projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
selinux: opened file can't have NULL or negative ->f_path.dentry
[linux-2.6-block.git] / drivers / tty / tty_io.c
CommitLineData
1da177e4 1/*
1da177e4
LT		 2 * Copyright (C) 1991, 1992 Linus Torvalds
3 */
4
5/*
6 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
7 * or rs-channels. It also implements echoing, cooked mode etc.
8 *
9 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
10 *
11 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
12 * tty_struct and tty_queue structures. Previously there was an array
13 * of 256 tty_struct's which was statically allocated, and the
14 * tty_queue structures were allocated at boot time. Both are now
15 * dynamically allocated only when the tty is open.
16 *
17 * Also restructured routines so that there is more of a separation
18 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
19 * the low-level tty routines (serial.c, pty.c, console.c). This
37bdfb07 20 * makes for cleaner and more compact code. -TYT, 9/17/92
1da177e4
LT		 21 *
22 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
23 * which can be dynamically activated and de-activated by the line
24 * discipline handling modules (like SLIP).
25 *
26 * NOTE: pay no attention to the line discipline code (yet); its
27 * interface is still subject to change in this version...
28 * -- TYT, 1/31/92
29 *
30 * Added functionality to the OPOST tty handling. No delays, but all
31 * other bits should be there.
32 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
33 *
34 * Rewrote canonical mode and added more termios flags.
35 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
36 *
37 * Reorganized FASYNC support so mouse code can share it.
38 * -- ctm@ardi.com, 9Sep95
39 *
40 * New TIOCLINUX variants added.
41 * -- mj@k332.feld.cvut.cz, 19-Nov-95
37bdfb07 42 *
1da177e4
LT		 43 * Restrict vt switching via ioctl()
44 * -- grif@cs.ucr.edu, 5-Dec-95
45 *
46 * Move console and virtual terminal code to more appropriate files,
47 * implement CONFIG_VT and generalize console device interface.
48 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
49 *
d81ed103 50 * Rewrote tty_init_dev and tty_release_dev to eliminate races.
1da177e4
LT		 51 * -- Bill Hawes <whawes@star.net>, June 97
52 *
53 * Added devfs support.
54 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
55 *
56 * Added support for a Unix98-style ptmx device.
57 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
58 *
59 * Reduced memory usage for older ARM systems
60 * -- Russell King <rmk@arm.linux.org.uk>
61 *
62 * Move do_SAK() into process context. Less stack use in devfs functions.
37bdfb07
AC		 63 * alloc_tty_struct() always uses kmalloc()
64 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
1da177e4
LT		 65 */
66
1da177e4
LT		 67#include <linux/types.h>
68#include <linux/major.h>
69#include <linux/errno.h>
70#include <linux/signal.h>
71#include <linux/fcntl.h>
72#include <linux/sched.h>
73#include <linux/interrupt.h>
74#include <linux/tty.h>
75#include <linux/tty_driver.h>
76#include <linux/tty_flip.h>
77#include <linux/devpts_fs.h>
78#include <linux/file.h>
9f3acc31 79#include <linux/fdtable.h>
1da177e4
LT		 80#include <linux/console.h>
81#include <linux/timer.h>
82#include <linux/ctype.h>
83#include <linux/kd.h>
84#include <linux/mm.h>
85#include <linux/string.h>
86#include <linux/slab.h>
87#include <linux/poll.h>
88#include <linux/proc_fs.h>
89#include <linux/init.h>
90#include <linux/module.h>
1da177e4 91#include <linux/device.h>
1da177e4
LT		 92#include <linux/wait.h>
93#include <linux/bitops.h>
b20f3ae5 94#include <linux/delay.h>
a352def2 95#include <linux/seq_file.h>
d281da7f 96#include <linux/serial.h>
5a3c6b25 97#include <linux/ratelimit.h>
1da177e4 98
a352def2 99#include <linux/uaccess.h>
1da177e4
LT		 100
101#include <linux/kbd_kern.h>
102#include <linux/vt_kern.h>
103#include <linux/selection.h>
1da177e4
LT		 104
105#include <linux/kmod.h>
b488893a 106#include <linux/nsproxy.h>
1da177e4
LT		 107
108#undef TTY_DEBUG_HANGUP
109
110#define TTY_PARANOIA_CHECK 1
111#define CHECK_TTY_COUNT 1
112
edc6afc5 113struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
1da177e4
LT		 114 .c_iflag = ICRNL | IXON,
115 .c_oflag = OPOST | ONLCR,
116 .c_cflag = B38400 | CS8 | CREAD | HUPCL,
117 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
118 ECHOCTL | ECHOKE | IEXTEN,
edc6afc5
AC		 119 .c_cc = INIT_C_CC,
120 .c_ispeed = 38400,
121 .c_ospeed = 38400
1da177e4
LT		 122};
123
124EXPORT_SYMBOL(tty_std_termios);
125
126/* This list gets poked at by procfs and various bits of boot up code. This
127 could do with some rationalisation such as pulling the tty proc function
128 into this file */
37bdfb07 129
1da177e4
LT		 130LIST_HEAD(tty_drivers); /* linked list of tty drivers */
131
24ec839c 132/* Mutex to protect creating and releasing a tty. This is shared with
1da177e4 133 vt.c for deeply disgusting hack reasons */
70522e12 134DEFINE_MUTEX(tty_mutex);
de2a84f2 135EXPORT_SYMBOL(tty_mutex);
1da177e4 136
ee2ffa0d
NP		 137/* Spinlock to protect the tty->tty_files list */
138DEFINE_SPINLOCK(tty_files_lock);
139
1da177e4
LT		 140static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
141static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
37bdfb07
AC		 142ssize_t redirected_tty_write(struct file *, const char __user *,
143 size_t, loff_t *);
1da177e4
LT		 144static unsigned int tty_poll(struct file *, poll_table *);
145static int tty_open(struct inode *, struct file *);
04f378b1 146long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
e10cc1df 147#ifdef CONFIG_COMPAT
37bdfb07 148static long tty_compat_ioctl(struct file *file, unsigned int cmd,
e10cc1df
PF		 149 unsigned long arg);
150#else
151#define tty_compat_ioctl NULL
152#endif
ec79d605 153static int __tty_fasync(int fd, struct file *filp, int on);
37bdfb07 154static int tty_fasync(int fd, struct file *filp, int on);
d5698c28 155static void release_tty(struct tty_struct *tty, int idx);
2a65f1d9 156static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
98a27ba4 157static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
1da177e4 158
af9b897e
AC		 159/**
160 * alloc_tty_struct - allocate a tty object
161 *
162 * Return a new empty tty structure. The data fields have not
163 * been initialized in any way but has been zeroed
164 *
165 * Locking: none
af9b897e 166 */
1da177e4 167
bf970ee4 168struct tty_struct *alloc_tty_struct(void)
1da177e4 169{
1266b1e1 170 return kzalloc(sizeof(struct tty_struct), GFP_KERNEL);
1da177e4
LT		 171}
172
af9b897e
AC		 173/**
174 * free_tty_struct - free a disused tty
175 * @tty: tty struct to free
176 *
177 * Free the write buffers, tty queue and tty memory itself.
178 *
179 * Locking: none. Must be called after tty is definitely unused
180 */
181
bf970ee4 182void free_tty_struct(struct tty_struct *tty)
1da177e4 183{
dc6802a7
DC		 184 if (!tty)
185 return;
30004ac9
DES		 186 if (tty->dev)
187 put_device(tty->dev);
1da177e4 188 kfree(tty->write_buf);
89c8d91e 189 tty->magic = 0xDEADDEAD;
1da177e4
LT		 190 kfree(tty);
191}
192
d996b62a
NP		 193static inline struct tty_struct *file_tty(struct file *file)
194{
195 return ((struct tty_file_private *)file->private_data)->tty;
196}
197
fa90e1c9 198int tty_alloc_file(struct file *file)
d996b62a
NP		 199{
200 struct tty_file_private *priv;
201
f573bd17
PE		 202 priv = kmalloc(sizeof(*priv), GFP_KERNEL);
203 if (!priv)
204 return -ENOMEM;
d996b62a 205
fa90e1c9
JS		 206 file->private_data = priv;
207
208 return 0;
209}
210
211/* Associate a new file with the tty structure */
212void tty_add_file(struct tty_struct *tty, struct file *file)
213{
214 struct tty_file_private *priv = file->private_data;
215
d996b62a
NP		 216 priv->tty = tty;
217 priv->file = file;
d996b62a
NP		 218
219 spin_lock(&tty_files_lock);
220 list_add(&priv->list, &tty->tty_files);
221 spin_unlock(&tty_files_lock);
fa90e1c9 222}
f573bd17 223
fa90e1c9
JS		 224/**
225 * tty_free_file - free file->private_data
226 *
227 * This shall be used only for fail path handling when tty_add_file was not
228 * called yet.
229 */
230void tty_free_file(struct file *file)
231{
232 struct tty_file_private *priv = file->private_data;
233
234 file->private_data = NULL;
235 kfree(priv);
d996b62a
NP		 236}
237
238/* Delete file from its tty */
2520e274 239static void tty_del_file(struct file *file)
d996b62a
NP		 240{
241 struct tty_file_private *priv = file->private_data;
242
243 spin_lock(&tty_files_lock);
244 list_del(&priv->list);
245 spin_unlock(&tty_files_lock);
fa90e1c9 246 tty_free_file(file);
d996b62a
NP		 247}
248
249
1da177e4
LT		 250#define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
251
af9b897e
AC		 252/**
253 * tty_name - return tty naming
254 * @tty: tty structure
255 * @buf: buffer for output
256 *
257 * Convert a tty structure into a name. The name reflects the kernel
258 * naming policy and if udev is in use may not reflect user space
259 *
260 * Locking: none
261 */
262
1da177e4
LT		 263char *tty_name(struct tty_struct *tty, char *buf)
264{
265 if (!tty) /* Hmm. NULL pointer. That's fun. */
266 strcpy(buf, "NULL tty");
267 else
268 strcpy(buf, tty->name);
269 return buf;
270}
271
272EXPORT_SYMBOL(tty_name);
273
d769a669 274int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
1da177e4
LT		 275 const char *routine)
276{
277#ifdef TTY_PARANOIA_CHECK
278 if (!tty) {
279 printk(KERN_WARNING
280 "null TTY for (%d:%d) in %s\n",
281 imajor(inode), iminor(inode), routine);
282 return 1;
283 }
284 if (tty->magic != TTY_MAGIC) {
285 printk(KERN_WARNING
286 "bad magic number for tty struct (%d:%d) in %s\n",
287 imajor(inode), iminor(inode), routine);
288 return 1;
289 }
290#endif
291 return 0;
292}
293
294static int check_tty_count(struct tty_struct *tty, const char *routine)
295{
296#ifdef CHECK_TTY_COUNT
297 struct list_head *p;
298 int count = 0;
37bdfb07 299
ee2ffa0d 300 spin_lock(&tty_files_lock);
1da177e4
LT		 301 list_for_each(p, &tty->tty_files) {
302 count++;
303 }
ee2ffa0d 304 spin_unlock(&tty_files_lock);
1da177e4
LT		 305 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
306 tty->driver->subtype == PTY_TYPE_SLAVE &&
307 tty->link && tty->link->count)
308 count++;
309 if (tty->count != count) {
310 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
311 "!= #fd's(%d) in %s\n",
312 tty->name, tty->count, count, routine);
313 return count;
24ec839c 314 }
1da177e4
LT		 315#endif
316 return 0;
317}
318
af9b897e
AC		 319/**
320 * get_tty_driver - find device of a tty
321 * @dev_t: device identifier
322 * @index: returns the index of the tty
323 *
324 * This routine returns a tty driver structure, given a device number
325 * and also passes back the index number.
326 *
327 * Locking: caller must hold tty_mutex
1da177e4 328 */
af9b897e 329
1da177e4
LT		 330static struct tty_driver *get_tty_driver(dev_t device, int *index)
331{
332 struct tty_driver *p;
333
334 list_for_each_entry(p, &tty_drivers, tty_drivers) {
335 dev_t base = MKDEV(p->major, p->minor_start);
336 if (device < base || device >= base + p->num)
337 continue;
338 *index = device - base;
7d7b93c1 339 return tty_driver_kref_get(p);
1da177e4
LT		 340 }
341 return NULL;
342}
343
f2d937f3
JW		 344#ifdef CONFIG_CONSOLE_POLL
345
346/**
347 * tty_find_polling_driver - find device of a polled tty
348 * @name: name string to match
349 * @line: pointer to resulting tty line nr
350 *
351 * This routine returns a tty driver structure, given a name
352 * and the condition that the tty driver is capable of polled
353 * operation.
354 */
355struct tty_driver *tty_find_polling_driver(char *name, int *line)
356{
357 struct tty_driver *p, *res = NULL;
358 int tty_line = 0;
0dca0fd2 359 int len;
5f0878ac 360 char *str, *stp;
f2d937f3 361
0dca0fd2
JW		 362 for (str = name; *str; str++)
363 if ((*str >= '0' && *str <= '9') || *str == ',')
364 break;
365 if (!*str)
366 return NULL;
367
368 len = str - name;
369 tty_line = simple_strtoul(str, &str, 10);
370
f2d937f3
JW		 371 mutex_lock(&tty_mutex);
372 /* Search through the tty devices to look for a match */
373 list_for_each_entry(p, &tty_drivers, tty_drivers) {
0dca0fd2
JW		 374 if (strncmp(name, p->name, len) != 0)
375 continue;
5f0878ac
AC		 376 stp = str;
377 if (*stp == ',')
378 stp++;
379 if (*stp == '\0')
380 stp = NULL;
f2d937f3 381
6eb68d6f 382 if (tty_line >= 0 && tty_line < p->num && p->ops &&
5f0878ac 383 p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) {
7d7b93c1 384 res = tty_driver_kref_get(p);
f2d937f3
JW		 385 *line = tty_line;
386 break;
387 }
388 }
389 mutex_unlock(&tty_mutex);
390
391 return res;
392}
393EXPORT_SYMBOL_GPL(tty_find_polling_driver);
394#endif
395
af9b897e
AC		 396/**
397 * tty_check_change - check for POSIX terminal changes
398 * @tty: tty to check
399 *
400 * If we try to write to, or set the state of, a terminal and we're
401 * not in the foreground, send a SIGTTOU. If the signal is blocked or
402 * ignored, go ahead and perform the operation. (POSIX 7.2)
403 *
978e595f 404 * Locking: ctrl_lock
1da177e4 405 */
af9b897e 406
37bdfb07 407int tty_check_change(struct tty_struct *tty)
1da177e4 408{
47f86834
AC		 409 unsigned long flags;
410 int ret = 0;
411
1da177e4
LT		 412 if (current->signal->tty != tty)
413 return 0;
47f86834
AC		 414
415 spin_lock_irqsave(&tty->ctrl_lock, flags);
416
ab521dc0
EB		 417 if (!tty->pgrp) {
418 printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n");
9ffee4cb 419 goto out_unlock;
1da177e4 420 }
ab521dc0 421 if (task_pgrp(current) == tty->pgrp)
9ffee4cb
AM		 422 goto out_unlock;
423 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1da177e4 424 if (is_ignored(SIGTTOU))
47f86834
AC		 425 goto out;
426 if (is_current_pgrp_orphaned()) {
427 ret = -EIO;
428 goto out;
429 }
040b6362
ON		 430 kill_pgrp(task_pgrp(current), SIGTTOU, 1);
431 set_thread_flag(TIF_SIGPENDING);
47f86834
AC		 432 ret = -ERESTARTSYS;
433out:
9ffee4cb
AM		 434 return ret;
435out_unlock:
47f86834
AC		 436 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
437 return ret;
1da177e4
LT		 438}
439
440EXPORT_SYMBOL(tty_check_change);
441
37bdfb07 442static ssize_t hung_up_tty_read(struct file *file, char __user *buf,
1da177e4
LT		 443 size_t count, loff_t *ppos)
444{
445 return 0;
446}
447
37bdfb07 448static ssize_t hung_up_tty_write(struct file *file, const char __user *buf,
1da177e4
LT		 449 size_t count, loff_t *ppos)
450{
451 return -EIO;
452}
453
454/* No kernel lock held - none needed ;) */
37bdfb07 455static unsigned int hung_up_tty_poll(struct file *filp, poll_table *wait)
1da177e4
LT		 456{
457 return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
458}
459
04f378b1
AC		 460static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
461 unsigned long arg)
38ad2ed0
PF		 462{
463 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
464}
465
37bdfb07 466static long hung_up_tty_compat_ioctl(struct file *file,
38ad2ed0 467 unsigned int cmd, unsigned long arg)
1da177e4
LT		 468{
469 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
470}
471
62322d25 472static const struct file_operations tty_fops = {
1da177e4
LT		 473 .llseek = no_llseek,
474 .read = tty_read,
475 .write = tty_write,
476 .poll = tty_poll,
04f378b1 477 .unlocked_ioctl = tty_ioctl,
e10cc1df 478 .compat_ioctl = tty_compat_ioctl,
1da177e4
LT		 479 .open = tty_open,
480 .release = tty_release,
481 .fasync = tty_fasync,
482};
483
62322d25 484static const struct file_operations console_fops = {
1da177e4
LT		 485 .llseek = no_llseek,
486 .read = tty_read,
487 .write = redirected_tty_write,
488 .poll = tty_poll,
04f378b1 489 .unlocked_ioctl = tty_ioctl,
e10cc1df 490 .compat_ioctl = tty_compat_ioctl,
1da177e4
LT		 491 .open = tty_open,
492 .release = tty_release,
493 .fasync = tty_fasync,
494};
495
62322d25 496static const struct file_operations hung_up_tty_fops = {
1da177e4
LT		 497 .llseek = no_llseek,
498 .read = hung_up_tty_read,
499 .write = hung_up_tty_write,
500 .poll = hung_up_tty_poll,
04f378b1 501 .unlocked_ioctl = hung_up_tty_ioctl,
38ad2ed0 502 .compat_ioctl = hung_up_tty_compat_ioctl,
1da177e4
LT		 503 .release = tty_release,
504};
505
506static DEFINE_SPINLOCK(redirect_lock);
507static struct file *redirect;
508
509/**
510 * tty_wakeup - request more data
511 * @tty: terminal
512 *
513 * Internal and external helper for wakeups of tty. This function
514 * informs the line discipline if present that the driver is ready
515 * to receive more output data.
516 */
37bdfb07 517
1da177e4
LT		 518void tty_wakeup(struct tty_struct *tty)
519{
520 struct tty_ldisc *ld;
37bdfb07 521
1da177e4
LT		 522 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
523 ld = tty_ldisc_ref(tty);
37bdfb07 524 if (ld) {
a352def2
AC		 525 if (ld->ops->write_wakeup)
526 ld->ops->write_wakeup(tty);
1da177e4
LT		 527 tty_ldisc_deref(ld);
528 }
529 }
4b19449d 530 wake_up_interruptible_poll(&tty->write_wait, POLLOUT);
1da177e4
LT		 531}
532
533EXPORT_SYMBOL_GPL(tty_wakeup);
534
af9b897e 535/**
11dbf203 536 * __tty_hangup - actual handler for hangup events
65f27f38 537 * @work: tty device
af9b897e 538 *
ef4f527c 539 * This can be called by a "kworker" kernel thread. That is process
af9b897e
AC		 540 * synchronous but doesn't hold any locks, so we need to make sure we
541 * have the appropriate locks for what we're doing.
542 *
543 * The hangup event clears any pending redirections onto the hung up
544 * device. It ensures future writes will error and it does the needed
545 * line discipline hangup and signal delivery. The tty object itself
546 * remains intact.
547 *
548 * Locking:
ec79d605 549 * BTM
24ec839c
PZ		 550 * redirect lock for undoing redirection
551 * file list lock for manipulating list of ttys
552 * tty_ldisc_lock from called functions
553 * termios_mutex resetting termios data
554 * tasklist_lock to walk task list for hangup event
555 * ->siglock to protect ->signal/->sighand
1da177e4 556 */
2520e274 557static void __tty_hangup(struct tty_struct *tty)
1da177e4 558{
37bdfb07 559 struct file *cons_filp = NULL;
1da177e4
LT		 560 struct file *filp, *f = NULL;
561 struct task_struct *p;
d996b62a 562 struct tty_file_private *priv;
1da177e4 563 int closecount = 0, n;
47f86834 564 unsigned long flags;
9c9f4ded 565 int refs = 0;
1da177e4
LT		 566
567 if (!tty)
568 return;
569
1da177e4
LT		 570
571 spin_lock(&redirect_lock);
d996b62a 572 if (redirect && file_tty(redirect) == tty) {
1da177e4
LT		 573 f = redirect;
574 redirect = NULL;
575 }
576 spin_unlock(&redirect_lock);
37bdfb07 577
89c8d91e 578 tty_lock(tty);
11dbf203 579
acfa747b
JS		 580 /* some functions below drop BTM, so we need this bit */
581 set_bit(TTY_HUPPING, &tty->flags);
582
ec79d605
AB		 583 /* inuse_filps is protected by the single tty lock,
584 this really needs to change if we want to flush the
585 workqueue with the lock held */
11dbf203 586 check_tty_count(tty, "tty_hangup");
36ba782e 587
ee2ffa0d 588 spin_lock(&tty_files_lock);
1da177e4 589 /* This breaks for file handles being sent over AF_UNIX sockets ? */
d996b62a
NP		 590 list_for_each_entry(priv, &tty->tty_files, list) {
591 filp = priv->file;
1da177e4
LT		 592 if (filp->f_op->write == redirected_tty_write)
593 cons_filp = filp;
594 if (filp->f_op->write != tty_write)
595 continue;
596 closecount++;
ec79d605 597 __tty_fasync(-1, filp, 0); /* can't block */
1da177e4
LT		 598 filp->f_op = &hung_up_tty_fops;
599 }
ee2ffa0d 600 spin_unlock(&tty_files_lock);
37bdfb07 601
acfa747b
JS		 602 /*
603 * it drops BTM and thus races with reopen
604 * we protect the race by TTY_HUPPING
605 */
c65c9bc3 606 tty_ldisc_hangup(tty);
37bdfb07 607
1da177e4 608 read_lock(&tasklist_lock);
ab521dc0
EB		 609 if (tty->session) {
610 do_each_pid_task(tty->session, PIDTYPE_SID, p) {
24ec839c 611 spin_lock_irq(&p->sighand->siglock);
9c9f4ded 612 if (p->signal->tty == tty) {
1da177e4 613 p->signal->tty = NULL;
9c9f4ded
AC		 614 /* We defer the dereferences outside fo
615 the tasklist lock */
616 refs++;
617 }
24ec839c
PZ		 618 if (!p->signal->leader) {
619 spin_unlock_irq(&p->sighand->siglock);
1da177e4 620 continue;
24ec839c
PZ		 621 }
622 __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
623 __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
ab521dc0 624 put_pid(p->signal->tty_old_pgrp); /* A noop */
47f86834 625 spin_lock_irqsave(&tty->ctrl_lock, flags);
ab521dc0
EB		 626 if (tty->pgrp)
627 p->signal->tty_old_pgrp = get_pid(tty->pgrp);
47f86834 628 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
24ec839c 629 spin_unlock_irq(&p->sighand->siglock);
ab521dc0 630 } while_each_pid_task(tty->session, PIDTYPE_SID, p);
1da177e4
LT		 631 }
632 read_unlock(&tasklist_lock);
633
47f86834 634 spin_lock_irqsave(&tty->ctrl_lock, flags);
c65c9bc3
AC		 635 clear_bit(TTY_THROTTLED, &tty->flags);
636 clear_bit(TTY_PUSH, &tty->flags);
637 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
d9c1e9a8
EB		 638 put_pid(tty->session);
639 put_pid(tty->pgrp);
ab521dc0
EB		 640 tty->session = NULL;
641 tty->pgrp = NULL;
1da177e4 642 tty->ctrl_status = 0;
47f86834
AC		 643 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
644
9c9f4ded
AC		 645 /* Account for the p->signal references we killed */
646 while (refs--)
647 tty_kref_put(tty);
648
1da177e4 649 /*
37bdfb07
AC		 650 * If one of the devices matches a console pointer, we
651 * cannot just call hangup() because that will cause
652 * tty->count and state->count to go out of sync.
653 * So we just call close() the right number of times.
1da177e4
LT		 654 */
655 if (cons_filp) {
f34d7a5b 656 if (tty->ops->close)
1da177e4 657 for (n = 0; n < closecount; n++)
f34d7a5b
AC		 658 tty->ops->close(tty, cons_filp);
659 } else if (tty->ops->hangup)
660 (tty->ops->hangup)(tty);
37bdfb07
AC		 661 /*
662 * We don't want to have driver/ldisc interactions beyond
663 * the ones we did here. The driver layer expects no
664 * calls after ->hangup() from the ldisc side. However we
665 * can't yet guarantee all that.
666 */
1da177e4 667 set_bit(TTY_HUPPED, &tty->flags);
acfa747b 668 clear_bit(TTY_HUPPING, &tty->flags);
c65c9bc3 669 tty_ldisc_enable(tty);
11dbf203 670
89c8d91e 671 tty_unlock(tty);
11dbf203 672
1da177e4
LT		 673 if (f)
674 fput(f);
675}
676
ddcd9fb6
AB		 677static void do_tty_hangup(struct work_struct *work)
678{
679 struct tty_struct *tty =
680 container_of(work, struct tty_struct, hangup_work);
681
11dbf203 682 __tty_hangup(tty);
ddcd9fb6
AB		 683}
684
af9b897e
AC		 685/**
686 * tty_hangup - trigger a hangup event
687 * @tty: tty to hangup
688 *
689 * A carrier loss (virtual or otherwise) has occurred on this like
690 * schedule a hangup sequence to run after this event.
691 */
692
37bdfb07 693void tty_hangup(struct tty_struct *tty)
1da177e4
LT		 694{
695#ifdef TTY_DEBUG_HANGUP
696 char buf[64];
1da177e4
LT		 697 printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
698#endif
699 schedule_work(&tty->hangup_work);
700}
701
702EXPORT_SYMBOL(tty_hangup);
703
af9b897e
AC		 704/**
705 * tty_vhangup - process vhangup
706 * @tty: tty to hangup
707 *
708 * The user has asked via system call for the terminal to be hung up.
709 * We do this synchronously so that when the syscall returns the process
3a4fa0a2 710 * is complete. That guarantee is necessary for security reasons.
af9b897e
AC		 711 */
712
37bdfb07 713void tty_vhangup(struct tty_struct *tty)
1da177e4
LT		 714{
715#ifdef TTY_DEBUG_HANGUP
716 char buf[64];
717
718 printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
719#endif
11dbf203 720 __tty_hangup(tty);
1da177e4 721}
37bdfb07 722
1da177e4
LT		 723EXPORT_SYMBOL(tty_vhangup);
724
11dbf203 725
2cb5998b
AC		 726/**
727 * tty_vhangup_self - process vhangup for own ctty
728 *
729 * Perform a vhangup on the current controlling tty
730 */
731
732void tty_vhangup_self(void)
733{
734 struct tty_struct *tty;
735
2cb5998b
AC		 736 tty = get_current_tty();
737 if (tty) {
738 tty_vhangup(tty);
739 tty_kref_put(tty);
740 }
2cb5998b
AC		 741}
742
af9b897e
AC		 743/**
744 * tty_hung_up_p - was tty hung up
745 * @filp: file pointer of tty
746 *
747 * Return true if the tty has been subject to a vhangup or a carrier
748 * loss
749 */
750
37bdfb07 751int tty_hung_up_p(struct file *filp)
1da177e4
LT		 752{
753 return (filp->f_op == &hung_up_tty_fops);
754}
755
756EXPORT_SYMBOL(tty_hung_up_p);
757
ab521dc0 758static void session_clear_tty(struct pid *session)
24ec839c
PZ		 759{
760 struct task_struct *p;
ab521dc0 761 do_each_pid_task(session, PIDTYPE_SID, p) {
24ec839c 762 proc_clear_tty(p);
ab521dc0 763 } while_each_pid_task(session, PIDTYPE_SID, p);
24ec839c
PZ		 764}
765
af9b897e
AC		 766/**
767 * disassociate_ctty - disconnect controlling tty
768 * @on_exit: true if exiting so need to "hang up" the session
1da177e4 769 *
af9b897e
AC		 770 * This function is typically called only by the session leader, when
771 * it wants to disassociate itself from its controlling tty.
772 *
773 * It performs the following functions:
1da177e4
LT		 774 * (1) Sends a SIGHUP and SIGCONT to the foreground process group
775 * (2) Clears the tty from being controlling the session
776 * (3) Clears the controlling tty for all processes in the
777 * session group.
778 *
af9b897e
AC		 779 * The argument on_exit is set to 1 if called when a process is
780 * exiting; it is 0 if called by the ioctl TIOCNOTTY.
781 *
24ec839c 782 * Locking:
ec79d605
AB		 783 * BTM is taken for hysterical raisins, and held when
784 * called from no_tty().
24ec839c
PZ		 785 * tty_mutex is taken to protect tty
786 * ->siglock is taken to protect ->signal/->sighand
787 * tasklist_lock is taken to walk process list for sessions
788 * ->siglock is taken to protect ->signal/->sighand
1da177e4 789 */
af9b897e 790
1da177e4
LT		 791void disassociate_ctty(int on_exit)
792{
793 struct tty_struct *tty;
1da177e4 794
5ec93d11
AC		 795 if (!current->signal->leader)
796 return;
1da177e4 797
24ec839c 798 tty = get_current_tty();
1da177e4 799 if (tty) {
1411dc4a 800 struct pid *tty_pgrp = get_pid(tty->pgrp);
ddcd9fb6 801 if (on_exit) {
ddcd9fb6 802 if (tty->driver->type != TTY_DRIVER_TYPE_PTY)
11dbf203 803 tty_vhangup(tty);
ddcd9fb6 804 }
452a00d2 805 tty_kref_put(tty);
1411dc4a
JS		 806 if (tty_pgrp) {
807 kill_pgrp(tty_pgrp, SIGHUP, on_exit);
808 if (!on_exit)
809 kill_pgrp(tty_pgrp, SIGCONT, on_exit);
810 put_pid(tty_pgrp);
811 }
680a9671 812 } else if (on_exit) {
ab521dc0 813 struct pid *old_pgrp;
680a9671
EB		 814 spin_lock_irq(&current->sighand->siglock);
815 old_pgrp = current->signal->tty_old_pgrp;
ab521dc0 816 current->signal->tty_old_pgrp = NULL;
680a9671 817 spin_unlock_irq(&current->sighand->siglock);
24ec839c 818 if (old_pgrp) {
ab521dc0
EB		 819 kill_pgrp(old_pgrp, SIGHUP, on_exit);
820 kill_pgrp(old_pgrp, SIGCONT, on_exit);
821 put_pid(old_pgrp);
1da177e4 822 }
1da177e4
LT		 823 return;
824 }
1da177e4 825
24ec839c 826 spin_lock_irq(&current->sighand->siglock);
2a65f1d9 827 put_pid(current->signal->tty_old_pgrp);
23cac8de 828 current->signal->tty_old_pgrp = NULL;
24ec839c
PZ		 829 spin_unlock_irq(&current->sighand->siglock);
830
24ec839c
PZ		 831 tty = get_current_tty();
832 if (tty) {
47f86834
AC		 833 unsigned long flags;
834 spin_lock_irqsave(&tty->ctrl_lock, flags);
ab521dc0
EB		 835 put_pid(tty->session);
836 put_pid(tty->pgrp);
837 tty->session = NULL;
838 tty->pgrp = NULL;
47f86834 839 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
452a00d2 840 tty_kref_put(tty);
24ec839c
PZ		 841 } else {
842#ifdef TTY_DEBUG_HANGUP
843 printk(KERN_DEBUG "error attempted to write to tty [0x%p]"
844 " = NULL", tty);
845#endif
846 }
1da177e4
LT		 847
848 /* Now clear signal->tty under the lock */
849 read_lock(&tasklist_lock);
ab521dc0 850 session_clear_tty(task_session(current));
1da177e4 851 read_unlock(&tasklist_lock);
1da177e4
LT		 852}
853
98a27ba4
EB		 854/**
855 *
856 * no_tty - Ensure the current process does not have a controlling tty
857 */
858void no_tty(void)
859{
3af502b9
AC		 860 /* FIXME: Review locking here. The tty_lock never covered any race
861 between a new association and proc_clear_tty but possible we need
862 to protect against this anyway */
98a27ba4 863 struct task_struct *tsk = current;
5ec93d11 864 disassociate_ctty(0);
98a27ba4
EB		 865 proc_clear_tty(tsk);
866}
867
af9b897e
AC		 868
869/**
beb7dd86 870 * stop_tty - propagate flow control
af9b897e
AC		 871 * @tty: tty to stop
872 *
873 * Perform flow control to the driver. For PTY/TTY pairs we
beb7dd86 874 * must also propagate the TIOCKPKT status. May be called
af9b897e
AC		 875 * on an already stopped device and will not re-call the driver
876 * method.
877 *
878 * This functionality is used by both the line disciplines for
879 * halting incoming flow and by the driver. It may therefore be
880 * called from any context, may be under the tty atomic_write_lock
881 * but not always.
882 *
883 * Locking:
04f378b1 884 * Uses the tty control lock internally
af9b897e
AC		 885 */
886
1da177e4
LT		 887void stop_tty(struct tty_struct *tty)
888{
04f378b1
AC		 889 unsigned long flags;
890 spin_lock_irqsave(&tty->ctrl_lock, flags);
891 if (tty->stopped) {
892 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1da177e4 893 return;
04f378b1 894 }
1da177e4
LT		 895 tty->stopped = 1;
896 if (tty->link && tty->link->packet) {
897 tty->ctrl_status &= ~TIOCPKT_START;
898 tty->ctrl_status |= TIOCPKT_STOP;
4b19449d 899 wake_up_interruptible_poll(&tty->link->read_wait, POLLIN);
1da177e4 900 }
04f378b1 901 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
f34d7a5b
AC		 902 if (tty->ops->stop)
903 (tty->ops->stop)(tty);
1da177e4
LT		 904}
905
906EXPORT_SYMBOL(stop_tty);
907
af9b897e 908/**
beb7dd86 909 * start_tty - propagate flow control
af9b897e
AC		 910 * @tty: tty to start
911 *
912 * Start a tty that has been stopped if at all possible. Perform
3a4fa0a2 913 * any necessary wakeups and propagate the TIOCPKT status. If this
af9b897e
AC		 914 * is the tty was previous stopped and is being started then the
915 * driver start method is invoked and the line discipline woken.
916 *
917 * Locking:
04f378b1 918 * ctrl_lock
af9b897e
AC		 919 */
920
1da177e4
LT		 921void start_tty(struct tty_struct *tty)
922{
04f378b1
AC		 923 unsigned long flags;
924 spin_lock_irqsave(&tty->ctrl_lock, flags);
925 if (!tty->stopped || tty->flow_stopped) {
926 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1da177e4 927 return;
04f378b1 928 }
1da177e4
LT		 929 tty->stopped = 0;
930 if (tty->link && tty->link->packet) {
931 tty->ctrl_status &= ~TIOCPKT_STOP;
932 tty->ctrl_status |= TIOCPKT_START;
4b19449d 933 wake_up_interruptible_poll(&tty->link->read_wait, POLLIN);
1da177e4 934 }
04f378b1 935 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
f34d7a5b
AC		 936 if (tty->ops->start)
937 (tty->ops->start)(tty);
1da177e4
LT		 938 /* If we have a running line discipline it may need kicking */
939 tty_wakeup(tty);
1da177e4
LT		 940}
941
942EXPORT_SYMBOL(start_tty);
943
af9b897e
AC		 944/**
945 * tty_read - read method for tty device files
946 * @file: pointer to tty file
947 * @buf: user buffer
948 * @count: size of user buffer
949 * @ppos: unused
950 *
951 * Perform the read system call function on this terminal device. Checks
952 * for hung up devices before calling the line discipline method.
953 *
954 * Locking:
47f86834
AC		 955 * Locks the line discipline internally while needed. Multiple
956 * read calls may be outstanding in parallel.
af9b897e
AC		 957 */
958
37bdfb07 959static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
1da177e4
LT		 960 loff_t *ppos)
961{
962 int i;
d996b62a
NP		 963 struct inode *inode = file->f_path.dentry->d_inode;
964 struct tty_struct *tty = file_tty(file);
1da177e4
LT		 965 struct tty_ldisc *ld;
966
1da177e4
LT		 967 if (tty_paranoia_check(tty, inode, "tty_read"))
968 return -EIO;
969 if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
970 return -EIO;
971
972 /* We want to wait for the line discipline to sort out in this
973 situation */
974 ld = tty_ldisc_ref_wait(tty);
a352def2
AC		 975 if (ld->ops->read)
976 i = (ld->ops->read)(tty, file, buf, count);
1da177e4
LT		 977 else
978 i = -EIO;
979 tty_ldisc_deref(ld);
b0de59b5 980
1da177e4
LT		 981 return i;
982}
983
9c1729db 984void tty_write_unlock(struct tty_struct *tty)
83c67571 985 __releases(&tty->atomic_write_lock)
9c1729db
AC		 986{
987 mutex_unlock(&tty->atomic_write_lock);
4b19449d 988 wake_up_interruptible_poll(&tty->write_wait, POLLOUT);
9c1729db
AC		 989}
990
991int tty_write_lock(struct tty_struct *tty, int ndelay)
83c67571 992 __acquires(&tty->atomic_write_lock)
9c1729db
AC		 993{
994 if (!mutex_trylock(&tty->atomic_write_lock)) {
995 if (ndelay)
996 return -EAGAIN;
997 if (mutex_lock_interruptible(&tty->atomic_write_lock))
998 return -ERESTARTSYS;
999 }
1000 return 0;
1001}
1002
1da177e4
LT		 1003/*
1004 * Split writes up in sane blocksizes to avoid
1005 * denial-of-service type attacks
1006 */
1007static inline ssize_t do_tty_write(
1008 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1009 struct tty_struct *tty,
1010 struct file *file,
1011 const char __user *buf,
1012 size_t count)
1013{
9c1729db 1014 ssize_t ret, written = 0;
1da177e4 1015 unsigned int chunk;
37bdfb07 1016
9c1729db
AC		 1017 ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
1018 if (ret < 0)
1019 return ret;
1da177e4
LT		 1020
1021 /*
1022 * We chunk up writes into a temporary buffer. This
1023 * simplifies low-level drivers immensely, since they
1024 * don't have locking issues and user mode accesses.
1025 *
1026 * But if TTY_NO_WRITE_SPLIT is set, we should use a
1027 * big chunk-size..
1028 *
1029 * The default chunk-size is 2kB, because the NTTY
1030 * layer has problems with bigger chunks. It will
1031 * claim to be able to handle more characters than
1032 * it actually does.
af9b897e
AC		 1033 *
1034 * FIXME: This can probably go away now except that 64K chunks
1035 * are too likely to fail unless switched to vmalloc...
1da177e4
LT		 1036 */
1037 chunk = 2048;
1038 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1039 chunk = 65536;
1040 if (count < chunk)
1041 chunk = count;
1042
70522e12 1043 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1da177e4 1044 if (tty->write_cnt < chunk) {
402fda92 1045 unsigned char *buf_chunk;
1da177e4
LT		 1046
1047 if (chunk < 1024)
1048 chunk = 1024;
1049
402fda92
JW		 1050 buf_chunk = kmalloc(chunk, GFP_KERNEL);
1051 if (!buf_chunk) {
9c1729db
AC		 1052 ret = -ENOMEM;
1053 goto out;
1da177e4
LT		 1054 }
1055 kfree(tty->write_buf);
1056 tty->write_cnt = chunk;
402fda92 1057 tty->write_buf = buf_chunk;
1da177e4
LT		 1058 }
1059
1060 /* Do the write .. */
1061 for (;;) {
1062 size_t size = count;
1063 if (size > chunk)
1064 size = chunk;
1065 ret = -EFAULT;
1066 if (copy_from_user(tty->write_buf, buf, size))
1067 break;
1da177e4 1068 ret = write(tty, file, tty->write_buf, size);
1da177e4
LT		 1069 if (ret <= 0)
1070 break;
1071 written += ret;
1072 buf += ret;
1073 count -= ret;
1074 if (!count)
1075 break;
1076 ret = -ERESTARTSYS;
1077 if (signal_pending(current))
1078 break;
1079 cond_resched();
1080 }
b0de59b5 1081 if (written)
1da177e4 1082 ret = written;
9c1729db
AC		 1083out:
1084 tty_write_unlock(tty);
1da177e4
LT		 1085 return ret;
1086}
1087
95f9bfc6
AC		 1088/**
1089 * tty_write_message - write a message to a certain tty, not just the console.
1090 * @tty: the destination tty_struct
1091 * @msg: the message to write
1092 *
1093 * This is used for messages that need to be redirected to a specific tty.
1094 * We don't put it into the syslog queue right now maybe in the future if
1095 * really needed.
1096 *
ec79d605 1097 * We must still hold the BTM and test the CLOSING flag for the moment.
95f9bfc6
AC		 1098 */
1099
1100void tty_write_message(struct tty_struct *tty, char *msg)
1101{
95f9bfc6
AC		 1102 if (tty) {
1103 mutex_lock(&tty->atomic_write_lock);
89c8d91e 1104 tty_lock(tty);
eeb89d91 1105 if (tty->ops->write && !test_bit(TTY_CLOSING, &tty->flags)) {
89c8d91e 1106 tty_unlock(tty);
95f9bfc6 1107 tty->ops->write(tty, msg, strlen(msg));
eeb89d91 1108 } else
89c8d91e 1109 tty_unlock(tty);
95f9bfc6
AC		 1110 tty_write_unlock(tty);
1111 }
95f9bfc6
AC		 1112 return;
1113}
1114
1da177e4 1115
af9b897e
AC		 1116/**
1117 * tty_write - write method for tty device file
1118 * @file: tty file pointer
1119 * @buf: user data to write
1120 * @count: bytes to write
1121 * @ppos: unused
1122 *
1123 * Write data to a tty device via the line discipline.
1124 *
1125 * Locking:
1126 * Locks the line discipline as required
1127 * Writes to the tty driver are serialized by the atomic_write_lock
1128 * and are then processed in chunks to the device. The line discipline
a88a69c9 1129 * write method will not be invoked in parallel for each device.
af9b897e
AC		 1130 */
1131
37bdfb07
AC		 1132static ssize_t tty_write(struct file *file, const char __user *buf,
1133 size_t count, loff_t *ppos)
1da177e4 1134{
a7113a96 1135 struct inode *inode = file->f_path.dentry->d_inode;
d996b62a
NP		 1136 struct tty_struct *tty = file_tty(file);
1137 struct tty_ldisc *ld;
1da177e4 1138 ssize_t ret;
37bdfb07 1139
1da177e4
LT		 1140 if (tty_paranoia_check(tty, inode, "tty_write"))
1141 return -EIO;
f34d7a5b 1142 if (!tty || !tty->ops->write ||
37bdfb07
AC		 1143 (test_bit(TTY_IO_ERROR, &tty->flags)))
1144 return -EIO;
f34d7a5b
AC		 1145 /* Short term debug to catch buggy drivers */
1146 if (tty->ops->write_room == NULL)
1147 printk(KERN_ERR "tty driver %s lacks a write_room method.\n",
1148 tty->driver->name);
37bdfb07 1149 ld = tty_ldisc_ref_wait(tty);
a352def2 1150 if (!ld->ops->write)
1da177e4
LT		 1151 ret = -EIO;
1152 else
a352def2 1153 ret = do_tty_write(ld->ops->write, tty, file, buf, count);
1da177e4
LT		 1154 tty_ldisc_deref(ld);
1155 return ret;
1156}
1157
37bdfb07
AC		 1158ssize_t redirected_tty_write(struct file *file, const char __user *buf,
1159 size_t count, loff_t *ppos)
1da177e4
LT		 1160{
1161 struct file *p = NULL;
1162
1163 spin_lock(&redirect_lock);
cb0942b8
AV		 1164 if (redirect)
1165 p = get_file(redirect);
1da177e4
LT		 1166 spin_unlock(&redirect_lock);
1167
1168 if (p) {
1169 ssize_t res;
1170 res = vfs_write(p, buf, count, &p->f_pos);
1171 fput(p);
1172 return res;
1173 }
1da177e4
LT		 1174 return tty_write(file, buf, count, ppos);
1175}
1176
1177static char ptychar[] = "pqrstuvwxyzabcde";
1178
af9b897e
AC		 1179/**
1180 * pty_line_name - generate name for a pty
1181 * @driver: the tty driver in use
1182 * @index: the minor number
1183 * @p: output buffer of at least 6 bytes
1184 *
1185 * Generate a name from a driver reference and write it to the output
1186 * buffer.
1187 *
1188 * Locking: None
1189 */
1190static void pty_line_name(struct tty_driver *driver, int index, char *p)
1da177e4
LT		 1191{
1192 int i = index + driver->name_base;
1193 /* ->name is initialized to "ttyp", but "tty" is expected */
1194 sprintf(p, "%s%c%x",
37bdfb07
AC		 1195 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1196 ptychar[i >> 4 & 0xf], i & 0xf);
1da177e4
LT		 1197}
1198
af9b897e 1199/**
8b0a88d5 1200 * tty_line_name - generate name for a tty
af9b897e
AC		 1201 * @driver: the tty driver in use
1202 * @index: the minor number
1203 * @p: output buffer of at least 7 bytes
1204 *
1205 * Generate a name from a driver reference and write it to the output
1206 * buffer.
1207 *
1208 * Locking: None
1209 */
1210static void tty_line_name(struct tty_driver *driver, int index, char *p)
1da177e4 1211{
0019b408
JS		 1212 if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE)
1213 strcpy(p, driver->name);
1214 else
1215 sprintf(p, "%s%d", driver->name, index + driver->name_base);
1da177e4
LT		 1216}
1217
99f1fe18
AC		 1218/**
1219 * tty_driver_lookup_tty() - find an existing tty, if any
1220 * @driver: the driver for the tty
1221 * @idx: the minor number
23499705 1222 *
99f1fe18 1223 * Return the tty, if found or ERR_PTR() otherwise.
23499705 1224 *
99f1fe18
AC		 1225 * Locking: tty_mutex must be held. If tty is found, the mutex must
1226 * be held until the 'fast-open' is also done. Will change once we
1227 * have refcounting in the driver and per driver locking
23499705 1228 */
a47d545f 1229static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver,
15f1a633 1230 struct inode *inode, int idx)
23499705 1231{
99f1fe18 1232 if (driver->ops->lookup)
15f1a633 1233 return driver->ops->lookup(driver, inode, idx);
23499705 1234
d4834267 1235 return driver->ttys[idx];
23499705
SB		 1236}
1237
bf970ee4
AC		 1238/**
1239 * tty_init_termios - helper for termios setup
1240 * @tty: the tty to set up
1241 *
1242 * Initialise the termios structures for this tty. Thus runs under
1243 * the tty_mutex currently so we can be relaxed about ordering.
1244 */
1245
1246int tty_init_termios(struct tty_struct *tty)
1247{
fe6e29fd 1248 struct ktermios *tp;
bf970ee4
AC		 1249 int idx = tty->index;
1250
36b3c070
AC		 1251 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1252 tty->termios = tty->driver->init_termios;
1253 else {
1254 /* Check for lazy saved data */
1255 tp = tty->driver->termios[idx];
1256 if (tp != NULL)
1257 tty->termios = *tp;
1258 else
1259 tty->termios = tty->driver->init_termios;
bf970ee4 1260 }
bf970ee4 1261 /* Compatibility until drivers always set this */
adc8d746
AC		 1262 tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios);
1263 tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios);
bf970ee4
AC		 1264 return 0;
1265}
fe1ae7fd 1266EXPORT_SYMBOL_GPL(tty_init_termios);
bf970ee4 1267
66d450e8
JS		 1268int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty)
1269{
1270 int ret = tty_init_termios(tty);
1271 if (ret)
1272 return ret;
1273
1274 tty_driver_kref_get(driver);
1275 tty->count++;
1276 driver->ttys[tty->index] = tty;
1277 return 0;
1278}
1279EXPORT_SYMBOL_GPL(tty_standard_install);
1280
99f1fe18 1281/**
8b0a88d5
AC		 1282 * tty_driver_install_tty() - install a tty entry in the driver
1283 * @driver: the driver for the tty
1284 * @tty: the tty
1285 *
1286 * Install a tty object into the driver tables. The tty->index field
bf970ee4
AC		 1287 * will be set by the time this is called. This method is responsible
1288 * for ensuring any need additional structures are allocated and
1289 * configured.
8b0a88d5
AC		 1290 *
1291 * Locking: tty_mutex for now
1292 */
1293static int tty_driver_install_tty(struct tty_driver *driver,
1294 struct tty_struct *tty)
1295{
66d450e8
JS		 1296 return driver->ops->install ? driver->ops->install(driver, tty) :
1297 tty_standard_install(driver, tty);
8b0a88d5
AC		 1298}
1299
1300/**
1301 * tty_driver_remove_tty() - remove a tty from the driver tables
1302 * @driver: the driver for the tty
1303 * @idx: the minor number
1304 *
1305 * Remvoe a tty object from the driver tables. The tty->index field
1306 * will be set by the time this is called.
1307 *
1308 * Locking: tty_mutex for now
1309 */
24d406a6 1310void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty)
8b0a88d5
AC		 1311{
1312 if (driver->ops->remove)
1313 driver->ops->remove(driver, tty);
1314 else
1315 driver->ttys[tty->index] = NULL;
1316}
1317
1318/*
1319 * tty_reopen() - fast re-open of an open tty
1320 * @tty - the tty to open
23499705 1321 *
99f1fe18 1322 * Return 0 on success, -errno on error.
23499705 1323 *
99f1fe18
AC		 1324 * Locking: tty_mutex must be held from the time the tty was found
1325 * till this open completes.
23499705 1326 */
99f1fe18 1327static int tty_reopen(struct tty_struct *tty)
23499705
SB		 1328{
1329 struct tty_driver *driver = tty->driver;
1330
e2efafbf 1331 if (test_bit(TTY_CLOSING, &tty->flags) ||
acfa747b 1332 test_bit(TTY_HUPPING, &tty->flags) ||
e2efafbf 1333 test_bit(TTY_LDISC_CHANGING, &tty->flags))
23499705
SB		 1334 return -EIO;
1335
1336 if (driver->type == TTY_DRIVER_TYPE_PTY &&
1337 driver->subtype == PTY_TYPE_MASTER) {
1338 /*
1339 * special case for PTY masters: only one open permitted,
1340 * and the slave side open count is incremented as well.
1341 */
1342 if (tty->count)
1343 return -EIO;
1344
1345 tty->link->count++;
1346 }
1347 tty->count++;
23499705 1348
1aa4bed8 1349 mutex_lock(&tty->ldisc_mutex);
99f1fe18 1350 WARN_ON(!test_bit(TTY_LDISC, &tty->flags));
1aa4bed8 1351 mutex_unlock(&tty->ldisc_mutex);
23499705
SB		 1352
1353 return 0;
1354}
1355
af9b897e 1356/**
d81ed103 1357 * tty_init_dev - initialise a tty device
af9b897e
AC		 1358 * @driver: tty driver we are opening a device on
1359 * @idx: device index
15582d36 1360 * @ret_tty: returned tty structure
af9b897e
AC		 1361 *
1362 * Prepare a tty device. This may not be a "new" clean device but
1363 * could also be an active device. The pty drivers require special
1364 * handling because of this.
1365 *
1366 * Locking:
1367 * The function is called under the tty_mutex, which
1368 * protects us from the tty struct or driver itself going away.
1369 *
1370 * On exit the tty device has the line discipline attached and
1371 * a reference count of 1. If a pair was created for pty/tty use
1372 * and the other was a pty master then it too has a reference count of 1.
1373 *
1da177e4 1374 * WSH 06/09/97: Rewritten to remove races and properly clean up after a
70522e12
IM		 1375 * failed open. The new code protects the open with a mutex, so it's
1376 * really quite straightforward. The mutex locking can probably be
1da177e4
LT		 1377 * relaxed for the (most common) case of reopening a tty.
1378 */
af9b897e 1379
593a27c4 1380struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx)
1da177e4 1381{
bf970ee4 1382 struct tty_struct *tty;
73ec06fc 1383 int retval;
1da177e4 1384
1da177e4
LT		 1385 /*
1386 * First time open is complex, especially for PTY devices.
1387 * This code guarantees that either everything succeeds and the
1388 * TTY is ready for operation, or else the table slots are vacated
37bdfb07 1389 * and the allocated memory released. (Except that the termios
1da177e4
LT		 1390 * and locked termios may be retained.)
1391 */
1392
73ec06fc
AC		 1393 if (!try_module_get(driver->owner))
1394 return ERR_PTR(-ENODEV);
1da177e4 1395
1da177e4 1396 tty = alloc_tty_struct();
d5543503
JS		 1397 if (!tty) {
1398 retval = -ENOMEM;
1399 goto err_module_put;
1400 }
bf970ee4 1401 initialize_tty_struct(tty, driver, idx);
1da177e4 1402
89c8d91e 1403 tty_lock(tty);
73ec06fc 1404 retval = tty_driver_install_tty(driver, tty);
d5543503 1405 if (retval < 0)
a9dccddb 1406 goto err_deinit_tty;
8b0a88d5 1407
04831dc1
JS		 1408 if (!tty->port)
1409 tty->port = driver->ports[idx];
1410
5d4121c0
JS		 1411 WARN_RATELIMIT(!tty->port,
1412 "%s: %s driver does not set tty->port. This will crash the kernel later. Fix the driver!\n",
1413 __func__, tty->driver->name);
1414
967fab69
JS		 1415 tty->port->itty = tty;
1416
37bdfb07 1417 /*
1da177e4 1418 * Structures all installed ... call the ldisc open routines.
d5698c28
CH		 1419 * If we fail here just call release_tty to clean up. No need
1420 * to decrement the use counts, as release_tty doesn't care.
1da177e4 1421 */
bf970ee4 1422 retval = tty_ldisc_setup(tty, tty->link);
01e1abb2 1423 if (retval)
d5543503 1424 goto err_release_tty;
89c8d91e 1425 /* Return the tty locked so that it cannot vanish under the caller */
73ec06fc 1426 return tty;
1da177e4 1427
a9dccddb 1428err_deinit_tty:
89c8d91e 1429 tty_unlock(tty);
a9dccddb 1430 deinitialize_tty_struct(tty);
d5543503
JS		 1431 free_tty_struct(tty);
1432err_module_put:
1da177e4 1433 module_put(driver->owner);
d5543503 1434 return ERR_PTR(retval);
1da177e4 1435
d5698c28 1436 /* call the tty release_tty routine to clean out this slot */
d5543503 1437err_release_tty:
89c8d91e 1438 tty_unlock(tty);
5a3c6b25 1439 printk_ratelimited(KERN_INFO "tty_init_dev: ldisc open failed, "
4050914f 1440 "clearing slot %d\n", idx);
d5698c28 1441 release_tty(tty, idx);
73ec06fc 1442 return ERR_PTR(retval);
1da177e4
LT		 1443}
1444
feebed65
AC		 1445void tty_free_termios(struct tty_struct *tty)
1446{
1447 struct ktermios *tp;
1448 int idx = tty->index;
36b3c070
AC		 1449
1450 /* If the port is going to reset then it has no termios to save */
1451 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1452 return;
1453
1454 /* Stash the termios data */
1455 tp = tty->driver->termios[idx];
1456 if (tp == NULL) {
1457 tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
1458 if (tp == NULL) {
1459 pr_warn("tty: no memory to save termios state.\n");
1460 return;
1461 }
4ac5d705 1462 tty->driver->termios[idx] = tp;
feebed65 1463 }
36b3c070 1464 *tp = tty->termios;
feebed65
AC		 1465}
1466EXPORT_SYMBOL(tty_free_termios);
1467
feebed65 1468
af9b897e 1469/**
d5698c28 1470 * release_one_tty - release tty structure memory
9c9f4ded 1471 * @kref: kref of tty we are obliterating
af9b897e
AC		 1472 *
1473 * Releases memory associated with a tty structure, and clears out the
1474 * driver table slots. This function is called when a device is no longer
1475 * in use. It also gets called when setup of a device fails.
1476 *
1477 * Locking:
af9b897e
AC		 1478 * takes the file list lock internally when working on the list
1479 * of ttys that the driver keeps.
b50989dc
AC		 1480 *
1481 * This method gets called from a work queue so that the driver private
f278a2f7 1482 * cleanup ops can sleep (needed for USB at least)
1da177e4 1483 */
b50989dc 1484static void release_one_tty(struct work_struct *work)
1da177e4 1485{
b50989dc
AC		 1486 struct tty_struct *tty =
1487 container_of(work, struct tty_struct, hangup_work);
6f967f78 1488 struct tty_driver *driver = tty->driver;
d5698c28 1489
f278a2f7
DY		 1490 if (tty->ops->cleanup)
1491 tty->ops->cleanup(tty);
1492
1da177e4 1493 tty->magic = 0;
7d7b93c1 1494 tty_driver_kref_put(driver);
6f967f78 1495 module_put(driver->owner);
d5698c28 1496
ee2ffa0d 1497 spin_lock(&tty_files_lock);
1da177e4 1498 list_del_init(&tty->tty_files);
ee2ffa0d 1499 spin_unlock(&tty_files_lock);
d5698c28 1500
6da8d866
ON		 1501 put_pid(tty->pgrp);
1502 put_pid(tty->session);
1da177e4
LT		 1503 free_tty_struct(tty);
1504}
1505
b50989dc
AC		 1506static void queue_release_one_tty(struct kref *kref)
1507{
1508 struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
f278a2f7 1509
b50989dc
AC		 1510 /* The hangup queue is now free so we can reuse it rather than
1511 waste a chunk of memory for each port */
1512 INIT_WORK(&tty->hangup_work, release_one_tty);
1513 schedule_work(&tty->hangup_work);
1514}
1515
9c9f4ded
AC		 1516/**
1517 * tty_kref_put - release a tty kref
1518 * @tty: tty device
1519 *
1520 * Release a reference to a tty device and if need be let the kref
1521 * layer destruct the object for us
1522 */
1523
1524void tty_kref_put(struct tty_struct *tty)
1525{
1526 if (tty)
b50989dc 1527 kref_put(&tty->kref, queue_release_one_tty);
9c9f4ded
AC		 1528}
1529EXPORT_SYMBOL(tty_kref_put);
1530
d5698c28
CH		 1531/**
1532 * release_tty - release tty structure memory
1533 *
1534 * Release both @tty and a possible linked partner (think pty pair),
1535 * and decrement the refcount of the backing module.
1536 *
1537 * Locking:
d155255a 1538 * tty_mutex
d5698c28
CH		 1539 * takes the file list lock internally when working on the list
1540 * of ttys that the driver keeps.
9c9f4ded 1541 *
d5698c28
CH		 1542 */
1543static void release_tty(struct tty_struct *tty, int idx)
1544{
9c9f4ded
AC		 1545 /* This should always be true but check for the moment */
1546 WARN_ON(tty->index != idx);
d155255a 1547 WARN_ON(!mutex_is_locked(&tty_mutex));
36b3c070
AC		 1548 if (tty->ops->shutdown)
1549 tty->ops->shutdown(tty);
1550 tty_free_termios(tty);
1551 tty_driver_remove_tty(tty->driver, tty);
967fab69 1552 tty->port->itty = NULL;
36b3c070 1553
d5698c28 1554 if (tty->link)
9c9f4ded
AC		 1555 tty_kref_put(tty->link);
1556 tty_kref_put(tty);
d5698c28
CH		 1557}
1558
955787ca
JS		 1559/**
1560 * tty_release_checks - check a tty before real release
1561 * @tty: tty to check
1562 * @o_tty: link of @tty (if any)
1563 * @idx: index of the tty
1564 *
1565 * Performs some paranoid checking before true release of the @tty.
1566 * This is a no-op unless TTY_PARANOIA_CHECK is defined.
1567 */
1568static int tty_release_checks(struct tty_struct *tty, struct tty_struct *o_tty,
1569 int idx)
1570{
1571#ifdef TTY_PARANOIA_CHECK
1572 if (idx < 0 || idx >= tty->driver->num) {
9de44bd6
JS		 1573 printk(KERN_DEBUG "%s: bad idx when trying to free (%s)\n",
1574 __func__, tty->name);
955787ca
JS		 1575 return -1;
1576 }
1577
1578 /* not much to check for devpts */
1579 if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)
1580 return 0;
1581
1582 if (tty != tty->driver->ttys[idx]) {
9de44bd6
JS		 1583 printk(KERN_DEBUG "%s: driver.table[%d] not tty for (%s)\n",
1584 __func__, idx, tty->name);
955787ca
JS		 1585 return -1;
1586 }
955787ca
JS		 1587 if (tty->driver->other) {
1588 if (o_tty != tty->driver->other->ttys[idx]) {
9de44bd6
JS		 1589 printk(KERN_DEBUG "%s: other->table[%d] not o_tty for (%s)\n",
1590 __func__, idx, tty->name);
955787ca
JS		 1591 return -1;
1592 }
955787ca 1593 if (o_tty->link != tty) {
9de44bd6 1594 printk(KERN_DEBUG "%s: bad pty pointers\n", __func__);
955787ca
JS		 1595 return -1;
1596 }
1597 }
1598#endif
1599 return 0;
1600}
1601
eeb89d91
AC		 1602/**
1603 * tty_release - vfs callback for close
1604 * @inode: inode of tty
1605 * @filp: file pointer for handle to tty
1606 *
1607 * Called the last time each file handle is closed that references
1608 * this tty. There may however be several such references.
1609 *
1610 * Locking:
1611 * Takes bkl. See tty_release_dev
1612 *
1da177e4
LT		 1613 * Even releasing the tty structures is a tricky business.. We have
1614 * to be very careful that the structures are all released at the
1615 * same time, as interrupts might otherwise get the wrong pointers.
1616 *
1617 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1618 * lead to double frees or releasing memory still in use.
1619 */
eeb89d91
AC		 1620
1621int tty_release(struct inode *inode, struct file *filp)
1da177e4 1622{
d996b62a
NP		 1623 struct tty_struct *tty = file_tty(filp);
1624 struct tty_struct *o_tty;
1da177e4 1625 int pty_master, tty_closing, o_tty_closing, do_sleep;
1da177e4
LT		 1626 int idx;
1627 char buf[64];
37bdfb07 1628
9de44bd6 1629 if (tty_paranoia_check(tty, inode, __func__))
eeb89d91 1630 return 0;
1da177e4 1631
89c8d91e 1632 tty_lock(tty);
9de44bd6 1633 check_tty_count(tty, __func__);
1da177e4 1634
ec79d605 1635 __tty_fasync(-1, filp, 0);
1da177e4
LT		 1636
1637 idx = tty->index;
1638 pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1639 tty->driver->subtype == PTY_TYPE_MASTER);
89c8d91e 1640 /* Review: parallel close */
1da177e4
LT		 1641 o_tty = tty->link;
1642
955787ca 1643 if (tty_release_checks(tty, o_tty, idx)) {
89c8d91e 1644 tty_unlock(tty);
eeb89d91 1645 return 0;
1da177e4 1646 }
1da177e4
LT		 1647
1648#ifdef TTY_DEBUG_HANGUP
9de44bd6
JS		 1649 printk(KERN_DEBUG "%s: %s (tty count=%d)...\n", __func__,
1650 tty_name(tty, buf), tty->count);
1da177e4
LT		 1651#endif
1652
f34d7a5b
AC		 1653 if (tty->ops->close)
1654 tty->ops->close(tty, filp);
1da177e4 1655
89c8d91e 1656 tty_unlock(tty);
1da177e4
LT		 1657 /*
1658 * Sanity check: if tty->count is going to zero, there shouldn't be
1659 * any waiters on tty->read_wait or tty->write_wait. We test the
1660 * wait queues and kick everyone out _before_ actually starting to
1661 * close. This ensures that we won't block while releasing the tty
1662 * structure.
1663 *
1664 * The test for the o_tty closing is necessary, since the master and
1665 * slave sides may close in any order. If the slave side closes out
1666 * first, its count will be one, since the master side holds an open.
1667 * Thus this test wouldn't be triggered at the time the slave closes,
1668 * so we do it now.
1669 *
1670 * Note that it's possible for the tty to be opened again while we're
1671 * flushing out waiters. By recalculating the closing flags before
1672 * each iteration we avoid any problems.
1673 */
1674 while (1) {
1675 /* Guard against races with tty->count changes elsewhere and
1676 opens on /dev/tty */
37bdfb07 1677
70522e12 1678 mutex_lock(&tty_mutex);
89c8d91e 1679 tty_lock_pair(tty, o_tty);
1da177e4
LT		 1680 tty_closing = tty->count <= 1;
1681 o_tty_closing = o_tty &&
1682 (o_tty->count <= (pty_master ? 1 : 0));
1da177e4
LT		 1683 do_sleep = 0;
1684
1685 if (tty_closing) {
1686 if (waitqueue_active(&tty->read_wait)) {
4b19449d 1687 wake_up_poll(&tty->read_wait, POLLIN);
1da177e4
LT		 1688 do_sleep++;
1689 }
1690 if (waitqueue_active(&tty->write_wait)) {
4b19449d 1691 wake_up_poll(&tty->write_wait, POLLOUT);
1da177e4
LT		 1692 do_sleep++;
1693 }
1694 }
1695 if (o_tty_closing) {
1696 if (waitqueue_active(&o_tty->read_wait)) {
4b19449d 1697 wake_up_poll(&o_tty->read_wait, POLLIN);
1da177e4
LT		 1698 do_sleep++;
1699 }
1700 if (waitqueue_active(&o_tty->write_wait)) {
4b19449d 1701 wake_up_poll(&o_tty->write_wait, POLLOUT);
1da177e4
LT		 1702 do_sleep++;
1703 }
1704 }
1705 if (!do_sleep)
1706 break;
1707
9de44bd6
JS		 1708 printk(KERN_WARNING "%s: %s: read/write wait queue active!\n",
1709 __func__, tty_name(tty, buf));
89c8d91e 1710 tty_unlock_pair(tty, o_tty);
70522e12 1711 mutex_unlock(&tty_mutex);
1da177e4 1712 schedule();
37bdfb07 1713 }
1da177e4
LT		 1714
1715 /*
37bdfb07
AC		 1716 * The closing flags are now consistent with the open counts on
1717 * both sides, and we've completed the last operation that could
1da177e4 1718 * block, so it's safe to proceed with closing.
d155255a
AC		 1719 *
1720 * We must *not* drop the tty_mutex until we ensure that a further
1721 * entry into tty_open can not pick up this tty.
1da177e4 1722 */
1da177e4
LT		 1723 if (pty_master) {
1724 if (--o_tty->count < 0) {
9de44bd6
JS		 1725 printk(KERN_WARNING "%s: bad pty slave count (%d) for %s\n",
1726 __func__, o_tty->count, tty_name(o_tty, buf));
1da177e4
LT		 1727 o_tty->count = 0;
1728 }
1729 }
1730 if (--tty->count < 0) {
9de44bd6
JS		 1731 printk(KERN_WARNING "%s: bad tty->count (%d) for %s\n",
1732 __func__, tty->count, tty_name(tty, buf));
1da177e4
LT		 1733 tty->count = 0;
1734 }
37bdfb07 1735
1da177e4
LT		 1736 /*
1737 * We've decremented tty->count, so we need to remove this file
1738 * descriptor off the tty->tty_files list; this serves two
1739 * purposes:
1740 * - check_tty_count sees the correct number of file descriptors
1741 * associated with this tty.
1742 * - do_tty_hangup no longer sees this file descriptor as
1743 * something that needs to be handled for hangups.
1744 */
d996b62a 1745 tty_del_file(filp);
1da177e4
LT		 1746
1747 /*
1748 * Perform some housekeeping before deciding whether to return.
1749 *
1750 * Set the TTY_CLOSING flag if this was the last open. In the
1751 * case of a pty we may have to wait around for the other side
1752 * to close, and TTY_CLOSING makes sure we can't be reopened.
1753 */
37bdfb07 1754 if (tty_closing)
1da177e4 1755 set_bit(TTY_CLOSING, &tty->flags);
37bdfb07 1756 if (o_tty_closing)
1da177e4
LT		 1757 set_bit(TTY_CLOSING, &o_tty->flags);
1758
1759 /*
1760 * If _either_ side is closing, make sure there aren't any
1761 * processes that still think tty or o_tty is their controlling
1762 * tty.
1763 */
1764 if (tty_closing || o_tty_closing) {
1da177e4 1765 read_lock(&tasklist_lock);
24ec839c 1766 session_clear_tty(tty->session);
1da177e4 1767 if (o_tty)
24ec839c 1768 session_clear_tty(o_tty->session);
1da177e4
LT		 1769 read_unlock(&tasklist_lock);
1770 }
1771
70522e12 1772 mutex_unlock(&tty_mutex);
89c8d91e 1773 tty_unlock_pair(tty, o_tty);
d155255a
AC		 1774 /* At this point the TTY_CLOSING flag should ensure a dead tty
1775 cannot be re-opened by a racing opener */
da965822 1776
1da177e4 1777 /* check whether both sides are closing ... */
d155255a 1778 if (!tty_closing || (o_tty && !o_tty_closing))
eeb89d91 1779 return 0;
37bdfb07 1780
1da177e4 1781#ifdef TTY_DEBUG_HANGUP
9de44bd6 1782 printk(KERN_DEBUG "%s: freeing tty structure...\n", __func__);
1da177e4
LT		 1783#endif
1784 /*
01e1abb2 1785 * Ask the line discipline code to release its structures
1da177e4 1786 */
01e1abb2 1787 tty_ldisc_release(tty, o_tty);
1da177e4 1788 /*
d5698c28 1789 * The release_tty function takes care of the details of clearing
89c8d91e
AC		 1790 * the slots and preserving the termios structure. The tty_unlock_pair
1791 * should be safe as we keep a kref while the tty is locked (so the
1792 * unlock never unlocks a freed tty).
1da177e4 1793 */
d155255a 1794 mutex_lock(&tty_mutex);
d5698c28 1795 release_tty(tty, idx);
d155255a 1796 mutex_unlock(&tty_mutex);
1da177e4 1797
eeb89d91 1798 return 0;
1da177e4
LT		 1799}
1800
b82154ac
JS		 1801/**
1802 * tty_open_current_tty - get tty of current task for open
1803 * @device: device number
1804 * @filp: file pointer to tty
1805 * @return: tty of the current task iff @device is /dev/tty
1806 *
1807 * We cannot return driver and index like for the other nodes because
1808 * devpts will not work then. It expects inodes to be from devpts FS.
3af502b9
AC		 1809 *
1810 * We need to move to returning a refcounted object from all the lookup
1811 * paths including this one.
b82154ac
JS		 1812 */
1813static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp)
1814{
1815 struct tty_struct *tty;
1816
1817 if (device != MKDEV(TTYAUX_MAJOR, 0))
1818 return NULL;
1819
1820 tty = get_current_tty();
1821 if (!tty)
1822 return ERR_PTR(-ENXIO);
1823
1824 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
1825 /* noctty = 1; */
1826 tty_kref_put(tty);
1827 /* FIXME: we put a reference and return a TTY! */
3af502b9 1828 /* This is only safe because the caller holds tty_mutex */
b82154ac
JS		 1829 return tty;
1830}
1831
5b5e7040
JS		 1832/**
1833 * tty_lookup_driver - lookup a tty driver for a given device file
1834 * @device: device number
1835 * @filp: file pointer to tty
1836 * @noctty: set if the device should not become a controlling tty
1837 * @index: index for the device in the @return driver
1838 * @return: driver for this inode (with increased refcount)
1839 *
1840 * If @return is not erroneous, the caller is responsible to decrement the
1841 * refcount by tty_driver_kref_put.
1842 *
1843 * Locking: tty_mutex protects get_tty_driver
1844 */
1845static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp,
1846 int *noctty, int *index)
1847{
1848 struct tty_driver *driver;
1849
2cd0050c 1850 switch (device) {
5b5e7040 1851#ifdef CONFIG_VT
2cd0050c 1852 case MKDEV(TTY_MAJOR, 0): {
5b5e7040
JS		 1853 extern struct tty_driver *console_driver;
1854 driver = tty_driver_kref_get(console_driver);
1855 *index = fg_console;
1856 *noctty = 1;
2cd0050c 1857 break;
5b5e7040
JS		 1858 }
1859#endif
2cd0050c 1860 case MKDEV(TTYAUX_MAJOR, 1): {
5b5e7040
JS		 1861 struct tty_driver *console_driver = console_device(index);
1862 if (console_driver) {
1863 driver = tty_driver_kref_get(console_driver);
1864 if (driver) {
1865 /* Don't let /dev/console block */
1866 filp->f_flags |= O_NONBLOCK;
1867 *noctty = 1;
2cd0050c 1868 break;
5b5e7040
JS		 1869 }
1870 }
1871 return ERR_PTR(-ENODEV);
1872 }
2cd0050c
JS		 1873 default:
1874 driver = get_tty_driver(device, index);
1875 if (!driver)
1876 return ERR_PTR(-ENODEV);
1877 break;
1878 }
5b5e7040
JS		 1879 return driver;
1880}
1881
af9b897e 1882/**
eeb89d91 1883 * tty_open - open a tty device
af9b897e
AC		 1884 * @inode: inode of device file
1885 * @filp: file pointer to tty
1da177e4 1886 *
af9b897e
AC		 1887 * tty_open and tty_release keep up the tty count that contains the
1888 * number of opens done on a tty. We cannot use the inode-count, as
1889 * different inodes might point to the same tty.
1da177e4 1890 *
af9b897e
AC		 1891 * Open-counting is needed for pty masters, as well as for keeping
1892 * track of serial lines: DTR is dropped when the last close happens.
1893 * (This is not done solely through tty->count, now. - Ted 1/27/92)
1894 *
1895 * The termios state of a pty is reset on first open so that
1896 * settings don't persist across reuse.
1897 *
5b5e7040 1898 * Locking: tty_mutex protects tty, tty_lookup_driver and tty_init_dev.
24ec839c
PZ		 1899 * tty->count should protect the rest.
1900 * ->siglock protects ->signal/->sighand
89c8d91e
AC		 1901 *
1902 * Note: the tty_unlock/lock cases without a ref are only safe due to
1903 * tty_mutex
1da177e4 1904 */
af9b897e 1905
eeb89d91 1906static int tty_open(struct inode *inode, struct file *filp)
1da177e4 1907{
b82154ac 1908 struct tty_struct *tty;
1da177e4 1909 int noctty, retval;
b82154ac 1910 struct tty_driver *driver = NULL;
1da177e4
LT		 1911 int index;
1912 dev_t device = inode->i_rdev;
846c151a 1913 unsigned saved_flags = filp->f_flags;
1da177e4
LT		 1914
1915 nonseekable_open(inode, filp);
37bdfb07 1916
1da177e4 1917retry_open:
fa90e1c9
JS		 1918 retval = tty_alloc_file(filp);
1919 if (retval)
1920 return -ENOMEM;
1921
1da177e4
LT		 1922 noctty = filp->f_flags & O_NOCTTY;
1923 index = -1;
1924 retval = 0;
37bdfb07 1925
70522e12 1926 mutex_lock(&tty_mutex);
89c8d91e 1927 /* This is protected by the tty_mutex */
b82154ac
JS		 1928 tty = tty_open_current_tty(device, filp);
1929 if (IS_ERR(tty)) {
ba5db448
JS		 1930 retval = PTR_ERR(tty);
1931 goto err_unlock;
5b5e7040
JS		 1932 } else if (!tty) {
1933 driver = tty_lookup_driver(device, filp, &noctty, &index);
1934 if (IS_ERR(driver)) {
ba5db448
JS		 1935 retval = PTR_ERR(driver);
1936 goto err_unlock;
1da177e4 1937 }
1da177e4 1938
4a2b5fdd 1939 /* check whether we're reopening an existing tty */
15f1a633 1940 tty = tty_driver_lookup_tty(driver, inode, index);
808ffa3d 1941 if (IS_ERR(tty)) {
ba5db448
JS		 1942 retval = PTR_ERR(tty);
1943 goto err_unlock;
808ffa3d 1944 }
4a2b5fdd
SB		 1945 }
1946
1947 if (tty) {
89c8d91e 1948 tty_lock(tty);
4a2b5fdd 1949 retval = tty_reopen(tty);
89c8d91e
AC		 1950 if (retval < 0) {
1951 tty_unlock(tty);
4a2b5fdd 1952 tty = ERR_PTR(retval);
89c8d91e
AC		 1953 }
1954 } else /* Returns with the tty_lock held for now */
593a27c4 1955 tty = tty_init_dev(driver, index);
4a2b5fdd 1956
70522e12 1957 mutex_unlock(&tty_mutex);
b82154ac
JS		 1958 if (driver)
1959 tty_driver_kref_put(driver);
eeb89d91 1960 if (IS_ERR(tty)) {
ba5db448
JS		 1961 retval = PTR_ERR(tty);
1962 goto err_file;
eeb89d91 1963 }
1da177e4 1964
fa90e1c9 1965 tty_add_file(tty, filp);
d996b62a 1966
9de44bd6 1967 check_tty_count(tty, __func__);
1da177e4
LT		 1968 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1969 tty->driver->subtype == PTY_TYPE_MASTER)
1970 noctty = 1;
1971#ifdef TTY_DEBUG_HANGUP
9de44bd6 1972 printk(KERN_DEBUG "%s: opening %s...\n", __func__, tty->name);
1da177e4 1973#endif
909bc774
HRK		 1974 if (tty->ops->open)
1975 retval = tty->ops->open(tty, filp);
1976 else
1977 retval = -ENODEV;
1da177e4
LT		 1978 filp->f_flags = saved_flags;
1979
37bdfb07
AC		 1980 if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) &&
1981 !capable(CAP_SYS_ADMIN))
1da177e4
LT		 1982 retval = -EBUSY;
1983
1984 if (retval) {
1985#ifdef TTY_DEBUG_HANGUP
9de44bd6
JS		 1986 printk(KERN_DEBUG "%s: error %d in opening %s...\n", __func__,
1987 retval, tty->name);
1da177e4 1988#endif
89c8d91e 1989 tty_unlock(tty); /* need to call tty_release without BTM */
eeb89d91 1990 tty_release(inode, filp);
64ba3dc3 1991 if (retval != -ERESTARTSYS)
1da177e4 1992 return retval;
64ba3dc3
AB		 1993
1994 if (signal_pending(current))
1da177e4 1995 return retval;
64ba3dc3 1996
1da177e4
LT		 1997 schedule();
1998 /*
1999 * Need to reset f_op in case a hangup happened.
2000 */
2001 if (filp->f_op == &hung_up_tty_fops)
2002 filp->f_op = &tty_fops;
2003 goto retry_open;
2004 }
89c8d91e 2005 tty_unlock(tty);
eeb89d91 2006
24ec839c
PZ		 2007
2008 mutex_lock(&tty_mutex);
89c8d91e 2009 tty_lock(tty);
24ec839c 2010 spin_lock_irq(&current->sighand->siglock);
1da177e4
LT		 2011 if (!noctty &&
2012 current->signal->leader &&
2013 !current->signal->tty &&
ab521dc0 2014 tty->session == NULL)
2a65f1d9 2015 __proc_set_tty(current, tty);
24ec839c 2016 spin_unlock_irq(&current->sighand->siglock);
89c8d91e 2017 tty_unlock(tty);
24ec839c 2018 mutex_unlock(&tty_mutex);
1da177e4 2019 return 0;
ba5db448 2020err_unlock:
ba5db448
JS		 2021 mutex_unlock(&tty_mutex);
2022 /* after locks to avoid deadlock */
2023 if (!IS_ERR_OR_NULL(driver))
2024 tty_driver_kref_put(driver);
2025err_file:
2026 tty_free_file(filp);
2027 return retval;
1da177e4
LT		 2028}
2029
39d95b9d
JC		 2030
2031
af9b897e
AC		 2032/**
2033 * tty_poll - check tty status
2034 * @filp: file being polled
2035 * @wait: poll wait structures to update
2036 *
2037 * Call the line discipline polling method to obtain the poll
2038 * status of the device.
2039 *
2040 * Locking: locks called line discipline but ldisc poll method
2041 * may be re-entered freely by other callers.
2042 */
2043
37bdfb07 2044static unsigned int tty_poll(struct file *filp, poll_table *wait)
1da177e4 2045{
d996b62a 2046 struct tty_struct *tty = file_tty(filp);
1da177e4
LT		 2047 struct tty_ldisc *ld;
2048 int ret = 0;
2049
a7113a96 2050 if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_poll"))
1da177e4 2051 return 0;
37bdfb07 2052
1da177e4 2053 ld = tty_ldisc_ref_wait(tty);
a352def2
AC		 2054 if (ld->ops->poll)
2055 ret = (ld->ops->poll)(tty, filp, wait);
1da177e4
LT		 2056 tty_ldisc_deref(ld);
2057 return ret;
2058}
2059
ec79d605 2060static int __tty_fasync(int fd, struct file *filp, int on)
1da177e4 2061{
d996b62a 2062 struct tty_struct *tty = file_tty(filp);
47f86834 2063 unsigned long flags;
5d1e3230 2064 int retval = 0;
1da177e4 2065
a7113a96 2066 if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_fasync"))
5d1e3230 2067 goto out;
37bdfb07 2068
1da177e4
LT		 2069 retval = fasync_helper(fd, filp, on, &tty->fasync);
2070 if (retval <= 0)
5d1e3230 2071 goto out;
1da177e4
LT		 2072
2073 if (on) {
ab521dc0
EB		 2074 enum pid_type type;
2075 struct pid *pid;
1da177e4
LT		 2076 if (!waitqueue_active(&tty->read_wait))
2077 tty->minimum_to_wake = 1;
47f86834 2078 spin_lock_irqsave(&tty->ctrl_lock, flags);
ab521dc0
EB		 2079 if (tty->pgrp) {
2080 pid = tty->pgrp;
2081 type = PIDTYPE_PGID;
2082 } else {
2083 pid = task_pid(current);
2084 type = PIDTYPE_PID;
2085 }
80e1e823 2086 get_pid(pid);
70362511 2087 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
80e1e823
LT		 2088 retval = __f_setown(filp, pid, type, 0);
2089 put_pid(pid);
1da177e4 2090 if (retval)
5d1e3230 2091 goto out;
1da177e4
LT		 2092 } else {
2093 if (!tty->fasync && !waitqueue_active(&tty->read_wait))
2094 tty->minimum_to_wake = N_TTY_BUF_SIZE;
2095 }
5d1e3230
JC		 2096 retval = 0;
2097out:
ec79d605
AB		 2098 return retval;
2099}
2100
2101static int tty_fasync(int fd, struct file *filp, int on)
2102{
89c8d91e 2103 struct tty_struct *tty = file_tty(filp);
ec79d605 2104 int retval;
89c8d91e
AC		 2105
2106 tty_lock(tty);
ec79d605 2107 retval = __tty_fasync(fd, filp, on);
89c8d91e
AC		 2108 tty_unlock(tty);
2109
5d1e3230 2110 return retval;
1da177e4
LT		 2111}
2112
af9b897e
AC		 2113/**
2114 * tiocsti - fake input character
2115 * @tty: tty to fake input into
2116 * @p: pointer to character
2117 *
3a4fa0a2 2118 * Fake input to a tty device. Does the necessary locking and
af9b897e
AC		 2119 * input management.
2120 *
2121 * FIXME: does not honour flow control ??
2122 *
2123 * Locking:
2124 * Called functions take tty_ldisc_lock
2125 * current->signal->tty check is safe without locks
28298232
AC		 2126 *
2127 * FIXME: may race normal receive processing
af9b897e
AC		 2128 */
2129
1da177e4
LT		 2130static int tiocsti(struct tty_struct *tty, char __user *p)
2131{
2132 char ch, mbz = 0;
2133 struct tty_ldisc *ld;
37bdfb07 2134
1da177e4
LT		 2135 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2136 return -EPERM;
2137 if (get_user(ch, p))
2138 return -EFAULT;
1e641743 2139 tty_audit_tiocsti(tty, ch);
1da177e4 2140 ld = tty_ldisc_ref_wait(tty);
a352def2 2141 ld->ops->receive_buf(tty, &ch, &mbz, 1);
1da177e4
LT		 2142 tty_ldisc_deref(ld);
2143 return 0;
2144}
2145
af9b897e
AC		 2146/**
2147 * tiocgwinsz - implement window query ioctl
2148 * @tty; tty
2149 * @arg: user buffer for result
2150 *
808a0d38 2151 * Copies the kernel idea of the window size into the user buffer.
af9b897e 2152 *
24ec839c 2153 * Locking: tty->termios_mutex is taken to ensure the winsize data
808a0d38 2154 * is consistent.
af9b897e
AC		 2155 */
2156
37bdfb07 2157static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
1da177e4 2158{
808a0d38
AC		 2159 int err;
2160
5785c95b 2161 mutex_lock(&tty->termios_mutex);
808a0d38 2162 err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
5785c95b 2163 mutex_unlock(&tty->termios_mutex);
808a0d38
AC		 2164
2165 return err ? -EFAULT: 0;
1da177e4
LT		 2166}
2167
af9b897e 2168/**
8c9a9dd0
AC		 2169 * tty_do_resize - resize event
2170 * @tty: tty being resized
8c9a9dd0
AC		 2171 * @rows: rows (character)
2172 * @cols: cols (character)
2173 *
3ad2f3fb 2174 * Update the termios variables and send the necessary signals to
8c9a9dd0 2175 * peform a terminal resize correctly
af9b897e
AC		 2176 */
2177
fc6f6238 2178int tty_do_resize(struct tty_struct *tty, struct winsize *ws)
1da177e4 2179{
fc6f6238 2180 struct pid *pgrp;
47f86834 2181 unsigned long flags;
1da177e4 2182
fc6f6238
AC		 2183 /* Lock the tty */
2184 mutex_lock(&tty->termios_mutex);
2185 if (!memcmp(ws, &tty->winsize, sizeof(*ws)))
ca9bda00 2186 goto done;
47f86834
AC		 2187 /* Get the PID values and reference them so we can
2188 avoid holding the tty ctrl lock while sending signals */
2189 spin_lock_irqsave(&tty->ctrl_lock, flags);
2190 pgrp = get_pid(tty->pgrp);
47f86834
AC		 2191 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2192
2193 if (pgrp)
2194 kill_pgrp(pgrp, SIGWINCH, 1);
47f86834 2195 put_pid(pgrp);
47f86834 2196
8c9a9dd0 2197 tty->winsize = *ws;
ca9bda00 2198done:
fc6f6238 2199 mutex_unlock(&tty->termios_mutex);
1da177e4
LT		 2200 return 0;
2201}
4d334fd1 2202EXPORT_SYMBOL(tty_do_resize);
1da177e4 2203
8c9a9dd0
AC		 2204/**
2205 * tiocswinsz - implement window size set ioctl
fc6f6238 2206 * @tty; tty side of tty
8c9a9dd0
AC		 2207 * @arg: user buffer for result
2208 *
2209 * Copies the user idea of the window size to the kernel. Traditionally
2210 * this is just advisory information but for the Linux console it
2211 * actually has driver level meaning and triggers a VC resize.
2212 *
2213 * Locking:
25985edc 2214 * Driver dependent. The default do_resize method takes the
8c9a9dd0
AC		 2215 * tty termios mutex and ctrl_lock. The console takes its own lock
2216 * then calls into the default method.
2217 */
2218
fc6f6238 2219static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg)
8c9a9dd0
AC		 2220{
2221 struct winsize tmp_ws;
2222 if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2223 return -EFAULT;
2224
2225 if (tty->ops->resize)
fc6f6238 2226 return tty->ops->resize(tty, &tmp_ws);
8c9a9dd0 2227 else
fc6f6238 2228 return tty_do_resize(tty, &tmp_ws);
8c9a9dd0
AC		 2229}
2230
af9b897e
AC		 2231/**
2232 * tioccons - allow admin to move logical console
2233 * @file: the file to become console
2234 *
25985edc 2235 * Allow the administrator to move the redirected console device
af9b897e
AC		 2236 *
2237 * Locking: uses redirect_lock to guard the redirect information
2238 */
2239
1da177e4
LT		 2240static int tioccons(struct file *file)
2241{
2242 if (!capable(CAP_SYS_ADMIN))
2243 return -EPERM;
2244 if (file->f_op->write == redirected_tty_write) {
2245 struct file *f;
2246 spin_lock(&redirect_lock);
2247 f = redirect;
2248 redirect = NULL;
2249 spin_unlock(&redirect_lock);
2250 if (f)
2251 fput(f);
2252 return 0;
2253 }
2254 spin_lock(&redirect_lock);
2255 if (redirect) {
2256 spin_unlock(&redirect_lock);
2257 return -EBUSY;
2258 }
cb0942b8 2259 redirect = get_file(file);
1da177e4
LT		 2260 spin_unlock(&redirect_lock);
2261 return 0;
2262}
2263
af9b897e
AC		 2264/**
2265 * fionbio - non blocking ioctl
2266 * @file: file to set blocking value
2267 * @p: user parameter
2268 *
2269 * Historical tty interfaces had a blocking control ioctl before
2270 * the generic functionality existed. This piece of history is preserved
2271 * in the expected tty API of posix OS's.
2272 *
6146b9af 2273 * Locking: none, the open file handle ensures it won't go away.
af9b897e 2274 */
1da177e4
LT		 2275
2276static int fionbio(struct file *file, int __user *p)
2277{
2278 int nonblock;
2279
2280 if (get_user(nonblock, p))
2281 return -EFAULT;
2282
db1dd4d3 2283 spin_lock(&file->f_lock);
1da177e4
LT		 2284 if (nonblock)
2285 file->f_flags |= O_NONBLOCK;
2286 else
2287 file->f_flags &= ~O_NONBLOCK;
db1dd4d3 2288 spin_unlock(&file->f_lock);
1da177e4
LT		 2289 return 0;
2290}
2291
af9b897e
AC		 2292/**
2293 * tiocsctty - set controlling tty
2294 * @tty: tty structure
2295 * @arg: user argument
2296 *
2297 * This ioctl is used to manage job control. It permits a session
2298 * leader to set this tty as the controlling tty for the session.
2299 *
2300 * Locking:
28298232 2301 * Takes tty_mutex() to protect tty instance
24ec839c
PZ		 2302 * Takes tasklist_lock internally to walk sessions
2303 * Takes ->siglock() when updating signal->tty
af9b897e
AC		 2304 */
2305
1da177e4
LT		 2306static int tiocsctty(struct tty_struct *tty, int arg)
2307{
24ec839c 2308 int ret = 0;
ab521dc0 2309 if (current->signal->leader && (task_session(current) == tty->session))
24ec839c
PZ		 2310 return ret;
2311
2312 mutex_lock(&tty_mutex);
1da177e4
LT		 2313 /*
2314 * The process must be a session leader and
2315 * not have a controlling tty already.
2316 */
24ec839c
PZ		 2317 if (!current->signal->leader || current->signal->tty) {
2318 ret = -EPERM;
2319 goto unlock;
2320 }
2321
ab521dc0 2322 if (tty->session) {
1da177e4
LT		 2323 /*
2324 * This tty is already the controlling
2325 * tty for another session group!
2326 */
37bdfb07 2327 if (arg == 1 && capable(CAP_SYS_ADMIN)) {
1da177e4
LT		 2328 /*
2329 * Steal it away
2330 */
1da177e4 2331 read_lock(&tasklist_lock);
24ec839c 2332 session_clear_tty(tty->session);
1da177e4 2333 read_unlock(&tasklist_lock);
24ec839c
PZ		 2334 } else {
2335 ret = -EPERM;
2336 goto unlock;
2337 }
1da177e4 2338 }
24ec839c
PZ		 2339 proc_set_tty(current, tty);
2340unlock:
28298232 2341 mutex_unlock(&tty_mutex);
24ec839c 2342 return ret;
1da177e4
LT		 2343}
2344
5d0fdf1e
AC		 2345/**
2346 * tty_get_pgrp - return a ref counted pgrp pid
2347 * @tty: tty to read
2348 *
2349 * Returns a refcounted instance of the pid struct for the process
2350 * group controlling the tty.
2351 */
2352
2353struct pid *tty_get_pgrp(struct tty_struct *tty)
2354{
2355 unsigned long flags;
2356 struct pid *pgrp;
2357
2358 spin_lock_irqsave(&tty->ctrl_lock, flags);
2359 pgrp = get_pid(tty->pgrp);
2360 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2361
2362 return pgrp;
2363}
2364EXPORT_SYMBOL_GPL(tty_get_pgrp);
2365
af9b897e
AC		 2366/**
2367 * tiocgpgrp - get process group
2368 * @tty: tty passed by user
25985edc 2369 * @real_tty: tty side of the tty passed by the user if a pty else the tty
af9b897e
AC		 2370 * @p: returned pid
2371 *
2372 * Obtain the process group of the tty. If there is no process group
2373 * return an error.
2374 *
24ec839c 2375 * Locking: none. Reference to current->signal->tty is safe.
af9b897e
AC		 2376 */
2377
1da177e4
LT		 2378static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2379{
5d0fdf1e
AC		 2380 struct pid *pid;
2381 int ret;
1da177e4
LT		 2382 /*
2383 * (tty == real_tty) is a cheap way of
2384 * testing if the tty is NOT a master pty.
2385 */
2386 if (tty == real_tty && current->signal->tty != real_tty)
2387 return -ENOTTY;
5d0fdf1e
AC		 2388 pid = tty_get_pgrp(real_tty);
2389 ret = put_user(pid_vnr(pid), p);
2390 put_pid(pid);
2391 return ret;
1da177e4
LT		 2392}
2393
af9b897e
AC		 2394/**
2395 * tiocspgrp - attempt to set process group
2396 * @tty: tty passed by user
2397 * @real_tty: tty side device matching tty passed by user
2398 * @p: pid pointer
2399 *
2400 * Set the process group of the tty to the session passed. Only
2401 * permitted where the tty session is our session.
2402 *
47f86834 2403 * Locking: RCU, ctrl lock
af9b897e
AC		 2404 */
2405
1da177e4
LT		 2406static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2407{
04a2e6a5
EB		 2408 struct pid *pgrp;
2409 pid_t pgrp_nr;
1da177e4 2410 int retval = tty_check_change(real_tty);
47f86834 2411 unsigned long flags;
1da177e4
LT		 2412
2413 if (retval == -EIO)
2414 return -ENOTTY;
2415 if (retval)
2416 return retval;
2417 if (!current->signal->tty ||
2418 (current->signal->tty != real_tty) ||
ab521dc0 2419 (real_tty->session != task_session(current)))
1da177e4 2420 return -ENOTTY;
04a2e6a5 2421 if (get_user(pgrp_nr, p))
1da177e4 2422 return -EFAULT;
04a2e6a5 2423 if (pgrp_nr < 0)
1da177e4 2424 return -EINVAL;
04a2e6a5 2425 rcu_read_lock();
b488893a 2426 pgrp = find_vpid(pgrp_nr);
04a2e6a5
EB		 2427 retval = -ESRCH;
2428 if (!pgrp)
2429 goto out_unlock;
2430 retval = -EPERM;
2431 if (session_of_pgrp(pgrp) != task_session(current))
2432 goto out_unlock;
2433 retval = 0;
47f86834 2434 spin_lock_irqsave(&tty->ctrl_lock, flags);
ab521dc0
EB		 2435 put_pid(real_tty->pgrp);
2436 real_tty->pgrp = get_pid(pgrp);
47f86834 2437 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
04a2e6a5
EB		 2438out_unlock:
2439 rcu_read_unlock();
2440 return retval;
1da177e4
LT		 2441}
2442
af9b897e
AC		 2443/**
2444 * tiocgsid - get session id
2445 * @tty: tty passed by user
25985edc 2446 * @real_tty: tty side of the tty passed by the user if a pty else the tty
af9b897e
AC		 2447 * @p: pointer to returned session id
2448 *
2449 * Obtain the session id of the tty. If there is no session
2450 * return an error.
2451 *
24ec839c 2452 * Locking: none. Reference to current->signal->tty is safe.
af9b897e
AC		 2453 */
2454
1da177e4
LT		 2455static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2456{
2457 /*
2458 * (tty == real_tty) is a cheap way of
2459 * testing if the tty is NOT a master pty.
2460 */
2461 if (tty == real_tty && current->signal->tty != real_tty)
2462 return -ENOTTY;
ab521dc0 2463 if (!real_tty->session)
1da177e4 2464 return -ENOTTY;
b488893a 2465 return put_user(pid_vnr(real_tty->session), p);
1da177e4
LT		 2466}
2467
af9b897e
AC		 2468/**
2469 * tiocsetd - set line discipline
2470 * @tty: tty device
2471 * @p: pointer to user data
2472 *
2473 * Set the line discipline according to user request.
2474 *
2475 * Locking: see tty_set_ldisc, this function is just a helper
2476 */
2477
1da177e4
LT		 2478static int tiocsetd(struct tty_struct *tty, int __user *p)
2479{
2480 int ldisc;
04f378b1 2481 int ret;
1da177e4
LT		 2482
2483 if (get_user(ldisc, p))
2484 return -EFAULT;
04f378b1 2485
04f378b1 2486 ret = tty_set_ldisc(tty, ldisc);
04f378b1
AC		 2487
2488 return ret;
1da177e4
LT		 2489}
2490
af9b897e
AC		 2491/**
2492 * send_break - performed time break
2493 * @tty: device to break on
2494 * @duration: timeout in mS
2495 *
2496 * Perform a timed break on hardware that lacks its own driver level
2497 * timed break functionality.
2498 *
2499 * Locking:
28298232 2500 * atomic_write_lock serializes
af9b897e 2501 *
af9b897e
AC		 2502 */
2503
b20f3ae5 2504static int send_break(struct tty_struct *tty, unsigned int duration)
1da177e4 2505{
9e98966c
AC		 2506 int retval;
2507
2508 if (tty->ops->break_ctl == NULL)
2509 return 0;
2510
2511 if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
2512 retval = tty->ops->break_ctl(tty, duration);
2513 else {
2514 /* Do the work ourselves */
2515 if (tty_write_lock(tty, 0) < 0)
2516 return -EINTR;
2517 retval = tty->ops->break_ctl(tty, -1);
2518 if (retval)
2519 goto out;
2520 if (!signal_pending(current))
2521 msleep_interruptible(duration);
2522 retval = tty->ops->break_ctl(tty, 0);
2523out:
2524 tty_write_unlock(tty);
2525 if (signal_pending(current))
2526 retval = -EINTR;
2527 }
2528 return retval;
1da177e4
LT		 2529}
2530
af9b897e 2531/**
f34d7a5b 2532 * tty_tiocmget - get modem status
af9b897e
AC		 2533 * @tty: tty device
2534 * @file: user file pointer
2535 * @p: pointer to result
2536 *
2537 * Obtain the modem status bits from the tty driver if the feature
2538 * is supported. Return -EINVAL if it is not available.
2539 *
2540 * Locking: none (up to the driver)
2541 */
2542
60b33c13 2543static int tty_tiocmget(struct tty_struct *tty, int __user *p)
1da177e4
LT		 2544{
2545 int retval = -EINVAL;
2546
f34d7a5b 2547 if (tty->ops->tiocmget) {
60b33c13 2548 retval = tty->ops->tiocmget(tty);
1da177e4
LT		 2549
2550 if (retval >= 0)
2551 retval = put_user(retval, p);
2552 }
2553 return retval;
2554}
2555
af9b897e 2556/**
f34d7a5b 2557 * tty_tiocmset - set modem status
af9b897e 2558 * @tty: tty device
af9b897e
AC		 2559 * @cmd: command - clear bits, set bits or set all
2560 * @p: pointer to desired bits
2561 *
2562 * Set the modem status bits from the tty driver if the feature
2563 * is supported. Return -EINVAL if it is not available.
2564 *
2565 * Locking: none (up to the driver)
2566 */
2567
20b9d177 2568static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd,
1da177e4
LT		 2569 unsigned __user *p)
2570{
ae677517
AC		 2571 int retval;
2572 unsigned int set, clear, val;
1da177e4 2573
ae677517
AC		 2574 if (tty->ops->tiocmset == NULL)
2575 return -EINVAL;
1da177e4 2576
ae677517
AC		 2577 retval = get_user(val, p);
2578 if (retval)
2579 return retval;
2580 set = clear = 0;
2581 switch (cmd) {
2582 case TIOCMBIS:
2583 set = val;
2584 break;
2585 case TIOCMBIC:
2586 clear = val;
2587 break;
2588 case TIOCMSET:
2589 set = val;
2590 clear = ~val;
2591 break;
2592 }
2593 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2594 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
20b9d177 2595 return tty->ops->tiocmset(tty, set, clear);
1da177e4
LT		 2596}
2597
d281da7f
AC		 2598static int tty_tiocgicount(struct tty_struct *tty, void __user *arg)
2599{
2600 int retval = -EINVAL;
2601 struct serial_icounter_struct icount;
2602 memset(&icount, 0, sizeof(icount));
2603 if (tty->ops->get_icount)
2604 retval = tty->ops->get_icount(tty, &icount);
2605 if (retval != 0)
2606 return retval;
2607 if (copy_to_user(arg, &icount, sizeof(icount)))
2608 return -EFAULT;
2609 return 0;
2610}
2611
e8b70e7d
AC		 2612struct tty_struct *tty_pair_get_tty(struct tty_struct *tty)
2613{
2614 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2615 tty->driver->subtype == PTY_TYPE_MASTER)
2616 tty = tty->link;
2617 return tty;
2618}
2619EXPORT_SYMBOL(tty_pair_get_tty);
2620
2621struct tty_struct *tty_pair_get_pty(struct tty_struct *tty)
2622{
2623 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2624 tty->driver->subtype == PTY_TYPE_MASTER)
2625 return tty;
2626 return tty->link;
2627}
2628EXPORT_SYMBOL(tty_pair_get_pty);
2629
1da177e4
LT		 2630/*
2631 * Split this up, as gcc can choke on it otherwise..
2632 */
04f378b1 2633long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1da177e4 2634{
d996b62a
NP		 2635 struct tty_struct *tty = file_tty(file);
2636 struct tty_struct *real_tty;
1da177e4
LT		 2637 void __user *p = (void __user *)arg;
2638 int retval;
2639 struct tty_ldisc *ld;
04f378b1 2640 struct inode *inode = file->f_dentry->d_inode;
37bdfb07 2641
1da177e4
LT		 2642 if (tty_paranoia_check(tty, inode, "tty_ioctl"))
2643 return -EINVAL;
2644
e8b70e7d 2645 real_tty = tty_pair_get_tty(tty);
1da177e4
LT		 2646
2647 /*
2648 * Factor out some common prep work
2649 */
2650 switch (cmd) {
2651 case TIOCSETD:
2652 case TIOCSBRK:
2653 case TIOCCBRK:
2654 case TCSBRK:
37bdfb07 2655 case TCSBRKP:
1da177e4
LT		 2656 retval = tty_check_change(tty);
2657 if (retval)
2658 return retval;
2659 if (cmd != TIOCCBRK) {
2660 tty_wait_until_sent(tty, 0);
2661 if (signal_pending(current))
2662 return -EINTR;
2663 }
2664 break;
2665 }
2666
9e98966c
AC		 2667 /*
2668 * Now do the stuff.
2669 */
1da177e4 2670 switch (cmd) {
37bdfb07
AC		 2671 case TIOCSTI:
2672 return tiocsti(tty, p);
2673 case TIOCGWINSZ:
8f520021 2674 return tiocgwinsz(real_tty, p);
37bdfb07 2675 case TIOCSWINSZ:
fc6f6238 2676 return tiocswinsz(real_tty, p);
37bdfb07
AC		 2677 case TIOCCONS:
2678 return real_tty != tty ? -EINVAL : tioccons(file);
2679 case FIONBIO:
2680 return fionbio(file, p);
2681 case TIOCEXCL:
2682 set_bit(TTY_EXCLUSIVE, &tty->flags);
2683 return 0;
2684 case TIOCNXCL:
2685 clear_bit(TTY_EXCLUSIVE, &tty->flags);
2686 return 0;
84fd7bdf
CG		 2687 case TIOCGEXCL:
2688 {
2689 int excl = test_bit(TTY_EXCLUSIVE, &tty->flags);
2690 return put_user(excl, (int __user *)p);
2691 }
37bdfb07
AC		 2692 case TIOCNOTTY:
2693 if (current->signal->tty != tty)
2694 return -ENOTTY;
2695 no_tty();
2696 return 0;
2697 case TIOCSCTTY:
2698 return tiocsctty(tty, arg);
2699 case TIOCGPGRP:
2700 return tiocgpgrp(tty, real_tty, p);
2701 case TIOCSPGRP:
2702 return tiocspgrp(tty, real_tty, p);
2703 case TIOCGSID:
2704 return tiocgsid(tty, real_tty, p);
2705 case TIOCGETD:
c65c9bc3 2706 return put_user(tty->ldisc->ops->num, (int __user *)p);
37bdfb07
AC		 2707 case TIOCSETD:
2708 return tiocsetd(tty, p);
3c95c985
KS		 2709 case TIOCVHANGUP:
2710 if (!capable(CAP_SYS_ADMIN))
2711 return -EPERM;
2712 tty_vhangup(tty);
2713 return 0;
b7b8de08
WF		 2714 case TIOCGDEV:
2715 {
2716 unsigned int ret = new_encode_dev(tty_devnum(real_tty));
2717 return put_user(ret, (unsigned int __user *)p);
2718 }
37bdfb07
AC		 2719 /*
2720 * Break handling
2721 */
2722 case TIOCSBRK: /* Turn break on, unconditionally */
f34d7a5b 2723 if (tty->ops->break_ctl)
9e98966c 2724 return tty->ops->break_ctl(tty, -1);
37bdfb07 2725 return 0;
37bdfb07 2726 case TIOCCBRK: /* Turn break off, unconditionally */
f34d7a5b 2727 if (tty->ops->break_ctl)
9e98966c 2728 return tty->ops->break_ctl(tty, 0);
37bdfb07
AC		 2729 return 0;
2730 case TCSBRK: /* SVID version: non-zero arg --> no break */
2731 /* non-zero arg means wait for all output data
2732 * to be sent (performed above) but don't send break.
2733 * This is used by the tcdrain() termios function.
2734 */
2735 if (!arg)
2736 return send_break(tty, 250);
2737 return 0;
2738 case TCSBRKP: /* support for POSIX tcsendbreak() */
2739 return send_break(tty, arg ? arg*100 : 250);
2740
2741 case TIOCMGET:
60b33c13 2742 return tty_tiocmget(tty, p);
37bdfb07
AC		 2743 case TIOCMSET:
2744 case TIOCMBIC:
2745 case TIOCMBIS:
20b9d177 2746 return tty_tiocmset(tty, cmd, p);
d281da7f
AC		 2747 case TIOCGICOUNT:
2748 retval = tty_tiocgicount(tty, p);
2749 /* For the moment allow fall through to the old method */
2750 if (retval != -EINVAL)
2751 return retval;
2752 break;
37bdfb07
AC		 2753 case TCFLSH:
2754 switch (arg) {
2755 case TCIFLUSH:
2756 case TCIOFLUSH:
2757 /* flush tty buffer and allow ldisc to process ioctl */
2758 tty_buffer_flush(tty);
c5c34d48 2759 break;
37bdfb07
AC		 2760 }
2761 break;
1da177e4 2762 }
f34d7a5b 2763 if (tty->ops->ioctl) {
6caa76b7 2764 retval = (tty->ops->ioctl)(tty, cmd, arg);
1da177e4
LT		 2765 if (retval != -ENOIOCTLCMD)
2766 return retval;
2767 }
2768 ld = tty_ldisc_ref_wait(tty);
2769 retval = -EINVAL;
a352def2
AC		 2770 if (ld->ops->ioctl) {
2771 retval = ld->ops->ioctl(tty, file, cmd, arg);
1da177e4 2772 if (retval == -ENOIOCTLCMD)
bbb63c51 2773 retval = -ENOTTY;
1da177e4
LT		 2774 }
2775 tty_ldisc_deref(ld);
2776 return retval;
2777}
2778
e10cc1df 2779#ifdef CONFIG_COMPAT
37bdfb07 2780static long tty_compat_ioctl(struct file *file, unsigned int cmd,
e10cc1df
PF		 2781 unsigned long arg)
2782{
2783 struct inode *inode = file->f_dentry->d_inode;
d996b62a 2784 struct tty_struct *tty = file_tty(file);
e10cc1df
PF		 2785 struct tty_ldisc *ld;
2786 int retval = -ENOIOCTLCMD;
2787
2788 if (tty_paranoia_check(tty, inode, "tty_ioctl"))
2789 return -EINVAL;
2790
f34d7a5b 2791 if (tty->ops->compat_ioctl) {
6caa76b7 2792 retval = (tty->ops->compat_ioctl)(tty, cmd, arg);
e10cc1df
PF		 2793 if (retval != -ENOIOCTLCMD)
2794 return retval;
2795 }
2796
2797 ld = tty_ldisc_ref_wait(tty);
a352def2
AC		 2798 if (ld->ops->compat_ioctl)
2799 retval = ld->ops->compat_ioctl(tty, file, cmd, arg);
8193c429
TM		 2800 else
2801 retval = n_tty_compat_ioctl_helper(tty, file, cmd, arg);
e10cc1df
PF		 2802 tty_ldisc_deref(ld);
2803
2804 return retval;
2805}
2806#endif
1da177e4 2807
c3c073f8
AV		 2808static int this_tty(const void *t, struct file *file, unsigned fd)
2809{
2810 if (likely(file->f_op->read != tty_read))
2811 return 0;
2812 return file_tty(file) != t ? 0 : fd + 1;
2813}
2814
1da177e4
LT		 2815/*
2816 * This implements the "Secure Attention Key" --- the idea is to
2817 * prevent trojan horses by killing all processes associated with this
2818 * tty when the user hits the "Secure Attention Key". Required for
2819 * super-paranoid applications --- see the Orange Book for more details.
37bdfb07 2820 *
1da177e4
LT		 2821 * This code could be nicer; ideally it should send a HUP, wait a few
2822 * seconds, then send a INT, and then a KILL signal. But you then
2823 * have to coordinate with the init process, since all processes associated
2824 * with the current tty must be dead before the new getty is allowed
2825 * to spawn.
2826 *
2827 * Now, if it would be correct ;-/ The current code has a nasty hole -
2828 * it doesn't catch files in flight. We may send the descriptor to ourselves
2829 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
2830 *
2831 * Nasty bug: do_SAK is being called in interrupt context. This can
2832 * deadlock. We punt it up to process context. AKPM - 16Mar2001
2833 */
8b6312f4 2834void __do_SAK(struct tty_struct *tty)
1da177e4
LT		 2835{
2836#ifdef TTY_SOFT_SAK
2837 tty_hangup(tty);
2838#else
652486fb 2839 struct task_struct *g, *p;
ab521dc0 2840 struct pid *session;
1da177e4 2841 int i;
37bdfb07 2842
1da177e4
LT		 2843 if (!tty)
2844 return;
24ec839c 2845 session = tty->session;
37bdfb07 2846
b3f13deb 2847 tty_ldisc_flush(tty);
1da177e4 2848
f34d7a5b 2849 tty_driver_flush_buffer(tty);
37bdfb07 2850
1da177e4 2851 read_lock(&tasklist_lock);
652486fb 2852 /* Kill the entire session */
ab521dc0 2853 do_each_pid_task(session, PIDTYPE_SID, p) {
652486fb 2854 printk(KERN_NOTICE "SAK: killed process %d"
1b0f7ffd 2855 " (%s): task_session(p)==tty->session\n",
ba25f9dc 2856 task_pid_nr(p), p->comm);
652486fb 2857 send_sig(SIGKILL, p, 1);
ab521dc0 2858 } while_each_pid_task(session, PIDTYPE_SID, p);
652486fb
EB		 2859 /* Now kill any processes that happen to have the
2860 * tty open.
2861 */
2862 do_each_thread(g, p) {
2863 if (p->signal->tty == tty) {
1da177e4 2864 printk(KERN_NOTICE "SAK: killed process %d"
1b0f7ffd 2865 " (%s): task_session(p)==tty->session\n",
ba25f9dc 2866 task_pid_nr(p), p->comm);
1da177e4
LT		 2867 send_sig(SIGKILL, p, 1);
2868 continue;
2869 }
2870 task_lock(p);
c3c073f8
AV		 2871 i = iterate_fd(p->files, 0, this_tty, tty);
2872 if (i != 0) {
2873 printk(KERN_NOTICE "SAK: killed process %d"
2874 " (%s): fd#%d opened to the tty\n",
2875 task_pid_nr(p), p->comm, i - 1);
2876 force_sig(SIGKILL, p);
1da177e4
LT		 2877 }
2878 task_unlock(p);
652486fb 2879 } while_each_thread(g, p);
1da177e4
LT		 2880 read_unlock(&tasklist_lock);
2881#endif
2882}
2883
8b6312f4
EB		 2884static void do_SAK_work(struct work_struct *work)
2885{
2886 struct tty_struct *tty =
2887 container_of(work, struct tty_struct, SAK_work);
2888 __do_SAK(tty);
2889}
2890
1da177e4
LT		 2891/*
2892 * The tq handling here is a little racy - tty->SAK_work may already be queued.
2893 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
2894 * the values which we write to it will be identical to the values which it
2895 * already has. --akpm
2896 */
2897void do_SAK(struct tty_struct *tty)
2898{
2899 if (!tty)
2900 return;
1da177e4
LT		 2901 schedule_work(&tty->SAK_work);
2902}
2903
2904EXPORT_SYMBOL(do_SAK);
2905
6e9430ac 2906static int dev_match_devt(struct device *dev, const void *data)
30004ac9 2907{
6e9430ac 2908 const dev_t *devt = data;
30004ac9
DES		 2909 return dev->devt == *devt;
2910}
2911
2912/* Must put_device() after it's unused! */
2913static struct device *tty_get_device(struct tty_struct *tty)
2914{
2915 dev_t devt = tty_devnum(tty);
2916 return class_find_device(tty_class, NULL, &devt, dev_match_devt);
2917}
2918
2919
af9b897e
AC		 2920/**
2921 * initialize_tty_struct
2922 * @tty: tty to initialize
2923 *
2924 * This subroutine initializes a tty structure that has been newly
2925 * allocated.
2926 *
2927 * Locking: none - tty in question must not be exposed at this point
1da177e4 2928 */
af9b897e 2929
bf970ee4
AC		 2930void initialize_tty_struct(struct tty_struct *tty,
2931 struct tty_driver *driver, int idx)
1da177e4
LT		 2932{
2933 memset(tty, 0, sizeof(struct tty_struct));
9c9f4ded 2934 kref_init(&tty->kref);
1da177e4 2935 tty->magic = TTY_MAGIC;
01e1abb2 2936 tty_ldisc_init(tty);
ab521dc0
EB		 2937 tty->session = NULL;
2938 tty->pgrp = NULL;
89c8d91e 2939 mutex_init(&tty->legacy_mutex);
5785c95b 2940 mutex_init(&tty->termios_mutex);
c65c9bc3 2941 mutex_init(&tty->ldisc_mutex);
1da177e4
LT		 2942 init_waitqueue_head(&tty->write_wait);
2943 init_waitqueue_head(&tty->read_wait);
65f27f38 2944 INIT_WORK(&tty->hangup_work, do_tty_hangup);
70522e12 2945 mutex_init(&tty->atomic_write_lock);
04f378b1 2946 spin_lock_init(&tty->ctrl_lock);
1da177e4 2947 INIT_LIST_HEAD(&tty->tty_files);
7f1f86a0 2948 INIT_WORK(&tty->SAK_work, do_SAK_work);
bf970ee4
AC		 2949
2950 tty->driver = driver;
2951 tty->ops = driver->ops;
2952 tty->index = idx;
2953 tty_line_name(driver, idx, tty->name);
30004ac9 2954 tty->dev = tty_get_device(tty);
1da177e4
LT		 2955}
2956
6716671d
JS		 2957/**
2958 * deinitialize_tty_struct
2959 * @tty: tty to deinitialize
2960 *
2961 * This subroutine deinitializes a tty structure that has been newly
2962 * allocated but tty_release cannot be called on that yet.
2963 *
2964 * Locking: none - tty in question must not be exposed at this point
2965 */
2966void deinitialize_tty_struct(struct tty_struct *tty)
2967{
2968 tty_ldisc_deinit(tty);
2969}
2970
f34d7a5b
AC		 2971/**
2972 * tty_put_char - write one character to a tty
2973 * @tty: tty
2974 * @ch: character
2975 *
2976 * Write one byte to the tty using the provided put_char method
2977 * if present. Returns the number of characters successfully output.
2978 *
2979 * Note: the specific put_char operation in the driver layer may go
2980 * away soon. Don't call it directly, use this method
1da177e4 2981 */
af9b897e 2982
f34d7a5b 2983int tty_put_char(struct tty_struct *tty, unsigned char ch)
1da177e4 2984{
f34d7a5b
AC		 2985 if (tty->ops->put_char)
2986 return tty->ops->put_char(tty, ch);
2987 return tty->ops->write(tty, &ch, 1);
1da177e4 2988}
f34d7a5b
AC		 2989EXPORT_SYMBOL_GPL(tty_put_char);
2990
d81ed103 2991struct class *tty_class;
1da177e4 2992
7e73eca6
JS		 2993static int tty_cdev_add(struct tty_driver *driver, dev_t dev,
2994 unsigned int index, unsigned int count)
2995{
2996 /* init here, since reused cdevs cause crashes */
2997 cdev_init(&driver->cdevs[index], &tty_fops);
2998 driver->cdevs[index].owner = driver->owner;
2999 return cdev_add(&driver->cdevs[index], dev, count);
3000}
3001
1da177e4 3002/**
af9b897e
AC		 3003 * tty_register_device - register a tty device
3004 * @driver: the tty driver that describes the tty device
3005 * @index: the index in the tty driver for this tty device
3006 * @device: a struct device that is associated with this tty device.
3007 * This field is optional, if there is no known struct device
3008 * for this tty device it can be set to NULL safely.
1da177e4 3009 *
01107d34
GKH		 3010 * Returns a pointer to the struct device for this tty device
3011 * (or ERR_PTR(-EFOO) on error).
1cdcb6b4 3012 *
af9b897e
AC		 3013 * This call is required to be made to register an individual tty device
3014 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3015 * that bit is not set, this function should not be called by a tty
3016 * driver.
3017 *
3018 * Locking: ??
1da177e4 3019 */
af9b897e 3020
01107d34
GKH		 3021struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3022 struct device *device)
1da177e4 3023{
6915c0e4
TH		 3024 return tty_register_device_attr(driver, index, device, NULL, NULL);
3025}
3026EXPORT_SYMBOL(tty_register_device);
3027
b1b79916
TH		 3028static void tty_device_create_release(struct device *dev)
3029{
3030 pr_debug("device: '%s': %s\n", dev_name(dev), __func__);
3031 kfree(dev);
3032}
3033
6915c0e4
TH		 3034/**
3035 * tty_register_device_attr - register a tty device
3036 * @driver: the tty driver that describes the tty device
3037 * @index: the index in the tty driver for this tty device
3038 * @device: a struct device that is associated with this tty device.
3039 * This field is optional, if there is no known struct device
3040 * for this tty device it can be set to NULL safely.
3041 * @drvdata: Driver data to be set to device.
3042 * @attr_grp: Attribute group to be set on device.
3043 *
3044 * Returns a pointer to the struct device for this tty device
3045 * (or ERR_PTR(-EFOO) on error).
3046 *
3047 * This call is required to be made to register an individual tty device
3048 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3049 * that bit is not set, this function should not be called by a tty
3050 * driver.
3051 *
3052 * Locking: ??
3053 */
3054struct device *tty_register_device_attr(struct tty_driver *driver,
3055 unsigned index, struct device *device,
3056 void *drvdata,
3057 const struct attribute_group **attr_grp)
3058{
1da177e4 3059 char name[64];
6915c0e4
TH		 3060 dev_t devt = MKDEV(driver->major, driver->minor_start) + index;
3061 struct device *dev = NULL;
3062 int retval = -ENODEV;
7e73eca6 3063 bool cdev = false;
1da177e4
LT		 3064
3065 if (index >= driver->num) {
3066 printk(KERN_ERR "Attempt to register invalid tty line number "
3067 " (%d).\n", index);
1cdcb6b4 3068 return ERR_PTR(-EINVAL);
1da177e4
LT		 3069 }
3070
1da177e4
LT		 3071 if (driver->type == TTY_DRIVER_TYPE_PTY)
3072 pty_line_name(driver, index, name);
3073 else
3074 tty_line_name(driver, index, name);
1cdcb6b4 3075
7e73eca6 3076 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
6915c0e4
TH		 3077 retval = tty_cdev_add(driver, devt, index, 1);
3078 if (retval)
3079 goto error;
7e73eca6
JS		 3080 cdev = true;
3081 }
3082
6915c0e4
TH		 3083 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3084 if (!dev) {
3085 retval = -ENOMEM;
3086 goto error;
3087 }
7e73eca6 3088
6915c0e4
TH		 3089 dev->devt = devt;
3090 dev->class = tty_class;
3091 dev->parent = device;
b1b79916 3092 dev->release = tty_device_create_release;
6915c0e4
TH		 3093 dev_set_name(dev, "%s", name);
3094 dev->groups = attr_grp;
3095 dev_set_drvdata(dev, drvdata);
3096
3097 retval = device_register(dev);
3098 if (retval)
3099 goto error;
3100
3101 return dev;
3102
3103error:
3104 put_device(dev);
3105 if (cdev)
3106 cdev_del(&driver->cdevs[index]);
3107 return ERR_PTR(retval);
1da177e4 3108}
6915c0e4 3109EXPORT_SYMBOL_GPL(tty_register_device_attr);
1da177e4
LT		 3110
3111/**
af9b897e
AC		 3112 * tty_unregister_device - unregister a tty device
3113 * @driver: the tty driver that describes the tty device
3114 * @index: the index in the tty driver for this tty device
1da177e4 3115 *
af9b897e
AC		 3116 * If a tty device is registered with a call to tty_register_device() then
3117 * this function must be called when the tty device is gone.
3118 *
3119 * Locking: ??
1da177e4 3120 */
af9b897e 3121
1da177e4
LT		 3122void tty_unregister_device(struct tty_driver *driver, unsigned index)
3123{
37bdfb07
AC		 3124 device_destroy(tty_class,
3125 MKDEV(driver->major, driver->minor_start) + index);
7e73eca6
JS		 3126 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC))
3127 cdev_del(&driver->cdevs[index]);
1da177e4 3128}
1da177e4
LT		 3129EXPORT_SYMBOL(tty_unregister_device);
3130
7f0bc6a6
JS		 3131/**
3132 * __tty_alloc_driver -- allocate tty driver
3133 * @lines: count of lines this driver can handle at most
3134 * @owner: module which is repsonsible for this driver
3135 * @flags: some of TTY_DRIVER_* flags, will be set in driver->flags
3136 *
3137 * This should not be called directly, some of the provided macros should be
3138 * used instead. Use IS_ERR and friends on @retval.
3139 */
3140struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner,
3141 unsigned long flags)
1da177e4
LT		 3142{
3143 struct tty_driver *driver;
7e73eca6 3144 unsigned int cdevs = 1;
16a02081 3145 int err;
1da177e4 3146
0019b408 3147 if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1))
7f0bc6a6
JS		 3148 return ERR_PTR(-EINVAL);
3149
506eb99a 3150 driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL);
7f0bc6a6
JS		 3151 if (!driver)
3152 return ERR_PTR(-ENOMEM);
3153
3154 kref_init(&driver->kref);
3155 driver->magic = TTY_DRIVER_MAGIC;
3156 driver->num = lines;
3157 driver->owner = owner;
3158 driver->flags = flags;
16a02081
JS		 3159
3160 if (!(flags & TTY_DRIVER_DEVPTS_MEM)) {
3161 driver->ttys = kcalloc(lines, sizeof(*driver->ttys),
3162 GFP_KERNEL);
3163 driver->termios = kcalloc(lines, sizeof(*driver->termios),
3164 GFP_KERNEL);
3165 if (!driver->ttys || !driver->termios) {
3166 err = -ENOMEM;
3167 goto err_free_all;
3168 }
3169 }
3170
3171 if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3172 driver->ports = kcalloc(lines, sizeof(*driver->ports),
3173 GFP_KERNEL);
3174 if (!driver->ports) {
3175 err = -ENOMEM;
3176 goto err_free_all;
3177 }
7e73eca6
JS		 3178 cdevs = lines;
3179 }
3180
3181 driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL);
3182 if (!driver->cdevs) {
3183 err = -ENOMEM;
3184 goto err_free_all;
16a02081 3185 }
7f0bc6a6 3186
1da177e4 3187 return driver;
16a02081
JS		 3188err_free_all:
3189 kfree(driver->ports);
3190 kfree(driver->ttys);
3191 kfree(driver->termios);
3192 kfree(driver);
3193 return ERR_PTR(err);
1da177e4 3194}
7f0bc6a6 3195EXPORT_SYMBOL(__tty_alloc_driver);
1da177e4 3196
7d7b93c1 3197static void destruct_tty_driver(struct kref *kref)
1da177e4 3198{
7d7b93c1
AC		 3199 struct tty_driver *driver = container_of(kref, struct tty_driver, kref);
3200 int i;
3201 struct ktermios *tp;
7d7b93c1
AC		 3202
3203 if (driver->flags & TTY_DRIVER_INSTALLED) {
3204 /*
3205 * Free the termios and termios_locked structures because
3206 * we don't want to get memory leaks when modular tty
3207 * drivers are removed from the kernel.
3208 */
3209 for (i = 0; i < driver->num; i++) {
3210 tp = driver->termios[i];
3211 if (tp) {
3212 driver->termios[i] = NULL;
3213 kfree(tp);
3214 }
7d7b93c1
AC		 3215 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3216 tty_unregister_device(driver, i);
3217 }
7d7b93c1 3218 proc_tty_unregister_driver(driver);
7e73eca6
JS		 3219 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)
3220 cdev_del(&driver->cdevs[0]);
7d7b93c1 3221 }
7e73eca6 3222 kfree(driver->cdevs);
04831dc1 3223 kfree(driver->ports);
16a02081
JS		 3224 kfree(driver->termios);
3225 kfree(driver->ttys);
1da177e4
LT		 3226 kfree(driver);
3227}
3228
7d7b93c1
AC		 3229void tty_driver_kref_put(struct tty_driver *driver)
3230{
3231 kref_put(&driver->kref, destruct_tty_driver);
3232}
3233EXPORT_SYMBOL(tty_driver_kref_put);
3234
b68e31d0
JD		 3235void tty_set_operations(struct tty_driver *driver,
3236 const struct tty_operations *op)
1da177e4 3237{
f34d7a5b
AC		 3238 driver->ops = op;
3239};
7d7b93c1 3240EXPORT_SYMBOL(tty_set_operations);
1da177e4 3241
7d7b93c1
AC		 3242void put_tty_driver(struct tty_driver *d)
3243{
3244 tty_driver_kref_put(d);
3245}
1da177e4 3246EXPORT_SYMBOL(put_tty_driver);
1da177e4
LT		 3247
3248/*
3249 * Called by a tty driver to register itself.
3250 */
3251int tty_register_driver(struct tty_driver *driver)
3252{
3253 int error;
37bdfb07 3254 int i;
1da177e4 3255 dev_t dev;
b670bde0 3256 struct device *d;
1da177e4 3257
1da177e4 3258 if (!driver->major) {
37bdfb07
AC		 3259 error = alloc_chrdev_region(&dev, driver->minor_start,
3260 driver->num, driver->name);
1da177e4
LT		 3261 if (!error) {
3262 driver->major = MAJOR(dev);
3263 driver->minor_start = MINOR(dev);
3264 }
3265 } else {
3266 dev = MKDEV(driver->major, driver->minor_start);
e5717c48 3267 error = register_chrdev_region(dev, driver->num, driver->name);
1da177e4 3268 }
9bb8a3d4 3269 if (error < 0)
16a02081 3270 goto err;
1da177e4 3271
7e73eca6
JS		 3272 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) {
3273 error = tty_cdev_add(driver, dev, 0, driver->num);
3274 if (error)
3275 goto err_unreg_char;
3276 }
1da177e4 3277
ca509f69 3278 mutex_lock(&tty_mutex);
1da177e4 3279 list_add(&driver->tty_drivers, &tty_drivers);
ca509f69 3280 mutex_unlock(&tty_mutex);
37bdfb07
AC		 3281
3282 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
b670bde0
VK		 3283 for (i = 0; i < driver->num; i++) {
3284 d = tty_register_device(driver, i, NULL);
3285 if (IS_ERR(d)) {
3286 error = PTR_ERR(d);
16a02081 3287 goto err_unreg_devs;
b670bde0
VK		 3288 }
3289 }
1da177e4
LT		 3290 }
3291 proc_tty_register_driver(driver);
7d7b93c1 3292 driver->flags |= TTY_DRIVER_INSTALLED;
1da177e4 3293 return 0;
b670bde0 3294
16a02081 3295err_unreg_devs:
b670bde0
VK		 3296 for (i--; i >= 0; i--)
3297 tty_unregister_device(driver, i);
3298
3299 mutex_lock(&tty_mutex);
3300 list_del(&driver->tty_drivers);
3301 mutex_unlock(&tty_mutex);
3302
9bb8a3d4 3303err_unreg_char:
b670bde0 3304 unregister_chrdev_region(dev, driver->num);
16a02081 3305err:
b670bde0 3306 return error;
1da177e4 3307}
1da177e4
LT		 3308EXPORT_SYMBOL(tty_register_driver);
3309
3310/*
3311 * Called by a tty driver to unregister itself.
3312 */
3313int tty_unregister_driver(struct tty_driver *driver)
3314{
7d7b93c1
AC		 3315#if 0
3316 /* FIXME */
1da177e4
LT		 3317 if (driver->refcount)
3318 return -EBUSY;
7d7b93c1 3319#endif
1da177e4
LT		 3320 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3321 driver->num);
ca509f69 3322 mutex_lock(&tty_mutex);
1da177e4 3323 list_del(&driver->tty_drivers);
ca509f69 3324 mutex_unlock(&tty_mutex);
1da177e4
LT		 3325 return 0;
3326}
7d7b93c1 3327
1da177e4
LT		 3328EXPORT_SYMBOL(tty_unregister_driver);
3329
24ec839c
PZ		 3330dev_t tty_devnum(struct tty_struct *tty)
3331{
3332 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3333}
3334EXPORT_SYMBOL(tty_devnum);
3335
3336void proc_clear_tty(struct task_struct *p)
3337{
7c3b1dcf 3338 unsigned long flags;
9c9f4ded 3339 struct tty_struct *tty;
7c3b1dcf 3340 spin_lock_irqsave(&p->sighand->siglock, flags);
9c9f4ded 3341 tty = p->signal->tty;
24ec839c 3342 p->signal->tty = NULL;
7c3b1dcf 3343 spin_unlock_irqrestore(&p->sighand->siglock, flags);
9c9f4ded 3344 tty_kref_put(tty);
24ec839c 3345}
24ec839c 3346
47f86834
AC		 3347/* Called under the sighand lock */
3348
2a65f1d9 3349static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
24ec839c
PZ		 3350{
3351 if (tty) {
47f86834
AC		 3352 unsigned long flags;
3353 /* We should not have a session or pgrp to put here but.... */
3354 spin_lock_irqsave(&tty->ctrl_lock, flags);
d9c1e9a8
EB		 3355 put_pid(tty->session);
3356 put_pid(tty->pgrp);
ab521dc0 3357 tty->pgrp = get_pid(task_pgrp(tsk));
47f86834
AC		 3358 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
3359 tty->session = get_pid(task_session(tsk));
9c9f4ded
AC		 3360 if (tsk->signal->tty) {
3361 printk(KERN_DEBUG "tty not NULL!!\n");
3362 tty_kref_put(tsk->signal->tty);
3363 }
24ec839c 3364 }
2a65f1d9 3365 put_pid(tsk->signal->tty_old_pgrp);
9c9f4ded 3366 tsk->signal->tty = tty_kref_get(tty);
ab521dc0 3367 tsk->signal->tty_old_pgrp = NULL;
24ec839c
PZ		 3368}
3369
98a27ba4 3370static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
24ec839c
PZ		 3371{
3372 spin_lock_irq(&tsk->sighand->siglock);
2a65f1d9 3373 __proc_set_tty(tsk, tty);
24ec839c
PZ		 3374 spin_unlock_irq(&tsk->sighand->siglock);
3375}
3376
3377struct tty_struct *get_current_tty(void)
3378{
3379 struct tty_struct *tty;
934e6ebf
AC		 3380 unsigned long flags;
3381
3382 spin_lock_irqsave(&current->sighand->siglock, flags);
452a00d2 3383 tty = tty_kref_get(current->signal->tty);
934e6ebf 3384 spin_unlock_irqrestore(&current->sighand->siglock, flags);
24ec839c
PZ		 3385 return tty;
3386}
a311f743 3387EXPORT_SYMBOL_GPL(get_current_tty);
1da177e4 3388
d81ed103
AC		 3389void tty_default_fops(struct file_operations *fops)
3390{
3391 *fops = tty_fops;
3392}
3393
1da177e4
LT		 3394/*
3395 * Initialize the console device. This is called *early*, so
3396 * we can't necessarily depend on lots of kernel help here.
3397 * Just do some early initializations, and do the complex setup
3398 * later.
3399 */
3400void __init console_init(void)
3401{
3402 initcall_t *call;
3403
3404 /* Setup the default TTY line discipline. */
01e1abb2 3405 tty_ldisc_begin();
1da177e4
LT		 3406
3407 /*
37bdfb07 3408 * set up the console device so that later boot sequences can
1da177e4
LT		 3409 * inform about problems etc..
3410 */
1da177e4
LT		 3411 call = __con_initcall_start;
3412 while (call < __con_initcall_end) {
3413 (*call)();
3414 call++;
3415 }
3416}
3417
2c9ede55 3418static char *tty_devnode(struct device *dev, umode_t *mode)
e454cea2
KS		 3419{
3420 if (!mode)
3421 return NULL;
3422 if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) ||
3423 dev->devt == MKDEV(TTYAUX_MAJOR, 2))
3424 *mode = 0666;
3425 return NULL;
3426}
3427
1da177e4
LT		 3428static int __init tty_class_init(void)
3429{
7fe845d1 3430 tty_class = class_create(THIS_MODULE, "tty");
1da177e4
LT		 3431 if (IS_ERR(tty_class))
3432 return PTR_ERR(tty_class);
e454cea2 3433 tty_class->devnode = tty_devnode;
1da177e4
LT		 3434 return 0;
3435}
3436
3437postcore_initcall(tty_class_init);
3438
3439/* 3/2004 jmc: why do these devices exist? */
1da177e4 3440static struct cdev tty_cdev, console_cdev;
1da177e4 3441
fbc92a34
KS		 3442static ssize_t show_cons_active(struct device *dev,
3443 struct device_attribute *attr, char *buf)
3444{
3445 struct console *cs[16];
3446 int i = 0;
3447 struct console *c;
3448 ssize_t count = 0;
3449
ac751efa 3450 console_lock();
a2a6a822 3451 for_each_console(c) {
fbc92a34
KS		 3452 if (!c->device)
3453 continue;
3454 if (!c->write)
3455 continue;
3456 if ((c->flags & CON_ENABLED) == 0)
3457 continue;
3458 cs[i++] = c;
3459 if (i >= ARRAY_SIZE(cs))
3460 break;
3461 }
3462 while (i--)
3463 count += sprintf(buf + count, "%s%d%c",
3464 cs[i]->name, cs[i]->index, i ? ' ':'\n');
ac751efa 3465 console_unlock();
fbc92a34
KS		 3466
3467 return count;
3468}
3469static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL);
3470
3471static struct device *consdev;
3472
3473void console_sysfs_notify(void)
3474{
3475 if (consdev)
3476 sysfs_notify(&consdev->kobj, NULL, "active");
3477}
3478
1da177e4
LT		 3479/*
3480 * Ok, now we can initialize the rest of the tty devices and can count
3481 * on memory allocations, interrupts etc..
3482 */
31d1d48e 3483int __init tty_init(void)
1da177e4
LT		 3484{
3485 cdev_init(&tty_cdev, &tty_fops);
3486 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3487 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3488 panic("Couldn't register /dev/tty driver\n");
fbc92a34 3489 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty");
1da177e4
LT		 3490
3491 cdev_init(&console_cdev, &console_fops);
3492 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3493 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3494 panic("Couldn't register /dev/console driver\n");
fbc92a34 3495 consdev = device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), NULL,
47aa5793 3496 "console");
fbc92a34
KS		 3497 if (IS_ERR(consdev))
3498 consdev = NULL;
3499 else
a2a6a822 3500 WARN_ON(device_create_file(consdev, &dev_attr_active) < 0);
1da177e4 3501
1da177e4 3502#ifdef CONFIG_VT
d81ed103 3503 vty_init(&console_fops);
1da177e4
LT		 3504#endif
3505 return 0;
3506}
31d1d48e 3507
Linux 6.x block layer and io_uring tree(s)