projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Remove blkdev warning triggered by using md
[linux-2.6-block.git] / drivers / char / tty_io.c
CommitLineData
1da177e4
LT		 1/*
2 * linux/drivers/char/tty_io.c
3 *
4 * Copyright (C) 1991, 1992 Linus Torvalds
5 */
6
7/*
8 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
9 * or rs-channels. It also implements echoing, cooked mode etc.
10 *
11 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
12 *
13 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
14 * tty_struct and tty_queue structures. Previously there was an array
15 * of 256 tty_struct's which was statically allocated, and the
16 * tty_queue structures were allocated at boot time. Both are now
17 * dynamically allocated only when the tty is open.
18 *
19 * Also restructured routines so that there is more of a separation
20 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
21 * the low-level tty routines (serial.c, pty.c, console.c). This
37bdfb07 22 * makes for cleaner and more compact code. -TYT, 9/17/92
1da177e4
LT		 23 *
24 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
25 * which can be dynamically activated and de-activated by the line
26 * discipline handling modules (like SLIP).
27 *
28 * NOTE: pay no attention to the line discipline code (yet); its
29 * interface is still subject to change in this version...
30 * -- TYT, 1/31/92
31 *
32 * Added functionality to the OPOST tty handling. No delays, but all
33 * other bits should be there.
34 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
35 *
36 * Rewrote canonical mode and added more termios flags.
37 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
38 *
39 * Reorganized FASYNC support so mouse code can share it.
40 * -- ctm@ardi.com, 9Sep95
41 *
42 * New TIOCLINUX variants added.
43 * -- mj@k332.feld.cvut.cz, 19-Nov-95
37bdfb07 44 *
1da177e4
LT		 45 * Restrict vt switching via ioctl()
46 * -- grif@cs.ucr.edu, 5-Dec-95
47 *
48 * Move console and virtual terminal code to more appropriate files,
49 * implement CONFIG_VT and generalize console device interface.
50 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
51 *
52 * Rewrote init_dev and release_dev to eliminate races.
53 * -- Bill Hawes <whawes@star.net>, June 97
54 *
55 * Added devfs support.
56 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
57 *
58 * Added support for a Unix98-style ptmx device.
59 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
60 *
61 * Reduced memory usage for older ARM systems
62 * -- Russell King <rmk@arm.linux.org.uk>
63 *
64 * Move do_SAK() into process context. Less stack use in devfs functions.
37bdfb07
AC		 65 * alloc_tty_struct() always uses kmalloc()
66 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
1da177e4
LT		 67 */
68
1da177e4
LT		 69#include <linux/types.h>
70#include <linux/major.h>
71#include <linux/errno.h>
72#include <linux/signal.h>
73#include <linux/fcntl.h>
74#include <linux/sched.h>
75#include <linux/interrupt.h>
76#include <linux/tty.h>
77#include <linux/tty_driver.h>
78#include <linux/tty_flip.h>
79#include <linux/devpts_fs.h>
80#include <linux/file.h>
9f3acc31 81#include <linux/fdtable.h>
1da177e4
LT		 82#include <linux/console.h>
83#include <linux/timer.h>
84#include <linux/ctype.h>
85#include <linux/kd.h>
86#include <linux/mm.h>
87#include <linux/string.h>
88#include <linux/slab.h>
89#include <linux/poll.h>
90#include <linux/proc_fs.h>
91#include <linux/init.h>
92#include <linux/module.h>
93#include <linux/smp_lock.h>
94#include <linux/device.h>
1da177e4
LT		 95#include <linux/wait.h>
96#include <linux/bitops.h>
b20f3ae5 97#include <linux/delay.h>
1da177e4
LT		 98
99#include <asm/uaccess.h>
100#include <asm/system.h>
101
102#include <linux/kbd_kern.h>
103#include <linux/vt_kern.h>
104#include <linux/selection.h>
1da177e4
LT		 105
106#include <linux/kmod.h>
b488893a 107#include <linux/nsproxy.h>
1da177e4
LT		 108
109#undef TTY_DEBUG_HANGUP
110
111#define TTY_PARANOIA_CHECK 1
112#define CHECK_TTY_COUNT 1
113
edc6afc5 114struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
1da177e4
LT		 115 .c_iflag = ICRNL | IXON,
116 .c_oflag = OPOST | ONLCR,
117 .c_cflag = B38400 | CS8 | CREAD | HUPCL,
118 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
119 ECHOCTL | ECHOKE | IEXTEN,
edc6afc5
AC		 120 .c_cc = INIT_C_CC,
121 .c_ispeed = 38400,
122 .c_ospeed = 38400
1da177e4
LT		 123};
124
125EXPORT_SYMBOL(tty_std_termios);
126
127/* This list gets poked at by procfs and various bits of boot up code. This
128 could do with some rationalisation such as pulling the tty proc function
129 into this file */
37bdfb07 130
1da177e4
LT		 131LIST_HEAD(tty_drivers); /* linked list of tty drivers */
132
24ec839c 133/* Mutex to protect creating and releasing a tty. This is shared with
1da177e4 134 vt.c for deeply disgusting hack reasons */
70522e12 135DEFINE_MUTEX(tty_mutex);
de2a84f2 136EXPORT_SYMBOL(tty_mutex);
1da177e4
LT		 137
138#ifdef CONFIG_UNIX98_PTYS
139extern struct tty_driver *ptm_driver; /* Unix98 pty masters; for /dev/ptmx */
1da177e4
LT		 140static int ptmx_open(struct inode *, struct file *);
141#endif
142
1da177e4
LT		 143static void initialize_tty_struct(struct tty_struct *tty);
144
145static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
146static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
37bdfb07
AC		 147ssize_t redirected_tty_write(struct file *, const char __user *,
148 size_t, loff_t *);
1da177e4
LT		 149static unsigned int tty_poll(struct file *, poll_table *);
150static int tty_open(struct inode *, struct file *);
151static int tty_release(struct inode *, struct file *);
04f378b1 152long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
e10cc1df 153#ifdef CONFIG_COMPAT
37bdfb07 154static long tty_compat_ioctl(struct file *file, unsigned int cmd,
e10cc1df
PF		 155 unsigned long arg);
156#else
157#define tty_compat_ioctl NULL
158#endif
37bdfb07 159static int tty_fasync(int fd, struct file *filp, int on);
d5698c28 160static void release_tty(struct tty_struct *tty, int idx);
2a65f1d9 161static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
98a27ba4 162static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
1da177e4 163
af9b897e
AC		 164/**
165 * alloc_tty_struct - allocate a tty object
166 *
167 * Return a new empty tty structure. The data fields have not
168 * been initialized in any way but has been zeroed
169 *
170 * Locking: none
af9b897e 171 */
1da177e4
LT		 172
173static struct tty_struct *alloc_tty_struct(void)
174{
1266b1e1 175 return kzalloc(sizeof(struct tty_struct), GFP_KERNEL);
1da177e4
LT		 176}
177
33f0f88f
AC		 178static void tty_buffer_free_all(struct tty_struct *);
179
af9b897e
AC		 180/**
181 * free_tty_struct - free a disused tty
182 * @tty: tty struct to free
183 *
184 * Free the write buffers, tty queue and tty memory itself.
185 *
186 * Locking: none. Must be called after tty is definitely unused
187 */
188
1da177e4
LT		 189static inline void free_tty_struct(struct tty_struct *tty)
190{
191 kfree(tty->write_buf);
33f0f88f 192 tty_buffer_free_all(tty);
1da177e4
LT		 193 kfree(tty);
194}
195
196#define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
197
af9b897e
AC		 198/**
199 * tty_name - return tty naming
200 * @tty: tty structure
201 * @buf: buffer for output
202 *
203 * Convert a tty structure into a name. The name reflects the kernel
204 * naming policy and if udev is in use may not reflect user space
205 *
206 * Locking: none
207 */
208
1da177e4
LT		 209char *tty_name(struct tty_struct *tty, char *buf)
210{
211 if (!tty) /* Hmm. NULL pointer. That's fun. */
212 strcpy(buf, "NULL tty");
213 else
214 strcpy(buf, tty->name);
215 return buf;
216}
217
218EXPORT_SYMBOL(tty_name);
219
d769a669 220int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
1da177e4
LT		 221 const char *routine)
222{
223#ifdef TTY_PARANOIA_CHECK
224 if (!tty) {
225 printk(KERN_WARNING
226 "null TTY for (%d:%d) in %s\n",
227 imajor(inode), iminor(inode), routine);
228 return 1;
229 }
230 if (tty->magic != TTY_MAGIC) {
231 printk(KERN_WARNING
232 "bad magic number for tty struct (%d:%d) in %s\n",
233 imajor(inode), iminor(inode), routine);
234 return 1;
235 }
236#endif
237 return 0;
238}
239
240static int check_tty_count(struct tty_struct *tty, const char *routine)
241{
242#ifdef CHECK_TTY_COUNT
243 struct list_head *p;
244 int count = 0;
37bdfb07 245
1da177e4
LT		 246 file_list_lock();
247 list_for_each(p, &tty->tty_files) {
248 count++;
249 }
250 file_list_unlock();
251 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
252 tty->driver->subtype == PTY_TYPE_SLAVE &&
253 tty->link && tty->link->count)
254 count++;
255 if (tty->count != count) {
256 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
257 "!= #fd's(%d) in %s\n",
258 tty->name, tty->count, count, routine);
259 return count;
24ec839c 260 }
1da177e4
LT		 261#endif
262 return 0;
263}
264
33f0f88f
AC		 265/*
266 * Tty buffer allocation management
267 */
268
af9b897e
AC		 269/**
270 * tty_buffer_free_all - free buffers used by a tty
271 * @tty: tty to free from
272 *
273 * Remove all the buffers pending on a tty whether queued with data
274 * or in the free ring. Must be called when the tty is no longer in use
275 *
276 * Locking: none
277 */
278
33f0f88f
AC		 279static void tty_buffer_free_all(struct tty_struct *tty)
280{
281 struct tty_buffer *thead;
37bdfb07 282 while ((thead = tty->buf.head) != NULL) {
33f0f88f
AC		 283 tty->buf.head = thead->next;
284 kfree(thead);
285 }
37bdfb07 286 while ((thead = tty->buf.free) != NULL) {
33f0f88f
AC		 287 tty->buf.free = thead->next;
288 kfree(thead);
289 }
290 tty->buf.tail = NULL;
01da5fd8 291 tty->buf.memory_used = 0;
33f0f88f
AC		 292}
293
01da5fd8
AC		 294/**
295 * tty_buffer_init - prepare a tty buffer structure
296 * @tty: tty to initialise
297 *
298 * Set up the initial state of the buffer management for a tty device.
299 * Must be called before the other tty buffer functions are used.
300 *
301 * Locking: none
302 */
303
33f0f88f
AC		 304static void tty_buffer_init(struct tty_struct *tty)
305{
808249ce 306 spin_lock_init(&tty->buf.lock);
33f0f88f
AC		 307 tty->buf.head = NULL;
308 tty->buf.tail = NULL;
309 tty->buf.free = NULL;
01da5fd8 310 tty->buf.memory_used = 0;
33f0f88f
AC		 311}
312
01da5fd8
AC		 313/**
314 * tty_buffer_alloc - allocate a tty buffer
315 * @tty: tty device
316 * @size: desired size (characters)
317 *
318 * Allocate a new tty buffer to hold the desired number of characters.
319 * Return NULL if out of memory or the allocation would exceed the
320 * per device queue
321 *
322 * Locking: Caller must hold tty->buf.lock
323 */
324
325static struct tty_buffer *tty_buffer_alloc(struct tty_struct *tty, size_t size)
33f0f88f 326{
01da5fd8
AC		 327 struct tty_buffer *p;
328
329 if (tty->buf.memory_used + size > 65536)
330 return NULL;
331 p = kmalloc(sizeof(struct tty_buffer) + 2 * size, GFP_ATOMIC);
37bdfb07 332 if (p == NULL)
33f0f88f
AC		 333 return NULL;
334 p->used = 0;
335 p->size = size;
336 p->next = NULL;
8977d929
PF		 337 p->commit = 0;
338 p->read = 0;
33f0f88f
AC		 339 p->char_buf_ptr = (char *)(p->data);
340 p->flag_buf_ptr = (unsigned char *)p->char_buf_ptr + size;
01da5fd8 341 tty->buf.memory_used += size;
33f0f88f
AC		 342 return p;
343}
344
01da5fd8
AC		 345/**
346 * tty_buffer_free - free a tty buffer
347 * @tty: tty owning the buffer
348 * @b: the buffer to free
349 *
350 * Free a tty buffer, or add it to the free list according to our
351 * internal strategy
352 *
353 * Locking: Caller must hold tty->buf.lock
354 */
33f0f88f
AC		 355
356static void tty_buffer_free(struct tty_struct *tty, struct tty_buffer *b)
357{
358 /* Dumb strategy for now - should keep some stats */
01da5fd8
AC		 359 tty->buf.memory_used -= b->size;
360 WARN_ON(tty->buf.memory_used < 0);
361
37bdfb07 362 if (b->size >= 512)
33f0f88f
AC		 363 kfree(b);
364 else {
365 b->next = tty->buf.free;
366 tty->buf.free = b;
367 }
368}
369
c5c34d48 370/**
42fd552e 371 * __tty_buffer_flush - flush full tty buffers
c5c34d48
PF		 372 * @tty: tty to flush
373 *
42fd552e
AC		 374 * flush all the buffers containing receive data. Caller must
375 * hold the buffer lock and must have ensured no parallel flush to
376 * ldisc is running.
c5c34d48 377 *
42fd552e 378 * Locking: Caller must hold tty->buf.lock
c5c34d48
PF		 379 */
380
42fd552e 381static void __tty_buffer_flush(struct tty_struct *tty)
c5c34d48
PF		 382{
383 struct tty_buffer *thead;
c5c34d48 384
37bdfb07 385 while ((thead = tty->buf.head) != NULL) {
c5c34d48
PF		 386 tty->buf.head = thead->next;
387 tty_buffer_free(tty, thead);
388 }
389 tty->buf.tail = NULL;
42fd552e
AC		 390}
391
392/**
393 * tty_buffer_flush - flush full tty buffers
394 * @tty: tty to flush
395 *
396 * flush all the buffers containing receive data. If the buffer is
397 * being processed by flush_to_ldisc then we defer the processing
398 * to that function
399 *
400 * Locking: none
401 */
402
403static void tty_buffer_flush(struct tty_struct *tty)
404{
405 unsigned long flags;
406 spin_lock_irqsave(&tty->buf.lock, flags);
407
408 /* If the data is being pushed to the tty layer then we can't
409 process it here. Instead set a flag and the flush_to_ldisc
410 path will process the flush request before it exits */
411 if (test_bit(TTY_FLUSHING, &tty->flags)) {
412 set_bit(TTY_FLUSHPENDING, &tty->flags);
413 spin_unlock_irqrestore(&tty->buf.lock, flags);
414 wait_event(tty->read_wait,
415 test_bit(TTY_FLUSHPENDING, &tty->flags) == 0);
416 return;
417 } else
418 __tty_buffer_flush(tty);
c5c34d48
PF		 419 spin_unlock_irqrestore(&tty->buf.lock, flags);
420}
421
01da5fd8
AC		 422/**
423 * tty_buffer_find - find a free tty buffer
424 * @tty: tty owning the buffer
425 * @size: characters wanted
426 *
427 * Locate an existing suitable tty buffer or if we are lacking one then
428 * allocate a new one. We round our buffers off in 256 character chunks
429 * to get better allocation behaviour.
430 *
431 * Locking: Caller must hold tty->buf.lock
432 */
433
33f0f88f
AC		 434static struct tty_buffer *tty_buffer_find(struct tty_struct *tty, size_t size)
435{
436 struct tty_buffer **tbh = &tty->buf.free;
37bdfb07 437 while ((*tbh) != NULL) {
33f0f88f 438 struct tty_buffer *t = *tbh;
37bdfb07 439 if (t->size >= size) {
33f0f88f
AC		 440 *tbh = t->next;
441 t->next = NULL;
442 t->used = 0;
8977d929
PF		 443 t->commit = 0;
444 t->read = 0;
01da5fd8 445 tty->buf.memory_used += t->size;
33f0f88f
AC		 446 return t;
447 }
448 tbh = &((*tbh)->next);
449 }
450 /* Round the buffer size out */
37bdfb07 451 size = (size + 0xFF) & ~0xFF;
01da5fd8 452 return tty_buffer_alloc(tty, size);
33f0f88f
AC		 453 /* Should possibly check if this fails for the largest buffer we
454 have queued and recycle that ? */
455}
456
01da5fd8
AC		 457/**
458 * tty_buffer_request_room - grow tty buffer if needed
459 * @tty: tty structure
460 * @size: size desired
461 *
462 * Make at least size bytes of linear space available for the tty
463 * buffer. If we fail return the size we managed to find.
464 *
465 * Locking: Takes tty->buf.lock
466 */
33f0f88f
AC		 467int tty_buffer_request_room(struct tty_struct *tty, size_t size)
468{
808249ce
PF		 469 struct tty_buffer *b, *n;
470 int left;
471 unsigned long flags;
472
473 spin_lock_irqsave(&tty->buf.lock, flags);
33f0f88f
AC		 474
475 /* OPTIMISATION: We could keep a per tty "zero" sized buffer to
476 remove this conditional if its worth it. This would be invisible
477 to the callers */
33b37a33 478 if ((b = tty->buf.tail) != NULL)
33f0f88f 479 left = b->size - b->used;
33b37a33 480 else
808249ce
PF		 481 left = 0;
482
483 if (left < size) {
484 /* This is the slow path - looking for new buffers to use */
485 if ((n = tty_buffer_find(tty, size)) != NULL) {
486 if (b != NULL) {
487 b->next = n;
8977d929 488 b->commit = b->used;
808249ce
PF		 489 } else
490 tty->buf.head = n;
491 tty->buf.tail = n;
808249ce
PF		 492 } else
493 size = left;
494 }
495
496 spin_unlock_irqrestore(&tty->buf.lock, flags);
33f0f88f
AC		 497 return size;
498}
33f0f88f
AC		 499EXPORT_SYMBOL_GPL(tty_buffer_request_room);
500
af9b897e
AC		 501/**
502 * tty_insert_flip_string - Add characters to the tty buffer
503 * @tty: tty structure
504 * @chars: characters
505 * @size: size
506 *
507 * Queue a series of bytes to the tty buffering. All the characters
508 * passed are marked as without error. Returns the number added.
509 *
510 * Locking: Called functions may take tty->buf.lock
511 */
512
e1a25090
AM		 513int tty_insert_flip_string(struct tty_struct *tty, const unsigned char *chars,
514 size_t size)
33f0f88f
AC		 515{
516 int copied = 0;
517 do {
518 int space = tty_buffer_request_room(tty, size - copied);
519 struct tty_buffer *tb = tty->buf.tail;
520 /* If there is no space then tb may be NULL */
37bdfb07 521 if (unlikely(space == 0))
33f0f88f
AC		 522 break;
523 memcpy(tb->char_buf_ptr + tb->used, chars, space);
524 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
525 tb->used += space;
526 copied += space;
527 chars += space;
527063ba
AD		 528 /* There is a small chance that we need to split the data over
529 several buffers. If this is the case we must loop */
530 } while (unlikely(size > copied));
33f0f88f
AC		 531 return copied;
532}
ee37df78 533EXPORT_SYMBOL(tty_insert_flip_string);
33f0f88f 534
af9b897e
AC		 535/**
536 * tty_insert_flip_string_flags - Add characters to the tty buffer
537 * @tty: tty structure
538 * @chars: characters
539 * @flags: flag bytes
540 * @size: size
541 *
542 * Queue a series of bytes to the tty buffering. For each character
543 * the flags array indicates the status of the character. Returns the
544 * number added.
545 *
546 * Locking: Called functions may take tty->buf.lock
547 */
548
e1a25090
AM		 549int tty_insert_flip_string_flags(struct tty_struct *tty,
550 const unsigned char *chars, const char *flags, size_t size)
33f0f88f
AC		 551{
552 int copied = 0;
553 do {
554 int space = tty_buffer_request_room(tty, size - copied);
555 struct tty_buffer *tb = tty->buf.tail;
556 /* If there is no space then tb may be NULL */
37bdfb07 557 if (unlikely(space == 0))
33f0f88f
AC		 558 break;
559 memcpy(tb->char_buf_ptr + tb->used, chars, space);
560 memcpy(tb->flag_buf_ptr + tb->used, flags, space);
561 tb->used += space;
562 copied += space;
563 chars += space;
564 flags += space;
527063ba
AD		 565 /* There is a small chance that we need to split the data over
566 several buffers. If this is the case we must loop */
567 } while (unlikely(size > copied));
33f0f88f
AC		 568 return copied;
569}
ff4547f4 570EXPORT_SYMBOL(tty_insert_flip_string_flags);
33f0f88f 571
af9b897e
AC		 572/**
573 * tty_schedule_flip - push characters to ldisc
574 * @tty: tty to push from
575 *
576 * Takes any pending buffers and transfers their ownership to the
577 * ldisc side of the queue. It then schedules those characters for
578 * processing by the line discipline.
579 *
580 * Locking: Takes tty->buf.lock
581 */
582
e1a25090
AM		 583void tty_schedule_flip(struct tty_struct *tty)
584{
585 unsigned long flags;
586 spin_lock_irqsave(&tty->buf.lock, flags);
33b37a33 587 if (tty->buf.tail != NULL)
e1a25090 588 tty->buf.tail->commit = tty->buf.tail->used;
e1a25090
AM		 589 spin_unlock_irqrestore(&tty->buf.lock, flags);
590 schedule_delayed_work(&tty->buf.work, 1);
591}
592EXPORT_SYMBOL(tty_schedule_flip);
33f0f88f 593
af9b897e
AC		 594/**
595 * tty_prepare_flip_string - make room for characters
596 * @tty: tty
597 * @chars: return pointer for character write area
598 * @size: desired size
599 *
33f0f88f
AC		 600 * Prepare a block of space in the buffer for data. Returns the length
601 * available and buffer pointer to the space which is now allocated and
602 * accounted for as ready for normal characters. This is used for drivers
603 * that need their own block copy routines into the buffer. There is no
604 * guarantee the buffer is a DMA target!
af9b897e
AC		 605 *
606 * Locking: May call functions taking tty->buf.lock
33f0f88f
AC		 607 */
608
37bdfb07
AC		 609int tty_prepare_flip_string(struct tty_struct *tty, unsigned char **chars,
610 size_t size)
33f0f88f
AC		 611{
612 int space = tty_buffer_request_room(tty, size);
808249ce
PF		 613 if (likely(space)) {
614 struct tty_buffer *tb = tty->buf.tail;
615 *chars = tb->char_buf_ptr + tb->used;
616 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
617 tb->used += space;
618 }
33f0f88f
AC		 619 return space;
620}
621
622EXPORT_SYMBOL_GPL(tty_prepare_flip_string);
623
af9b897e
AC		 624/**
625 * tty_prepare_flip_string_flags - make room for characters
626 * @tty: tty
627 * @chars: return pointer for character write area
628 * @flags: return pointer for status flag write area
629 * @size: desired size
630 *
33f0f88f
AC		 631 * Prepare a block of space in the buffer for data. Returns the length
632 * available and buffer pointer to the space which is now allocated and
633 * accounted for as ready for characters. This is used for drivers
634 * that need their own block copy routines into the buffer. There is no
635 * guarantee the buffer is a DMA target!
af9b897e
AC		 636 *
637 * Locking: May call functions taking tty->buf.lock
33f0f88f
AC		 638 */
639
37bdfb07
AC		 640int tty_prepare_flip_string_flags(struct tty_struct *tty,
641 unsigned char **chars, char **flags, size_t size)
33f0f88f
AC		 642{
643 int space = tty_buffer_request_room(tty, size);
808249ce
PF		 644 if (likely(space)) {
645 struct tty_buffer *tb = tty->buf.tail;
646 *chars = tb->char_buf_ptr + tb->used;
647 *flags = tb->flag_buf_ptr + tb->used;
648 tb->used += space;
649 }
33f0f88f
AC		 650 return space;
651}
652
653EXPORT_SYMBOL_GPL(tty_prepare_flip_string_flags);
654
655
656
af9b897e
AC		 657/**
658 * tty_set_termios_ldisc - set ldisc field
659 * @tty: tty structure
660 * @num: line discipline number
661 *
1da177e4 662 * This is probably overkill for real world processors but
37bdfb07 663 * they are not on hot paths so a little discipline won't do
1da177e4 664 * any harm.
af9b897e 665 *
24ec839c 666 * Locking: takes termios_mutex
1da177e4 667 */
37bdfb07 668
1da177e4
LT		 669static void tty_set_termios_ldisc(struct tty_struct *tty, int num)
670{
5785c95b 671 mutex_lock(&tty->termios_mutex);
1da177e4 672 tty->termios->c_line = num;
5785c95b 673 mutex_unlock(&tty->termios_mutex);
1da177e4
LT		 674}
675
676/*
677 * This guards the refcounted line discipline lists. The lock
678 * must be taken with irqs off because there are hangup path
679 * callers who will do ldisc lookups and cannot sleep.
680 */
37bdfb07 681
1da177e4
LT		 682static DEFINE_SPINLOCK(tty_ldisc_lock);
683static DECLARE_WAIT_QUEUE_HEAD(tty_ldisc_wait);
37bdfb07
AC		 684/* Line disc dispatch table */
685static struct tty_ldisc tty_ldiscs[NR_LDISCS];
1da177e4 686
af9b897e
AC		 687/**
688 * tty_register_ldisc - install a line discipline
689 * @disc: ldisc number
690 * @new_ldisc: pointer to the ldisc object
691 *
692 * Installs a new line discipline into the kernel. The discipline
693 * is set up as unreferenced and then made available to the kernel
694 * from this point onwards.
695 *
696 * Locking:
697 * takes tty_ldisc_lock to guard against ldisc races
698 */
699
1da177e4
LT		 700int tty_register_ldisc(int disc, struct tty_ldisc *new_ldisc)
701{
702 unsigned long flags;
703 int ret = 0;
37bdfb07 704
1da177e4
LT		 705 if (disc < N_TTY || disc >= NR_LDISCS)
706 return -EINVAL;
37bdfb07 707
1da177e4 708 spin_lock_irqsave(&tty_ldisc_lock, flags);
bfb07599
AD		 709 tty_ldiscs[disc] = *new_ldisc;
710 tty_ldiscs[disc].num = disc;
711 tty_ldiscs[disc].flags |= LDISC_FLAG_DEFINED;
712 tty_ldiscs[disc].refcount = 0;
1da177e4 713 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
37bdfb07 714
1da177e4
LT		 715 return ret;
716}
1da177e4
LT		 717EXPORT_SYMBOL(tty_register_ldisc);
718
af9b897e
AC		 719/**
720 * tty_unregister_ldisc - unload a line discipline
721 * @disc: ldisc number
722 * @new_ldisc: pointer to the ldisc object
723 *
724 * Remove a line discipline from the kernel providing it is not
725 * currently in use.
726 *
727 * Locking:
728 * takes tty_ldisc_lock to guard against ldisc races
729 */
730
bfb07599
AD		 731int tty_unregister_ldisc(int disc)
732{
733 unsigned long flags;
734 int ret = 0;
735
736 if (disc < N_TTY || disc >= NR_LDISCS)
737 return -EINVAL;
738
739 spin_lock_irqsave(&tty_ldisc_lock, flags);
740 if (tty_ldiscs[disc].refcount)
741 ret = -EBUSY;
742 else
743 tty_ldiscs[disc].flags &= ~LDISC_FLAG_DEFINED;
744 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
745
746 return ret;
747}
748EXPORT_SYMBOL(tty_unregister_ldisc);
749
af9b897e
AC		 750/**
751 * tty_ldisc_get - take a reference to an ldisc
752 * @disc: ldisc number
753 *
754 * Takes a reference to a line discipline. Deals with refcounts and
755 * module locking counts. Returns NULL if the discipline is not available.
756 * Returns a pointer to the discipline and bumps the ref count if it is
757 * available
758 *
759 * Locking:
760 * takes tty_ldisc_lock to guard against ldisc races
761 */
762
1da177e4
LT		 763struct tty_ldisc *tty_ldisc_get(int disc)
764{
765 unsigned long flags;
766 struct tty_ldisc *ld;
767
768 if (disc < N_TTY || disc >= NR_LDISCS)
769 return NULL;
37bdfb07 770
1da177e4
LT		 771 spin_lock_irqsave(&tty_ldisc_lock, flags);
772
773 ld = &tty_ldiscs[disc];
774 /* Check the entry is defined */
37bdfb07 775 if (ld->flags & LDISC_FLAG_DEFINED) {
1da177e4
LT		 776 /* If the module is being unloaded we can't use it */
777 if (!try_module_get(ld->owner))
37bdfb07 778 ld = NULL;
1da177e4
LT		 779 else /* lock it */
780 ld->refcount++;
37bdfb07 781 } else
1da177e4
LT		 782 ld = NULL;
783 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
784 return ld;
785}
786
787EXPORT_SYMBOL_GPL(tty_ldisc_get);
788
af9b897e
AC		 789/**
790 * tty_ldisc_put - drop ldisc reference
791 * @disc: ldisc number
792 *
793 * Drop a reference to a line discipline. Manage refcounts and
794 * module usage counts
795 *
796 * Locking:
797 * takes tty_ldisc_lock to guard against ldisc races
798 */
799
1da177e4
LT		 800void tty_ldisc_put(int disc)
801{
802 struct tty_ldisc *ld;
803 unsigned long flags;
37bdfb07 804
56ee4827 805 BUG_ON(disc < N_TTY || disc >= NR_LDISCS);
37bdfb07 806
1da177e4
LT		 807 spin_lock_irqsave(&tty_ldisc_lock, flags);
808 ld = &tty_ldiscs[disc];
56ee4827
ES		 809 BUG_ON(ld->refcount == 0);
810 ld->refcount--;
1da177e4
LT		 811 module_put(ld->owner);
812 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
813}
37bdfb07 814
1da177e4
LT		 815EXPORT_SYMBOL_GPL(tty_ldisc_put);
816
af9b897e
AC		 817/**
818 * tty_ldisc_assign - set ldisc on a tty
819 * @tty: tty to assign
820 * @ld: line discipline
821 *
822 * Install an instance of a line discipline into a tty structure. The
823 * ldisc must have a reference count above zero to ensure it remains/
824 * The tty instance refcount starts at zero.
825 *
826 * Locking:
827 * Caller must hold references
828 */
829
1da177e4
LT		 830static void tty_ldisc_assign(struct tty_struct *tty, struct tty_ldisc *ld)
831{
832 tty->ldisc = *ld;
833 tty->ldisc.refcount = 0;
834}
835
836/**
837 * tty_ldisc_try - internal helper
838 * @tty: the tty
839 *
840 * Make a single attempt to grab and bump the refcount on
841 * the tty ldisc. Return 0 on failure or 1 on success. This is
842 * used to implement both the waiting and non waiting versions
843 * of tty_ldisc_ref
af9b897e
AC		 844 *
845 * Locking: takes tty_ldisc_lock
1da177e4
LT		 846 */
847
848static int tty_ldisc_try(struct tty_struct *tty)
849{
850 unsigned long flags;
851 struct tty_ldisc *ld;
852 int ret = 0;
37bdfb07 853
1da177e4
LT		 854 spin_lock_irqsave(&tty_ldisc_lock, flags);
855 ld = &tty->ldisc;
37bdfb07 856 if (test_bit(TTY_LDISC, &tty->flags)) {
1da177e4
LT		 857 ld->refcount++;
858 ret = 1;
859 }
860 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
861 return ret;
862}
863
864/**
865 * tty_ldisc_ref_wait - wait for the tty ldisc
866 * @tty: tty device
867 *
37bdfb07
AC		 868 * Dereference the line discipline for the terminal and take a
869 * reference to it. If the line discipline is in flux then
1da177e4
LT		 870 * wait patiently until it changes.
871 *
872 * Note: Must not be called from an IRQ/timer context. The caller
873 * must also be careful not to hold other locks that will deadlock
874 * against a discipline change, such as an existing ldisc reference
875 * (which we check for)
af9b897e
AC		 876 *
877 * Locking: call functions take tty_ldisc_lock
1da177e4 878 */
37bdfb07 879
1da177e4
LT		 880struct tty_ldisc *tty_ldisc_ref_wait(struct tty_struct *tty)
881{
882 /* wait_event is a macro */
883 wait_event(tty_ldisc_wait, tty_ldisc_try(tty));
37bdfb07 884 if (tty->ldisc.refcount == 0)
1da177e4
LT		 885 printk(KERN_ERR "tty_ldisc_ref_wait\n");
886 return &tty->ldisc;
887}
888
889EXPORT_SYMBOL_GPL(tty_ldisc_ref_wait);
890
891/**
892 * tty_ldisc_ref - get the tty ldisc
893 * @tty: tty device
894 *
37bdfb07
AC		 895 * Dereference the line discipline for the terminal and take a
896 * reference to it. If the line discipline is in flux then
1da177e4 897 * return NULL. Can be called from IRQ and timer functions.
af9b897e
AC		 898 *
899 * Locking: called functions take tty_ldisc_lock
1da177e4 900 */
37bdfb07 901
1da177e4
LT		 902struct tty_ldisc *tty_ldisc_ref(struct tty_struct *tty)
903{
37bdfb07 904 if (tty_ldisc_try(tty))
1da177e4
LT		 905 return &tty->ldisc;
906 return NULL;
907}
908
909EXPORT_SYMBOL_GPL(tty_ldisc_ref);
910
911/**
912 * tty_ldisc_deref - free a tty ldisc reference
913 * @ld: reference to free up
914 *
915 * Undoes the effect of tty_ldisc_ref or tty_ldisc_ref_wait. May
916 * be called in IRQ context.
af9b897e
AC		 917 *
918 * Locking: takes tty_ldisc_lock
1da177e4 919 */
37bdfb07 920
1da177e4
LT		 921void tty_ldisc_deref(struct tty_ldisc *ld)
922{
923 unsigned long flags;
924
56ee4827 925 BUG_ON(ld == NULL);
37bdfb07 926
1da177e4 927 spin_lock_irqsave(&tty_ldisc_lock, flags);
37bdfb07 928 if (ld->refcount == 0)
1da177e4
LT		 929 printk(KERN_ERR "tty_ldisc_deref: no references.\n");
930 else
931 ld->refcount--;
37bdfb07 932 if (ld->refcount == 0)
1da177e4
LT		 933 wake_up(&tty_ldisc_wait);
934 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
935}
936
937EXPORT_SYMBOL_GPL(tty_ldisc_deref);
938
939/**
940 * tty_ldisc_enable - allow ldisc use
941 * @tty: terminal to activate ldisc on
942 *
943 * Set the TTY_LDISC flag when the line discipline can be called
3a4fa0a2 944 * again. Do necessary wakeups for existing sleepers.
1da177e4
LT		 945 *
946 * Note: nobody should set this bit except via this function. Clearing
947 * directly is allowed.
948 */
949
950static void tty_ldisc_enable(struct tty_struct *tty)
951{
952 set_bit(TTY_LDISC, &tty->flags);
953 wake_up(&tty_ldisc_wait);
954}
37bdfb07 955
1da177e4
LT		 956/**
957 * tty_set_ldisc - set line discipline
958 * @tty: the terminal to set
959 * @ldisc: the line discipline
960 *
961 * Set the discipline of a tty line. Must be called from a process
962 * context.
af9b897e
AC		 963 *
964 * Locking: takes tty_ldisc_lock.
24ec839c 965 * called functions take termios_mutex
1da177e4 966 */
37bdfb07 967
1da177e4
LT		 968static int tty_set_ldisc(struct tty_struct *tty, int ldisc)
969{
ff55fe20
JB		 970 int retval = 0;
971 struct tty_ldisc o_ldisc;
1da177e4
LT		 972 char buf[64];
973 int work;
974 unsigned long flags;
975 struct tty_ldisc *ld;
ff55fe20 976 struct tty_struct *o_tty;
1da177e4
LT		 977
978 if ((ldisc < N_TTY) || (ldisc >= NR_LDISCS))
979 return -EINVAL;
980
981restart:
982
1da177e4
LT		 983 ld = tty_ldisc_get(ldisc);
984 /* Eduardo Blanco <ejbs@cs.cs.com.uy> */
985 /* Cyrus Durgin <cider@speakeasy.org> */
986 if (ld == NULL) {
987 request_module("tty-ldisc-%d", ldisc);
988 ld = tty_ldisc_get(ldisc);
989 }
990 if (ld == NULL)
991 return -EINVAL;
992
33f0f88f
AC		 993 /*
994 * Problem: What do we do if this blocks ?
995 */
996
1da177e4
LT		 997 tty_wait_until_sent(tty, 0);
998
ff55fe20
JB		 999 if (tty->ldisc.num == ldisc) {
1000 tty_ldisc_put(ldisc);
1001 return 0;
1002 }
1003
ae030e43
PF		 1004 /*
1005 * No more input please, we are switching. The new ldisc
1006 * will update this value in the ldisc open function
1007 */
1008
1009 tty->receive_room = 0;
1010
ff55fe20
JB		 1011 o_ldisc = tty->ldisc;
1012 o_tty = tty->link;
1013
1da177e4
LT		 1014 /*
1015 * Make sure we don't change while someone holds a
1016 * reference to the line discipline. The TTY_LDISC bit
1017 * prevents anyone taking a reference once it is clear.
1018 * We need the lock to avoid racing reference takers.
1019 */
ff55fe20 1020
1da177e4 1021 spin_lock_irqsave(&tty_ldisc_lock, flags);
ff55fe20 1022 if (tty->ldisc.refcount || (o_tty && o_tty->ldisc.refcount)) {
37bdfb07 1023 if (tty->ldisc.refcount) {
ff55fe20
JB		 1024 /* Free the new ldisc we grabbed. Must drop the lock
1025 first. */
1026 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1027 tty_ldisc_put(ldisc);
1028 /*
1029 * There are several reasons we may be busy, including
1030 * random momentary I/O traffic. We must therefore
1031 * retry. We could distinguish between blocking ops
37bdfb07
AC		 1032 * and retries if we made tty_ldisc_wait() smarter.
1033 * That is up for discussion.
ff55fe20
JB		 1034 */
1035 if (wait_event_interruptible(tty_ldisc_wait, tty->ldisc.refcount == 0) < 0)
1036 return -ERESTARTSYS;
1037 goto restart;
1038 }
37bdfb07 1039 if (o_tty && o_tty->ldisc.refcount) {
ff55fe20
JB		 1040 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1041 tty_ldisc_put(ldisc);
1042 if (wait_event_interruptible(tty_ldisc_wait, o_tty->ldisc.refcount == 0) < 0)
1043 return -ERESTARTSYS;
1044 goto restart;
1045 }
1046 }
37bdfb07
AC		 1047 /*
1048 * If the TTY_LDISC bit is set, then we are racing against
1049 * another ldisc change
1050 */
ff55fe20 1051 if (!test_bit(TTY_LDISC, &tty->flags)) {
1da177e4
LT		 1052 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1053 tty_ldisc_put(ldisc);
ff55fe20
JB		 1054 ld = tty_ldisc_ref_wait(tty);
1055 tty_ldisc_deref(ld);
1da177e4
LT		 1056 goto restart;
1057 }
ff55fe20
JB		 1058
1059 clear_bit(TTY_LDISC, &tty->flags);
817d6d3b 1060 if (o_tty)
ff55fe20 1061 clear_bit(TTY_LDISC, &o_tty->flags);
1da177e4 1062 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
ff55fe20 1063
1da177e4
LT		 1064 /*
1065 * From this point on we know nobody has an ldisc
1066 * usage reference, nor can they obtain one until
1067 * we say so later on.
1068 */
ff55fe20 1069
33f0f88f 1070 work = cancel_delayed_work(&tty->buf.work);
1da177e4 1071 /*
33f0f88f 1072 * Wait for ->hangup_work and ->buf.work handlers to terminate
1da177e4 1073 */
1da177e4
LT		 1074 flush_scheduled_work();
1075 /* Shutdown the current discipline. */
1076 if (tty->ldisc.close)
1077 (tty->ldisc.close)(tty);
1078
1079 /* Now set up the new line discipline. */
1080 tty_ldisc_assign(tty, ld);
1081 tty_set_termios_ldisc(tty, ldisc);
1082 if (tty->ldisc.open)
1083 retval = (tty->ldisc.open)(tty);
1084 if (retval < 0) {
1085 tty_ldisc_put(ldisc);
1086 /* There is an outstanding reference here so this is safe */
1087 tty_ldisc_assign(tty, tty_ldisc_get(o_ldisc.num));
1088 tty_set_termios_ldisc(tty, tty->ldisc.num);
1089 if (tty->ldisc.open && (tty->ldisc.open(tty) < 0)) {
1090 tty_ldisc_put(o_ldisc.num);
1091 /* This driver is always present */
1092 tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
1093 tty_set_termios_ldisc(tty, N_TTY);
1094 if (tty->ldisc.open) {
1095 int r = tty->ldisc.open(tty);
1096
1097 if (r < 0)
1098 panic("Couldn't open N_TTY ldisc for "
1099 "%s --- error %d.",
1100 tty_name(tty, buf), r);
1101 }
1102 }
1103 }
1104 /* At this point we hold a reference to the new ldisc and a
1105 a reference to the old ldisc. If we ended up flipping back
1106 to the existing ldisc we have two references to it */
37bdfb07 1107
f34d7a5b
AC		 1108 if (tty->ldisc.num != o_ldisc.num && tty->ops->set_ldisc)
1109 tty->ops->set_ldisc(tty);
37bdfb07 1110
1da177e4 1111 tty_ldisc_put(o_ldisc.num);
37bdfb07 1112
1da177e4
LT		 1113 /*
1114 * Allow ldisc referencing to occur as soon as the driver
1115 * ldisc callback completes.
1116 */
37bdfb07 1117
1da177e4 1118 tty_ldisc_enable(tty);
ff55fe20
JB		 1119 if (o_tty)
1120 tty_ldisc_enable(o_tty);
37bdfb07 1121
1da177e4
LT		 1122 /* Restart it in case no characters kick it off. Safe if
1123 already running */
ff55fe20 1124 if (work)
33f0f88f 1125 schedule_delayed_work(&tty->buf.work, 1);
1da177e4
LT		 1126 return retval;
1127}
1128
af9b897e
AC		 1129/**
1130 * get_tty_driver - find device of a tty
1131 * @dev_t: device identifier
1132 * @index: returns the index of the tty
1133 *
1134 * This routine returns a tty driver structure, given a device number
1135 * and also passes back the index number.
1136 *
1137 * Locking: caller must hold tty_mutex
1da177e4 1138 */
af9b897e 1139
1da177e4
LT		 1140static struct tty_driver *get_tty_driver(dev_t device, int *index)
1141{
1142 struct tty_driver *p;
1143
1144 list_for_each_entry(p, &tty_drivers, tty_drivers) {
1145 dev_t base = MKDEV(p->major, p->minor_start);
1146 if (device < base || device >= base + p->num)
1147 continue;
1148 *index = device - base;
1149 return p;
1150 }
1151 return NULL;
1152}
1153
f2d937f3
JW		 1154#ifdef CONFIG_CONSOLE_POLL
1155
1156/**
1157 * tty_find_polling_driver - find device of a polled tty
1158 * @name: name string to match
1159 * @line: pointer to resulting tty line nr
1160 *
1161 * This routine returns a tty driver structure, given a name
1162 * and the condition that the tty driver is capable of polled
1163 * operation.
1164 */
1165struct tty_driver *tty_find_polling_driver(char *name, int *line)
1166{
1167 struct tty_driver *p, *res = NULL;
1168 int tty_line = 0;
1169 char *str;
1170
1171 mutex_lock(&tty_mutex);
1172 /* Search through the tty devices to look for a match */
1173 list_for_each_entry(p, &tty_drivers, tty_drivers) {
1174 str = name + strlen(p->name);
1175 tty_line = simple_strtoul(str, &str, 10);
1176 if (*str == ',')
1177 str++;
1178 if (*str == '\0')
8da56309 1179 str = NULL;
f2d937f3 1180
f34d7a5b
AC		 1181 if (tty_line >= 0 && tty_line <= p->num && p->ops &&
1182 p->ops->poll_init && !p->ops->poll_init(p, tty_line, str)) {
f2d937f3
JW		 1183 res = p;
1184 *line = tty_line;
1185 break;
1186 }
1187 }
1188 mutex_unlock(&tty_mutex);
1189
1190 return res;
1191}
1192EXPORT_SYMBOL_GPL(tty_find_polling_driver);
1193#endif
1194
af9b897e
AC		 1195/**
1196 * tty_check_change - check for POSIX terminal changes
1197 * @tty: tty to check
1198 *
1199 * If we try to write to, or set the state of, a terminal and we're
1200 * not in the foreground, send a SIGTTOU. If the signal is blocked or
1201 * ignored, go ahead and perform the operation. (POSIX 7.2)
1202 *
978e595f 1203 * Locking: ctrl_lock
1da177e4 1204 */
af9b897e 1205
37bdfb07 1206int tty_check_change(struct tty_struct *tty)
1da177e4 1207{
47f86834
AC		 1208 unsigned long flags;
1209 int ret = 0;
1210
1da177e4
LT		 1211 if (current->signal->tty != tty)
1212 return 0;
47f86834
AC		 1213
1214 spin_lock_irqsave(&tty->ctrl_lock, flags);
1215
ab521dc0
EB		 1216 if (!tty->pgrp) {
1217 printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n");
47f86834 1218 goto out;
1da177e4 1219 }
ab521dc0 1220 if (task_pgrp(current) == tty->pgrp)
47f86834 1221 goto out;
1da177e4 1222 if (is_ignored(SIGTTOU))
47f86834
AC		 1223 goto out;
1224 if (is_current_pgrp_orphaned()) {
1225 ret = -EIO;
1226 goto out;
1227 }
040b6362
ON		 1228 kill_pgrp(task_pgrp(current), SIGTTOU, 1);
1229 set_thread_flag(TIF_SIGPENDING);
47f86834
AC		 1230 ret = -ERESTARTSYS;
1231out:
1232 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1233 return ret;
1da177e4
LT		 1234}
1235
1236EXPORT_SYMBOL(tty_check_change);
1237
37bdfb07 1238static ssize_t hung_up_tty_read(struct file *file, char __user *buf,
1da177e4
LT		 1239 size_t count, loff_t *ppos)
1240{
1241 return 0;
1242}
1243
37bdfb07 1244static ssize_t hung_up_tty_write(struct file *file, const char __user *buf,
1da177e4
LT		 1245 size_t count, loff_t *ppos)
1246{
1247 return -EIO;
1248}
1249
1250/* No kernel lock held - none needed ;) */
37bdfb07 1251static unsigned int hung_up_tty_poll(struct file *filp, poll_table *wait)
1da177e4
LT		 1252{
1253 return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
1254}
1255
04f378b1
AC		 1256static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
1257 unsigned long arg)
38ad2ed0
PF		 1258{
1259 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
1260}
1261
37bdfb07 1262static long hung_up_tty_compat_ioctl(struct file *file,
38ad2ed0 1263 unsigned int cmd, unsigned long arg)
1da177e4
LT		 1264{
1265 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
1266}
1267
62322d25 1268static const struct file_operations tty_fops = {
1da177e4
LT		 1269 .llseek = no_llseek,
1270 .read = tty_read,
1271 .write = tty_write,
1272 .poll = tty_poll,
04f378b1 1273 .unlocked_ioctl = tty_ioctl,
e10cc1df 1274 .compat_ioctl = tty_compat_ioctl,
1da177e4
LT		 1275 .open = tty_open,
1276 .release = tty_release,
1277 .fasync = tty_fasync,
1278};
1279
1280#ifdef CONFIG_UNIX98_PTYS
62322d25 1281static const struct file_operations ptmx_fops = {
1da177e4
LT		 1282 .llseek = no_llseek,
1283 .read = tty_read,
1284 .write = tty_write,
1285 .poll = tty_poll,
04f378b1 1286 .unlocked_ioctl = tty_ioctl,
e10cc1df 1287 .compat_ioctl = tty_compat_ioctl,
1da177e4
LT		 1288 .open = ptmx_open,
1289 .release = tty_release,
1290 .fasync = tty_fasync,
1291};
1292#endif
1293
62322d25 1294static const struct file_operations console_fops = {
1da177e4
LT		 1295 .llseek = no_llseek,
1296 .read = tty_read,
1297 .write = redirected_tty_write,
1298 .poll = tty_poll,
04f378b1 1299 .unlocked_ioctl = tty_ioctl,
e10cc1df 1300 .compat_ioctl = tty_compat_ioctl,
1da177e4
LT		 1301 .open = tty_open,
1302 .release = tty_release,
1303 .fasync = tty_fasync,
1304};
1305
62322d25 1306static const struct file_operations hung_up_tty_fops = {
1da177e4
LT		 1307 .llseek = no_llseek,
1308 .read = hung_up_tty_read,
1309 .write = hung_up_tty_write,
1310 .poll = hung_up_tty_poll,
04f378b1 1311 .unlocked_ioctl = hung_up_tty_ioctl,
38ad2ed0 1312 .compat_ioctl = hung_up_tty_compat_ioctl,
1da177e4
LT		 1313 .release = tty_release,
1314};
1315
1316static DEFINE_SPINLOCK(redirect_lock);
1317static struct file *redirect;
1318
1319/**
1320 * tty_wakeup - request more data
1321 * @tty: terminal
1322 *
1323 * Internal and external helper for wakeups of tty. This function
1324 * informs the line discipline if present that the driver is ready
1325 * to receive more output data.
1326 */
37bdfb07 1327
1da177e4
LT		 1328void tty_wakeup(struct tty_struct *tty)
1329{
1330 struct tty_ldisc *ld;
37bdfb07 1331
1da177e4
LT		 1332 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
1333 ld = tty_ldisc_ref(tty);
37bdfb07
AC		 1334 if (ld) {
1335 if (ld->write_wakeup)
1da177e4
LT		 1336 ld->write_wakeup(tty);
1337 tty_ldisc_deref(ld);
1338 }
1339 }
1340 wake_up_interruptible(&tty->write_wait);
1341}
1342
1343EXPORT_SYMBOL_GPL(tty_wakeup);
1344
1345/**
1346 * tty_ldisc_flush - flush line discipline queue
1347 * @tty: tty
1348 *
1349 * Flush the line discipline queue (if any) for this tty. If there
1350 * is no line discipline active this is a no-op.
1351 */
37bdfb07 1352
1da177e4
LT		 1353void tty_ldisc_flush(struct tty_struct *tty)
1354{
1355 struct tty_ldisc *ld = tty_ldisc_ref(tty);
37bdfb07
AC		 1356 if (ld) {
1357 if (ld->flush_buffer)
1da177e4
LT		 1358 ld->flush_buffer(tty);
1359 tty_ldisc_deref(ld);
1360 }
c5c34d48 1361 tty_buffer_flush(tty);
1da177e4
LT		 1362}
1363
1364EXPORT_SYMBOL_GPL(tty_ldisc_flush);
edc6afc5
AC		 1365
1366/**
1367 * tty_reset_termios - reset terminal state
1368 * @tty: tty to reset
1369 *
1370 * Restore a terminal to the driver default state
1371 */
1372
1373static void tty_reset_termios(struct tty_struct *tty)
1374{
1375 mutex_lock(&tty->termios_mutex);
1376 *tty->termios = tty->driver->init_termios;
1377 tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
1378 tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
1379 mutex_unlock(&tty->termios_mutex);
1380}
37bdfb07 1381
af9b897e
AC		 1382/**
1383 * do_tty_hangup - actual handler for hangup events
65f27f38 1384 * @work: tty device
af9b897e
AC		 1385 *
1386 * This can be called by the "eventd" kernel thread. That is process
1387 * synchronous but doesn't hold any locks, so we need to make sure we
1388 * have the appropriate locks for what we're doing.
1389 *
1390 * The hangup event clears any pending redirections onto the hung up
1391 * device. It ensures future writes will error and it does the needed
1392 * line discipline hangup and signal delivery. The tty object itself
1393 * remains intact.
1394 *
1395 * Locking:
1396 * BKL
24ec839c
PZ		 1397 * redirect lock for undoing redirection
1398 * file list lock for manipulating list of ttys
1399 * tty_ldisc_lock from called functions
1400 * termios_mutex resetting termios data
1401 * tasklist_lock to walk task list for hangup event
1402 * ->siglock to protect ->signal/->sighand
1da177e4 1403 */
65f27f38 1404static void do_tty_hangup(struct work_struct *work)
1da177e4 1405{
65f27f38
DH		 1406 struct tty_struct *tty =
1407 container_of(work, struct tty_struct, hangup_work);
37bdfb07 1408 struct file *cons_filp = NULL;
1da177e4
LT		 1409 struct file *filp, *f = NULL;
1410 struct task_struct *p;
1411 struct tty_ldisc *ld;
1412 int closecount = 0, n;
47f86834 1413 unsigned long flags;
1da177e4
LT		 1414
1415 if (!tty)
1416 return;
1417
1418 /* inuse_filps is protected by the single kernel lock */
1419 lock_kernel();
1420
1421 spin_lock(&redirect_lock);
1422 if (redirect && redirect->private_data == tty) {
1423 f = redirect;
1424 redirect = NULL;
1425 }
1426 spin_unlock(&redirect_lock);
37bdfb07 1427
1da177e4
LT		 1428 check_tty_count(tty, "do_tty_hangup");
1429 file_list_lock();
1430 /* This breaks for file handles being sent over AF_UNIX sockets ? */
2f512016 1431 list_for_each_entry(filp, &tty->tty_files, f_u.fu_list) {
1da177e4
LT		 1432 if (filp->f_op->write == redirected_tty_write)
1433 cons_filp = filp;
1434 if (filp->f_op->write != tty_write)
1435 continue;
1436 closecount++;
1437 tty_fasync(-1, filp, 0); /* can't block */
1438 filp->f_op = &hung_up_tty_fops;
1439 }
1440 file_list_unlock();
37bdfb07
AC		 1441 /*
1442 * FIXME! What are the locking issues here? This may me overdoing
1443 * things... This question is especially important now that we've
1444 * removed the irqlock.
1445 */
1da177e4 1446 ld = tty_ldisc_ref(tty);
37bdfb07
AC		 1447 if (ld != NULL) {
1448 /* We may have no line discipline at this point */
1da177e4
LT		 1449 if (ld->flush_buffer)
1450 ld->flush_buffer(tty);
f34d7a5b 1451 tty_driver_flush_buffer(tty);
1da177e4
LT		 1452 if ((test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) &&
1453 ld->write_wakeup)
1454 ld->write_wakeup(tty);
1455 if (ld->hangup)
1456 ld->hangup(tty);
1457 }
37bdfb07
AC		 1458 /*
1459 * FIXME: Once we trust the LDISC code better we can wait here for
1460 * ldisc completion and fix the driver call race
1461 */
1da177e4
LT		 1462 wake_up_interruptible(&tty->write_wait);
1463 wake_up_interruptible(&tty->read_wait);
1da177e4
LT		 1464 /*
1465 * Shutdown the current line discipline, and reset it to
1466 * N_TTY.
1467 */
1468 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
edc6afc5 1469 tty_reset_termios(tty);
1da177e4
LT		 1470 /* Defer ldisc switch */
1471 /* tty_deferred_ldisc_switch(N_TTY);
37bdfb07 1472
1da177e4
LT		 1473 This should get done automatically when the port closes and
1474 tty_release is called */
37bdfb07 1475
1da177e4 1476 read_lock(&tasklist_lock);
ab521dc0
EB		 1477 if (tty->session) {
1478 do_each_pid_task(tty->session, PIDTYPE_SID, p) {
24ec839c 1479 spin_lock_irq(&p->sighand->siglock);
1da177e4
LT		 1480 if (p->signal->tty == tty)
1481 p->signal->tty = NULL;
24ec839c
PZ		 1482 if (!p->signal->leader) {
1483 spin_unlock_irq(&p->sighand->siglock);
1da177e4 1484 continue;
24ec839c
PZ		 1485 }
1486 __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
1487 __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
ab521dc0 1488 put_pid(p->signal->tty_old_pgrp); /* A noop */
47f86834 1489 spin_lock_irqsave(&tty->ctrl_lock, flags);
ab521dc0
EB		 1490 if (tty->pgrp)
1491 p->signal->tty_old_pgrp = get_pid(tty->pgrp);
47f86834 1492 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
24ec839c 1493 spin_unlock_irq(&p->sighand->siglock);
ab521dc0 1494 } while_each_pid_task(tty->session, PIDTYPE_SID, p);
1da177e4
LT		 1495 }
1496 read_unlock(&tasklist_lock);
1497
47f86834 1498 spin_lock_irqsave(&tty->ctrl_lock, flags);
1da177e4 1499 tty->flags = 0;
d9c1e9a8
EB		 1500 put_pid(tty->session);
1501 put_pid(tty->pgrp);
ab521dc0
EB		 1502 tty->session = NULL;
1503 tty->pgrp = NULL;
1da177e4 1504 tty->ctrl_status = 0;
47f86834
AC		 1505 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1506
1da177e4 1507 /*
37bdfb07
AC		 1508 * If one of the devices matches a console pointer, we
1509 * cannot just call hangup() because that will cause
1510 * tty->count and state->count to go out of sync.
1511 * So we just call close() the right number of times.
1da177e4
LT		 1512 */
1513 if (cons_filp) {
f34d7a5b 1514 if (tty->ops->close)
1da177e4 1515 for (n = 0; n < closecount; n++)
f34d7a5b
AC		 1516 tty->ops->close(tty, cons_filp);
1517 } else if (tty->ops->hangup)
1518 (tty->ops->hangup)(tty);
37bdfb07
AC		 1519 /*
1520 * We don't want to have driver/ldisc interactions beyond
1521 * the ones we did here. The driver layer expects no
1522 * calls after ->hangup() from the ldisc side. However we
1523 * can't yet guarantee all that.
1524 */
1da177e4
LT		 1525 set_bit(TTY_HUPPED, &tty->flags);
1526 if (ld) {
1527 tty_ldisc_enable(tty);
1528 tty_ldisc_deref(ld);
1529 }
1530 unlock_kernel();
1531 if (f)
1532 fput(f);
1533}
1534
af9b897e
AC		 1535/**
1536 * tty_hangup - trigger a hangup event
1537 * @tty: tty to hangup
1538 *
1539 * A carrier loss (virtual or otherwise) has occurred on this like
1540 * schedule a hangup sequence to run after this event.
1541 */
1542
37bdfb07 1543void tty_hangup(struct tty_struct *tty)
1da177e4
LT		 1544{
1545#ifdef TTY_DEBUG_HANGUP
1546 char buf[64];
1da177e4
LT		 1547 printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
1548#endif
1549 schedule_work(&tty->hangup_work);
1550}
1551
1552EXPORT_SYMBOL(tty_hangup);
1553
af9b897e
AC		 1554/**
1555 * tty_vhangup - process vhangup
1556 * @tty: tty to hangup
1557 *
1558 * The user has asked via system call for the terminal to be hung up.
1559 * We do this synchronously so that when the syscall returns the process
3a4fa0a2 1560 * is complete. That guarantee is necessary for security reasons.
af9b897e
AC		 1561 */
1562
37bdfb07 1563void tty_vhangup(struct tty_struct *tty)
1da177e4
LT		 1564{
1565#ifdef TTY_DEBUG_HANGUP
1566 char buf[64];
1567
1568 printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
1569#endif
65f27f38 1570 do_tty_hangup(&tty->hangup_work);
1da177e4 1571}
37bdfb07 1572
1da177e4
LT		 1573EXPORT_SYMBOL(tty_vhangup);
1574
af9b897e
AC		 1575/**
1576 * tty_hung_up_p - was tty hung up
1577 * @filp: file pointer of tty
1578 *
1579 * Return true if the tty has been subject to a vhangup or a carrier
1580 * loss
1581 */
1582
37bdfb07 1583int tty_hung_up_p(struct file *filp)
1da177e4
LT		 1584{
1585 return (filp->f_op == &hung_up_tty_fops);
1586}
1587
1588EXPORT_SYMBOL(tty_hung_up_p);
1589
522ed776 1590/**
37bdfb07
AC		 1591 * is_tty - checker whether file is a TTY
1592 * @filp: file handle that may be a tty
1593 *
1594 * Check if the file handle is a tty handle.
522ed776 1595 */
37bdfb07 1596
522ed776
MT		 1597int is_tty(struct file *filp)
1598{
1599 return filp->f_op->read == tty_read
1600 || filp->f_op->read == hung_up_tty_read;
1601}
1602
ab521dc0 1603static void session_clear_tty(struct pid *session)
24ec839c
PZ		 1604{
1605 struct task_struct *p;
ab521dc0 1606 do_each_pid_task(session, PIDTYPE_SID, p) {
24ec839c 1607 proc_clear_tty(p);
ab521dc0 1608 } while_each_pid_task(session, PIDTYPE_SID, p);
24ec839c
PZ		 1609}
1610
af9b897e
AC		 1611/**
1612 * disassociate_ctty - disconnect controlling tty
1613 * @on_exit: true if exiting so need to "hang up" the session
1da177e4 1614 *
af9b897e
AC		 1615 * This function is typically called only by the session leader, when
1616 * it wants to disassociate itself from its controlling tty.
1617 *
1618 * It performs the following functions:
1da177e4
LT		 1619 * (1) Sends a SIGHUP and SIGCONT to the foreground process group
1620 * (2) Clears the tty from being controlling the session
1621 * (3) Clears the controlling tty for all processes in the
1622 * session group.
1623 *
af9b897e
AC		 1624 * The argument on_exit is set to 1 if called when a process is
1625 * exiting; it is 0 if called by the ioctl TIOCNOTTY.
1626 *
24ec839c 1627 * Locking:
af9b897e 1628 * BKL is taken for hysterical raisins
24ec839c
PZ		 1629 * tty_mutex is taken to protect tty
1630 * ->siglock is taken to protect ->signal/->sighand
1631 * tasklist_lock is taken to walk process list for sessions
1632 * ->siglock is taken to protect ->signal/->sighand
1da177e4 1633 */
af9b897e 1634
1da177e4
LT		 1635void disassociate_ctty(int on_exit)
1636{
1637 struct tty_struct *tty;
ab521dc0 1638 struct pid *tty_pgrp = NULL;
1da177e4 1639
1da177e4 1640
70522e12 1641 mutex_lock(&tty_mutex);
24ec839c 1642 tty = get_current_tty();
1da177e4 1643 if (tty) {
ab521dc0 1644 tty_pgrp = get_pid(tty->pgrp);
70522e12 1645 mutex_unlock(&tty_mutex);
04f378b1 1646 lock_kernel();
24ec839c 1647 /* XXX: here we race, there is nothing protecting tty */
1da177e4
LT		 1648 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY)
1649 tty_vhangup(tty);
04f378b1 1650 unlock_kernel();
680a9671 1651 } else if (on_exit) {
ab521dc0 1652 struct pid *old_pgrp;
680a9671
EB		 1653 spin_lock_irq(&current->sighand->siglock);
1654 old_pgrp = current->signal->tty_old_pgrp;
ab521dc0 1655 current->signal->tty_old_pgrp = NULL;
680a9671 1656 spin_unlock_irq(&current->sighand->siglock);
24ec839c 1657 if (old_pgrp) {
ab521dc0
EB		 1658 kill_pgrp(old_pgrp, SIGHUP, on_exit);
1659 kill_pgrp(old_pgrp, SIGCONT, on_exit);
1660 put_pid(old_pgrp);
1da177e4 1661 }
70522e12 1662 mutex_unlock(&tty_mutex);
1da177e4
LT		 1663 return;
1664 }
ab521dc0
EB		 1665 if (tty_pgrp) {
1666 kill_pgrp(tty_pgrp, SIGHUP, on_exit);
1da177e4 1667 if (!on_exit)
ab521dc0
EB		 1668 kill_pgrp(tty_pgrp, SIGCONT, on_exit);
1669 put_pid(tty_pgrp);
1da177e4
LT		 1670 }
1671
24ec839c 1672 spin_lock_irq(&current->sighand->siglock);
2a65f1d9 1673 put_pid(current->signal->tty_old_pgrp);
23cac8de 1674 current->signal->tty_old_pgrp = NULL;
24ec839c
PZ		 1675 spin_unlock_irq(&current->sighand->siglock);
1676
1677 mutex_lock(&tty_mutex);
1678 /* It is possible that do_tty_hangup has free'd this tty */
1679 tty = get_current_tty();
1680 if (tty) {
47f86834
AC		 1681 unsigned long flags;
1682 spin_lock_irqsave(&tty->ctrl_lock, flags);
ab521dc0
EB		 1683 put_pid(tty->session);
1684 put_pid(tty->pgrp);
1685 tty->session = NULL;
1686 tty->pgrp = NULL;
47f86834 1687 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
24ec839c
PZ		 1688 } else {
1689#ifdef TTY_DEBUG_HANGUP
1690 printk(KERN_DEBUG "error attempted to write to tty [0x%p]"
1691 " = NULL", tty);
1692#endif
1693 }
1694 mutex_unlock(&tty_mutex);
1da177e4
LT		 1695
1696 /* Now clear signal->tty under the lock */
1697 read_lock(&tasklist_lock);
ab521dc0 1698 session_clear_tty(task_session(current));
1da177e4 1699 read_unlock(&tasklist_lock);
1da177e4
LT		 1700}
1701
98a27ba4
EB		 1702/**
1703 *
1704 * no_tty - Ensure the current process does not have a controlling tty
1705 */
1706void no_tty(void)
1707{
1708 struct task_struct *tsk = current;
04f378b1 1709 lock_kernel();
98a27ba4
EB		 1710 if (tsk->signal->leader)
1711 disassociate_ctty(0);
04f378b1 1712 unlock_kernel();
98a27ba4
EB		 1713 proc_clear_tty(tsk);
1714}
1715
af9b897e
AC		 1716
1717/**
beb7dd86 1718 * stop_tty - propagate flow control
af9b897e
AC		 1719 * @tty: tty to stop
1720 *
1721 * Perform flow control to the driver. For PTY/TTY pairs we
beb7dd86 1722 * must also propagate the TIOCKPKT status. May be called
af9b897e
AC		 1723 * on an already stopped device and will not re-call the driver
1724 * method.
1725 *
1726 * This functionality is used by both the line disciplines for
1727 * halting incoming flow and by the driver. It may therefore be
1728 * called from any context, may be under the tty atomic_write_lock
1729 * but not always.
1730 *
1731 * Locking:
04f378b1 1732 * Uses the tty control lock internally
af9b897e
AC		 1733 */
1734
1da177e4
LT		 1735void stop_tty(struct tty_struct *tty)
1736{
04f378b1
AC		 1737 unsigned long flags;
1738 spin_lock_irqsave(&tty->ctrl_lock, flags);
1739 if (tty->stopped) {
1740 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1da177e4 1741 return;
04f378b1 1742 }
1da177e4
LT		 1743 tty->stopped = 1;
1744 if (tty->link && tty->link->packet) {
1745 tty->ctrl_status &= ~TIOCPKT_START;
1746 tty->ctrl_status |= TIOCPKT_STOP;
1747 wake_up_interruptible(&tty->link->read_wait);
1748 }
04f378b1 1749 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
f34d7a5b
AC		 1750 if (tty->ops->stop)
1751 (tty->ops->stop)(tty);
1da177e4
LT		 1752}
1753
1754EXPORT_SYMBOL(stop_tty);
1755
af9b897e 1756/**
beb7dd86 1757 * start_tty - propagate flow control
af9b897e
AC		 1758 * @tty: tty to start
1759 *
1760 * Start a tty that has been stopped if at all possible. Perform
3a4fa0a2 1761 * any necessary wakeups and propagate the TIOCPKT status. If this
af9b897e
AC		 1762 * is the tty was previous stopped and is being started then the
1763 * driver start method is invoked and the line discipline woken.
1764 *
1765 * Locking:
04f378b1 1766 * ctrl_lock
af9b897e
AC		 1767 */
1768
1da177e4
LT		 1769void start_tty(struct tty_struct *tty)
1770{
04f378b1
AC		 1771 unsigned long flags;
1772 spin_lock_irqsave(&tty->ctrl_lock, flags);
1773 if (!tty->stopped || tty->flow_stopped) {
1774 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1da177e4 1775 return;
04f378b1 1776 }
1da177e4
LT		 1777 tty->stopped = 0;
1778 if (tty->link && tty->link->packet) {
1779 tty->ctrl_status &= ~TIOCPKT_STOP;
1780 tty->ctrl_status |= TIOCPKT_START;
1781 wake_up_interruptible(&tty->link->read_wait);
1782 }
04f378b1 1783 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
f34d7a5b
AC		 1784 if (tty->ops->start)
1785 (tty->ops->start)(tty);
1da177e4
LT		 1786 /* If we have a running line discipline it may need kicking */
1787 tty_wakeup(tty);
1da177e4
LT		 1788}
1789
1790EXPORT_SYMBOL(start_tty);
1791
af9b897e
AC		 1792/**
1793 * tty_read - read method for tty device files
1794 * @file: pointer to tty file
1795 * @buf: user buffer
1796 * @count: size of user buffer
1797 * @ppos: unused
1798 *
1799 * Perform the read system call function on this terminal device. Checks
1800 * for hung up devices before calling the line discipline method.
1801 *
1802 * Locking:
47f86834
AC		 1803 * Locks the line discipline internally while needed. Multiple
1804 * read calls may be outstanding in parallel.
af9b897e
AC		 1805 */
1806
37bdfb07 1807static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
1da177e4
LT		 1808 loff_t *ppos)
1809{
1810 int i;
37bdfb07 1811 struct tty_struct *tty;
1da177e4
LT		 1812 struct inode *inode;
1813 struct tty_ldisc *ld;
1814
1815 tty = (struct tty_struct *)file->private_data;
a7113a96 1816 inode = file->f_path.dentry->d_inode;
1da177e4
LT		 1817 if (tty_paranoia_check(tty, inode, "tty_read"))
1818 return -EIO;
1819 if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
1820 return -EIO;
1821
1822 /* We want to wait for the line discipline to sort out in this
1823 situation */
1824 ld = tty_ldisc_ref_wait(tty);
1da177e4 1825 if (ld->read)
37bdfb07 1826 i = (ld->read)(tty, file, buf, count);
1da177e4
LT		 1827 else
1828 i = -EIO;
1829 tty_ldisc_deref(ld);
1da177e4
LT		 1830 if (i > 0)
1831 inode->i_atime = current_fs_time(inode->i_sb);
1832 return i;
1833}
1834
9c1729db
AC		 1835void tty_write_unlock(struct tty_struct *tty)
1836{
1837 mutex_unlock(&tty->atomic_write_lock);
1838 wake_up_interruptible(&tty->write_wait);
1839}
1840
1841int tty_write_lock(struct tty_struct *tty, int ndelay)
1842{
1843 if (!mutex_trylock(&tty->atomic_write_lock)) {
1844 if (ndelay)
1845 return -EAGAIN;
1846 if (mutex_lock_interruptible(&tty->atomic_write_lock))
1847 return -ERESTARTSYS;
1848 }
1849 return 0;
1850}
1851
1da177e4
LT		 1852/*
1853 * Split writes up in sane blocksizes to avoid
1854 * denial-of-service type attacks
1855 */
1856static inline ssize_t do_tty_write(
1857 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1858 struct tty_struct *tty,
1859 struct file *file,
1860 const char __user *buf,
1861 size_t count)
1862{
9c1729db 1863 ssize_t ret, written = 0;
1da177e4 1864 unsigned int chunk;
37bdfb07 1865
9c1729db
AC		 1866 ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
1867 if (ret < 0)
1868 return ret;
1da177e4
LT		 1869
1870 /*
1871 * We chunk up writes into a temporary buffer. This
1872 * simplifies low-level drivers immensely, since they
1873 * don't have locking issues and user mode accesses.
1874 *
1875 * But if TTY_NO_WRITE_SPLIT is set, we should use a
1876 * big chunk-size..
1877 *
1878 * The default chunk-size is 2kB, because the NTTY
1879 * layer has problems with bigger chunks. It will
1880 * claim to be able to handle more characters than
1881 * it actually does.
af9b897e
AC		 1882 *
1883 * FIXME: This can probably go away now except that 64K chunks
1884 * are too likely to fail unless switched to vmalloc...
1da177e4
LT		 1885 */
1886 chunk = 2048;
1887 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1888 chunk = 65536;
1889 if (count < chunk)
1890 chunk = count;
1891
70522e12 1892 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1da177e4
LT		 1893 if (tty->write_cnt < chunk) {
1894 unsigned char *buf;
1895
1896 if (chunk < 1024)
1897 chunk = 1024;
1898
1899 buf = kmalloc(chunk, GFP_KERNEL);
1900 if (!buf) {
9c1729db
AC		 1901 ret = -ENOMEM;
1902 goto out;
1da177e4
LT		 1903 }
1904 kfree(tty->write_buf);
1905 tty->write_cnt = chunk;
1906 tty->write_buf = buf;
1907 }
1908
1909 /* Do the write .. */
1910 for (;;) {
1911 size_t size = count;
1912 if (size > chunk)
1913 size = chunk;
1914 ret = -EFAULT;
1915 if (copy_from_user(tty->write_buf, buf, size))
1916 break;
1da177e4 1917 ret = write(tty, file, tty->write_buf, size);
1da177e4
LT		 1918 if (ret <= 0)
1919 break;
1920 written += ret;
1921 buf += ret;
1922 count -= ret;
1923 if (!count)
1924 break;
1925 ret = -ERESTARTSYS;
1926 if (signal_pending(current))
1927 break;
1928 cond_resched();
1929 }
1930 if (written) {
a7113a96 1931 struct inode *inode = file->f_path.dentry->d_inode;
1da177e4
LT		 1932 inode->i_mtime = current_fs_time(inode->i_sb);
1933 ret = written;
1934 }
9c1729db
AC		 1935out:
1936 tty_write_unlock(tty);
1da177e4
LT		 1937 return ret;
1938}
1939
1940
af9b897e
AC		 1941/**
1942 * tty_write - write method for tty device file
1943 * @file: tty file pointer
1944 * @buf: user data to write
1945 * @count: bytes to write
1946 * @ppos: unused
1947 *
1948 * Write data to a tty device via the line discipline.
1949 *
1950 * Locking:
1951 * Locks the line discipline as required
1952 * Writes to the tty driver are serialized by the atomic_write_lock
1953 * and are then processed in chunks to the device. The line discipline
1954 * write method will not be involked in parallel for each device
1955 * The line discipline write method is called under the big
1956 * kernel lock for historical reasons. New code should not rely on this.
1957 */
1958
37bdfb07
AC		 1959static ssize_t tty_write(struct file *file, const char __user *buf,
1960 size_t count, loff_t *ppos)
1da177e4 1961{
37bdfb07 1962 struct tty_struct *tty;
a7113a96 1963 struct inode *inode = file->f_path.dentry->d_inode;
1da177e4
LT		 1964 ssize_t ret;
1965 struct tty_ldisc *ld;
37bdfb07 1966
1da177e4
LT		 1967 tty = (struct tty_struct *)file->private_data;
1968 if (tty_paranoia_check(tty, inode, "tty_write"))
1969 return -EIO;
f34d7a5b 1970 if (!tty || !tty->ops->write ||
37bdfb07
AC		 1971 (test_bit(TTY_IO_ERROR, &tty->flags)))
1972 return -EIO;
f34d7a5b
AC		 1973 /* Short term debug to catch buggy drivers */
1974 if (tty->ops->write_room == NULL)
1975 printk(KERN_ERR "tty driver %s lacks a write_room method.\n",
1976 tty->driver->name);
37bdfb07 1977 ld = tty_ldisc_ref_wait(tty);
1da177e4
LT		 1978 if (!ld->write)
1979 ret = -EIO;
1980 else
1981 ret = do_tty_write(ld->write, tty, file, buf, count);
1982 tty_ldisc_deref(ld);
1983 return ret;
1984}
1985
37bdfb07
AC		 1986ssize_t redirected_tty_write(struct file *file, const char __user *buf,
1987 size_t count, loff_t *ppos)
1da177e4
LT		 1988{
1989 struct file *p = NULL;
1990
1991 spin_lock(&redirect_lock);
1992 if (redirect) {
1993 get_file(redirect);
1994 p = redirect;
1995 }
1996 spin_unlock(&redirect_lock);
1997
1998 if (p) {
1999 ssize_t res;
2000 res = vfs_write(p, buf, count, &p->f_pos);
2001 fput(p);
2002 return res;
2003 }
1da177e4
LT		 2004 return tty_write(file, buf, count, ppos);
2005}
2006
2007static char ptychar[] = "pqrstuvwxyzabcde";
2008
af9b897e
AC		 2009/**
2010 * pty_line_name - generate name for a pty
2011 * @driver: the tty driver in use
2012 * @index: the minor number
2013 * @p: output buffer of at least 6 bytes
2014 *
2015 * Generate a name from a driver reference and write it to the output
2016 * buffer.
2017 *
2018 * Locking: None
2019 */
2020static void pty_line_name(struct tty_driver *driver, int index, char *p)
1da177e4
LT		 2021{
2022 int i = index + driver->name_base;
2023 /* ->name is initialized to "ttyp", but "tty" is expected */
2024 sprintf(p, "%s%c%x",
37bdfb07
AC		 2025 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
2026 ptychar[i >> 4 & 0xf], i & 0xf);
1da177e4
LT		 2027}
2028
af9b897e
AC		 2029/**
2030 * pty_line_name - generate name for a tty
2031 * @driver: the tty driver in use
2032 * @index: the minor number
2033 * @p: output buffer of at least 7 bytes
2034 *
2035 * Generate a name from a driver reference and write it to the output
2036 * buffer.
2037 *
2038 * Locking: None
2039 */
2040static void tty_line_name(struct tty_driver *driver, int index, char *p)
1da177e4
LT		 2041{
2042 sprintf(p, "%s%d", driver->name, index + driver->name_base);
2043}
2044
af9b897e
AC		 2045/**
2046 * init_dev - initialise a tty device
2047 * @driver: tty driver we are opening a device on
2048 * @idx: device index
2049 * @tty: returned tty structure
2050 *
2051 * Prepare a tty device. This may not be a "new" clean device but
2052 * could also be an active device. The pty drivers require special
2053 * handling because of this.
2054 *
2055 * Locking:
2056 * The function is called under the tty_mutex, which
2057 * protects us from the tty struct or driver itself going away.
2058 *
2059 * On exit the tty device has the line discipline attached and
2060 * a reference count of 1. If a pair was created for pty/tty use
2061 * and the other was a pty master then it too has a reference count of 1.
2062 *
1da177e4 2063 * WSH 06/09/97: Rewritten to remove races and properly clean up after a
70522e12
IM		 2064 * failed open. The new code protects the open with a mutex, so it's
2065 * really quite straightforward. The mutex locking can probably be
1da177e4
LT		 2066 * relaxed for the (most common) case of reopening a tty.
2067 */
af9b897e 2068
1da177e4
LT		 2069static int init_dev(struct tty_driver *driver, int idx,
2070 struct tty_struct **ret_tty)
2071{
2072 struct tty_struct *tty, *o_tty;
edc6afc5
AC		 2073 struct ktermios *tp, **tp_loc, *o_tp, **o_tp_loc;
2074 struct ktermios *ltp, **ltp_loc, *o_ltp, **o_ltp_loc;
af9b897e 2075 int retval = 0;
1da177e4
LT		 2076
2077 /* check whether we're reopening an existing tty */
2078 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
2079 tty = devpts_get_tty(idx);
5a39e8c6
ASRF		 2080 /*
2081 * If we don't have a tty here on a slave open, it's because
2082 * the master already started the close process and there's
2083 * no relation between devpts file and tty anymore.
2084 */
2085 if (!tty && driver->subtype == PTY_TYPE_SLAVE) {
2086 retval = -EIO;
2087 goto end_init;
2088 }
2089 /*
2090 * It's safe from now on because init_dev() is called with
2091 * tty_mutex held and release_dev() won't change tty->count
2092 * or tty->flags without having to grab tty_mutex
2093 */
1da177e4
LT		 2094 if (tty && driver->subtype == PTY_TYPE_MASTER)
2095 tty = tty->link;
2096 } else {
2097 tty = driver->ttys[idx];
2098 }
2099 if (tty) goto fast_track;
2100
2101 /*
2102 * First time open is complex, especially for PTY devices.
2103 * This code guarantees that either everything succeeds and the
2104 * TTY is ready for operation, or else the table slots are vacated
37bdfb07 2105 * and the allocated memory released. (Except that the termios
1da177e4
LT		 2106 * and locked termios may be retained.)
2107 */
2108
2109 if (!try_module_get(driver->owner)) {
2110 retval = -ENODEV;
2111 goto end_init;
2112 }
2113
2114 o_tty = NULL;
2115 tp = o_tp = NULL;
2116 ltp = o_ltp = NULL;
2117
2118 tty = alloc_tty_struct();
37bdfb07 2119 if (!tty)
1da177e4
LT		 2120 goto fail_no_mem;
2121 initialize_tty_struct(tty);
2122 tty->driver = driver;
f34d7a5b 2123 tty->ops = driver->ops;
1da177e4
LT		 2124 tty->index = idx;
2125 tty_line_name(driver, idx, tty->name);
2126
2127 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
2128 tp_loc = &tty->termios;
2129 ltp_loc = &tty->termios_locked;
2130 } else {
2131 tp_loc = &driver->termios[idx];
2132 ltp_loc = &driver->termios_locked[idx];
2133 }
2134
2135 if (!*tp_loc) {
abcb1ff3 2136 tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
1da177e4
LT		 2137 if (!tp)
2138 goto free_mem_out;
2139 *tp = driver->init_termios;
2140 }
2141
2142 if (!*ltp_loc) {
506eb99a 2143 ltp = kzalloc(sizeof(struct ktermios), GFP_KERNEL);
1da177e4
LT		 2144 if (!ltp)
2145 goto free_mem_out;
1da177e4
LT		 2146 }
2147
2148 if (driver->type == TTY_DRIVER_TYPE_PTY) {
2149 o_tty = alloc_tty_struct();
2150 if (!o_tty)
2151 goto free_mem_out;
2152 initialize_tty_struct(o_tty);
2153 o_tty->driver = driver->other;
f34d7a5b 2154 o_tty->ops = driver->ops;
1da177e4
LT		 2155 o_tty->index = idx;
2156 tty_line_name(driver->other, idx, o_tty->name);
2157
2158 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
2159 o_tp_loc = &o_tty->termios;
2160 o_ltp_loc = &o_tty->termios_locked;
2161 } else {
2162 o_tp_loc = &driver->other->termios[idx];
2163 o_ltp_loc = &driver->other->termios_locked[idx];
2164 }
2165
2166 if (!*o_tp_loc) {
abcb1ff3 2167 o_tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
1da177e4
LT		 2168 if (!o_tp)
2169 goto free_mem_out;
2170 *o_tp = driver->other->init_termios;
2171 }
2172
2173 if (!*o_ltp_loc) {
506eb99a 2174 o_ltp = kzalloc(sizeof(struct ktermios), GFP_KERNEL);
1da177e4
LT		 2175 if (!o_ltp)
2176 goto free_mem_out;
1da177e4
LT		 2177 }
2178
2179 /*
2180 * Everything allocated ... set up the o_tty structure.
2181 */
37bdfb07 2182 if (!(driver->other->flags & TTY_DRIVER_DEVPTS_MEM))
1da177e4 2183 driver->other->ttys[idx] = o_tty;
1da177e4
LT		 2184 if (!*o_tp_loc)
2185 *o_tp_loc = o_tp;
2186 if (!*o_ltp_loc)
2187 *o_ltp_loc = o_ltp;
2188 o_tty->termios = *o_tp_loc;
2189 o_tty->termios_locked = *o_ltp_loc;
2190 driver->other->refcount++;
2191 if (driver->subtype == PTY_TYPE_MASTER)
2192 o_tty->count++;
2193
2194 /* Establish the links in both directions */
2195 tty->link = o_tty;
2196 o_tty->link = tty;
2197 }
2198
37bdfb07 2199 /*
1da177e4 2200 * All structures have been allocated, so now we install them.
d5698c28 2201 * Failures after this point use release_tty to clean up, so
1da177e4
LT		 2202 * there's no need to null out the local pointers.
2203 */
37bdfb07 2204 if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM))
1da177e4 2205 driver->ttys[idx] = tty;
37bdfb07 2206
1da177e4
LT		 2207 if (!*tp_loc)
2208 *tp_loc = tp;
2209 if (!*ltp_loc)
2210 *ltp_loc = ltp;
2211 tty->termios = *tp_loc;
2212 tty->termios_locked = *ltp_loc;
edc6afc5
AC		 2213 /* Compatibility until drivers always set this */
2214 tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
2215 tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
1da177e4
LT		 2216 driver->refcount++;
2217 tty->count++;
2218
37bdfb07 2219 /*
1da177e4 2220 * Structures all installed ... call the ldisc open routines.
d5698c28
CH		 2221 * If we fail here just call release_tty to clean up. No need
2222 * to decrement the use counts, as release_tty doesn't care.
1da177e4
LT		 2223 */
2224
2225 if (tty->ldisc.open) {
2226 retval = (tty->ldisc.open)(tty);
2227 if (retval)
2228 goto release_mem_out;
2229 }
2230 if (o_tty && o_tty->ldisc.open) {
2231 retval = (o_tty->ldisc.open)(o_tty);
2232 if (retval) {
2233 if (tty->ldisc.close)
2234 (tty->ldisc.close)(tty);
2235 goto release_mem_out;
2236 }
2237 tty_ldisc_enable(o_tty);
2238 }
2239 tty_ldisc_enable(tty);
2240 goto success;
2241
2242 /*
2243 * This fast open can be used if the tty is already open.
2244 * No memory is allocated, and the only failures are from
2245 * attempting to open a closing tty or attempting multiple
2246 * opens on a pty master.
2247 */
2248fast_track:
2249 if (test_bit(TTY_CLOSING, &tty->flags)) {
2250 retval = -EIO;
2251 goto end_init;
2252 }
2253 if (driver->type == TTY_DRIVER_TYPE_PTY &&
2254 driver->subtype == PTY_TYPE_MASTER) {
2255 /*
37bdfb07 2256 * special case for PTY masters: only one open permitted,
1da177e4
LT		 2257 * and the slave side open count is incremented as well.
2258 */
2259 if (tty->count) {
2260 retval = -EIO;
2261 goto end_init;
2262 }
2263 tty->link->count++;
2264 }
2265 tty->count++;
2266 tty->driver = driver; /* N.B. why do this every time?? */
2267
2268 /* FIXME */
37bdfb07 2269 if (!test_bit(TTY_LDISC, &tty->flags))
1da177e4
LT		 2270 printk(KERN_ERR "init_dev but no ldisc\n");
2271success:
2272 *ret_tty = tty;
37bdfb07 2273
70522e12 2274 /* All paths come through here to release the mutex */
1da177e4
LT		 2275end_init:
2276 return retval;
2277
2278 /* Release locally allocated memory ... nothing placed in slots */
2279free_mem_out:
735d5661 2280 kfree(o_tp);
1da177e4
LT		 2281 if (o_tty)
2282 free_tty_struct(o_tty);
735d5661
JJ		 2283 kfree(ltp);
2284 kfree(tp);
1da177e4
LT		 2285 free_tty_struct(tty);
2286
2287fail_no_mem:
2288 module_put(driver->owner);
2289 retval = -ENOMEM;
2290 goto end_init;
2291
d5698c28 2292 /* call the tty release_tty routine to clean out this slot */
1da177e4 2293release_mem_out:
4050914f
AM		 2294 if (printk_ratelimit())
2295 printk(KERN_INFO "init_dev: ldisc open failed, "
2296 "clearing slot %d\n", idx);
d5698c28 2297 release_tty(tty, idx);
1da177e4
LT		 2298 goto end_init;
2299}
2300
af9b897e 2301/**
d5698c28 2302 * release_one_tty - release tty structure memory
af9b897e
AC		 2303 *
2304 * Releases memory associated with a tty structure, and clears out the
2305 * driver table slots. This function is called when a device is no longer
2306 * in use. It also gets called when setup of a device fails.
2307 *
2308 * Locking:
2309 * tty_mutex - sometimes only
2310 * takes the file list lock internally when working on the list
2311 * of ttys that the driver keeps.
2312 * FIXME: should we require tty_mutex is held here ??
1da177e4 2313 */
d5698c28 2314static void release_one_tty(struct tty_struct *tty, int idx)
1da177e4 2315{
1da177e4 2316 int devpts = tty->driver->flags & TTY_DRIVER_DEVPTS_MEM;
d5698c28 2317 struct ktermios *tp;
1da177e4
LT		 2318
2319 if (!devpts)
2320 tty->driver->ttys[idx] = NULL;
d5698c28 2321
1da177e4
LT		 2322 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
2323 tp = tty->termios;
2324 if (!devpts)
2325 tty->driver->termios[idx] = NULL;
2326 kfree(tp);
2327
2328 tp = tty->termios_locked;
2329 if (!devpts)
2330 tty->driver->termios_locked[idx] = NULL;
2331 kfree(tp);
2332 }
2333
d5698c28 2334
1da177e4
LT		 2335 tty->magic = 0;
2336 tty->driver->refcount--;
d5698c28 2337
1da177e4
LT		 2338 file_list_lock();
2339 list_del_init(&tty->tty_files);
2340 file_list_unlock();
d5698c28 2341
1da177e4
LT		 2342 free_tty_struct(tty);
2343}
2344
d5698c28
CH		 2345/**
2346 * release_tty - release tty structure memory
2347 *
2348 * Release both @tty and a possible linked partner (think pty pair),
2349 * and decrement the refcount of the backing module.
2350 *
2351 * Locking:
2352 * tty_mutex - sometimes only
2353 * takes the file list lock internally when working on the list
2354 * of ttys that the driver keeps.
2355 * FIXME: should we require tty_mutex is held here ??
2356 */
2357static void release_tty(struct tty_struct *tty, int idx)
2358{
2359 struct tty_driver *driver = tty->driver;
2360
2361 if (tty->link)
2362 release_one_tty(tty->link, idx);
2363 release_one_tty(tty, idx);
2364 module_put(driver->owner);
2365}
2366
1da177e4
LT		 2367/*
2368 * Even releasing the tty structures is a tricky business.. We have
2369 * to be very careful that the structures are all released at the
2370 * same time, as interrupts might otherwise get the wrong pointers.
2371 *
2372 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
2373 * lead to double frees or releasing memory still in use.
2374 */
37bdfb07 2375static void release_dev(struct file *filp)
1da177e4
LT		 2376{
2377 struct tty_struct *tty, *o_tty;
2378 int pty_master, tty_closing, o_tty_closing, do_sleep;
14a6283e 2379 int devpts;
1da177e4
LT		 2380 int idx;
2381 char buf[64];
2382 unsigned long flags;
37bdfb07 2383
1da177e4 2384 tty = (struct tty_struct *)filp->private_data;
37bdfb07
AC		 2385 if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode,
2386 "release_dev"))
1da177e4
LT		 2387 return;
2388
2389 check_tty_count(tty, "release_dev");
2390
2391 tty_fasync(-1, filp, 0);
2392
2393 idx = tty->index;
2394 pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2395 tty->driver->subtype == PTY_TYPE_MASTER);
2396 devpts = (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) != 0;
1da177e4
LT		 2397 o_tty = tty->link;
2398
2399#ifdef TTY_PARANOIA_CHECK
2400 if (idx < 0 || idx >= tty->driver->num) {
2401 printk(KERN_DEBUG "release_dev: bad idx when trying to "
2402 "free (%s)\n", tty->name);
2403 return;
2404 }
2405 if (!(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2406 if (tty != tty->driver->ttys[idx]) {
2407 printk(KERN_DEBUG "release_dev: driver.table[%d] not tty "
2408 "for (%s)\n", idx, tty->name);
2409 return;
2410 }
2411 if (tty->termios != tty->driver->termios[idx]) {
2412 printk(KERN_DEBUG "release_dev: driver.termios[%d] not termios "
2413 "for (%s)\n",
2414 idx, tty->name);
2415 return;
2416 }
2417 if (tty->termios_locked != tty->driver->termios_locked[idx]) {
2418 printk(KERN_DEBUG "release_dev: driver.termios_locked[%d] not "
2419 "termios_locked for (%s)\n",
2420 idx, tty->name);
2421 return;
2422 }
2423 }
2424#endif
2425
2426#ifdef TTY_DEBUG_HANGUP
2427 printk(KERN_DEBUG "release_dev of %s (tty count=%d)...",
2428 tty_name(tty, buf), tty->count);
2429#endif
2430
2431#ifdef TTY_PARANOIA_CHECK
2432 if (tty->driver->other &&
2433 !(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2434 if (o_tty != tty->driver->other->ttys[idx]) {
2435 printk(KERN_DEBUG "release_dev: other->table[%d] "
2436 "not o_tty for (%s)\n",
2437 idx, tty->name);
2438 return;
2439 }
2440 if (o_tty->termios != tty->driver->other->termios[idx]) {
2441 printk(KERN_DEBUG "release_dev: other->termios[%d] "
2442 "not o_termios for (%s)\n",
2443 idx, tty->name);
2444 return;
2445 }
37bdfb07 2446 if (o_tty->termios_locked !=
1da177e4
LT		 2447 tty->driver->other->termios_locked[idx]) {
2448 printk(KERN_DEBUG "release_dev: other->termios_locked["
2449 "%d] not o_termios_locked for (%s)\n",
2450 idx, tty->name);
2451 return;
2452 }
2453 if (o_tty->link != tty) {
2454 printk(KERN_DEBUG "release_dev: bad pty pointers\n");
2455 return;
2456 }
2457 }
2458#endif
f34d7a5b
AC		 2459 if (tty->ops->close)
2460 tty->ops->close(tty, filp);
1da177e4
LT		 2461
2462 /*
2463 * Sanity check: if tty->count is going to zero, there shouldn't be
2464 * any waiters on tty->read_wait or tty->write_wait. We test the
2465 * wait queues and kick everyone out _before_ actually starting to
2466 * close. This ensures that we won't block while releasing the tty
2467 * structure.
2468 *
2469 * The test for the o_tty closing is necessary, since the master and
2470 * slave sides may close in any order. If the slave side closes out
2471 * first, its count will be one, since the master side holds an open.
2472 * Thus this test wouldn't be triggered at the time the slave closes,
2473 * so we do it now.
2474 *
2475 * Note that it's possible for the tty to be opened again while we're
2476 * flushing out waiters. By recalculating the closing flags before
2477 * each iteration we avoid any problems.
2478 */
2479 while (1) {
2480 /* Guard against races with tty->count changes elsewhere and
2481 opens on /dev/tty */
37bdfb07 2482
70522e12 2483 mutex_lock(&tty_mutex);
1da177e4
LT		 2484 tty_closing = tty->count <= 1;
2485 o_tty_closing = o_tty &&
2486 (o_tty->count <= (pty_master ? 1 : 0));
1da177e4
LT		 2487 do_sleep = 0;
2488
2489 if (tty_closing) {
2490 if (waitqueue_active(&tty->read_wait)) {
2491 wake_up(&tty->read_wait);
2492 do_sleep++;
2493 }
2494 if (waitqueue_active(&tty->write_wait)) {
2495 wake_up(&tty->write_wait);
2496 do_sleep++;
2497 }
2498 }
2499 if (o_tty_closing) {
2500 if (waitqueue_active(&o_tty->read_wait)) {
2501 wake_up(&o_tty->read_wait);
2502 do_sleep++;
2503 }
2504 if (waitqueue_active(&o_tty->write_wait)) {
2505 wake_up(&o_tty->write_wait);
2506 do_sleep++;
2507 }
2508 }
2509 if (!do_sleep)
2510 break;
2511
2512 printk(KERN_WARNING "release_dev: %s: read/write wait queue "
2513 "active!\n", tty_name(tty, buf));
70522e12 2514 mutex_unlock(&tty_mutex);
1da177e4 2515 schedule();
37bdfb07 2516 }
1da177e4
LT		 2517
2518 /*
37bdfb07
AC		 2519 * The closing flags are now consistent with the open counts on
2520 * both sides, and we've completed the last operation that could
1da177e4
LT		 2521 * block, so it's safe to proceed with closing.
2522 */
1da177e4
LT		 2523 if (pty_master) {
2524 if (--o_tty->count < 0) {
2525 printk(KERN_WARNING "release_dev: bad pty slave count "
2526 "(%d) for %s\n",
2527 o_tty->count, tty_name(o_tty, buf));
2528 o_tty->count = 0;
2529 }
2530 }
2531 if (--tty->count < 0) {
2532 printk(KERN_WARNING "release_dev: bad tty->count (%d) for %s\n",
2533 tty->count, tty_name(tty, buf));
2534 tty->count = 0;
2535 }
37bdfb07 2536
1da177e4
LT		 2537 /*
2538 * We've decremented tty->count, so we need to remove this file
2539 * descriptor off the tty->tty_files list; this serves two
2540 * purposes:
2541 * - check_tty_count sees the correct number of file descriptors
2542 * associated with this tty.
2543 * - do_tty_hangup no longer sees this file descriptor as
2544 * something that needs to be handled for hangups.
2545 */
2546 file_kill(filp);
2547 filp->private_data = NULL;
2548
2549 /*
2550 * Perform some housekeeping before deciding whether to return.
2551 *
2552 * Set the TTY_CLOSING flag if this was the last open. In the
2553 * case of a pty we may have to wait around for the other side
2554 * to close, and TTY_CLOSING makes sure we can't be reopened.
2555 */
37bdfb07 2556 if (tty_closing)
1da177e4 2557 set_bit(TTY_CLOSING, &tty->flags);
37bdfb07 2558 if (o_tty_closing)
1da177e4
LT		 2559 set_bit(TTY_CLOSING, &o_tty->flags);
2560
2561 /*
2562 * If _either_ side is closing, make sure there aren't any
2563 * processes that still think tty or o_tty is their controlling
2564 * tty.
2565 */
2566 if (tty_closing || o_tty_closing) {
1da177e4 2567 read_lock(&tasklist_lock);
24ec839c 2568 session_clear_tty(tty->session);
1da177e4 2569 if (o_tty)
24ec839c 2570 session_clear_tty(o_tty->session);
1da177e4
LT		 2571 read_unlock(&tasklist_lock);
2572 }
2573
70522e12 2574 mutex_unlock(&tty_mutex);
da965822 2575
1da177e4
LT		 2576 /* check whether both sides are closing ... */
2577 if (!tty_closing || (o_tty && !o_tty_closing))
2578 return;
37bdfb07 2579
1da177e4
LT		 2580#ifdef TTY_DEBUG_HANGUP
2581 printk(KERN_DEBUG "freeing tty structure...");
2582#endif
2583 /*
2584 * Prevent flush_to_ldisc() from rescheduling the work for later. Then
2585 * kill any delayed work. As this is the final close it does not
2586 * race with the set_ldisc code path.
2587 */
2588 clear_bit(TTY_LDISC, &tty->flags);
33f0f88f 2589 cancel_delayed_work(&tty->buf.work);
1da177e4
LT		 2590
2591 /*
33f0f88f 2592 * Wait for ->hangup_work and ->buf.work handlers to terminate
1da177e4 2593 */
37bdfb07 2594
1da177e4 2595 flush_scheduled_work();
37bdfb07 2596
1da177e4
LT		 2597 /*
2598 * Wait for any short term users (we know they are just driver
2599 * side waiters as the file is closing so user count on the file
2600 * side is zero.
2601 */
2602 spin_lock_irqsave(&tty_ldisc_lock, flags);
37bdfb07 2603 while (tty->ldisc.refcount) {
1da177e4
LT		 2604 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
2605 wait_event(tty_ldisc_wait, tty->ldisc.refcount == 0);
2606 spin_lock_irqsave(&tty_ldisc_lock, flags);
2607 }
2608 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
2609 /*
2610 * Shutdown the current line discipline, and reset it to N_TTY.
2611 * N.B. why reset ldisc when we're releasing the memory??
2612 *
2613 * FIXME: this MUST get fixed for the new reflocking
2614 */
2615 if (tty->ldisc.close)
2616 (tty->ldisc.close)(tty);
2617 tty_ldisc_put(tty->ldisc.num);
37bdfb07 2618
1da177e4
LT		 2619 /*
2620 * Switch the line discipline back
2621 */
2622 tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
37bdfb07 2623 tty_set_termios_ldisc(tty, N_TTY);
1da177e4
LT		 2624 if (o_tty) {
2625 /* FIXME: could o_tty be in setldisc here ? */
2626 clear_bit(TTY_LDISC, &o_tty->flags);
2627 if (o_tty->ldisc.close)
2628 (o_tty->ldisc.close)(o_tty);
2629 tty_ldisc_put(o_tty->ldisc.num);
2630 tty_ldisc_assign(o_tty, tty_ldisc_get(N_TTY));
37bdfb07 2631 tty_set_termios_ldisc(o_tty, N_TTY);
1da177e4
LT		 2632 }
2633 /*
d5698c28 2634 * The release_tty function takes care of the details of clearing
1da177e4
LT		 2635 * the slots and preserving the termios structure.
2636 */
d5698c28 2637 release_tty(tty, idx);
1da177e4 2638
1da177e4 2639 /* Make this pty number available for reallocation */
718a9163
SB		 2640 if (devpts)
2641 devpts_kill_index(idx);
1da177e4
LT		 2642}
2643
af9b897e
AC		 2644/**
2645 * tty_open - open a tty device
2646 * @inode: inode of device file
2647 * @filp: file pointer to tty
1da177e4 2648 *
af9b897e
AC		 2649 * tty_open and tty_release keep up the tty count that contains the
2650 * number of opens done on a tty. We cannot use the inode-count, as
2651 * different inodes might point to the same tty.
1da177e4 2652 *
af9b897e
AC		 2653 * Open-counting is needed for pty masters, as well as for keeping
2654 * track of serial lines: DTR is dropped when the last close happens.
2655 * (This is not done solely through tty->count, now. - Ted 1/27/92)
2656 *
2657 * The termios state of a pty is reset on first open so that
2658 * settings don't persist across reuse.
2659 *
24ec839c
PZ		 2660 * Locking: tty_mutex protects tty, get_tty_driver and init_dev work.
2661 * tty->count should protect the rest.
2662 * ->siglock protects ->signal/->sighand
1da177e4 2663 */
af9b897e 2664
37bdfb07 2665static int tty_open(struct inode *inode, struct file *filp)
1da177e4
LT		 2666{
2667 struct tty_struct *tty;
2668 int noctty, retval;
2669 struct tty_driver *driver;
2670 int index;
2671 dev_t device = inode->i_rdev;
2672 unsigned short saved_flags = filp->f_flags;
2673
2674 nonseekable_open(inode, filp);
37bdfb07 2675
1da177e4
LT		 2676retry_open:
2677 noctty = filp->f_flags & O_NOCTTY;
2678 index = -1;
2679 retval = 0;
37bdfb07 2680
70522e12 2681 mutex_lock(&tty_mutex);
1da177e4 2682
37bdfb07 2683 if (device == MKDEV(TTYAUX_MAJOR, 0)) {
24ec839c
PZ		 2684 tty = get_current_tty();
2685 if (!tty) {
70522e12 2686 mutex_unlock(&tty_mutex);
1da177e4
LT		 2687 return -ENXIO;
2688 }
24ec839c
PZ		 2689 driver = tty->driver;
2690 index = tty->index;
1da177e4
LT		 2691 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
2692 /* noctty = 1; */
2693 goto got_driver;
2694 }
2695#ifdef CONFIG_VT
37bdfb07 2696 if (device == MKDEV(TTY_MAJOR, 0)) {
1da177e4
LT		 2697 extern struct tty_driver *console_driver;
2698 driver = console_driver;
2699 index = fg_console;
2700 noctty = 1;
2701 goto got_driver;
2702 }
2703#endif
37bdfb07 2704 if (device == MKDEV(TTYAUX_MAJOR, 1)) {
1da177e4
LT		 2705 driver = console_device(&index);
2706 if (driver) {
2707 /* Don't let /dev/console block */
2708 filp->f_flags |= O_NONBLOCK;
2709 noctty = 1;
2710 goto got_driver;
2711 }
70522e12 2712 mutex_unlock(&tty_mutex);
1da177e4
LT		 2713 return -ENODEV;
2714 }
2715
2716 driver = get_tty_driver(device, &index);
2717 if (!driver) {
70522e12 2718 mutex_unlock(&tty_mutex);
1da177e4
LT		 2719 return -ENODEV;
2720 }
2721got_driver:
2722 retval = init_dev(driver, index, &tty);
70522e12 2723 mutex_unlock(&tty_mutex);
1da177e4
LT		 2724 if (retval)
2725 return retval;
2726
2727 filp->private_data = tty;
2728 file_move(filp, &tty->tty_files);
2729 check_tty_count(tty, "tty_open");
2730 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2731 tty->driver->subtype == PTY_TYPE_MASTER)
2732 noctty = 1;
2733#ifdef TTY_DEBUG_HANGUP
2734 printk(KERN_DEBUG "opening %s...", tty->name);
2735#endif
2736 if (!retval) {
f34d7a5b
AC		 2737 if (tty->ops->open)
2738 retval = tty->ops->open(tty, filp);
1da177e4
LT		 2739 else
2740 retval = -ENODEV;
2741 }
2742 filp->f_flags = saved_flags;
2743
37bdfb07
AC		 2744 if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) &&
2745 !capable(CAP_SYS_ADMIN))
1da177e4
LT		 2746 retval = -EBUSY;
2747
2748 if (retval) {
2749#ifdef TTY_DEBUG_HANGUP
2750 printk(KERN_DEBUG "error %d in opening %s...", retval,
2751 tty->name);
2752#endif
2753 release_dev(filp);
2754 if (retval != -ERESTARTSYS)
2755 return retval;
2756 if (signal_pending(current))
2757 return retval;
2758 schedule();
2759 /*
2760 * Need to reset f_op in case a hangup happened.
2761 */
2762 if (filp->f_op == &hung_up_tty_fops)
2763 filp->f_op = &tty_fops;
2764 goto retry_open;
2765 }
24ec839c
PZ		 2766
2767 mutex_lock(&tty_mutex);
2768 spin_lock_irq(&current->sighand->siglock);
1da177e4
LT		 2769 if (!noctty &&
2770 current->signal->leader &&
2771 !current->signal->tty &&
ab521dc0 2772 tty->session == NULL)
2a65f1d9 2773 __proc_set_tty(current, tty);
24ec839c
PZ		 2774 spin_unlock_irq(&current->sighand->siglock);
2775 mutex_unlock(&tty_mutex);
1da177e4
LT		 2776 return 0;
2777}
2778
2779#ifdef CONFIG_UNIX98_PTYS
af9b897e
AC		 2780/**
2781 * ptmx_open - open a unix 98 pty master
2782 * @inode: inode of device file
2783 * @filp: file pointer to tty
2784 *
2785 * Allocate a unix98 pty master device from the ptmx driver.
2786 *
2787 * Locking: tty_mutex protects theinit_dev work. tty->count should
37bdfb07 2788 * protect the rest.
af9b897e
AC		 2789 * allocated_ptys_lock handles the list of free pty numbers
2790 */
2791
37bdfb07 2792static int ptmx_open(struct inode *inode, struct file *filp)
1da177e4
LT		 2793{
2794 struct tty_struct *tty;
2795 int retval;
2796 int index;
1da177e4
LT		 2797
2798 nonseekable_open(inode, filp);
2799
2800 /* find a device that is not in use. */
718a9163
SB		 2801 index = devpts_new_index();
2802 if (index < 0)
2803 return index;
1da177e4 2804
70522e12 2805 mutex_lock(&tty_mutex);
1da177e4 2806 retval = init_dev(ptm_driver, index, &tty);
70522e12 2807 mutex_unlock(&tty_mutex);
37bdfb07 2808
1da177e4
LT		 2809 if (retval)
2810 goto out;
2811
2812 set_bit(TTY_PTY_LOCK, &tty->flags); /* LOCK THE SLAVE */
2813 filp->private_data = tty;
2814 file_move(filp, &tty->tty_files);
2815
4f8f9d66
SB		 2816 retval = devpts_pty_new(tty->link);
2817 if (retval)
1da177e4
LT		 2818 goto out1;
2819
86a96538 2820 check_tty_count(tty, "ptmx_open");
f34d7a5b 2821 retval = ptm_driver->ops->open(tty, filp);
41126226 2822 if (!retval)
1da177e4
LT		 2823 return 0;
2824out1:
2825 release_dev(filp);
9453a5ad 2826 return retval;
1da177e4 2827out:
718a9163 2828 devpts_kill_index(index);
1da177e4
LT		 2829 return retval;
2830}
2831#endif
2832
af9b897e
AC		 2833/**
2834 * tty_release - vfs callback for close
2835 * @inode: inode of tty
2836 * @filp: file pointer for handle to tty
2837 *
2838 * Called the last time each file handle is closed that references
2839 * this tty. There may however be several such references.
2840 *
2841 * Locking:
2842 * Takes bkl. See release_dev
2843 */
2844
37bdfb07 2845static int tty_release(struct inode *inode, struct file *filp)
1da177e4
LT		 2846{
2847 lock_kernel();
2848 release_dev(filp);
2849 unlock_kernel();
2850 return 0;
2851}
2852
af9b897e
AC		 2853/**
2854 * tty_poll - check tty status
2855 * @filp: file being polled
2856 * @wait: poll wait structures to update
2857 *
2858 * Call the line discipline polling method to obtain the poll
2859 * status of the device.
2860 *
2861 * Locking: locks called line discipline but ldisc poll method
2862 * may be re-entered freely by other callers.
2863 */
2864
37bdfb07 2865static unsigned int tty_poll(struct file *filp, poll_table *wait)
1da177e4 2866{
37bdfb07 2867 struct tty_struct *tty;
1da177e4
LT		 2868 struct tty_ldisc *ld;
2869 int ret = 0;
2870
2871 tty = (struct tty_struct *)filp->private_data;
a7113a96 2872 if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_poll"))
1da177e4 2873 return 0;
37bdfb07 2874
1da177e4
LT		 2875 ld = tty_ldisc_ref_wait(tty);
2876 if (ld->poll)
2877 ret = (ld->poll)(tty, filp, wait);
2878 tty_ldisc_deref(ld);
2879 return ret;
2880}
2881
37bdfb07 2882static int tty_fasync(int fd, struct file *filp, int on)
1da177e4 2883{
37bdfb07 2884 struct tty_struct *tty;
47f86834 2885 unsigned long flags;
1da177e4
LT		 2886 int retval;
2887
2888 tty = (struct tty_struct *)filp->private_data;
a7113a96 2889 if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_fasync"))
1da177e4 2890 return 0;
37bdfb07 2891
1da177e4
LT		 2892 retval = fasync_helper(fd, filp, on, &tty->fasync);
2893 if (retval <= 0)
2894 return retval;
2895
2896 if (on) {
ab521dc0
EB		 2897 enum pid_type type;
2898 struct pid *pid;
1da177e4
LT		 2899 if (!waitqueue_active(&tty->read_wait))
2900 tty->minimum_to_wake = 1;
47f86834 2901 spin_lock_irqsave(&tty->ctrl_lock, flags);
ab521dc0
EB		 2902 if (tty->pgrp) {
2903 pid = tty->pgrp;
2904 type = PIDTYPE_PGID;
2905 } else {
2906 pid = task_pid(current);
2907 type = PIDTYPE_PID;
2908 }
47f86834 2909 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
ab521dc0 2910 retval = __f_setown(filp, pid, type, 0);
1da177e4
LT		 2911 if (retval)
2912 return retval;
2913 } else {
2914 if (!tty->fasync && !waitqueue_active(&tty->read_wait))
2915 tty->minimum_to_wake = N_TTY_BUF_SIZE;
2916 }
2917 return 0;
2918}
2919
af9b897e
AC		 2920/**
2921 * tiocsti - fake input character
2922 * @tty: tty to fake input into
2923 * @p: pointer to character
2924 *
3a4fa0a2 2925 * Fake input to a tty device. Does the necessary locking and
af9b897e
AC		 2926 * input management.
2927 *
2928 * FIXME: does not honour flow control ??
2929 *
2930 * Locking:
2931 * Called functions take tty_ldisc_lock
2932 * current->signal->tty check is safe without locks
28298232
AC		 2933 *
2934 * FIXME: may race normal receive processing
af9b897e
AC		 2935 */
2936
1da177e4
LT		 2937static int tiocsti(struct tty_struct *tty, char __user *p)
2938{
2939 char ch, mbz = 0;
2940 struct tty_ldisc *ld;
37bdfb07 2941
1da177e4
LT		 2942 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2943 return -EPERM;
2944 if (get_user(ch, p))
2945 return -EFAULT;
2946 ld = tty_ldisc_ref_wait(tty);
2947 ld->receive_buf(tty, &ch, &mbz, 1);
2948 tty_ldisc_deref(ld);
2949 return 0;
2950}
2951
af9b897e
AC		 2952/**
2953 * tiocgwinsz - implement window query ioctl
2954 * @tty; tty
2955 * @arg: user buffer for result
2956 *
808a0d38 2957 * Copies the kernel idea of the window size into the user buffer.
af9b897e 2958 *
24ec839c 2959 * Locking: tty->termios_mutex is taken to ensure the winsize data
808a0d38 2960 * is consistent.
af9b897e
AC		 2961 */
2962
37bdfb07 2963static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
1da177e4 2964{
808a0d38
AC		 2965 int err;
2966
5785c95b 2967 mutex_lock(&tty->termios_mutex);
808a0d38 2968 err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
5785c95b 2969 mutex_unlock(&tty->termios_mutex);
808a0d38
AC		 2970
2971 return err ? -EFAULT: 0;
1da177e4
LT		 2972}
2973
af9b897e
AC		 2974/**
2975 * tiocswinsz - implement window size set ioctl
2976 * @tty; tty
2977 * @arg: user buffer for result
2978 *
2979 * Copies the user idea of the window size to the kernel. Traditionally
2980 * this is just advisory information but for the Linux console it
2981 * actually has driver level meaning and triggers a VC resize.
2982 *
2983 * Locking:
ca9bda00
AC		 2984 * Called function use the console_sem is used to ensure we do
2985 * not try and resize the console twice at once.
24ec839c
PZ		 2986 * The tty->termios_mutex is used to ensure we don't double
2987 * resize and get confused. Lock order - tty->termios_mutex before
ca9bda00 2988 * console sem
af9b897e
AC		 2989 */
2990
1da177e4 2991static int tiocswinsz(struct tty_struct *tty, struct tty_struct *real_tty,
37bdfb07 2992 struct winsize __user *arg)
1da177e4
LT		 2993{
2994 struct winsize tmp_ws;
47f86834
AC		 2995 struct pid *pgrp, *rpgrp;
2996 unsigned long flags;
1da177e4
LT		 2997
2998 if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2999 return -EFAULT;
ca9bda00 3000
5785c95b 3001 mutex_lock(&tty->termios_mutex);
1da177e4 3002 if (!memcmp(&tmp_ws, &tty->winsize, sizeof(*arg)))
ca9bda00
AC		 3003 goto done;
3004
1da177e4
LT		 3005#ifdef CONFIG_VT
3006 if (tty->driver->type == TTY_DRIVER_TYPE_CONSOLE) {
5785c95b
AV		 3007 if (vc_lock_resize(tty->driver_data, tmp_ws.ws_col,
3008 tmp_ws.ws_row)) {
3009 mutex_unlock(&tty->termios_mutex);
37bdfb07 3010 return -ENXIO;
ca9bda00 3011 }
1da177e4
LT		 3012 }
3013#endif
47f86834
AC		 3014 /* Get the PID values and reference them so we can
3015 avoid holding the tty ctrl lock while sending signals */
3016 spin_lock_irqsave(&tty->ctrl_lock, flags);
3017 pgrp = get_pid(tty->pgrp);
3018 rpgrp = get_pid(real_tty->pgrp);
3019 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
3020
3021 if (pgrp)
3022 kill_pgrp(pgrp, SIGWINCH, 1);
3023 if (rpgrp != pgrp && rpgrp)
3024 kill_pgrp(rpgrp, SIGWINCH, 1);
3025
3026 put_pid(pgrp);
3027 put_pid(rpgrp);
3028
1da177e4
LT		 3029 tty->winsize = tmp_ws;
3030 real_tty->winsize = tmp_ws;
ca9bda00 3031done:
5785c95b 3032 mutex_unlock(&tty->termios_mutex);
1da177e4
LT		 3033 return 0;
3034}
3035
af9b897e
AC		 3036/**
3037 * tioccons - allow admin to move logical console
3038 * @file: the file to become console
3039 *
3040 * Allow the adminstrator to move the redirected console device
3041 *
3042 * Locking: uses redirect_lock to guard the redirect information
3043 */
3044
1da177e4
LT		 3045static int tioccons(struct file *file)
3046{
3047 if (!capable(CAP_SYS_ADMIN))
3048 return -EPERM;
3049 if (file->f_op->write == redirected_tty_write) {
3050 struct file *f;
3051 spin_lock(&redirect_lock);
3052 f = redirect;
3053 redirect = NULL;
3054 spin_unlock(&redirect_lock);
3055 if (f)
3056 fput(f);
3057 return 0;
3058 }
3059 spin_lock(&redirect_lock);
3060 if (redirect) {
3061 spin_unlock(&redirect_lock);
3062 return -EBUSY;
3063 }
3064 get_file(file);
3065 redirect = file;
3066 spin_unlock(&redirect_lock);
3067 return 0;
3068}
3069
af9b897e
AC		 3070/**
3071 * fionbio - non blocking ioctl
3072 * @file: file to set blocking value
3073 * @p: user parameter
3074 *
3075 * Historical tty interfaces had a blocking control ioctl before
3076 * the generic functionality existed. This piece of history is preserved
3077 * in the expected tty API of posix OS's.
3078 *
3079 * Locking: none, the open fle handle ensures it won't go away.
3080 */
1da177e4
LT		 3081
3082static int fionbio(struct file *file, int __user *p)
3083{
3084 int nonblock;
3085
3086 if (get_user(nonblock, p))
3087 return -EFAULT;
3088
04f378b1
AC		 3089 /* file->f_flags is still BKL protected in the fs layer - vomit */
3090 lock_kernel();
1da177e4
LT		 3091 if (nonblock)
3092 file->f_flags |= O_NONBLOCK;
3093 else
3094 file->f_flags &= ~O_NONBLOCK;
04f378b1 3095 unlock_kernel();
1da177e4
LT		 3096 return 0;
3097}
3098
af9b897e
AC		 3099/**
3100 * tiocsctty - set controlling tty
3101 * @tty: tty structure
3102 * @arg: user argument
3103 *
3104 * This ioctl is used to manage job control. It permits a session
3105 * leader to set this tty as the controlling tty for the session.
3106 *
3107 * Locking:
28298232 3108 * Takes tty_mutex() to protect tty instance
24ec839c
PZ		 3109 * Takes tasklist_lock internally to walk sessions
3110 * Takes ->siglock() when updating signal->tty
af9b897e
AC		 3111 */
3112
1da177e4
LT		 3113static int tiocsctty(struct tty_struct *tty, int arg)
3114{
24ec839c 3115 int ret = 0;
ab521dc0 3116 if (current->signal->leader && (task_session(current) == tty->session))
24ec839c
PZ		 3117 return ret;
3118
3119 mutex_lock(&tty_mutex);
1da177e4
LT		 3120 /*
3121 * The process must be a session leader and
3122 * not have a controlling tty already.
3123 */
24ec839c
PZ		 3124 if (!current->signal->leader || current->signal->tty) {
3125 ret = -EPERM;
3126 goto unlock;
3127 }
3128
ab521dc0 3129 if (tty->session) {
1da177e4
LT		 3130 /*
3131 * This tty is already the controlling
3132 * tty for another session group!
3133 */
37bdfb07 3134 if (arg == 1 && capable(CAP_SYS_ADMIN)) {
1da177e4
LT		 3135 /*
3136 * Steal it away
3137 */
1da177e4 3138 read_lock(&tasklist_lock);
24ec839c 3139 session_clear_tty(tty->session);
1da177e4 3140 read_unlock(&tasklist_lock);
24ec839c
PZ		 3141 } else {
3142 ret = -EPERM;
3143 goto unlock;
3144 }
1da177e4 3145 }
24ec839c
PZ		 3146 proc_set_tty(current, tty);
3147unlock:
28298232 3148 mutex_unlock(&tty_mutex);
24ec839c 3149 return ret;
1da177e4
LT		 3150}
3151
5d0fdf1e
AC		 3152/**
3153 * tty_get_pgrp - return a ref counted pgrp pid
3154 * @tty: tty to read
3155 *
3156 * Returns a refcounted instance of the pid struct for the process
3157 * group controlling the tty.
3158 */
3159
3160struct pid *tty_get_pgrp(struct tty_struct *tty)
3161{
3162 unsigned long flags;
3163 struct pid *pgrp;
3164
3165 spin_lock_irqsave(&tty->ctrl_lock, flags);
3166 pgrp = get_pid(tty->pgrp);
3167 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
3168
3169 return pgrp;
3170}
3171EXPORT_SYMBOL_GPL(tty_get_pgrp);
3172
af9b897e
AC		 3173/**
3174 * tiocgpgrp - get process group
3175 * @tty: tty passed by user
3176 * @real_tty: tty side of the tty pased by the user if a pty else the tty
3177 * @p: returned pid
3178 *
3179 * Obtain the process group of the tty. If there is no process group
3180 * return an error.
3181 *
24ec839c 3182 * Locking: none. Reference to current->signal->tty is safe.
af9b897e
AC		 3183 */
3184
1da177e4
LT		 3185static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3186{
5d0fdf1e
AC		 3187 struct pid *pid;
3188 int ret;
1da177e4
LT		 3189 /*
3190 * (tty == real_tty) is a cheap way of
3191 * testing if the tty is NOT a master pty.
3192 */
3193 if (tty == real_tty && current->signal->tty != real_tty)
3194 return -ENOTTY;
5d0fdf1e
AC		 3195 pid = tty_get_pgrp(real_tty);
3196 ret = put_user(pid_vnr(pid), p);
3197 put_pid(pid);
3198 return ret;
1da177e4
LT		 3199}
3200
af9b897e
AC		 3201/**
3202 * tiocspgrp - attempt to set process group
3203 * @tty: tty passed by user
3204 * @real_tty: tty side device matching tty passed by user
3205 * @p: pid pointer
3206 *
3207 * Set the process group of the tty to the session passed. Only
3208 * permitted where the tty session is our session.
3209 *
47f86834 3210 * Locking: RCU, ctrl lock
af9b897e
AC		 3211 */
3212
1da177e4
LT		 3213static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3214{
04a2e6a5
EB		 3215 struct pid *pgrp;
3216 pid_t pgrp_nr;
1da177e4 3217 int retval = tty_check_change(real_tty);
47f86834 3218 unsigned long flags;
1da177e4
LT		 3219
3220 if (retval == -EIO)
3221 return -ENOTTY;
3222 if (retval)
3223 return retval;
3224 if (!current->signal->tty ||
3225 (current->signal->tty != real_tty) ||
ab521dc0 3226 (real_tty->session != task_session(current)))
1da177e4 3227 return -ENOTTY;
04a2e6a5 3228 if (get_user(pgrp_nr, p))
1da177e4 3229 return -EFAULT;
04a2e6a5 3230 if (pgrp_nr < 0)
1da177e4 3231 return -EINVAL;
04a2e6a5 3232 rcu_read_lock();
b488893a 3233 pgrp = find_vpid(pgrp_nr);
04a2e6a5
EB		 3234 retval = -ESRCH;
3235 if (!pgrp)
3236 goto out_unlock;
3237 retval = -EPERM;
3238 if (session_of_pgrp(pgrp) != task_session(current))
3239 goto out_unlock;
3240 retval = 0;
47f86834 3241 spin_lock_irqsave(&tty->ctrl_lock, flags);
ab521dc0
EB		 3242 put_pid(real_tty->pgrp);
3243 real_tty->pgrp = get_pid(pgrp);
47f86834 3244 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
04a2e6a5
EB		 3245out_unlock:
3246 rcu_read_unlock();
3247 return retval;
1da177e4
LT		 3248}
3249
af9b897e
AC		 3250/**
3251 * tiocgsid - get session id
3252 * @tty: tty passed by user
3253 * @real_tty: tty side of the tty pased by the user if a pty else the tty
3254 * @p: pointer to returned session id
3255 *
3256 * Obtain the session id of the tty. If there is no session
3257 * return an error.
3258 *
24ec839c 3259 * Locking: none. Reference to current->signal->tty is safe.
af9b897e
AC		 3260 */
3261
1da177e4
LT		 3262static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3263{
3264 /*
3265 * (tty == real_tty) is a cheap way of
3266 * testing if the tty is NOT a master pty.
3267 */
3268 if (tty == real_tty && current->signal->tty != real_tty)
3269 return -ENOTTY;
ab521dc0 3270 if (!real_tty->session)
1da177e4 3271 return -ENOTTY;
b488893a 3272 return put_user(pid_vnr(real_tty->session), p);
1da177e4
LT		 3273}
3274
af9b897e
AC		 3275/**
3276 * tiocsetd - set line discipline
3277 * @tty: tty device
3278 * @p: pointer to user data
3279 *
3280 * Set the line discipline according to user request.
3281 *
3282 * Locking: see tty_set_ldisc, this function is just a helper
3283 */
3284
1da177e4
LT		 3285static int tiocsetd(struct tty_struct *tty, int __user *p)
3286{
3287 int ldisc;
04f378b1 3288 int ret;
1da177e4
LT		 3289
3290 if (get_user(ldisc, p))
3291 return -EFAULT;
04f378b1
AC		 3292
3293 lock_kernel();
3294 ret = tty_set_ldisc(tty, ldisc);
3295 unlock_kernel();
3296
3297 return ret;
1da177e4
LT		 3298}
3299
af9b897e
AC		 3300/**
3301 * send_break - performed time break
3302 * @tty: device to break on
3303 * @duration: timeout in mS
3304 *
3305 * Perform a timed break on hardware that lacks its own driver level
3306 * timed break functionality.
3307 *
3308 * Locking:
28298232 3309 * atomic_write_lock serializes
af9b897e 3310 *
af9b897e
AC		 3311 */
3312
b20f3ae5 3313static int send_break(struct tty_struct *tty, unsigned int duration)
1da177e4 3314{
9c1729db 3315 if (tty_write_lock(tty, 0) < 0)
f34d7a5b
AC		 3316 return -EINTR;
3317 tty->ops->break_ctl(tty, -1);
9c1729db 3318 if (!signal_pending(current))
b20f3ae5 3319 msleep_interruptible(duration);
f34d7a5b 3320 tty->ops->break_ctl(tty, 0);
9c1729db 3321 tty_write_unlock(tty);
04f378b1 3322 if (!signal_pending(current))
f34d7a5b
AC		 3323 return -EINTR;
3324 return 0;
1da177e4
LT		 3325}
3326
af9b897e 3327/**
f34d7a5b 3328 * tty_tiocmget - get modem status
af9b897e
AC		 3329 * @tty: tty device
3330 * @file: user file pointer
3331 * @p: pointer to result
3332 *
3333 * Obtain the modem status bits from the tty driver if the feature
3334 * is supported. Return -EINVAL if it is not available.
3335 *
3336 * Locking: none (up to the driver)
3337 */
3338
3339static int tty_tiocmget(struct tty_struct *tty, struct file *file, int __user *p)
1da177e4
LT		 3340{
3341 int retval = -EINVAL;
3342
f34d7a5b
AC		 3343 if (tty->ops->tiocmget) {
3344 retval = tty->ops->tiocmget(tty, file);
1da177e4
LT		 3345
3346 if (retval >= 0)
3347 retval = put_user(retval, p);
3348 }
3349 return retval;
3350}
3351
af9b897e 3352/**
f34d7a5b 3353 * tty_tiocmset - set modem status
af9b897e
AC		 3354 * @tty: tty device
3355 * @file: user file pointer
3356 * @cmd: command - clear bits, set bits or set all
3357 * @p: pointer to desired bits
3358 *
3359 * Set the modem status bits from the tty driver if the feature
3360 * is supported. Return -EINVAL if it is not available.
3361 *
3362 * Locking: none (up to the driver)
3363 */
3364
3365static int tty_tiocmset(struct tty_struct *tty, struct file *file, unsigned int cmd,
1da177e4
LT		 3366 unsigned __user *p)
3367{
3368 int retval = -EINVAL;
3369
f34d7a5b 3370 if (tty->ops->tiocmset) {
1da177e4
LT		 3371 unsigned int set, clear, val;
3372
3373 retval = get_user(val, p);
3374 if (retval)
3375 return retval;
3376
3377 set = clear = 0;
3378 switch (cmd) {
3379 case TIOCMBIS:
3380 set = val;
3381 break;
3382 case TIOCMBIC:
3383 clear = val;
3384 break;
3385 case TIOCMSET:
3386 set = val;
3387 clear = ~val;
3388 break;
3389 }
3390
3391 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
3392 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
3393
f34d7a5b 3394 retval = tty->ops->tiocmset(tty, file, set, clear);
1da177e4
LT		 3395 }
3396 return retval;
3397}
3398
3399/*
3400 * Split this up, as gcc can choke on it otherwise..
3401 */
04f378b1 3402long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1da177e4
LT		 3403{
3404 struct tty_struct *tty, *real_tty;
3405 void __user *p = (void __user *)arg;
3406 int retval;
3407 struct tty_ldisc *ld;
04f378b1 3408 struct inode *inode = file->f_dentry->d_inode;
37bdfb07 3409
1da177e4
LT		 3410 tty = (struct tty_struct *)file->private_data;
3411 if (tty_paranoia_check(tty, inode, "tty_ioctl"))
3412 return -EINVAL;
3413
3414 real_tty = tty;
3415 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
3416 tty->driver->subtype == PTY_TYPE_MASTER)
3417 real_tty = tty->link;
3418
3419 /*
3420 * Break handling by driver
3421 */
04f378b1
AC		 3422
3423 retval = -EINVAL;
3424
f34d7a5b 3425 if (!tty->ops->break_ctl) {
37bdfb07 3426 switch (cmd) {
1da177e4
LT		 3427 case TIOCSBRK:
3428 case TIOCCBRK:
f34d7a5b
AC		 3429 if (tty->ops->ioctl)
3430 retval = tty->ops->ioctl(tty, file, cmd, arg);
3431 if (retval != -EINVAL && retval != -ENOIOCTLCMD)
3432 printk(KERN_WARNING "tty: driver %s needs updating to use break_ctl\n", tty->driver->name);
04f378b1 3433 return retval;
37bdfb07 3434
1da177e4
LT		 3435 /* These two ioctl's always return success; even if */
3436 /* the driver doesn't support them. */
3437 case TCSBRK:
3438 case TCSBRKP:
f34d7a5b 3439 if (!tty->ops->ioctl)
1da177e4 3440 return 0;
f34d7a5b
AC		 3441 retval = tty->ops->ioctl(tty, file, cmd, arg);
3442 if (retval != -EINVAL && retval != -ENOIOCTLCMD)
3443 printk(KERN_WARNING "tty: driver %s needs updating to use break_ctl\n", tty->driver->name);
1da177e4
LT		 3444 if (retval == -ENOIOCTLCMD)
3445 retval = 0;
3446 return retval;
3447 }
3448 }
3449
3450 /*
3451 * Factor out some common prep work
3452 */
3453 switch (cmd) {
3454 case TIOCSETD:
3455 case TIOCSBRK:
3456 case TIOCCBRK:
3457 case TCSBRK:
37bdfb07 3458 case TCSBRKP:
1da177e4
LT		 3459 retval = tty_check_change(tty);
3460 if (retval)
3461 return retval;
3462 if (cmd != TIOCCBRK) {
3463 tty_wait_until_sent(tty, 0);
3464 if (signal_pending(current))
3465 return -EINTR;
3466 }
3467 break;
3468 }
3469
3470 switch (cmd) {
37bdfb07
AC		 3471 case TIOCSTI:
3472 return tiocsti(tty, p);
3473 case TIOCGWINSZ:
3474 return tiocgwinsz(tty, p);
3475 case TIOCSWINSZ:
3476 return tiocswinsz(tty, real_tty, p);
3477 case TIOCCONS:
3478 return real_tty != tty ? -EINVAL : tioccons(file);
3479 case FIONBIO:
3480 return fionbio(file, p);
3481 case TIOCEXCL:
3482 set_bit(TTY_EXCLUSIVE, &tty->flags);
3483 return 0;
3484 case TIOCNXCL:
3485 clear_bit(TTY_EXCLUSIVE, &tty->flags);
3486 return 0;
3487 case TIOCNOTTY:
3488 if (current->signal->tty != tty)
3489 return -ENOTTY;
3490 no_tty();
3491 return 0;
3492 case TIOCSCTTY:
3493 return tiocsctty(tty, arg);
3494 case TIOCGPGRP:
3495 return tiocgpgrp(tty, real_tty, p);
3496 case TIOCSPGRP:
3497 return tiocspgrp(tty, real_tty, p);
3498 case TIOCGSID:
3499 return tiocgsid(tty, real_tty, p);
3500 case TIOCGETD:
37bdfb07
AC		 3501 return put_user(tty->ldisc.num, (int __user *)p);
3502 case TIOCSETD:
3503 return tiocsetd(tty, p);
1da177e4 3504#ifdef CONFIG_VT
37bdfb07
AC		 3505 case TIOCLINUX:
3506 return tioclinux(tty, arg);
1da177e4 3507#endif
37bdfb07
AC		 3508 /*
3509 * Break handling
3510 */
3511 case TIOCSBRK: /* Turn break on, unconditionally */
f34d7a5b
AC		 3512 if (tty->ops->break_ctl)
3513 tty->ops->break_ctl(tty, -1);
37bdfb07 3514 return 0;
1da177e4 3515
37bdfb07 3516 case TIOCCBRK: /* Turn break off, unconditionally */
f34d7a5b
AC		 3517 if (tty->ops->break_ctl)
3518 tty->ops->break_ctl(tty, 0);
37bdfb07
AC		 3519 return 0;
3520 case TCSBRK: /* SVID version: non-zero arg --> no break */
3521 /* non-zero arg means wait for all output data
3522 * to be sent (performed above) but don't send break.
3523 * This is used by the tcdrain() termios function.
3524 */
3525 if (!arg)
3526 return send_break(tty, 250);
3527 return 0;
3528 case TCSBRKP: /* support for POSIX tcsendbreak() */
3529 return send_break(tty, arg ? arg*100 : 250);
3530
3531 case TIOCMGET:
3532 return tty_tiocmget(tty, file, p);
3533 case TIOCMSET:
3534 case TIOCMBIC:
3535 case TIOCMBIS:
3536 return tty_tiocmset(tty, file, cmd, p);
3537 case TCFLSH:
3538 switch (arg) {
3539 case TCIFLUSH:
3540 case TCIOFLUSH:
3541 /* flush tty buffer and allow ldisc to process ioctl */
3542 tty_buffer_flush(tty);
c5c34d48 3543 break;
37bdfb07
AC		 3544 }
3545 break;
1da177e4 3546 }
f34d7a5b
AC		 3547 if (tty->ops->ioctl) {
3548 retval = (tty->ops->ioctl)(tty, file, cmd, arg);
1da177e4
LT		 3549 if (retval != -ENOIOCTLCMD)
3550 return retval;
3551 }
3552 ld = tty_ldisc_ref_wait(tty);
3553 retval = -EINVAL;
3554 if (ld->ioctl) {
3555 retval = ld->ioctl(tty, file, cmd, arg);
3556 if (retval == -ENOIOCTLCMD)
3557 retval = -EINVAL;
3558 }
3559 tty_ldisc_deref(ld);
3560 return retval;
3561}
3562
e10cc1df 3563#ifdef CONFIG_COMPAT
37bdfb07 3564static long tty_compat_ioctl(struct file *file, unsigned int cmd,
e10cc1df
PF		 3565 unsigned long arg)
3566{
3567 struct inode *inode = file->f_dentry->d_inode;
3568 struct tty_struct *tty = file->private_data;
3569 struct tty_ldisc *ld;
3570 int retval = -ENOIOCTLCMD;
3571
3572 if (tty_paranoia_check(tty, inode, "tty_ioctl"))
3573 return -EINVAL;
3574
f34d7a5b
AC		 3575 if (tty->ops->compat_ioctl) {
3576 retval = (tty->ops->compat_ioctl)(tty, file, cmd, arg);
e10cc1df
PF		 3577 if (retval != -ENOIOCTLCMD)
3578 return retval;
3579 }
3580
3581 ld = tty_ldisc_ref_wait(tty);
3582 if (ld->compat_ioctl)
3583 retval = ld->compat_ioctl(tty, file, cmd, arg);
3584 tty_ldisc_deref(ld);
3585
3586 return retval;
3587}
3588#endif
1da177e4
LT		 3589
3590/*
3591 * This implements the "Secure Attention Key" --- the idea is to
3592 * prevent trojan horses by killing all processes associated with this
3593 * tty when the user hits the "Secure Attention Key". Required for
3594 * super-paranoid applications --- see the Orange Book for more details.
37bdfb07 3595 *
1da177e4
LT		 3596 * This code could be nicer; ideally it should send a HUP, wait a few
3597 * seconds, then send a INT, and then a KILL signal. But you then
3598 * have to coordinate with the init process, since all processes associated
3599 * with the current tty must be dead before the new getty is allowed
3600 * to spawn.
3601 *
3602 * Now, if it would be correct ;-/ The current code has a nasty hole -
3603 * it doesn't catch files in flight. We may send the descriptor to ourselves
3604 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
3605 *
3606 * Nasty bug: do_SAK is being called in interrupt context. This can
3607 * deadlock. We punt it up to process context. AKPM - 16Mar2001
3608 */
8b6312f4 3609void __do_SAK(struct tty_struct *tty)
1da177e4
LT		 3610{
3611#ifdef TTY_SOFT_SAK
3612 tty_hangup(tty);
3613#else
652486fb 3614 struct task_struct *g, *p;
ab521dc0 3615 struct pid *session;
1da177e4
LT		 3616 int i;
3617 struct file *filp;
badf1662 3618 struct fdtable *fdt;
37bdfb07 3619
1da177e4
LT		 3620 if (!tty)
3621 return;
24ec839c 3622 session = tty->session;
37bdfb07 3623
b3f13deb 3624 tty_ldisc_flush(tty);
1da177e4 3625
f34d7a5b 3626 tty_driver_flush_buffer(tty);
37bdfb07 3627
1da177e4 3628 read_lock(&tasklist_lock);
652486fb 3629 /* Kill the entire session */
ab521dc0 3630 do_each_pid_task(session, PIDTYPE_SID, p) {
652486fb 3631 printk(KERN_NOTICE "SAK: killed process %d"
a47afb0f 3632 " (%s): task_session_nr(p)==tty->session\n",
ba25f9dc 3633 task_pid_nr(p), p->comm);
652486fb 3634 send_sig(SIGKILL, p, 1);
ab521dc0 3635 } while_each_pid_task(session, PIDTYPE_SID, p);
652486fb
EB		 3636 /* Now kill any processes that happen to have the
3637 * tty open.
3638 */
3639 do_each_thread(g, p) {
3640 if (p->signal->tty == tty) {
1da177e4 3641 printk(KERN_NOTICE "SAK: killed process %d"
a47afb0f 3642 " (%s): task_session_nr(p)==tty->session\n",
ba25f9dc 3643 task_pid_nr(p), p->comm);
1da177e4
LT		 3644 send_sig(SIGKILL, p, 1);
3645 continue;
3646 }
3647 task_lock(p);
3648 if (p->files) {
ca99c1da
DS		 3649 /*
3650 * We don't take a ref to the file, so we must
3651 * hold ->file_lock instead.
3652 */
3653 spin_lock(&p->files->file_lock);
badf1662 3654 fdt = files_fdtable(p->files);
37bdfb07 3655 for (i = 0; i < fdt->max_fds; i++) {
1da177e4
LT		 3656 filp = fcheck_files(p->files, i);
3657 if (!filp)
3658 continue;
3659 if (filp->f_op->read == tty_read &&
3660 filp->private_data == tty) {
3661 printk(KERN_NOTICE "SAK: killed process %d"
3662 " (%s): fd#%d opened to the tty\n",
ba25f9dc 3663 task_pid_nr(p), p->comm, i);
20ac9437 3664 force_sig(SIGKILL, p);
1da177e4
LT		 3665 break;
3666 }
3667 }
ca99c1da 3668 spin_unlock(&p->files->file_lock);
1da177e4
LT		 3669 }
3670 task_unlock(p);
652486fb 3671 } while_each_thread(g, p);
1da177e4
LT		 3672 read_unlock(&tasklist_lock);
3673#endif
3674}
3675
8b6312f4
EB		 3676static void do_SAK_work(struct work_struct *work)
3677{
3678 struct tty_struct *tty =
3679 container_of(work, struct tty_struct, SAK_work);
3680 __do_SAK(tty);
3681}
3682
1da177e4
LT		 3683/*
3684 * The tq handling here is a little racy - tty->SAK_work may already be queued.
3685 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3686 * the values which we write to it will be identical to the values which it
3687 * already has. --akpm
3688 */
3689void do_SAK(struct tty_struct *tty)
3690{
3691 if (!tty)
3692 return;
1da177e4
LT		 3693 schedule_work(&tty->SAK_work);
3694}
3695
3696EXPORT_SYMBOL(do_SAK);
3697
af9b897e
AC		 3698/**
3699 * flush_to_ldisc
65f27f38 3700 * @work: tty structure passed from work queue.
af9b897e
AC		 3701 *
3702 * This routine is called out of the software interrupt to flush data
3703 * from the buffer chain to the line discipline.
3704 *
3705 * Locking: holds tty->buf.lock to guard buffer list. Drops the lock
3706 * while invoking the line discipline receive_buf method. The
3707 * receive_buf method is single threaded for each tty instance.
1da177e4 3708 */
37bdfb07 3709
65f27f38 3710static void flush_to_ldisc(struct work_struct *work)
1da177e4 3711{
65f27f38
DH		 3712 struct tty_struct *tty =
3713 container_of(work, struct tty_struct, buf.work.work);
1da177e4
LT		 3714 unsigned long flags;
3715 struct tty_ldisc *disc;
2c3bb20f 3716 struct tty_buffer *tbuf, *head;
8977d929
PF		 3717 char *char_buf;
3718 unsigned char *flag_buf;
1da177e4
LT		 3719
3720 disc = tty_ldisc_ref(tty);
3721 if (disc == NULL) /* !TTY_LDISC */
3722 return;
3723
808249ce 3724 spin_lock_irqsave(&tty->buf.lock, flags);
37bdfb07
AC		 3725 /* So we know a flush is running */
3726 set_bit(TTY_FLUSHING, &tty->flags);
2c3bb20f
PF		 3727 head = tty->buf.head;
3728 if (head != NULL) {
3729 tty->buf.head = NULL;
3730 for (;;) {
3731 int count = head->commit - head->read;
3732 if (!count) {
3733 if (head->next == NULL)
3734 break;
3735 tbuf = head;
3736 head = head->next;
3737 tty_buffer_free(tty, tbuf);
3738 continue;
3739 }
42fd552e
AC		 3740 /* Ldisc or user is trying to flush the buffers
3741 we are feeding to the ldisc, stop feeding the
3742 line discipline as we want to empty the queue */
3743 if (test_bit(TTY_FLUSHPENDING, &tty->flags))
3744 break;
2c3bb20f
PF		 3745 if (!tty->receive_room) {
3746 schedule_delayed_work(&tty->buf.work, 1);
3747 break;
3748 }
3749 if (count > tty->receive_room)
3750 count = tty->receive_room;
3751 char_buf = head->char_buf_ptr + head->read;
3752 flag_buf = head->flag_buf_ptr + head->read;
3753 head->read += count;
8977d929
PF		 3754 spin_unlock_irqrestore(&tty->buf.lock, flags);
3755 disc->receive_buf(tty, char_buf, flag_buf, count);
3756 spin_lock_irqsave(&tty->buf.lock, flags);
3757 }
42fd552e 3758 /* Restore the queue head */
2c3bb20f 3759 tty->buf.head = head;
33f0f88f 3760 }
42fd552e
AC		 3761 /* We may have a deferred request to flush the input buffer,
3762 if so pull the chain under the lock and empty the queue */
3763 if (test_bit(TTY_FLUSHPENDING, &tty->flags)) {
3764 __tty_buffer_flush(tty);
3765 clear_bit(TTY_FLUSHPENDING, &tty->flags);
3766 wake_up(&tty->read_wait);
3767 }
3768 clear_bit(TTY_FLUSHING, &tty->flags);
808249ce 3769 spin_unlock_irqrestore(&tty->buf.lock, flags);
817d6d3b 3770
1da177e4
LT		 3771 tty_ldisc_deref(disc);
3772}
3773
1da177e4
LT		 3774/**
3775 * tty_flip_buffer_push - terminal
3776 * @tty: tty to push
3777 *
3778 * Queue a push of the terminal flip buffers to the line discipline. This
3779 * function must not be called from IRQ context if tty->low_latency is set.
3780 *
3781 * In the event of the queue being busy for flipping the work will be
3782 * held off and retried later.
af9b897e
AC		 3783 *
3784 * Locking: tty buffer lock. Driver locks in low latency mode.
1da177e4
LT		 3785 */
3786
3787void tty_flip_buffer_push(struct tty_struct *tty)
3788{
808249ce
PF		 3789 unsigned long flags;
3790 spin_lock_irqsave(&tty->buf.lock, flags);
33b37a33 3791 if (tty->buf.tail != NULL)
8977d929 3792 tty->buf.tail->commit = tty->buf.tail->used;
808249ce
PF		 3793 spin_unlock_irqrestore(&tty->buf.lock, flags);
3794
1da177e4 3795 if (tty->low_latency)
65f27f38 3796 flush_to_ldisc(&tty->buf.work.work);
1da177e4 3797 else
33f0f88f 3798 schedule_delayed_work(&tty->buf.work, 1);
1da177e4
LT		 3799}
3800
3801EXPORT_SYMBOL(tty_flip_buffer_push);
3802
33f0f88f 3803
af9b897e
AC		 3804/**
3805 * initialize_tty_struct
3806 * @tty: tty to initialize
3807 *
3808 * This subroutine initializes a tty structure that has been newly
3809 * allocated.
3810 *
3811 * Locking: none - tty in question must not be exposed at this point
1da177e4 3812 */
af9b897e 3813
1da177e4
LT		 3814static void initialize_tty_struct(struct tty_struct *tty)
3815{
3816 memset(tty, 0, sizeof(struct tty_struct));
3817 tty->magic = TTY_MAGIC;
3818 tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
ab521dc0
EB		 3819 tty->session = NULL;
3820 tty->pgrp = NULL;
1da177e4 3821 tty->overrun_time = jiffies;
33f0f88f
AC		 3822 tty->buf.head = tty->buf.tail = NULL;
3823 tty_buffer_init(tty);
65f27f38 3824 INIT_DELAYED_WORK(&tty->buf.work, flush_to_ldisc);
5785c95b 3825 mutex_init(&tty->termios_mutex);
1da177e4
LT		 3826 init_waitqueue_head(&tty->write_wait);
3827 init_waitqueue_head(&tty->read_wait);
65f27f38 3828 INIT_WORK(&tty->hangup_work, do_tty_hangup);
70522e12
IM		 3829 mutex_init(&tty->atomic_read_lock);
3830 mutex_init(&tty->atomic_write_lock);
1da177e4 3831 spin_lock_init(&tty->read_lock);
04f378b1 3832 spin_lock_init(&tty->ctrl_lock);
1da177e4 3833 INIT_LIST_HEAD(&tty->tty_files);
7f1f86a0 3834 INIT_WORK(&tty->SAK_work, do_SAK_work);
1da177e4
LT		 3835}
3836
f34d7a5b
AC		 3837/**
3838 * tty_put_char - write one character to a tty
3839 * @tty: tty
3840 * @ch: character
3841 *
3842 * Write one byte to the tty using the provided put_char method
3843 * if present. Returns the number of characters successfully output.
3844 *
3845 * Note: the specific put_char operation in the driver layer may go
3846 * away soon. Don't call it directly, use this method
1da177e4 3847 */
af9b897e 3848
f34d7a5b 3849int tty_put_char(struct tty_struct *tty, unsigned char ch)
1da177e4 3850{
f34d7a5b
AC		 3851 if (tty->ops->put_char)
3852 return tty->ops->put_char(tty, ch);
3853 return tty->ops->write(tty, &ch, 1);
1da177e4
LT		 3854}
3855
f34d7a5b
AC		 3856EXPORT_SYMBOL_GPL(tty_put_char);
3857
7fe845d1 3858static struct class *tty_class;
1da177e4
LT		 3859
3860/**
af9b897e
AC		 3861 * tty_register_device - register a tty device
3862 * @driver: the tty driver that describes the tty device
3863 * @index: the index in the tty driver for this tty device
3864 * @device: a struct device that is associated with this tty device.
3865 * This field is optional, if there is no known struct device
3866 * for this tty device it can be set to NULL safely.
1da177e4 3867 *
01107d34
GKH		 3868 * Returns a pointer to the struct device for this tty device
3869 * (or ERR_PTR(-EFOO) on error).
1cdcb6b4 3870 *
af9b897e
AC		 3871 * This call is required to be made to register an individual tty device
3872 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3873 * that bit is not set, this function should not be called by a tty
3874 * driver.
3875 *
3876 * Locking: ??
1da177e4 3877 */
af9b897e 3878
01107d34
GKH		 3879struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3880 struct device *device)
1da177e4
LT		 3881{
3882 char name[64];
3883 dev_t dev = MKDEV(driver->major, driver->minor_start) + index;
3884
3885 if (index >= driver->num) {
3886 printk(KERN_ERR "Attempt to register invalid tty line number "
3887 " (%d).\n", index);
1cdcb6b4 3888 return ERR_PTR(-EINVAL);
1da177e4
LT		 3889 }
3890
1da177e4
LT		 3891 if (driver->type == TTY_DRIVER_TYPE_PTY)
3892 pty_line_name(driver, index, name);
3893 else
3894 tty_line_name(driver, index, name);
1cdcb6b4 3895
01107d34 3896 return device_create(tty_class, device, dev, name);
1da177e4
LT		 3897}
3898
3899/**
af9b897e
AC		 3900 * tty_unregister_device - unregister a tty device
3901 * @driver: the tty driver that describes the tty device
3902 * @index: the index in the tty driver for this tty device
1da177e4 3903 *
af9b897e
AC		 3904 * If a tty device is registered with a call to tty_register_device() then
3905 * this function must be called when the tty device is gone.
3906 *
3907 * Locking: ??
1da177e4 3908 */
af9b897e 3909
1da177e4
LT		 3910void tty_unregister_device(struct tty_driver *driver, unsigned index)
3911{
37bdfb07
AC		 3912 device_destroy(tty_class,
3913 MKDEV(driver->major, driver->minor_start) + index);
1da177e4
LT		 3914}
3915
3916EXPORT_SYMBOL(tty_register_device);
3917EXPORT_SYMBOL(tty_unregister_device);
3918
3919struct tty_driver *alloc_tty_driver(int lines)
3920{
3921 struct tty_driver *driver;
3922
506eb99a 3923 driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL);
1da177e4 3924 if (driver) {
1da177e4
LT		 3925 driver->magic = TTY_DRIVER_MAGIC;
3926 driver->num = lines;
3927 /* later we'll move allocation of tables here */
3928 }
3929 return driver;
3930}
3931
3932void put_tty_driver(struct tty_driver *driver)
3933{
3934 kfree(driver);
3935}
3936
b68e31d0
JD		 3937void tty_set_operations(struct tty_driver *driver,
3938 const struct tty_operations *op)
1da177e4 3939{
f34d7a5b
AC		 3940 driver->ops = op;
3941};
1da177e4
LT		 3942
3943EXPORT_SYMBOL(alloc_tty_driver);
3944EXPORT_SYMBOL(put_tty_driver);
3945EXPORT_SYMBOL(tty_set_operations);
3946
3947/*
3948 * Called by a tty driver to register itself.
3949 */
3950int tty_register_driver(struct tty_driver *driver)
3951{
3952 int error;
37bdfb07 3953 int i;
1da177e4
LT		 3954 dev_t dev;
3955 void **p = NULL;
3956
3957 if (driver->flags & TTY_DRIVER_INSTALLED)
3958 return 0;
3959
543691a6
AW		 3960 if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM) && driver->num) {
3961 p = kzalloc(driver->num * 3 * sizeof(void *), GFP_KERNEL);
1da177e4
LT		 3962 if (!p)
3963 return -ENOMEM;
1da177e4
LT		 3964 }
3965
3966 if (!driver->major) {
37bdfb07
AC		 3967 error = alloc_chrdev_region(&dev, driver->minor_start,
3968 driver->num, driver->name);
1da177e4
LT		 3969 if (!error) {
3970 driver->major = MAJOR(dev);
3971 driver->minor_start = MINOR(dev);
3972 }
3973 } else {
3974 dev = MKDEV(driver->major, driver->minor_start);
e5717c48 3975 error = register_chrdev_region(dev, driver->num, driver->name);
1da177e4
LT		 3976 }
3977 if (error < 0) {
3978 kfree(p);
3979 return error;
3980 }
3981
3982 if (p) {
3983 driver->ttys = (struct tty_struct **)p;
edc6afc5 3984 driver->termios = (struct ktermios **)(p + driver->num);
37bdfb07
AC		 3985 driver->termios_locked = (struct ktermios **)
3986 (p + driver->num * 2);
1da177e4
LT		 3987 } else {
3988 driver->ttys = NULL;
3989 driver->termios = NULL;
3990 driver->termios_locked = NULL;
3991 }
3992
3993 cdev_init(&driver->cdev, &tty_fops);
3994 driver->cdev.owner = driver->owner;
3995 error = cdev_add(&driver->cdev, dev, driver->num);
3996 if (error) {
1da177e4
LT		 3997 unregister_chrdev_region(dev, driver->num);
3998 driver->ttys = NULL;
3999 driver->termios = driver->termios_locked = NULL;
4000 kfree(p);
4001 return error;
4002 }
4003
ca509f69 4004 mutex_lock(&tty_mutex);
1da177e4 4005 list_add(&driver->tty_drivers, &tty_drivers);
ca509f69 4006 mutex_unlock(&tty_mutex);
37bdfb07
AC		 4007
4008 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
4009 for (i = 0; i < driver->num; i++)
1da177e4
LT		 4010 tty_register_device(driver, i, NULL);
4011 }
4012 proc_tty_register_driver(driver);
4013 return 0;
4014}
4015
4016EXPORT_SYMBOL(tty_register_driver);
4017
4018/*
4019 * Called by a tty driver to unregister itself.
4020 */
4021int tty_unregister_driver(struct tty_driver *driver)
4022{
4023 int i;
edc6afc5 4024 struct ktermios *tp;
1da177e4
LT		 4025 void *p;
4026
4027 if (driver->refcount)
4028 return -EBUSY;
4029
4030 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
4031 driver->num);
ca509f69 4032 mutex_lock(&tty_mutex);
1da177e4 4033 list_del(&driver->tty_drivers);
ca509f69 4034 mutex_unlock(&tty_mutex);
1da177e4
LT		 4035
4036 /*
4037 * Free the termios and termios_locked structures because
4038 * we don't want to get memory leaks when modular tty
4039 * drivers are removed from the kernel.
4040 */
4041 for (i = 0; i < driver->num; i++) {
4042 tp = driver->termios[i];
4043 if (tp) {
4044 driver->termios[i] = NULL;
4045 kfree(tp);
4046 }
4047 tp = driver->termios_locked[i];
4048 if (tp) {
4049 driver->termios_locked[i] = NULL;
4050 kfree(tp);
4051 }
331b8319 4052 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
1da177e4
LT		 4053 tty_unregister_device(driver, i);
4054 }
4055 p = driver->ttys;
4056 proc_tty_unregister_driver(driver);
4057 driver->ttys = NULL;
4058 driver->termios = driver->termios_locked = NULL;
4059 kfree(p);
4060 cdev_del(&driver->cdev);
4061 return 0;
4062}
1da177e4
LT		 4063EXPORT_SYMBOL(tty_unregister_driver);
4064
24ec839c
PZ		 4065dev_t tty_devnum(struct tty_struct *tty)
4066{
4067 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
4068}
4069EXPORT_SYMBOL(tty_devnum);
4070
4071void proc_clear_tty(struct task_struct *p)
4072{
4073 spin_lock_irq(&p->sighand->siglock);
4074 p->signal->tty = NULL;
4075 spin_unlock_irq(&p->sighand->siglock);
4076}
7cac4ce5 4077EXPORT_SYMBOL(proc_clear_tty);
24ec839c 4078
47f86834
AC		 4079/* Called under the sighand lock */
4080
2a65f1d9 4081static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
24ec839c
PZ		 4082{
4083 if (tty) {
47f86834
AC		 4084 unsigned long flags;
4085 /* We should not have a session or pgrp to put here but.... */
4086 spin_lock_irqsave(&tty->ctrl_lock, flags);
d9c1e9a8
EB		 4087 put_pid(tty->session);
4088 put_pid(tty->pgrp);
ab521dc0 4089 tty->pgrp = get_pid(task_pgrp(tsk));
47f86834
AC		 4090 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
4091 tty->session = get_pid(task_session(tsk));
24ec839c 4092 }
2a65f1d9 4093 put_pid(tsk->signal->tty_old_pgrp);
24ec839c 4094 tsk->signal->tty = tty;
ab521dc0 4095 tsk->signal->tty_old_pgrp = NULL;
24ec839c
PZ		 4096}
4097
98a27ba4 4098static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
24ec839c
PZ		 4099{
4100 spin_lock_irq(&tsk->sighand->siglock);
2a65f1d9 4101 __proc_set_tty(tsk, tty);
24ec839c
PZ		 4102 spin_unlock_irq(&tsk->sighand->siglock);
4103}
4104
4105struct tty_struct *get_current_tty(void)
4106{
4107 struct tty_struct *tty;
4108 WARN_ON_ONCE(!mutex_is_locked(&tty_mutex));
4109 tty = current->signal->tty;
4110 /*
4111 * session->tty can be changed/cleared from under us, make sure we
4112 * issue the load. The obtained pointer, when not NULL, is valid as
4113 * long as we hold tty_mutex.
4114 */
4115 barrier();
4116 return tty;
4117}
a311f743 4118EXPORT_SYMBOL_GPL(get_current_tty);
1da177e4
LT		 4119
4120/*
4121 * Initialize the console device. This is called *early*, so
4122 * we can't necessarily depend on lots of kernel help here.
4123 * Just do some early initializations, and do the complex setup
4124 * later.
4125 */
4126void __init console_init(void)
4127{
4128 initcall_t *call;
4129
4130 /* Setup the default TTY line discipline. */
4131 (void) tty_register_ldisc(N_TTY, &tty_ldisc_N_TTY);
4132
4133 /*
37bdfb07 4134 * set up the console device so that later boot sequences can
1da177e4
LT		 4135 * inform about problems etc..
4136 */
1da177e4
LT		 4137 call = __con_initcall_start;
4138 while (call < __con_initcall_end) {
4139 (*call)();
4140 call++;
4141 }
4142}
4143
1da177e4
LT		 4144static int __init tty_class_init(void)
4145{
7fe845d1 4146 tty_class = class_create(THIS_MODULE, "tty");
1da177e4
LT		 4147 if (IS_ERR(tty_class))
4148 return PTR_ERR(tty_class);
4149 return 0;
4150}
4151
4152postcore_initcall(tty_class_init);
4153
4154/* 3/2004 jmc: why do these devices exist? */
4155
4156static struct cdev tty_cdev, console_cdev;
4157#ifdef CONFIG_UNIX98_PTYS
4158static struct cdev ptmx_cdev;
4159#endif
4160#ifdef CONFIG_VT
4161static struct cdev vc0_cdev;
4162#endif
4163
4164/*
4165 * Ok, now we can initialize the rest of the tty devices and can count
4166 * on memory allocations, interrupts etc..
4167 */
4168static int __init tty_init(void)
4169{
4170 cdev_init(&tty_cdev, &tty_fops);
4171 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
4172 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
4173 panic("Couldn't register /dev/tty driver\n");
01107d34 4174 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), "tty");
1da177e4
LT		 4175
4176 cdev_init(&console_cdev, &console_fops);
4177 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
4178 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
4179 panic("Couldn't register /dev/console driver\n");
01107d34 4180 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), "console");
1da177e4
LT		 4181
4182#ifdef CONFIG_UNIX98_PTYS
4183 cdev_init(&ptmx_cdev, &ptmx_fops);
4184 if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) ||
4185 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 2), 1, "/dev/ptmx") < 0)
4186 panic("Couldn't register /dev/ptmx driver\n");
01107d34 4187 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 2), "ptmx");
1da177e4
LT		 4188#endif
4189
4190#ifdef CONFIG_VT
4191 cdev_init(&vc0_cdev, &console_fops);
4192 if (cdev_add(&vc0_cdev, MKDEV(TTY_MAJOR, 0), 1) ||
4193 register_chrdev_region(MKDEV(TTY_MAJOR, 0), 1, "/dev/vc/0") < 0)
4194 panic("Couldn't register /dev/tty0 driver\n");
01107d34 4195 device_create(tty_class, NULL, MKDEV(TTY_MAJOR, 0), "tty0");
1da177e4
LT		 4196
4197 vty_init();
4198#endif
4199 return 0;
4200}
4201module_init(tty_init);
Linux 6.x block layer and io_uring tree(s)