projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
aio: fix possible invalid memory access when DEBUG is enabled
[linux-2.6-block.git] / drivers / tty / tty_io.c
CommitLineData
1da177e4 1/*
1da177e4
LT		 2 * Copyright (C) 1991, 1992 Linus Torvalds
3 */
4
5/*
6 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
7 * or rs-channels. It also implements echoing, cooked mode etc.
8 *
9 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
10 *
11 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
12 * tty_struct and tty_queue structures. Previously there was an array
13 * of 256 tty_struct's which was statically allocated, and the
14 * tty_queue structures were allocated at boot time. Both are now
15 * dynamically allocated only when the tty is open.
16 *
17 * Also restructured routines so that there is more of a separation
18 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
19 * the low-level tty routines (serial.c, pty.c, console.c). This
37bdfb07 20 * makes for cleaner and more compact code. -TYT, 9/17/92
1da177e4
LT		 21 *
22 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
23 * which can be dynamically activated and de-activated by the line
24 * discipline handling modules (like SLIP).
25 *
26 * NOTE: pay no attention to the line discipline code (yet); its
27 * interface is still subject to change in this version...
28 * -- TYT, 1/31/92
29 *
30 * Added functionality to the OPOST tty handling. No delays, but all
31 * other bits should be there.
32 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
33 *
34 * Rewrote canonical mode and added more termios flags.
35 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
36 *
37 * Reorganized FASYNC support so mouse code can share it.
38 * -- ctm@ardi.com, 9Sep95
39 *
40 * New TIOCLINUX variants added.
41 * -- mj@k332.feld.cvut.cz, 19-Nov-95
37bdfb07 42 *
1da177e4
LT		 43 * Restrict vt switching via ioctl()
44 * -- grif@cs.ucr.edu, 5-Dec-95
45 *
46 * Move console and virtual terminal code to more appropriate files,
47 * implement CONFIG_VT and generalize console device interface.
48 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
49 *
d81ed103 50 * Rewrote tty_init_dev and tty_release_dev to eliminate races.
1da177e4
LT		 51 * -- Bill Hawes <whawes@star.net>, June 97
52 *
53 * Added devfs support.
54 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
55 *
56 * Added support for a Unix98-style ptmx device.
57 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
58 *
59 * Reduced memory usage for older ARM systems
60 * -- Russell King <rmk@arm.linux.org.uk>
61 *
62 * Move do_SAK() into process context. Less stack use in devfs functions.
37bdfb07
AC		 63 * alloc_tty_struct() always uses kmalloc()
64 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
1da177e4
LT		 65 */
66
1da177e4
LT		 67#include <linux/types.h>
68#include <linux/major.h>
69#include <linux/errno.h>
70#include <linux/signal.h>
71#include <linux/fcntl.h>
72#include <linux/sched.h>
73#include <linux/interrupt.h>
74#include <linux/tty.h>
75#include <linux/tty_driver.h>
76#include <linux/tty_flip.h>
77#include <linux/devpts_fs.h>
78#include <linux/file.h>
9f3acc31 79#include <linux/fdtable.h>
1da177e4
LT		 80#include <linux/console.h>
81#include <linux/timer.h>
82#include <linux/ctype.h>
83#include <linux/kd.h>
84#include <linux/mm.h>
85#include <linux/string.h>
86#include <linux/slab.h>
87#include <linux/poll.h>
88#include <linux/proc_fs.h>
89#include <linux/init.h>
90#include <linux/module.h>
1da177e4 91#include <linux/device.h>
1da177e4
LT		 92#include <linux/wait.h>
93#include <linux/bitops.h>
b20f3ae5 94#include <linux/delay.h>
a352def2 95#include <linux/seq_file.h>
d281da7f 96#include <linux/serial.h>
5a3c6b25 97#include <linux/ratelimit.h>
1da177e4 98
a352def2 99#include <linux/uaccess.h>
1da177e4
LT		 100
101#include <linux/kbd_kern.h>
102#include <linux/vt_kern.h>
103#include <linux/selection.h>
1da177e4
LT		 104
105#include <linux/kmod.h>
b488893a 106#include <linux/nsproxy.h>
1da177e4
LT		 107
108#undef TTY_DEBUG_HANGUP
109
110#define TTY_PARANOIA_CHECK 1
111#define CHECK_TTY_COUNT 1
112
edc6afc5 113struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
1da177e4
LT		 114 .c_iflag = ICRNL | IXON,
115 .c_oflag = OPOST | ONLCR,
116 .c_cflag = B38400 | CS8 | CREAD | HUPCL,
117 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
118 ECHOCTL | ECHOKE | IEXTEN,
edc6afc5
AC		 119 .c_cc = INIT_C_CC,
120 .c_ispeed = 38400,
121 .c_ospeed = 38400
1da177e4
LT		 122};
123
124EXPORT_SYMBOL(tty_std_termios);
125
126/* This list gets poked at by procfs and various bits of boot up code. This
127 could do with some rationalisation such as pulling the tty proc function
128 into this file */
37bdfb07 129
1da177e4
LT		 130LIST_HEAD(tty_drivers); /* linked list of tty drivers */
131
24ec839c 132/* Mutex to protect creating and releasing a tty. This is shared with
1da177e4 133 vt.c for deeply disgusting hack reasons */
70522e12 134DEFINE_MUTEX(tty_mutex);
de2a84f2 135EXPORT_SYMBOL(tty_mutex);
1da177e4 136
ee2ffa0d
NP		 137/* Spinlock to protect the tty->tty_files list */
138DEFINE_SPINLOCK(tty_files_lock);
139
1da177e4
LT		 140static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
141static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
37bdfb07
AC		 142ssize_t redirected_tty_write(struct file *, const char __user *,
143 size_t, loff_t *);
1da177e4
LT		 144static unsigned int tty_poll(struct file *, poll_table *);
145static int tty_open(struct inode *, struct file *);
04f378b1 146long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
e10cc1df 147#ifdef CONFIG_COMPAT
37bdfb07 148static long tty_compat_ioctl(struct file *file, unsigned int cmd,
e10cc1df
PF		 149 unsigned long arg);
150#else
151#define tty_compat_ioctl NULL
152#endif
ec79d605 153static int __tty_fasync(int fd, struct file *filp, int on);
37bdfb07 154static int tty_fasync(int fd, struct file *filp, int on);
d5698c28 155static void release_tty(struct tty_struct *tty, int idx);
2a65f1d9 156static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
98a27ba4 157static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
1da177e4 158
af9b897e
AC		 159/**
160 * alloc_tty_struct - allocate a tty object
161 *
162 * Return a new empty tty structure. The data fields have not
163 * been initialized in any way but has been zeroed
164 *
165 * Locking: none
af9b897e 166 */
1da177e4 167
bf970ee4 168struct tty_struct *alloc_tty_struct(void)
1da177e4 169{
1266b1e1 170 return kzalloc(sizeof(struct tty_struct), GFP_KERNEL);
1da177e4
LT		 171}
172
af9b897e
AC		 173/**
174 * free_tty_struct - free a disused tty
175 * @tty: tty struct to free
176 *
177 * Free the write buffers, tty queue and tty memory itself.
178 *
179 * Locking: none. Must be called after tty is definitely unused
180 */
181
bf970ee4 182void free_tty_struct(struct tty_struct *tty)
1da177e4 183{
dc6802a7
DC		 184 if (!tty)
185 return;
30004ac9
DES		 186 if (tty->dev)
187 put_device(tty->dev);
1da177e4 188 kfree(tty->write_buf);
89c8d91e 189 tty->magic = 0xDEADDEAD;
1da177e4
LT		 190 kfree(tty);
191}
192
d996b62a
NP		 193static inline struct tty_struct *file_tty(struct file *file)
194{
195 return ((struct tty_file_private *)file->private_data)->tty;
196}
197
fa90e1c9 198int tty_alloc_file(struct file *file)
d996b62a
NP		 199{
200 struct tty_file_private *priv;
201
f573bd17
PE		 202 priv = kmalloc(sizeof(*priv), GFP_KERNEL);
203 if (!priv)
204 return -ENOMEM;
d996b62a 205
fa90e1c9
JS		 206 file->private_data = priv;
207
208 return 0;
209}
210
211/* Associate a new file with the tty structure */
212void tty_add_file(struct tty_struct *tty, struct file *file)
213{
214 struct tty_file_private *priv = file->private_data;
215
d996b62a
NP		 216 priv->tty = tty;
217 priv->file = file;
d996b62a
NP		 218
219 spin_lock(&tty_files_lock);
220 list_add(&priv->list, &tty->tty_files);
221 spin_unlock(&tty_files_lock);
fa90e1c9 222}
f573bd17 223
fa90e1c9
JS		 224/**
225 * tty_free_file - free file->private_data
226 *
227 * This shall be used only for fail path handling when tty_add_file was not
228 * called yet.
229 */
230void tty_free_file(struct file *file)
231{
232 struct tty_file_private *priv = file->private_data;
233
234 file->private_data = NULL;
235 kfree(priv);
d996b62a
NP		 236}
237
238/* Delete file from its tty */
2520e274 239static void tty_del_file(struct file *file)
d996b62a
NP		 240{
241 struct tty_file_private *priv = file->private_data;
242
243 spin_lock(&tty_files_lock);
244 list_del(&priv->list);
245 spin_unlock(&tty_files_lock);
fa90e1c9 246 tty_free_file(file);
d996b62a
NP		 247}
248
249
1da177e4
LT		 250#define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
251
af9b897e
AC		 252/**
253 * tty_name - return tty naming
254 * @tty: tty structure
255 * @buf: buffer for output
256 *
257 * Convert a tty structure into a name. The name reflects the kernel
258 * naming policy and if udev is in use may not reflect user space
259 *
260 * Locking: none
261 */
262
1da177e4
LT		 263char *tty_name(struct tty_struct *tty, char *buf)
264{
265 if (!tty) /* Hmm. NULL pointer. That's fun. */
266 strcpy(buf, "NULL tty");
267 else
268 strcpy(buf, tty->name);
269 return buf;
270}
271
272EXPORT_SYMBOL(tty_name);
273
d769a669 274int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
1da177e4
LT		 275 const char *routine)
276{
277#ifdef TTY_PARANOIA_CHECK
278 if (!tty) {
279 printk(KERN_WARNING
280 "null TTY for (%d:%d) in %s\n",
281 imajor(inode), iminor(inode), routine);
282 return 1;
283 }
284 if (tty->magic != TTY_MAGIC) {
285 printk(KERN_WARNING
286 "bad magic number for tty struct (%d:%d) in %s\n",
287 imajor(inode), iminor(inode), routine);
288 return 1;
289 }
290#endif
291 return 0;
292}
293
294static int check_tty_count(struct tty_struct *tty, const char *routine)
295{
296#ifdef CHECK_TTY_COUNT
297 struct list_head *p;
298 int count = 0;
37bdfb07 299
ee2ffa0d 300 spin_lock(&tty_files_lock);
1da177e4
LT		 301 list_for_each(p, &tty->tty_files) {
302 count++;
303 }
ee2ffa0d 304 spin_unlock(&tty_files_lock);
1da177e4
LT		 305 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
306 tty->driver->subtype == PTY_TYPE_SLAVE &&
307 tty->link && tty->link->count)
308 count++;
309 if (tty->count != count) {
310 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
311 "!= #fd's(%d) in %s\n",
312 tty->name, tty->count, count, routine);
313 return count;
24ec839c 314 }
1da177e4
LT		 315#endif
316 return 0;
317}
318
af9b897e
AC		 319/**
320 * get_tty_driver - find device of a tty
321 * @dev_t: device identifier
322 * @index: returns the index of the tty
323 *
324 * This routine returns a tty driver structure, given a device number
325 * and also passes back the index number.
326 *
327 * Locking: caller must hold tty_mutex
1da177e4 328 */
af9b897e 329
1da177e4
LT		 330static struct tty_driver *get_tty_driver(dev_t device, int *index)
331{
332 struct tty_driver *p;
333
334 list_for_each_entry(p, &tty_drivers, tty_drivers) {
335 dev_t base = MKDEV(p->major, p->minor_start);
336 if (device < base || device >= base + p->num)
337 continue;
338 *index = device - base;
7d7b93c1 339 return tty_driver_kref_get(p);
1da177e4
LT		 340 }
341 return NULL;
342}
343
f2d937f3
JW		 344#ifdef CONFIG_CONSOLE_POLL
345
346/**
347 * tty_find_polling_driver - find device of a polled tty
348 * @name: name string to match
349 * @line: pointer to resulting tty line nr
350 *
351 * This routine returns a tty driver structure, given a name
352 * and the condition that the tty driver is capable of polled
353 * operation.
354 */
355struct tty_driver *tty_find_polling_driver(char *name, int *line)
356{
357 struct tty_driver *p, *res = NULL;
358 int tty_line = 0;
0dca0fd2 359 int len;
5f0878ac 360 char *str, *stp;
f2d937f3 361
0dca0fd2
JW		 362 for (str = name; *str; str++)
363 if ((*str >= '0' && *str <= '9') || *str == ',')
364 break;
365 if (!*str)
366 return NULL;
367
368 len = str - name;
369 tty_line = simple_strtoul(str, &str, 10);
370
f2d937f3
JW		 371 mutex_lock(&tty_mutex);
372 /* Search through the tty devices to look for a match */
373 list_for_each_entry(p, &tty_drivers, tty_drivers) {
0dca0fd2
JW		 374 if (strncmp(name, p->name, len) != 0)
375 continue;
5f0878ac
AC		 376 stp = str;
377 if (*stp == ',')
378 stp++;
379 if (*stp == '\0')
380 stp = NULL;
f2d937f3 381
6eb68d6f 382 if (tty_line >= 0 && tty_line < p->num && p->ops &&
5f0878ac 383 p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) {
7d7b93c1 384 res = tty_driver_kref_get(p);
f2d937f3
JW		 385 *line = tty_line;
386 break;
387 }
388 }
389 mutex_unlock(&tty_mutex);
390
391 return res;
392}
393EXPORT_SYMBOL_GPL(tty_find_polling_driver);
394#endif
395
af9b897e
AC		 396/**
397 * tty_check_change - check for POSIX terminal changes
398 * @tty: tty to check
399 *
400 * If we try to write to, or set the state of, a terminal and we're
401 * not in the foreground, send a SIGTTOU. If the signal is blocked or
402 * ignored, go ahead and perform the operation. (POSIX 7.2)
403 *
978e595f 404 * Locking: ctrl_lock
1da177e4 405 */
af9b897e 406
37bdfb07 407int tty_check_change(struct tty_struct *tty)
1da177e4 408{
47f86834
AC		 409 unsigned long flags;
410 int ret = 0;
411
1da177e4
LT		 412 if (current->signal->tty != tty)
413 return 0;
47f86834
AC		 414
415 spin_lock_irqsave(&tty->ctrl_lock, flags);
416
ab521dc0
EB		 417 if (!tty->pgrp) {
418 printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n");
9ffee4cb 419 goto out_unlock;
1da177e4 420 }
ab521dc0 421 if (task_pgrp(current) == tty->pgrp)
9ffee4cb
AM		 422 goto out_unlock;
423 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1da177e4 424 if (is_ignored(SIGTTOU))
47f86834
AC		 425 goto out;
426 if (is_current_pgrp_orphaned()) {
427 ret = -EIO;
428 goto out;
429 }
040b6362
ON		 430 kill_pgrp(task_pgrp(current), SIGTTOU, 1);
431 set_thread_flag(TIF_SIGPENDING);
47f86834
AC		 432 ret = -ERESTARTSYS;
433out:
9ffee4cb
AM		 434 return ret;
435out_unlock:
47f86834
AC		 436 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
437 return ret;
1da177e4
LT		 438}
439
440EXPORT_SYMBOL(tty_check_change);
441
37bdfb07 442static ssize_t hung_up_tty_read(struct file *file, char __user *buf,
1da177e4
LT		 443 size_t count, loff_t *ppos)
444{
445 return 0;
446}
447
37bdfb07 448static ssize_t hung_up_tty_write(struct file *file, const char __user *buf,
1da177e4
LT		 449 size_t count, loff_t *ppos)
450{
451 return -EIO;
452}
453
454/* No kernel lock held - none needed ;) */
37bdfb07 455static unsigned int hung_up_tty_poll(struct file *filp, poll_table *wait)
1da177e4
LT		 456{
457 return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
458}
459
04f378b1
AC		 460static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
461 unsigned long arg)
38ad2ed0
PF		 462{
463 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
464}
465
37bdfb07 466static long hung_up_tty_compat_ioctl(struct file *file,
38ad2ed0 467 unsigned int cmd, unsigned long arg)
1da177e4
LT		 468{
469 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
470}
471
62322d25 472static const struct file_operations tty_fops = {
1da177e4
LT		 473 .llseek = no_llseek,
474 .read = tty_read,
475 .write = tty_write,
476 .poll = tty_poll,
04f378b1 477 .unlocked_ioctl = tty_ioctl,
e10cc1df 478 .compat_ioctl = tty_compat_ioctl,
1da177e4
LT		 479 .open = tty_open,
480 .release = tty_release,
481 .fasync = tty_fasync,
482};
483
62322d25 484static const struct file_operations console_fops = {
1da177e4
LT		 485 .llseek = no_llseek,
486 .read = tty_read,
487 .write = redirected_tty_write,
488 .poll = tty_poll,
04f378b1 489 .unlocked_ioctl = tty_ioctl,
e10cc1df 490 .compat_ioctl = tty_compat_ioctl,
1da177e4
LT		 491 .open = tty_open,
492 .release = tty_release,
493 .fasync = tty_fasync,
494};
495
62322d25 496static const struct file_operations hung_up_tty_fops = {
1da177e4
LT		 497 .llseek = no_llseek,
498 .read = hung_up_tty_read,
499 .write = hung_up_tty_write,
500 .poll = hung_up_tty_poll,
04f378b1 501 .unlocked_ioctl = hung_up_tty_ioctl,
38ad2ed0 502 .compat_ioctl = hung_up_tty_compat_ioctl,
1da177e4
LT		 503 .release = tty_release,
504};
505
506static DEFINE_SPINLOCK(redirect_lock);
507static struct file *redirect;
508
509/**
510 * tty_wakeup - request more data
511 * @tty: terminal
512 *
513 * Internal and external helper for wakeups of tty. This function
514 * informs the line discipline if present that the driver is ready
515 * to receive more output data.
516 */
37bdfb07 517
1da177e4
LT		 518void tty_wakeup(struct tty_struct *tty)
519{
520 struct tty_ldisc *ld;
37bdfb07 521
1da177e4
LT		 522 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
523 ld = tty_ldisc_ref(tty);
37bdfb07 524 if (ld) {
a352def2
AC		 525 if (ld->ops->write_wakeup)
526 ld->ops->write_wakeup(tty);
1da177e4
LT		 527 tty_ldisc_deref(ld);
528 }
529 }
4b19449d 530 wake_up_interruptible_poll(&tty->write_wait, POLLOUT);
1da177e4
LT		 531}
532
533EXPORT_SYMBOL_GPL(tty_wakeup);
534
af9b897e 535/**
11dbf203 536 * __tty_hangup - actual handler for hangup events
65f27f38 537 * @work: tty device
af9b897e 538 *
ef4f527c 539 * This can be called by a "kworker" kernel thread. That is process
af9b897e
AC		 540 * synchronous but doesn't hold any locks, so we need to make sure we
541 * have the appropriate locks for what we're doing.
542 *
543 * The hangup event clears any pending redirections onto the hung up
544 * device. It ensures future writes will error and it does the needed
545 * line discipline hangup and signal delivery. The tty object itself
546 * remains intact.
547 *
548 * Locking:
ec79d605 549 * BTM
24ec839c
PZ		 550 * redirect lock for undoing redirection
551 * file list lock for manipulating list of ttys
552 * tty_ldisc_lock from called functions
553 * termios_mutex resetting termios data
554 * tasklist_lock to walk task list for hangup event
555 * ->siglock to protect ->signal/->sighand
1da177e4 556 */
2520e274 557static void __tty_hangup(struct tty_struct *tty)
1da177e4 558{
37bdfb07 559 struct file *cons_filp = NULL;
1da177e4
LT		 560 struct file *filp, *f = NULL;
561 struct task_struct *p;
d996b62a 562 struct tty_file_private *priv;
1da177e4 563 int closecount = 0, n;
47f86834 564 unsigned long flags;
9c9f4ded 565 int refs = 0;
1da177e4
LT		 566
567 if (!tty)
568 return;
569
1da177e4
LT		 570
571 spin_lock(&redirect_lock);
d996b62a 572 if (redirect && file_tty(redirect) == tty) {
1da177e4
LT		 573 f = redirect;
574 redirect = NULL;
575 }
576 spin_unlock(&redirect_lock);
37bdfb07 577
89c8d91e 578 tty_lock(tty);
11dbf203 579
acfa747b
JS		 580 /* some functions below drop BTM, so we need this bit */
581 set_bit(TTY_HUPPING, &tty->flags);
582
ec79d605
AB		 583 /* inuse_filps is protected by the single tty lock,
584 this really needs to change if we want to flush the
585 workqueue with the lock held */
11dbf203 586 check_tty_count(tty, "tty_hangup");
36ba782e 587
ee2ffa0d 588 spin_lock(&tty_files_lock);
1da177e4 589 /* This breaks for file handles being sent over AF_UNIX sockets ? */
d996b62a
NP		 590 list_for_each_entry(priv, &tty->tty_files, list) {
591 filp = priv->file;
1da177e4
LT		 592 if (filp->f_op->write == redirected_tty_write)
593 cons_filp = filp;
594 if (filp->f_op->write != tty_write)
595 continue;
596 closecount++;
ec79d605 597 __tty_fasync(-1, filp, 0); /* can't block */
1da177e4
LT		 598 filp->f_op = &hung_up_tty_fops;
599 }
ee2ffa0d 600 spin_unlock(&tty_files_lock);
37bdfb07 601
acfa747b
JS		 602 /*
603 * it drops BTM and thus races with reopen
604 * we protect the race by TTY_HUPPING
605 */
c65c9bc3 606 tty_ldisc_hangup(tty);
37bdfb07 607
1da177e4 608 read_lock(&tasklist_lock);
ab521dc0
EB		 609 if (tty->session) {
610 do_each_pid_task(tty->session, PIDTYPE_SID, p) {
24ec839c 611 spin_lock_irq(&p->sighand->siglock);
9c9f4ded 612 if (p->signal->tty == tty) {
1da177e4 613 p->signal->tty = NULL;
9c9f4ded
AC		 614 /* We defer the dereferences outside fo
615 the tasklist lock */
616 refs++;
617 }
24ec839c
PZ		 618 if (!p->signal->leader) {
619 spin_unlock_irq(&p->sighand->siglock);
1da177e4 620 continue;
24ec839c
PZ		 621 }
622 __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
623 __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
ab521dc0 624 put_pid(p->signal->tty_old_pgrp); /* A noop */
47f86834 625 spin_lock_irqsave(&tty->ctrl_lock, flags);
ab521dc0
EB		 626 if (tty->pgrp)
627 p->signal->tty_old_pgrp = get_pid(tty->pgrp);
47f86834 628 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
24ec839c 629 spin_unlock_irq(&p->sighand->siglock);
ab521dc0 630 } while_each_pid_task(tty->session, PIDTYPE_SID, p);
1da177e4
LT		 631 }
632 read_unlock(&tasklist_lock);
633
47f86834 634 spin_lock_irqsave(&tty->ctrl_lock, flags);
c65c9bc3
AC		 635 clear_bit(TTY_THROTTLED, &tty->flags);
636 clear_bit(TTY_PUSH, &tty->flags);
637 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
d9c1e9a8
EB		 638 put_pid(tty->session);
639 put_pid(tty->pgrp);
ab521dc0
EB		 640 tty->session = NULL;
641 tty->pgrp = NULL;
1da177e4 642 tty->ctrl_status = 0;
47f86834
AC		 643 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
644
9c9f4ded
AC		 645 /* Account for the p->signal references we killed */
646 while (refs--)
647 tty_kref_put(tty);
648
1da177e4 649 /*
37bdfb07
AC		 650 * If one of the devices matches a console pointer, we
651 * cannot just call hangup() because that will cause
652 * tty->count and state->count to go out of sync.
653 * So we just call close() the right number of times.
1da177e4
LT		 654 */
655 if (cons_filp) {
f34d7a5b 656 if (tty->ops->close)
1da177e4 657 for (n = 0; n < closecount; n++)
f34d7a5b
AC		 658 tty->ops->close(tty, cons_filp);
659 } else if (tty->ops->hangup)
660 (tty->ops->hangup)(tty);
37bdfb07
AC		 661 /*
662 * We don't want to have driver/ldisc interactions beyond
663 * the ones we did here. The driver layer expects no
664 * calls after ->hangup() from the ldisc side. However we
665 * can't yet guarantee all that.
666 */
1da177e4 667 set_bit(TTY_HUPPED, &tty->flags);
acfa747b 668 clear_bit(TTY_HUPPING, &tty->flags);
c65c9bc3 669 tty_ldisc_enable(tty);
11dbf203 670
89c8d91e 671 tty_unlock(tty);
11dbf203 672
1da177e4
LT		 673 if (f)
674 fput(f);
675}
676
ddcd9fb6
AB		 677static void do_tty_hangup(struct work_struct *work)
678{
679 struct tty_struct *tty =
680 container_of(work, struct tty_struct, hangup_work);
681
11dbf203 682 __tty_hangup(tty);
ddcd9fb6
AB		 683}
684
af9b897e
AC		 685/**
686 * tty_hangup - trigger a hangup event
687 * @tty: tty to hangup
688 *
689 * A carrier loss (virtual or otherwise) has occurred on this like
690 * schedule a hangup sequence to run after this event.
691 */
692
37bdfb07 693void tty_hangup(struct tty_struct *tty)
1da177e4
LT		 694{
695#ifdef TTY_DEBUG_HANGUP
696 char buf[64];
1da177e4
LT		 697 printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
698#endif
699 schedule_work(&tty->hangup_work);
700}
701
702EXPORT_SYMBOL(tty_hangup);
703
af9b897e
AC		 704/**
705 * tty_vhangup - process vhangup
706 * @tty: tty to hangup
707 *
708 * The user has asked via system call for the terminal to be hung up.
709 * We do this synchronously so that when the syscall returns the process
3a4fa0a2 710 * is complete. That guarantee is necessary for security reasons.
af9b897e
AC		 711 */
712
37bdfb07 713void tty_vhangup(struct tty_struct *tty)
1da177e4
LT		 714{
715#ifdef TTY_DEBUG_HANGUP
716 char buf[64];
717
718 printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
719#endif
11dbf203 720 __tty_hangup(tty);
1da177e4 721}
37bdfb07 722
1da177e4
LT		 723EXPORT_SYMBOL(tty_vhangup);
724
11dbf203 725
2cb5998b
AC		 726/**
727 * tty_vhangup_self - process vhangup for own ctty
728 *
729 * Perform a vhangup on the current controlling tty
730 */
731
732void tty_vhangup_self(void)
733{
734 struct tty_struct *tty;
735
2cb5998b
AC		 736 tty = get_current_tty();
737 if (tty) {
738 tty_vhangup(tty);
739 tty_kref_put(tty);
740 }
2cb5998b
AC		 741}
742
af9b897e
AC		 743/**
744 * tty_hung_up_p - was tty hung up
745 * @filp: file pointer of tty
746 *
747 * Return true if the tty has been subject to a vhangup or a carrier
748 * loss
749 */
750
37bdfb07 751int tty_hung_up_p(struct file *filp)
1da177e4
LT		 752{
753 return (filp->f_op == &hung_up_tty_fops);
754}
755
756EXPORT_SYMBOL(tty_hung_up_p);
757
ab521dc0 758static void session_clear_tty(struct pid *session)
24ec839c
PZ		 759{
760 struct task_struct *p;
ab521dc0 761 do_each_pid_task(session, PIDTYPE_SID, p) {
24ec839c 762 proc_clear_tty(p);
ab521dc0 763 } while_each_pid_task(session, PIDTYPE_SID, p);
24ec839c
PZ		 764}
765
af9b897e
AC		 766/**
767 * disassociate_ctty - disconnect controlling tty
768 * @on_exit: true if exiting so need to "hang up" the session
1da177e4 769 *
af9b897e
AC		 770 * This function is typically called only by the session leader, when
771 * it wants to disassociate itself from its controlling tty.
772 *
773 * It performs the following functions:
1da177e4
LT		 774 * (1) Sends a SIGHUP and SIGCONT to the foreground process group
775 * (2) Clears the tty from being controlling the session
776 * (3) Clears the controlling tty for all processes in the
777 * session group.
778 *
af9b897e
AC		 779 * The argument on_exit is set to 1 if called when a process is
780 * exiting; it is 0 if called by the ioctl TIOCNOTTY.
781 *
24ec839c 782 * Locking:
ec79d605
AB		 783 * BTM is taken for hysterical raisins, and held when
784 * called from no_tty().
24ec839c
PZ		 785 * tty_mutex is taken to protect tty
786 * ->siglock is taken to protect ->signal/->sighand
787 * tasklist_lock is taken to walk process list for sessions
788 * ->siglock is taken to protect ->signal/->sighand
1da177e4 789 */
af9b897e 790
1da177e4
LT		 791void disassociate_ctty(int on_exit)
792{
793 struct tty_struct *tty;
1da177e4 794
5ec93d11
AC		 795 if (!current->signal->leader)
796 return;
1da177e4 797
24ec839c 798 tty = get_current_tty();
1da177e4 799 if (tty) {
1411dc4a 800 struct pid *tty_pgrp = get_pid(tty->pgrp);
ddcd9fb6 801 if (on_exit) {
ddcd9fb6 802 if (tty->driver->type != TTY_DRIVER_TYPE_PTY)
11dbf203 803 tty_vhangup(tty);
ddcd9fb6 804 }
452a00d2 805 tty_kref_put(tty);
1411dc4a
JS		 806 if (tty_pgrp) {
807 kill_pgrp(tty_pgrp, SIGHUP, on_exit);
808 if (!on_exit)
809 kill_pgrp(tty_pgrp, SIGCONT, on_exit);
810 put_pid(tty_pgrp);
811 }
680a9671 812 } else if (on_exit) {
ab521dc0 813 struct pid *old_pgrp;
680a9671
EB		 814 spin_lock_irq(&current->sighand->siglock);
815 old_pgrp = current->signal->tty_old_pgrp;
ab521dc0 816 current->signal->tty_old_pgrp = NULL;
680a9671 817 spin_unlock_irq(&current->sighand->siglock);
24ec839c 818 if (old_pgrp) {
ab521dc0
EB		 819 kill_pgrp(old_pgrp, SIGHUP, on_exit);
820 kill_pgrp(old_pgrp, SIGCONT, on_exit);
821 put_pid(old_pgrp);
1da177e4 822 }
1da177e4
LT		 823 return;
824 }
1da177e4 825
24ec839c 826 spin_lock_irq(&current->sighand->siglock);
2a65f1d9 827 put_pid(current->signal->tty_old_pgrp);
23cac8de 828 current->signal->tty_old_pgrp = NULL;
24ec839c
PZ		 829 spin_unlock_irq(&current->sighand->siglock);
830
24ec839c
PZ		 831 tty = get_current_tty();
832 if (tty) {
47f86834
AC		 833 unsigned long flags;
834 spin_lock_irqsave(&tty->ctrl_lock, flags);
ab521dc0
EB		 835 put_pid(tty->session);
836 put_pid(tty->pgrp);
837 tty->session = NULL;
838 tty->pgrp = NULL;
47f86834 839 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
452a00d2 840 tty_kref_put(tty);
24ec839c
PZ		 841 } else {
842#ifdef TTY_DEBUG_HANGUP
843 printk(KERN_DEBUG "error attempted to write to tty [0x%p]"
844 " = NULL", tty);
845#endif
846 }
1da177e4
LT		 847
848 /* Now clear signal->tty under the lock */
849 read_lock(&tasklist_lock);
ab521dc0 850 session_clear_tty(task_session(current));
1da177e4 851 read_unlock(&tasklist_lock);
1da177e4
LT		 852}
853
98a27ba4
EB		 854/**
855 *
856 * no_tty - Ensure the current process does not have a controlling tty
857 */
858void no_tty(void)
859{
3af502b9
AC		 860 /* FIXME: Review locking here. The tty_lock never covered any race
861 between a new association and proc_clear_tty but possible we need
862 to protect against this anyway */
98a27ba4 863 struct task_struct *tsk = current;
5ec93d11 864 disassociate_ctty(0);
98a27ba4
EB		 865 proc_clear_tty(tsk);
866}
867
af9b897e
AC		 868
869/**
beb7dd86 870 * stop_tty - propagate flow control
af9b897e
AC		 871 * @tty: tty to stop
872 *
873 * Perform flow control to the driver. For PTY/TTY pairs we
beb7dd86 874 * must also propagate the TIOCKPKT status. May be called
af9b897e
AC		 875 * on an already stopped device and will not re-call the driver
876 * method.
877 *
878 * This functionality is used by both the line disciplines for
879 * halting incoming flow and by the driver. It may therefore be
880 * called from any context, may be under the tty atomic_write_lock
881 * but not always.
882 *
883 * Locking:
04f378b1 884 * Uses the tty control lock internally
af9b897e
AC		 885 */
886
1da177e4
LT		 887void stop_tty(struct tty_struct *tty)
888{
04f378b1
AC		 889 unsigned long flags;
890 spin_lock_irqsave(&tty->ctrl_lock, flags);
891 if (tty->stopped) {
892 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1da177e4 893 return;
04f378b1 894 }
1da177e4
LT		 895 tty->stopped = 1;
896 if (tty->link && tty->link->packet) {
897 tty->ctrl_status &= ~TIOCPKT_START;
898 tty->ctrl_status |= TIOCPKT_STOP;
4b19449d 899 wake_up_interruptible_poll(&tty->link->read_wait, POLLIN);
1da177e4 900 }
04f378b1 901 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
f34d7a5b
AC		 902 if (tty->ops->stop)
903 (tty->ops->stop)(tty);
1da177e4
LT		 904}
905
906EXPORT_SYMBOL(stop_tty);
907
af9b897e 908/**
beb7dd86 909 * start_tty - propagate flow control
af9b897e
AC		 910 * @tty: tty to start
911 *
912 * Start a tty that has been stopped if at all possible. Perform
3a4fa0a2 913 * any necessary wakeups and propagate the TIOCPKT status. If this
af9b897e
AC		 914 * is the tty was previous stopped and is being started then the
915 * driver start method is invoked and the line discipline woken.
916 *
917 * Locking:
04f378b1 918 * ctrl_lock
af9b897e
AC		 919 */
920
1da177e4
LT		 921void start_tty(struct tty_struct *tty)
922{
04f378b1
AC		 923 unsigned long flags;
924 spin_lock_irqsave(&tty->ctrl_lock, flags);
925 if (!tty->stopped || tty->flow_stopped) {
926 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1da177e4 927 return;
04f378b1 928 }
1da177e4
LT		 929 tty->stopped = 0;
930 if (tty->link && tty->link->packet) {
931 tty->ctrl_status &= ~TIOCPKT_STOP;
932 tty->ctrl_status |= TIOCPKT_START;
4b19449d 933 wake_up_interruptible_poll(&tty->link->read_wait, POLLIN);
1da177e4 934 }
04f378b1 935 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
f34d7a5b
AC		 936 if (tty->ops->start)
937 (tty->ops->start)(tty);
1da177e4
LT		 938 /* If we have a running line discipline it may need kicking */
939 tty_wakeup(tty);
1da177e4
LT		 940}
941
942EXPORT_SYMBOL(start_tty);
943
af9b897e
AC		 944/**
945 * tty_read - read method for tty device files
946 * @file: pointer to tty file
947 * @buf: user buffer
948 * @count: size of user buffer
949 * @ppos: unused
950 *
951 * Perform the read system call function on this terminal device. Checks
952 * for hung up devices before calling the line discipline method.
953 *
954 * Locking:
47f86834
AC		 955 * Locks the line discipline internally while needed. Multiple
956 * read calls may be outstanding in parallel.
af9b897e
AC		 957 */
958
37bdfb07 959static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
1da177e4
LT		 960 loff_t *ppos)
961{
962 int i;
d996b62a 963 struct tty_struct *tty = file_tty(file);
1da177e4
LT		 964 struct tty_ldisc *ld;
965
6131ffaa 966 if (tty_paranoia_check(tty, file_inode(file), "tty_read"))
1da177e4
LT		 967 return -EIO;
968 if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
969 return -EIO;
970
971 /* We want to wait for the line discipline to sort out in this
972 situation */
973 ld = tty_ldisc_ref_wait(tty);
a352def2
AC		 974 if (ld->ops->read)
975 i = (ld->ops->read)(tty, file, buf, count);
1da177e4
LT		 976 else
977 i = -EIO;
978 tty_ldisc_deref(ld);
b0de59b5 979
1da177e4
LT		 980 return i;
981}
982
9c1729db 983void tty_write_unlock(struct tty_struct *tty)
83c67571 984 __releases(&tty->atomic_write_lock)
9c1729db
AC		 985{
986 mutex_unlock(&tty->atomic_write_lock);
4b19449d 987 wake_up_interruptible_poll(&tty->write_wait, POLLOUT);
9c1729db
AC		 988}
989
990int tty_write_lock(struct tty_struct *tty, int ndelay)
83c67571 991 __acquires(&tty->atomic_write_lock)
9c1729db
AC		 992{
993 if (!mutex_trylock(&tty->atomic_write_lock)) {
994 if (ndelay)
995 return -EAGAIN;
996 if (mutex_lock_interruptible(&tty->atomic_write_lock))
997 return -ERESTARTSYS;
998 }
999 return 0;
1000}
1001
1da177e4
LT		 1002/*
1003 * Split writes up in sane blocksizes to avoid
1004 * denial-of-service type attacks
1005 */
1006static inline ssize_t do_tty_write(
1007 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1008 struct tty_struct *tty,
1009 struct file *file,
1010 const char __user *buf,
1011 size_t count)
1012{
9c1729db 1013 ssize_t ret, written = 0;
1da177e4 1014 unsigned int chunk;
37bdfb07 1015
9c1729db
AC		 1016 ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
1017 if (ret < 0)
1018 return ret;
1da177e4
LT		 1019
1020 /*
1021 * We chunk up writes into a temporary buffer. This
1022 * simplifies low-level drivers immensely, since they
1023 * don't have locking issues and user mode accesses.
1024 *
1025 * But if TTY_NO_WRITE_SPLIT is set, we should use a
1026 * big chunk-size..
1027 *
1028 * The default chunk-size is 2kB, because the NTTY
1029 * layer has problems with bigger chunks. It will
1030 * claim to be able to handle more characters than
1031 * it actually does.
af9b897e
AC		 1032 *
1033 * FIXME: This can probably go away now except that 64K chunks
1034 * are too likely to fail unless switched to vmalloc...
1da177e4
LT		 1035 */
1036 chunk = 2048;
1037 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1038 chunk = 65536;
1039 if (count < chunk)
1040 chunk = count;
1041
70522e12 1042 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1da177e4 1043 if (tty->write_cnt < chunk) {
402fda92 1044 unsigned char *buf_chunk;
1da177e4
LT		 1045
1046 if (chunk < 1024)
1047 chunk = 1024;
1048
402fda92
JW		 1049 buf_chunk = kmalloc(chunk, GFP_KERNEL);
1050 if (!buf_chunk) {
9c1729db
AC		 1051 ret = -ENOMEM;
1052 goto out;
1da177e4
LT		 1053 }
1054 kfree(tty->write_buf);
1055 tty->write_cnt = chunk;
402fda92 1056 tty->write_buf = buf_chunk;
1da177e4
LT		 1057 }
1058
1059 /* Do the write .. */
1060 for (;;) {
1061 size_t size = count;
1062 if (size > chunk)
1063 size = chunk;
1064 ret = -EFAULT;
1065 if (copy_from_user(tty->write_buf, buf, size))
1066 break;
1da177e4 1067 ret = write(tty, file, tty->write_buf, size);
1da177e4
LT		 1068 if (ret <= 0)
1069 break;
1070 written += ret;
1071 buf += ret;
1072 count -= ret;
1073 if (!count)
1074 break;
1075 ret = -ERESTARTSYS;
1076 if (signal_pending(current))
1077 break;
1078 cond_resched();
1079 }
b0de59b5 1080 if (written)
1da177e4 1081 ret = written;
9c1729db
AC		 1082out:
1083 tty_write_unlock(tty);
1da177e4
LT		 1084 return ret;
1085}
1086
95f9bfc6
AC		 1087/**
1088 * tty_write_message - write a message to a certain tty, not just the console.
1089 * @tty: the destination tty_struct
1090 * @msg: the message to write
1091 *
1092 * This is used for messages that need to be redirected to a specific tty.
1093 * We don't put it into the syslog queue right now maybe in the future if
1094 * really needed.
1095 *
ec79d605 1096 * We must still hold the BTM and test the CLOSING flag for the moment.
95f9bfc6
AC		 1097 */
1098
1099void tty_write_message(struct tty_struct *tty, char *msg)
1100{
95f9bfc6
AC		 1101 if (tty) {
1102 mutex_lock(&tty->atomic_write_lock);
89c8d91e 1103 tty_lock(tty);
eeb89d91 1104 if (tty->ops->write && !test_bit(TTY_CLOSING, &tty->flags)) {
89c8d91e 1105 tty_unlock(tty);
95f9bfc6 1106 tty->ops->write(tty, msg, strlen(msg));
eeb89d91 1107 } else
89c8d91e 1108 tty_unlock(tty);
95f9bfc6
AC		 1109 tty_write_unlock(tty);
1110 }
95f9bfc6
AC		 1111 return;
1112}
1113
1da177e4 1114
af9b897e
AC		 1115/**
1116 * tty_write - write method for tty device file
1117 * @file: tty file pointer
1118 * @buf: user data to write
1119 * @count: bytes to write
1120 * @ppos: unused
1121 *
1122 * Write data to a tty device via the line discipline.
1123 *
1124 * Locking:
1125 * Locks the line discipline as required
1126 * Writes to the tty driver are serialized by the atomic_write_lock
1127 * and are then processed in chunks to the device. The line discipline
a88a69c9 1128 * write method will not be invoked in parallel for each device.
af9b897e
AC		 1129 */
1130
37bdfb07
AC		 1131static ssize_t tty_write(struct file *file, const char __user *buf,
1132 size_t count, loff_t *ppos)
1da177e4 1133{
d996b62a
NP		 1134 struct tty_struct *tty = file_tty(file);
1135 struct tty_ldisc *ld;
1da177e4 1136 ssize_t ret;
37bdfb07 1137
6131ffaa 1138 if (tty_paranoia_check(tty, file_inode(file), "tty_write"))
1da177e4 1139 return -EIO;
f34d7a5b 1140 if (!tty || !tty->ops->write ||
37bdfb07
AC		 1141 (test_bit(TTY_IO_ERROR, &tty->flags)))
1142 return -EIO;
f34d7a5b
AC		 1143 /* Short term debug to catch buggy drivers */
1144 if (tty->ops->write_room == NULL)
1145 printk(KERN_ERR "tty driver %s lacks a write_room method.\n",
1146 tty->driver->name);
37bdfb07 1147 ld = tty_ldisc_ref_wait(tty);
a352def2 1148 if (!ld->ops->write)
1da177e4
LT		 1149 ret = -EIO;
1150 else
a352def2 1151 ret = do_tty_write(ld->ops->write, tty, file, buf, count);
1da177e4
LT		 1152 tty_ldisc_deref(ld);
1153 return ret;
1154}
1155
37bdfb07
AC		 1156ssize_t redirected_tty_write(struct file *file, const char __user *buf,
1157 size_t count, loff_t *ppos)
1da177e4
LT		 1158{
1159 struct file *p = NULL;
1160
1161 spin_lock(&redirect_lock);
cb0942b8
AV		 1162 if (redirect)
1163 p = get_file(redirect);
1da177e4
LT		 1164 spin_unlock(&redirect_lock);
1165
1166 if (p) {
1167 ssize_t res;
1168 res = vfs_write(p, buf, count, &p->f_pos);
1169 fput(p);
1170 return res;
1171 }
1da177e4
LT		 1172 return tty_write(file, buf, count, ppos);
1173}
1174
1175static char ptychar[] = "pqrstuvwxyzabcde";
1176
af9b897e
AC		 1177/**
1178 * pty_line_name - generate name for a pty
1179 * @driver: the tty driver in use
1180 * @index: the minor number
1181 * @p: output buffer of at least 6 bytes
1182 *
1183 * Generate a name from a driver reference and write it to the output
1184 * buffer.
1185 *
1186 * Locking: None
1187 */
1188static void pty_line_name(struct tty_driver *driver, int index, char *p)
1da177e4
LT		 1189{
1190 int i = index + driver->name_base;
1191 /* ->name is initialized to "ttyp", but "tty" is expected */
1192 sprintf(p, "%s%c%x",
37bdfb07
AC		 1193 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1194 ptychar[i >> 4 & 0xf], i & 0xf);
1da177e4
LT		 1195}
1196
af9b897e 1197/**
8b0a88d5 1198 * tty_line_name - generate name for a tty
af9b897e
AC		 1199 * @driver: the tty driver in use
1200 * @index: the minor number
1201 * @p: output buffer of at least 7 bytes
1202 *
1203 * Generate a name from a driver reference and write it to the output
1204 * buffer.
1205 *
1206 * Locking: None
1207 */
1208static void tty_line_name(struct tty_driver *driver, int index, char *p)
1da177e4 1209{
0019b408
JS		 1210 if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE)
1211 strcpy(p, driver->name);
1212 else
1213 sprintf(p, "%s%d", driver->name, index + driver->name_base);
1da177e4
LT		 1214}
1215
99f1fe18
AC		 1216/**
1217 * tty_driver_lookup_tty() - find an existing tty, if any
1218 * @driver: the driver for the tty
1219 * @idx: the minor number
23499705 1220 *
99f1fe18 1221 * Return the tty, if found or ERR_PTR() otherwise.
23499705 1222 *
99f1fe18
AC		 1223 * Locking: tty_mutex must be held. If tty is found, the mutex must
1224 * be held until the 'fast-open' is also done. Will change once we
1225 * have refcounting in the driver and per driver locking
23499705 1226 */
a47d545f 1227static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver,
15f1a633 1228 struct inode *inode, int idx)
23499705 1229{
99f1fe18 1230 if (driver->ops->lookup)
15f1a633 1231 return driver->ops->lookup(driver, inode, idx);
23499705 1232
d4834267 1233 return driver->ttys[idx];
23499705
SB		 1234}
1235
bf970ee4
AC		 1236/**
1237 * tty_init_termios - helper for termios setup
1238 * @tty: the tty to set up
1239 *
1240 * Initialise the termios structures for this tty. Thus runs under
1241 * the tty_mutex currently so we can be relaxed about ordering.
1242 */
1243
1244int tty_init_termios(struct tty_struct *tty)
1245{
fe6e29fd 1246 struct ktermios *tp;
bf970ee4
AC		 1247 int idx = tty->index;
1248
36b3c070
AC		 1249 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1250 tty->termios = tty->driver->init_termios;
1251 else {
1252 /* Check for lazy saved data */
1253 tp = tty->driver->termios[idx];
1254 if (tp != NULL)
1255 tty->termios = *tp;
1256 else
1257 tty->termios = tty->driver->init_termios;
bf970ee4 1258 }
bf970ee4 1259 /* Compatibility until drivers always set this */
adc8d746
AC		 1260 tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios);
1261 tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios);
bf970ee4
AC		 1262 return 0;
1263}
fe1ae7fd 1264EXPORT_SYMBOL_GPL(tty_init_termios);
bf970ee4 1265
66d450e8
JS		 1266int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty)
1267{
1268 int ret = tty_init_termios(tty);
1269 if (ret)
1270 return ret;
1271
1272 tty_driver_kref_get(driver);
1273 tty->count++;
1274 driver->ttys[tty->index] = tty;
1275 return 0;
1276}
1277EXPORT_SYMBOL_GPL(tty_standard_install);
1278
99f1fe18 1279/**
8b0a88d5
AC		 1280 * tty_driver_install_tty() - install a tty entry in the driver
1281 * @driver: the driver for the tty
1282 * @tty: the tty
1283 *
1284 * Install a tty object into the driver tables. The tty->index field
bf970ee4
AC		 1285 * will be set by the time this is called. This method is responsible
1286 * for ensuring any need additional structures are allocated and
1287 * configured.
8b0a88d5
AC		 1288 *
1289 * Locking: tty_mutex for now
1290 */
1291static int tty_driver_install_tty(struct tty_driver *driver,
1292 struct tty_struct *tty)
1293{
66d450e8
JS		 1294 return driver->ops->install ? driver->ops->install(driver, tty) :
1295 tty_standard_install(driver, tty);
8b0a88d5
AC		 1296}
1297
1298/**
1299 * tty_driver_remove_tty() - remove a tty from the driver tables
1300 * @driver: the driver for the tty
1301 * @idx: the minor number
1302 *
1303 * Remvoe a tty object from the driver tables. The tty->index field
1304 * will be set by the time this is called.
1305 *
1306 * Locking: tty_mutex for now
1307 */
24d406a6 1308void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty)
8b0a88d5
AC		 1309{
1310 if (driver->ops->remove)
1311 driver->ops->remove(driver, tty);
1312 else
1313 driver->ttys[tty->index] = NULL;
1314}
1315
1316/*
1317 * tty_reopen() - fast re-open of an open tty
1318 * @tty - the tty to open
23499705 1319 *
99f1fe18 1320 * Return 0 on success, -errno on error.
23499705 1321 *
99f1fe18
AC		 1322 * Locking: tty_mutex must be held from the time the tty was found
1323 * till this open completes.
23499705 1324 */
99f1fe18 1325static int tty_reopen(struct tty_struct *tty)
23499705
SB		 1326{
1327 struct tty_driver *driver = tty->driver;
1328
e2efafbf 1329 if (test_bit(TTY_CLOSING, &tty->flags) ||
acfa747b 1330 test_bit(TTY_HUPPING, &tty->flags) ||
e2efafbf 1331 test_bit(TTY_LDISC_CHANGING, &tty->flags))
23499705
SB		 1332 return -EIO;
1333
1334 if (driver->type == TTY_DRIVER_TYPE_PTY &&
1335 driver->subtype == PTY_TYPE_MASTER) {
1336 /*
1337 * special case for PTY masters: only one open permitted,
1338 * and the slave side open count is incremented as well.
1339 */
1340 if (tty->count)
1341 return -EIO;
1342
1343 tty->link->count++;
1344 }
1345 tty->count++;
23499705 1346
1aa4bed8 1347 mutex_lock(&tty->ldisc_mutex);
99f1fe18 1348 WARN_ON(!test_bit(TTY_LDISC, &tty->flags));
1aa4bed8 1349 mutex_unlock(&tty->ldisc_mutex);
23499705
SB		 1350
1351 return 0;
1352}
1353
af9b897e 1354/**
d81ed103 1355 * tty_init_dev - initialise a tty device
af9b897e
AC		 1356 * @driver: tty driver we are opening a device on
1357 * @idx: device index
15582d36 1358 * @ret_tty: returned tty structure
af9b897e
AC		 1359 *
1360 * Prepare a tty device. This may not be a "new" clean device but
1361 * could also be an active device. The pty drivers require special
1362 * handling because of this.
1363 *
1364 * Locking:
1365 * The function is called under the tty_mutex, which
1366 * protects us from the tty struct or driver itself going away.
1367 *
1368 * On exit the tty device has the line discipline attached and
1369 * a reference count of 1. If a pair was created for pty/tty use
1370 * and the other was a pty master then it too has a reference count of 1.
1371 *
1da177e4 1372 * WSH 06/09/97: Rewritten to remove races and properly clean up after a
70522e12
IM		 1373 * failed open. The new code protects the open with a mutex, so it's
1374 * really quite straightforward. The mutex locking can probably be
1da177e4
LT		 1375 * relaxed for the (most common) case of reopening a tty.
1376 */
af9b897e 1377
593a27c4 1378struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx)
1da177e4 1379{
bf970ee4 1380 struct tty_struct *tty;
73ec06fc 1381 int retval;
1da177e4 1382
1da177e4
LT		 1383 /*
1384 * First time open is complex, especially for PTY devices.
1385 * This code guarantees that either everything succeeds and the
1386 * TTY is ready for operation, or else the table slots are vacated
37bdfb07 1387 * and the allocated memory released. (Except that the termios
1da177e4
LT		 1388 * and locked termios may be retained.)
1389 */
1390
73ec06fc
AC		 1391 if (!try_module_get(driver->owner))
1392 return ERR_PTR(-ENODEV);
1da177e4 1393
1da177e4 1394 tty = alloc_tty_struct();
d5543503
JS		 1395 if (!tty) {
1396 retval = -ENOMEM;
1397 goto err_module_put;
1398 }
bf970ee4 1399 initialize_tty_struct(tty, driver, idx);
1da177e4 1400
89c8d91e 1401 tty_lock(tty);
73ec06fc 1402 retval = tty_driver_install_tty(driver, tty);
d5543503 1403 if (retval < 0)
a9dccddb 1404 goto err_deinit_tty;
8b0a88d5 1405
04831dc1
JS		 1406 if (!tty->port)
1407 tty->port = driver->ports[idx];
1408
5d4121c0
JS		 1409 WARN_RATELIMIT(!tty->port,
1410 "%s: %s driver does not set tty->port. This will crash the kernel later. Fix the driver!\n",
1411 __func__, tty->driver->name);
1412
967fab69
JS		 1413 tty->port->itty = tty;
1414
37bdfb07 1415 /*
1da177e4 1416 * Structures all installed ... call the ldisc open routines.
d5698c28
CH		 1417 * If we fail here just call release_tty to clean up. No need
1418 * to decrement the use counts, as release_tty doesn't care.
1da177e4 1419 */
bf970ee4 1420 retval = tty_ldisc_setup(tty, tty->link);
01e1abb2 1421 if (retval)
d5543503 1422 goto err_release_tty;
89c8d91e 1423 /* Return the tty locked so that it cannot vanish under the caller */
73ec06fc 1424 return tty;
1da177e4 1425
a9dccddb 1426err_deinit_tty:
89c8d91e 1427 tty_unlock(tty);
a9dccddb 1428 deinitialize_tty_struct(tty);
d5543503
JS		 1429 free_tty_struct(tty);
1430err_module_put:
1da177e4 1431 module_put(driver->owner);
d5543503 1432 return ERR_PTR(retval);
1da177e4 1433
d5698c28 1434 /* call the tty release_tty routine to clean out this slot */
d5543503 1435err_release_tty:
89c8d91e 1436 tty_unlock(tty);
5a3c6b25 1437 printk_ratelimited(KERN_INFO "tty_init_dev: ldisc open failed, "
4050914f 1438 "clearing slot %d\n", idx);
d5698c28 1439 release_tty(tty, idx);
73ec06fc 1440 return ERR_PTR(retval);
1da177e4
LT		 1441}
1442
feebed65
AC		 1443void tty_free_termios(struct tty_struct *tty)
1444{
1445 struct ktermios *tp;
1446 int idx = tty->index;
36b3c070
AC		 1447
1448 /* If the port is going to reset then it has no termios to save */
1449 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1450 return;
1451
1452 /* Stash the termios data */
1453 tp = tty->driver->termios[idx];
1454 if (tp == NULL) {
1455 tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
1456 if (tp == NULL) {
1457 pr_warn("tty: no memory to save termios state.\n");
1458 return;
1459 }
4ac5d705 1460 tty->driver->termios[idx] = tp;
feebed65 1461 }
36b3c070 1462 *tp = tty->termios;
feebed65
AC		 1463}
1464EXPORT_SYMBOL(tty_free_termios);
1465
feebed65 1466
af9b897e 1467/**
d5698c28 1468 * release_one_tty - release tty structure memory
9c9f4ded 1469 * @kref: kref of tty we are obliterating
af9b897e
AC		 1470 *
1471 * Releases memory associated with a tty structure, and clears out the
1472 * driver table slots. This function is called when a device is no longer
1473 * in use. It also gets called when setup of a device fails.
1474 *
1475 * Locking:
af9b897e
AC		 1476 * takes the file list lock internally when working on the list
1477 * of ttys that the driver keeps.
b50989dc
AC		 1478 *
1479 * This method gets called from a work queue so that the driver private
f278a2f7 1480 * cleanup ops can sleep (needed for USB at least)
1da177e4 1481 */
b50989dc 1482static void release_one_tty(struct work_struct *work)
1da177e4 1483{
b50989dc
AC		 1484 struct tty_struct *tty =
1485 container_of(work, struct tty_struct, hangup_work);
6f967f78 1486 struct tty_driver *driver = tty->driver;
d5698c28 1487
f278a2f7
DY		 1488 if (tty->ops->cleanup)
1489 tty->ops->cleanup(tty);
1490
1da177e4 1491 tty->magic = 0;
7d7b93c1 1492 tty_driver_kref_put(driver);
6f967f78 1493 module_put(driver->owner);
d5698c28 1494
ee2ffa0d 1495 spin_lock(&tty_files_lock);
1da177e4 1496 list_del_init(&tty->tty_files);
ee2ffa0d 1497 spin_unlock(&tty_files_lock);
d5698c28 1498
6da8d866
ON		 1499 put_pid(tty->pgrp);
1500 put_pid(tty->session);
1da177e4
LT		 1501 free_tty_struct(tty);
1502}
1503
b50989dc
AC		 1504static void queue_release_one_tty(struct kref *kref)
1505{
1506 struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
f278a2f7 1507
b50989dc
AC		 1508 /* The hangup queue is now free so we can reuse it rather than
1509 waste a chunk of memory for each port */
1510 INIT_WORK(&tty->hangup_work, release_one_tty);
1511 schedule_work(&tty->hangup_work);
1512}
1513
9c9f4ded
AC		 1514/**
1515 * tty_kref_put - release a tty kref
1516 * @tty: tty device
1517 *
1518 * Release a reference to a tty device and if need be let the kref
1519 * layer destruct the object for us
1520 */
1521
1522void tty_kref_put(struct tty_struct *tty)
1523{
1524 if (tty)
b50989dc 1525 kref_put(&tty->kref, queue_release_one_tty);
9c9f4ded
AC		 1526}
1527EXPORT_SYMBOL(tty_kref_put);
1528
d5698c28
CH		 1529/**
1530 * release_tty - release tty structure memory
1531 *
1532 * Release both @tty and a possible linked partner (think pty pair),
1533 * and decrement the refcount of the backing module.
1534 *
1535 * Locking:
d155255a 1536 * tty_mutex
d5698c28
CH		 1537 * takes the file list lock internally when working on the list
1538 * of ttys that the driver keeps.
9c9f4ded 1539 *
d5698c28
CH		 1540 */
1541static void release_tty(struct tty_struct *tty, int idx)
1542{
9c9f4ded
AC		 1543 /* This should always be true but check for the moment */
1544 WARN_ON(tty->index != idx);
d155255a 1545 WARN_ON(!mutex_is_locked(&tty_mutex));
36b3c070
AC		 1546 if (tty->ops->shutdown)
1547 tty->ops->shutdown(tty);
1548 tty_free_termios(tty);
1549 tty_driver_remove_tty(tty->driver, tty);
967fab69 1550 tty->port->itty = NULL;
36b3c070 1551
d5698c28 1552 if (tty->link)
9c9f4ded
AC		 1553 tty_kref_put(tty->link);
1554 tty_kref_put(tty);
d5698c28
CH		 1555}
1556
955787ca
JS		 1557/**
1558 * tty_release_checks - check a tty before real release
1559 * @tty: tty to check
1560 * @o_tty: link of @tty (if any)
1561 * @idx: index of the tty
1562 *
1563 * Performs some paranoid checking before true release of the @tty.
1564 * This is a no-op unless TTY_PARANOIA_CHECK is defined.
1565 */
1566static int tty_release_checks(struct tty_struct *tty, struct tty_struct *o_tty,
1567 int idx)
1568{
1569#ifdef TTY_PARANOIA_CHECK
1570 if (idx < 0 || idx >= tty->driver->num) {
9de44bd6
JS		 1571 printk(KERN_DEBUG "%s: bad idx when trying to free (%s)\n",
1572 __func__, tty->name);
955787ca
JS		 1573 return -1;
1574 }
1575
1576 /* not much to check for devpts */
1577 if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)
1578 return 0;
1579
1580 if (tty != tty->driver->ttys[idx]) {
9de44bd6
JS		 1581 printk(KERN_DEBUG "%s: driver.table[%d] not tty for (%s)\n",
1582 __func__, idx, tty->name);
955787ca
JS		 1583 return -1;
1584 }
955787ca
JS		 1585 if (tty->driver->other) {
1586 if (o_tty != tty->driver->other->ttys[idx]) {
9de44bd6
JS		 1587 printk(KERN_DEBUG "%s: other->table[%d] not o_tty for (%s)\n",
1588 __func__, idx, tty->name);
955787ca
JS		 1589 return -1;
1590 }
955787ca 1591 if (o_tty->link != tty) {
9de44bd6 1592 printk(KERN_DEBUG "%s: bad pty pointers\n", __func__);
955787ca
JS		 1593 return -1;
1594 }
1595 }
1596#endif
1597 return 0;
1598}
1599
eeb89d91
AC		 1600/**
1601 * tty_release - vfs callback for close
1602 * @inode: inode of tty
1603 * @filp: file pointer for handle to tty
1604 *
1605 * Called the last time each file handle is closed that references
1606 * this tty. There may however be several such references.
1607 *
1608 * Locking:
1609 * Takes bkl. See tty_release_dev
1610 *
1da177e4
LT		 1611 * Even releasing the tty structures is a tricky business.. We have
1612 * to be very careful that the structures are all released at the
1613 * same time, as interrupts might otherwise get the wrong pointers.
1614 *
1615 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1616 * lead to double frees or releasing memory still in use.
1617 */
eeb89d91
AC		 1618
1619int tty_release(struct inode *inode, struct file *filp)
1da177e4 1620{
d996b62a
NP		 1621 struct tty_struct *tty = file_tty(filp);
1622 struct tty_struct *o_tty;
1da177e4 1623 int pty_master, tty_closing, o_tty_closing, do_sleep;
1da177e4
LT		 1624 int idx;
1625 char buf[64];
37bdfb07 1626
9de44bd6 1627 if (tty_paranoia_check(tty, inode, __func__))
eeb89d91 1628 return 0;
1da177e4 1629
89c8d91e 1630 tty_lock(tty);
9de44bd6 1631 check_tty_count(tty, __func__);
1da177e4 1632
ec79d605 1633 __tty_fasync(-1, filp, 0);
1da177e4
LT		 1634
1635 idx = tty->index;
1636 pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1637 tty->driver->subtype == PTY_TYPE_MASTER);
89c8d91e 1638 /* Review: parallel close */
1da177e4
LT		 1639 o_tty = tty->link;
1640
955787ca 1641 if (tty_release_checks(tty, o_tty, idx)) {
89c8d91e 1642 tty_unlock(tty);
eeb89d91 1643 return 0;
1da177e4 1644 }
1da177e4
LT		 1645
1646#ifdef TTY_DEBUG_HANGUP
9de44bd6
JS		 1647 printk(KERN_DEBUG "%s: %s (tty count=%d)...\n", __func__,
1648 tty_name(tty, buf), tty->count);
1da177e4
LT		 1649#endif
1650
f34d7a5b
AC		 1651 if (tty->ops->close)
1652 tty->ops->close(tty, filp);
1da177e4 1653
89c8d91e 1654 tty_unlock(tty);
1da177e4
LT		 1655 /*
1656 * Sanity check: if tty->count is going to zero, there shouldn't be
1657 * any waiters on tty->read_wait or tty->write_wait. We test the
1658 * wait queues and kick everyone out _before_ actually starting to
1659 * close. This ensures that we won't block while releasing the tty
1660 * structure.
1661 *
1662 * The test for the o_tty closing is necessary, since the master and
1663 * slave sides may close in any order. If the slave side closes out
1664 * first, its count will be one, since the master side holds an open.
1665 * Thus this test wouldn't be triggered at the time the slave closes,
1666 * so we do it now.
1667 *
1668 * Note that it's possible for the tty to be opened again while we're
1669 * flushing out waiters. By recalculating the closing flags before
1670 * each iteration we avoid any problems.
1671 */
1672 while (1) {
1673 /* Guard against races with tty->count changes elsewhere and
1674 opens on /dev/tty */
37bdfb07 1675
70522e12 1676 mutex_lock(&tty_mutex);
89c8d91e 1677 tty_lock_pair(tty, o_tty);
1da177e4
LT		 1678 tty_closing = tty->count <= 1;
1679 o_tty_closing = o_tty &&
1680 (o_tty->count <= (pty_master ? 1 : 0));
1da177e4
LT		 1681 do_sleep = 0;
1682
1683 if (tty_closing) {
1684 if (waitqueue_active(&tty->read_wait)) {
4b19449d 1685 wake_up_poll(&tty->read_wait, POLLIN);
1da177e4
LT		 1686 do_sleep++;
1687 }
1688 if (waitqueue_active(&tty->write_wait)) {
4b19449d 1689 wake_up_poll(&tty->write_wait, POLLOUT);
1da177e4
LT		 1690 do_sleep++;
1691 }
1692 }
1693 if (o_tty_closing) {
1694 if (waitqueue_active(&o_tty->read_wait)) {
4b19449d 1695 wake_up_poll(&o_tty->read_wait, POLLIN);
1da177e4
LT		 1696 do_sleep++;
1697 }
1698 if (waitqueue_active(&o_tty->write_wait)) {
4b19449d 1699 wake_up_poll(&o_tty->write_wait, POLLOUT);
1da177e4
LT		 1700 do_sleep++;
1701 }
1702 }
1703 if (!do_sleep)
1704 break;
1705
9de44bd6
JS		 1706 printk(KERN_WARNING "%s: %s: read/write wait queue active!\n",
1707 __func__, tty_name(tty, buf));
89c8d91e 1708 tty_unlock_pair(tty, o_tty);
70522e12 1709 mutex_unlock(&tty_mutex);
1da177e4 1710 schedule();
37bdfb07 1711 }
1da177e4
LT		 1712
1713 /*
37bdfb07
AC		 1714 * The closing flags are now consistent with the open counts on
1715 * both sides, and we've completed the last operation that could
1da177e4 1716 * block, so it's safe to proceed with closing.
d155255a
AC		 1717 *
1718 * We must *not* drop the tty_mutex until we ensure that a further
1719 * entry into tty_open can not pick up this tty.
1da177e4 1720 */
1da177e4
LT		 1721 if (pty_master) {
1722 if (--o_tty->count < 0) {
9de44bd6
JS		 1723 printk(KERN_WARNING "%s: bad pty slave count (%d) for %s\n",
1724 __func__, o_tty->count, tty_name(o_tty, buf));
1da177e4
LT		 1725 o_tty->count = 0;
1726 }
1727 }
1728 if (--tty->count < 0) {
9de44bd6
JS		 1729 printk(KERN_WARNING "%s: bad tty->count (%d) for %s\n",
1730 __func__, tty->count, tty_name(tty, buf));
1da177e4
LT		 1731 tty->count = 0;
1732 }
37bdfb07 1733
1da177e4
LT		 1734 /*
1735 * We've decremented tty->count, so we need to remove this file
1736 * descriptor off the tty->tty_files list; this serves two
1737 * purposes:
1738 * - check_tty_count sees the correct number of file descriptors
1739 * associated with this tty.
1740 * - do_tty_hangup no longer sees this file descriptor as
1741 * something that needs to be handled for hangups.
1742 */
d996b62a 1743 tty_del_file(filp);
1da177e4
LT		 1744
1745 /*
1746 * Perform some housekeeping before deciding whether to return.
1747 *
1748 * Set the TTY_CLOSING flag if this was the last open. In the
1749 * case of a pty we may have to wait around for the other side
1750 * to close, and TTY_CLOSING makes sure we can't be reopened.
1751 */
37bdfb07 1752 if (tty_closing)
1da177e4 1753 set_bit(TTY_CLOSING, &tty->flags);
37bdfb07 1754 if (o_tty_closing)
1da177e4
LT		 1755 set_bit(TTY_CLOSING, &o_tty->flags);
1756
1757 /*
1758 * If _either_ side is closing, make sure there aren't any
1759 * processes that still think tty or o_tty is their controlling
1760 * tty.
1761 */
1762 if (tty_closing || o_tty_closing) {
1da177e4 1763 read_lock(&tasklist_lock);
24ec839c 1764 session_clear_tty(tty->session);
1da177e4 1765 if (o_tty)
24ec839c 1766 session_clear_tty(o_tty->session);
1da177e4
LT		 1767 read_unlock(&tasklist_lock);
1768 }
1769
70522e12 1770 mutex_unlock(&tty_mutex);
89c8d91e 1771 tty_unlock_pair(tty, o_tty);
d155255a
AC		 1772 /* At this point the TTY_CLOSING flag should ensure a dead tty
1773 cannot be re-opened by a racing opener */
da965822 1774
1da177e4 1775 /* check whether both sides are closing ... */
d155255a 1776 if (!tty_closing || (o_tty && !o_tty_closing))
eeb89d91 1777 return 0;
37bdfb07 1778
1da177e4 1779#ifdef TTY_DEBUG_HANGUP
9de44bd6 1780 printk(KERN_DEBUG "%s: freeing tty structure...\n", __func__);
1da177e4
LT		 1781#endif
1782 /*
01e1abb2 1783 * Ask the line discipline code to release its structures
1da177e4 1784 */
01e1abb2 1785 tty_ldisc_release(tty, o_tty);
1da177e4 1786 /*
d5698c28 1787 * The release_tty function takes care of the details of clearing
89c8d91e
AC		 1788 * the slots and preserving the termios structure. The tty_unlock_pair
1789 * should be safe as we keep a kref while the tty is locked (so the
1790 * unlock never unlocks a freed tty).
1da177e4 1791 */
d155255a 1792 mutex_lock(&tty_mutex);
d5698c28 1793 release_tty(tty, idx);
d155255a 1794 mutex_unlock(&tty_mutex);
1da177e4 1795
eeb89d91 1796 return 0;
1da177e4
LT		 1797}
1798
b82154ac
JS		 1799/**
1800 * tty_open_current_tty - get tty of current task for open
1801 * @device: device number
1802 * @filp: file pointer to tty
1803 * @return: tty of the current task iff @device is /dev/tty
1804 *
1805 * We cannot return driver and index like for the other nodes because
1806 * devpts will not work then. It expects inodes to be from devpts FS.
3af502b9
AC		 1807 *
1808 * We need to move to returning a refcounted object from all the lookup
1809 * paths including this one.
b82154ac
JS		 1810 */
1811static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp)
1812{
1813 struct tty_struct *tty;
1814
1815 if (device != MKDEV(TTYAUX_MAJOR, 0))
1816 return NULL;
1817
1818 tty = get_current_tty();
1819 if (!tty)
1820 return ERR_PTR(-ENXIO);
1821
1822 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
1823 /* noctty = 1; */
1824 tty_kref_put(tty);
1825 /* FIXME: we put a reference and return a TTY! */
3af502b9 1826 /* This is only safe because the caller holds tty_mutex */
b82154ac
JS		 1827 return tty;
1828}
1829
5b5e7040
JS		 1830/**
1831 * tty_lookup_driver - lookup a tty driver for a given device file
1832 * @device: device number
1833 * @filp: file pointer to tty
1834 * @noctty: set if the device should not become a controlling tty
1835 * @index: index for the device in the @return driver
1836 * @return: driver for this inode (with increased refcount)
1837 *
1838 * If @return is not erroneous, the caller is responsible to decrement the
1839 * refcount by tty_driver_kref_put.
1840 *
1841 * Locking: tty_mutex protects get_tty_driver
1842 */
1843static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp,
1844 int *noctty, int *index)
1845{
1846 struct tty_driver *driver;
1847
2cd0050c 1848 switch (device) {
5b5e7040 1849#ifdef CONFIG_VT
2cd0050c 1850 case MKDEV(TTY_MAJOR, 0): {
5b5e7040
JS		 1851 extern struct tty_driver *console_driver;
1852 driver = tty_driver_kref_get(console_driver);
1853 *index = fg_console;
1854 *noctty = 1;
2cd0050c 1855 break;
5b5e7040
JS		 1856 }
1857#endif
2cd0050c 1858 case MKDEV(TTYAUX_MAJOR, 1): {
5b5e7040
JS		 1859 struct tty_driver *console_driver = console_device(index);
1860 if (console_driver) {
1861 driver = tty_driver_kref_get(console_driver);
1862 if (driver) {
1863 /* Don't let /dev/console block */
1864 filp->f_flags |= O_NONBLOCK;
1865 *noctty = 1;
2cd0050c 1866 break;
5b5e7040
JS		 1867 }
1868 }
1869 return ERR_PTR(-ENODEV);
1870 }
2cd0050c
JS		 1871 default:
1872 driver = get_tty_driver(device, index);
1873 if (!driver)
1874 return ERR_PTR(-ENODEV);
1875 break;
1876 }
5b5e7040
JS		 1877 return driver;
1878}
1879
af9b897e 1880/**
eeb89d91 1881 * tty_open - open a tty device
af9b897e
AC		 1882 * @inode: inode of device file
1883 * @filp: file pointer to tty
1da177e4 1884 *
af9b897e
AC		 1885 * tty_open and tty_release keep up the tty count that contains the
1886 * number of opens done on a tty. We cannot use the inode-count, as
1887 * different inodes might point to the same tty.
1da177e4 1888 *
af9b897e
AC		 1889 * Open-counting is needed for pty masters, as well as for keeping
1890 * track of serial lines: DTR is dropped when the last close happens.
1891 * (This is not done solely through tty->count, now. - Ted 1/27/92)
1892 *
1893 * The termios state of a pty is reset on first open so that
1894 * settings don't persist across reuse.
1895 *
5b5e7040 1896 * Locking: tty_mutex protects tty, tty_lookup_driver and tty_init_dev.
24ec839c
PZ		 1897 * tty->count should protect the rest.
1898 * ->siglock protects ->signal/->sighand
89c8d91e
AC		 1899 *
1900 * Note: the tty_unlock/lock cases without a ref are only safe due to
1901 * tty_mutex
1da177e4 1902 */
af9b897e 1903
eeb89d91 1904static int tty_open(struct inode *inode, struct file *filp)
1da177e4 1905{
b82154ac 1906 struct tty_struct *tty;
1da177e4 1907 int noctty, retval;
b82154ac 1908 struct tty_driver *driver = NULL;
1da177e4
LT		 1909 int index;
1910 dev_t device = inode->i_rdev;
846c151a 1911 unsigned saved_flags = filp->f_flags;
1da177e4
LT		 1912
1913 nonseekable_open(inode, filp);
37bdfb07 1914
1da177e4 1915retry_open:
fa90e1c9
JS		 1916 retval = tty_alloc_file(filp);
1917 if (retval)
1918 return -ENOMEM;
1919
1da177e4
LT		 1920 noctty = filp->f_flags & O_NOCTTY;
1921 index = -1;
1922 retval = 0;
37bdfb07 1923
70522e12 1924 mutex_lock(&tty_mutex);
89c8d91e 1925 /* This is protected by the tty_mutex */
b82154ac
JS		 1926 tty = tty_open_current_tty(device, filp);
1927 if (IS_ERR(tty)) {
ba5db448
JS		 1928 retval = PTR_ERR(tty);
1929 goto err_unlock;
5b5e7040
JS		 1930 } else if (!tty) {
1931 driver = tty_lookup_driver(device, filp, &noctty, &index);
1932 if (IS_ERR(driver)) {
ba5db448
JS		 1933 retval = PTR_ERR(driver);
1934 goto err_unlock;
1da177e4 1935 }
1da177e4 1936
4a2b5fdd 1937 /* check whether we're reopening an existing tty */
15f1a633 1938 tty = tty_driver_lookup_tty(driver, inode, index);
808ffa3d 1939 if (IS_ERR(tty)) {
ba5db448
JS		 1940 retval = PTR_ERR(tty);
1941 goto err_unlock;
808ffa3d 1942 }
4a2b5fdd
SB		 1943 }
1944
1945 if (tty) {
89c8d91e 1946 tty_lock(tty);
4a2b5fdd 1947 retval = tty_reopen(tty);
89c8d91e
AC		 1948 if (retval < 0) {
1949 tty_unlock(tty);
4a2b5fdd 1950 tty = ERR_PTR(retval);
89c8d91e
AC		 1951 }
1952 } else /* Returns with the tty_lock held for now */
593a27c4 1953 tty = tty_init_dev(driver, index);
4a2b5fdd 1954
70522e12 1955 mutex_unlock(&tty_mutex);
b82154ac
JS		 1956 if (driver)
1957 tty_driver_kref_put(driver);
eeb89d91 1958 if (IS_ERR(tty)) {
ba5db448
JS		 1959 retval = PTR_ERR(tty);
1960 goto err_file;
eeb89d91 1961 }
1da177e4 1962
fa90e1c9 1963 tty_add_file(tty, filp);
d996b62a 1964
9de44bd6 1965 check_tty_count(tty, __func__);
1da177e4
LT		 1966 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1967 tty->driver->subtype == PTY_TYPE_MASTER)
1968 noctty = 1;
1969#ifdef TTY_DEBUG_HANGUP
9de44bd6 1970 printk(KERN_DEBUG "%s: opening %s...\n", __func__, tty->name);
1da177e4 1971#endif
909bc774
HRK		 1972 if (tty->ops->open)
1973 retval = tty->ops->open(tty, filp);
1974 else
1975 retval = -ENODEV;
1da177e4
LT		 1976 filp->f_flags = saved_flags;
1977
37bdfb07
AC		 1978 if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) &&
1979 !capable(CAP_SYS_ADMIN))
1da177e4
LT		 1980 retval = -EBUSY;
1981
1982 if (retval) {
1983#ifdef TTY_DEBUG_HANGUP
9de44bd6
JS		 1984 printk(KERN_DEBUG "%s: error %d in opening %s...\n", __func__,
1985 retval, tty->name);
1da177e4 1986#endif
89c8d91e 1987 tty_unlock(tty); /* need to call tty_release without BTM */
eeb89d91 1988 tty_release(inode, filp);
64ba3dc3 1989 if (retval != -ERESTARTSYS)
1da177e4 1990 return retval;
64ba3dc3
AB		 1991
1992 if (signal_pending(current))
1da177e4 1993 return retval;
64ba3dc3 1994
1da177e4
LT		 1995 schedule();
1996 /*
1997 * Need to reset f_op in case a hangup happened.
1998 */
1999 if (filp->f_op == &hung_up_tty_fops)
2000 filp->f_op = &tty_fops;
2001 goto retry_open;
2002 }
89c8d91e 2003 tty_unlock(tty);
eeb89d91 2004
24ec839c
PZ		 2005
2006 mutex_lock(&tty_mutex);
89c8d91e 2007 tty_lock(tty);
24ec839c 2008 spin_lock_irq(&current->sighand->siglock);
1da177e4
LT		 2009 if (!noctty &&
2010 current->signal->leader &&
2011 !current->signal->tty &&
ab521dc0 2012 tty->session == NULL)
2a65f1d9 2013 __proc_set_tty(current, tty);
24ec839c 2014 spin_unlock_irq(&current->sighand->siglock);
89c8d91e 2015 tty_unlock(tty);
24ec839c 2016 mutex_unlock(&tty_mutex);
1da177e4 2017 return 0;
ba5db448 2018err_unlock:
ba5db448
JS		 2019 mutex_unlock(&tty_mutex);
2020 /* after locks to avoid deadlock */
2021 if (!IS_ERR_OR_NULL(driver))
2022 tty_driver_kref_put(driver);
2023err_file:
2024 tty_free_file(filp);
2025 return retval;
1da177e4
LT		 2026}
2027
39d95b9d
JC		 2028
2029
af9b897e
AC		 2030/**
2031 * tty_poll - check tty status
2032 * @filp: file being polled
2033 * @wait: poll wait structures to update
2034 *
2035 * Call the line discipline polling method to obtain the poll
2036 * status of the device.
2037 *
2038 * Locking: locks called line discipline but ldisc poll method
2039 * may be re-entered freely by other callers.
2040 */
2041
37bdfb07 2042static unsigned int tty_poll(struct file *filp, poll_table *wait)
1da177e4 2043{
d996b62a 2044 struct tty_struct *tty = file_tty(filp);
1da177e4
LT		 2045 struct tty_ldisc *ld;
2046 int ret = 0;
2047
6131ffaa 2048 if (tty_paranoia_check(tty, file_inode(filp), "tty_poll"))
1da177e4 2049 return 0;
37bdfb07 2050
1da177e4 2051 ld = tty_ldisc_ref_wait(tty);
a352def2
AC		 2052 if (ld->ops->poll)
2053 ret = (ld->ops->poll)(tty, filp, wait);
1da177e4
LT		 2054 tty_ldisc_deref(ld);
2055 return ret;
2056}
2057
ec79d605 2058static int __tty_fasync(int fd, struct file *filp, int on)
1da177e4 2059{
d996b62a 2060 struct tty_struct *tty = file_tty(filp);
47f86834 2061 unsigned long flags;
5d1e3230 2062 int retval = 0;
1da177e4 2063
6131ffaa 2064 if (tty_paranoia_check(tty, file_inode(filp), "tty_fasync"))
5d1e3230 2065 goto out;
37bdfb07 2066
1da177e4
LT		 2067 retval = fasync_helper(fd, filp, on, &tty->fasync);
2068 if (retval <= 0)
5d1e3230 2069 goto out;
1da177e4
LT		 2070
2071 if (on) {
ab521dc0
EB		 2072 enum pid_type type;
2073 struct pid *pid;
1da177e4
LT		 2074 if (!waitqueue_active(&tty->read_wait))
2075 tty->minimum_to_wake = 1;
47f86834 2076 spin_lock_irqsave(&tty->ctrl_lock, flags);
ab521dc0
EB		 2077 if (tty->pgrp) {
2078 pid = tty->pgrp;
2079 type = PIDTYPE_PGID;
2080 } else {
2081 pid = task_pid(current);
2082 type = PIDTYPE_PID;
2083 }
80e1e823 2084 get_pid(pid);
70362511 2085 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
80e1e823
LT		 2086 retval = __f_setown(filp, pid, type, 0);
2087 put_pid(pid);
1da177e4 2088 if (retval)
5d1e3230 2089 goto out;
1da177e4
LT		 2090 } else {
2091 if (!tty->fasync && !waitqueue_active(&tty->read_wait))
2092 tty->minimum_to_wake = N_TTY_BUF_SIZE;
2093 }
5d1e3230
JC		 2094 retval = 0;
2095out:
ec79d605
AB		 2096 return retval;
2097}
2098
2099static int tty_fasync(int fd, struct file *filp, int on)
2100{
89c8d91e 2101 struct tty_struct *tty = file_tty(filp);
ec79d605 2102 int retval;
89c8d91e
AC		 2103
2104 tty_lock(tty);
ec79d605 2105 retval = __tty_fasync(fd, filp, on);
89c8d91e
AC		 2106 tty_unlock(tty);
2107
5d1e3230 2108 return retval;
1da177e4
LT		 2109}
2110
af9b897e
AC		 2111/**
2112 * tiocsti - fake input character
2113 * @tty: tty to fake input into
2114 * @p: pointer to character
2115 *
3a4fa0a2 2116 * Fake input to a tty device. Does the necessary locking and
af9b897e
AC		 2117 * input management.
2118 *
2119 * FIXME: does not honour flow control ??
2120 *
2121 * Locking:
2122 * Called functions take tty_ldisc_lock
2123 * current->signal->tty check is safe without locks
28298232
AC		 2124 *
2125 * FIXME: may race normal receive processing
af9b897e
AC		 2126 */
2127
1da177e4
LT		 2128static int tiocsti(struct tty_struct *tty, char __user *p)
2129{
2130 char ch, mbz = 0;
2131 struct tty_ldisc *ld;
37bdfb07 2132
1da177e4
LT		 2133 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2134 return -EPERM;
2135 if (get_user(ch, p))
2136 return -EFAULT;
1e641743 2137 tty_audit_tiocsti(tty, ch);
1da177e4 2138 ld = tty_ldisc_ref_wait(tty);
a352def2 2139 ld->ops->receive_buf(tty, &ch, &mbz, 1);
1da177e4
LT		 2140 tty_ldisc_deref(ld);
2141 return 0;
2142}
2143
af9b897e
AC		 2144/**
2145 * tiocgwinsz - implement window query ioctl
2146 * @tty; tty
2147 * @arg: user buffer for result
2148 *
808a0d38 2149 * Copies the kernel idea of the window size into the user buffer.
af9b897e 2150 *
24ec839c 2151 * Locking: tty->termios_mutex is taken to ensure the winsize data
808a0d38 2152 * is consistent.
af9b897e
AC		 2153 */
2154
37bdfb07 2155static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
1da177e4 2156{
808a0d38
AC		 2157 int err;
2158
5785c95b 2159 mutex_lock(&tty->termios_mutex);
808a0d38 2160 err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
5785c95b 2161 mutex_unlock(&tty->termios_mutex);
808a0d38
AC		 2162
2163 return err ? -EFAULT: 0;
1da177e4
LT		 2164}
2165
af9b897e 2166/**
8c9a9dd0
AC		 2167 * tty_do_resize - resize event
2168 * @tty: tty being resized
8c9a9dd0
AC		 2169 * @rows: rows (character)
2170 * @cols: cols (character)
2171 *
3ad2f3fb 2172 * Update the termios variables and send the necessary signals to
8c9a9dd0 2173 * peform a terminal resize correctly
af9b897e
AC		 2174 */
2175
fc6f6238 2176int tty_do_resize(struct tty_struct *tty, struct winsize *ws)
1da177e4 2177{
fc6f6238 2178 struct pid *pgrp;
47f86834 2179 unsigned long flags;
1da177e4 2180
fc6f6238
AC		 2181 /* Lock the tty */
2182 mutex_lock(&tty->termios_mutex);
2183 if (!memcmp(ws, &tty->winsize, sizeof(*ws)))
ca9bda00 2184 goto done;
47f86834
AC		 2185 /* Get the PID values and reference them so we can
2186 avoid holding the tty ctrl lock while sending signals */
2187 spin_lock_irqsave(&tty->ctrl_lock, flags);
2188 pgrp = get_pid(tty->pgrp);
47f86834
AC		 2189 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2190
2191 if (pgrp)
2192 kill_pgrp(pgrp, SIGWINCH, 1);
47f86834 2193 put_pid(pgrp);
47f86834 2194
8c9a9dd0 2195 tty->winsize = *ws;
ca9bda00 2196done:
fc6f6238 2197 mutex_unlock(&tty->termios_mutex);
1da177e4
LT		 2198 return 0;
2199}
4d334fd1 2200EXPORT_SYMBOL(tty_do_resize);
1da177e4 2201
8c9a9dd0
AC		 2202/**
2203 * tiocswinsz - implement window size set ioctl
fc6f6238 2204 * @tty; tty side of tty
8c9a9dd0
AC		 2205 * @arg: user buffer for result
2206 *
2207 * Copies the user idea of the window size to the kernel. Traditionally
2208 * this is just advisory information but for the Linux console it
2209 * actually has driver level meaning and triggers a VC resize.
2210 *
2211 * Locking:
25985edc 2212 * Driver dependent. The default do_resize method takes the
8c9a9dd0
AC		 2213 * tty termios mutex and ctrl_lock. The console takes its own lock
2214 * then calls into the default method.
2215 */
2216
fc6f6238 2217static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg)
8c9a9dd0
AC		 2218{
2219 struct winsize tmp_ws;
2220 if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2221 return -EFAULT;
2222
2223 if (tty->ops->resize)
fc6f6238 2224 return tty->ops->resize(tty, &tmp_ws);
8c9a9dd0 2225 else
fc6f6238 2226 return tty_do_resize(tty, &tmp_ws);
8c9a9dd0
AC		 2227}
2228
af9b897e
AC		 2229/**
2230 * tioccons - allow admin to move logical console
2231 * @file: the file to become console
2232 *
25985edc 2233 * Allow the administrator to move the redirected console device
af9b897e
AC		 2234 *
2235 * Locking: uses redirect_lock to guard the redirect information
2236 */
2237
1da177e4
LT		 2238static int tioccons(struct file *file)
2239{
2240 if (!capable(CAP_SYS_ADMIN))
2241 return -EPERM;
2242 if (file->f_op->write == redirected_tty_write) {
2243 struct file *f;
2244 spin_lock(&redirect_lock);
2245 f = redirect;
2246 redirect = NULL;
2247 spin_unlock(&redirect_lock);
2248 if (f)
2249 fput(f);
2250 return 0;
2251 }
2252 spin_lock(&redirect_lock);
2253 if (redirect) {
2254 spin_unlock(&redirect_lock);
2255 return -EBUSY;
2256 }
cb0942b8 2257 redirect = get_file(file);
1da177e4
LT		 2258 spin_unlock(&redirect_lock);
2259 return 0;
2260}
2261
af9b897e
AC		 2262/**
2263 * fionbio - non blocking ioctl
2264 * @file: file to set blocking value
2265 * @p: user parameter
2266 *
2267 * Historical tty interfaces had a blocking control ioctl before
2268 * the generic functionality existed. This piece of history is preserved
2269 * in the expected tty API of posix OS's.
2270 *
6146b9af 2271 * Locking: none, the open file handle ensures it won't go away.
af9b897e 2272 */
1da177e4
LT		 2273
2274static int fionbio(struct file *file, int __user *p)
2275{
2276 int nonblock;
2277
2278 if (get_user(nonblock, p))
2279 return -EFAULT;
2280
db1dd4d3 2281 spin_lock(&file->f_lock);
1da177e4
LT		 2282 if (nonblock)
2283 file->f_flags |= O_NONBLOCK;
2284 else
2285 file->f_flags &= ~O_NONBLOCK;
db1dd4d3 2286 spin_unlock(&file->f_lock);
1da177e4
LT		 2287 return 0;
2288}
2289
af9b897e
AC		 2290/**
2291 * tiocsctty - set controlling tty
2292 * @tty: tty structure
2293 * @arg: user argument
2294 *
2295 * This ioctl is used to manage job control. It permits a session
2296 * leader to set this tty as the controlling tty for the session.
2297 *
2298 * Locking:
28298232 2299 * Takes tty_mutex() to protect tty instance
24ec839c
PZ		 2300 * Takes tasklist_lock internally to walk sessions
2301 * Takes ->siglock() when updating signal->tty
af9b897e
AC		 2302 */
2303
1da177e4
LT		 2304static int tiocsctty(struct tty_struct *tty, int arg)
2305{
24ec839c 2306 int ret = 0;
ab521dc0 2307 if (current->signal->leader && (task_session(current) == tty->session))
24ec839c
PZ		 2308 return ret;
2309
2310 mutex_lock(&tty_mutex);
1da177e4
LT		 2311 /*
2312 * The process must be a session leader and
2313 * not have a controlling tty already.
2314 */
24ec839c
PZ		 2315 if (!current->signal->leader || current->signal->tty) {
2316 ret = -EPERM;
2317 goto unlock;
2318 }
2319
ab521dc0 2320 if (tty->session) {
1da177e4
LT		 2321 /*
2322 * This tty is already the controlling
2323 * tty for another session group!
2324 */
37bdfb07 2325 if (arg == 1 && capable(CAP_SYS_ADMIN)) {
1da177e4
LT		 2326 /*
2327 * Steal it away
2328 */
1da177e4 2329 read_lock(&tasklist_lock);
24ec839c 2330 session_clear_tty(tty->session);
1da177e4 2331 read_unlock(&tasklist_lock);
24ec839c
PZ		 2332 } else {
2333 ret = -EPERM;
2334 goto unlock;
2335 }
1da177e4 2336 }
24ec839c
PZ		 2337 proc_set_tty(current, tty);
2338unlock:
28298232 2339 mutex_unlock(&tty_mutex);
24ec839c 2340 return ret;
1da177e4
LT		 2341}
2342
5d0fdf1e
AC		 2343/**
2344 * tty_get_pgrp - return a ref counted pgrp pid
2345 * @tty: tty to read
2346 *
2347 * Returns a refcounted instance of the pid struct for the process
2348 * group controlling the tty.
2349 */
2350
2351struct pid *tty_get_pgrp(struct tty_struct *tty)
2352{
2353 unsigned long flags;
2354 struct pid *pgrp;
2355
2356 spin_lock_irqsave(&tty->ctrl_lock, flags);
2357 pgrp = get_pid(tty->pgrp);
2358 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2359
2360 return pgrp;
2361}
2362EXPORT_SYMBOL_GPL(tty_get_pgrp);
2363
af9b897e
AC		 2364/**
2365 * tiocgpgrp - get process group
2366 * @tty: tty passed by user
25985edc 2367 * @real_tty: tty side of the tty passed by the user if a pty else the tty
af9b897e
AC		 2368 * @p: returned pid
2369 *
2370 * Obtain the process group of the tty. If there is no process group
2371 * return an error.
2372 *
24ec839c 2373 * Locking: none. Reference to current->signal->tty is safe.
af9b897e
AC		 2374 */
2375
1da177e4
LT		 2376static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2377{
5d0fdf1e
AC		 2378 struct pid *pid;
2379 int ret;
1da177e4
LT		 2380 /*
2381 * (tty == real_tty) is a cheap way of
2382 * testing if the tty is NOT a master pty.
2383 */
2384 if (tty == real_tty && current->signal->tty != real_tty)
2385 return -ENOTTY;
5d0fdf1e
AC		 2386 pid = tty_get_pgrp(real_tty);
2387 ret = put_user(pid_vnr(pid), p);
2388 put_pid(pid);
2389 return ret;
1da177e4
LT		 2390}
2391
af9b897e
AC		 2392/**
2393 * tiocspgrp - attempt to set process group
2394 * @tty: tty passed by user
2395 * @real_tty: tty side device matching tty passed by user
2396 * @p: pid pointer
2397 *
2398 * Set the process group of the tty to the session passed. Only
2399 * permitted where the tty session is our session.
2400 *
47f86834 2401 * Locking: RCU, ctrl lock
af9b897e
AC		 2402 */
2403
1da177e4
LT		 2404static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2405{
04a2e6a5
EB		 2406 struct pid *pgrp;
2407 pid_t pgrp_nr;
1da177e4 2408 int retval = tty_check_change(real_tty);
47f86834 2409 unsigned long flags;
1da177e4
LT		 2410
2411 if (retval == -EIO)
2412 return -ENOTTY;
2413 if (retval)
2414 return retval;
2415 if (!current->signal->tty ||
2416 (current->signal->tty != real_tty) ||
ab521dc0 2417 (real_tty->session != task_session(current)))
1da177e4 2418 return -ENOTTY;
04a2e6a5 2419 if (get_user(pgrp_nr, p))
1da177e4 2420 return -EFAULT;
04a2e6a5 2421 if (pgrp_nr < 0)
1da177e4 2422 return -EINVAL;
04a2e6a5 2423 rcu_read_lock();
b488893a 2424 pgrp = find_vpid(pgrp_nr);
04a2e6a5
EB		 2425 retval = -ESRCH;
2426 if (!pgrp)
2427 goto out_unlock;
2428 retval = -EPERM;
2429 if (session_of_pgrp(pgrp) != task_session(current))
2430 goto out_unlock;
2431 retval = 0;
47f86834 2432 spin_lock_irqsave(&tty->ctrl_lock, flags);
ab521dc0
EB		 2433 put_pid(real_tty->pgrp);
2434 real_tty->pgrp = get_pid(pgrp);
47f86834 2435 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
04a2e6a5
EB		 2436out_unlock:
2437 rcu_read_unlock();
2438 return retval;
1da177e4
LT		 2439}
2440
af9b897e
AC		 2441/**
2442 * tiocgsid - get session id
2443 * @tty: tty passed by user
25985edc 2444 * @real_tty: tty side of the tty passed by the user if a pty else the tty
af9b897e
AC		 2445 * @p: pointer to returned session id
2446 *
2447 * Obtain the session id of the tty. If there is no session
2448 * return an error.
2449 *
24ec839c 2450 * Locking: none. Reference to current->signal->tty is safe.
af9b897e
AC		 2451 */
2452
1da177e4
LT		 2453static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2454{
2455 /*
2456 * (tty == real_tty) is a cheap way of
2457 * testing if the tty is NOT a master pty.
2458 */
2459 if (tty == real_tty && current->signal->tty != real_tty)
2460 return -ENOTTY;
ab521dc0 2461 if (!real_tty->session)
1da177e4 2462 return -ENOTTY;
b488893a 2463 return put_user(pid_vnr(real_tty->session), p);
1da177e4
LT		 2464}
2465
af9b897e
AC		 2466/**
2467 * tiocsetd - set line discipline
2468 * @tty: tty device
2469 * @p: pointer to user data
2470 *
2471 * Set the line discipline according to user request.
2472 *
2473 * Locking: see tty_set_ldisc, this function is just a helper
2474 */
2475
1da177e4
LT		 2476static int tiocsetd(struct tty_struct *tty, int __user *p)
2477{
2478 int ldisc;
04f378b1 2479 int ret;
1da177e4
LT		 2480
2481 if (get_user(ldisc, p))
2482 return -EFAULT;
04f378b1 2483
04f378b1 2484 ret = tty_set_ldisc(tty, ldisc);
04f378b1
AC		 2485
2486 return ret;
1da177e4
LT		 2487}
2488
af9b897e
AC		 2489/**
2490 * send_break - performed time break
2491 * @tty: device to break on
2492 * @duration: timeout in mS
2493 *
2494 * Perform a timed break on hardware that lacks its own driver level
2495 * timed break functionality.
2496 *
2497 * Locking:
28298232 2498 * atomic_write_lock serializes
af9b897e 2499 *
af9b897e
AC		 2500 */
2501
b20f3ae5 2502static int send_break(struct tty_struct *tty, unsigned int duration)
1da177e4 2503{
9e98966c
AC		 2504 int retval;
2505
2506 if (tty->ops->break_ctl == NULL)
2507 return 0;
2508
2509 if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
2510 retval = tty->ops->break_ctl(tty, duration);
2511 else {
2512 /* Do the work ourselves */
2513 if (tty_write_lock(tty, 0) < 0)
2514 return -EINTR;
2515 retval = tty->ops->break_ctl(tty, -1);
2516 if (retval)
2517 goto out;
2518 if (!signal_pending(current))
2519 msleep_interruptible(duration);
2520 retval = tty->ops->break_ctl(tty, 0);
2521out:
2522 tty_write_unlock(tty);
2523 if (signal_pending(current))
2524 retval = -EINTR;
2525 }
2526 return retval;
1da177e4
LT		 2527}
2528
af9b897e 2529/**
f34d7a5b 2530 * tty_tiocmget - get modem status
af9b897e
AC		 2531 * @tty: tty device
2532 * @file: user file pointer
2533 * @p: pointer to result
2534 *
2535 * Obtain the modem status bits from the tty driver if the feature
2536 * is supported. Return -EINVAL if it is not available.
2537 *
2538 * Locking: none (up to the driver)
2539 */
2540
60b33c13 2541static int tty_tiocmget(struct tty_struct *tty, int __user *p)
1da177e4
LT		 2542{
2543 int retval = -EINVAL;
2544
f34d7a5b 2545 if (tty->ops->tiocmget) {
60b33c13 2546 retval = tty->ops->tiocmget(tty);
1da177e4
LT		 2547
2548 if (retval >= 0)
2549 retval = put_user(retval, p);
2550 }
2551 return retval;
2552}
2553
af9b897e 2554/**
f34d7a5b 2555 * tty_tiocmset - set modem status
af9b897e 2556 * @tty: tty device
af9b897e
AC		 2557 * @cmd: command - clear bits, set bits or set all
2558 * @p: pointer to desired bits
2559 *
2560 * Set the modem status bits from the tty driver if the feature
2561 * is supported. Return -EINVAL if it is not available.
2562 *
2563 * Locking: none (up to the driver)
2564 */
2565
20b9d177 2566static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd,
1da177e4
LT		 2567 unsigned __user *p)
2568{
ae677517
AC		 2569 int retval;
2570 unsigned int set, clear, val;
1da177e4 2571
ae677517
AC		 2572 if (tty->ops->tiocmset == NULL)
2573 return -EINVAL;
1da177e4 2574
ae677517
AC		 2575 retval = get_user(val, p);
2576 if (retval)
2577 return retval;
2578 set = clear = 0;
2579 switch (cmd) {
2580 case TIOCMBIS:
2581 set = val;
2582 break;
2583 case TIOCMBIC:
2584 clear = val;
2585 break;
2586 case TIOCMSET:
2587 set = val;
2588 clear = ~val;
2589 break;
2590 }
2591 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2592 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
20b9d177 2593 return tty->ops->tiocmset(tty, set, clear);
1da177e4
LT		 2594}
2595
d281da7f
AC		 2596static int tty_tiocgicount(struct tty_struct *tty, void __user *arg)
2597{
2598 int retval = -EINVAL;
2599 struct serial_icounter_struct icount;
2600 memset(&icount, 0, sizeof(icount));
2601 if (tty->ops->get_icount)
2602 retval = tty->ops->get_icount(tty, &icount);
2603 if (retval != 0)
2604 return retval;
2605 if (copy_to_user(arg, &icount, sizeof(icount)))
2606 return -EFAULT;
2607 return 0;
2608}
2609
e8b70e7d
AC		 2610struct tty_struct *tty_pair_get_tty(struct tty_struct *tty)
2611{
2612 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2613 tty->driver->subtype == PTY_TYPE_MASTER)
2614 tty = tty->link;
2615 return tty;
2616}
2617EXPORT_SYMBOL(tty_pair_get_tty);
2618
2619struct tty_struct *tty_pair_get_pty(struct tty_struct *tty)
2620{
2621 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2622 tty->driver->subtype == PTY_TYPE_MASTER)
2623 return tty;
2624 return tty->link;
2625}
2626EXPORT_SYMBOL(tty_pair_get_pty);
2627
1da177e4
LT		 2628/*
2629 * Split this up, as gcc can choke on it otherwise..
2630 */
04f378b1 2631long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1da177e4 2632{
d996b62a
NP		 2633 struct tty_struct *tty = file_tty(file);
2634 struct tty_struct *real_tty;
1da177e4
LT		 2635 void __user *p = (void __user *)arg;
2636 int retval;
2637 struct tty_ldisc *ld;
37bdfb07 2638
6131ffaa 2639 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
1da177e4
LT		 2640 return -EINVAL;
2641
e8b70e7d 2642 real_tty = tty_pair_get_tty(tty);
1da177e4
LT		 2643
2644 /*
2645 * Factor out some common prep work
2646 */
2647 switch (cmd) {
2648 case TIOCSETD:
2649 case TIOCSBRK:
2650 case TIOCCBRK:
2651 case TCSBRK:
37bdfb07 2652 case TCSBRKP:
1da177e4
LT		 2653 retval = tty_check_change(tty);
2654 if (retval)
2655 return retval;
2656 if (cmd != TIOCCBRK) {
2657 tty_wait_until_sent(tty, 0);
2658 if (signal_pending(current))
2659 return -EINTR;
2660 }
2661 break;
2662 }
2663
9e98966c
AC		 2664 /*
2665 * Now do the stuff.
2666 */
1da177e4 2667 switch (cmd) {
37bdfb07
AC		 2668 case TIOCSTI:
2669 return tiocsti(tty, p);
2670 case TIOCGWINSZ:
8f520021 2671 return tiocgwinsz(real_tty, p);
37bdfb07 2672 case TIOCSWINSZ:
fc6f6238 2673 return tiocswinsz(real_tty, p);
37bdfb07
AC		 2674 case TIOCCONS:
2675 return real_tty != tty ? -EINVAL : tioccons(file);
2676 case FIONBIO:
2677 return fionbio(file, p);
2678 case TIOCEXCL:
2679 set_bit(TTY_EXCLUSIVE, &tty->flags);
2680 return 0;
2681 case TIOCNXCL:
2682 clear_bit(TTY_EXCLUSIVE, &tty->flags);
2683 return 0;
84fd7bdf
CG		 2684 case TIOCGEXCL:
2685 {
2686 int excl = test_bit(TTY_EXCLUSIVE, &tty->flags);
2687 return put_user(excl, (int __user *)p);
2688 }
37bdfb07
AC		 2689 case TIOCNOTTY:
2690 if (current->signal->tty != tty)
2691 return -ENOTTY;
2692 no_tty();
2693 return 0;
2694 case TIOCSCTTY:
2695 return tiocsctty(tty, arg);
2696 case TIOCGPGRP:
2697 return tiocgpgrp(tty, real_tty, p);
2698 case TIOCSPGRP:
2699 return tiocspgrp(tty, real_tty, p);
2700 case TIOCGSID:
2701 return tiocgsid(tty, real_tty, p);
2702 case TIOCGETD:
c65c9bc3 2703 return put_user(tty->ldisc->ops->num, (int __user *)p);
37bdfb07
AC		 2704 case TIOCSETD:
2705 return tiocsetd(tty, p);
3c95c985
KS		 2706 case TIOCVHANGUP:
2707 if (!capable(CAP_SYS_ADMIN))
2708 return -EPERM;
2709 tty_vhangup(tty);
2710 return 0;
b7b8de08
WF		 2711 case TIOCGDEV:
2712 {
2713 unsigned int ret = new_encode_dev(tty_devnum(real_tty));
2714 return put_user(ret, (unsigned int __user *)p);
2715 }
37bdfb07
AC		 2716 /*
2717 * Break handling
2718 */
2719 case TIOCSBRK: /* Turn break on, unconditionally */
f34d7a5b 2720 if (tty->ops->break_ctl)
9e98966c 2721 return tty->ops->break_ctl(tty, -1);
37bdfb07 2722 return 0;
37bdfb07 2723 case TIOCCBRK: /* Turn break off, unconditionally */
f34d7a5b 2724 if (tty->ops->break_ctl)
9e98966c 2725 return tty->ops->break_ctl(tty, 0);
37bdfb07
AC		 2726 return 0;
2727 case TCSBRK: /* SVID version: non-zero arg --> no break */
2728 /* non-zero arg means wait for all output data
2729 * to be sent (performed above) but don't send break.
2730 * This is used by the tcdrain() termios function.
2731 */
2732 if (!arg)
2733 return send_break(tty, 250);
2734 return 0;
2735 case TCSBRKP: /* support for POSIX tcsendbreak() */
2736 return send_break(tty, arg ? arg*100 : 250);
2737
2738 case TIOCMGET:
60b33c13 2739 return tty_tiocmget(tty, p);
37bdfb07
AC		 2740 case TIOCMSET:
2741 case TIOCMBIC:
2742 case TIOCMBIS:
20b9d177 2743 return tty_tiocmset(tty, cmd, p);
d281da7f
AC		 2744 case TIOCGICOUNT:
2745 retval = tty_tiocgicount(tty, p);
2746 /* For the moment allow fall through to the old method */
2747 if (retval != -EINVAL)
2748 return retval;
2749 break;
37bdfb07
AC		 2750 case TCFLSH:
2751 switch (arg) {
2752 case TCIFLUSH:
2753 case TCIOFLUSH:
2754 /* flush tty buffer and allow ldisc to process ioctl */
2755 tty_buffer_flush(tty);
c5c34d48 2756 break;
37bdfb07
AC		 2757 }
2758 break;
1da177e4 2759 }
f34d7a5b 2760 if (tty->ops->ioctl) {
6caa76b7 2761 retval = (tty->ops->ioctl)(tty, cmd, arg);
1da177e4
LT		 2762 if (retval != -ENOIOCTLCMD)
2763 return retval;
2764 }
2765 ld = tty_ldisc_ref_wait(tty);
2766 retval = -EINVAL;
a352def2
AC		 2767 if (ld->ops->ioctl) {
2768 retval = ld->ops->ioctl(tty, file, cmd, arg);
1da177e4 2769 if (retval == -ENOIOCTLCMD)
bbb63c51 2770 retval = -ENOTTY;
1da177e4
LT		 2771 }
2772 tty_ldisc_deref(ld);
2773 return retval;
2774}
2775
e10cc1df 2776#ifdef CONFIG_COMPAT
37bdfb07 2777static long tty_compat_ioctl(struct file *file, unsigned int cmd,
e10cc1df
PF		 2778 unsigned long arg)
2779{
d996b62a 2780 struct tty_struct *tty = file_tty(file);
e10cc1df
PF		 2781 struct tty_ldisc *ld;
2782 int retval = -ENOIOCTLCMD;
2783
6131ffaa 2784 if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
e10cc1df
PF		 2785 return -EINVAL;
2786
f34d7a5b 2787 if (tty->ops->compat_ioctl) {
6caa76b7 2788 retval = (tty->ops->compat_ioctl)(tty, cmd, arg);
e10cc1df
PF		 2789 if (retval != -ENOIOCTLCMD)
2790 return retval;
2791 }
2792
2793 ld = tty_ldisc_ref_wait(tty);
a352def2
AC		 2794 if (ld->ops->compat_ioctl)
2795 retval = ld->ops->compat_ioctl(tty, file, cmd, arg);
8193c429
TM		 2796 else
2797 retval = n_tty_compat_ioctl_helper(tty, file, cmd, arg);
e10cc1df
PF		 2798 tty_ldisc_deref(ld);
2799
2800 return retval;
2801}
2802#endif
1da177e4 2803
c3c073f8
AV		 2804static int this_tty(const void *t, struct file *file, unsigned fd)
2805{
2806 if (likely(file->f_op->read != tty_read))
2807 return 0;
2808 return file_tty(file) != t ? 0 : fd + 1;
2809}
2810
1da177e4
LT		 2811/*
2812 * This implements the "Secure Attention Key" --- the idea is to
2813 * prevent trojan horses by killing all processes associated with this
2814 * tty when the user hits the "Secure Attention Key". Required for
2815 * super-paranoid applications --- see the Orange Book for more details.
37bdfb07 2816 *
1da177e4
LT		 2817 * This code could be nicer; ideally it should send a HUP, wait a few
2818 * seconds, then send a INT, and then a KILL signal. But you then
2819 * have to coordinate with the init process, since all processes associated
2820 * with the current tty must be dead before the new getty is allowed
2821 * to spawn.
2822 *
2823 * Now, if it would be correct ;-/ The current code has a nasty hole -
2824 * it doesn't catch files in flight. We may send the descriptor to ourselves
2825 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
2826 *
2827 * Nasty bug: do_SAK is being called in interrupt context. This can
2828 * deadlock. We punt it up to process context. AKPM - 16Mar2001
2829 */
8b6312f4 2830void __do_SAK(struct tty_struct *tty)
1da177e4
LT		 2831{
2832#ifdef TTY_SOFT_SAK
2833 tty_hangup(tty);
2834#else
652486fb 2835 struct task_struct *g, *p;
ab521dc0 2836 struct pid *session;
1da177e4 2837 int i;
37bdfb07 2838
1da177e4
LT		 2839 if (!tty)
2840 return;
24ec839c 2841 session = tty->session;
37bdfb07 2842
b3f13deb 2843 tty_ldisc_flush(tty);
1da177e4 2844
f34d7a5b 2845 tty_driver_flush_buffer(tty);
37bdfb07 2846
1da177e4 2847 read_lock(&tasklist_lock);
652486fb 2848 /* Kill the entire session */
ab521dc0 2849 do_each_pid_task(session, PIDTYPE_SID, p) {
652486fb 2850 printk(KERN_NOTICE "SAK: killed process %d"
1b0f7ffd 2851 " (%s): task_session(p)==tty->session\n",
ba25f9dc 2852 task_pid_nr(p), p->comm);
652486fb 2853 send_sig(SIGKILL, p, 1);
ab521dc0 2854 } while_each_pid_task(session, PIDTYPE_SID, p);
652486fb
EB		 2855 /* Now kill any processes that happen to have the
2856 * tty open.
2857 */
2858 do_each_thread(g, p) {
2859 if (p->signal->tty == tty) {
1da177e4 2860 printk(KERN_NOTICE "SAK: killed process %d"
1b0f7ffd 2861 " (%s): task_session(p)==tty->session\n",
ba25f9dc 2862 task_pid_nr(p), p->comm);
1da177e4
LT		 2863 send_sig(SIGKILL, p, 1);
2864 continue;
2865 }
2866 task_lock(p);
c3c073f8
AV		 2867 i = iterate_fd(p->files, 0, this_tty, tty);
2868 if (i != 0) {
2869 printk(KERN_NOTICE "SAK: killed process %d"
2870 " (%s): fd#%d opened to the tty\n",
2871 task_pid_nr(p), p->comm, i - 1);
2872 force_sig(SIGKILL, p);
1da177e4
LT		 2873 }
2874 task_unlock(p);
652486fb 2875 } while_each_thread(g, p);
1da177e4
LT		 2876 read_unlock(&tasklist_lock);
2877#endif
2878}
2879
8b6312f4
EB		 2880static void do_SAK_work(struct work_struct *work)
2881{
2882 struct tty_struct *tty =
2883 container_of(work, struct tty_struct, SAK_work);
2884 __do_SAK(tty);
2885}
2886
1da177e4
LT		 2887/*
2888 * The tq handling here is a little racy - tty->SAK_work may already be queued.
2889 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
2890 * the values which we write to it will be identical to the values which it
2891 * already has. --akpm
2892 */
2893void do_SAK(struct tty_struct *tty)
2894{
2895 if (!tty)
2896 return;
1da177e4
LT		 2897 schedule_work(&tty->SAK_work);
2898}
2899
2900EXPORT_SYMBOL(do_SAK);
2901
6e9430ac 2902static int dev_match_devt(struct device *dev, const void *data)
30004ac9 2903{
6e9430ac 2904 const dev_t *devt = data;
30004ac9
DES		 2905 return dev->devt == *devt;
2906}
2907
2908/* Must put_device() after it's unused! */
2909static struct device *tty_get_device(struct tty_struct *tty)
2910{
2911 dev_t devt = tty_devnum(tty);
2912 return class_find_device(tty_class, NULL, &devt, dev_match_devt);
2913}
2914
2915
af9b897e
AC		 2916/**
2917 * initialize_tty_struct
2918 * @tty: tty to initialize
2919 *
2920 * This subroutine initializes a tty structure that has been newly
2921 * allocated.
2922 *
2923 * Locking: none - tty in question must not be exposed at this point
1da177e4 2924 */
af9b897e 2925
bf970ee4
AC		 2926void initialize_tty_struct(struct tty_struct *tty,
2927 struct tty_driver *driver, int idx)
1da177e4
LT		 2928{
2929 memset(tty, 0, sizeof(struct tty_struct));
9c9f4ded 2930 kref_init(&tty->kref);
1da177e4 2931 tty->magic = TTY_MAGIC;
01e1abb2 2932 tty_ldisc_init(tty);
ab521dc0
EB		 2933 tty->session = NULL;
2934 tty->pgrp = NULL;
89c8d91e 2935 mutex_init(&tty->legacy_mutex);
5785c95b 2936 mutex_init(&tty->termios_mutex);
c65c9bc3 2937 mutex_init(&tty->ldisc_mutex);
1da177e4
LT		 2938 init_waitqueue_head(&tty->write_wait);
2939 init_waitqueue_head(&tty->read_wait);
65f27f38 2940 INIT_WORK(&tty->hangup_work, do_tty_hangup);
70522e12 2941 mutex_init(&tty->atomic_write_lock);
04f378b1 2942 spin_lock_init(&tty->ctrl_lock);
1da177e4 2943 INIT_LIST_HEAD(&tty->tty_files);
7f1f86a0 2944 INIT_WORK(&tty->SAK_work, do_SAK_work);
bf970ee4
AC		 2945
2946 tty->driver = driver;
2947 tty->ops = driver->ops;
2948 tty->index = idx;
2949 tty_line_name(driver, idx, tty->name);
30004ac9 2950 tty->dev = tty_get_device(tty);
1da177e4
LT		 2951}
2952
6716671d
JS		 2953/**
2954 * deinitialize_tty_struct
2955 * @tty: tty to deinitialize
2956 *
2957 * This subroutine deinitializes a tty structure that has been newly
2958 * allocated but tty_release cannot be called on that yet.
2959 *
2960 * Locking: none - tty in question must not be exposed at this point
2961 */
2962void deinitialize_tty_struct(struct tty_struct *tty)
2963{
2964 tty_ldisc_deinit(tty);
2965}
2966
f34d7a5b
AC		 2967/**
2968 * tty_put_char - write one character to a tty
2969 * @tty: tty
2970 * @ch: character
2971 *
2972 * Write one byte to the tty using the provided put_char method
2973 * if present. Returns the number of characters successfully output.
2974 *
2975 * Note: the specific put_char operation in the driver layer may go
2976 * away soon. Don't call it directly, use this method
1da177e4 2977 */
af9b897e 2978
f34d7a5b 2979int tty_put_char(struct tty_struct *tty, unsigned char ch)
1da177e4 2980{
f34d7a5b
AC		 2981 if (tty->ops->put_char)
2982 return tty->ops->put_char(tty, ch);
2983 return tty->ops->write(tty, &ch, 1);
1da177e4 2984}
f34d7a5b
AC		 2985EXPORT_SYMBOL_GPL(tty_put_char);
2986
d81ed103 2987struct class *tty_class;
1da177e4 2988
7e73eca6
JS		 2989static int tty_cdev_add(struct tty_driver *driver, dev_t dev,
2990 unsigned int index, unsigned int count)
2991{
2992 /* init here, since reused cdevs cause crashes */
2993 cdev_init(&driver->cdevs[index], &tty_fops);
2994 driver->cdevs[index].owner = driver->owner;
2995 return cdev_add(&driver->cdevs[index], dev, count);
2996}
2997
1da177e4 2998/**
af9b897e
AC		 2999 * tty_register_device - register a tty device
3000 * @driver: the tty driver that describes the tty device
3001 * @index: the index in the tty driver for this tty device
3002 * @device: a struct device that is associated with this tty device.
3003 * This field is optional, if there is no known struct device
3004 * for this tty device it can be set to NULL safely.
1da177e4 3005 *
01107d34
GKH		 3006 * Returns a pointer to the struct device for this tty device
3007 * (or ERR_PTR(-EFOO) on error).
1cdcb6b4 3008 *
af9b897e
AC		 3009 * This call is required to be made to register an individual tty device
3010 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3011 * that bit is not set, this function should not be called by a tty
3012 * driver.
3013 *
3014 * Locking: ??
1da177e4 3015 */
af9b897e 3016
01107d34
GKH		 3017struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3018 struct device *device)
1da177e4 3019{
6915c0e4
TH		 3020 return tty_register_device_attr(driver, index, device, NULL, NULL);
3021}
3022EXPORT_SYMBOL(tty_register_device);
3023
b1b79916
TH		 3024static void tty_device_create_release(struct device *dev)
3025{
3026 pr_debug("device: '%s': %s\n", dev_name(dev), __func__);
3027 kfree(dev);
3028}
3029
6915c0e4
TH		 3030/**
3031 * tty_register_device_attr - register a tty device
3032 * @driver: the tty driver that describes the tty device
3033 * @index: the index in the tty driver for this tty device
3034 * @device: a struct device that is associated with this tty device.
3035 * This field is optional, if there is no known struct device
3036 * for this tty device it can be set to NULL safely.
3037 * @drvdata: Driver data to be set to device.
3038 * @attr_grp: Attribute group to be set on device.
3039 *
3040 * Returns a pointer to the struct device for this tty device
3041 * (or ERR_PTR(-EFOO) on error).
3042 *
3043 * This call is required to be made to register an individual tty device
3044 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3045 * that bit is not set, this function should not be called by a tty
3046 * driver.
3047 *
3048 * Locking: ??
3049 */
3050struct device *tty_register_device_attr(struct tty_driver *driver,
3051 unsigned index, struct device *device,
3052 void *drvdata,
3053 const struct attribute_group **attr_grp)
3054{
1da177e4 3055 char name[64];
6915c0e4
TH		 3056 dev_t devt = MKDEV(driver->major, driver->minor_start) + index;
3057 struct device *dev = NULL;
3058 int retval = -ENODEV;
7e73eca6 3059 bool cdev = false;
1da177e4
LT		 3060
3061 if (index >= driver->num) {
3062 printk(KERN_ERR "Attempt to register invalid tty line number "
3063 " (%d).\n", index);
1cdcb6b4 3064 return ERR_PTR(-EINVAL);
1da177e4
LT		 3065 }
3066
1da177e4
LT		 3067 if (driver->type == TTY_DRIVER_TYPE_PTY)
3068 pty_line_name(driver, index, name);
3069 else
3070 tty_line_name(driver, index, name);
1cdcb6b4 3071
7e73eca6 3072 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
6915c0e4
TH		 3073 retval = tty_cdev_add(driver, devt, index, 1);
3074 if (retval)
3075 goto error;
7e73eca6
JS		 3076 cdev = true;
3077 }
3078
6915c0e4
TH		 3079 dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3080 if (!dev) {
3081 retval = -ENOMEM;
3082 goto error;
3083 }
7e73eca6 3084
6915c0e4
TH		 3085 dev->devt = devt;
3086 dev->class = tty_class;
3087 dev->parent = device;
b1b79916 3088 dev->release = tty_device_create_release;
6915c0e4
TH		 3089 dev_set_name(dev, "%s", name);
3090 dev->groups = attr_grp;
3091 dev_set_drvdata(dev, drvdata);
3092
3093 retval = device_register(dev);
3094 if (retval)
3095 goto error;
3096
3097 return dev;
3098
3099error:
3100 put_device(dev);
3101 if (cdev)
3102 cdev_del(&driver->cdevs[index]);
3103 return ERR_PTR(retval);
1da177e4 3104}
6915c0e4 3105EXPORT_SYMBOL_GPL(tty_register_device_attr);
1da177e4
LT		 3106
3107/**
af9b897e
AC		 3108 * tty_unregister_device - unregister a tty device
3109 * @driver: the tty driver that describes the tty device
3110 * @index: the index in the tty driver for this tty device
1da177e4 3111 *
af9b897e
AC		 3112 * If a tty device is registered with a call to tty_register_device() then
3113 * this function must be called when the tty device is gone.
3114 *
3115 * Locking: ??
1da177e4 3116 */
af9b897e 3117
1da177e4
LT		 3118void tty_unregister_device(struct tty_driver *driver, unsigned index)
3119{
37bdfb07
AC		 3120 device_destroy(tty_class,
3121 MKDEV(driver->major, driver->minor_start) + index);
7e73eca6
JS		 3122 if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC))
3123 cdev_del(&driver->cdevs[index]);
1da177e4 3124}
1da177e4
LT		 3125EXPORT_SYMBOL(tty_unregister_device);
3126
7f0bc6a6
JS		 3127/**
3128 * __tty_alloc_driver -- allocate tty driver
3129 * @lines: count of lines this driver can handle at most
3130 * @owner: module which is repsonsible for this driver
3131 * @flags: some of TTY_DRIVER_* flags, will be set in driver->flags
3132 *
3133 * This should not be called directly, some of the provided macros should be
3134 * used instead. Use IS_ERR and friends on @retval.
3135 */
3136struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner,
3137 unsigned long flags)
1da177e4
LT		 3138{
3139 struct tty_driver *driver;
7e73eca6 3140 unsigned int cdevs = 1;
16a02081 3141 int err;
1da177e4 3142
0019b408 3143 if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1))
7f0bc6a6
JS		 3144 return ERR_PTR(-EINVAL);
3145
506eb99a 3146 driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL);
7f0bc6a6
JS		 3147 if (!driver)
3148 return ERR_PTR(-ENOMEM);
3149
3150 kref_init(&driver->kref);
3151 driver->magic = TTY_DRIVER_MAGIC;
3152 driver->num = lines;
3153 driver->owner = owner;
3154 driver->flags = flags;
16a02081
JS		 3155
3156 if (!(flags & TTY_DRIVER_DEVPTS_MEM)) {
3157 driver->ttys = kcalloc(lines, sizeof(*driver->ttys),
3158 GFP_KERNEL);
3159 driver->termios = kcalloc(lines, sizeof(*driver->termios),
3160 GFP_KERNEL);
3161 if (!driver->ttys || !driver->termios) {
3162 err = -ENOMEM;
3163 goto err_free_all;
3164 }
3165 }
3166
3167 if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3168 driver->ports = kcalloc(lines, sizeof(*driver->ports),
3169 GFP_KERNEL);
3170 if (!driver->ports) {
3171 err = -ENOMEM;
3172 goto err_free_all;
3173 }
7e73eca6
JS		 3174 cdevs = lines;
3175 }
3176
3177 driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL);
3178 if (!driver->cdevs) {
3179 err = -ENOMEM;
3180 goto err_free_all;
16a02081 3181 }
7f0bc6a6 3182
1da177e4 3183 return driver;
16a02081
JS		 3184err_free_all:
3185 kfree(driver->ports);
3186 kfree(driver->ttys);
3187 kfree(driver->termios);
3188 kfree(driver);
3189 return ERR_PTR(err);
1da177e4 3190}
7f0bc6a6 3191EXPORT_SYMBOL(__tty_alloc_driver);
1da177e4 3192
7d7b93c1 3193static void destruct_tty_driver(struct kref *kref)
1da177e4 3194{
7d7b93c1
AC		 3195 struct tty_driver *driver = container_of(kref, struct tty_driver, kref);
3196 int i;
3197 struct ktermios *tp;
7d7b93c1
AC		 3198
3199 if (driver->flags & TTY_DRIVER_INSTALLED) {
3200 /*
3201 * Free the termios and termios_locked structures because
3202 * we don't want to get memory leaks when modular tty
3203 * drivers are removed from the kernel.
3204 */
3205 for (i = 0; i < driver->num; i++) {
3206 tp = driver->termios[i];
3207 if (tp) {
3208 driver->termios[i] = NULL;
3209 kfree(tp);
3210 }
7d7b93c1
AC		 3211 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3212 tty_unregister_device(driver, i);
3213 }
7d7b93c1 3214 proc_tty_unregister_driver(driver);
7e73eca6
JS		 3215 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)
3216 cdev_del(&driver->cdevs[0]);
7d7b93c1 3217 }
7e73eca6 3218 kfree(driver->cdevs);
04831dc1 3219 kfree(driver->ports);
16a02081
JS		 3220 kfree(driver->termios);
3221 kfree(driver->ttys);
1da177e4
LT		 3222 kfree(driver);
3223}
3224
7d7b93c1
AC		 3225void tty_driver_kref_put(struct tty_driver *driver)
3226{
3227 kref_put(&driver->kref, destruct_tty_driver);
3228}
3229EXPORT_SYMBOL(tty_driver_kref_put);
3230
b68e31d0
JD		 3231void tty_set_operations(struct tty_driver *driver,
3232 const struct tty_operations *op)
1da177e4 3233{
f34d7a5b
AC		 3234 driver->ops = op;
3235};
7d7b93c1 3236EXPORT_SYMBOL(tty_set_operations);
1da177e4 3237
7d7b93c1
AC		 3238void put_tty_driver(struct tty_driver *d)
3239{
3240 tty_driver_kref_put(d);
3241}
1da177e4 3242EXPORT_SYMBOL(put_tty_driver);
1da177e4
LT		 3243
3244/*
3245 * Called by a tty driver to register itself.
3246 */
3247int tty_register_driver(struct tty_driver *driver)
3248{
3249 int error;
37bdfb07 3250 int i;
1da177e4 3251 dev_t dev;
b670bde0 3252 struct device *d;
1da177e4 3253
1da177e4 3254 if (!driver->major) {
37bdfb07
AC		 3255 error = alloc_chrdev_region(&dev, driver->minor_start,
3256 driver->num, driver->name);
1da177e4
LT		 3257 if (!error) {
3258 driver->major = MAJOR(dev);
3259 driver->minor_start = MINOR(dev);
3260 }
3261 } else {
3262 dev = MKDEV(driver->major, driver->minor_start);
e5717c48 3263 error = register_chrdev_region(dev, driver->num, driver->name);
1da177e4 3264 }
9bb8a3d4 3265 if (error < 0)
16a02081 3266 goto err;
1da177e4 3267
7e73eca6
JS		 3268 if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) {
3269 error = tty_cdev_add(driver, dev, 0, driver->num);
3270 if (error)
3271 goto err_unreg_char;
3272 }
1da177e4 3273
ca509f69 3274 mutex_lock(&tty_mutex);
1da177e4 3275 list_add(&driver->tty_drivers, &tty_drivers);
ca509f69 3276 mutex_unlock(&tty_mutex);
37bdfb07
AC		 3277
3278 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
b670bde0
VK		 3279 for (i = 0; i < driver->num; i++) {
3280 d = tty_register_device(driver, i, NULL);
3281 if (IS_ERR(d)) {
3282 error = PTR_ERR(d);
16a02081 3283 goto err_unreg_devs;
b670bde0
VK		 3284 }
3285 }
1da177e4
LT		 3286 }
3287 proc_tty_register_driver(driver);
7d7b93c1 3288 driver->flags |= TTY_DRIVER_INSTALLED;
1da177e4 3289 return 0;
b670bde0 3290
16a02081 3291err_unreg_devs:
b670bde0
VK		 3292 for (i--; i >= 0; i--)
3293 tty_unregister_device(driver, i);
3294
3295 mutex_lock(&tty_mutex);
3296 list_del(&driver->tty_drivers);
3297 mutex_unlock(&tty_mutex);
3298
9bb8a3d4 3299err_unreg_char:
b670bde0 3300 unregister_chrdev_region(dev, driver->num);
16a02081 3301err:
b670bde0 3302 return error;
1da177e4 3303}
1da177e4
LT		 3304EXPORT_SYMBOL(tty_register_driver);
3305
3306/*
3307 * Called by a tty driver to unregister itself.
3308 */
3309int tty_unregister_driver(struct tty_driver *driver)
3310{
7d7b93c1
AC		 3311#if 0
3312 /* FIXME */
1da177e4
LT		 3313 if (driver->refcount)
3314 return -EBUSY;
7d7b93c1 3315#endif
1da177e4
LT		 3316 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3317 driver->num);
ca509f69 3318 mutex_lock(&tty_mutex);
1da177e4 3319 list_del(&driver->tty_drivers);
ca509f69 3320 mutex_unlock(&tty_mutex);
1da177e4
LT		 3321 return 0;
3322}
7d7b93c1 3323
1da177e4
LT		 3324EXPORT_SYMBOL(tty_unregister_driver);
3325
24ec839c
PZ		 3326dev_t tty_devnum(struct tty_struct *tty)
3327{
3328 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3329}
3330EXPORT_SYMBOL(tty_devnum);
3331
3332void proc_clear_tty(struct task_struct *p)
3333{
7c3b1dcf 3334 unsigned long flags;
9c9f4ded 3335 struct tty_struct *tty;
7c3b1dcf 3336 spin_lock_irqsave(&p->sighand->siglock, flags);
9c9f4ded 3337 tty = p->signal->tty;
24ec839c 3338 p->signal->tty = NULL;
7c3b1dcf 3339 spin_unlock_irqrestore(&p->sighand->siglock, flags);
9c9f4ded 3340 tty_kref_put(tty);
24ec839c 3341}
24ec839c 3342
47f86834
AC		 3343/* Called under the sighand lock */
3344
2a65f1d9 3345static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
24ec839c
PZ		 3346{
3347 if (tty) {
47f86834
AC		 3348 unsigned long flags;
3349 /* We should not have a session or pgrp to put here but.... */
3350 spin_lock_irqsave(&tty->ctrl_lock, flags);
d9c1e9a8
EB		 3351 put_pid(tty->session);
3352 put_pid(tty->pgrp);
ab521dc0 3353 tty->pgrp = get_pid(task_pgrp(tsk));
47f86834
AC		 3354 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
3355 tty->session = get_pid(task_session(tsk));
9c9f4ded
AC		 3356 if (tsk->signal->tty) {
3357 printk(KERN_DEBUG "tty not NULL!!\n");
3358 tty_kref_put(tsk->signal->tty);
3359 }
24ec839c 3360 }
2a65f1d9 3361 put_pid(tsk->signal->tty_old_pgrp);
9c9f4ded 3362 tsk->signal->tty = tty_kref_get(tty);
ab521dc0 3363 tsk->signal->tty_old_pgrp = NULL;
24ec839c
PZ		 3364}
3365
98a27ba4 3366static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
24ec839c
PZ		 3367{
3368 spin_lock_irq(&tsk->sighand->siglock);
2a65f1d9 3369 __proc_set_tty(tsk, tty);
24ec839c
PZ		 3370 spin_unlock_irq(&tsk->sighand->siglock);
3371}
3372
3373struct tty_struct *get_current_tty(void)
3374{
3375 struct tty_struct *tty;
934e6ebf
AC		 3376 unsigned long flags;
3377
3378 spin_lock_irqsave(&current->sighand->siglock, flags);
452a00d2 3379 tty = tty_kref_get(current->signal->tty);
934e6ebf 3380 spin_unlock_irqrestore(&current->sighand->siglock, flags);
24ec839c
PZ		 3381 return tty;
3382}
a311f743 3383EXPORT_SYMBOL_GPL(get_current_tty);
1da177e4 3384
d81ed103
AC		 3385void tty_default_fops(struct file_operations *fops)
3386{
3387 *fops = tty_fops;
3388}
3389
1da177e4
LT		 3390/*
3391 * Initialize the console device. This is called *early*, so
3392 * we can't necessarily depend on lots of kernel help here.
3393 * Just do some early initializations, and do the complex setup
3394 * later.
3395 */
3396void __init console_init(void)
3397{
3398 initcall_t *call;
3399
3400 /* Setup the default TTY line discipline. */
01e1abb2 3401 tty_ldisc_begin();
1da177e4
LT		 3402
3403 /*
37bdfb07 3404 * set up the console device so that later boot sequences can
1da177e4
LT		 3405 * inform about problems etc..
3406 */
1da177e4
LT		 3407 call = __con_initcall_start;
3408 while (call < __con_initcall_end) {
3409 (*call)();
3410 call++;
3411 }
3412}
3413
2c9ede55 3414static char *tty_devnode(struct device *dev, umode_t *mode)
e454cea2
KS		 3415{
3416 if (!mode)
3417 return NULL;
3418 if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) ||
3419 dev->devt == MKDEV(TTYAUX_MAJOR, 2))
3420 *mode = 0666;
3421 return NULL;
3422}
3423
1da177e4
LT		 3424static int __init tty_class_init(void)
3425{
7fe845d1 3426 tty_class = class_create(THIS_MODULE, "tty");
1da177e4
LT		 3427 if (IS_ERR(tty_class))
3428 return PTR_ERR(tty_class);
e454cea2 3429 tty_class->devnode = tty_devnode;
1da177e4
LT		 3430 return 0;
3431}
3432
3433postcore_initcall(tty_class_init);
3434
3435/* 3/2004 jmc: why do these devices exist? */
1da177e4 3436static struct cdev tty_cdev, console_cdev;
1da177e4 3437
fbc92a34
KS		 3438static ssize_t show_cons_active(struct device *dev,
3439 struct device_attribute *attr, char *buf)
3440{
3441 struct console *cs[16];
3442 int i = 0;
3443 struct console *c;
3444 ssize_t count = 0;
3445
ac751efa 3446 console_lock();
a2a6a822 3447 for_each_console(c) {
fbc92a34
KS		 3448 if (!c->device)
3449 continue;
3450 if (!c->write)
3451 continue;
3452 if ((c->flags & CON_ENABLED) == 0)
3453 continue;
3454 cs[i++] = c;
3455 if (i >= ARRAY_SIZE(cs))
3456 break;
3457 }
3458 while (i--)
3459 count += sprintf(buf + count, "%s%d%c",
3460 cs[i]->name, cs[i]->index, i ? ' ':'\n');
ac751efa 3461 console_unlock();
fbc92a34
KS		 3462
3463 return count;
3464}
3465static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL);
3466
3467static struct device *consdev;
3468
3469void console_sysfs_notify(void)
3470{
3471 if (consdev)
3472 sysfs_notify(&consdev->kobj, NULL, "active");
3473}
3474
1da177e4
LT		 3475/*
3476 * Ok, now we can initialize the rest of the tty devices and can count
3477 * on memory allocations, interrupts etc..
3478 */
31d1d48e 3479int __init tty_init(void)
1da177e4
LT		 3480{
3481 cdev_init(&tty_cdev, &tty_fops);
3482 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3483 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3484 panic("Couldn't register /dev/tty driver\n");
fbc92a34 3485 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty");
1da177e4
LT		 3486
3487 cdev_init(&console_cdev, &console_fops);
3488 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3489 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3490 panic("Couldn't register /dev/console driver\n");
fbc92a34 3491 consdev = device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), NULL,
47aa5793 3492 "console");
fbc92a34
KS		 3493 if (IS_ERR(consdev))
3494 consdev = NULL;
3495 else
a2a6a822 3496 WARN_ON(device_create_file(consdev, &dev_attr_active) < 0);
1da177e4 3497
1da177e4 3498#ifdef CONFIG_VT
d81ed103 3499 vty_init(&console_fops);
1da177e4
LT		 3500#endif
3501 return 0;
3502}
31d1d48e 3503
Linux 6.x block layer and io_uring tree(s)