev_t device, int *index)
1094{
1095 struct tty_driver *p;
1096
1097 list_for_each_entry(p, &tty_drivers, tty_drivers) {
1098 dev_t base = MKDEV(p->major, p->minor_start);
1099 if (device < base || device >= base + p->num)
1100 continue;
1101 *index = device - base;
1102 return p;
1103 }
1104 return NULL;
1105}
1106
af9b897e
AC		 1107/**
1108 * tty_check_change - check for POSIX terminal changes
1109 * @tty: tty to check
1110 *
1111 * If we try to write to, or set the state of, a terminal and we're
1112 * not in the foreground, send a SIGTTOU. If the signal is blocked or
1113 * ignored, go ahead and perform the operation. (POSIX 7.2)
1114 *
1115 * Locking: none
1da177e4 1116 */
af9b897e 1117
1da177e4
LT		 1118int tty_check_change(struct tty_struct * tty)
1119{
1120 if (current->signal->tty != tty)
1121 return 0;
1122 if (tty->pgrp <= 0) {
1123 printk(KERN_WARNING "tty_check_change: tty->pgrp <= 0!\n");
1124 return 0;
1125 }
1126 if (process_group(current) == tty->pgrp)
1127 return 0;
1128 if (is_ignored(SIGTTOU))
1129 return 0;
1130 if (is_orphaned_pgrp(process_group(current)))
1131 return -EIO;
1132 (void) kill_pg(process_group(current), SIGTTOU, 1);
1133 return -ERESTARTSYS;
1134}
1135
1136EXPORT_SYMBOL(tty_check_change);
1137
1138static ssize_t hung_up_tty_read(struct file * file, char __user * buf,
1139 size_t count, loff_t *ppos)
1140{
1141 return 0;
1142}
1143
1144static ssize_t hung_up_tty_write(struct file * file, const char __user * buf,
1145 size_t count, loff_t *ppos)
1146{
1147 return -EIO;
1148}
1149
1150/* No kernel lock held - none needed ;) */
1151static unsigned int hung_up_tty_poll(struct file * filp, poll_table * wait)
1152{
1153 return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
1154}
1155
1156static int hung_up_tty_ioctl(struct inode * inode, struct file * file,
1157 unsigned int cmd, unsigned long arg)
1158{
1159 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
1160}
1161
62322d25 1162static const struct file_operations tty_fops = {
1da177e4
LT		 1163 .llseek = no_llseek,
1164 .read = tty_read,
1165 .write = tty_write,
1166 .poll = tty_poll,
1167 .ioctl = tty_ioctl,
1168 .open = tty_open,
1169 .release = tty_release,
1170 .fasync = tty_fasync,
1171};
1172
1173#ifdef CONFIG_UNIX98_PTYS
62322d25 1174static const struct file_operations ptmx_fops = {
1da177e4
LT		 1175 .llseek = no_llseek,
1176 .read = tty_read,
1177 .write = tty_write,
1178 .poll = tty_poll,
1179 .ioctl = tty_ioctl,
1180 .open = ptmx_open,
1181 .release = tty_release,
1182 .fasync = tty_fasync,
1183};
1184#endif
1185
62322d25 1186static const struct file_operations console_fops = {
1da177e4
LT		 1187 .llseek = no_llseek,
1188 .read = tty_read,
1189 .write = redirected_tty_write,
1190 .poll = tty_poll,
1191 .ioctl = tty_ioctl,
1192 .open = tty_open,
1193 .release = tty_release,
1194 .fasync = tty_fasync,
1195};
1196
62322d25 1197static const struct file_operations hung_up_tty_fops = {
1da177e4
LT		 1198 .llseek = no_llseek,
1199 .read = hung_up_tty_read,
1200 .write = hung_up_tty_write,
1201 .poll = hung_up_tty_poll,
1202 .ioctl = hung_up_tty_ioctl,
1203 .release = tty_release,
1204};
1205
1206static DEFINE_SPINLOCK(redirect_lock);
1207static struct file *redirect;
1208
1209/**
1210 * tty_wakeup - request more data
1211 * @tty: terminal
1212 *
1213 * Internal and external helper for wakeups of tty. This function
1214 * informs the line discipline if present that the driver is ready
1215 * to receive more output data.
1216 */
1217
1218void tty_wakeup(struct tty_struct *tty)
1219{
1220 struct tty_ldisc *ld;
1221
1222 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
1223 ld = tty_ldisc_ref(tty);
1224 if(ld) {
1225 if(ld->write_wakeup)
1226 ld->write_wakeup(tty);
1227 tty_ldisc_deref(ld);
1228 }
1229 }
1230 wake_up_interruptible(&tty->write_wait);
1231}
1232
1233EXPORT_SYMBOL_GPL(tty_wakeup);
1234
1235/**
1236 * tty_ldisc_flush - flush line discipline queue
1237 * @tty: tty
1238 *
1239 * Flush the line discipline queue (if any) for this tty. If there
1240 * is no line discipline active this is a no-op.
1241 */
1242
1243void tty_ldisc_flush(struct tty_struct *tty)
1244{
1245 struct tty_ldisc *ld = tty_ldisc_ref(tty);
1246 if(ld) {
1247 if(ld->flush_buffer)
1248 ld->flush_buffer(tty);
1249 tty_ldisc_deref(ld);
1250 }
1251}
1252
1253EXPORT_SYMBOL_GPL(tty_ldisc_flush);
1254
af9b897e
AC		 1255/**
1256 * do_tty_hangup - actual handler for hangup events
1257 * @data: tty device
1258 *
1259 * This can be called by the "eventd" kernel thread. That is process
1260 * synchronous but doesn't hold any locks, so we need to make sure we
1261 * have the appropriate locks for what we're doing.
1262 *
1263 * The hangup event clears any pending redirections onto the hung up
1264 * device. It ensures future writes will error and it does the needed
1265 * line discipline hangup and signal delivery. The tty object itself
1266 * remains intact.
1267 *
1268 * Locking:
1269 * BKL
1270 * redirect lock for undoing redirection
1271 * file list lock for manipulating list of ttys
1272 * tty_ldisc_lock from called functions
1273 * termios_sem resetting termios data
1274 * tasklist_lock to walk task list for hangup event
1275 *
1da177e4
LT		 1276 */
1277static void do_tty_hangup(void *data)
1278{
1279 struct tty_struct *tty = (struct tty_struct *) data;
1280 struct file * cons_filp = NULL;
1281 struct file *filp, *f = NULL;
1282 struct task_struct *p;
1283 struct tty_ldisc *ld;
1284 int closecount = 0, n;
1285
1286 if (!tty)
1287 return;
1288
1289 /* inuse_filps is protected by the single kernel lock */
1290 lock_kernel();
1291
1292 spin_lock(&redirect_lock);
1293 if (redirect && redirect->private_data == tty) {
1294 f = redirect;
1295 redirect = NULL;
1296 }
1297 spin_unlock(&redirect_lock);
1298
1299 check_tty_count(tty, "do_tty_hangup");
1300 file_list_lock();
1301 /* This breaks for file handles being sent over AF_UNIX sockets ? */
2f512016 1302 list_for_each_entry(filp, &tty->tty_files, f_u.fu_list) {
1da177e4
LT		 1303 if (filp->f_op->write == redirected_tty_write)
1304 cons_filp = filp;
1305 if (filp->f_op->write != tty_write)
1306 continue;
1307 closecount++;
1308 tty_fasync(-1, filp, 0); /* can't block */
1309 filp->f_op = &hung_up_tty_fops;
1310 }
1311 file_list_unlock();
1312
1313 /* FIXME! What are the locking issues here? This may me overdoing things..
1314 * this question is especially important now that we've removed the irqlock. */
1315
1316 ld = tty_ldisc_ref(tty);
1317 if(ld != NULL) /* We may have no line discipline at this point */
1318 {
1319 if (ld->flush_buffer)
1320 ld->flush_buffer(tty);
1321 if (tty->driver->flush_buffer)
1322 tty->driver->flush_buffer(tty);
1323 if ((test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) &&
1324 ld->write_wakeup)
1325 ld->write_wakeup(tty);
1326 if (ld->hangup)
1327 ld->hangup(tty);
1328 }
1329
1330 /* FIXME: Once we trust the LDISC code better we can wait here for
1331 ldisc completion and fix the driver call race */
1332
1333 wake_up_interruptible(&tty->write_wait);
1334 wake_up_interruptible(&tty->read_wait);
1335
1336 /*
1337 * Shutdown the current line discipline, and reset it to
1338 * N_TTY.
1339 */
1340 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1341 {
5785c95b 1342 mutex_lock(&tty->termios_mutex);
1da177e4 1343 *tty->termios = tty->driver->init_termios;
5785c95b 1344 mutex_unlock(&tty->termios_mutex);
1da177e4
LT		 1345 }
1346
1347 /* Defer ldisc switch */
1348 /* tty_deferred_ldisc_switch(N_TTY);
1349
1350 This should get done automatically when the port closes and
1351 tty_release is called */
1352
1353 read_lock(&tasklist_lock);
1354 if (tty->session > 0) {
1355 do_each_task_pid(tty->session, PIDTYPE_SID, p) {
1356 if (p->signal->tty == tty)
1357 p->signal->tty = NULL;
1358 if (!p->signal->leader)
1359 continue;
f96a795d
EB		 1360 group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
1361 group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
1da177e4
LT		 1362 if (tty->pgrp > 0)
1363 p->signal->tty_old_pgrp = tty->pgrp;
1364 } while_each_task_pid(tty->session, PIDTYPE_SID, p);
1365 }
1366 read_unlock(&tasklist_lock);
1367
1368 tty->flags = 0;
1369 tty->session = 0;
1370 tty->pgrp = -1;
1371 tty->ctrl_status = 0;
1372 /*
1373 * If one of the devices matches a console pointer, we
1374 * cannot just call hangup() because that will cause
1375 * tty->count and state->count to go out of sync.
1376 * So we just call close() the right number of times.
1377 */
1378 if (cons_filp) {
1379 if (tty->driver->close)
1380 for (n = 0; n < closecount; n++)
1381 tty->driver->close(tty, cons_filp);
1382 } else if (tty->driver->hangup)
1383 (tty->driver->hangup)(tty);
1384
1385 /* We don't want to have driver/ldisc interactions beyond
1386 the ones we did here. The driver layer expects no
1387 calls after ->hangup() from the ldisc side. However we
1388 can't yet guarantee all that */
1389
1390 set_bit(TTY_HUPPED, &tty->flags);
1391 if (ld) {
1392 tty_ldisc_enable(tty);
1393 tty_ldisc_deref(ld);
1394 }
1395 unlock_kernel();
1396 if (f)
1397 fput(f);
1398}
1399
af9b897e
AC		 1400/**
1401 * tty_hangup - trigger a hangup event
1402 * @tty: tty to hangup
1403 *
1404 * A carrier loss (virtual or otherwise) has occurred on this like
1405 * schedule a hangup sequence to run after this event.
1406 */
1407
1da177e4
LT		 1408void tty_hangup(struct tty_struct * tty)
1409{
1410#ifdef TTY_DEBUG_HANGUP
1411 char buf[64];
1412
1413 printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
1414#endif
1415 schedule_work(&tty->hangup_work);
1416}
1417
1418EXPORT_SYMBOL(tty_hangup);
1419
af9b897e
AC		 1420/**
1421 * tty_vhangup - process vhangup
1422 * @tty: tty to hangup
1423 *
1424 * The user has asked via system call for the terminal to be hung up.
1425 * We do this synchronously so that when the syscall returns the process
1426 * is complete. That guarantee is neccessary for security reasons.
1427 */
1428
1da177e4
LT		 1429void tty_vhangup(struct tty_struct * tty)
1430{
1431#ifdef TTY_DEBUG_HANGUP
1432 char buf[64];
1433
1434 printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
1435#endif
1436 do_tty_hangup((void *) tty);
1437}
1438EXPORT_SYMBOL(tty_vhangup);
1439
af9b897e
AC		 1440/**
1441 * tty_hung_up_p - was tty hung up
1442 * @filp: file pointer of tty
1443 *
1444 * Return true if the tty has been subject to a vhangup or a carrier
1445 * loss
1446 */
1447
1da177e4
LT		 1448int tty_hung_up_p(struct file * filp)
1449{
1450 return (filp->f_op == &hung_up_tty_fops);
1451}
1452
1453EXPORT_SYMBOL(tty_hung_up_p);
1454
af9b897e
AC		 1455/**
1456 * disassociate_ctty - disconnect controlling tty
1457 * @on_exit: true if exiting so need to "hang up" the session
1da177e4 1458 *
af9b897e
AC		 1459 * This function is typically called only by the session leader, when
1460 * it wants to disassociate itself from its controlling tty.
1461 *
1462 * It performs the following functions:
1da177e4
LT		 1463 * (1) Sends a SIGHUP and SIGCONT to the foreground process group
1464 * (2) Clears the tty from being controlling the session
1465 * (3) Clears the controlling tty for all processes in the
1466 * session group.
1467 *
af9b897e
AC		 1468 * The argument on_exit is set to 1 if called when a process is
1469 * exiting; it is 0 if called by the ioctl TIOCNOTTY.
1470 *
1471 * Locking: tty_mutex is taken to protect current->signal->tty
1472 * BKL is taken for hysterical raisins
1473 * Tasklist lock is taken (under tty_mutex) to walk process
1474 * lists for the session.
1da177e4 1475 */
af9b897e 1476
1da177e4
LT		 1477void disassociate_ctty(int on_exit)
1478{
1479 struct tty_struct *tty;
1480 struct task_struct *p;
1481 int tty_pgrp = -1;
1482
1483 lock_kernel();
1484
70522e12 1485 mutex_lock(&tty_mutex);
1da177e4
LT		 1486 tty = current->signal->tty;
1487 if (tty) {
1488 tty_pgrp = tty->pgrp;
70522e12 1489 mutex_unlock(&tty_mutex);
1da177e4
LT		 1490 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY)
1491 tty_vhangup(tty);
1492 } else {
1493 if (current->signal->tty_old_pgrp) {
1494 kill_pg(current->signal->tty_old_pgrp, SIGHUP, on_exit);
1495 kill_pg(current->signal->tty_old_pgrp, SIGCONT, on_exit);
1496 }
70522e12 1497 mutex_unlock(&tty_mutex);
1da177e4
LT		 1498 unlock_kernel();
1499 return;
1500 }
1501 if (tty_pgrp > 0) {
1502 kill_pg(tty_pgrp, SIGHUP, on_exit);
1503 if (!on_exit)
1504 kill_pg(tty_pgrp, SIGCONT, on_exit);
1505 }
1506
1507 /* Must lock changes to tty_old_pgrp */
70522e12 1508 mutex_lock(&tty_mutex);
1da177e4
LT		 1509 current->signal->tty_old_pgrp = 0;
1510 tty->session = 0;
1511 tty->pgrp = -1;
1512
1513 /* Now clear signal->tty under the lock */
1514 read_lock(&tasklist_lock);
1515 do_each_task_pid(current->signal->session, PIDTYPE_SID, p) {
1516 p->signal->tty = NULL;
1517 } while_each_task_pid(current->signal->session, PIDTYPE_SID, p);
1518 read_unlock(&tasklist_lock);
70522e12 1519 mutex_unlock(&tty_mutex);
1da177e4
LT		 1520 unlock_kernel();
1521}
1522
af9b897e
AC		 1523
1524/**
1525 * stop_tty - propogate flow control
1526 * @tty: tty to stop
1527 *
1528 * Perform flow control to the driver. For PTY/TTY pairs we
1529 * must also propogate the TIOCKPKT status. May be called
1530 * on an already stopped device and will not re-call the driver
1531 * method.
1532 *
1533 * This functionality is used by both the line disciplines for
1534 * halting incoming flow and by the driver. It may therefore be
1535 * called from any context, may be under the tty atomic_write_lock
1536 * but not always.
1537 *
1538 * Locking:
1539 * Broken. Relies on BKL which is unsafe here.
1540 */
1541
1da177e4
LT		 1542void stop_tty(struct tty_struct *tty)
1543{
1544 if (tty->stopped)
1545 return;
1546 tty->stopped = 1;
1547 if (tty->link && tty->link->packet) {
1548 tty->ctrl_status &= ~TIOCPKT_START;
1549 tty->ctrl_status |= TIOCPKT_STOP;
1550 wake_up_interruptible(&tty->link->read_wait);
1551 }
1552 if (tty->driver->stop)
1553 (tty->driver->stop)(tty);
1554}
1555
1556EXPORT_SYMBOL(stop_tty);
1557
af9b897e
AC		 1558/**
1559 * start_tty - propogate flow control
1560 * @tty: tty to start
1561 *
1562 * Start a tty that has been stopped if at all possible. Perform
1563 * any neccessary wakeups and propogate the TIOCPKT status. If this
1564 * is the tty was previous stopped and is being started then the
1565 * driver start method is invoked and the line discipline woken.
1566 *
1567 * Locking:
1568 * Broken. Relies on BKL which is unsafe here.
1569 */
1570
1da177e4
LT		 1571void start_tty(struct tty_struct *tty)
1572{
1573 if (!tty->stopped || tty->flow_stopped)
1574 return;
1575 tty->stopped = 0;
1576 if (tty->link && tty->link->packet) {
1577 tty->ctrl_status &= ~TIOCPKT_STOP;
1578 tty->ctrl_status |= TIOCPKT_START;
1579 wake_up_interruptible(&tty->link->read_wait);
1580 }
1581 if (tty->driver->start)
1582 (tty->driver->start)(tty);
1583
1584 /* If we have a running line discipline it may need kicking */
1585 tty_wakeup(tty);
1586 wake_up_interruptible(&tty->write_wait);
1587}
1588
1589EXPORT_SYMBOL(start_tty);
1590
af9b897e
AC		 1591/**
1592 * tty_read - read method for tty device files
1593 * @file: pointer to tty file
1594 * @buf: user buffer
1595 * @count: size of user buffer
1596 * @ppos: unused
1597 *
1598 * Perform the read system call function on this terminal device. Checks
1599 * for hung up devices before calling the line discipline method.
1600 *
1601 * Locking:
1602 * Locks the line discipline internally while needed
1603 * For historical reasons the line discipline read method is
1604 * invoked under the BKL. This will go away in time so do not rely on it
1605 * in new code. Multiple read calls may be outstanding in parallel.
1606 */
1607
1da177e4
LT		 1608static ssize_t tty_read(struct file * file, char __user * buf, size_t count,
1609 loff_t *ppos)
1610{
1611 int i;
1612 struct tty_struct * tty;
1613 struct inode *inode;
1614 struct tty_ldisc *ld;
1615
1616 tty = (struct tty_struct *)file->private_data;
1617 inode = file->f_dentry->d_inode;
1618 if (tty_paranoia_check(tty, inode, "tty_read"))
1619 return -EIO;
1620 if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
1621 return -EIO;
1622
1623 /* We want to wait for the line discipline to sort out in this
1624 situation */
1625 ld = tty_ldisc_ref_wait(tty);
1626 lock_kernel();
1627 if (ld->read)
1628 i = (ld->read)(tty,file,buf,count);
1629 else
1630 i = -EIO;
1631 tty_ldisc_deref(ld);
1632 unlock_kernel();
1633 if (i > 0)
1634 inode->i_atime = current_fs_time(inode->i_sb);
1635 return i;
1636}
1637
1638/*
1639 * Split writes up in sane blocksizes to avoid
1640 * denial-of-service type attacks
1641 */
1642static inline ssize_t do_tty_write(
1643 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1644 struct tty_struct *tty,
1645 struct file *file,
1646 const char __user *buf,
1647 size_t count)
1648{
1649 ssize_t ret = 0, written = 0;
1650 unsigned int chunk;
1651
af9b897e 1652 /* FIXME: O_NDELAY ... */
70522e12 1653 if (mutex_lock_interruptible(&tty->atomic_write_lock)) {
1da177e4
LT		 1654 return -ERESTARTSYS;
1655 }
1656
1657 /*
1658 * We chunk up writes into a temporary buffer. This
1659 * simplifies low-level drivers immensely, since they
1660 * don't have locking issues and user mode accesses.
1661 *
1662 * But if TTY_NO_WRITE_SPLIT is set, we should use a
1663 * big chunk-size..
1664 *
1665 * The default chunk-size is 2kB, because the NTTY
1666 * layer has problems with bigger chunks. It will
1667 * claim to be able to handle more characters than
1668 * it actually does.
af9b897e
AC		 1669 *
1670 * FIXME: This can probably go away now except that 64K chunks
1671 * are too likely to fail unless switched to vmalloc...
1da177e4
LT		 1672 */
1673 chunk = 2048;
1674 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1675 chunk = 65536;
1676 if (count < chunk)
1677 chunk = count;
1678
70522e12 1679 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1da177e4
LT		 1680 if (tty->write_cnt < chunk) {
1681 unsigned char *buf;
1682
1683 if (chunk < 1024)
1684 chunk = 1024;
1685
1686 buf = kmalloc(chunk, GFP_KERNEL);
1687 if (!buf) {
70522e12 1688 mutex_unlock(&tty->atomic_write_lock);
1da177e4
LT		 1689 return -ENOMEM;
1690 }
1691 kfree(tty->write_buf);
1692 tty->write_cnt = chunk;
1693 tty->write_buf = buf;
1694 }
1695
1696 /* Do the write .. */
1697 for (;;) {
1698 size_t size = count;
1699 if (size > chunk)
1700 size = chunk;
1701 ret = -EFAULT;
1702 if (copy_from_user(tty->write_buf, buf, size))
1703 break;
1704 lock_kernel();
1705 ret = write(tty, file, tty->write_buf, size);
1706 unlock_kernel();
1707 if (ret <= 0)
1708 break;
1709 written += ret;
1710 buf += ret;
1711 count -= ret;
1712 if (!count)
1713 break;
1714 ret = -ERESTARTSYS;
1715 if (signal_pending(current))
1716 break;
1717 cond_resched();
1718 }
1719 if (written) {
1720 struct inode *inode = file->f_dentry->d_inode;
1721 inode->i_mtime = current_fs_time(inode->i_sb);
1722 ret = written;
1723 }
70522e12 1724 mutex_unlock(&tty->atomic_write_lock);
1da177e4
LT		 1725 return ret;
1726}
1727
1728
af9b897e
AC		 1729/**
1730 * tty_write - write method for tty device file
1731 * @file: tty file pointer
1732 * @buf: user data to write
1733 * @count: bytes to write
1734 * @ppos: unused
1735 *
1736 * Write data to a tty device via the line discipline.
1737 *
1738 * Locking:
1739 * Locks the line discipline as required
1740 * Writes to the tty driver are serialized by the atomic_write_lock
1741 * and are then processed in chunks to the device. The line discipline
1742 * write method will not be involked in parallel for each device
1743 * The line discipline write method is called under the big
1744 * kernel lock for historical reasons. New code should not rely on this.
1745 */
1746
1da177e4
LT		 1747static ssize_t tty_write(struct file * file, const char __user * buf, size_t count,
1748 loff_t *ppos)
1749{
1750 struct tty_struct * tty;
1751 struct inode *inode = file->f_dentry->d_inode;
1752 ssize_t ret;
1753 struct tty_ldisc *ld;
1754
1755 tty = (struct tty_struct *)file->private_data;
1756 if (tty_paranoia_check(tty, inode, "tty_write"))
1757 return -EIO;
1758 if (!tty || !tty->driver->write || (test_bit(TTY_IO_ERROR, &tty->flags)))
1759 return -EIO;
1760
1761 ld = tty_ldisc_ref_wait(tty);
1762 if (!ld->write)
1763 ret = -EIO;
1764 else
1765 ret = do_tty_write(ld->write, tty, file, buf, count);
1766 tty_ldisc_deref(ld);
1767 return ret;
1768}
1769
1770ssize_t redirected_tty_write(struct file * file, const char __user * buf, size_t count,
1771 loff_t *ppos)
1772{
1773 struct file *p = NULL;
1774
1775 spin_lock(&redirect_lock);
1776 if (redirect) {
1777 get_file(redirect);
1778 p = redirect;
1779 }
1780 spin_unlock(&redirect_lock);
1781
1782 if (p) {
1783 ssize_t res;
1784 res = vfs_write(p, buf, count, &p->f_pos);
1785 fput(p);
1786 return res;
1787 }
1788
1789 return tty_write(file, buf, count, ppos);
1790}
1791
1792static char ptychar[] = "pqrstuvwxyzabcde";
1793
af9b897e
AC		 1794/**
1795 * pty_line_name - generate name for a pty
1796 * @driver: the tty driver in use
1797 * @index: the minor number
1798 * @p: output buffer of at least 6 bytes
1799 *
1800 * Generate a name from a driver reference and write it to the output
1801 * buffer.
1802 *
1803 * Locking: None
1804 */
1805static void pty_line_name(struct tty_driver *driver, int index, char *p)
1da177e4
LT		 1806{
1807 int i = index + driver->name_base;
1808 /* ->name is initialized to "ttyp", but "tty" is expected */
1809 sprintf(p, "%s%c%x",
1810 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1811 ptychar[i >> 4 & 0xf], i & 0xf);
1812}
1813
af9b897e
AC		 1814/**
1815 * pty_line_name - generate name for a tty
1816 * @driver: the tty driver in use
1817 * @index: the minor number
1818 * @p: output buffer of at least 7 bytes
1819 *
1820 * Generate a name from a driver reference and write it to the output
1821 * buffer.
1822 *
1823 * Locking: None
1824 */
1825static void tty_line_name(struct tty_driver *driver, int index, char *p)
1da177e4
LT		 1826{
1827 sprintf(p, "%s%d", driver->name, index + driver->name_base);
1828}
1829
af9b897e
AC		 1830/**
1831 * init_dev - initialise a tty device
1832 * @driver: tty driver we are opening a device on
1833 * @idx: device index
1834 * @tty: returned tty structure
1835 *
1836 * Prepare a tty device. This may not be a "new" clean device but
1837 * could also be an active device. The pty drivers require special
1838 * handling because of this.
1839 *
1840 * Locking:
1841 * The function is called under the tty_mutex, which
1842 * protects us from the tty struct or driver itself going away.
1843 *
1844 * On exit the tty device has the line discipline attached and
1845 * a reference count of 1. If a pair was created for pty/tty use
1846 * and the other was a pty master then it too has a reference count of 1.
1847 *
1da177e4 1848 * WSH 06/09/97: Rewritten to remove races and properly clean up after a
70522e12
IM		 1849 * failed open. The new code protects the open with a mutex, so it's
1850 * really quite straightforward. The mutex locking can probably be
1da177e4
LT		 1851 * relaxed for the (most common) case of reopening a tty.
1852 */
af9b897e 1853
1da177e4
LT		 1854static int init_dev(struct tty_driver *driver, int idx,
1855 struct tty_struct **ret_tty)
1856{
1857 struct tty_struct *tty, *o_tty;
1858 struct termios *tp, **tp_loc, *o_tp, **o_tp_loc;
1859 struct termios *ltp, **ltp_loc, *o_ltp, **o_ltp_loc;
af9b897e 1860 int retval = 0;
1da177e4
LT		 1861
1862 /* check whether we're reopening an existing tty */
1863 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1864 tty = devpts_get_tty(idx);
1865 if (tty && driver->subtype == PTY_TYPE_MASTER)
1866 tty = tty->link;
1867 } else {
1868 tty = driver->ttys[idx];
1869 }
1870 if (tty) goto fast_track;
1871
1872 /*
1873 * First time open is complex, especially for PTY devices.
1874 * This code guarantees that either everything succeeds and the
1875 * TTY is ready for operation, or else the table slots are vacated
1876 * and the allocated memory released. (Except that the termios
1877 * and locked termios may be retained.)
1878 */
1879
1880 if (!try_module_get(driver->owner)) {
1881 retval = -ENODEV;
1882 goto end_init;
1883 }
1884
1885 o_tty = NULL;
1886 tp = o_tp = NULL;
1887 ltp = o_ltp = NULL;
1888
1889 tty = alloc_tty_struct();
1890 if(!tty)
1891 goto fail_no_mem;
1892 initialize_tty_struct(tty);
1893 tty->driver = driver;
1894 tty->index = idx;
1895 tty_line_name(driver, idx, tty->name);
1896
1897 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1898 tp_loc = &tty->termios;
1899 ltp_loc = &tty->termios_locked;
1900 } else {
1901 tp_loc = &driver->termios[idx];
1902 ltp_loc = &driver->termios_locked[idx];
1903 }
1904
1905 if (!*tp_loc) {
1906 tp = (struct termios *) kmalloc(sizeof(struct termios),
1907 GFP_KERNEL);
1908 if (!tp)
1909 goto free_mem_out;
1910 *tp = driver->init_termios;
1911 }
1912
1913 if (!*ltp_loc) {
1914 ltp = (struct termios *) kmalloc(sizeof(struct termios),
1915 GFP_KERNEL);
1916 if (!ltp)
1917 goto free_mem_out;
1918 memset(ltp, 0, sizeof(struct termios));
1919 }
1920
1921 if (driver->type == TTY_DRIVER_TYPE_PTY) {
1922 o_tty = alloc_tty_struct();
1923 if (!o_tty)
1924 goto free_mem_out;
1925 initialize_tty_struct(o_tty);
1926 o_tty->driver = driver->other;
1927 o_tty->index = idx;
1928 tty_line_name(driver->other, idx, o_tty->name);
1929
1930 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1931 o_tp_loc = &o_tty->termios;
1932 o_ltp_loc = &o_tty->termios_locked;
1933 } else {
1934 o_tp_loc = &driver->other->termios[idx];
1935 o_ltp_loc = &driver->other->termios_locked[idx];
1936 }
1937
1938 if (!*o_tp_loc) {
1939 o_tp = (struct termios *)
1940 kmalloc(sizeof(struct termios), GFP_KERNEL);
1941 if (!o_tp)
1942 goto free_mem_out;
1943 *o_tp = driver->other->init_termios;
1944 }
1945
1946 if (!*o_ltp_loc) {
1947 o_ltp = (struct termios *)
1948 kmalloc(sizeof(struct termios), GFP_KERNEL);
1949 if (!o_ltp)
1950 goto free_mem_out;
1951 memset(o_ltp, 0, sizeof(struct termios));
1952 }
1953
1954 /*
1955 * Everything allocated ... set up the o_tty structure.
1956 */
1957 if (!(driver->other->flags & TTY_DRIVER_DEVPTS_MEM)) {
1958 driver->other->ttys[idx] = o_tty;
1959 }
1960 if (!*o_tp_loc)
1961 *o_tp_loc = o_tp;
1962 if (!*o_ltp_loc)
1963 *o_ltp_loc = o_ltp;
1964 o_tty->termios = *o_tp_loc;
1965 o_tty->termios_locked = *o_ltp_loc;
1966 driver->other->refcount++;
1967 if (driver->subtype == PTY_TYPE_MASTER)
1968 o_tty->count++;
1969
1970 /* Establish the links in both directions */
1971 tty->link = o_tty;
1972 o_tty->link = tty;
1973 }
1974
1975 /*
1976 * All structures have been allocated, so now we install them.
1977 * Failures after this point use release_mem to clean up, so
1978 * there's no need to null out the local pointers.
1979 */
1980 if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
1981 driver->ttys[idx] = tty;
1982 }
1983
1984 if (!*tp_loc)
1985 *tp_loc = tp;
1986 if (!*ltp_loc)
1987 *ltp_loc = ltp;
1988 tty->termios = *tp_loc;
1989 tty->termios_locked = *ltp_loc;
1990 driver->refcount++;
1991 tty->count++;
1992
1993 /*
1994 * Structures all installed ... call the ldisc open routines.
1995 * If we fail here just call release_mem to clean up. No need
1996 * to decrement the use counts, as release_mem doesn't care.
1997 */
1998
1999 if (tty->ldisc.open) {
2000 retval = (tty->ldisc.open)(tty);
2001 if (retval)
2002 goto release_mem_out;
2003 }
2004 if (o_tty && o_tty->ldisc.open) {
2005 retval = (o_tty->ldisc.open)(o_tty);
2006 if (retval) {
2007 if (tty->ldisc.close)
2008 (tty->ldisc.close)(tty);
2009 goto release_mem_out;
2010 }
2011 tty_ldisc_enable(o_tty);
2012 }
2013 tty_ldisc_enable(tty);
2014 goto success;
2015
2016 /*
2017 * This fast open can be used if the tty is already open.
2018 * No memory is allocated, and the only failures are from
2019 * attempting to open a closing tty or attempting multiple
2020 * opens on a pty master.
2021 */
2022fast_track:
2023 if (test_bit(TTY_CLOSING, &tty->flags)) {
2024 retval = -EIO;
2025 goto end_init;
2026 }
2027 if (driver->type == TTY_DRIVER_TYPE_PTY &&
2028 driver->subtype == PTY_TYPE_MASTER) {
2029 /*
2030 * special case for PTY masters: only one open permitted,
2031 * and the slave side open count is incremented as well.
2032 */
2033 if (tty->count) {
2034 retval = -EIO;
2035 goto end_init;
2036 }
2037 tty->link->count++;
2038 }
2039 tty->count++;
2040 tty->driver = driver; /* N.B. why do this every time?? */
2041
2042 /* FIXME */
2043 if(!test_bit(TTY_LDISC, &tty->flags))
2044 printk(KERN_ERR "init_dev but no ldisc\n");
2045success:
2046 *ret_tty = tty;
2047
70522e12 2048 /* All paths come through here to release the mutex */
1da177e4
LT		 2049end_init:
2050 return retval;
2051
2052 /* Release locally allocated memory ... nothing placed in slots */
2053free_mem_out:
735d5661 2054 kfree(o_tp);
1da177e4
LT		 2055 if (o_tty)
2056 free_tty_struct(o_tty);
735d5661
JJ		 2057 kfree(ltp);
2058 kfree(tp);
1da177e4
LT		 2059 free_tty_struct(tty);
2060
2061fail_no_mem:
2062 module_put(driver->owner);
2063 retval = -ENOMEM;
2064 goto end_init;
2065
2066 /* call the tty release_mem routine to clean out this slot */
2067release_mem_out:
2068 printk(KERN_INFO "init_dev: ldisc open failed, "
2069 "clearing slot %d\n", idx);
2070 release_mem(tty, idx);
2071 goto end_init;
2072}
2073
af9b897e
AC		 2074/**
2075 * release_mem - release tty structure memory
2076 *
2077 * Releases memory associated with a tty structure, and clears out the
2078 * driver table slots. This function is called when a device is no longer
2079 * in use. It also gets called when setup of a device fails.
2080 *
2081 * Locking:
2082 * tty_mutex - sometimes only
2083 * takes the file list lock internally when working on the list
2084 * of ttys that the driver keeps.
2085 * FIXME: should we require tty_mutex is held here ??
1da177e4 2086 */
af9b897e 2087
1da177e4
LT		 2088static void release_mem(struct tty_struct *tty, int idx)
2089{
2090 struct tty_struct *o_tty;
2091 struct termios *tp;
2092 int devpts = tty->driver->flags & TTY_DRIVER_DEVPTS_MEM;
2093
2094 if ((o_tty = tty->link) != NULL) {
2095 if (!devpts)
2096 o_tty->driver->ttys[idx] = NULL;
2097 if (o_tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
2098 tp = o_tty->termios;
2099 if (!devpts)
2100 o_tty->driver->termios[idx] = NULL;
2101 kfree(tp);
2102
2103 tp = o_tty->termios_locked;
2104 if (!devpts)
2105 o_tty->driver->termios_locked[idx] = NULL;
2106 kfree(tp);
2107 }
2108 o_tty->magic = 0;
2109 o_tty->driver->refcount--;
2110 file_list_lock();
2111 list_del_init(&o_tty->tty_files);
2112 file_list_unlock();
2113 free_tty_struct(o_tty);
2114 }
2115
2116 if (!devpts)
2117 tty->driver->ttys[idx] = NULL;
2118 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
2119 tp = tty->termios;
2120 if (!devpts)
2121 tty->driver->termios[idx] = NULL;
2122 kfree(tp);
2123
2124 tp = tty->termios_locked;
2125 if (!devpts)
2126 tty->driver->termios_locked[idx] = NULL;
2127 kfree(tp);
2128 }
2129
2130 tty->magic = 0;
2131 tty->driver->refcount--;
2132 file_list_lock();
2133 list_del_init(&tty->tty_files);
2134 file_list_unlock();
2135 module_put(tty->driver->owner);
2136 free_tty_struct(tty);
2137}
2138
2139/*
2140 * Even releasing the tty structures is a tricky business.. We have
2141 * to be very careful that the structures are all released at the
2142 * same time, as interrupts might otherwise get the wrong pointers.
2143 *
2144 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
2145 * lead to double frees or releasing memory still in use.
2146 */
2147static void release_dev(struct file * filp)
2148{
2149 struct tty_struct *tty, *o_tty;
2150 int pty_master, tty_closing, o_tty_closing, do_sleep;
14a6283e 2151 int devpts;
1da177e4
LT		 2152 int idx;
2153 char buf[64];
2154 unsigned long flags;
2155
2156 tty = (struct tty_struct *)filp->private_data;
2157 if (tty_paranoia_check(tty, filp->f_dentry->d_inode, "release_dev"))
2158 return;
2159
2160 check_tty_count(tty, "release_dev");
2161
2162 tty_fasync(-1, filp, 0);
2163
2164 idx = tty->index;
2165 pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2166 tty->driver->subtype == PTY_TYPE_MASTER);
2167 devpts = (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) != 0;
1da177e4
LT		 2168 o_tty = tty->link;
2169
2170#ifdef TTY_PARANOIA_CHECK
2171 if (idx < 0 || idx >= tty->driver->num) {
2172 printk(KERN_DEBUG "release_dev: bad idx when trying to "
2173 "free (%s)\n", tty->name);
2174 return;
2175 }
2176 if (!(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2177 if (tty != tty->driver->ttys[idx]) {
2178 printk(KERN_DEBUG "release_dev: driver.table[%d] not tty "
2179 "for (%s)\n", idx, tty->name);
2180 return;
2181 }
2182 if (tty->termios != tty->driver->termios[idx]) {
2183 printk(KERN_DEBUG "release_dev: driver.termios[%d] not termios "
2184 "for (%s)\n",
2185 idx, tty->name);
2186 return;
2187 }
2188 if (tty->termios_locked != tty->driver->termios_locked[idx]) {
2189 printk(KERN_DEBUG "release_dev: driver.termios_locked[%d] not "
2190 "termios_locked for (%s)\n",
2191 idx, tty->name);
2192 return;
2193 }
2194 }
2195#endif
2196
2197#ifdef TTY_DEBUG_HANGUP
2198 printk(KERN_DEBUG "release_dev of %s (tty count=%d)...",
2199 tty_name(tty, buf), tty->count);
2200#endif
2201
2202#ifdef TTY_PARANOIA_CHECK
2203 if (tty->driver->other &&
2204 !(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2205 if (o_tty != tty->driver->other->ttys[idx]) {
2206 printk(KERN_DEBUG "release_dev: other->table[%d] "
2207 "not o_tty for (%s)\n",
2208 idx, tty->name);
2209 return;
2210 }
2211 if (o_tty->termios != tty->driver->other->termios[idx]) {
2212 printk(KERN_DEBUG "release_dev: other->termios[%d] "
2213 "not o_termios for (%s)\n",
2214 idx, tty->name);
2215 return;
2216 }
2217 if (o_tty->termios_locked !=
2218 tty->driver->other->termios_locked[idx]) {
2219 printk(KERN_DEBUG "release_dev: other->termios_locked["
2220 "%d] not o_termios_locked for (%s)\n",
2221 idx, tty->name);
2222 return;
2223 }
2224 if (o_tty->link != tty) {
2225 printk(KERN_DEBUG "release_dev: bad pty pointers\n");
2226 return;
2227 }
2228 }
2229#endif
2230 if (tty->driver->close)
2231 tty->driver->close(tty, filp);
2232
2233 /*
2234 * Sanity check: if tty->count is going to zero, there shouldn't be
2235 * any waiters on tty->read_wait or tty->write_wait. We test the
2236 * wait queues and kick everyone out _before_ actually starting to
2237 * close. This ensures that we won't block while releasing the tty
2238 * structure.
2239 *
2240 * The test for the o_tty closing is necessary, since the master and
2241 * slave sides may close in any order. If the slave side closes out
2242 * first, its count will be one, since the master side holds an open.
2243 * Thus this test wouldn't be triggered at the time the slave closes,
2244 * so we do it now.
2245 *
2246 * Note that it's possible for the tty to be opened again while we're
2247 * flushing out waiters. By recalculating the closing flags before
2248 * each iteration we avoid any problems.
2249 */
2250 while (1) {
2251 /* Guard against races with tty->count changes elsewhere and
2252 opens on /dev/tty */
2253
70522e12 2254 mutex_lock(&tty_mutex);
1da177e4
LT		 2255 tty_closing = tty->count <= 1;
2256 o_tty_closing = o_tty &&
2257 (o_tty->count <= (pty_master ? 1 : 0));
1da177e4
LT		 2258 do_sleep = 0;
2259
2260 if (tty_closing) {
2261 if (waitqueue_active(&tty->read_wait)) {
2262 wake_up(&tty->read_wait);
2263 do_sleep++;
2264 }
2265 if (waitqueue_active(&tty->write_wait)) {
2266 wake_up(&tty->write_wait);
2267 do_sleep++;
2268 }
2269 }
2270 if (o_tty_closing) {
2271 if (waitqueue_active(&o_tty->read_wait)) {
2272 wake_up(&o_tty->read_wait);
2273 do_sleep++;
2274 }
2275 if (waitqueue_active(&o_tty->write_wait)) {
2276 wake_up(&o_tty->write_wait);
2277 do_sleep++;
2278 }
2279 }
2280 if (!do_sleep)
2281 break;
2282
2283 printk(KERN_WARNING "release_dev: %s: read/write wait queue "
2284 "active!\n", tty_name(tty, buf));
70522e12 2285 mutex_unlock(&tty_mutex);
1da177e4
LT		 2286 schedule();
2287 }
2288
2289 /*
2290 * The closing flags are now consistent with the open counts on
2291 * both sides, and we've completed the last operation that could
2292 * block, so it's safe to proceed with closing.
2293 */
1da177e4
LT		 2294 if (pty_master) {
2295 if (--o_tty->count < 0) {
2296 printk(KERN_WARNING "release_dev: bad pty slave count "
2297 "(%d) for %s\n",
2298 o_tty->count, tty_name(o_tty, buf));
2299 o_tty->count = 0;
2300 }
2301 }
2302 if (--tty->count < 0) {
2303 printk(KERN_WARNING "release_dev: bad tty->count (%d) for %s\n",
2304 tty->count, tty_name(tty, buf));
2305 tty->count = 0;
2306 }
1da177e4
LT		 2307
2308 /*
2309 * We've decremented tty->count, so we need to remove this file
2310 * descriptor off the tty->tty_files list; this serves two
2311 * purposes:
2312 * - check_tty_count sees the correct number of file descriptors
2313 * associated with this tty.
2314 * - do_tty_hangup no longer sees this file descriptor as
2315 * something that needs to be handled for hangups.
2316 */
2317 file_kill(filp);
2318 filp->private_data = NULL;
2319
2320 /*
2321 * Perform some housekeeping before deciding whether to return.
2322 *
2323 * Set the TTY_CLOSING flag if this was the last open. In the
2324 * case of a pty we may have to wait around for the other side
2325 * to close, and TTY_CLOSING makes sure we can't be reopened.
2326 */
2327 if(tty_closing)
2328 set_bit(TTY_CLOSING, &tty->flags);
2329 if(o_tty_closing)
2330 set_bit(TTY_CLOSING, &o_tty->flags);
2331
2332 /*
2333 * If _either_ side is closing, make sure there aren't any
2334 * processes that still think tty or o_tty is their controlling
2335 * tty.
2336 */
2337 if (tty_closing || o_tty_closing) {
2338 struct task_struct *p;
2339
2340 read_lock(&tasklist_lock);
2341 do_each_task_pid(tty->session, PIDTYPE_SID, p) {
2342 p->signal->tty = NULL;
2343 } while_each_task_pid(tty->session, PIDTYPE_SID, p);
2344 if (o_tty)
2345 do_each_task_pid(o_tty->session, PIDTYPE_SID, p) {
2346 p->signal->tty = NULL;
2347 } while_each_task_pid(o_tty->session, PIDTYPE_SID, p);
2348 read_unlock(&tasklist_lock);
2349 }
2350
70522e12 2351 mutex_unlock(&tty_mutex);
da965822 2352
1da177e4
LT		 2353 /* check whether both sides are closing ... */
2354 if (!tty_closing || (o_tty && !o_tty_closing))
2355 return;
2356
2357#ifdef TTY_DEBUG_HANGUP
2358 printk(KERN_DEBUG "freeing tty structure...");
2359#endif
2360 /*
2361 * Prevent flush_to_ldisc() from rescheduling the work for later. Then
2362 * kill any delayed work. As this is the final close it does not
2363 * race with the set_ldisc code path.
2364 */
2365 clear_bit(TTY_LDISC, &tty->flags);
33f0f88f 2366 cancel_delayed_work(&tty->buf.work);
1da177e4
LT		 2367
2368 /*
33f0f88f 2369 * Wait for ->hangup_work and ->buf.work handlers to terminate
1da177e4
LT		 2370 */
2371
2372 flush_scheduled_work();
2373
2374 /*
2375 * Wait for any short term users (we know they are just driver
2376 * side waiters as the file is closing so user count on the file
2377 * side is zero.
2378 */
2379 spin_lock_irqsave(&tty_ldisc_lock, flags);
2380 while(tty->ldisc.refcount)
2381 {
2382 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
2383 wait_event(tty_ldisc_wait, tty->ldisc.refcount == 0);
2384 spin_lock_irqsave(&tty_ldisc_lock, flags);
2385 }
2386 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
2387 /*
2388 * Shutdown the current line discipline, and reset it to N_TTY.
2389 * N.B. why reset ldisc when we're releasing the memory??
2390 *
2391 * FIXME: this MUST get fixed for the new reflocking
2392 */
2393 if (tty->ldisc.close)
2394 (tty->ldisc.close)(tty);
2395 tty_ldisc_put(tty->ldisc.num);
2396
2397 /*
2398 * Switch the line discipline back
2399 */
2400 tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
2401 tty_set_termios_ldisc(tty,N_TTY);
2402 if (o_tty) {
2403 /* FIXME: could o_tty be in setldisc here ? */
2404 clear_bit(TTY_LDISC, &o_tty->flags);
2405 if (o_tty->ldisc.close)
2406 (o_tty->ldisc.close)(o_tty);
2407 tty_ldisc_put(o_tty->ldisc.num);
2408 tty_ldisc_assign(o_tty, tty_ldisc_get(N_TTY));
2409 tty_set_termios_ldisc(o_tty,N_TTY);
2410 }
2411 /*
2412 * The release_mem function takes care of the details of clearing
2413 * the slots and preserving the termios structure.
2414 */
2415 release_mem(tty, idx);
2416
2417#ifdef CONFIG_UNIX98_PTYS
2418 /* Make this pty number available for reallocation */
2419 if (devpts) {
2420 down(&allocated_ptys_lock);
2421 idr_remove(&allocated_ptys, idx);
2422 up(&allocated_ptys_lock);
2423 }
2424#endif
2425
2426}
2427
af9b897e
AC		 2428/**
2429 * tty_open - open a tty device
2430 * @inode: inode of device file
2431 * @filp: file pointer to tty
1da177e4 2432 *
af9b897e
AC		 2433 * tty_open and tty_release keep up the tty count that contains the
2434 * number of opens done on a tty. We cannot use the inode-count, as
2435 * different inodes might point to the same tty.
1da177e4 2436 *
af9b897e
AC		 2437 * Open-counting is needed for pty masters, as well as for keeping
2438 * track of serial lines: DTR is dropped when the last close happens.
2439 * (This is not done solely through tty->count, now. - Ted 1/27/92)
2440 *
2441 * The termios state of a pty is reset on first open so that
2442 * settings don't persist across reuse.
2443 *
2444 * Locking: tty_mutex protects current->signal->tty, get_tty_driver and
2445 * init_dev work. tty->count should protect the rest.
2446 * task_lock is held to update task details for sessions
1da177e4 2447 */
af9b897e 2448
1da177e4
LT		 2449static int tty_open(struct inode * inode, struct file * filp)
2450{
2451 struct tty_struct *tty;
2452 int noctty, retval;
2453 struct tty_driver *driver;
2454 int index;
2455 dev_t device = inode->i_rdev;
2456 unsigned short saved_flags = filp->f_flags;
2457
2458 nonseekable_open(inode, filp);
2459
2460retry_open:
2461 noctty = filp->f_flags & O_NOCTTY;
2462 index = -1;
2463 retval = 0;
2464
70522e12 2465 mutex_lock(&tty_mutex);
1da177e4
LT		 2466
2467 if (device == MKDEV(TTYAUX_MAJOR,0)) {
2468 if (!current->signal->tty) {
70522e12 2469 mutex_unlock(&tty_mutex);
1da177e4
LT		 2470 return -ENXIO;
2471 }
2472 driver = current->signal->tty->driver;
2473 index = current->signal->tty->index;
2474 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
2475 /* noctty = 1; */
2476 goto got_driver;
2477 }
2478#ifdef CONFIG_VT
2479 if (device == MKDEV(TTY_MAJOR,0)) {
2480 extern struct tty_driver *console_driver;
2481 driver = console_driver;
2482 index = fg_console;
2483 noctty = 1;
2484 goto got_driver;
2485 }
2486#endif
2487 if (device == MKDEV(TTYAUX_MAJOR,1)) {
2488 driver = console_device(&index);
2489 if (driver) {
2490 /* Don't let /dev/console block */
2491 filp->f_flags |= O_NONBLOCK;
2492 noctty = 1;
2493 goto got_driver;
2494 }
70522e12 2495 mutex_unlock(&tty_mutex);
1da177e4
LT		 2496 return -ENODEV;
2497 }
2498
2499 driver = get_tty_driver(device, &index);
2500 if (!driver) {
70522e12 2501 mutex_unlock(&tty_mutex);
1da177e4
LT		 2502 return -ENODEV;
2503 }
2504got_driver:
2505 retval = init_dev(driver, index, &tty);
70522e12 2506 mutex_unlock(&tty_mutex);
1da177e4
LT		 2507 if (retval)
2508 return retval;
2509
2510 filp->private_data = tty;
2511 file_move(filp, &tty->tty_files);
2512 check_tty_count(tty, "tty_open");
2513 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2514 tty->driver->subtype == PTY_TYPE_MASTER)
2515 noctty = 1;
2516#ifdef TTY_DEBUG_HANGUP
2517 printk(KERN_DEBUG "opening %s...", tty->name);
2518#endif
2519 if (!retval) {
2520 if (tty->driver->open)
2521 retval = tty->driver->open(tty, filp);
2522 else
2523 retval = -ENODEV;
2524 }
2525 filp->f_flags = saved_flags;
2526
2527 if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN))
2528 retval = -EBUSY;
2529
2530 if (retval) {
2531#ifdef TTY_DEBUG_HANGUP
2532 printk(KERN_DEBUG "error %d in opening %s...", retval,
2533 tty->name);
2534#endif
2535 release_dev(filp);
2536 if (retval != -ERESTARTSYS)
2537 return retval;
2538 if (signal_pending(current))
2539 return retval;
2540 schedule();
2541 /*
2542 * Need to reset f_op in case a hangup happened.
2543 */
2544 if (filp->f_op == &hung_up_tty_fops)
2545 filp->f_op = &tty_fops;
2546 goto retry_open;
2547 }
2548 if (!noctty &&
2549 current->signal->leader &&
2550 !current->signal->tty &&
2551 tty->session == 0) {
2552 task_lock(current);
2553 current->signal->tty = tty;
2554 task_unlock(current);
2555 current->signal->tty_old_pgrp = 0;
2556 tty->session = current->signal->session;
2557 tty->pgrp = process_group(current);
2558 }
2559 return 0;
2560}
2561
2562#ifdef CONFIG_UNIX98_PTYS
af9b897e
AC		 2563/**
2564 * ptmx_open - open a unix 98 pty master
2565 * @inode: inode of device file
2566 * @filp: file pointer to tty
2567 *
2568 * Allocate a unix98 pty master device from the ptmx driver.
2569 *
2570 * Locking: tty_mutex protects theinit_dev work. tty->count should
2571 protect the rest.
2572 * allocated_ptys_lock handles the list of free pty numbers
2573 */
2574
1da177e4
LT		 2575static int ptmx_open(struct inode * inode, struct file * filp)
2576{
2577 struct tty_struct *tty;
2578 int retval;
2579 int index;
2580 int idr_ret;
2581
2582 nonseekable_open(inode, filp);
2583
2584 /* find a device that is not in use. */
2585 down(&allocated_ptys_lock);
2586 if (!idr_pre_get(&allocated_ptys, GFP_KERNEL)) {
2587 up(&allocated_ptys_lock);
2588 return -ENOMEM;
2589 }
2590 idr_ret = idr_get_new(&allocated_ptys, NULL, &index);
2591 if (idr_ret < 0) {
2592 up(&allocated_ptys_lock);
2593 if (idr_ret == -EAGAIN)
2594 return -ENOMEM;
2595 return -EIO;
2596 }
2597 if (index >= pty_limit) {
2598 idr_remove(&allocated_ptys, index);
2599 up(&allocated_ptys_lock);
2600 return -EIO;
2601 }
2602 up(&allocated_ptys_lock);
2603
70522e12 2604 mutex_lock(&tty_mutex);
1da177e4 2605 retval = init_dev(ptm_driver, index, &tty);
70522e12 2606 mutex_unlock(&tty_mutex);
1da177e4
LT		 2607
2608 if (retval)
2609 goto out;
2610
2611 set_bit(TTY_PTY_LOCK, &tty->flags); /* LOCK THE SLAVE */
2612 filp->private_data = tty;
2613 file_move(filp, &tty->tty_files);
2614
2615 retval = -ENOMEM;
2616 if (devpts_pty_new(tty->link))
2617 goto out1;
2618
2619 check_tty_count(tty, "tty_open");
2620 retval = ptm_driver->open(tty, filp);
2621 if (!retval)
2622 return 0;
2623out1:
2624 release_dev(filp);
9453a5ad 2625 return retval;
1da177e4
LT		 2626out:
2627 down(&allocated_ptys_lock);
2628 idr_remove(&allocated_ptys, index);
2629 up(&allocated_ptys_lock);
2630 return retval;
2631}
2632#endif
2633
af9b897e
AC		 2634/**
2635 * tty_release - vfs callback for close
2636 * @inode: inode of tty
2637 * @filp: file pointer for handle to tty
2638 *
2639 * Called the last time each file handle is closed that references
2640 * this tty. There may however be several such references.
2641 *
2642 * Locking:
2643 * Takes bkl. See release_dev
2644 */
2645
1da177e4
LT		 2646static int tty_release(struct inode * inode, struct file * filp)
2647{
2648 lock_kernel();
2649 release_dev(filp);
2650 unlock_kernel();
2651 return 0;
2652}
2653
af9b897e
AC		 2654/**
2655 * tty_poll - check tty status
2656 * @filp: file being polled
2657 * @wait: poll wait structures to update
2658 *
2659 * Call the line discipline polling method to obtain the poll
2660 * status of the device.
2661 *
2662 * Locking: locks called line discipline but ldisc poll method
2663 * may be re-entered freely by other callers.
2664 */
2665
1da177e4
LT		 2666static unsigned int tty_poll(struct file * filp, poll_table * wait)
2667{
2668 struct tty_struct * tty;
2669 struct tty_ldisc *ld;
2670 int ret = 0;
2671
2672 tty = (struct tty_struct *)filp->private_data;
2673 if (tty_paranoia_check(tty, filp->f_dentry->d_inode, "tty_poll"))
2674 return 0;
2675
2676 ld = tty_ldisc_ref_wait(tty);
2677 if (ld->poll)
2678 ret = (ld->poll)(tty, filp, wait);
2679 tty_ldisc_deref(ld);
2680 return ret;
2681}
2682
2683static int tty_fasync(int fd, struct file * filp, int on)
2684{
2685 struct tty_struct * tty;
2686 int retval;
2687
2688 tty = (struct tty_struct *)filp->private_data;
2689 if (tty_paranoia_check(tty, filp->f_dentry->d_inode, "tty_fasync"))
2690 return 0;
2691
2692 retval = fasync_helper(fd, filp, on, &tty->fasync);
2693 if (retval <= 0)
2694 return retval;
2695
2696 if (on) {
2697 if (!waitqueue_active(&tty->read_wait))
2698 tty->minimum_to_wake = 1;
2699 retval = f_setown(filp, (-tty->pgrp) ? : current->pid, 0);
2700 if (retval)
2701 return retval;
2702 } else {
2703 if (!tty->fasync && !waitqueue_active(&tty->read_wait))
2704 tty->minimum_to_wake = N_TTY_BUF_SIZE;
2705 }
2706 return 0;
2707}
2708
af9b897e
AC		 2709/**
2710 * tiocsti - fake input character
2711 * @tty: tty to fake input into
2712 * @p: pointer to character
2713 *
2714 * Fake input to a tty device. Does the neccessary locking and
2715 * input management.
2716 *
2717 * FIXME: does not honour flow control ??
2718 *
2719 * Locking:
2720 * Called functions take tty_ldisc_lock
2721 * current->signal->tty check is safe without locks
2722 */
2723
1da177e4
LT		 2724static int tiocsti(struct tty_struct *tty, char __user *p)
2725{
2726 char ch, mbz = 0;
2727 struct tty_ldisc *ld;
2728
2729 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2730 return -EPERM;
2731 if (get_user(ch, p))
2732 return -EFAULT;
2733 ld = tty_ldisc_ref_wait(tty);
2734 ld->receive_buf(tty, &ch, &mbz, 1);
2735 tty_ldisc_deref(ld);
2736 return 0;
2737}
2738
af9b897e
AC		 2739/**
2740 * tiocgwinsz - implement window query ioctl
2741 * @tty; tty
2742 * @arg: user buffer for result
2743 *
808a0d38 2744 * Copies the kernel idea of the window size into the user buffer.
af9b897e 2745 *
808a0d38
AC		 2746 * Locking: tty->termios_sem is taken to ensure the winsize data
2747 * is consistent.
af9b897e
AC		 2748 */
2749
1da177e4
LT		 2750static int tiocgwinsz(struct tty_struct *tty, struct winsize __user * arg)
2751{
808a0d38
AC		 2752 int err;
2753
5785c95b 2754 mutex_lock(&tty->termios_mutex);
808a0d38 2755 err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
5785c95b 2756 mutex_unlock(&tty->termios_mutex);
808a0d38
AC		 2757
2758 return err ? -EFAULT: 0;
1da177e4
LT		 2759}
2760
af9b897e
AC		 2761/**
2762 * tiocswinsz - implement window size set ioctl
2763 * @tty; tty
2764 * @arg: user buffer for result
2765 *
2766 * Copies the user idea of the window size to the kernel. Traditionally
2767 * this is just advisory information but for the Linux console it
2768 * actually has driver level meaning and triggers a VC resize.
2769 *
2770 * Locking:
ca9bda00
AC		 2771 * Called function use the console_sem is used to ensure we do
2772 * not try and resize the console twice at once.
2773 * The tty->termios_sem is used to ensure we don't double
2774 * resize and get confused. Lock order - tty->termios.sem before
2775 * console sem
af9b897e
AC		 2776 */
2777
1da177e4
LT		 2778static int tiocswinsz(struct tty_struct *tty, struct tty_struct *real_tty,
2779 struct winsize __user * arg)
2780{
2781 struct winsize tmp_ws;
2782
2783 if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2784 return -EFAULT;
ca9bda00 2785
5785c95b 2786 mutex_lock(&tty->termios_mutex);
1da177e4 2787 if (!memcmp(&tmp_ws, &tty->winsize, sizeof(*arg)))
ca9bda00
AC		 2788 goto done;
2789
1da177e4
LT		 2790#ifdef CONFIG_VT
2791 if (tty->driver->type == TTY_DRIVER_TYPE_CONSOLE) {
5785c95b
AV		 2792 if (vc_lock_resize(tty->driver_data, tmp_ws.ws_col,
2793 tmp_ws.ws_row)) {
2794 mutex_unlock(&tty->termios_mutex);
ca9bda00
AC		 2795 return -ENXIO;
2796 }
1da177e4
LT		 2797 }
2798#endif
2799 if (tty->pgrp > 0)
2800 kill_pg(tty->pgrp, SIGWINCH, 1);
2801 if ((real_tty->pgrp != tty->pgrp) && (real_tty->pgrp > 0))
2802 kill_pg(real_tty->pgrp, SIGWINCH, 1);
2803 tty->winsize = tmp_ws;
2804 real_tty->winsize = tmp_ws;
ca9bda00 2805done:
5785c95b 2806 mutex_unlock(&tty->termios_mutex);
1da177e4
LT		 2807 return 0;
2808}
2809
af9b897e
AC		 2810/**
2811 * tioccons - allow admin to move logical console
2812 * @file: the file to become console
2813 *
2814 * Allow the adminstrator to move the redirected console device
2815 *
2816 * Locking: uses redirect_lock to guard the redirect information
2817 */
2818
1da177e4
LT		 2819static int tioccons(struct file *file)
2820{
2821 if (!capable(CAP_SYS_ADMIN))
2822 return -EPERM;
2823 if (file->f_op->write == redirected_tty_write) {
2824 struct file *f;
2825 spin_lock(&redirect_lock);
2826 f = redirect;
2827 redirect = NULL;
2828 spin_unlock(&redirect_lock);
2829 if (f)
2830 fput(f);
2831 return 0;
2832 }
2833 spin_lock(&redirect_lock);
2834 if (redirect) {
2835 spin_unlock(&redirect_lock);
2836 return -EBUSY;
2837 }
2838 get_file(file);
2839 redirect = file;
2840 spin_unlock(&redirect_lock);
2841 return 0;
2842}
2843
af9b897e
AC		 2844/**
2845 * fionbio - non blocking ioctl
2846 * @file: file to set blocking value
2847 * @p: user parameter
2848 *
2849 * Historical tty interfaces had a blocking control ioctl before
2850 * the generic functionality existed. This piece of history is preserved
2851 * in the expected tty API of posix OS's.
2852 *
2853 * Locking: none, the open fle handle ensures it won't go away.
2854 */
1da177e4
LT		 2855
2856static int fionbio(struct file *file, int __user *p)
2857{
2858 int nonblock;
2859
2860 if (get_user(nonblock, p))
2861 return -EFAULT;
2862
2863 if (nonblock)
2864 file->f_flags |= O_NONBLOCK;
2865 else
2866 file->f_flags &= ~O_NONBLOCK;
2867 return 0;
2868}
2869
af9b897e
AC		 2870/**
2871 * tiocsctty - set controlling tty
2872 * @tty: tty structure
2873 * @arg: user argument
2874 *
2875 * This ioctl is used to manage job control. It permits a session
2876 * leader to set this tty as the controlling tty for the session.
2877 *
2878 * Locking:
2879 * Takes tasklist lock internally to walk sessions
2880 * Takes task_lock() when updating signal->tty
2881 *
2882 * FIXME: tty_mutex is needed to protect signal->tty references.
2883 * FIXME: why task_lock on the signal->tty reference ??
2884 *
2885 */
2886
1da177e4
LT		 2887static int tiocsctty(struct tty_struct *tty, int arg)
2888{
36c8b586 2889 struct task_struct *p;
1da177e4
LT		 2890
2891 if (current->signal->leader &&
2892 (current->signal->session == tty->session))
2893 return 0;
2894 /*
2895 * The process must be a session leader and
2896 * not have a controlling tty already.
2897 */
2898 if (!current->signal->leader || current->signal->tty)
2899 return -EPERM;
2900 if (tty->session > 0) {
2901 /*
2902 * This tty is already the controlling
2903 * tty for another session group!
2904 */
2905 if ((arg == 1) && capable(CAP_SYS_ADMIN)) {
2906 /*
2907 * Steal it away
2908 */
2909
2910 read_lock(&tasklist_lock);
2911 do_each_task_pid(tty->session, PIDTYPE_SID, p) {
2912 p->signal->tty = NULL;
2913 } while_each_task_pid(tty->session, PIDTYPE_SID, p);
2914 read_unlock(&tasklist_lock);
2915 } else
2916 return -EPERM;
2917 }
2918 task_lock(current);
2919 current->signal->tty = tty;
2920 task_unlock(current);
2921 current->signal->tty_old_pgrp = 0;
2922 tty->session = current->signal->session;
2923 tty->pgrp = process_group(current);
2924 return 0;
2925}
2926
af9b897e
AC		 2927/**
2928 * tiocgpgrp - get process group
2929 * @tty: tty passed by user
2930 * @real_tty: tty side of the tty pased by the user if a pty else the tty
2931 * @p: returned pid
2932 *
2933 * Obtain the process group of the tty. If there is no process group
2934 * return an error.
2935 *
2936 * Locking: none. Reference to ->signal->tty is safe.
2937 */
2938
1da177e4
LT		 2939static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2940{
2941 /*
2942 * (tty == real_tty) is a cheap way of
2943 * testing if the tty is NOT a master pty.
2944 */
2945 if (tty == real_tty && current->signal->tty != real_tty)
2946 return -ENOTTY;
2947 return put_user(real_tty->pgrp, p);
2948}
2949
af9b897e
AC		 2950/**
2951 * tiocspgrp - attempt to set process group
2952 * @tty: tty passed by user
2953 * @real_tty: tty side device matching tty passed by user
2954 * @p: pid pointer
2955 *
2956 * Set the process group of the tty to the session passed. Only
2957 * permitted where the tty session is our session.
2958 *
2959 * Locking: None
2960 *
2961 * FIXME: current->signal->tty referencing is unsafe.
2962 */
2963
1da177e4
LT		 2964static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2965{
2966 pid_t pgrp;
2967 int retval = tty_check_change(real_tty);
2968
2969 if (retval == -EIO)
2970 return -ENOTTY;
2971 if (retval)
2972 return retval;
2973 if (!current->signal->tty ||
2974 (current->signal->tty != real_tty) ||
2975 (real_tty->session != current->signal->session))
2976 return -ENOTTY;
2977 if (get_user(pgrp, p))
2978 return -EFAULT;
2979 if (pgrp < 0)
2980 return -EINVAL;
2981 if (session_of_pgrp(pgrp) != current->signal->session)
2982 return -EPERM;
2983 real_tty->pgrp = pgrp;
2984 return 0;
2985}
2986
af9b897e
AC		 2987/**
2988 * tiocgsid - get session id
2989 * @tty: tty passed by user
2990 * @real_tty: tty side of the tty pased by the user if a pty else the tty
2991 * @p: pointer to returned session id
2992 *
2993 * Obtain the session id of the tty. If there is no session
2994 * return an error.
2995 *
2996 * Locking: none. Reference to ->signal->tty is safe.
2997 */
2998
1da177e4
LT		 2999static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3000{
3001 /*
3002 * (tty == real_tty) is a cheap way of
3003 * testing if the tty is NOT a master pty.
3004 */
3005 if (tty == real_tty && current->signal->tty != real_tty)
3006 return -ENOTTY;
3007 if (real_tty->session <= 0)
3008 return -ENOTTY;
3009 return put_user(real_tty->session, p);
3010}
3011
af9b897e
AC		 3012/**
3013 * tiocsetd - set line discipline
3014 * @tty: tty device
3015 * @p: pointer to user data
3016 *
3017 * Set the line discipline according to user request.
3018 *
3019 * Locking: see tty_set_ldisc, this function is just a helper
3020 */
3021
1da177e4
LT		 3022static int tiocsetd(struct tty_struct *tty, int __user *p)
3023{
3024 int ldisc;
3025
3026 if (get_user(ldisc, p))
3027 return -EFAULT;
3028 return tty_set_ldisc(tty, ldisc);
3029}
3030
af9b897e
AC		 3031/**
3032 * send_break - performed time break
3033 * @tty: device to break on
3034 * @duration: timeout in mS
3035 *
3036 * Perform a timed break on hardware that lacks its own driver level
3037 * timed break functionality.
3038 *
3039 * Locking:
3040 * None
3041 *
3042 * FIXME:
3043 * What if two overlap
3044 */
3045
b20f3ae5 3046static int send_break(struct tty_struct *tty, unsigned int duration)
1da177e4
LT		 3047{
3048 tty->driver->break_ctl(tty, -1);
3049 if (!signal_pending(current)) {
b20f3ae5 3050 msleep_interruptible(duration);
1da177e4
LT		 3051 }
3052 tty->driver->break_ctl(tty, 0);
3053 if (signal_pending(current))
3054 return -EINTR;
3055 return 0;
3056}
3057
af9b897e
AC		 3058/**
3059 * tiocmget - get modem status
3060 * @tty: tty device
3061 * @file: user file pointer
3062 * @p: pointer to result
3063 *
3064 * Obtain the modem status bits from the tty driver if the feature
3065 * is supported. Return -EINVAL if it is not available.
3066 *
3067 * Locking: none (up to the driver)
3068 */
3069
3070static int tty_tiocmget(struct tty_struct *tty, struct file *file, int __user *p)
1da177e4
LT		 3071{
3072 int retval = -EINVAL;
3073
3074 if (tty->driver->tiocmget) {
3075 retval = tty->driver->tiocmget(tty, file);
3076
3077 if (retval >= 0)
3078 retval = put_user(retval, p);
3079 }
3080 return retval;
3081}
3082
af9b897e
AC		 3083/**
3084 * tiocmset - set modem status
3085 * @tty: tty device
3086 * @file: user file pointer
3087 * @cmd: command - clear bits, set bits or set all
3088 * @p: pointer to desired bits
3089 *
3090 * Set the modem status bits from the tty driver if the feature
3091 * is supported. Return -EINVAL if it is not available.
3092 *
3093 * Locking: none (up to the driver)
3094 */
3095
3096static int tty_tiocmset(struct tty_struct *tty, struct file *file, unsigned int cmd,
1da177e4
LT		 3097 unsigned __user *p)
3098{
3099 int retval = -EINVAL;
3100
3101 if (tty->driver->tiocmset) {
3102 unsigned int set, clear, val;
3103
3104 retval = get_user(val, p);
3105 if (retval)
3106 return retval;
3107
3108 set = clear = 0;
3109 switch (cmd) {
3110 case TIOCMBIS:
3111 set = val;
3112 break;
3113 case TIOCMBIC:
3114 clear = val;
3115 break;
3116 case TIOCMSET:
3117 set = val;
3118 clear = ~val;
3119 break;
3120 }
3121
3122 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
3123 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
3124
3125 retval = tty->driver->tiocmset(tty, file, set, clear);
3126 }
3127 return retval;
3128}
3129
3130/*
3131 * Split this up, as gcc can choke on it otherwise..
3132 */
3133int tty_ioctl(struct inode * inode, struct file * file,
3134 unsigned int cmd, unsigned long arg)
3135{
3136 struct tty_struct *tty, *real_tty;
3137 void __user *p = (void __user *)arg;
3138 int retval;
3139 struct tty_ldisc *ld;
3140
3141 tty = (struct tty_struct *)file->private_data;
3142 if (tty_paranoia_check(tty, inode, "tty_ioctl"))
3143 return -EINVAL;
3144
3145 real_tty = tty;
3146 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
3147 tty->driver->subtype == PTY_TYPE_MASTER)
3148 real_tty = tty->link;
3149
3150 /*
3151 * Break handling by driver
3152 */
3153 if (!tty->driver->break_ctl) {
3154 switch(cmd) {
3155 case TIOCSBRK:
3156 case TIOCCBRK:
3157 if (tty->driver->ioctl)
3158 return tty->driver->ioctl(tty, file, cmd, arg);
3159 return -EINVAL;
3160
3161 /* These two ioctl's always return success; even if */
3162 /* the driver doesn't support them. */
3163 case TCSBRK:
3164 case TCSBRKP:
3165 if (!tty->driver->ioctl)
3166 return 0;
3167 retval = tty->driver->ioctl(tty, file, cmd, arg);
3168 if (retval == -ENOIOCTLCMD)
3169 retval = 0;
3170 return retval;
3171 }
3172 }
3173
3174 /*
3175 * Factor out some common prep work
3176 */
3177 switch (cmd) {
3178 case TIOCSETD:
3179 case TIOCSBRK:
3180 case TIOCCBRK:
3181 case TCSBRK:
3182 case TCSBRKP:
3183 retval = tty_check_change(tty);
3184 if (retval)
3185 return retval;
3186 if (cmd != TIOCCBRK) {
3187 tty_wait_until_sent(tty, 0);
3188 if (signal_pending(current))
3189 return -EINTR;
3190 }
3191 break;
3192 }
3193
3194 switch (cmd) {
3195 case TIOCSTI:
3196 return tiocsti(tty, p);
3197 case TIOCGWINSZ:
3198 return tiocgwinsz(tty, p);
3199 case TIOCSWINSZ:
3200 return tiocswinsz(tty, real_tty, p);
3201 case TIOCCONS:
3202 return real_tty!=tty ? -EINVAL : tioccons(file);
3203 case FIONBIO:
3204 return fionbio(file, p);
3205 case TIOCEXCL:
3206 set_bit(TTY_EXCLUSIVE, &tty->flags);
3207 return 0;
3208 case TIOCNXCL:
3209 clear_bit(TTY_EXCLUSIVE, &tty->flags);
3210 return 0;
3211 case TIOCNOTTY:
af9b897e 3212 /* FIXME: taks lock or tty_mutex ? */
1da177e4
LT		 3213 if (current->signal->tty != tty)
3214 return -ENOTTY;
3215 if (current->signal->leader)
3216 disassociate_ctty(0);
3217 task_lock(current);
3218 current->signal->tty = NULL;
3219 task_unlock(current);
3220 return 0;
3221 case TIOCSCTTY:
3222 return tiocsctty(tty, arg);
3223 case TIOCGPGRP:
3224 return tiocgpgrp(tty, real_tty, p);
3225 case TIOCSPGRP:
3226 return tiocspgrp(tty, real_tty, p);
3227 case TIOCGSID:
3228 return tiocgsid(tty, real_tty, p);
3229 case TIOCGETD:
3230 /* FIXME: check this is ok */
3231 return put_user(tty->ldisc.num, (int __user *)p);
3232 case TIOCSETD:
3233 return tiocsetd(tty, p);
3234#ifdef CONFIG_VT
3235 case TIOCLINUX:
3236 return tioclinux(tty, arg);
3237#endif
3238 /*
3239 * Break handling
3240 */
3241 case TIOCSBRK: /* Turn break on, unconditionally */
3242 tty->driver->break_ctl(tty, -1);
3243 return 0;
3244
3245 case TIOCCBRK: /* Turn break off, unconditionally */
3246 tty->driver->break_ctl(tty, 0);
3247 return 0;
3248 case TCSBRK: /* SVID version: non-zero arg --> no break */
283fef59
PF		 3249 /* non-zero arg means wait for all output data
3250 * to be sent (performed above) but don't send break.
3251 * This is used by the tcdrain() termios function.
1da177e4
LT		 3252 */
3253 if (!arg)
b20f3ae5 3254 return send_break(tty, 250);
1da177e4
LT		 3255 return 0;
3256 case TCSBRKP: /* support for POSIX tcsendbreak() */
b20f3ae5 3257 return send_break(tty, arg ? arg*100 : 250);
1da177e4
LT		 3258
3259 case TIOCMGET:
3260 return tty_tiocmget(tty, file, p);
3261
3262 case TIOCMSET:
3263 case TIOCMBIC:
3264 case TIOCMBIS:
3265 return tty_tiocmset(tty, file, cmd, p);
3266 }
3267 if (tty->driver->ioctl) {
3268 retval = (tty->driver->ioctl)(tty, file, cmd, arg);
3269 if (retval != -ENOIOCTLCMD)
3270 return retval;
3271 }
3272 ld = tty_ldisc_ref_wait(tty);
3273 retval = -EINVAL;
3274 if (ld->ioctl) {
3275 retval = ld->ioctl(tty, file, cmd, arg);
3276 if (retval == -ENOIOCTLCMD)
3277 retval = -EINVAL;
3278 }
3279 tty_ldisc_deref(ld);
3280 return retval;
3281}
3282
3283
3284/*
3285 * This implements the "Secure Attention Key" --- the idea is to
3286 * prevent trojan horses by killing all processes associated with this
3287 * tty when the user hits the "Secure Attention Key". Required for
3288 * super-paranoid applications --- see the Orange Book for more details.
3289 *
3290 * This code could be nicer; ideally it should send a HUP, wait a few
3291 * seconds, then send a INT, and then a KILL signal. But you then
3292 * have to coordinate with the init process, since all processes associated
3293 * with the current tty must be dead before the new getty is allowed
3294 * to spawn.
3295 *
3296 * Now, if it would be correct ;-/ The current code has a nasty hole -
3297 * it doesn't catch files in flight. We may send the descriptor to ourselves
3298 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
3299 *
3300 * Nasty bug: do_SAK is being called in interrupt context. This can
3301 * deadlock. We punt it up to process context. AKPM - 16Mar2001
3302 */
3303static void __do_SAK(void *arg)
3304{
3305#ifdef TTY_SOFT_SAK
3306 tty_hangup(tty);
3307#else
3308 struct tty_struct *tty = arg;
652486fb 3309 struct task_struct *g, *p;
1da177e4
LT		 3310 int session;
3311 int i;
3312 struct file *filp;
3313 struct tty_ldisc *disc;
badf1662 3314 struct fdtable *fdt;
1da177e4
LT		 3315
3316 if (!tty)
3317 return;
3318 session = tty->session;
3319
3320 /* We don't want an ldisc switch during this */
3321 disc = tty_ldisc_ref(tty);
3322 if (disc && disc->flush_buffer)
3323 disc->flush_buffer(tty);
3324 tty_ldisc_deref(disc);
3325
3326 if (tty->driver->flush_buffer)
3327 tty->driver->flush_buffer(tty);
3328
3329 read_lock(&tasklist_lock);
652486fb 3330 /* Kill the entire session */
1da177e4 3331 do_each_task_pid(session, PIDTYPE_SID, p) {
652486fb
EB		 3332 printk(KERN_NOTICE "SAK: killed process %d"
3333 " (%s): p->signal->session==tty->session\n",
3334 p->pid, p->comm);
3335 send_sig(SIGKILL, p, 1);
3336 } while_each_task_pid(session, PIDTYPE_SID, p);
3337 /* Now kill any processes that happen to have the
3338 * tty open.
3339 */
3340 do_each_thread(g, p) {
3341 if (p->signal->tty == tty) {
1da177e4
LT		 3342 printk(KERN_NOTICE "SAK: killed process %d"
3343 " (%s): p->signal->session==tty->session\n",
3344 p->pid, p->comm);
3345 send_sig(SIGKILL, p, 1);
3346 continue;
3347 }
3348 task_lock(p);
3349 if (p->files) {
ca99c1da
DS		 3350 /*
3351 * We don't take a ref to the file, so we must
3352 * hold ->file_lock instead.
3353 */
3354 spin_lock(&p->files->file_lock);
badf1662
DS		 3355 fdt = files_fdtable(p->files);
3356 for (i=0; i < fdt->max_fds; i++) {
1da177e4
LT		 3357 filp = fcheck_files(p->files, i);
3358 if (!filp)
3359 continue;
3360 if (filp->f_op->read == tty_read &&
3361 filp->private_data == tty) {
3362 printk(KERN_NOTICE "SAK: killed process %d"
3363 " (%s): fd#%d opened to the tty\n",
3364 p->pid, p->comm, i);
20ac9437 3365 force_sig(SIGKILL, p);
1da177e4
LT		 3366 break;
3367 }
3368 }
ca99c1da 3369 spin_unlock(&p->files->file_lock);
1da177e4
LT		 3370 }
3371 task_unlock(p);
652486fb 3372 } while_each_thread(g, p);
1da177e4
LT		 3373 read_unlock(&tasklist_lock);
3374#endif
3375}
3376
3377/*
3378 * The tq handling here is a little racy - tty->SAK_work may already be queued.
3379 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3380 * the values which we write to it will be identical to the values which it
3381 * already has. --akpm
3382 */
3383void do_SAK(struct tty_struct *tty)
3384{
3385 if (!tty)
3386 return;
3387 PREPARE_WORK(&tty->SAK_work, __do_SAK, tty);
3388 schedule_work(&tty->SAK_work);
3389}
3390
3391EXPORT_SYMBOL(do_SAK);
3392
af9b897e
AC		 3393/**
3394 * flush_to_ldisc
3395 * @private_: tty structure passed from work queue.
3396 *
3397 * This routine is called out of the software interrupt to flush data
3398 * from the buffer chain to the line discipline.
3399 *
3400 * Locking: holds tty->buf.lock to guard buffer list. Drops the lock
3401 * while invoking the line discipline receive_buf method. The
3402 * receive_buf method is single threaded for each tty instance.
1da177e4
LT		 3403 */
3404
3405static void flush_to_ldisc(void *private_)
3406{
3407 struct tty_struct *tty = (struct tty_struct *) private_;
1da177e4
LT		 3408 unsigned long flags;
3409 struct tty_ldisc *disc;
2c3bb20f 3410 struct tty_buffer *tbuf, *head;
8977d929
PF		 3411 char *char_buf;
3412 unsigned char *flag_buf;
1da177e4
LT		 3413
3414 disc = tty_ldisc_ref(tty);
3415 if (disc == NULL) /* !TTY_LDISC */
3416 return;
3417
808249ce 3418 spin_lock_irqsave(&tty->buf.lock, flags);
2c3bb20f
PF		 3419 head = tty->buf.head;
3420 if (head != NULL) {
3421 tty->buf.head = NULL;
3422 for (;;) {
3423 int count = head->commit - head->read;
3424 if (!count) {
3425 if (head->next == NULL)
3426 break;
3427 tbuf = head;
3428 head = head->next;
3429 tty_buffer_free(tty, tbuf);
3430 continue;
3431 }
3432 if (!tty->receive_room) {
3433 schedule_delayed_work(&tty->buf.work, 1);
3434 break;
3435 }
3436 if (count > tty->receive_room)
3437 count = tty->receive_room;
3438 char_buf = head->char_buf_ptr + head->read;
3439 flag_buf = head->flag_buf_ptr + head->read;
3440 head->read += count;
8977d929
PF		 3441 spin_unlock_irqrestore(&tty->buf.lock, flags);
3442 disc->receive_buf(tty, char_buf, flag_buf, count);
3443 spin_lock_irqsave(&tty->buf.lock, flags);
3444 }
2c3bb20f 3445 tty->buf.head = head;
33f0f88f 3446 }
808249ce 3447 spin_unlock_irqrestore(&tty->buf.lock, flags);
817d6d3b 3448
1da177e4
LT		 3449 tty_ldisc_deref(disc);
3450}
3451
3452/*
3453 * Routine which returns the baud rate of the tty
3454 *
3455 * Note that the baud_table needs to be kept in sync with the
3456 * include/asm/termbits.h file.
3457 */
3458static int baud_table[] = {
3459 0, 50, 75, 110, 134, 150, 200, 300, 600, 1200, 1800, 2400, 4800,
3460 9600, 19200, 38400, 57600, 115200, 230400, 460800,
3461#ifdef __sparc__
3462 76800, 153600, 307200, 614400, 921600
3463#else
3464 500000, 576000, 921600, 1000000, 1152000, 1500000, 2000000,
3465 2500000, 3000000, 3500000, 4000000
3466#endif
3467};
3468
3469static int n_baud_table = ARRAY_SIZE(baud_table);
3470
3471/**
3472 * tty_termios_baud_rate
3473 * @termios: termios structure
3474 *
3475 * Convert termios baud rate data into a speed. This should be called
3476 * with the termios lock held if this termios is a terminal termios
3477 * structure. May change the termios data.
af9b897e
AC		 3478 *
3479 * Locking: none
1da177e4
LT		 3480 */
3481
3482int tty_termios_baud_rate(struct termios *termios)
3483{
3484 unsigned int cbaud;
3485
3486 cbaud = termios->c_cflag & CBAUD;
3487
3488 if (cbaud & CBAUDEX) {
3489 cbaud &= ~CBAUDEX;
3490
3491 if (cbaud < 1 || cbaud + 15 > n_baud_table)
3492 termios->c_cflag &= ~CBAUDEX;
3493 else
3494 cbaud += 15;
3495 }
3496 return baud_table[cbaud];
3497}
3498
3499EXPORT_SYMBOL(tty_termios_baud_rate);
3500
3501/**
3502 * tty_get_baud_rate - get tty bit rates
3503 * @tty: tty to query
3504 *
3505 * Returns the baud rate as an integer for this terminal. The
3506 * termios lock must be held by the caller and the terminal bit
3507 * flags may be updated.
af9b897e
AC		 3508 *
3509 * Locking: none
1da177e4
LT		 3510 */
3511
3512int tty_get_baud_rate(struct tty_struct *tty)
3513{
3514 int baud = tty_termios_baud_rate(tty->termios);
3515
3516 if (baud == 38400 && tty->alt_speed) {
3517 if (!tty->warned) {
3518 printk(KERN_WARNING "Use of setserial/setrocket to "
3519 "set SPD_* flags is deprecated\n");
3520 tty->warned = 1;
3521 }
3522 baud = tty->alt_speed;
3523 }
3524
3525 return baud;
3526}
3527
3528EXPORT_SYMBOL(tty_get_baud_rate);
3529
3530/**
3531 * tty_flip_buffer_push - terminal
3532 * @tty: tty to push
3533 *
3534 * Queue a push of the terminal flip buffers to the line discipline. This
3535 * function must not be called from IRQ context if tty->low_latency is set.
3536 *
3537 * In the event of the queue being busy for flipping the work will be
3538 * held off and retried later.
af9b897e
AC		 3539 *
3540 * Locking: tty buffer lock. Driver locks in low latency mode.
1da177e4
LT		 3541 */
3542
3543void tty_flip_buffer_push(struct tty_struct *tty)
3544{
808249ce
PF		 3545 unsigned long flags;
3546 spin_lock_irqsave(&tty->buf.lock, flags);
33b37a33 3547 if (tty->buf.tail != NULL)
8977d929 3548 tty->buf.tail->commit = tty->buf.tail->used;
808249ce
PF		 3549 spin_unlock_irqrestore(&tty->buf.lock, flags);
3550
1da177e4
LT		 3551 if (tty->low_latency)
3552 flush_to_ldisc((void *) tty);
3553 else
33f0f88f 3554 schedule_delayed_work(&tty->buf.work, 1);
1da177e4
LT		 3555}
3556
3557EXPORT_SYMBOL(tty_flip_buffer_push);
3558
33f0f88f 3559
af9b897e
AC		 3560/**
3561 * initialize_tty_struct
3562 * @tty: tty to initialize
3563 *
3564 * This subroutine initializes a tty structure that has been newly
3565 * allocated.
3566 *
3567 * Locking: none - tty in question must not be exposed at this point
1da177e4 3568 */
af9b897e 3569
1da177e4
LT		 3570static void initialize_tty_struct(struct tty_struct *tty)
3571{
3572 memset(tty, 0, sizeof(struct tty_struct));
3573 tty->magic = TTY_MAGIC;
3574 tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
3575 tty->pgrp = -1;
3576 tty->overrun_time = jiffies;
33f0f88f
AC		 3577 tty->buf.head = tty->buf.tail = NULL;
3578 tty_buffer_init(tty);
3579 INIT_WORK(&tty->buf.work, flush_to_ldisc, tty);
3580 init_MUTEX(&tty->buf.pty_sem);
5785c95b 3581 mutex_init(&tty->termios_mutex);
1da177e4
LT		 3582 init_waitqueue_head(&tty->write_wait);
3583 init_waitqueue_head(&tty->read_wait);
3584 INIT_WORK(&tty->hangup_work, do_tty_hangup, tty);
70522e12
IM		 3585 mutex_init(&tty->atomic_read_lock);
3586 mutex_init(&tty->atomic_write_lock);
1da177e4
LT		 3587 spin_lock_init(&tty->read_lock);
3588 INIT_LIST_HEAD(&tty->tty_files);
3589 INIT_WORK(&tty->SAK_work, NULL, NULL);
3590}
3591
3592/*
3593 * The default put_char routine if the driver did not define one.
3594 */
af9b897e 3595
1da177e4
LT		 3596static void tty_default_put_char(struct tty_struct *tty, unsigned char ch)
3597{
3598 tty->driver->write(tty, &ch, 1);
3599}
3600
7fe845d1 3601static struct class *tty_class;
1da177e4
LT		 3602
3603/**
af9b897e
AC		 3604 * tty_register_device - register a tty device
3605 * @driver: the tty driver that describes the tty device
3606 * @index: the index in the tty driver for this tty device
3607 * @device: a struct device that is associated with this tty device.
3608 * This field is optional, if there is no known struct device
3609 * for this tty device it can be set to NULL safely.
1da177e4 3610 *
af9b897e 3611 * Returns a pointer to the class device (or ERR_PTR(-EFOO) on error).
1cdcb6b4 3612 *
af9b897e
AC		 3613 * This call is required to be made to register an individual tty device
3614 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3615 * that bit is not set, this function should not be called by a tty
3616 * driver.
3617 *
3618 * Locking: ??
1da177e4 3619 */
af9b897e 3620
1cdcb6b4
HL		 3621struct class_device *tty_register_device(struct tty_driver *driver,
3622 unsigned index, struct device *device)
1da177e4
LT		 3623{
3624 char name[64];
3625 dev_t dev = MKDEV(driver->major, driver->minor_start) + index;
3626
3627 if (index >= driver->num) {
3628 printk(KERN_ERR "Attempt to register invalid tty line number "
3629 " (%d).\n", index);
1cdcb6b4 3630 return ERR_PTR(-EINVAL);
1da177e4
LT		 3631 }
3632
1da177e4
LT		 3633 if (driver->type == TTY_DRIVER_TYPE_PTY)
3634 pty_line_name(driver, index, name);
3635 else
3636 tty_line_name(driver, index, name);
1cdcb6b4
HL		 3637
3638 return class_device_create(tty_class, NULL, dev, device, "%s", name);
1da177e4
LT		 3639}
3640
3641/**
af9b897e
AC		 3642 * tty_unregister_device - unregister a tty device
3643 * @driver: the tty driver that describes the tty device
3644 * @index: the index in the tty driver for this tty device
1da177e4 3645 *
af9b897e
AC		 3646 * If a tty device is registered with a call to tty_register_device() then
3647 * this function must be called when the tty device is gone.
3648 *
3649 * Locking: ??
1da177e4 3650 */
af9b897e 3651
1da177e4
LT		 3652void tty_unregister_device(struct tty_driver *driver, unsigned index)
3653{
7fe845d1 3654 class_device_destroy(tty_class, MKDEV(driver->major, driver->minor_start) + index);
1da177e4
LT		 3655}
3656
3657EXPORT_SYMBOL(tty_register_device);
3658EXPORT_SYMBOL(tty_unregister_device);
3659
3660struct tty_driver *alloc_tty_driver(int lines)
3661{
3662 struct tty_driver *driver;
3663
3664 driver = kmalloc(sizeof(struct tty_driver), GFP_KERNEL);
3665 if (driver) {
3666 memset(driver, 0, sizeof(struct tty_driver));
3667 driver->magic = TTY_DRIVER_MAGIC;
3668 driver->num = lines;
3669 /* later we'll move allocation of tables here */
3670 }
3671 return driver;
3672}
3673
3674void put_tty_driver(struct tty_driver *driver)
3675{
3676 kfree(driver);
3677}
3678
3679void tty_set_operations(struct tty_driver *driver, struct tty_operations *op)
3680{
3681 driver->open = op->open;
3682 driver->close = op->close;
3683 driver->write = op->write;
3684 driver->put_char = op->put_char;
3685 driver->flush_chars = op->flush_chars;
3686 driver->write_room = op->write_room;
3687 driver->chars_in_buffer = op->chars_in_buffer;
3688 driver->ioctl = op->ioctl;
3689 driver->set_termios = op->set_termios;
3690 driver->throttle = op->throttle;
3691 driver->unthrottle = op->unthrottle;
3692 driver->stop = op->stop;
3693 driver->start = op->start;
3694 driver->hangup = op->hangup;
3695 driver->break_ctl = op->break_ctl;
3696 driver->flush_buffer = op->flush_buffer;
3697 driver->set_ldisc = op->set_ldisc;
3698 driver->wait_until_sent = op->wait_until_sent;
3699 driver->send_xchar = op->send_xchar;
3700 driver->read_proc = op->read_proc;
3701 driver->write_proc = op->write_proc;
3702 driver->tiocmget = op->tiocmget;
3703 driver->tiocmset = op->tiocmset;
3704}
3705
3706
3707EXPORT_SYMBOL(alloc_tty_driver);
3708EXPORT_SYMBOL(put_tty_driver);
3709EXPORT_SYMBOL(tty_set_operations);
3710
3711/*
3712 * Called by a tty driver to register itself.
3713 */
3714int tty_register_driver(struct tty_driver *driver)
3715{
3716 int error;
3717 int i;
3718 dev_t dev;
3719 void **p = NULL;
3720
3721 if (driver->flags & TTY_DRIVER_INSTALLED)
3722 return 0;
3723
3724 if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
3725 p = kmalloc(driver->num * 3 * sizeof(void *), GFP_KERNEL);
3726 if (!p)
3727 return -ENOMEM;
3728 memset(p, 0, driver->num * 3 * sizeof(void *));
3729 }
3730
3731 if (!driver->major) {
3732 error = alloc_chrdev_region(&dev, driver->minor_start, driver->num,
3733 (char*)driver->name);
3734 if (!error) {
3735 driver->major = MAJOR(dev);
3736 driver->minor_start = MINOR(dev);
3737 }
3738 } else {
3739 dev = MKDEV(driver->major, driver->minor_start);
3740 error = register_chrdev_region(dev, driver->num,
3741 (char*)driver->name);
3742 }
3743 if (error < 0) {
3744 kfree(p);
3745 return error;
3746 }
3747
3748 if (p) {
3749 driver->ttys = (struct tty_struct **)p;
3750 driver->termios = (struct termios **)(p + driver->num);
3751 driver->termios_locked = (struct termios **)(p + driver->num * 2);
3752 } else {
3753 driver->ttys = NULL;
3754 driver->termios = NULL;
3755 driver->termios_locked = NULL;
3756 }
3757
3758 cdev_init(&driver->cdev, &tty_fops);
3759 driver->cdev.owner = driver->owner;
3760 error = cdev_add(&driver->cdev, dev, driver->num);
3761 if (error) {
1da177e4
LT		 3762 unregister_chrdev_region(dev, driver->num);
3763 driver->ttys = NULL;
3764 driver->termios = driver->termios_locked = NULL;
3765 kfree(p);
3766 return error;
3767 }
3768
3769 if (!driver->put_char)
3770 driver->put_char = tty_default_put_char;
3771
3772 list_add(&driver->tty_drivers, &tty_drivers);
3773
331b8319 3774 if ( !(driver->flags & TTY_DRIVER_DYNAMIC_DEV) ) {
1da177e4
LT		 3775 for(i = 0; i < driver->num; i++)
3776 tty_register_device(driver, i, NULL);
3777 }
3778 proc_tty_register_driver(driver);
3779 return 0;
3780}
3781
3782EXPORT_SYMBOL(tty_register_driver);
3783
3784/*
3785 * Called by a tty driver to unregister itself.
3786 */
3787int tty_unregister_driver(struct tty_driver *driver)
3788{
3789 int i;
3790 struct termios *tp;
3791 void *p;
3792
3793 if (driver->refcount)
3794 return -EBUSY;
3795
3796 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3797 driver->num);
3798
3799 list_del(&driver->tty_drivers);
3800
3801 /*
3802 * Free the termios and termios_locked structures because
3803 * we don't want to get memory leaks when modular tty
3804 * drivers are removed from the kernel.
3805 */
3806 for (i = 0; i < driver->num; i++) {
3807 tp = driver->termios[i];
3808 if (tp) {
3809 driver->termios[i] = NULL;
3810 kfree(tp);
3811 }
3812 tp = driver->termios_locked[i];
3813 if (tp) {
3814 driver->termios_locked[i] = NULL;
3815 kfree(tp);
3816 }
331b8319 3817 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
1da177e4
LT		 3818 tty_unregister_device(driver, i);
3819 }
3820 p = driver->ttys;
3821 proc_tty_unregister_driver(driver);
3822 driver->ttys = NULL;
3823 driver->termios = driver->termios_locked = NULL;
3824 kfree(p);
3825 cdev_del(&driver->cdev);
3826 return 0;
3827}
3828
3829EXPORT_SYMBOL(tty_unregister_driver);
3830
3831
3832/*
3833 * Initialize the console device. This is called *early*, so
3834 * we can't necessarily depend on lots of kernel help here.
3835 * Just do some early initializations, and do the complex setup
3836 * later.
3837 */
3838void __init console_init(void)
3839{
3840 initcall_t *call;
3841
3842 /* Setup the default TTY line discipline. */
3843 (void) tty_register_ldisc(N_TTY, &tty_ldisc_N_TTY);
3844
3845 /*
3846 * set up the console device so that later boot sequences can
3847 * inform about problems etc..
3848 */
3849#ifdef CONFIG_EARLY_PRINTK
3850 disable_early_printk();
1da177e4
LT		 3851#endif
3852 call = __con_initcall_start;
3853 while (call < __con_initcall_end) {
3854 (*call)();
3855 call++;
3856 }
3857}
3858
3859#ifdef CONFIG_VT
3860extern int vty_init(void);
3861#endif
3862
3863static int __init tty_class_init(void)
3864{
7fe845d1 3865 tty_class = class_create(THIS_MODULE, "tty");
1da177e4
LT		 3866 if (IS_ERR(tty_class))
3867 return PTR_ERR(tty_class);
3868 return 0;
3869}
3870
3871postcore_initcall(tty_class_init);
3872
3873/* 3/2004 jmc: why do these devices exist? */
3874
3875static struct cdev tty_cdev, console_cdev;
3876#ifdef CONFIG_UNIX98_PTYS
3877static struct cdev ptmx_cdev;
3878#endif
3879#ifdef CONFIG_VT
3880static struct cdev vc0_cdev;
3881#endif
3882
3883/*
3884 * Ok, now we can initialize the rest of the tty devices and can count
3885 * on memory allocations, interrupts etc..
3886 */
3887static int __init tty_init(void)
3888{
3889 cdev_init(&tty_cdev, &tty_fops);
3890 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3891 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3892 panic("Couldn't register /dev/tty driver\n");
53f46542 3893 class_device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty");
1da177e4
LT		 3894
3895 cdev_init(&console_cdev, &console_fops);
3896 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3897 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3898 panic("Couldn't register /dev/console driver\n");
53f46542 3899 class_device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), NULL, "console");
1da177e4
LT		 3900
3901#ifdef CONFIG_UNIX98_PTYS
3902 cdev_init(&ptmx_cdev, &ptmx_fops);
3903 if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) ||
3904 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 2), 1, "/dev/ptmx") < 0)
3905 panic("Couldn't register /dev/ptmx driver\n");
53f46542 3906 class_device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 2), NULL, "ptmx");
1da177e4
LT		 3907#endif
3908
3909#ifdef CONFIG_VT
3910 cdev_init(&vc0_cdev, &console_fops);
3911 if (cdev_add(&vc0_cdev, MKDEV(TTY_MAJOR, 0), 1) ||
3912 register_chrdev_region(MKDEV(TTY_MAJOR, 0), 1, "/dev/vc/0") < 0)
3913 panic("Couldn't register /dev/tty0 driver\n");
53f46542 3914 class_device_create(tty_class, NULL, MKDEV(TTY_MAJOR, 0), NULL, "tty0");
1da177e4
LT		 3915
3916 vty_init();
3917#endif
3918 return 0;
3919}
3920module_init(tty_init);
Linux 6.x block layer and io_uring tree(s)