projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
tty: handle NULL parameters in free_tty_struct()
[linux-2.6-block.git] / drivers / tty / tty_io.c
CommitLineData
1da177e4 1/*
1da177e4
LT		 2 * Copyright (C) 1991, 1992 Linus Torvalds
3 */
4
5/*
6 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
7 * or rs-channels. It also implements echoing, cooked mode etc.
8 *
9 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
10 *
11 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
12 * tty_struct and tty_queue structures. Previously there was an array
13 * of 256 tty_struct's which was statically allocated, and the
14 * tty_queue structures were allocated at boot time. Both are now
15 * dynamically allocated only when the tty is open.
16 *
17 * Also restructured routines so that there is more of a separation
18 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
19 * the low-level tty routines (serial.c, pty.c, console.c). This
37bdfb07 20 * makes for cleaner and more compact code. -TYT, 9/17/92
1da177e4
LT		 21 *
22 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
23 * which can be dynamically activated and de-activated by the line
24 * discipline handling modules (like SLIP).
25 *
26 * NOTE: pay no attention to the line discipline code (yet); its
27 * interface is still subject to change in this version...
28 * -- TYT, 1/31/92
29 *
30 * Added functionality to the OPOST tty handling. No delays, but all
31 * other bits should be there.
32 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
33 *
34 * Rewrote canonical mode and added more termios flags.
35 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
36 *
37 * Reorganized FASYNC support so mouse code can share it.
38 * -- ctm@ardi.com, 9Sep95
39 *
40 * New TIOCLINUX variants added.
41 * -- mj@k332.feld.cvut.cz, 19-Nov-95
37bdfb07 42 *
1da177e4
LT		 43 * Restrict vt switching via ioctl()
44 * -- grif@cs.ucr.edu, 5-Dec-95
45 *
46 * Move console and virtual terminal code to more appropriate files,
47 * implement CONFIG_VT and generalize console device interface.
48 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
49 *
d81ed103 50 * Rewrote tty_init_dev and tty_release_dev to eliminate races.
1da177e4
LT		 51 * -- Bill Hawes <whawes@star.net>, June 97
52 *
53 * Added devfs support.
54 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
55 *
56 * Added support for a Unix98-style ptmx device.
57 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
58 *
59 * Reduced memory usage for older ARM systems
60 * -- Russell King <rmk@arm.linux.org.uk>
61 *
62 * Move do_SAK() into process context. Less stack use in devfs functions.
37bdfb07
AC		 63 * alloc_tty_struct() always uses kmalloc()
64 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
1da177e4
LT		 65 */
66
1da177e4
LT		 67#include <linux/types.h>
68#include <linux/major.h>
69#include <linux/errno.h>
70#include <linux/signal.h>
71#include <linux/fcntl.h>
72#include <linux/sched.h>
73#include <linux/interrupt.h>
74#include <linux/tty.h>
75#include <linux/tty_driver.h>
76#include <linux/tty_flip.h>
77#include <linux/devpts_fs.h>
78#include <linux/file.h>
9f3acc31 79#include <linux/fdtable.h>
1da177e4
LT		 80#include <linux/console.h>
81#include <linux/timer.h>
82#include <linux/ctype.h>
83#include <linux/kd.h>
84#include <linux/mm.h>
85#include <linux/string.h>
86#include <linux/slab.h>
87#include <linux/poll.h>
88#include <linux/proc_fs.h>
89#include <linux/init.h>
90#include <linux/module.h>
1da177e4 91#include <linux/device.h>
1da177e4
LT		 92#include <linux/wait.h>
93#include <linux/bitops.h>
b20f3ae5 94#include <linux/delay.h>
a352def2 95#include <linux/seq_file.h>
d281da7f 96#include <linux/serial.h>
5a3c6b25 97#include <linux/ratelimit.h>
1da177e4 98
a352def2 99#include <linux/uaccess.h>
1da177e4
LT		 100
101#include <linux/kbd_kern.h>
102#include <linux/vt_kern.h>
103#include <linux/selection.h>
1da177e4
LT		 104
105#include <linux/kmod.h>
b488893a 106#include <linux/nsproxy.h>
1da177e4
LT		 107
108#undef TTY_DEBUG_HANGUP
109
110#define TTY_PARANOIA_CHECK 1
111#define CHECK_TTY_COUNT 1
112
edc6afc5 113struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
1da177e4
LT		 114 .c_iflag = ICRNL | IXON,
115 .c_oflag = OPOST | ONLCR,
116 .c_cflag = B38400 | CS8 | CREAD | HUPCL,
117 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
118 ECHOCTL | ECHOKE | IEXTEN,
edc6afc5
AC		 119 .c_cc = INIT_C_CC,
120 .c_ispeed = 38400,
121 .c_ospeed = 38400
1da177e4
LT		 122};
123
124EXPORT_SYMBOL(tty_std_termios);
125
126/* This list gets poked at by procfs and various bits of boot up code. This
127 could do with some rationalisation such as pulling the tty proc function
128 into this file */
37bdfb07 129
1da177e4
LT		 130LIST_HEAD(tty_drivers); /* linked list of tty drivers */
131
24ec839c 132/* Mutex to protect creating and releasing a tty. This is shared with
1da177e4 133 vt.c for deeply disgusting hack reasons */
70522e12 134DEFINE_MUTEX(tty_mutex);
de2a84f2 135EXPORT_SYMBOL(tty_mutex);
1da177e4 136
ee2ffa0d
NP		 137/* Spinlock to protect the tty->tty_files list */
138DEFINE_SPINLOCK(tty_files_lock);
139
1da177e4
LT		 140static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
141static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
37bdfb07
AC		 142ssize_t redirected_tty_write(struct file *, const char __user *,
143 size_t, loff_t *);
1da177e4
LT		 144static unsigned int tty_poll(struct file *, poll_table *);
145static int tty_open(struct inode *, struct file *);
04f378b1 146long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
e10cc1df 147#ifdef CONFIG_COMPAT
37bdfb07 148static long tty_compat_ioctl(struct file *file, unsigned int cmd,
e10cc1df
PF		 149 unsigned long arg);
150#else
151#define tty_compat_ioctl NULL
152#endif
ec79d605 153static int __tty_fasync(int fd, struct file *filp, int on);
37bdfb07 154static int tty_fasync(int fd, struct file *filp, int on);
d5698c28 155static void release_tty(struct tty_struct *tty, int idx);
2a65f1d9 156static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
98a27ba4 157static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
1da177e4 158
af9b897e
AC		 159/**
160 * alloc_tty_struct - allocate a tty object
161 *
162 * Return a new empty tty structure. The data fields have not
163 * been initialized in any way but has been zeroed
164 *
165 * Locking: none
af9b897e 166 */
1da177e4 167
bf970ee4 168struct tty_struct *alloc_tty_struct(void)
1da177e4 169{
1266b1e1 170 return kzalloc(sizeof(struct tty_struct), GFP_KERNEL);
1da177e4
LT		 171}
172
af9b897e
AC		 173/**
174 * free_tty_struct - free a disused tty
175 * @tty: tty struct to free
176 *
177 * Free the write buffers, tty queue and tty memory itself.
178 *
179 * Locking: none. Must be called after tty is definitely unused
180 */
181
bf970ee4 182void free_tty_struct(struct tty_struct *tty)
1da177e4 183{
dc6802a7
DC		 184 if (!tty)
185 return;
30004ac9
DES		 186 if (tty->dev)
187 put_device(tty->dev);
1da177e4 188 kfree(tty->write_buf);
33f0f88f 189 tty_buffer_free_all(tty);
1da177e4
LT		 190 kfree(tty);
191}
192
d996b62a
NP		 193static inline struct tty_struct *file_tty(struct file *file)
194{
195 return ((struct tty_file_private *)file->private_data)->tty;
196}
197
fa90e1c9 198int tty_alloc_file(struct file *file)
d996b62a
NP		 199{
200 struct tty_file_private *priv;
201
f573bd17
PE		 202 priv = kmalloc(sizeof(*priv), GFP_KERNEL);
203 if (!priv)
204 return -ENOMEM;
d996b62a 205
fa90e1c9
JS		 206 file->private_data = priv;
207
208 return 0;
209}
210
211/* Associate a new file with the tty structure */
212void tty_add_file(struct tty_struct *tty, struct file *file)
213{
214 struct tty_file_private *priv = file->private_data;
215
d996b62a
NP		 216 priv->tty = tty;
217 priv->file = file;
d996b62a
NP		 218
219 spin_lock(&tty_files_lock);
220 list_add(&priv->list, &tty->tty_files);
221 spin_unlock(&tty_files_lock);
fa90e1c9 222}
f573bd17 223
fa90e1c9
JS		 224/**
225 * tty_free_file - free file->private_data
226 *
227 * This shall be used only for fail path handling when tty_add_file was not
228 * called yet.
229 */
230void tty_free_file(struct file *file)
231{
232 struct tty_file_private *priv = file->private_data;
233
234 file->private_data = NULL;
235 kfree(priv);
d996b62a
NP		 236}
237
238/* Delete file from its tty */
239void tty_del_file(struct file *file)
240{
241 struct tty_file_private *priv = file->private_data;
242
243 spin_lock(&tty_files_lock);
244 list_del(&priv->list);
245 spin_unlock(&tty_files_lock);
fa90e1c9 246 tty_free_file(file);
d996b62a
NP		 247}
248
249
1da177e4
LT		 250#define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
251
af9b897e
AC		 252/**
253 * tty_name - return tty naming
254 * @tty: tty structure
255 * @buf: buffer for output
256 *
257 * Convert a tty structure into a name. The name reflects the kernel
258 * naming policy and if udev is in use may not reflect user space
259 *
260 * Locking: none
261 */
262
1da177e4
LT		 263char *tty_name(struct tty_struct *tty, char *buf)
264{
265 if (!tty) /* Hmm. NULL pointer. That's fun. */
266 strcpy(buf, "NULL tty");
267 else
268 strcpy(buf, tty->name);
269 return buf;
270}
271
272EXPORT_SYMBOL(tty_name);
273
d769a669 274int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
1da177e4
LT		 275 const char *routine)
276{
277#ifdef TTY_PARANOIA_CHECK
278 if (!tty) {
279 printk(KERN_WARNING
280 "null TTY for (%d:%d) in %s\n",
281 imajor(inode), iminor(inode), routine);
282 return 1;
283 }
284 if (tty->magic != TTY_MAGIC) {
285 printk(KERN_WARNING
286 "bad magic number for tty struct (%d:%d) in %s\n",
287 imajor(inode), iminor(inode), routine);
288 return 1;
289 }
290#endif
291 return 0;
292}
293
294static int check_tty_count(struct tty_struct *tty, const char *routine)
295{
296#ifdef CHECK_TTY_COUNT
297 struct list_head *p;
298 int count = 0;
37bdfb07 299
ee2ffa0d 300 spin_lock(&tty_files_lock);
1da177e4
LT		 301 list_for_each(p, &tty->tty_files) {
302 count++;
303 }
ee2ffa0d 304 spin_unlock(&tty_files_lock);
1da177e4
LT		 305 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
306 tty->driver->subtype == PTY_TYPE_SLAVE &&
307 tty->link && tty->link->count)
308 count++;
309 if (tty->count != count) {
310 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
311 "!= #fd's(%d) in %s\n",
312 tty->name, tty->count, count, routine);
313 return count;
24ec839c 314 }
1da177e4
LT		 315#endif
316 return 0;
317}
318
af9b897e
AC		 319/**
320 * get_tty_driver - find device of a tty
321 * @dev_t: device identifier
322 * @index: returns the index of the tty
323 *
324 * This routine returns a tty driver structure, given a device number
325 * and also passes back the index number.
326 *
327 * Locking: caller must hold tty_mutex
1da177e4 328 */
af9b897e 329
1da177e4
LT		 330static struct tty_driver *get_tty_driver(dev_t device, int *index)
331{
332 struct tty_driver *p;
333
334 list_for_each_entry(p, &tty_drivers, tty_drivers) {
335 dev_t base = MKDEV(p->major, p->minor_start);
336 if (device < base || device >= base + p->num)
337 continue;
338 *index = device - base;
7d7b93c1 339 return tty_driver_kref_get(p);
1da177e4
LT		 340 }
341 return NULL;
342}
343
f2d937f3
JW		 344#ifdef CONFIG_CONSOLE_POLL
345
346/**
347 * tty_find_polling_driver - find device of a polled tty
348 * @name: name string to match
349 * @line: pointer to resulting tty line nr
350 *
351 * This routine returns a tty driver structure, given a name
352 * and the condition that the tty driver is capable of polled
353 * operation.
354 */
355struct tty_driver *tty_find_polling_driver(char *name, int *line)
356{
357 struct tty_driver *p, *res = NULL;
358 int tty_line = 0;
0dca0fd2 359 int len;
5f0878ac 360 char *str, *stp;
f2d937f3 361
0dca0fd2
JW		 362 for (str = name; *str; str++)
363 if ((*str >= '0' && *str <= '9') || *str == ',')
364 break;
365 if (!*str)
366 return NULL;
367
368 len = str - name;
369 tty_line = simple_strtoul(str, &str, 10);
370
f2d937f3
JW		 371 mutex_lock(&tty_mutex);
372 /* Search through the tty devices to look for a match */
373 list_for_each_entry(p, &tty_drivers, tty_drivers) {
0dca0fd2
JW		 374 if (strncmp(name, p->name, len) != 0)
375 continue;
5f0878ac
AC		 376 stp = str;
377 if (*stp == ',')
378 stp++;
379 if (*stp == '\0')
380 stp = NULL;
f2d937f3 381
6eb68d6f 382 if (tty_line >= 0 && tty_line < p->num && p->ops &&
5f0878ac 383 p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) {
7d7b93c1 384 res = tty_driver_kref_get(p);
f2d937f3
JW		 385 *line = tty_line;
386 break;
387 }
388 }
389 mutex_unlock(&tty_mutex);
390
391 return res;
392}
393EXPORT_SYMBOL_GPL(tty_find_polling_driver);
394#endif
395
af9b897e
AC		 396/**
397 * tty_check_change - check for POSIX terminal changes
398 * @tty: tty to check
399 *
400 * If we try to write to, or set the state of, a terminal and we're
401 * not in the foreground, send a SIGTTOU. If the signal is blocked or
402 * ignored, go ahead and perform the operation. (POSIX 7.2)
403 *
978e595f 404 * Locking: ctrl_lock
1da177e4 405 */
af9b897e 406
37bdfb07 407int tty_check_change(struct tty_struct *tty)
1da177e4 408{
47f86834
AC		 409 unsigned long flags;
410 int ret = 0;
411
1da177e4
LT		 412 if (current->signal->tty != tty)
413 return 0;
47f86834
AC		 414
415 spin_lock_irqsave(&tty->ctrl_lock, flags);
416
ab521dc0
EB		 417 if (!tty->pgrp) {
418 printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n");
9ffee4cb 419 goto out_unlock;
1da177e4 420 }
ab521dc0 421 if (task_pgrp(current) == tty->pgrp)
9ffee4cb
AM		 422 goto out_unlock;
423 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1da177e4 424 if (is_ignored(SIGTTOU))
47f86834
AC		 425 goto out;
426 if (is_current_pgrp_orphaned()) {
427 ret = -EIO;
428 goto out;
429 }
040b6362
ON		 430 kill_pgrp(task_pgrp(current), SIGTTOU, 1);
431 set_thread_flag(TIF_SIGPENDING);
47f86834
AC		 432 ret = -ERESTARTSYS;
433out:
9ffee4cb
AM		 434 return ret;
435out_unlock:
47f86834
AC		 436 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
437 return ret;
1da177e4
LT		 438}
439
440EXPORT_SYMBOL(tty_check_change);
441
37bdfb07 442static ssize_t hung_up_tty_read(struct file *file, char __user *buf,
1da177e4
LT		 443 size_t count, loff_t *ppos)
444{
445 return 0;
446}
447
37bdfb07 448static ssize_t hung_up_tty_write(struct file *file, const char __user *buf,
1da177e4
LT		 449 size_t count, loff_t *ppos)
450{
451 return -EIO;
452}
453
454/* No kernel lock held - none needed ;) */
37bdfb07 455static unsigned int hung_up_tty_poll(struct file *filp, poll_table *wait)
1da177e4
LT		 456{
457 return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
458}
459
04f378b1
AC		 460static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
461 unsigned long arg)
38ad2ed0
PF		 462{
463 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
464}
465
37bdfb07 466static long hung_up_tty_compat_ioctl(struct file *file,
38ad2ed0 467 unsigned int cmd, unsigned long arg)
1da177e4
LT		 468{
469 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
470}
471
62322d25 472static const struct file_operations tty_fops = {
1da177e4
LT		 473 .llseek = no_llseek,
474 .read = tty_read,
475 .write = tty_write,
476 .poll = tty_poll,
04f378b1 477 .unlocked_ioctl = tty_ioctl,
e10cc1df 478 .compat_ioctl = tty_compat_ioctl,
1da177e4
LT		 479 .open = tty_open,
480 .release = tty_release,
481 .fasync = tty_fasync,
482};
483
62322d25 484static const struct file_operations console_fops = {
1da177e4
LT		 485 .llseek = no_llseek,
486 .read = tty_read,
487 .write = redirected_tty_write,
488 .poll = tty_poll,
04f378b1 489 .unlocked_ioctl = tty_ioctl,
e10cc1df 490 .compat_ioctl = tty_compat_ioctl,
1da177e4
LT		 491 .open = tty_open,
492 .release = tty_release,
493 .fasync = tty_fasync,
494};
495
62322d25 496static const struct file_operations hung_up_tty_fops = {
1da177e4
LT		 497 .llseek = no_llseek,
498 .read = hung_up_tty_read,
499 .write = hung_up_tty_write,
500 .poll = hung_up_tty_poll,
04f378b1 501 .unlocked_ioctl = hung_up_tty_ioctl,
38ad2ed0 502 .compat_ioctl = hung_up_tty_compat_ioctl,
1da177e4
LT		 503 .release = tty_release,
504};
505
506static DEFINE_SPINLOCK(redirect_lock);
507static struct file *redirect;
508
509/**
510 * tty_wakeup - request more data
511 * @tty: terminal
512 *
513 * Internal and external helper for wakeups of tty. This function
514 * informs the line discipline if present that the driver is ready
515 * to receive more output data.
516 */
37bdfb07 517
1da177e4
LT		 518void tty_wakeup(struct tty_struct *tty)
519{
520 struct tty_ldisc *ld;
37bdfb07 521
1da177e4
LT		 522 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
523 ld = tty_ldisc_ref(tty);
37bdfb07 524 if (ld) {
a352def2
AC		 525 if (ld->ops->write_wakeup)
526 ld->ops->write_wakeup(tty);
1da177e4
LT		 527 tty_ldisc_deref(ld);
528 }
529 }
4b19449d 530 wake_up_interruptible_poll(&tty->write_wait, POLLOUT);
1da177e4
LT		 531}
532
533EXPORT_SYMBOL_GPL(tty_wakeup);
534
af9b897e 535/**
11dbf203 536 * __tty_hangup - actual handler for hangup events
65f27f38 537 * @work: tty device
af9b897e 538 *
1bad879a 539 * This can be called by the "eventd" kernel thread. That is process
af9b897e
AC		 540 * synchronous but doesn't hold any locks, so we need to make sure we
541 * have the appropriate locks for what we're doing.
542 *
543 * The hangup event clears any pending redirections onto the hung up
544 * device. It ensures future writes will error and it does the needed
545 * line discipline hangup and signal delivery. The tty object itself
546 * remains intact.
547 *
548 * Locking:
ec79d605 549 * BTM
24ec839c
PZ		 550 * redirect lock for undoing redirection
551 * file list lock for manipulating list of ttys
552 * tty_ldisc_lock from called functions
553 * termios_mutex resetting termios data
554 * tasklist_lock to walk task list for hangup event
555 * ->siglock to protect ->signal/->sighand
1da177e4 556 */
11dbf203 557void __tty_hangup(struct tty_struct *tty)
1da177e4 558{
37bdfb07 559 struct file *cons_filp = NULL;
1da177e4
LT		 560 struct file *filp, *f = NULL;
561 struct task_struct *p;
d996b62a 562 struct tty_file_private *priv;
1da177e4 563 int closecount = 0, n;
47f86834 564 unsigned long flags;
9c9f4ded 565 int refs = 0;
1da177e4
LT		 566
567 if (!tty)
568 return;
569
1da177e4
LT		 570
571 spin_lock(&redirect_lock);
d996b62a 572 if (redirect && file_tty(redirect) == tty) {
1da177e4
LT		 573 f = redirect;
574 redirect = NULL;
575 }
576 spin_unlock(&redirect_lock);
37bdfb07 577
6d31a88c 578 tty_lock();
11dbf203 579
acfa747b
JS		 580 /* some functions below drop BTM, so we need this bit */
581 set_bit(TTY_HUPPING, &tty->flags);
582
ec79d605
AB		 583 /* inuse_filps is protected by the single tty lock,
584 this really needs to change if we want to flush the
585 workqueue with the lock held */
11dbf203 586 check_tty_count(tty, "tty_hangup");
36ba782e 587
ee2ffa0d 588 spin_lock(&tty_files_lock);
1da177e4 589 /* This breaks for file handles being sent over AF_UNIX sockets ? */
d996b62a
NP		 590 list_for_each_entry(priv, &tty->tty_files, list) {
591 filp = priv->file;
1da177e4
LT		 592 if (filp->f_op->write == redirected_tty_write)
593 cons_filp = filp;
594 if (filp->f_op->write != tty_write)
595 continue;
596 closecount++;
ec79d605 597 __tty_fasync(-1, filp, 0); /* can't block */
1da177e4
LT		 598 filp->f_op = &hung_up_tty_fops;
599 }
ee2ffa0d 600 spin_unlock(&tty_files_lock);
37bdfb07 601
acfa747b
JS		 602 /*
603 * it drops BTM and thus races with reopen
604 * we protect the race by TTY_HUPPING
605 */
c65c9bc3 606 tty_ldisc_hangup(tty);
37bdfb07 607
1da177e4 608 read_lock(&tasklist_lock);
ab521dc0
EB		 609 if (tty->session) {
610 do_each_pid_task(tty->session, PIDTYPE_SID, p) {
24ec839c 611 spin_lock_irq(&p->sighand->siglock);
9c9f4ded 612 if (p->signal->tty == tty) {
1da177e4 613 p->signal->tty = NULL;
9c9f4ded
AC		 614 /* We defer the dereferences outside fo
615 the tasklist lock */
616 refs++;
617 }
24ec839c
PZ		 618 if (!p->signal->leader) {
619 spin_unlock_irq(&p->sighand->siglock);
1da177e4 620 continue;
24ec839c
PZ		 621 }
622 __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
623 __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
ab521dc0 624 put_pid(p->signal->tty_old_pgrp); /* A noop */
47f86834 625 spin_lock_irqsave(&tty->ctrl_lock, flags);
ab521dc0
EB		 626 if (tty->pgrp)
627 p->signal->tty_old_pgrp = get_pid(tty->pgrp);
47f86834 628 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
24ec839c 629 spin_unlock_irq(&p->sighand->siglock);
ab521dc0 630 } while_each_pid_task(tty->session, PIDTYPE_SID, p);
1da177e4
LT		 631 }
632 read_unlock(&tasklist_lock);
633
47f86834 634 spin_lock_irqsave(&tty->ctrl_lock, flags);
c65c9bc3
AC		 635 clear_bit(TTY_THROTTLED, &tty->flags);
636 clear_bit(TTY_PUSH, &tty->flags);
637 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
d9c1e9a8
EB		 638 put_pid(tty->session);
639 put_pid(tty->pgrp);
ab521dc0
EB		 640 tty->session = NULL;
641 tty->pgrp = NULL;
1da177e4 642 tty->ctrl_status = 0;
47f86834
AC		 643 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
644
9c9f4ded
AC		 645 /* Account for the p->signal references we killed */
646 while (refs--)
647 tty_kref_put(tty);
648
1da177e4 649 /*
37bdfb07
AC		 650 * If one of the devices matches a console pointer, we
651 * cannot just call hangup() because that will cause
652 * tty->count and state->count to go out of sync.
653 * So we just call close() the right number of times.
1da177e4
LT		 654 */
655 if (cons_filp) {
f34d7a5b 656 if (tty->ops->close)
1da177e4 657 for (n = 0; n < closecount; n++)
f34d7a5b
AC		 658 tty->ops->close(tty, cons_filp);
659 } else if (tty->ops->hangup)
660 (tty->ops->hangup)(tty);
37bdfb07
AC		 661 /*
662 * We don't want to have driver/ldisc interactions beyond
663 * the ones we did here. The driver layer expects no
664 * calls after ->hangup() from the ldisc side. However we
665 * can't yet guarantee all that.
666 */
1da177e4 667 set_bit(TTY_HUPPED, &tty->flags);
acfa747b 668 clear_bit(TTY_HUPPING, &tty->flags);
c65c9bc3 669 tty_ldisc_enable(tty);
11dbf203 670
6d31a88c 671 tty_unlock();
11dbf203 672
1da177e4
LT		 673 if (f)
674 fput(f);
675}
676
ddcd9fb6
AB		 677static void do_tty_hangup(struct work_struct *work)
678{
679 struct tty_struct *tty =
680 container_of(work, struct tty_struct, hangup_work);
681
11dbf203 682 __tty_hangup(tty);
ddcd9fb6
AB		 683}
684
af9b897e
AC		 685/**
686 * tty_hangup - trigger a hangup event
687 * @tty: tty to hangup
688 *
689 * A carrier loss (virtual or otherwise) has occurred on this like
690 * schedule a hangup sequence to run after this event.
691 */
692
37bdfb07 693void tty_hangup(struct tty_struct *tty)
1da177e4
LT		 694{
695#ifdef TTY_DEBUG_HANGUP
696 char buf[64];
1da177e4
LT		 697 printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
698#endif
699 schedule_work(&tty->hangup_work);
700}
701
702EXPORT_SYMBOL(tty_hangup);
703
af9b897e
AC		 704/**
705 * tty_vhangup - process vhangup
706 * @tty: tty to hangup
707 *
708 * The user has asked via system call for the terminal to be hung up.
709 * We do this synchronously so that when the syscall returns the process
3a4fa0a2 710 * is complete. That guarantee is necessary for security reasons.
af9b897e
AC		 711 */
712
37bdfb07 713void tty_vhangup(struct tty_struct *tty)
1da177e4
LT		 714{
715#ifdef TTY_DEBUG_HANGUP
716 char buf[64];
717
718 printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
719#endif
11dbf203 720 __tty_hangup(tty);
1da177e4 721}
37bdfb07 722
1da177e4
LT		 723EXPORT_SYMBOL(tty_vhangup);
724
11dbf203 725
2cb5998b
AC		 726/**
727 * tty_vhangup_self - process vhangup for own ctty
728 *
729 * Perform a vhangup on the current controlling tty
730 */
731
732void tty_vhangup_self(void)
733{
734 struct tty_struct *tty;
735
2cb5998b
AC		 736 tty = get_current_tty();
737 if (tty) {
738 tty_vhangup(tty);
739 tty_kref_put(tty);
740 }
2cb5998b
AC		 741}
742
af9b897e
AC		 743/**
744 * tty_hung_up_p - was tty hung up
745 * @filp: file pointer of tty
746 *
747 * Return true if the tty has been subject to a vhangup or a carrier
748 * loss
749 */
750
37bdfb07 751int tty_hung_up_p(struct file *filp)
1da177e4
LT		 752{
753 return (filp->f_op == &hung_up_tty_fops);
754}
755
756EXPORT_SYMBOL(tty_hung_up_p);
757
ab521dc0 758static void session_clear_tty(struct pid *session)
24ec839c
PZ		 759{
760 struct task_struct *p;
ab521dc0 761 do_each_pid_task(session, PIDTYPE_SID, p) {
24ec839c 762 proc_clear_tty(p);
ab521dc0 763 } while_each_pid_task(session, PIDTYPE_SID, p);
24ec839c
PZ		 764}
765
af9b897e
AC		 766/**
767 * disassociate_ctty - disconnect controlling tty
768 * @on_exit: true if exiting so need to "hang up" the session
1da177e4 769 *
af9b897e
AC		 770 * This function is typically called only by the session leader, when
771 * it wants to disassociate itself from its controlling tty.
772 *
773 * It performs the following functions:
1da177e4
LT		 774 * (1) Sends a SIGHUP and SIGCONT to the foreground process group
775 * (2) Clears the tty from being controlling the session
776 * (3) Clears the controlling tty for all processes in the
777 * session group.
778 *
af9b897e
AC		 779 * The argument on_exit is set to 1 if called when a process is
780 * exiting; it is 0 if called by the ioctl TIOCNOTTY.
781 *
24ec839c 782 * Locking:
ec79d605
AB		 783 * BTM is taken for hysterical raisins, and held when
784 * called from no_tty().
24ec839c
PZ		 785 * tty_mutex is taken to protect tty
786 * ->siglock is taken to protect ->signal/->sighand
787 * tasklist_lock is taken to walk process list for sessions
788 * ->siglock is taken to protect ->signal/->sighand
1da177e4 789 */
af9b897e 790
1da177e4
LT		 791void disassociate_ctty(int on_exit)
792{
793 struct tty_struct *tty;
1da177e4 794
5ec93d11
AC		 795 if (!current->signal->leader)
796 return;
1da177e4 797
24ec839c 798 tty = get_current_tty();
1da177e4 799 if (tty) {
1411dc4a 800 struct pid *tty_pgrp = get_pid(tty->pgrp);
ddcd9fb6 801 if (on_exit) {
ddcd9fb6 802 if (tty->driver->type != TTY_DRIVER_TYPE_PTY)
11dbf203 803 tty_vhangup(tty);
ddcd9fb6 804 }
452a00d2 805 tty_kref_put(tty);
1411dc4a
JS		 806 if (tty_pgrp) {
807 kill_pgrp(tty_pgrp, SIGHUP, on_exit);
808 if (!on_exit)
809 kill_pgrp(tty_pgrp, SIGCONT, on_exit);
810 put_pid(tty_pgrp);
811 }
680a9671 812 } else if (on_exit) {
ab521dc0 813 struct pid *old_pgrp;
680a9671
EB		 814 spin_lock_irq(&current->sighand->siglock);
815 old_pgrp = current->signal->tty_old_pgrp;
ab521dc0 816 current->signal->tty_old_pgrp = NULL;
680a9671 817 spin_unlock_irq(&current->sighand->siglock);
24ec839c 818 if (old_pgrp) {
ab521dc0
EB		 819 kill_pgrp(old_pgrp, SIGHUP, on_exit);
820 kill_pgrp(old_pgrp, SIGCONT, on_exit);
821 put_pid(old_pgrp);
1da177e4 822 }
1da177e4
LT		 823 return;
824 }
1da177e4 825
24ec839c 826 spin_lock_irq(&current->sighand->siglock);
2a65f1d9 827 put_pid(current->signal->tty_old_pgrp);
23cac8de 828 current->signal->tty_old_pgrp = NULL;
24ec839c
PZ		 829 spin_unlock_irq(&current->sighand->siglock);
830
24ec839c
PZ		 831 tty = get_current_tty();
832 if (tty) {
47f86834
AC		 833 unsigned long flags;
834 spin_lock_irqsave(&tty->ctrl_lock, flags);
ab521dc0
EB		 835 put_pid(tty->session);
836 put_pid(tty->pgrp);
837 tty->session = NULL;
838 tty->pgrp = NULL;
47f86834 839 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
452a00d2 840 tty_kref_put(tty);
24ec839c
PZ		 841 } else {
842#ifdef TTY_DEBUG_HANGUP
843 printk(KERN_DEBUG "error attempted to write to tty [0x%p]"
844 " = NULL", tty);
845#endif
846 }
1da177e4
LT		 847
848 /* Now clear signal->tty under the lock */
849 read_lock(&tasklist_lock);
ab521dc0 850 session_clear_tty(task_session(current));
1da177e4 851 read_unlock(&tasklist_lock);
1da177e4
LT		 852}
853
98a27ba4
EB		 854/**
855 *
856 * no_tty - Ensure the current process does not have a controlling tty
857 */
858void no_tty(void)
859{
3af502b9
AC		 860 /* FIXME: Review locking here. The tty_lock never covered any race
861 between a new association and proc_clear_tty but possible we need
862 to protect against this anyway */
98a27ba4 863 struct task_struct *tsk = current;
5ec93d11 864 disassociate_ctty(0);
98a27ba4
EB		 865 proc_clear_tty(tsk);
866}
867
af9b897e
AC		 868
869/**
beb7dd86 870 * stop_tty - propagate flow control
af9b897e
AC		 871 * @tty: tty to stop
872 *
873 * Perform flow control to the driver. For PTY/TTY pairs we
beb7dd86 874 * must also propagate the TIOCKPKT status. May be called
af9b897e
AC		 875 * on an already stopped device and will not re-call the driver
876 * method.
877 *
878 * This functionality is used by both the line disciplines for
879 * halting incoming flow and by the driver. It may therefore be
880 * called from any context, may be under the tty atomic_write_lock
881 * but not always.
882 *
883 * Locking:
04f378b1 884 * Uses the tty control lock internally
af9b897e
AC		 885 */
886
1da177e4
LT		 887void stop_tty(struct tty_struct *tty)
888{
04f378b1
AC		 889 unsigned long flags;
890 spin_lock_irqsave(&tty->ctrl_lock, flags);
891 if (tty->stopped) {
892 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1da177e4 893 return;
04f378b1 894 }
1da177e4
LT		 895 tty->stopped = 1;
896 if (tty->link && tty->link->packet) {
897 tty->ctrl_status &= ~TIOCPKT_START;
898 tty->ctrl_status |= TIOCPKT_STOP;
4b19449d 899 wake_up_interruptible_poll(&tty->link->read_wait, POLLIN);
1da177e4 900 }
04f378b1 901 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
f34d7a5b
AC		 902 if (tty->ops->stop)
903 (tty->ops->stop)(tty);
1da177e4
LT		 904}
905
906EXPORT_SYMBOL(stop_tty);
907
af9b897e 908/**
beb7dd86 909 * start_tty - propagate flow control
af9b897e
AC		 910 * @tty: tty to start
911 *
912 * Start a tty that has been stopped if at all possible. Perform
3a4fa0a2 913 * any necessary wakeups and propagate the TIOCPKT status. If this
af9b897e
AC		 914 * is the tty was previous stopped and is being started then the
915 * driver start method is invoked and the line discipline woken.
916 *
917 * Locking:
04f378b1 918 * ctrl_lock
af9b897e
AC		 919 */
920
1da177e4
LT		 921void start_tty(struct tty_struct *tty)
922{
04f378b1
AC		 923 unsigned long flags;
924 spin_lock_irqsave(&tty->ctrl_lock, flags);
925 if (!tty->stopped || tty->flow_stopped) {
926 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1da177e4 927 return;
04f378b1 928 }
1da177e4
LT		 929 tty->stopped = 0;
930 if (tty->link && tty->link->packet) {
931 tty->ctrl_status &= ~TIOCPKT_STOP;
932 tty->ctrl_status |= TIOCPKT_START;
4b19449d 933 wake_up_interruptible_poll(&tty->link->read_wait, POLLIN);
1da177e4 934 }
04f378b1 935 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
f34d7a5b
AC		 936 if (tty->ops->start)
937 (tty->ops->start)(tty);
1da177e4
LT		 938 /* If we have a running line discipline it may need kicking */
939 tty_wakeup(tty);
1da177e4
LT		 940}
941
942EXPORT_SYMBOL(start_tty);
943
af9b897e
AC		 944/**
945 * tty_read - read method for tty device files
946 * @file: pointer to tty file
947 * @buf: user buffer
948 * @count: size of user buffer
949 * @ppos: unused
950 *
951 * Perform the read system call function on this terminal device. Checks
952 * for hung up devices before calling the line discipline method.
953 *
954 * Locking:
47f86834
AC		 955 * Locks the line discipline internally while needed. Multiple
956 * read calls may be outstanding in parallel.
af9b897e
AC		 957 */
958
37bdfb07 959static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
1da177e4
LT		 960 loff_t *ppos)
961{
962 int i;
d996b62a
NP		 963 struct inode *inode = file->f_path.dentry->d_inode;
964 struct tty_struct *tty = file_tty(file);
1da177e4
LT		 965 struct tty_ldisc *ld;
966
1da177e4
LT		 967 if (tty_paranoia_check(tty, inode, "tty_read"))
968 return -EIO;
969 if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
970 return -EIO;
971
972 /* We want to wait for the line discipline to sort out in this
973 situation */
974 ld = tty_ldisc_ref_wait(tty);
a352def2
AC		 975 if (ld->ops->read)
976 i = (ld->ops->read)(tty, file, buf, count);
1da177e4
LT		 977 else
978 i = -EIO;
979 tty_ldisc_deref(ld);
1da177e4
LT		 980 if (i > 0)
981 inode->i_atime = current_fs_time(inode->i_sb);
982 return i;
983}
984
9c1729db 985void tty_write_unlock(struct tty_struct *tty)
83c67571 986 __releases(&tty->atomic_write_lock)
9c1729db
AC		 987{
988 mutex_unlock(&tty->atomic_write_lock);
4b19449d 989 wake_up_interruptible_poll(&tty->write_wait, POLLOUT);
9c1729db
AC		 990}
991
992int tty_write_lock(struct tty_struct *tty, int ndelay)
83c67571 993 __acquires(&tty->atomic_write_lock)
9c1729db
AC		 994{
995 if (!mutex_trylock(&tty->atomic_write_lock)) {
996 if (ndelay)
997 return -EAGAIN;
998 if (mutex_lock_interruptible(&tty->atomic_write_lock))
999 return -ERESTARTSYS;
1000 }
1001 return 0;
1002}
1003
1da177e4
LT		 1004/*
1005 * Split writes up in sane blocksizes to avoid
1006 * denial-of-service type attacks
1007 */
1008static inline ssize_t do_tty_write(
1009 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1010 struct tty_struct *tty,
1011 struct file *file,
1012 const char __user *buf,
1013 size_t count)
1014{
9c1729db 1015 ssize_t ret, written = 0;
1da177e4 1016 unsigned int chunk;
37bdfb07 1017
9c1729db
AC		 1018 ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
1019 if (ret < 0)
1020 return ret;
1da177e4
LT		 1021
1022 /*
1023 * We chunk up writes into a temporary buffer. This
1024 * simplifies low-level drivers immensely, since they
1025 * don't have locking issues and user mode accesses.
1026 *
1027 * But if TTY_NO_WRITE_SPLIT is set, we should use a
1028 * big chunk-size..
1029 *
1030 * The default chunk-size is 2kB, because the NTTY
1031 * layer has problems with bigger chunks. It will
1032 * claim to be able to handle more characters than
1033 * it actually does.
af9b897e
AC		 1034 *
1035 * FIXME: This can probably go away now except that 64K chunks
1036 * are too likely to fail unless switched to vmalloc...
1da177e4
LT		 1037 */
1038 chunk = 2048;
1039 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1040 chunk = 65536;
1041 if (count < chunk)
1042 chunk = count;
1043
70522e12 1044 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1da177e4 1045 if (tty->write_cnt < chunk) {
402fda92 1046 unsigned char *buf_chunk;
1da177e4
LT		 1047
1048 if (chunk < 1024)
1049 chunk = 1024;
1050
402fda92
JW		 1051 buf_chunk = kmalloc(chunk, GFP_KERNEL);
1052 if (!buf_chunk) {
9c1729db
AC		 1053 ret = -ENOMEM;
1054 goto out;
1da177e4
LT		 1055 }
1056 kfree(tty->write_buf);
1057 tty->write_cnt = chunk;
402fda92 1058 tty->write_buf = buf_chunk;
1da177e4
LT		 1059 }
1060
1061 /* Do the write .. */
1062 for (;;) {
1063 size_t size = count;
1064 if (size > chunk)
1065 size = chunk;
1066 ret = -EFAULT;
1067 if (copy_from_user(tty->write_buf, buf, size))
1068 break;
1da177e4 1069 ret = write(tty, file, tty->write_buf, size);
1da177e4
LT		 1070 if (ret <= 0)
1071 break;
1072 written += ret;
1073 buf += ret;
1074 count -= ret;
1075 if (!count)
1076 break;
1077 ret = -ERESTARTSYS;
1078 if (signal_pending(current))
1079 break;
1080 cond_resched();
1081 }
1082 if (written) {
a7113a96 1083 struct inode *inode = file->f_path.dentry->d_inode;
1da177e4
LT		 1084 inode->i_mtime = current_fs_time(inode->i_sb);
1085 ret = written;
1086 }
9c1729db
AC		 1087out:
1088 tty_write_unlock(tty);
1da177e4
LT		 1089 return ret;
1090}
1091
95f9bfc6
AC		 1092/**
1093 * tty_write_message - write a message to a certain tty, not just the console.
1094 * @tty: the destination tty_struct
1095 * @msg: the message to write
1096 *
1097 * This is used for messages that need to be redirected to a specific tty.
1098 * We don't put it into the syslog queue right now maybe in the future if
1099 * really needed.
1100 *
ec79d605 1101 * We must still hold the BTM and test the CLOSING flag for the moment.
95f9bfc6
AC		 1102 */
1103
1104void tty_write_message(struct tty_struct *tty, char *msg)
1105{
95f9bfc6
AC		 1106 if (tty) {
1107 mutex_lock(&tty->atomic_write_lock);
6d31a88c 1108 tty_lock();
eeb89d91 1109 if (tty->ops->write && !test_bit(TTY_CLOSING, &tty->flags)) {
6d31a88c 1110 tty_unlock();
95f9bfc6 1111 tty->ops->write(tty, msg, strlen(msg));
eeb89d91 1112 } else
6d31a88c 1113 tty_unlock();
95f9bfc6
AC		 1114 tty_write_unlock(tty);
1115 }
95f9bfc6
AC		 1116 return;
1117}
1118
1da177e4 1119
af9b897e
AC		 1120/**
1121 * tty_write - write method for tty device file
1122 * @file: tty file pointer
1123 * @buf: user data to write
1124 * @count: bytes to write
1125 * @ppos: unused
1126 *
1127 * Write data to a tty device via the line discipline.
1128 *
1129 * Locking:
1130 * Locks the line discipline as required
1131 * Writes to the tty driver are serialized by the atomic_write_lock
1132 * and are then processed in chunks to the device. The line discipline
a88a69c9 1133 * write method will not be invoked in parallel for each device.
af9b897e
AC		 1134 */
1135
37bdfb07
AC		 1136static ssize_t tty_write(struct file *file, const char __user *buf,
1137 size_t count, loff_t *ppos)
1da177e4 1138{
a7113a96 1139 struct inode *inode = file->f_path.dentry->d_inode;
d996b62a
NP		 1140 struct tty_struct *tty = file_tty(file);
1141 struct tty_ldisc *ld;
1da177e4 1142 ssize_t ret;
37bdfb07 1143
1da177e4
LT		 1144 if (tty_paranoia_check(tty, inode, "tty_write"))
1145 return -EIO;
f34d7a5b 1146 if (!tty || !tty->ops->write ||
37bdfb07
AC		 1147 (test_bit(TTY_IO_ERROR, &tty->flags)))
1148 return -EIO;
f34d7a5b
AC		 1149 /* Short term debug to catch buggy drivers */
1150 if (tty->ops->write_room == NULL)
1151 printk(KERN_ERR "tty driver %s lacks a write_room method.\n",
1152 tty->driver->name);
37bdfb07 1153 ld = tty_ldisc_ref_wait(tty);
a352def2 1154 if (!ld->ops->write)
1da177e4
LT		 1155 ret = -EIO;
1156 else
a352def2 1157 ret = do_tty_write(ld->ops->write, tty, file, buf, count);
1da177e4
LT		 1158 tty_ldisc_deref(ld);
1159 return ret;
1160}
1161
37bdfb07
AC		 1162ssize_t redirected_tty_write(struct file *file, const char __user *buf,
1163 size_t count, loff_t *ppos)
1da177e4
LT		 1164{
1165 struct file *p = NULL;
1166
1167 spin_lock(&redirect_lock);
1168 if (redirect) {
1169 get_file(redirect);
1170 p = redirect;
1171 }
1172 spin_unlock(&redirect_lock);
1173
1174 if (p) {
1175 ssize_t res;
1176 res = vfs_write(p, buf, count, &p->f_pos);
1177 fput(p);
1178 return res;
1179 }
1da177e4
LT		 1180 return tty_write(file, buf, count, ppos);
1181}
1182
1183static char ptychar[] = "pqrstuvwxyzabcde";
1184
af9b897e
AC		 1185/**
1186 * pty_line_name - generate name for a pty
1187 * @driver: the tty driver in use
1188 * @index: the minor number
1189 * @p: output buffer of at least 6 bytes
1190 *
1191 * Generate a name from a driver reference and write it to the output
1192 * buffer.
1193 *
1194 * Locking: None
1195 */
1196static void pty_line_name(struct tty_driver *driver, int index, char *p)
1da177e4
LT		 1197{
1198 int i = index + driver->name_base;
1199 /* ->name is initialized to "ttyp", but "tty" is expected */
1200 sprintf(p, "%s%c%x",
37bdfb07
AC		 1201 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1202 ptychar[i >> 4 & 0xf], i & 0xf);
1da177e4
LT		 1203}
1204
af9b897e 1205/**
8b0a88d5 1206 * tty_line_name - generate name for a tty
af9b897e
AC		 1207 * @driver: the tty driver in use
1208 * @index: the minor number
1209 * @p: output buffer of at least 7 bytes
1210 *
1211 * Generate a name from a driver reference and write it to the output
1212 * buffer.
1213 *
1214 * Locking: None
1215 */
1216static void tty_line_name(struct tty_driver *driver, int index, char *p)
1da177e4
LT		 1217{
1218 sprintf(p, "%s%d", driver->name, index + driver->name_base);
1219}
1220
99f1fe18
AC		 1221/**
1222 * tty_driver_lookup_tty() - find an existing tty, if any
1223 * @driver: the driver for the tty
1224 * @idx: the minor number
23499705 1225 *
99f1fe18 1226 * Return the tty, if found or ERR_PTR() otherwise.
23499705 1227 *
99f1fe18
AC		 1228 * Locking: tty_mutex must be held. If tty is found, the mutex must
1229 * be held until the 'fast-open' is also done. Will change once we
1230 * have refcounting in the driver and per driver locking
23499705 1231 */
a47d545f 1232static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver,
15f1a633 1233 struct inode *inode, int idx)
23499705 1234{
99f1fe18 1235 if (driver->ops->lookup)
15f1a633 1236 return driver->ops->lookup(driver, inode, idx);
23499705 1237
d4834267 1238 return driver->ttys[idx];
23499705
SB		 1239}
1240
bf970ee4
AC		 1241/**
1242 * tty_init_termios - helper for termios setup
1243 * @tty: the tty to set up
1244 *
1245 * Initialise the termios structures for this tty. Thus runs under
1246 * the tty_mutex currently so we can be relaxed about ordering.
1247 */
1248
1249int tty_init_termios(struct tty_struct *tty)
1250{
fe6e29fd 1251 struct ktermios *tp;
bf970ee4
AC		 1252 int idx = tty->index;
1253
36b3c070
AC		 1254 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1255 tty->termios = tty->driver->init_termios;
1256 else {
1257 /* Check for lazy saved data */
1258 tp = tty->driver->termios[idx];
1259 if (tp != NULL)
1260 tty->termios = *tp;
1261 else
1262 tty->termios = tty->driver->init_termios;
bf970ee4 1263 }
bf970ee4 1264 /* Compatibility until drivers always set this */
adc8d746
AC		 1265 tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios);
1266 tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios);
bf970ee4
AC		 1267 return 0;
1268}
fe1ae7fd 1269EXPORT_SYMBOL_GPL(tty_init_termios);
bf970ee4 1270
66d450e8
JS		 1271int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty)
1272{
1273 int ret = tty_init_termios(tty);
1274 if (ret)
1275 return ret;
1276
1277 tty_driver_kref_get(driver);
1278 tty->count++;
1279 driver->ttys[tty->index] = tty;
1280 return 0;
1281}
1282EXPORT_SYMBOL_GPL(tty_standard_install);
1283
99f1fe18 1284/**
8b0a88d5
AC		 1285 * tty_driver_install_tty() - install a tty entry in the driver
1286 * @driver: the driver for the tty
1287 * @tty: the tty
1288 *
1289 * Install a tty object into the driver tables. The tty->index field
bf970ee4
AC		 1290 * will be set by the time this is called. This method is responsible
1291 * for ensuring any need additional structures are allocated and
1292 * configured.
8b0a88d5
AC		 1293 *
1294 * Locking: tty_mutex for now
1295 */
1296static int tty_driver_install_tty(struct tty_driver *driver,
1297 struct tty_struct *tty)
1298{
66d450e8
JS		 1299 return driver->ops->install ? driver->ops->install(driver, tty) :
1300 tty_standard_install(driver, tty);
8b0a88d5
AC		 1301}
1302
1303/**
1304 * tty_driver_remove_tty() - remove a tty from the driver tables
1305 * @driver: the driver for the tty
1306 * @idx: the minor number
1307 *
1308 * Remvoe a tty object from the driver tables. The tty->index field
1309 * will be set by the time this is called.
1310 *
1311 * Locking: tty_mutex for now
1312 */
24d406a6 1313void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty)
8b0a88d5
AC		 1314{
1315 if (driver->ops->remove)
1316 driver->ops->remove(driver, tty);
1317 else
1318 driver->ttys[tty->index] = NULL;
1319}
1320
1321/*
1322 * tty_reopen() - fast re-open of an open tty
1323 * @tty - the tty to open
23499705 1324 *
99f1fe18 1325 * Return 0 on success, -errno on error.
23499705 1326 *
99f1fe18
AC		 1327 * Locking: tty_mutex must be held from the time the tty was found
1328 * till this open completes.
23499705 1329 */
99f1fe18 1330static int tty_reopen(struct tty_struct *tty)
23499705
SB		 1331{
1332 struct tty_driver *driver = tty->driver;
1333
e2efafbf 1334 if (test_bit(TTY_CLOSING, &tty->flags) ||
acfa747b 1335 test_bit(TTY_HUPPING, &tty->flags) ||
e2efafbf 1336 test_bit(TTY_LDISC_CHANGING, &tty->flags))
23499705
SB		 1337 return -EIO;
1338
1339 if (driver->type == TTY_DRIVER_TYPE_PTY &&
1340 driver->subtype == PTY_TYPE_MASTER) {
1341 /*
1342 * special case for PTY masters: only one open permitted,
1343 * and the slave side open count is incremented as well.
1344 */
1345 if (tty->count)
1346 return -EIO;
1347
1348 tty->link->count++;
1349 }
1350 tty->count++;
23499705 1351
1aa4bed8 1352 mutex_lock(&tty->ldisc_mutex);
99f1fe18 1353 WARN_ON(!test_bit(TTY_LDISC, &tty->flags));
1aa4bed8 1354 mutex_unlock(&tty->ldisc_mutex);
23499705
SB		 1355
1356 return 0;
1357}
1358
af9b897e 1359/**
d81ed103 1360 * tty_init_dev - initialise a tty device
af9b897e
AC		 1361 * @driver: tty driver we are opening a device on
1362 * @idx: device index
15582d36 1363 * @ret_tty: returned tty structure
af9b897e
AC		 1364 *
1365 * Prepare a tty device. This may not be a "new" clean device but
1366 * could also be an active device. The pty drivers require special
1367 * handling because of this.
1368 *
1369 * Locking:
1370 * The function is called under the tty_mutex, which
1371 * protects us from the tty struct or driver itself going away.
1372 *
1373 * On exit the tty device has the line discipline attached and
1374 * a reference count of 1. If a pair was created for pty/tty use
1375 * and the other was a pty master then it too has a reference count of 1.
1376 *
1da177e4 1377 * WSH 06/09/97: Rewritten to remove races and properly clean up after a
70522e12
IM		 1378 * failed open. The new code protects the open with a mutex, so it's
1379 * really quite straightforward. The mutex locking can probably be
1da177e4
LT		 1380 * relaxed for the (most common) case of reopening a tty.
1381 */
af9b897e 1382
593a27c4 1383struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx)
1da177e4 1384{
bf970ee4 1385 struct tty_struct *tty;
73ec06fc 1386 int retval;
1da177e4 1387
1da177e4
LT		 1388 /*
1389 * First time open is complex, especially for PTY devices.
1390 * This code guarantees that either everything succeeds and the
1391 * TTY is ready for operation, or else the table slots are vacated
37bdfb07 1392 * and the allocated memory released. (Except that the termios
1da177e4
LT		 1393 * and locked termios may be retained.)
1394 */
1395
73ec06fc
AC		 1396 if (!try_module_get(driver->owner))
1397 return ERR_PTR(-ENODEV);
1da177e4 1398
1da177e4 1399 tty = alloc_tty_struct();
d5543503
JS		 1400 if (!tty) {
1401 retval = -ENOMEM;
1402 goto err_module_put;
1403 }
bf970ee4 1404 initialize_tty_struct(tty, driver, idx);
1da177e4 1405
73ec06fc 1406 retval = tty_driver_install_tty(driver, tty);
d5543503 1407 if (retval < 0)
a9dccddb 1408 goto err_deinit_tty;
8b0a88d5 1409
04831dc1
JS		 1410 if (!tty->port)
1411 tty->port = driver->ports[idx];
1412
37bdfb07 1413 /*
1da177e4 1414 * Structures all installed ... call the ldisc open routines.
d5698c28
CH		 1415 * If we fail here just call release_tty to clean up. No need
1416 * to decrement the use counts, as release_tty doesn't care.
1da177e4 1417 */
bf970ee4 1418 retval = tty_ldisc_setup(tty, tty->link);
01e1abb2 1419 if (retval)
d5543503 1420 goto err_release_tty;
73ec06fc 1421 return tty;
1da177e4 1422
a9dccddb
JS		 1423err_deinit_tty:
1424 deinitialize_tty_struct(tty);
d5543503
JS		 1425 free_tty_struct(tty);
1426err_module_put:
1da177e4 1427 module_put(driver->owner);
d5543503 1428 return ERR_PTR(retval);
1da177e4 1429
d5698c28 1430 /* call the tty release_tty routine to clean out this slot */
d5543503 1431err_release_tty:
5a3c6b25 1432 printk_ratelimited(KERN_INFO "tty_init_dev: ldisc open failed, "
4050914f 1433 "clearing slot %d\n", idx);
d5698c28 1434 release_tty(tty, idx);
73ec06fc 1435 return ERR_PTR(retval);
1da177e4
LT		 1436}
1437
feebed65
AC		 1438void tty_free_termios(struct tty_struct *tty)
1439{
1440 struct ktermios *tp;
1441 int idx = tty->index;
36b3c070
AC		 1442
1443 /* If the port is going to reset then it has no termios to save */
1444 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1445 return;
1446
1447 /* Stash the termios data */
1448 tp = tty->driver->termios[idx];
1449 if (tp == NULL) {
1450 tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
1451 if (tp == NULL) {
1452 pr_warn("tty: no memory to save termios state.\n");
1453 return;
1454 }
4ac5d705 1455 tty->driver->termios[idx] = tp;
feebed65 1456 }
36b3c070 1457 *tp = tty->termios;
feebed65
AC		 1458}
1459EXPORT_SYMBOL(tty_free_termios);
1460
feebed65 1461
af9b897e 1462/**
d5698c28 1463 * release_one_tty - release tty structure memory
9c9f4ded 1464 * @kref: kref of tty we are obliterating
af9b897e
AC		 1465 *
1466 * Releases memory associated with a tty structure, and clears out the
1467 * driver table slots. This function is called when a device is no longer
1468 * in use. It also gets called when setup of a device fails.
1469 *
1470 * Locking:
af9b897e
AC		 1471 * takes the file list lock internally when working on the list
1472 * of ttys that the driver keeps.
b50989dc
AC		 1473 *
1474 * This method gets called from a work queue so that the driver private
f278a2f7 1475 * cleanup ops can sleep (needed for USB at least)
1da177e4 1476 */
b50989dc 1477static void release_one_tty(struct work_struct *work)
1da177e4 1478{
b50989dc
AC		 1479 struct tty_struct *tty =
1480 container_of(work, struct tty_struct, hangup_work);
6f967f78 1481 struct tty_driver *driver = tty->driver;
d5698c28 1482
f278a2f7
DY		 1483 if (tty->ops->cleanup)
1484 tty->ops->cleanup(tty);
1485
1da177e4 1486 tty->magic = 0;
7d7b93c1 1487 tty_driver_kref_put(driver);
6f967f78 1488 module_put(driver->owner);
d5698c28 1489
ee2ffa0d 1490 spin_lock(&tty_files_lock);
1da177e4 1491 list_del_init(&tty->tty_files);
ee2ffa0d 1492 spin_unlock(&tty_files_lock);
d5698c28 1493
6da8d866
ON		 1494 put_pid(tty->pgrp);
1495 put_pid(tty->session);
1da177e4
LT		 1496 free_tty_struct(tty);
1497}
1498
b50989dc
AC		 1499static void queue_release_one_tty(struct kref *kref)
1500{
1501 struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
f278a2f7 1502
b50989dc
AC		 1503 /* The hangup queue is now free so we can reuse it rather than
1504 waste a chunk of memory for each port */
1505 INIT_WORK(&tty->hangup_work, release_one_tty);
1506 schedule_work(&tty->hangup_work);
1507}
1508
9c9f4ded
AC		 1509/**
1510 * tty_kref_put - release a tty kref
1511 * @tty: tty device
1512 *
1513 * Release a reference to a tty device and if need be let the kref
1514 * layer destruct the object for us
1515 */
1516
1517void tty_kref_put(struct tty_struct *tty)
1518{
1519 if (tty)
b50989dc 1520 kref_put(&tty->kref, queue_release_one_tty);
9c9f4ded
AC		 1521}
1522EXPORT_SYMBOL(tty_kref_put);
1523
d5698c28
CH		 1524/**
1525 * release_tty - release tty structure memory
1526 *
1527 * Release both @tty and a possible linked partner (think pty pair),
1528 * and decrement the refcount of the backing module.
1529 *
1530 * Locking:
d155255a 1531 * tty_mutex
d5698c28
CH		 1532 * takes the file list lock internally when working on the list
1533 * of ttys that the driver keeps.
9c9f4ded 1534 *
d5698c28
CH		 1535 */
1536static void release_tty(struct tty_struct *tty, int idx)
1537{
9c9f4ded
AC		 1538 /* This should always be true but check for the moment */
1539 WARN_ON(tty->index != idx);
d155255a 1540 WARN_ON(!mutex_is_locked(&tty_mutex));
36b3c070
AC		 1541 if (tty->ops->shutdown)
1542 tty->ops->shutdown(tty);
1543 tty_free_termios(tty);
1544 tty_driver_remove_tty(tty->driver, tty);
1545
d5698c28 1546 if (tty->link)
9c9f4ded
AC		 1547 tty_kref_put(tty->link);
1548 tty_kref_put(tty);
d5698c28
CH		 1549}
1550
955787ca
JS		 1551/**
1552 * tty_release_checks - check a tty before real release
1553 * @tty: tty to check
1554 * @o_tty: link of @tty (if any)
1555 * @idx: index of the tty
1556 *
1557 * Performs some paranoid checking before true release of the @tty.
1558 * This is a no-op unless TTY_PARANOIA_CHECK is defined.
1559 */
1560static int tty_release_checks(struct tty_struct *tty, struct tty_struct *o_tty,
1561 int idx)
1562{
1563#ifdef TTY_PARANOIA_CHECK
1564 if (idx < 0 || idx >= tty->driver->num) {
9de44bd6
JS		 1565 printk(KERN_DEBUG "%s: bad idx when trying to free (%s)\n",
1566 __func__, tty->name);
955787ca
JS		 1567 return -1;
1568 }
1569
1570 /* not much to check for devpts */
1571 if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)
1572 return 0;
1573
1574 if (tty != tty->driver->ttys[idx]) {
9de44bd6
JS		 1575 printk(KERN_DEBUG "%s: driver.table[%d] not tty for (%s)\n",
1576 __func__, idx, tty->name);
955787ca
JS		 1577 return -1;
1578 }
955787ca
JS		 1579 if (tty->driver->other) {
1580 if (o_tty != tty->driver->other->ttys[idx]) {
9de44bd6
JS		 1581 printk(KERN_DEBUG "%s: other->table[%d] not o_tty for (%s)\n",
1582 __func__, idx, tty->name);
955787ca
JS		 1583 return -1;
1584 }
955787ca 1585 if (o_tty->link != tty) {
9de44bd6 1586 printk(KERN_DEBUG "%s: bad pty pointers\n", __func__);
955787ca
JS		 1587 return -1;
1588 }
1589 }
1590#endif
1591 return 0;
1592}
1593
eeb89d91
AC		 1594/**
1595 * tty_release - vfs callback for close
1596 * @inode: inode of tty
1597 * @filp: file pointer for handle to tty
1598 *
1599 * Called the last time each file handle is closed that references
1600 * this tty. There may however be several such references.
1601 *
1602 * Locking:
1603 * Takes bkl. See tty_release_dev
1604 *
1da177e4
LT		 1605 * Even releasing the tty structures is a tricky business.. We have
1606 * to be very careful that the structures are all released at the
1607 * same time, as interrupts might otherwise get the wrong pointers.
1608 *
1609 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1610 * lead to double frees or releasing memory still in use.
1611 */
eeb89d91
AC		 1612
1613int tty_release(struct inode *inode, struct file *filp)
1da177e4 1614{
d996b62a
NP		 1615 struct tty_struct *tty = file_tty(filp);
1616 struct tty_struct *o_tty;
1da177e4 1617 int pty_master, tty_closing, o_tty_closing, do_sleep;
14a6283e 1618 int devpts;
1da177e4
LT		 1619 int idx;
1620 char buf[64];
37bdfb07 1621
9de44bd6 1622 if (tty_paranoia_check(tty, inode, __func__))
eeb89d91 1623 return 0;
1da177e4 1624
6d31a88c 1625 tty_lock();
9de44bd6 1626 check_tty_count(tty, __func__);
1da177e4 1627
ec79d605 1628 __tty_fasync(-1, filp, 0);
1da177e4
LT		 1629
1630 idx = tty->index;
1631 pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1632 tty->driver->subtype == PTY_TYPE_MASTER);
1633 devpts = (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) != 0;
1da177e4
LT		 1634 o_tty = tty->link;
1635
955787ca 1636 if (tty_release_checks(tty, o_tty, idx)) {
6d31a88c 1637 tty_unlock();
eeb89d91 1638 return 0;
1da177e4 1639 }
1da177e4
LT		 1640
1641#ifdef TTY_DEBUG_HANGUP
9de44bd6
JS		 1642 printk(KERN_DEBUG "%s: %s (tty count=%d)...\n", __func__,
1643 tty_name(tty, buf), tty->count);
1da177e4
LT		 1644#endif
1645
f34d7a5b
AC		 1646 if (tty->ops->close)
1647 tty->ops->close(tty, filp);
1da177e4 1648
6d31a88c 1649 tty_unlock();
1da177e4
LT		 1650 /*
1651 * Sanity check: if tty->count is going to zero, there shouldn't be
1652 * any waiters on tty->read_wait or tty->write_wait. We test the
1653 * wait queues and kick everyone out _before_ actually starting to
1654 * close. This ensures that we won't block while releasing the tty
1655 * structure.
1656 *
1657 * The test for the o_tty closing is necessary, since the master and
1658 * slave sides may close in any order. If the slave side closes out
1659 * first, its count will be one, since the master side holds an open.
1660 * Thus this test wouldn't be triggered at the time the slave closes,
1661 * so we do it now.
1662 *
1663 * Note that it's possible for the tty to be opened again while we're
1664 * flushing out waiters. By recalculating the closing flags before
1665 * each iteration we avoid any problems.
1666 */
1667 while (1) {
1668 /* Guard against races with tty->count changes elsewhere and
1669 opens on /dev/tty */
37bdfb07 1670
70522e12 1671 mutex_lock(&tty_mutex);
6d31a88c 1672 tty_lock();
1da177e4
LT		 1673 tty_closing = tty->count <= 1;
1674 o_tty_closing = o_tty &&
1675 (o_tty->count <= (pty_master ? 1 : 0));
1da177e4
LT		 1676 do_sleep = 0;
1677
1678 if (tty_closing) {
1679 if (waitqueue_active(&tty->read_wait)) {
4b19449d 1680 wake_up_poll(&tty->read_wait, POLLIN);
1da177e4
LT		 1681 do_sleep++;
1682 }
1683 if (waitqueue_active(&tty->write_wait)) {
4b19449d 1684 wake_up_poll(&tty->write_wait, POLLOUT);
1da177e4
LT		 1685 do_sleep++;
1686 }
1687 }
1688 if (o_tty_closing) {
1689 if (waitqueue_active(&o_tty->read_wait)) {
4b19449d 1690 wake_up_poll(&o_tty->read_wait, POLLIN);
1da177e4
LT		 1691 do_sleep++;
1692 }
1693 if (waitqueue_active(&o_tty->write_wait)) {
4b19449d 1694 wake_up_poll(&o_tty->write_wait, POLLOUT);
1da177e4
LT		 1695 do_sleep++;
1696 }
1697 }
1698 if (!do_sleep)
1699 break;
1700
9de44bd6
JS		 1701 printk(KERN_WARNING "%s: %s: read/write wait queue active!\n",
1702 __func__, tty_name(tty, buf));
6d31a88c 1703 tty_unlock();
70522e12 1704 mutex_unlock(&tty_mutex);
1da177e4 1705 schedule();
37bdfb07 1706 }
1da177e4
LT		 1707
1708 /*
37bdfb07
AC		 1709 * The closing flags are now consistent with the open counts on
1710 * both sides, and we've completed the last operation that could
1da177e4 1711 * block, so it's safe to proceed with closing.
d155255a
AC		 1712 *
1713 * We must *not* drop the tty_mutex until we ensure that a further
1714 * entry into tty_open can not pick up this tty.
1da177e4 1715 */
1da177e4
LT		 1716 if (pty_master) {
1717 if (--o_tty->count < 0) {
9de44bd6
JS		 1718 printk(KERN_WARNING "%s: bad pty slave count (%d) for %s\n",
1719 __func__, o_tty->count, tty_name(o_tty, buf));
1da177e4
LT		 1720 o_tty->count = 0;
1721 }
1722 }
1723 if (--tty->count < 0) {
9de44bd6
JS		 1724 printk(KERN_WARNING "%s: bad tty->count (%d) for %s\n",
1725 __func__, tty->count, tty_name(tty, buf));
1da177e4
LT		 1726 tty->count = 0;
1727 }
37bdfb07 1728
1da177e4
LT		 1729 /*
1730 * We've decremented tty->count, so we need to remove this file
1731 * descriptor off the tty->tty_files list; this serves two
1732 * purposes:
1733 * - check_tty_count sees the correct number of file descriptors
1734 * associated with this tty.
1735 * - do_tty_hangup no longer sees this file descriptor as
1736 * something that needs to be handled for hangups.
1737 */
d996b62a 1738 tty_del_file(filp);
1da177e4
LT		 1739
1740 /*
1741 * Perform some housekeeping before deciding whether to return.
1742 *
1743 * Set the TTY_CLOSING flag if this was the last open. In the
1744 * case of a pty we may have to wait around for the other side
1745 * to close, and TTY_CLOSING makes sure we can't be reopened.
1746 */
37bdfb07 1747 if (tty_closing)
1da177e4 1748 set_bit(TTY_CLOSING, &tty->flags);
37bdfb07 1749 if (o_tty_closing)
1da177e4
LT		 1750 set_bit(TTY_CLOSING, &o_tty->flags);
1751
1752 /*
1753 * If _either_ side is closing, make sure there aren't any
1754 * processes that still think tty or o_tty is their controlling
1755 * tty.
1756 */
1757 if (tty_closing || o_tty_closing) {
1da177e4 1758 read_lock(&tasklist_lock);
24ec839c 1759 session_clear_tty(tty->session);
1da177e4 1760 if (o_tty)
24ec839c 1761 session_clear_tty(o_tty->session);
1da177e4
LT		 1762 read_unlock(&tasklist_lock);
1763 }
1764
70522e12 1765 mutex_unlock(&tty_mutex);
d155255a
AC		 1766 tty_unlock();
1767 /* At this point the TTY_CLOSING flag should ensure a dead tty
1768 cannot be re-opened by a racing opener */
da965822 1769
1da177e4 1770 /* check whether both sides are closing ... */
d155255a 1771 if (!tty_closing || (o_tty && !o_tty_closing))
eeb89d91 1772 return 0;
37bdfb07 1773
1da177e4 1774#ifdef TTY_DEBUG_HANGUP
9de44bd6 1775 printk(KERN_DEBUG "%s: freeing tty structure...\n", __func__);
1da177e4
LT		 1776#endif
1777 /*
01e1abb2 1778 * Ask the line discipline code to release its structures
1da177e4 1779 */
01e1abb2 1780 tty_ldisc_release(tty, o_tty);
1da177e4 1781 /*
d5698c28 1782 * The release_tty function takes care of the details of clearing
6d31a88c 1783 * the slots and preserving the termios structure.
1da177e4 1784 */
d155255a 1785 mutex_lock(&tty_mutex);
d5698c28 1786 release_tty(tty, idx);
d155255a 1787 mutex_unlock(&tty_mutex);
1da177e4 1788
1da177e4 1789 /* Make this pty number available for reallocation */
718a9163 1790 if (devpts)
15f1a633 1791 devpts_kill_index(inode, idx);
d155255a 1792
eeb89d91 1793 return 0;
1da177e4
LT		 1794}
1795
b82154ac
JS		 1796/**
1797 * tty_open_current_tty - get tty of current task for open
1798 * @device: device number
1799 * @filp: file pointer to tty
1800 * @return: tty of the current task iff @device is /dev/tty
1801 *
1802 * We cannot return driver and index like for the other nodes because
1803 * devpts will not work then. It expects inodes to be from devpts FS.
3af502b9
AC		 1804 *
1805 * We need to move to returning a refcounted object from all the lookup
1806 * paths including this one.
b82154ac
JS		 1807 */
1808static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp)
1809{
1810 struct tty_struct *tty;
1811
1812 if (device != MKDEV(TTYAUX_MAJOR, 0))
1813 return NULL;
1814
1815 tty = get_current_tty();
1816 if (!tty)
1817 return ERR_PTR(-ENXIO);
1818
1819 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
1820 /* noctty = 1; */
1821 tty_kref_put(tty);
1822 /* FIXME: we put a reference and return a TTY! */
3af502b9 1823 /* This is only safe because the caller holds tty_mutex */
b82154ac
JS		 1824 return tty;
1825}
1826
5b5e7040
JS		 1827/**
1828 * tty_lookup_driver - lookup a tty driver for a given device file
1829 * @device: device number
1830 * @filp: file pointer to tty
1831 * @noctty: set if the device should not become a controlling tty
1832 * @index: index for the device in the @return driver
1833 * @return: driver for this inode (with increased refcount)
1834 *
1835 * If @return is not erroneous, the caller is responsible to decrement the
1836 * refcount by tty_driver_kref_put.
1837 *
1838 * Locking: tty_mutex protects get_tty_driver
1839 */
1840static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp,
1841 int *noctty, int *index)
1842{
1843 struct tty_driver *driver;
1844
2cd0050c 1845 switch (device) {
5b5e7040 1846#ifdef CONFIG_VT
2cd0050c 1847 case MKDEV(TTY_MAJOR, 0): {
5b5e7040
JS		 1848 extern struct tty_driver *console_driver;
1849 driver = tty_driver_kref_get(console_driver);
1850 *index = fg_console;
1851 *noctty = 1;
2cd0050c 1852 break;
5b5e7040
JS		 1853 }
1854#endif
2cd0050c 1855 case MKDEV(TTYAUX_MAJOR, 1): {
5b5e7040
JS		 1856 struct tty_driver *console_driver = console_device(index);
1857 if (console_driver) {
1858 driver = tty_driver_kref_get(console_driver);
1859 if (driver) {
1860 /* Don't let /dev/console block */
1861 filp->f_flags |= O_NONBLOCK;
1862 *noctty = 1;
2cd0050c 1863 break;
5b5e7040
JS		 1864 }
1865 }
1866 return ERR_PTR(-ENODEV);
1867 }
2cd0050c
JS		 1868 default:
1869 driver = get_tty_driver(device, index);
1870 if (!driver)
1871 return ERR_PTR(-ENODEV);
1872 break;
1873 }
5b5e7040
JS		 1874 return driver;
1875}
1876
af9b897e 1877/**
eeb89d91 1878 * tty_open - open a tty device
af9b897e
AC		 1879 * @inode: inode of device file
1880 * @filp: file pointer to tty
1da177e4 1881 *
af9b897e
AC		 1882 * tty_open and tty_release keep up the tty count that contains the
1883 * number of opens done on a tty. We cannot use the inode-count, as
1884 * different inodes might point to the same tty.
1da177e4 1885 *
af9b897e
AC		 1886 * Open-counting is needed for pty masters, as well as for keeping
1887 * track of serial lines: DTR is dropped when the last close happens.
1888 * (This is not done solely through tty->count, now. - Ted 1/27/92)
1889 *
1890 * The termios state of a pty is reset on first open so that
1891 * settings don't persist across reuse.
1892 *
5b5e7040 1893 * Locking: tty_mutex protects tty, tty_lookup_driver and tty_init_dev.
24ec839c
PZ		 1894 * tty->count should protect the rest.
1895 * ->siglock protects ->signal/->sighand
1da177e4 1896 */
af9b897e 1897
eeb89d91 1898static int tty_open(struct inode *inode, struct file *filp)
1da177e4 1899{
b82154ac 1900 struct tty_struct *tty;
1da177e4 1901 int noctty, retval;
b82154ac 1902 struct tty_driver *driver = NULL;
1da177e4
LT		 1903 int index;
1904 dev_t device = inode->i_rdev;
846c151a 1905 unsigned saved_flags = filp->f_flags;
1da177e4
LT		 1906
1907 nonseekable_open(inode, filp);
37bdfb07 1908
1da177e4 1909retry_open:
fa90e1c9
JS		 1910 retval = tty_alloc_file(filp);
1911 if (retval)
1912 return -ENOMEM;
1913
1da177e4
LT		 1914 noctty = filp->f_flags & O_NOCTTY;
1915 index = -1;
1916 retval = 0;
37bdfb07 1917
70522e12 1918 mutex_lock(&tty_mutex);
6d31a88c
AC		 1919 tty_lock();
1920
b82154ac
JS		 1921 tty = tty_open_current_tty(device, filp);
1922 if (IS_ERR(tty)) {
ba5db448
JS		 1923 retval = PTR_ERR(tty);
1924 goto err_unlock;
5b5e7040
JS		 1925 } else if (!tty) {
1926 driver = tty_lookup_driver(device, filp, &noctty, &index);
1927 if (IS_ERR(driver)) {
ba5db448
JS		 1928 retval = PTR_ERR(driver);
1929 goto err_unlock;
1da177e4 1930 }
1da177e4 1931
4a2b5fdd 1932 /* check whether we're reopening an existing tty */
15f1a633 1933 tty = tty_driver_lookup_tty(driver, inode, index);
808ffa3d 1934 if (IS_ERR(tty)) {
ba5db448
JS		 1935 retval = PTR_ERR(tty);
1936 goto err_unlock;
808ffa3d 1937 }
4a2b5fdd
SB		 1938 }
1939
1940 if (tty) {
1941 retval = tty_reopen(tty);
6d31a88c 1942 if (retval)
4a2b5fdd 1943 tty = ERR_PTR(retval);
6d31a88c 1944 } else
593a27c4 1945 tty = tty_init_dev(driver, index);
4a2b5fdd 1946
70522e12 1947 mutex_unlock(&tty_mutex);
b82154ac
JS		 1948 if (driver)
1949 tty_driver_kref_put(driver);
eeb89d91 1950 if (IS_ERR(tty)) {
6d31a88c 1951 tty_unlock();
ba5db448
JS		 1952 retval = PTR_ERR(tty);
1953 goto err_file;
eeb89d91 1954 }
1da177e4 1955
fa90e1c9 1956 tty_add_file(tty, filp);
d996b62a 1957
9de44bd6 1958 check_tty_count(tty, __func__);
1da177e4
LT		 1959 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1960 tty->driver->subtype == PTY_TYPE_MASTER)
1961 noctty = 1;
1962#ifdef TTY_DEBUG_HANGUP
9de44bd6 1963 printk(KERN_DEBUG "%s: opening %s...\n", __func__, tty->name);
1da177e4 1964#endif
909bc774
HRK		 1965 if (tty->ops->open)
1966 retval = tty->ops->open(tty, filp);
1967 else
1968 retval = -ENODEV;
1da177e4
LT		 1969 filp->f_flags = saved_flags;
1970
37bdfb07
AC		 1971 if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) &&
1972 !capable(CAP_SYS_ADMIN))
1da177e4
LT		 1973 retval = -EBUSY;
1974
1975 if (retval) {
1976#ifdef TTY_DEBUG_HANGUP
9de44bd6
JS		 1977 printk(KERN_DEBUG "%s: error %d in opening %s...\n", __func__,
1978 retval, tty->name);
1da177e4 1979#endif
6d31a88c 1980 tty_unlock(); /* need to call tty_release without BTM */
eeb89d91 1981 tty_release(inode, filp);
64ba3dc3 1982 if (retval != -ERESTARTSYS)
1da177e4 1983 return retval;
64ba3dc3
AB		 1984
1985 if (signal_pending(current))
1da177e4 1986 return retval;
64ba3dc3 1987
1da177e4
LT		 1988 schedule();
1989 /*
1990 * Need to reset f_op in case a hangup happened.
1991 */
6d31a88c 1992 tty_lock();
1da177e4
LT		 1993 if (filp->f_op == &hung_up_tty_fops)
1994 filp->f_op = &tty_fops;
6d31a88c 1995 tty_unlock();
1da177e4
LT		 1996 goto retry_open;
1997 }
6d31a88c 1998 tty_unlock();
eeb89d91 1999
24ec839c
PZ		 2000
2001 mutex_lock(&tty_mutex);
6d31a88c 2002 tty_lock();
24ec839c 2003 spin_lock_irq(&current->sighand->siglock);
1da177e4
LT		 2004 if (!noctty &&
2005 current->signal->leader &&
2006 !current->signal->tty &&
ab521dc0 2007 tty->session == NULL)
2a65f1d9 2008 __proc_set_tty(current, tty);
24ec839c 2009 spin_unlock_irq(&current->sighand->siglock);
6d31a88c 2010 tty_unlock();
24ec839c 2011 mutex_unlock(&tty_mutex);
1da177e4 2012 return 0;
ba5db448 2013err_unlock:
6d31a88c 2014 tty_unlock();
ba5db448
JS		 2015 mutex_unlock(&tty_mutex);
2016 /* after locks to avoid deadlock */
2017 if (!IS_ERR_OR_NULL(driver))
2018 tty_driver_kref_put(driver);
2019err_file:
2020 tty_free_file(filp);
2021 return retval;
1da177e4
LT		 2022}
2023
39d95b9d
JC		 2024
2025
af9b897e
AC		 2026/**
2027 * tty_poll - check tty status
2028 * @filp: file being polled
2029 * @wait: poll wait structures to update
2030 *
2031 * Call the line discipline polling method to obtain the poll
2032 * status of the device.
2033 *
2034 * Locking: locks called line discipline but ldisc poll method
2035 * may be re-entered freely by other callers.
2036 */
2037
37bdfb07 2038static unsigned int tty_poll(struct file *filp, poll_table *wait)
1da177e4 2039{
d996b62a 2040 struct tty_struct *tty = file_tty(filp);
1da177e4
LT		 2041 struct tty_ldisc *ld;
2042 int ret = 0;
2043
a7113a96 2044 if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_poll"))
1da177e4 2045 return 0;
37bdfb07 2046
1da177e4 2047 ld = tty_ldisc_ref_wait(tty);
a352def2
AC		 2048 if (ld->ops->poll)
2049 ret = (ld->ops->poll)(tty, filp, wait);
1da177e4
LT		 2050 tty_ldisc_deref(ld);
2051 return ret;
2052}
2053
ec79d605 2054static int __tty_fasync(int fd, struct file *filp, int on)
1da177e4 2055{
d996b62a 2056 struct tty_struct *tty = file_tty(filp);
47f86834 2057 unsigned long flags;
5d1e3230 2058 int retval = 0;
1da177e4 2059
a7113a96 2060 if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_fasync"))
5d1e3230 2061 goto out;
37bdfb07 2062
1da177e4
LT		 2063 retval = fasync_helper(fd, filp, on, &tty->fasync);
2064 if (retval <= 0)
5d1e3230 2065 goto out;
1da177e4
LT		 2066
2067 if (on) {
ab521dc0
EB		 2068 enum pid_type type;
2069 struct pid *pid;
1da177e4
LT		 2070 if (!waitqueue_active(&tty->read_wait))
2071 tty->minimum_to_wake = 1;
47f86834 2072 spin_lock_irqsave(&tty->ctrl_lock, flags);
ab521dc0
EB		 2073 if (tty->pgrp) {
2074 pid = tty->pgrp;
2075 type = PIDTYPE_PGID;
2076 } else {
2077 pid = task_pid(current);
2078 type = PIDTYPE_PID;
2079 }
80e1e823 2080 get_pid(pid);
70362511 2081 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
80e1e823
LT		 2082 retval = __f_setown(filp, pid, type, 0);
2083 put_pid(pid);
1da177e4 2084 if (retval)
5d1e3230 2085 goto out;
1da177e4
LT		 2086 } else {
2087 if (!tty->fasync && !waitqueue_active(&tty->read_wait))
2088 tty->minimum_to_wake = N_TTY_BUF_SIZE;
2089 }
5d1e3230
JC		 2090 retval = 0;
2091out:
ec79d605
AB		 2092 return retval;
2093}
2094
2095static int tty_fasync(int fd, struct file *filp, int on)
2096{
2097 int retval;
6d31a88c 2098 tty_lock();
ec79d605 2099 retval = __tty_fasync(fd, filp, on);
6d31a88c 2100 tty_unlock();
5d1e3230 2101 return retval;
1da177e4
LT		 2102}
2103
af9b897e
AC		 2104/**
2105 * tiocsti - fake input character
2106 * @tty: tty to fake input into
2107 * @p: pointer to character
2108 *
3a4fa0a2 2109 * Fake input to a tty device. Does the necessary locking and
af9b897e
AC		 2110 * input management.
2111 *
2112 * FIXME: does not honour flow control ??
2113 *
2114 * Locking:
2115 * Called functions take tty_ldisc_lock
2116 * current->signal->tty check is safe without locks
28298232
AC		 2117 *
2118 * FIXME: may race normal receive processing
af9b897e
AC		 2119 */
2120
1da177e4
LT		 2121static int tiocsti(struct tty_struct *tty, char __user *p)
2122{
2123 char ch, mbz = 0;
2124 struct tty_ldisc *ld;
37bdfb07 2125
1da177e4
LT		 2126 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2127 return -EPERM;
2128 if (get_user(ch, p))
2129 return -EFAULT;
1e641743 2130 tty_audit_tiocsti(tty, ch);
1da177e4 2131 ld = tty_ldisc_ref_wait(tty);
a352def2 2132 ld->ops->receive_buf(tty, &ch, &mbz, 1);
1da177e4
LT		 2133 tty_ldisc_deref(ld);
2134 return 0;
2135}
2136
af9b897e
AC		 2137/**
2138 * tiocgwinsz - implement window query ioctl
2139 * @tty; tty
2140 * @arg: user buffer for result
2141 *
808a0d38 2142 * Copies the kernel idea of the window size into the user buffer.
af9b897e 2143 *
24ec839c 2144 * Locking: tty->termios_mutex is taken to ensure the winsize data
808a0d38 2145 * is consistent.
af9b897e
AC		 2146 */
2147
37bdfb07 2148static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
1da177e4 2149{
808a0d38
AC		 2150 int err;
2151
5785c95b 2152 mutex_lock(&tty->termios_mutex);
808a0d38 2153 err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
5785c95b 2154 mutex_unlock(&tty->termios_mutex);
808a0d38
AC		 2155
2156 return err ? -EFAULT: 0;
1da177e4
LT		 2157}
2158
af9b897e 2159/**
8c9a9dd0
AC		 2160 * tty_do_resize - resize event
2161 * @tty: tty being resized
8c9a9dd0
AC		 2162 * @rows: rows (character)
2163 * @cols: cols (character)
2164 *
3ad2f3fb 2165 * Update the termios variables and send the necessary signals to
8c9a9dd0 2166 * peform a terminal resize correctly
af9b897e
AC		 2167 */
2168
fc6f6238 2169int tty_do_resize(struct tty_struct *tty, struct winsize *ws)
1da177e4 2170{
fc6f6238 2171 struct pid *pgrp;
47f86834 2172 unsigned long flags;
1da177e4 2173
fc6f6238
AC		 2174 /* Lock the tty */
2175 mutex_lock(&tty->termios_mutex);
2176 if (!memcmp(ws, &tty->winsize, sizeof(*ws)))
ca9bda00 2177 goto done;
47f86834
AC		 2178 /* Get the PID values and reference them so we can
2179 avoid holding the tty ctrl lock while sending signals */
2180 spin_lock_irqsave(&tty->ctrl_lock, flags);
2181 pgrp = get_pid(tty->pgrp);
47f86834
AC		 2182 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2183
2184 if (pgrp)
2185 kill_pgrp(pgrp, SIGWINCH, 1);
47f86834 2186 put_pid(pgrp);
47f86834 2187
8c9a9dd0 2188 tty->winsize = *ws;
ca9bda00 2189done:
fc6f6238 2190 mutex_unlock(&tty->termios_mutex);
1da177e4
LT		 2191 return 0;
2192}
2193
8c9a9dd0
AC		 2194/**
2195 * tiocswinsz - implement window size set ioctl
fc6f6238 2196 * @tty; tty side of tty
8c9a9dd0
AC		 2197 * @arg: user buffer for result
2198 *
2199 * Copies the user idea of the window size to the kernel. Traditionally
2200 * this is just advisory information but for the Linux console it
2201 * actually has driver level meaning and triggers a VC resize.
2202 *
2203 * Locking:
25985edc 2204 * Driver dependent. The default do_resize method takes the
8c9a9dd0
AC		 2205 * tty termios mutex and ctrl_lock. The console takes its own lock
2206 * then calls into the default method.
2207 */
2208
fc6f6238 2209static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg)
8c9a9dd0
AC		 2210{
2211 struct winsize tmp_ws;
2212 if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2213 return -EFAULT;
2214
2215 if (tty->ops->resize)
fc6f6238 2216 return tty->ops->resize(tty, &tmp_ws);
8c9a9dd0 2217 else
fc6f6238 2218 return tty_do_resize(tty, &tmp_ws);
8c9a9dd0
AC		 2219}
2220
af9b897e
AC		 2221/**
2222 * tioccons - allow admin to move logical console
2223 * @file: the file to become console
2224 *
25985edc 2225 * Allow the administrator to move the redirected console device
af9b897e
AC		 2226 *
2227 * Locking: uses redirect_lock to guard the redirect information
2228 */
2229
1da177e4
LT		 2230static int tioccons(struct file *file)
2231{
2232 if (!capable(CAP_SYS_ADMIN))
2233 return -EPERM;
2234 if (file->f_op->write == redirected_tty_write) {
2235 struct file *f;
2236 spin_lock(&redirect_lock);
2237 f = redirect;
2238 redirect = NULL;
2239 spin_unlock(&redirect_lock);
2240 if (f)
2241 fput(f);
2242 return 0;
2243 }
2244 spin_lock(&redirect_lock);
2245 if (redirect) {
2246 spin_unlock(&redirect_lock);
2247 return -EBUSY;
2248 }
2249 get_file(file);
2250 redirect = file;
2251 spin_unlock(&redirect_lock);
2252 return 0;
2253}
2254
af9b897e
AC		 2255/**
2256 * fionbio - non blocking ioctl
2257 * @file: file to set blocking value
2258 * @p: user parameter
2259 *
2260 * Historical tty interfaces had a blocking control ioctl before
2261 * the generic functionality existed. This piece of history is preserved
2262 * in the expected tty API of posix OS's.
2263 *
6146b9af 2264 * Locking: none, the open file handle ensures it won't go away.
af9b897e 2265 */
1da177e4
LT		 2266
2267static int fionbio(struct file *file, int __user *p)
2268{
2269 int nonblock;
2270
2271 if (get_user(nonblock, p))
2272 return -EFAULT;
2273
db1dd4d3 2274 spin_lock(&file->f_lock);
1da177e4
LT		 2275 if (nonblock)
2276 file->f_flags |= O_NONBLOCK;
2277 else
2278 file->f_flags &= ~O_NONBLOCK;
db1dd4d3 2279 spin_unlock(&file->f_lock);
1da177e4
LT		 2280 return 0;
2281}
2282
af9b897e
AC		 2283/**
2284 * tiocsctty - set controlling tty
2285 * @tty: tty structure
2286 * @arg: user argument
2287 *
2288 * This ioctl is used to manage job control. It permits a session
2289 * leader to set this tty as the controlling tty for the session.
2290 *
2291 * Locking:
28298232 2292 * Takes tty_mutex() to protect tty instance
24ec839c
PZ		 2293 * Takes tasklist_lock internally to walk sessions
2294 * Takes ->siglock() when updating signal->tty
af9b897e
AC		 2295 */
2296
1da177e4
LT		 2297static int tiocsctty(struct tty_struct *tty, int arg)
2298{
24ec839c 2299 int ret = 0;
ab521dc0 2300 if (current->signal->leader && (task_session(current) == tty->session))
24ec839c
PZ		 2301 return ret;
2302
2303 mutex_lock(&tty_mutex);
1da177e4
LT		 2304 /*
2305 * The process must be a session leader and
2306 * not have a controlling tty already.
2307 */
24ec839c
PZ		 2308 if (!current->signal->leader || current->signal->tty) {
2309 ret = -EPERM;
2310 goto unlock;
2311 }
2312
ab521dc0 2313 if (tty->session) {
1da177e4
LT		 2314 /*
2315 * This tty is already the controlling
2316 * tty for another session group!
2317 */
37bdfb07 2318 if (arg == 1 && capable(CAP_SYS_ADMIN)) {
1da177e4
LT		 2319 /*
2320 * Steal it away
2321 */
1da177e4 2322 read_lock(&tasklist_lock);
24ec839c 2323 session_clear_tty(tty->session);
1da177e4 2324 read_unlock(&tasklist_lock);
24ec839c
PZ		 2325 } else {
2326 ret = -EPERM;
2327 goto unlock;
2328 }
1da177e4 2329 }
24ec839c
PZ		 2330 proc_set_tty(current, tty);
2331unlock:
28298232 2332 mutex_unlock(&tty_mutex);
24ec839c 2333 return ret;
1da177e4
LT		 2334}
2335
5d0fdf1e
AC		 2336/**
2337 * tty_get_pgrp - return a ref counted pgrp pid
2338 * @tty: tty to read
2339 *
2340 * Returns a refcounted instance of the pid struct for the process
2341 * group controlling the tty.
2342 */
2343
2344struct pid *tty_get_pgrp(struct tty_struct *tty)
2345{
2346 unsigned long flags;
2347 struct pid *pgrp;
2348
2349 spin_lock_irqsave(&tty->ctrl_lock, flags);
2350 pgrp = get_pid(tty->pgrp);
2351 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2352
2353 return pgrp;
2354}
2355EXPORT_SYMBOL_GPL(tty_get_pgrp);
2356
af9b897e
AC		 2357/**
2358 * tiocgpgrp - get process group
2359 * @tty: tty passed by user
25985edc 2360 * @real_tty: tty side of the tty passed by the user if a pty else the tty
af9b897e
AC		 2361 * @p: returned pid
2362 *
2363 * Obtain the process group of the tty. If there is no process group
2364 * return an error.
2365 *
24ec839c 2366 * Locking: none. Reference to current->signal->tty is safe.
af9b897e
AC		 2367 */
2368
1da177e4
LT		 2369static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2370{
5d0fdf1e
AC		 2371 struct pid *pid;
2372 int ret;
1da177e4
LT		 2373 /*
2374 * (tty == real_tty) is a cheap way of
2375 * testing if the tty is NOT a master pty.
2376 */
2377 if (tty == real_tty && current->signal->tty != real_tty)
2378 return -ENOTTY;
5d0fdf1e
AC		 2379 pid = tty_get_pgrp(real_tty);
2380 ret = put_user(pid_vnr(pid), p);
2381 put_pid(pid);
2382 return ret;
1da177e4
LT		 2383}
2384
af9b897e
AC		 2385/**
2386 * tiocspgrp - attempt to set process group
2387 * @tty: tty passed by user
2388 * @real_tty: tty side device matching tty passed by user
2389 * @p: pid pointer
2390 *
2391 * Set the process group of the tty to the session passed. Only
2392 * permitted where the tty session is our session.
2393 *
47f86834 2394 * Locking: RCU, ctrl lock
af9b897e
AC		 2395 */
2396
1da177e4
LT		 2397static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2398{
04a2e6a5
EB		 2399 struct pid *pgrp;
2400 pid_t pgrp_nr;
1da177e4 2401 int retval = tty_check_change(real_tty);
47f86834 2402 unsigned long flags;
1da177e4
LT		 2403
2404 if (retval == -EIO)
2405 return -ENOTTY;
2406 if (retval)
2407 return retval;
2408 if (!current->signal->tty ||
2409 (current->signal->tty != real_tty) ||
ab521dc0 2410 (real_tty->session != task_session(current)))
1da177e4 2411 return -ENOTTY;
04a2e6a5 2412 if (get_user(pgrp_nr, p))
1da177e4 2413 return -EFAULT;
04a2e6a5 2414 if (pgrp_nr < 0)
1da177e4 2415 return -EINVAL;
04a2e6a5 2416 rcu_read_lock();
b488893a 2417 pgrp = find_vpid(pgrp_nr);
04a2e6a5
EB		 2418 retval = -ESRCH;
2419 if (!pgrp)
2420 goto out_unlock;
2421 retval = -EPERM;
2422 if (session_of_pgrp(pgrp) != task_session(current))
2423 goto out_unlock;
2424 retval = 0;
47f86834 2425 spin_lock_irqsave(&tty->ctrl_lock, flags);
ab521dc0
EB		 2426 put_pid(real_tty->pgrp);
2427 real_tty->pgrp = get_pid(pgrp);
47f86834 2428 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
04a2e6a5
EB		 2429out_unlock:
2430 rcu_read_unlock();
2431 return retval;
1da177e4
LT		 2432}
2433
af9b897e
AC		 2434/**
2435 * tiocgsid - get session id
2436 * @tty: tty passed by user
25985edc 2437 * @real_tty: tty side of the tty passed by the user if a pty else the tty
af9b897e
AC		 2438 * @p: pointer to returned session id
2439 *
2440 * Obtain the session id of the tty. If there is no session
2441 * return an error.
2442 *
24ec839c 2443 * Locking: none. Reference to current->signal->tty is safe.
af9b897e
AC		 2444 */
2445
1da177e4
LT		 2446static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2447{
2448 /*
2449 * (tty == real_tty) is a cheap way of
2450 * testing if the tty is NOT a master pty.
2451 */
2452 if (tty == real_tty && current->signal->tty != real_tty)
2453 return -ENOTTY;
ab521dc0 2454 if (!real_tty->session)
1da177e4 2455 return -ENOTTY;
b488893a 2456 return put_user(pid_vnr(real_tty->session), p);
1da177e4
LT		 2457}
2458
af9b897e
AC		 2459/**
2460 * tiocsetd - set line discipline
2461 * @tty: tty device
2462 * @p: pointer to user data
2463 *
2464 * Set the line discipline according to user request.
2465 *
2466 * Locking: see tty_set_ldisc, this function is just a helper
2467 */
2468
1da177e4
LT		 2469static int tiocsetd(struct tty_struct *tty, int __user *p)
2470{
2471 int ldisc;
04f378b1 2472 int ret;
1da177e4
LT		 2473
2474 if (get_user(ldisc, p))
2475 return -EFAULT;
04f378b1 2476
04f378b1 2477 ret = tty_set_ldisc(tty, ldisc);
04f378b1
AC		 2478
2479 return ret;
1da177e4
LT		 2480}
2481
af9b897e
AC		 2482/**
2483 * send_break - performed time break
2484 * @tty: device to break on
2485 * @duration: timeout in mS
2486 *
2487 * Perform a timed break on hardware that lacks its own driver level
2488 * timed break functionality.
2489 *
2490 * Locking:
28298232 2491 * atomic_write_lock serializes
af9b897e 2492 *
af9b897e
AC		 2493 */
2494
b20f3ae5 2495static int send_break(struct tty_struct *tty, unsigned int duration)
1da177e4 2496{
9e98966c
AC		 2497 int retval;
2498
2499 if (tty->ops->break_ctl == NULL)
2500 return 0;
2501
2502 if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
2503 retval = tty->ops->break_ctl(tty, duration);
2504 else {
2505 /* Do the work ourselves */
2506 if (tty_write_lock(tty, 0) < 0)
2507 return -EINTR;
2508 retval = tty->ops->break_ctl(tty, -1);
2509 if (retval)
2510 goto out;
2511 if (!signal_pending(current))
2512 msleep_interruptible(duration);
2513 retval = tty->ops->break_ctl(tty, 0);
2514out:
2515 tty_write_unlock(tty);
2516 if (signal_pending(current))
2517 retval = -EINTR;
2518 }
2519 return retval;
1da177e4
LT		 2520}
2521
af9b897e 2522/**
f34d7a5b 2523 * tty_tiocmget - get modem status
af9b897e
AC		 2524 * @tty: tty device
2525 * @file: user file pointer
2526 * @p: pointer to result
2527 *
2528 * Obtain the modem status bits from the tty driver if the feature
2529 * is supported. Return -EINVAL if it is not available.
2530 *
2531 * Locking: none (up to the driver)
2532 */
2533
60b33c13 2534static int tty_tiocmget(struct tty_struct *tty, int __user *p)
1da177e4
LT		 2535{
2536 int retval = -EINVAL;
2537
f34d7a5b 2538 if (tty->ops->tiocmget) {
60b33c13 2539 retval = tty->ops->tiocmget(tty);
1da177e4
LT		 2540
2541 if (retval >= 0)
2542 retval = put_user(retval, p);
2543 }
2544 return retval;
2545}
2546
af9b897e 2547/**
f34d7a5b 2548 * tty_tiocmset - set modem status
af9b897e 2549 * @tty: tty device
af9b897e
AC		 2550 * @cmd: command - clear bits, set bits or set all
2551 * @p: pointer to desired bits
2552 *
2553 * Set the modem status bits from the tty driver if the feature
2554 * is supported. Return -EINVAL if it is not available.
2555 *
2556 * Locking: none (up to the driver)
2557 */
2558
20b9d177 2559static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd,
1da177e4
LT		 2560 unsigned __user *p)
2561{
ae677517
AC		 2562 int retval;
2563 unsigned int set, clear, val;
1da177e4 2564
ae677517
AC		 2565 if (tty->ops->tiocmset == NULL)
2566 return -EINVAL;
1da177e4 2567
ae677517
AC		 2568 retval = get_user(val, p);
2569 if (retval)
2570 return retval;
2571 set = clear = 0;
2572 switch (cmd) {
2573 case TIOCMBIS:
2574 set = val;
2575 break;
2576 case TIOCMBIC:
2577 clear = val;
2578 break;
2579 case TIOCMSET:
2580 set = val;
2581 clear = ~val;
2582 break;
2583 }
2584 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2585 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
20b9d177 2586 return tty->ops->tiocmset(tty, set, clear);
1da177e4
LT		 2587}
2588
d281da7f
AC		 2589static int tty_tiocgicount(struct tty_struct *tty, void __user *arg)
2590{
2591 int retval = -EINVAL;
2592 struct serial_icounter_struct icount;
2593 memset(&icount, 0, sizeof(icount));
2594 if (tty->ops->get_icount)
2595 retval = tty->ops->get_icount(tty, &icount);
2596 if (retval != 0)
2597 return retval;
2598 if (copy_to_user(arg, &icount, sizeof(icount)))
2599 return -EFAULT;
2600 return 0;
2601}
2602
e8b70e7d
AC		 2603struct tty_struct *tty_pair_get_tty(struct tty_struct *tty)
2604{
2605 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2606 tty->driver->subtype == PTY_TYPE_MASTER)
2607 tty = tty->link;
2608 return tty;
2609}
2610EXPORT_SYMBOL(tty_pair_get_tty);
2611
2612struct tty_struct *tty_pair_get_pty(struct tty_struct *tty)
2613{
2614 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2615 tty->driver->subtype == PTY_TYPE_MASTER)
2616 return tty;
2617 return tty->link;
2618}
2619EXPORT_SYMBOL(tty_pair_get_pty);
2620
1da177e4
LT		 2621/*
2622 * Split this up, as gcc can choke on it otherwise..
2623 */
04f378b1 2624long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
1da177e4 2625{
d996b62a
NP		 2626 struct tty_struct *tty = file_tty(file);
2627 struct tty_struct *real_tty;
1da177e4
LT		 2628 void __user *p = (void __user *)arg;
2629 int retval;
2630 struct tty_ldisc *ld;
04f378b1 2631 struct inode *inode = file->f_dentry->d_inode;
37bdfb07 2632
1da177e4
LT		 2633 if (tty_paranoia_check(tty, inode, "tty_ioctl"))
2634 return -EINVAL;
2635
e8b70e7d 2636 real_tty = tty_pair_get_tty(tty);
1da177e4
LT		 2637
2638 /*
2639 * Factor out some common prep work
2640 */
2641 switch (cmd) {
2642 case TIOCSETD:
2643 case TIOCSBRK:
2644 case TIOCCBRK:
2645 case TCSBRK:
37bdfb07 2646 case TCSBRKP:
1da177e4
LT		 2647 retval = tty_check_change(tty);
2648 if (retval)
2649 return retval;
2650 if (cmd != TIOCCBRK) {
2651 tty_wait_until_sent(tty, 0);
2652 if (signal_pending(current))
2653 return -EINTR;
2654 }
2655 break;
2656 }
2657
9e98966c
AC		 2658 /*
2659 * Now do the stuff.
2660 */
1da177e4 2661 switch (cmd) {
37bdfb07
AC		 2662 case TIOCSTI:
2663 return tiocsti(tty, p);
2664 case TIOCGWINSZ:
8f520021 2665 return tiocgwinsz(real_tty, p);
37bdfb07 2666 case TIOCSWINSZ:
fc6f6238 2667 return tiocswinsz(real_tty, p);
37bdfb07
AC		 2668 case TIOCCONS:
2669 return real_tty != tty ? -EINVAL : tioccons(file);
2670 case FIONBIO:
2671 return fionbio(file, p);
2672 case TIOCEXCL:
2673 set_bit(TTY_EXCLUSIVE, &tty->flags);
2674 return 0;
2675 case TIOCNXCL:
2676 clear_bit(TTY_EXCLUSIVE, &tty->flags);
2677 return 0;
2678 case TIOCNOTTY:
2679 if (current->signal->tty != tty)
2680 return -ENOTTY;
2681 no_tty();
2682 return 0;
2683 case TIOCSCTTY:
2684 return tiocsctty(tty, arg);
2685 case TIOCGPGRP:
2686 return tiocgpgrp(tty, real_tty, p);
2687 case TIOCSPGRP:
2688 return tiocspgrp(tty, real_tty, p);
2689 case TIOCGSID:
2690 return tiocgsid(tty, real_tty, p);
2691 case TIOCGETD:
c65c9bc3 2692 return put_user(tty->ldisc->ops->num, (int __user *)p);
37bdfb07
AC		 2693 case TIOCSETD:
2694 return tiocsetd(tty, p);
3c95c985
KS		 2695 case TIOCVHANGUP:
2696 if (!capable(CAP_SYS_ADMIN))
2697 return -EPERM;
2698 tty_vhangup(tty);
2699 return 0;
b7b8de08
WF		 2700 case TIOCGDEV:
2701 {
2702 unsigned int ret = new_encode_dev(tty_devnum(real_tty));
2703 return put_user(ret, (unsigned int __user *)p);
2704 }
37bdfb07
AC		 2705 /*
2706 * Break handling
2707 */
2708 case TIOCSBRK: /* Turn break on, unconditionally */
f34d7a5b 2709 if (tty->ops->break_ctl)
9e98966c 2710 return tty->ops->break_ctl(tty, -1);
37bdfb07 2711 return 0;
37bdfb07 2712 case TIOCCBRK: /* Turn break off, unconditionally */
f34d7a5b 2713 if (tty->ops->break_ctl)
9e98966c 2714 return tty->ops->break_ctl(tty, 0);
37bdfb07
AC		 2715 return 0;
2716 case TCSBRK: /* SVID version: non-zero arg --> no break */
2717 /* non-zero arg means wait for all output data
2718 * to be sent (performed above) but don't send break.
2719 * This is used by the tcdrain() termios function.
2720 */
2721 if (!arg)
2722 return send_break(tty, 250);
2723 return 0;
2724 case TCSBRKP: /* support for POSIX tcsendbreak() */
2725 return send_break(tty, arg ? arg*100 : 250);
2726
2727 case TIOCMGET:
60b33c13 2728 return tty_tiocmget(tty, p);
37bdfb07
AC		 2729 case TIOCMSET:
2730 case TIOCMBIC:
2731 case TIOCMBIS:
20b9d177 2732 return tty_tiocmset(tty, cmd, p);
d281da7f
AC		 2733 case TIOCGICOUNT:
2734 retval = tty_tiocgicount(tty, p);
2735 /* For the moment allow fall through to the old method */
2736 if (retval != -EINVAL)
2737 return retval;
2738 break;
37bdfb07
AC		 2739 case TCFLSH:
2740 switch (arg) {
2741 case TCIFLUSH:
2742 case TCIOFLUSH:
2743 /* flush tty buffer and allow ldisc to process ioctl */
2744 tty_buffer_flush(tty);
c5c34d48 2745 break;
37bdfb07
AC		 2746 }
2747 break;
1da177e4 2748 }
f34d7a5b 2749 if (tty->ops->ioctl) {
6caa76b7 2750 retval = (tty->ops->ioctl)(tty, cmd, arg);
1da177e4
LT		 2751 if (retval != -ENOIOCTLCMD)
2752 return retval;
2753 }
2754 ld = tty_ldisc_ref_wait(tty);
2755 retval = -EINVAL;
a352def2
AC		 2756 if (ld->ops->ioctl) {
2757 retval = ld->ops->ioctl(tty, file, cmd, arg);
1da177e4
LT		 2758 if (retval == -ENOIOCTLCMD)
2759 retval = -EINVAL;
2760 }
2761 tty_ldisc_deref(ld);
2762 return retval;
2763}
2764
e10cc1df 2765#ifdef CONFIG_COMPAT
37bdfb07 2766static long tty_compat_ioctl(struct file *file, unsigned int cmd,
e10cc1df
PF		 2767 unsigned long arg)
2768{
2769 struct inode *inode = file->f_dentry->d_inode;
d996b62a 2770 struct tty_struct *tty = file_tty(file);
e10cc1df
PF		 2771 struct tty_ldisc *ld;
2772 int retval = -ENOIOCTLCMD;
2773
2774 if (tty_paranoia_check(tty, inode, "tty_ioctl"))
2775 return -EINVAL;
2776
f34d7a5b 2777 if (tty->ops->compat_ioctl) {
6caa76b7 2778 retval = (tty->ops->compat_ioctl)(tty, cmd, arg);
e10cc1df
PF		 2779 if (retval != -ENOIOCTLCMD)
2780 return retval;
2781 }
2782
2783 ld = tty_ldisc_ref_wait(tty);
a352def2
AC		 2784 if (ld->ops->compat_ioctl)
2785 retval = ld->ops->compat_ioctl(tty, file, cmd, arg);
8193c429
TM		 2786 else
2787 retval = n_tty_compat_ioctl_helper(tty, file, cmd, arg);
e10cc1df
PF		 2788 tty_ldisc_deref(ld);
2789
2790 return retval;
2791}
2792#endif
1da177e4
LT		 2793
2794/*
2795 * This implements the "Secure Attention Key" --- the idea is to
2796 * prevent trojan horses by killing all processes associated with this
2797 * tty when the user hits the "Secure Attention Key". Required for
2798 * super-paranoid applications --- see the Orange Book for more details.
37bdfb07 2799 *
1da177e4
LT		 2800 * This code could be nicer; ideally it should send a HUP, wait a few
2801 * seconds, then send a INT, and then a KILL signal. But you then
2802 * have to coordinate with the init process, since all processes associated
2803 * with the current tty must be dead before the new getty is allowed
2804 * to spawn.
2805 *
2806 * Now, if it would be correct ;-/ The current code has a nasty hole -
2807 * it doesn't catch files in flight. We may send the descriptor to ourselves
2808 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
2809 *
2810 * Nasty bug: do_SAK is being called in interrupt context. This can
2811 * deadlock. We punt it up to process context. AKPM - 16Mar2001
2812 */
8b6312f4 2813void __do_SAK(struct tty_struct *tty)
1da177e4
LT		 2814{
2815#ifdef TTY_SOFT_SAK
2816 tty_hangup(tty);
2817#else
652486fb 2818 struct task_struct *g, *p;
ab521dc0 2819 struct pid *session;
1da177e4
LT		 2820 int i;
2821 struct file *filp;
badf1662 2822 struct fdtable *fdt;
37bdfb07 2823
1da177e4
LT		 2824 if (!tty)
2825 return;
24ec839c 2826 session = tty->session;
37bdfb07 2827
b3f13deb 2828 tty_ldisc_flush(tty);
1da177e4 2829
f34d7a5b 2830 tty_driver_flush_buffer(tty);
37bdfb07 2831
1da177e4 2832 read_lock(&tasklist_lock);
652486fb 2833 /* Kill the entire session */
ab521dc0 2834 do_each_pid_task(session, PIDTYPE_SID, p) {
652486fb 2835 printk(KERN_NOTICE "SAK: killed process %d"
1b0f7ffd 2836 " (%s): task_session(p)==tty->session\n",
ba25f9dc 2837 task_pid_nr(p), p->comm);
652486fb 2838 send_sig(SIGKILL, p, 1);
ab521dc0 2839 } while_each_pid_task(session, PIDTYPE_SID, p);
652486fb
EB		 2840 /* Now kill any processes that happen to have the
2841 * tty open.
2842 */
2843 do_each_thread(g, p) {
2844 if (p->signal->tty == tty) {
1da177e4 2845 printk(KERN_NOTICE "SAK: killed process %d"
1b0f7ffd 2846 " (%s): task_session(p)==tty->session\n",
ba25f9dc 2847 task_pid_nr(p), p->comm);
1da177e4
LT		 2848 send_sig(SIGKILL, p, 1);
2849 continue;
2850 }
2851 task_lock(p);
2852 if (p->files) {
ca99c1da
DS		 2853 /*
2854 * We don't take a ref to the file, so we must
2855 * hold ->file_lock instead.
2856 */
2857 spin_lock(&p->files->file_lock);
badf1662 2858 fdt = files_fdtable(p->files);
37bdfb07 2859 for (i = 0; i < fdt->max_fds; i++) {
1da177e4
LT		 2860 filp = fcheck_files(p->files, i);
2861 if (!filp)
2862 continue;
2863 if (filp->f_op->read == tty_read &&
d996b62a 2864 file_tty(filp) == tty) {
1da177e4
LT		 2865 printk(KERN_NOTICE "SAK: killed process %d"
2866 " (%s): fd#%d opened to the tty\n",
ba25f9dc 2867 task_pid_nr(p), p->comm, i);
20ac9437 2868 force_sig(SIGKILL, p);
1da177e4
LT		 2869 break;
2870 }
2871 }
ca99c1da 2872 spin_unlock(&p->files->file_lock);
1da177e4
LT		 2873 }
2874 task_unlock(p);
652486fb 2875 } while_each_thread(g, p);
1da177e4
LT		 2876 read_unlock(&tasklist_lock);
2877#endif
2878}
2879
8b6312f4
EB		 2880static void do_SAK_work(struct work_struct *work)
2881{
2882 struct tty_struct *tty =
2883 container_of(work, struct tty_struct, SAK_work);
2884 __do_SAK(tty);
2885}
2886
1da177e4
LT		 2887/*
2888 * The tq handling here is a little racy - tty->SAK_work may already be queued.
2889 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
2890 * the values which we write to it will be identical to the values which it
2891 * already has. --akpm
2892 */
2893void do_SAK(struct tty_struct *tty)
2894{
2895 if (!tty)
2896 return;
1da177e4
LT		 2897 schedule_work(&tty->SAK_work);
2898}
2899
2900EXPORT_SYMBOL(do_SAK);
2901
30004ac9
DES		 2902static int dev_match_devt(struct device *dev, void *data)
2903{
2904 dev_t *devt = data;
2905 return dev->devt == *devt;
2906}
2907
2908/* Must put_device() after it's unused! */
2909static struct device *tty_get_device(struct tty_struct *tty)
2910{
2911 dev_t devt = tty_devnum(tty);
2912 return class_find_device(tty_class, NULL, &devt, dev_match_devt);
2913}
2914
2915
af9b897e
AC		 2916/**
2917 * initialize_tty_struct
2918 * @tty: tty to initialize
2919 *
2920 * This subroutine initializes a tty structure that has been newly
2921 * allocated.
2922 *
2923 * Locking: none - tty in question must not be exposed at this point
1da177e4 2924 */
af9b897e 2925
bf970ee4
AC		 2926void initialize_tty_struct(struct tty_struct *tty,
2927 struct tty_driver *driver, int idx)
1da177e4
LT		 2928{
2929 memset(tty, 0, sizeof(struct tty_struct));
9c9f4ded 2930 kref_init(&tty->kref);
1da177e4 2931 tty->magic = TTY_MAGIC;
01e1abb2 2932 tty_ldisc_init(tty);
ab521dc0
EB		 2933 tty->session = NULL;
2934 tty->pgrp = NULL;
1da177e4 2935 tty->overrun_time = jiffies;
33f0f88f 2936 tty_buffer_init(tty);
5785c95b 2937 mutex_init(&tty->termios_mutex);
c65c9bc3 2938 mutex_init(&tty->ldisc_mutex);
1da177e4
LT		 2939 init_waitqueue_head(&tty->write_wait);
2940 init_waitqueue_head(&tty->read_wait);
65f27f38 2941 INIT_WORK(&tty->hangup_work, do_tty_hangup);
70522e12
IM		 2942 mutex_init(&tty->atomic_read_lock);
2943 mutex_init(&tty->atomic_write_lock);
a88a69c9
JP		 2944 mutex_init(&tty->output_lock);
2945 mutex_init(&tty->echo_lock);
1da177e4 2946 spin_lock_init(&tty->read_lock);
04f378b1 2947 spin_lock_init(&tty->ctrl_lock);
1da177e4 2948 INIT_LIST_HEAD(&tty->tty_files);
7f1f86a0 2949 INIT_WORK(&tty->SAK_work, do_SAK_work);
bf970ee4
AC		 2950
2951 tty->driver = driver;
2952 tty->ops = driver->ops;
2953 tty->index = idx;
2954 tty_line_name(driver, idx, tty->name);
30004ac9 2955 tty->dev = tty_get_device(tty);
1da177e4
LT		 2956}
2957
6716671d
JS		 2958/**
2959 * deinitialize_tty_struct
2960 * @tty: tty to deinitialize
2961 *
2962 * This subroutine deinitializes a tty structure that has been newly
2963 * allocated but tty_release cannot be called on that yet.
2964 *
2965 * Locking: none - tty in question must not be exposed at this point
2966 */
2967void deinitialize_tty_struct(struct tty_struct *tty)
2968{
2969 tty_ldisc_deinit(tty);
2970}
2971
f34d7a5b
AC		 2972/**
2973 * tty_put_char - write one character to a tty
2974 * @tty: tty
2975 * @ch: character
2976 *
2977 * Write one byte to the tty using the provided put_char method
2978 * if present. Returns the number of characters successfully output.
2979 *
2980 * Note: the specific put_char operation in the driver layer may go
2981 * away soon. Don't call it directly, use this method
1da177e4 2982 */
af9b897e 2983
f34d7a5b 2984int tty_put_char(struct tty_struct *tty, unsigned char ch)
1da177e4 2985{
f34d7a5b
AC		 2986 if (tty->ops->put_char)
2987 return tty->ops->put_char(tty, ch);
2988 return tty->ops->write(tty, &ch, 1);
1da177e4 2989}
f34d7a5b
AC		 2990EXPORT_SYMBOL_GPL(tty_put_char);
2991
d81ed103 2992struct class *tty_class;
1da177e4
LT		 2993
2994/**
af9b897e
AC		 2995 * tty_register_device - register a tty device
2996 * @driver: the tty driver that describes the tty device
2997 * @index: the index in the tty driver for this tty device
2998 * @device: a struct device that is associated with this tty device.
2999 * This field is optional, if there is no known struct device
3000 * for this tty device it can be set to NULL safely.
1da177e4 3001 *
01107d34
GKH		 3002 * Returns a pointer to the struct device for this tty device
3003 * (or ERR_PTR(-EFOO) on error).
1cdcb6b4 3004 *
af9b897e
AC		 3005 * This call is required to be made to register an individual tty device
3006 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3007 * that bit is not set, this function should not be called by a tty
3008 * driver.
3009 *
3010 * Locking: ??
1da177e4 3011 */
af9b897e 3012
01107d34
GKH		 3013struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3014 struct device *device)
1da177e4
LT		 3015{
3016 char name[64];
3017 dev_t dev = MKDEV(driver->major, driver->minor_start) + index;
3018
3019 if (index >= driver->num) {
3020 printk(KERN_ERR "Attempt to register invalid tty line number "
3021 " (%d).\n", index);
1cdcb6b4 3022 return ERR_PTR(-EINVAL);
1da177e4
LT		 3023 }
3024
1da177e4
LT		 3025 if (driver->type == TTY_DRIVER_TYPE_PTY)
3026 pty_line_name(driver, index, name);
3027 else
3028 tty_line_name(driver, index, name);
1cdcb6b4 3029
03457cd4 3030 return device_create(tty_class, device, dev, NULL, name);
1da177e4 3031}
7d7b93c1 3032EXPORT_SYMBOL(tty_register_device);
1da177e4
LT		 3033
3034/**
af9b897e
AC		 3035 * tty_unregister_device - unregister a tty device
3036 * @driver: the tty driver that describes the tty device
3037 * @index: the index in the tty driver for this tty device
1da177e4 3038 *
af9b897e
AC		 3039 * If a tty device is registered with a call to tty_register_device() then
3040 * this function must be called when the tty device is gone.
3041 *
3042 * Locking: ??
1da177e4 3043 */
af9b897e 3044
1da177e4
LT		 3045void tty_unregister_device(struct tty_driver *driver, unsigned index)
3046{
37bdfb07
AC		 3047 device_destroy(tty_class,
3048 MKDEV(driver->major, driver->minor_start) + index);
1da177e4 3049}
1da177e4
LT		 3050EXPORT_SYMBOL(tty_unregister_device);
3051
1a54a76d 3052struct tty_driver *__alloc_tty_driver(int lines, struct module *owner)
1da177e4
LT		 3053{
3054 struct tty_driver *driver;
3055
506eb99a 3056 driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL);
1da177e4 3057 if (driver) {
7d7b93c1 3058 kref_init(&driver->kref);
1da177e4
LT		 3059 driver->magic = TTY_DRIVER_MAGIC;
3060 driver->num = lines;
1a54a76d 3061 driver->owner = owner;
1da177e4
LT		 3062 /* later we'll move allocation of tables here */
3063 }
3064 return driver;
3065}
1a54a76d 3066EXPORT_SYMBOL(__alloc_tty_driver);
1da177e4 3067
7d7b93c1 3068static void destruct_tty_driver(struct kref *kref)
1da177e4 3069{
7d7b93c1
AC		 3070 struct tty_driver *driver = container_of(kref, struct tty_driver, kref);
3071 int i;
3072 struct ktermios *tp;
3073 void *p;
3074
3075 if (driver->flags & TTY_DRIVER_INSTALLED) {
3076 /*
3077 * Free the termios and termios_locked structures because
3078 * we don't want to get memory leaks when modular tty
3079 * drivers are removed from the kernel.
3080 */
3081 for (i = 0; i < driver->num; i++) {
3082 tp = driver->termios[i];
3083 if (tp) {
3084 driver->termios[i] = NULL;
3085 kfree(tp);
3086 }
7d7b93c1
AC		 3087 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3088 tty_unregister_device(driver, i);
3089 }
3090 p = driver->ttys;
3091 proc_tty_unregister_driver(driver);
3092 driver->ttys = NULL;
fe6e29fd 3093 driver->termios = NULL;
7d7b93c1
AC		 3094 kfree(p);
3095 cdev_del(&driver->cdev);
3096 }
04831dc1 3097 kfree(driver->ports);
1da177e4
LT		 3098 kfree(driver);
3099}
3100
7d7b93c1
AC		 3101void tty_driver_kref_put(struct tty_driver *driver)
3102{
3103 kref_put(&driver->kref, destruct_tty_driver);
3104}
3105EXPORT_SYMBOL(tty_driver_kref_put);
3106
b68e31d0
JD		 3107void tty_set_operations(struct tty_driver *driver,
3108 const struct tty_operations *op)
1da177e4 3109{
f34d7a5b
AC		 3110 driver->ops = op;
3111};
7d7b93c1 3112EXPORT_SYMBOL(tty_set_operations);
1da177e4 3113
7d7b93c1
AC		 3114void put_tty_driver(struct tty_driver *d)
3115{
3116 tty_driver_kref_put(d);
3117}
1da177e4 3118EXPORT_SYMBOL(put_tty_driver);
1da177e4
LT		 3119
3120/*
3121 * Called by a tty driver to register itself.
3122 */
3123int tty_register_driver(struct tty_driver *driver)
3124{
3125 int error;
37bdfb07 3126 int i;
1da177e4
LT		 3127 dev_t dev;
3128 void **p = NULL;
b670bde0 3129 struct device *d;
1da177e4 3130
543691a6 3131 if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM) && driver->num) {
fe6e29fd 3132 p = kzalloc(driver->num * 2 * sizeof(void *), GFP_KERNEL);
1da177e4
LT		 3133 if (!p)
3134 return -ENOMEM;
1da177e4 3135 }
04831dc1
JS		 3136 /*
3137 * There is too many lines in PTY and we won't need the array there
3138 * since it has an ->install hook where it assigns ports properly.
3139 */
3140 if (driver->type != TTY_DRIVER_TYPE_PTY) {
3141 driver->ports = kcalloc(driver->num, sizeof(struct tty_port *),
3142 GFP_KERNEL);
3143 if (!driver->ports) {
3144 error = -ENOMEM;
3145 goto err_free_p;
3146 }
3147 }
1da177e4
LT		 3148
3149 if (!driver->major) {
37bdfb07
AC		 3150 error = alloc_chrdev_region(&dev, driver->minor_start,
3151 driver->num, driver->name);
1da177e4
LT		 3152 if (!error) {
3153 driver->major = MAJOR(dev);
3154 driver->minor_start = MINOR(dev);
3155 }
3156 } else {
3157 dev = MKDEV(driver->major, driver->minor_start);
e5717c48 3158 error = register_chrdev_region(dev, driver->num, driver->name);
1da177e4 3159 }
9bb8a3d4
JS		 3160 if (error < 0)
3161 goto err_free_p;
1da177e4
LT		 3162
3163 if (p) {
3164 driver->ttys = (struct tty_struct **)p;
edc6afc5 3165 driver->termios = (struct ktermios **)(p + driver->num);
1da177e4
LT		 3166 } else {
3167 driver->ttys = NULL;
3168 driver->termios = NULL;
1da177e4
LT		 3169 }
3170
3171 cdev_init(&driver->cdev, &tty_fops);
3172 driver->cdev.owner = driver->owner;
3173 error = cdev_add(&driver->cdev, dev, driver->num);
9bb8a3d4
JS		 3174 if (error)
3175 goto err_unreg_char;
1da177e4 3176
ca509f69 3177 mutex_lock(&tty_mutex);
1da177e4 3178 list_add(&driver->tty_drivers, &tty_drivers);
ca509f69 3179 mutex_unlock(&tty_mutex);
37bdfb07
AC		 3180
3181 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
b670bde0
VK		 3182 for (i = 0; i < driver->num; i++) {
3183 d = tty_register_device(driver, i, NULL);
3184 if (IS_ERR(d)) {
3185 error = PTR_ERR(d);
3186 goto err;
3187 }
3188 }
1da177e4
LT		 3189 }
3190 proc_tty_register_driver(driver);
7d7b93c1 3191 driver->flags |= TTY_DRIVER_INSTALLED;
1da177e4 3192 return 0;
b670bde0
VK		 3193
3194err:
3195 for (i--; i >= 0; i--)
3196 tty_unregister_device(driver, i);
3197
3198 mutex_lock(&tty_mutex);
3199 list_del(&driver->tty_drivers);
3200 mutex_unlock(&tty_mutex);
3201
9bb8a3d4 3202err_unreg_char:
b670bde0
VK		 3203 unregister_chrdev_region(dev, driver->num);
3204 driver->ttys = NULL;
3205 driver->termios = NULL;
04831dc1 3206err_free_p: /* destruct_tty_driver will free driver->ports */
b670bde0
VK		 3207 kfree(p);
3208 return error;
1da177e4 3209}
1da177e4
LT		 3210EXPORT_SYMBOL(tty_register_driver);
3211
3212/*
3213 * Called by a tty driver to unregister itself.
3214 */
3215int tty_unregister_driver(struct tty_driver *driver)
3216{
7d7b93c1
AC		 3217#if 0
3218 /* FIXME */
1da177e4
LT		 3219 if (driver->refcount)
3220 return -EBUSY;
7d7b93c1 3221#endif
1da177e4
LT		 3222 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3223 driver->num);
ca509f69 3224 mutex_lock(&tty_mutex);
1da177e4 3225 list_del(&driver->tty_drivers);
ca509f69 3226 mutex_unlock(&tty_mutex);
1da177e4
LT		 3227 return 0;
3228}
7d7b93c1 3229
1da177e4
LT		 3230EXPORT_SYMBOL(tty_unregister_driver);
3231
24ec839c
PZ		 3232dev_t tty_devnum(struct tty_struct *tty)
3233{
3234 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3235}
3236EXPORT_SYMBOL(tty_devnum);
3237
3238void proc_clear_tty(struct task_struct *p)
3239{
7c3b1dcf 3240 unsigned long flags;
9c9f4ded 3241 struct tty_struct *tty;
7c3b1dcf 3242 spin_lock_irqsave(&p->sighand->siglock, flags);
9c9f4ded 3243 tty = p->signal->tty;
24ec839c 3244 p->signal->tty = NULL;
7c3b1dcf 3245 spin_unlock_irqrestore(&p->sighand->siglock, flags);
9c9f4ded 3246 tty_kref_put(tty);
24ec839c 3247}
24ec839c 3248
47f86834
AC		 3249/* Called under the sighand lock */
3250
2a65f1d9 3251static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
24ec839c
PZ		 3252{
3253 if (tty) {
47f86834
AC		 3254 unsigned long flags;
3255 /* We should not have a session or pgrp to put here but.... */
3256 spin_lock_irqsave(&tty->ctrl_lock, flags);
d9c1e9a8
EB		 3257 put_pid(tty->session);
3258 put_pid(tty->pgrp);
ab521dc0 3259 tty->pgrp = get_pid(task_pgrp(tsk));
47f86834
AC		 3260 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
3261 tty->session = get_pid(task_session(tsk));
9c9f4ded
AC		 3262 if (tsk->signal->tty) {
3263 printk(KERN_DEBUG "tty not NULL!!\n");
3264 tty_kref_put(tsk->signal->tty);
3265 }
24ec839c 3266 }
2a65f1d9 3267 put_pid(tsk->signal->tty_old_pgrp);
9c9f4ded 3268 tsk->signal->tty = tty_kref_get(tty);
ab521dc0 3269 tsk->signal->tty_old_pgrp = NULL;
24ec839c
PZ		 3270}
3271
98a27ba4 3272static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
24ec839c
PZ		 3273{
3274 spin_lock_irq(&tsk->sighand->siglock);
2a65f1d9 3275 __proc_set_tty(tsk, tty);
24ec839c
PZ		 3276 spin_unlock_irq(&tsk->sighand->siglock);
3277}
3278
3279struct tty_struct *get_current_tty(void)
3280{
3281 struct tty_struct *tty;
934e6ebf
AC		 3282 unsigned long flags;
3283
3284 spin_lock_irqsave(&current->sighand->siglock, flags);
452a00d2 3285 tty = tty_kref_get(current->signal->tty);
934e6ebf 3286 spin_unlock_irqrestore(&current->sighand->siglock, flags);
24ec839c
PZ		 3287 return tty;
3288}
a311f743 3289EXPORT_SYMBOL_GPL(get_current_tty);
1da177e4 3290
d81ed103
AC		 3291void tty_default_fops(struct file_operations *fops)
3292{
3293 *fops = tty_fops;
3294}
3295
1da177e4
LT		 3296/*
3297 * Initialize the console device. This is called *early*, so
3298 * we can't necessarily depend on lots of kernel help here.
3299 * Just do some early initializations, and do the complex setup
3300 * later.
3301 */
3302void __init console_init(void)
3303{
3304 initcall_t *call;
3305
3306 /* Setup the default TTY line discipline. */
01e1abb2 3307 tty_ldisc_begin();
1da177e4
LT		 3308
3309 /*
37bdfb07 3310 * set up the console device so that later boot sequences can
1da177e4
LT		 3311 * inform about problems etc..
3312 */
1da177e4
LT		 3313 call = __con_initcall_start;
3314 while (call < __con_initcall_end) {
3315 (*call)();
3316 call++;
3317 }
3318}
3319
2c9ede55 3320static char *tty_devnode(struct device *dev, umode_t *mode)
e454cea2
KS		 3321{
3322 if (!mode)
3323 return NULL;
3324 if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) ||
3325 dev->devt == MKDEV(TTYAUX_MAJOR, 2))
3326 *mode = 0666;
3327 return NULL;
3328}
3329
1da177e4
LT		 3330static int __init tty_class_init(void)
3331{
7fe845d1 3332 tty_class = class_create(THIS_MODULE, "tty");
1da177e4
LT		 3333 if (IS_ERR(tty_class))
3334 return PTR_ERR(tty_class);
e454cea2 3335 tty_class->devnode = tty_devnode;
1da177e4
LT		 3336 return 0;
3337}
3338
3339postcore_initcall(tty_class_init);
3340
3341/* 3/2004 jmc: why do these devices exist? */
1da177e4 3342static struct cdev tty_cdev, console_cdev;
1da177e4 3343
fbc92a34
KS		 3344static ssize_t show_cons_active(struct device *dev,
3345 struct device_attribute *attr, char *buf)
3346{
3347 struct console *cs[16];
3348 int i = 0;
3349 struct console *c;
3350 ssize_t count = 0;
3351
ac751efa 3352 console_lock();
a2a6a822 3353 for_each_console(c) {
fbc92a34
KS		 3354 if (!c->device)
3355 continue;
3356 if (!c->write)
3357 continue;
3358 if ((c->flags & CON_ENABLED) == 0)
3359 continue;
3360 cs[i++] = c;
3361 if (i >= ARRAY_SIZE(cs))
3362 break;
3363 }
3364 while (i--)
3365 count += sprintf(buf + count, "%s%d%c",
3366 cs[i]->name, cs[i]->index, i ? ' ':'\n');
ac751efa 3367 console_unlock();
fbc92a34
KS		 3368
3369 return count;
3370}
3371static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL);
3372
3373static struct device *consdev;
3374
3375void console_sysfs_notify(void)
3376{
3377 if (consdev)
3378 sysfs_notify(&consdev->kobj, NULL, "active");
3379}
3380
1da177e4
LT		 3381/*
3382 * Ok, now we can initialize the rest of the tty devices and can count
3383 * on memory allocations, interrupts etc..
3384 */
31d1d48e 3385int __init tty_init(void)
1da177e4
LT		 3386{
3387 cdev_init(&tty_cdev, &tty_fops);
3388 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3389 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3390 panic("Couldn't register /dev/tty driver\n");
fbc92a34 3391 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty");
1da177e4
LT		 3392
3393 cdev_init(&console_cdev, &console_fops);
3394 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3395 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3396 panic("Couldn't register /dev/console driver\n");
fbc92a34 3397 consdev = device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), NULL,
47aa5793 3398 "console");
fbc92a34
KS		 3399 if (IS_ERR(consdev))
3400 consdev = NULL;
3401 else
a2a6a822 3402 WARN_ON(device_create_file(consdev, &dev_attr_active) < 0);
1da177e4 3403
1da177e4 3404#ifdef CONFIG_VT
d81ed103 3405 vty_init(&console_fops);
1da177e4
LT		 3406#endif
3407 return 0;
3408}
31d1d48e 3409
Linux 6.x block layer and io_uring tree(s)