projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
kgdb: core
[linux-2.6-block.git] / drivers / char / tty_io.c
CommitLineData
1da177e4
LT		 1/*
2 * linux/drivers/char/tty_io.c
3 *
4 * Copyright (C) 1991, 1992 Linus Torvalds
5 */
6
7/*
8 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
9 * or rs-channels. It also implements echoing, cooked mode etc.
10 *
11 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
12 *
13 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
14 * tty_struct and tty_queue structures. Previously there was an array
15 * of 256 tty_struct's which was statically allocated, and the
16 * tty_queue structures were allocated at boot time. Both are now
17 * dynamically allocated only when the tty is open.
18 *
19 * Also restructured routines so that there is more of a separation
20 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
21 * the low-level tty routines (serial.c, pty.c, console.c). This
37bdfb07 22 * makes for cleaner and more compact code. -TYT, 9/17/92
1da177e4
LT		 23 *
24 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
25 * which can be dynamically activated and de-activated by the line
26 * discipline handling modules (like SLIP).
27 *
28 * NOTE: pay no attention to the line discipline code (yet); its
29 * interface is still subject to change in this version...
30 * -- TYT, 1/31/92
31 *
32 * Added functionality to the OPOST tty handling. No delays, but all
33 * other bits should be there.
34 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
35 *
36 * Rewrote canonical mode and added more termios flags.
37 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
38 *
39 * Reorganized FASYNC support so mouse code can share it.
40 * -- ctm@ardi.com, 9Sep95
41 *
42 * New TIOCLINUX variants added.
43 * -- mj@k332.feld.cvut.cz, 19-Nov-95
37bdfb07 44 *
1da177e4
LT		 45 * Restrict vt switching via ioctl()
46 * -- grif@cs.ucr.edu, 5-Dec-95
47 *
48 * Move console and virtual terminal code to more appropriate files,
49 * implement CONFIG_VT and generalize console device interface.
50 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
51 *
52 * Rewrote init_dev and release_dev to eliminate races.
53 * -- Bill Hawes <whawes@star.net>, June 97
54 *
55 * Added devfs support.
56 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
57 *
58 * Added support for a Unix98-style ptmx device.
59 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
60 *
61 * Reduced memory usage for older ARM systems
62 * -- Russell King <rmk@arm.linux.org.uk>
63 *
64 * Move do_SAK() into process context. Less stack use in devfs functions.
37bdfb07
AC		 65 * alloc_tty_struct() always uses kmalloc()
66 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
1da177e4
LT		 67 */
68
1da177e4
LT		 69#include <linux/types.h>
70#include <linux/major.h>
71#include <linux/errno.h>
72#include <linux/signal.h>
73#include <linux/fcntl.h>
74#include <linux/sched.h>
75#include <linux/interrupt.h>
76#include <linux/tty.h>
77#include <linux/tty_driver.h>
78#include <linux/tty_flip.h>
79#include <linux/devpts_fs.h>
80#include <linux/file.h>
81#include <linux/console.h>
82#include <linux/timer.h>
83#include <linux/ctype.h>
84#include <linux/kd.h>
85#include <linux/mm.h>
86#include <linux/string.h>
87#include <linux/slab.h>
88#include <linux/poll.h>
89#include <linux/proc_fs.h>
90#include <linux/init.h>
91#include <linux/module.h>
92#include <linux/smp_lock.h>
93#include <linux/device.h>
94#include <linux/idr.h>
95#include <linux/wait.h>
96#include <linux/bitops.h>
b20f3ae5 97#include <linux/delay.h>
1da177e4
LT		 98
99#include <asm/uaccess.h>
100#include <asm/system.h>
101
102#include <linux/kbd_kern.h>
103#include <linux/vt_kern.h>
104#include <linux/selection.h>
1da177e4
LT		 105
106#include <linux/kmod.h>
b488893a 107#include <linux/nsproxy.h>
1da177e4
LT		 108
109#undef TTY_DEBUG_HANGUP
110
111#define TTY_PARANOIA_CHECK 1
112#define CHECK_TTY_COUNT 1
113
edc6afc5 114struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
1da177e4
LT		 115 .c_iflag = ICRNL | IXON,
116 .c_oflag = OPOST | ONLCR,
117 .c_cflag = B38400 | CS8 | CREAD | HUPCL,
118 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
119 ECHOCTL | ECHOKE | IEXTEN,
edc6afc5
AC		 120 .c_cc = INIT_C_CC,
121 .c_ispeed = 38400,
122 .c_ospeed = 38400
1da177e4
LT		 123};
124
125EXPORT_SYMBOL(tty_std_termios);
126
127/* This list gets poked at by procfs and various bits of boot up code. This
128 could do with some rationalisation such as pulling the tty proc function
129 into this file */
37bdfb07 130
1da177e4
LT		 131LIST_HEAD(tty_drivers); /* linked list of tty drivers */
132
24ec839c 133/* Mutex to protect creating and releasing a tty. This is shared with
1da177e4 134 vt.c for deeply disgusting hack reasons */
70522e12 135DEFINE_MUTEX(tty_mutex);
de2a84f2 136EXPORT_SYMBOL(tty_mutex);
1da177e4
LT		 137
138#ifdef CONFIG_UNIX98_PTYS
139extern struct tty_driver *ptm_driver; /* Unix98 pty masters; for /dev/ptmx */
37bdfb07 140extern int pty_limit; /* Config limit on Unix98 ptys */
1da177e4 141static DEFINE_IDR(allocated_ptys);
a6752f3f 142static DEFINE_MUTEX(allocated_ptys_lock);
1da177e4
LT		 143static int ptmx_open(struct inode *, struct file *);
144#endif
145
1da177e4
LT		 146static void initialize_tty_struct(struct tty_struct *tty);
147
148static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
149static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
37bdfb07
AC		 150ssize_t redirected_tty_write(struct file *, const char __user *,
151 size_t, loff_t *);
1da177e4
LT		 152static unsigned int tty_poll(struct file *, poll_table *);
153static int tty_open(struct inode *, struct file *);
154static int tty_release(struct inode *, struct file *);
37bdfb07 155int tty_ioctl(struct inode *inode, struct file *file,
1da177e4 156 unsigned int cmd, unsigned long arg);
e10cc1df 157#ifdef CONFIG_COMPAT
37bdfb07 158static long tty_compat_ioctl(struct file *file, unsigned int cmd,
e10cc1df
PF		 159 unsigned long arg);
160#else
161#define tty_compat_ioctl NULL
162#endif
37bdfb07 163static int tty_fasync(int fd, struct file *filp, int on);
d5698c28 164static void release_tty(struct tty_struct *tty, int idx);
2a65f1d9 165static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
98a27ba4 166static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
1da177e4 167
af9b897e
AC		 168/**
169 * alloc_tty_struct - allocate a tty object
170 *
171 * Return a new empty tty structure. The data fields have not
172 * been initialized in any way but has been zeroed
173 *
174 * Locking: none
af9b897e 175 */
1da177e4
LT		 176
177static struct tty_struct *alloc_tty_struct(void)
178{
1266b1e1 179 return kzalloc(sizeof(struct tty_struct), GFP_KERNEL);
1da177e4
LT		 180}
181
33f0f88f
AC		 182static void tty_buffer_free_all(struct tty_struct *);
183
af9b897e
AC		 184/**
185 * free_tty_struct - free a disused tty
186 * @tty: tty struct to free
187 *
188 * Free the write buffers, tty queue and tty memory itself.
189 *
190 * Locking: none. Must be called after tty is definitely unused
191 */
192
1da177e4
LT		 193static inline void free_tty_struct(struct tty_struct *tty)
194{
195 kfree(tty->write_buf);
33f0f88f 196 tty_buffer_free_all(tty);
1da177e4
LT		 197 kfree(tty);
198}
199
200#define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
201
af9b897e
AC		 202/**
203 * tty_name - return tty naming
204 * @tty: tty structure
205 * @buf: buffer for output
206 *
207 * Convert a tty structure into a name. The name reflects the kernel
208 * naming policy and if udev is in use may not reflect user space
209 *
210 * Locking: none
211 */
212
1da177e4
LT		 213char *tty_name(struct tty_struct *tty, char *buf)
214{
215 if (!tty) /* Hmm. NULL pointer. That's fun. */
216 strcpy(buf, "NULL tty");
217 else
218 strcpy(buf, tty->name);
219 return buf;
220}
221
222EXPORT_SYMBOL(tty_name);
223
d769a669 224int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
1da177e4
LT		 225 const char *routine)
226{
227#ifdef TTY_PARANOIA_CHECK
228 if (!tty) {
229 printk(KERN_WARNING
230 "null TTY for (%d:%d) in %s\n",
231 imajor(inode), iminor(inode), routine);
232 return 1;
233 }
234 if (tty->magic != TTY_MAGIC) {
235 printk(KERN_WARNING
236 "bad magic number for tty struct (%d:%d) in %s\n",
237 imajor(inode), iminor(inode), routine);
238 return 1;
239 }
240#endif
241 return 0;
242}
243
244static int check_tty_count(struct tty_struct *tty, const char *routine)
245{
246#ifdef CHECK_TTY_COUNT
247 struct list_head *p;
248 int count = 0;
37bdfb07 249
1da177e4
LT		 250 file_list_lock();
251 list_for_each(p, &tty->tty_files) {
252 count++;
253 }
254 file_list_unlock();
255 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
256 tty->driver->subtype == PTY_TYPE_SLAVE &&
257 tty->link && tty->link->count)
258 count++;
259 if (tty->count != count) {
260 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
261 "!= #fd's(%d) in %s\n",
262 tty->name, tty->count, count, routine);
263 return count;
24ec839c 264 }
1da177e4
LT		 265#endif
266 return 0;
267}
268
33f0f88f
AC		 269/*
270 * Tty buffer allocation management
271 */
272
af9b897e
AC		 273/**
274 * tty_buffer_free_all - free buffers used by a tty
275 * @tty: tty to free from
276 *
277 * Remove all the buffers pending on a tty whether queued with data
278 * or in the free ring. Must be called when the tty is no longer in use
279 *
280 * Locking: none
281 */
282
33f0f88f
AC		 283static void tty_buffer_free_all(struct tty_struct *tty)
284{
285 struct tty_buffer *thead;
37bdfb07 286 while ((thead = tty->buf.head) != NULL) {
33f0f88f
AC		 287 tty->buf.head = thead->next;
288 kfree(thead);
289 }
37bdfb07 290 while ((thead = tty->buf.free) != NULL) {
33f0f88f
AC		 291 tty->buf.free = thead->next;
292 kfree(thead);
293 }
294 tty->buf.tail = NULL;
01da5fd8 295 tty->buf.memory_used = 0;
33f0f88f
AC		 296}
297
01da5fd8
AC		 298/**
299 * tty_buffer_init - prepare a tty buffer structure
300 * @tty: tty to initialise
301 *
302 * Set up the initial state of the buffer management for a tty device.
303 * Must be called before the other tty buffer functions are used.
304 *
305 * Locking: none
306 */
307
33f0f88f
AC		 308static void tty_buffer_init(struct tty_struct *tty)
309{
808249ce 310 spin_lock_init(&tty->buf.lock);
33f0f88f
AC		 311 tty->buf.head = NULL;
312 tty->buf.tail = NULL;
313 tty->buf.free = NULL;
01da5fd8 314 tty->buf.memory_used = 0;
33f0f88f
AC		 315}
316
01da5fd8
AC		 317/**
318 * tty_buffer_alloc - allocate a tty buffer
319 * @tty: tty device
320 * @size: desired size (characters)
321 *
322 * Allocate a new tty buffer to hold the desired number of characters.
323 * Return NULL if out of memory or the allocation would exceed the
324 * per device queue
325 *
326 * Locking: Caller must hold tty->buf.lock
327 */
328
329static struct tty_buffer *tty_buffer_alloc(struct tty_struct *tty, size_t size)
33f0f88f 330{
01da5fd8
AC		 331 struct tty_buffer *p;
332
333 if (tty->buf.memory_used + size > 65536)
334 return NULL;
335 p = kmalloc(sizeof(struct tty_buffer) + 2 * size, GFP_ATOMIC);
37bdfb07 336 if (p == NULL)
33f0f88f
AC		 337 return NULL;
338 p->used = 0;
339 p->size = size;
340 p->next = NULL;
8977d929
PF		 341 p->commit = 0;
342 p->read = 0;
33f0f88f
AC		 343 p->char_buf_ptr = (char *)(p->data);
344 p->flag_buf_ptr = (unsigned char *)p->char_buf_ptr + size;
01da5fd8 345 tty->buf.memory_used += size;
33f0f88f
AC		 346 return p;
347}
348
01da5fd8
AC		 349/**
350 * tty_buffer_free - free a tty buffer
351 * @tty: tty owning the buffer
352 * @b: the buffer to free
353 *
354 * Free a tty buffer, or add it to the free list according to our
355 * internal strategy
356 *
357 * Locking: Caller must hold tty->buf.lock
358 */
33f0f88f
AC		 359
360static void tty_buffer_free(struct tty_struct *tty, struct tty_buffer *b)
361{
362 /* Dumb strategy for now - should keep some stats */
01da5fd8
AC		 363 tty->buf.memory_used -= b->size;
364 WARN_ON(tty->buf.memory_used < 0);
365
37bdfb07 366 if (b->size >= 512)
33f0f88f
AC		 367 kfree(b);
368 else {
369 b->next = tty->buf.free;
370 tty->buf.free = b;
371 }
372}
373
c5c34d48 374/**
42fd552e 375 * __tty_buffer_flush - flush full tty buffers
c5c34d48
PF		 376 * @tty: tty to flush
377 *
42fd552e
AC		 378 * flush all the buffers containing receive data. Caller must
379 * hold the buffer lock and must have ensured no parallel flush to
380 * ldisc is running.
c5c34d48 381 *
42fd552e 382 * Locking: Caller must hold tty->buf.lock
c5c34d48
PF		 383 */
384
42fd552e 385static void __tty_buffer_flush(struct tty_struct *tty)
c5c34d48
PF		 386{
387 struct tty_buffer *thead;
c5c34d48 388
37bdfb07 389 while ((thead = tty->buf.head) != NULL) {
c5c34d48
PF		 390 tty->buf.head = thead->next;
391 tty_buffer_free(tty, thead);
392 }
393 tty->buf.tail = NULL;
42fd552e
AC		 394}
395
396/**
397 * tty_buffer_flush - flush full tty buffers
398 * @tty: tty to flush
399 *
400 * flush all the buffers containing receive data. If the buffer is
401 * being processed by flush_to_ldisc then we defer the processing
402 * to that function
403 *
404 * Locking: none
405 */
406
407static void tty_buffer_flush(struct tty_struct *tty)
408{
409 unsigned long flags;
410 spin_lock_irqsave(&tty->buf.lock, flags);
411
412 /* If the data is being pushed to the tty layer then we can't
413 process it here. Instead set a flag and the flush_to_ldisc
414 path will process the flush request before it exits */
415 if (test_bit(TTY_FLUSHING, &tty->flags)) {
416 set_bit(TTY_FLUSHPENDING, &tty->flags);
417 spin_unlock_irqrestore(&tty->buf.lock, flags);
418 wait_event(tty->read_wait,
419 test_bit(TTY_FLUSHPENDING, &tty->flags) == 0);
420 return;
421 } else
422 __tty_buffer_flush(tty);
c5c34d48
PF		 423 spin_unlock_irqrestore(&tty->buf.lock, flags);
424}
425
01da5fd8
AC		 426/**
427 * tty_buffer_find - find a free tty buffer
428 * @tty: tty owning the buffer
429 * @size: characters wanted
430 *
431 * Locate an existing suitable tty buffer or if we are lacking one then
432 * allocate a new one. We round our buffers off in 256 character chunks
433 * to get better allocation behaviour.
434 *
435 * Locking: Caller must hold tty->buf.lock
436 */
437
33f0f88f
AC		 438static struct tty_buffer *tty_buffer_find(struct tty_struct *tty, size_t size)
439{
440 struct tty_buffer **tbh = &tty->buf.free;
37bdfb07 441 while ((*tbh) != NULL) {
33f0f88f 442 struct tty_buffer *t = *tbh;
37bdfb07 443 if (t->size >= size) {
33f0f88f
AC		 444 *tbh = t->next;
445 t->next = NULL;
446 t->used = 0;
8977d929
PF		 447 t->commit = 0;
448 t->read = 0;
01da5fd8 449 tty->buf.memory_used += t->size;
33f0f88f
AC		 450 return t;
451 }
452 tbh = &((*tbh)->next);
453 }
454 /* Round the buffer size out */
37bdfb07 455 size = (size + 0xFF) & ~0xFF;
01da5fd8 456 return tty_buffer_alloc(tty, size);
33f0f88f
AC		 457 /* Should possibly check if this fails for the largest buffer we
458 have queued and recycle that ? */
459}
460
01da5fd8
AC		 461/**
462 * tty_buffer_request_room - grow tty buffer if needed
463 * @tty: tty structure
464 * @size: size desired
465 *
466 * Make at least size bytes of linear space available for the tty
467 * buffer. If we fail return the size we managed to find.
468 *
469 * Locking: Takes tty->buf.lock
470 */
33f0f88f
AC		 471int tty_buffer_request_room(struct tty_struct *tty, size_t size)
472{
808249ce
PF		 473 struct tty_buffer *b, *n;
474 int left;
475 unsigned long flags;
476
477 spin_lock_irqsave(&tty->buf.lock, flags);
33f0f88f
AC		 478
479 /* OPTIMISATION: We could keep a per tty "zero" sized buffer to
480 remove this conditional if its worth it. This would be invisible
481 to the callers */
33b37a33 482 if ((b = tty->buf.tail) != NULL)
33f0f88f 483 left = b->size - b->used;
33b37a33 484 else
808249ce
PF		 485 left = 0;
486
487 if (left < size) {
488 /* This is the slow path - looking for new buffers to use */
489 if ((n = tty_buffer_find(tty, size)) != NULL) {
490 if (b != NULL) {
491 b->next = n;
8977d929 492 b->commit = b->used;
808249ce
PF		 493 } else
494 tty->buf.head = n;
495 tty->buf.tail = n;
808249ce
PF		 496 } else
497 size = left;
498 }
499
500 spin_unlock_irqrestore(&tty->buf.lock, flags);
33f0f88f
AC		 501 return size;
502}
33f0f88f
AC		 503EXPORT_SYMBOL_GPL(tty_buffer_request_room);
504
af9b897e
AC		 505/**
506 * tty_insert_flip_string - Add characters to the tty buffer
507 * @tty: tty structure
508 * @chars: characters
509 * @size: size
510 *
511 * Queue a series of bytes to the tty buffering. All the characters
512 * passed are marked as without error. Returns the number added.
513 *
514 * Locking: Called functions may take tty->buf.lock
515 */
516
e1a25090
AM		 517int tty_insert_flip_string(struct tty_struct *tty, const unsigned char *chars,
518 size_t size)
33f0f88f
AC		 519{
520 int copied = 0;
521 do {
522 int space = tty_buffer_request_room(tty, size - copied);
523 struct tty_buffer *tb = tty->buf.tail;
524 /* If there is no space then tb may be NULL */
37bdfb07 525 if (unlikely(space == 0))
33f0f88f
AC		 526 break;
527 memcpy(tb->char_buf_ptr + tb->used, chars, space);
528 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
529 tb->used += space;
530 copied += space;
531 chars += space;
527063ba
AD		 532 /* There is a small chance that we need to split the data over
533 several buffers. If this is the case we must loop */
534 } while (unlikely(size > copied));
33f0f88f
AC		 535 return copied;
536}
ee37df78 537EXPORT_SYMBOL(tty_insert_flip_string);
33f0f88f 538
af9b897e
AC		 539/**
540 * tty_insert_flip_string_flags - Add characters to the tty buffer
541 * @tty: tty structure
542 * @chars: characters
543 * @flags: flag bytes
544 * @size: size
545 *
546 * Queue a series of bytes to the tty buffering. For each character
547 * the flags array indicates the status of the character. Returns the
548 * number added.
549 *
550 * Locking: Called functions may take tty->buf.lock
551 */
552
e1a25090
AM		 553int tty_insert_flip_string_flags(struct tty_struct *tty,
554 const unsigned char *chars, const char *flags, size_t size)
33f0f88f
AC		 555{
556 int copied = 0;
557 do {
558 int space = tty_buffer_request_room(tty, size - copied);
559 struct tty_buffer *tb = tty->buf.tail;
560 /* If there is no space then tb may be NULL */
37bdfb07 561 if (unlikely(space == 0))
33f0f88f
AC		 562 break;
563 memcpy(tb->char_buf_ptr + tb->used, chars, space);
564 memcpy(tb->flag_buf_ptr + tb->used, flags, space);
565 tb->used += space;
566 copied += space;
567 chars += space;
568 flags += space;
527063ba
AD		 569 /* There is a small chance that we need to split the data over
570 several buffers. If this is the case we must loop */
571 } while (unlikely(size > copied));
33f0f88f
AC		 572 return copied;
573}
ff4547f4 574EXPORT_SYMBOL(tty_insert_flip_string_flags);
33f0f88f 575
af9b897e
AC		 576/**
577 * tty_schedule_flip - push characters to ldisc
578 * @tty: tty to push from
579 *
580 * Takes any pending buffers and transfers their ownership to the
581 * ldisc side of the queue. It then schedules those characters for
582 * processing by the line discipline.
583 *
584 * Locking: Takes tty->buf.lock
585 */
586
e1a25090
AM		 587void tty_schedule_flip(struct tty_struct *tty)
588{
589 unsigned long flags;
590 spin_lock_irqsave(&tty->buf.lock, flags);
33b37a33 591 if (tty->buf.tail != NULL)
e1a25090 592 tty->buf.tail->commit = tty->buf.tail->used;
e1a25090
AM		 593 spin_unlock_irqrestore(&tty->buf.lock, flags);
594 schedule_delayed_work(&tty->buf.work, 1);
595}
596EXPORT_SYMBOL(tty_schedule_flip);
33f0f88f 597
af9b897e
AC		 598/**
599 * tty_prepare_flip_string - make room for characters
600 * @tty: tty
601 * @chars: return pointer for character write area
602 * @size: desired size
603 *
33f0f88f
AC		 604 * Prepare a block of space in the buffer for data. Returns the length
605 * available and buffer pointer to the space which is now allocated and
606 * accounted for as ready for normal characters. This is used for drivers
607 * that need their own block copy routines into the buffer. There is no
608 * guarantee the buffer is a DMA target!
af9b897e
AC		 609 *
610 * Locking: May call functions taking tty->buf.lock
33f0f88f
AC		 611 */
612
37bdfb07
AC		 613int tty_prepare_flip_string(struct tty_struct *tty, unsigned char **chars,
614 size_t size)
33f0f88f
AC		 615{
616 int space = tty_buffer_request_room(tty, size);
808249ce
PF		 617 if (likely(space)) {
618 struct tty_buffer *tb = tty->buf.tail;
619 *chars = tb->char_buf_ptr + tb->used;
620 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
621 tb->used += space;
622 }
33f0f88f
AC		 623 return space;
624}
625
626EXPORT_SYMBOL_GPL(tty_prepare_flip_string);
627
af9b897e
AC		 628/**
629 * tty_prepare_flip_string_flags - make room for characters
630 * @tty: tty
631 * @chars: return pointer for character write area
632 * @flags: return pointer for status flag write area
633 * @size: desired size
634 *
33f0f88f
AC		 635 * Prepare a block of space in the buffer for data. Returns the length
636 * available and buffer pointer to the space which is now allocated and
637 * accounted for as ready for characters. This is used for drivers
638 * that need their own block copy routines into the buffer. There is no
639 * guarantee the buffer is a DMA target!
af9b897e
AC		 640 *
641 * Locking: May call functions taking tty->buf.lock
33f0f88f
AC		 642 */
643
37bdfb07
AC		 644int tty_prepare_flip_string_flags(struct tty_struct *tty,
645 unsigned char **chars, char **flags, size_t size)
33f0f88f
AC		 646{
647 int space = tty_buffer_request_room(tty, size);
808249ce
PF		 648 if (likely(space)) {
649 struct tty_buffer *tb = tty->buf.tail;
650 *chars = tb->char_buf_ptr + tb->used;
651 *flags = tb->flag_buf_ptr + tb->used;
652 tb->used += space;
653 }
33f0f88f
AC		 654 return space;
655}
656
657EXPORT_SYMBOL_GPL(tty_prepare_flip_string_flags);
658
659
660
af9b897e
AC		 661/**
662 * tty_set_termios_ldisc - set ldisc field
663 * @tty: tty structure
664 * @num: line discipline number
665 *
1da177e4 666 * This is probably overkill for real world processors but
37bdfb07 667 * they are not on hot paths so a little discipline won't do
1da177e4 668 * any harm.
af9b897e 669 *
24ec839c 670 * Locking: takes termios_mutex
1da177e4 671 */
37bdfb07 672
1da177e4
LT		 673static void tty_set_termios_ldisc(struct tty_struct *tty, int num)
674{
5785c95b 675 mutex_lock(&tty->termios_mutex);
1da177e4 676 tty->termios->c_line = num;
5785c95b 677 mutex_unlock(&tty->termios_mutex);
1da177e4
LT		 678}
679
680/*
681 * This guards the refcounted line discipline lists. The lock
682 * must be taken with irqs off because there are hangup path
683 * callers who will do ldisc lookups and cannot sleep.
684 */
37bdfb07 685
1da177e4
LT		 686static DEFINE_SPINLOCK(tty_ldisc_lock);
687static DECLARE_WAIT_QUEUE_HEAD(tty_ldisc_wait);
37bdfb07
AC		 688/* Line disc dispatch table */
689static struct tty_ldisc tty_ldiscs[NR_LDISCS];
1da177e4 690
af9b897e
AC		 691/**
692 * tty_register_ldisc - install a line discipline
693 * @disc: ldisc number
694 * @new_ldisc: pointer to the ldisc object
695 *
696 * Installs a new line discipline into the kernel. The discipline
697 * is set up as unreferenced and then made available to the kernel
698 * from this point onwards.
699 *
700 * Locking:
701 * takes tty_ldisc_lock to guard against ldisc races
702 */
703
1da177e4
LT		 704int tty_register_ldisc(int disc, struct tty_ldisc *new_ldisc)
705{
706 unsigned long flags;
707 int ret = 0;
37bdfb07 708
1da177e4
LT		 709 if (disc < N_TTY || disc >= NR_LDISCS)
710 return -EINVAL;
37bdfb07 711
1da177e4 712 spin_lock_irqsave(&tty_ldisc_lock, flags);
bfb07599
AD		 713 tty_ldiscs[disc] = *new_ldisc;
714 tty_ldiscs[disc].num = disc;
715 tty_ldiscs[disc].flags |= LDISC_FLAG_DEFINED;
716 tty_ldiscs[disc].refcount = 0;
1da177e4 717 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
37bdfb07 718
1da177e4
LT		 719 return ret;
720}
1da177e4
LT		 721EXPORT_SYMBOL(tty_register_ldisc);
722
af9b897e
AC		 723/**
724 * tty_unregister_ldisc - unload a line discipline
725 * @disc: ldisc number
726 * @new_ldisc: pointer to the ldisc object
727 *
728 * Remove a line discipline from the kernel providing it is not
729 * currently in use.
730 *
731 * Locking:
732 * takes tty_ldisc_lock to guard against ldisc races
733 */
734
bfb07599
AD		 735int tty_unregister_ldisc(int disc)
736{
737 unsigned long flags;
738 int ret = 0;
739
740 if (disc < N_TTY || disc >= NR_LDISCS)
741 return -EINVAL;
742
743 spin_lock_irqsave(&tty_ldisc_lock, flags);
744 if (tty_ldiscs[disc].refcount)
745 ret = -EBUSY;
746 else
747 tty_ldiscs[disc].flags &= ~LDISC_FLAG_DEFINED;
748 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
749
750 return ret;
751}
752EXPORT_SYMBOL(tty_unregister_ldisc);
753
af9b897e
AC		 754/**
755 * tty_ldisc_get - take a reference to an ldisc
756 * @disc: ldisc number
757 *
758 * Takes a reference to a line discipline. Deals with refcounts and
759 * module locking counts. Returns NULL if the discipline is not available.
760 * Returns a pointer to the discipline and bumps the ref count if it is
761 * available
762 *
763 * Locking:
764 * takes tty_ldisc_lock to guard against ldisc races
765 */
766
1da177e4
LT		 767struct tty_ldisc *tty_ldisc_get(int disc)
768{
769 unsigned long flags;
770 struct tty_ldisc *ld;
771
772 if (disc < N_TTY || disc >= NR_LDISCS)
773 return NULL;
37bdfb07 774
1da177e4
LT		 775 spin_lock_irqsave(&tty_ldisc_lock, flags);
776
777 ld = &tty_ldiscs[disc];
778 /* Check the entry is defined */
37bdfb07 779 if (ld->flags & LDISC_FLAG_DEFINED) {
1da177e4
LT		 780 /* If the module is being unloaded we can't use it */
781 if (!try_module_get(ld->owner))
37bdfb07 782 ld = NULL;
1da177e4
LT		 783 else /* lock it */
784 ld->refcount++;
37bdfb07 785 } else
1da177e4
LT		 786 ld = NULL;
787 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
788 return ld;
789}
790
791EXPORT_SYMBOL_GPL(tty_ldisc_get);
792
af9b897e
AC		 793/**
794 * tty_ldisc_put - drop ldisc reference
795 * @disc: ldisc number
796 *
797 * Drop a reference to a line discipline. Manage refcounts and
798 * module usage counts
799 *
800 * Locking:
801 * takes tty_ldisc_lock to guard against ldisc races
802 */
803
1da177e4
LT		 804void tty_ldisc_put(int disc)
805{
806 struct tty_ldisc *ld;
807 unsigned long flags;
37bdfb07 808
56ee4827 809 BUG_ON(disc < N_TTY || disc >= NR_LDISCS);
37bdfb07 810
1da177e4
LT		 811 spin_lock_irqsave(&tty_ldisc_lock, flags);
812 ld = &tty_ldiscs[disc];
56ee4827
ES		 813 BUG_ON(ld->refcount == 0);
814 ld->refcount--;
1da177e4
LT		 815 module_put(ld->owner);
816 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
817}
37bdfb07 818
1da177e4
LT		 819EXPORT_SYMBOL_GPL(tty_ldisc_put);
820
af9b897e
AC		 821/**
822 * tty_ldisc_assign - set ldisc on a tty
823 * @tty: tty to assign
824 * @ld: line discipline
825 *
826 * Install an instance of a line discipline into a tty structure. The
827 * ldisc must have a reference count above zero to ensure it remains/
828 * The tty instance refcount starts at zero.
829 *
830 * Locking:
831 * Caller must hold references
832 */
833
1da177e4
LT		 834static void tty_ldisc_assign(struct tty_struct *tty, struct tty_ldisc *ld)
835{
836 tty->ldisc = *ld;
837 tty->ldisc.refcount = 0;
838}
839
840/**
841 * tty_ldisc_try - internal helper
842 * @tty: the tty
843 *
844 * Make a single attempt to grab and bump the refcount on
845 * the tty ldisc. Return 0 on failure or 1 on success. This is
846 * used to implement both the waiting and non waiting versions
847 * of tty_ldisc_ref
af9b897e
AC		 848 *
849 * Locking: takes tty_ldisc_lock
1da177e4
LT		 850 */
851
852static int tty_ldisc_try(struct tty_struct *tty)
853{
854 unsigned long flags;
855 struct tty_ldisc *ld;
856 int ret = 0;
37bdfb07 857
1da177e4
LT		 858 spin_lock_irqsave(&tty_ldisc_lock, flags);
859 ld = &tty->ldisc;
37bdfb07 860 if (test_bit(TTY_LDISC, &tty->flags)) {
1da177e4
LT		 861 ld->refcount++;
862 ret = 1;
863 }
864 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
865 return ret;
866}
867
868/**
869 * tty_ldisc_ref_wait - wait for the tty ldisc
870 * @tty: tty device
871 *
37bdfb07
AC		 872 * Dereference the line discipline for the terminal and take a
873 * reference to it. If the line discipline is in flux then
1da177e4
LT		 874 * wait patiently until it changes.
875 *
876 * Note: Must not be called from an IRQ/timer context. The caller
877 * must also be careful not to hold other locks that will deadlock
878 * against a discipline change, such as an existing ldisc reference
879 * (which we check for)
af9b897e
AC		 880 *
881 * Locking: call functions take tty_ldisc_lock
1da177e4 882 */
37bdfb07 883
1da177e4
LT		 884struct tty_ldisc *tty_ldisc_ref_wait(struct tty_struct *tty)
885{
886 /* wait_event is a macro */
887 wait_event(tty_ldisc_wait, tty_ldisc_try(tty));
37bdfb07 888 if (tty->ldisc.refcount == 0)
1da177e4
LT		 889 printk(KERN_ERR "tty_ldisc_ref_wait\n");
890 return &tty->ldisc;
891}
892
893EXPORT_SYMBOL_GPL(tty_ldisc_ref_wait);
894
895/**
896 * tty_ldisc_ref - get the tty ldisc
897 * @tty: tty device
898 *
37bdfb07
AC		 899 * Dereference the line discipline for the terminal and take a
900 * reference to it. If the line discipline is in flux then
1da177e4 901 * return NULL. Can be called from IRQ and timer functions.
af9b897e
AC		 902 *
903 * Locking: called functions take tty_ldisc_lock
1da177e4 904 */
37bdfb07 905
1da177e4
LT		 906struct tty_ldisc *tty_ldisc_ref(struct tty_struct *tty)
907{
37bdfb07 908 if (tty_ldisc_try(tty))
1da177e4
LT		 909 return &tty->ldisc;
910 return NULL;
911}
912
913EXPORT_SYMBOL_GPL(tty_ldisc_ref);
914
915/**
916 * tty_ldisc_deref - free a tty ldisc reference
917 * @ld: reference to free up
918 *
919 * Undoes the effect of tty_ldisc_ref or tty_ldisc_ref_wait. May
920 * be called in IRQ context.
af9b897e
AC		 921 *
922 * Locking: takes tty_ldisc_lock
1da177e4 923 */
37bdfb07 924
1da177e4
LT		 925void tty_ldisc_deref(struct tty_ldisc *ld)
926{
927 unsigned long flags;
928
56ee4827 929 BUG_ON(ld == NULL);
37bdfb07 930
1da177e4 931 spin_lock_irqsave(&tty_ldisc_lock, flags);
37bdfb07 932 if (ld->refcount == 0)
1da177e4
LT		 933 printk(KERN_ERR "tty_ldisc_deref: no references.\n");
934 else
935 ld->refcount--;
37bdfb07 936 if (ld->refcount == 0)
1da177e4
LT		 937 wake_up(&tty_ldisc_wait);
938 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
939}
940
941EXPORT_SYMBOL_GPL(tty_ldisc_deref);
942
943/**
944 * tty_ldisc_enable - allow ldisc use
945 * @tty: terminal to activate ldisc on
946 *
947 * Set the TTY_LDISC flag when the line discipline can be called
3a4fa0a2 948 * again. Do necessary wakeups for existing sleepers.
1da177e4
LT		 949 *
950 * Note: nobody should set this bit except via this function. Clearing
951 * directly is allowed.
952 */
953
954static void tty_ldisc_enable(struct tty_struct *tty)
955{
956 set_bit(TTY_LDISC, &tty->flags);
957 wake_up(&tty_ldisc_wait);
958}
37bdfb07 959
1da177e4
LT		 960/**
961 * tty_set_ldisc - set line discipline
962 * @tty: the terminal to set
963 * @ldisc: the line discipline
964 *
965 * Set the discipline of a tty line. Must be called from a process
966 * context.
af9b897e
AC		 967 *
968 * Locking: takes tty_ldisc_lock.
24ec839c 969 * called functions take termios_mutex
1da177e4 970 */
37bdfb07 971
1da177e4
LT		 972static int tty_set_ldisc(struct tty_struct *tty, int ldisc)
973{
ff55fe20
JB		 974 int retval = 0;
975 struct tty_ldisc o_ldisc;
1da177e4
LT		 976 char buf[64];
977 int work;
978 unsigned long flags;
979 struct tty_ldisc *ld;
ff55fe20 980 struct tty_struct *o_tty;
1da177e4
LT		 981
982 if ((ldisc < N_TTY) || (ldisc >= NR_LDISCS))
983 return -EINVAL;
984
985restart:
986
1da177e4
LT		 987 ld = tty_ldisc_get(ldisc);
988 /* Eduardo Blanco <ejbs@cs.cs.com.uy> */
989 /* Cyrus Durgin <cider@speakeasy.org> */
990 if (ld == NULL) {
991 request_module("tty-ldisc-%d", ldisc);
992 ld = tty_ldisc_get(ldisc);
993 }
994 if (ld == NULL)
995 return -EINVAL;
996
33f0f88f
AC		 997 /*
998 * Problem: What do we do if this blocks ?
999 */
1000
1da177e4
LT		 1001 tty_wait_until_sent(tty, 0);
1002
ff55fe20
JB		 1003 if (tty->ldisc.num == ldisc) {
1004 tty_ldisc_put(ldisc);
1005 return 0;
1006 }
1007
ae030e43
PF		 1008 /*
1009 * No more input please, we are switching. The new ldisc
1010 * will update this value in the ldisc open function
1011 */
1012
1013 tty->receive_room = 0;
1014
ff55fe20
JB		 1015 o_ldisc = tty->ldisc;
1016 o_tty = tty->link;
1017
1da177e4
LT		 1018 /*
1019 * Make sure we don't change while someone holds a
1020 * reference to the line discipline. The TTY_LDISC bit
1021 * prevents anyone taking a reference once it is clear.
1022 * We need the lock to avoid racing reference takers.
1023 */
ff55fe20 1024
1da177e4 1025 spin_lock_irqsave(&tty_ldisc_lock, flags);
ff55fe20 1026 if (tty->ldisc.refcount || (o_tty && o_tty->ldisc.refcount)) {
37bdfb07 1027 if (tty->ldisc.refcount) {
ff55fe20
JB		 1028 /* Free the new ldisc we grabbed. Must drop the lock
1029 first. */
1030 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1031 tty_ldisc_put(ldisc);
1032 /*
1033 * There are several reasons we may be busy, including
1034 * random momentary I/O traffic. We must therefore
1035 * retry. We could distinguish between blocking ops
37bdfb07
AC		 1036 * and retries if we made tty_ldisc_wait() smarter.
1037 * That is up for discussion.
ff55fe20
JB		 1038 */
1039 if (wait_event_interruptible(tty_ldisc_wait, tty->ldisc.refcount == 0) < 0)
1040 return -ERESTARTSYS;
1041 goto restart;
1042 }
37bdfb07 1043 if (o_tty && o_tty->ldisc.refcount) {
ff55fe20
JB		 1044 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1045 tty_ldisc_put(ldisc);
1046 if (wait_event_interruptible(tty_ldisc_wait, o_tty->ldisc.refcount == 0) < 0)
1047 return -ERESTARTSYS;
1048 goto restart;
1049 }
1050 }
37bdfb07
AC		 1051 /*
1052 * If the TTY_LDISC bit is set, then we are racing against
1053 * another ldisc change
1054 */
ff55fe20 1055 if (!test_bit(TTY_LDISC, &tty->flags)) {
1da177e4
LT		 1056 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1057 tty_ldisc_put(ldisc);
ff55fe20
JB		 1058 ld = tty_ldisc_ref_wait(tty);
1059 tty_ldisc_deref(ld);
1da177e4
LT		 1060 goto restart;
1061 }
ff55fe20
JB		 1062
1063 clear_bit(TTY_LDISC, &tty->flags);
817d6d3b 1064 if (o_tty)
ff55fe20 1065 clear_bit(TTY_LDISC, &o_tty->flags);
1da177e4 1066 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
ff55fe20 1067
1da177e4
LT		 1068 /*
1069 * From this point on we know nobody has an ldisc
1070 * usage reference, nor can they obtain one until
1071 * we say so later on.
1072 */
ff55fe20 1073
33f0f88f 1074 work = cancel_delayed_work(&tty->buf.work);
1da177e4 1075 /*
33f0f88f 1076 * Wait for ->hangup_work and ->buf.work handlers to terminate
1da177e4 1077 */
1da177e4
LT		 1078 flush_scheduled_work();
1079 /* Shutdown the current discipline. */
1080 if (tty->ldisc.close)
1081 (tty->ldisc.close)(tty);
1082
1083 /* Now set up the new line discipline. */
1084 tty_ldisc_assign(tty, ld);
1085 tty_set_termios_ldisc(tty, ldisc);
1086 if (tty->ldisc.open)
1087 retval = (tty->ldisc.open)(tty);
1088 if (retval < 0) {
1089 tty_ldisc_put(ldisc);
1090 /* There is an outstanding reference here so this is safe */
1091 tty_ldisc_assign(tty, tty_ldisc_get(o_ldisc.num));
1092 tty_set_termios_ldisc(tty, tty->ldisc.num);
1093 if (tty->ldisc.open && (tty->ldisc.open(tty) < 0)) {
1094 tty_ldisc_put(o_ldisc.num);
1095 /* This driver is always present */
1096 tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
1097 tty_set_termios_ldisc(tty, N_TTY);
1098 if (tty->ldisc.open) {
1099 int r = tty->ldisc.open(tty);
1100
1101 if (r < 0)
1102 panic("Couldn't open N_TTY ldisc for "
1103 "%s --- error %d.",
1104 tty_name(tty, buf), r);
1105 }
1106 }
1107 }
1108 /* At this point we hold a reference to the new ldisc and a
1109 a reference to the old ldisc. If we ended up flipping back
1110 to the existing ldisc we have two references to it */
37bdfb07 1111
1da177e4
LT		 1112 if (tty->ldisc.num != o_ldisc.num && tty->driver->set_ldisc)
1113 tty->driver->set_ldisc(tty);
37bdfb07 1114
1da177e4 1115 tty_ldisc_put(o_ldisc.num);
37bdfb07 1116
1da177e4
LT		 1117 /*
1118 * Allow ldisc referencing to occur as soon as the driver
1119 * ldisc callback completes.
1120 */
37bdfb07 1121
1da177e4 1122 tty_ldisc_enable(tty);
ff55fe20
JB		 1123 if (o_tty)
1124 tty_ldisc_enable(o_tty);
37bdfb07 1125
1da177e4
LT		 1126 /* Restart it in case no characters kick it off. Safe if
1127 already running */
ff55fe20 1128 if (work)
33f0f88f 1129 schedule_delayed_work(&tty->buf.work, 1);
1da177e4
LT		 1130 return retval;
1131}
1132
af9b897e
AC		 1133/**
1134 * get_tty_driver - find device of a tty
1135 * @dev_t: device identifier
1136 * @index: returns the index of the tty
1137 *
1138 * This routine returns a tty driver structure, given a device number
1139 * and also passes back the index number.
1140 *
1141 * Locking: caller must hold tty_mutex
1da177e4 1142 */
af9b897e 1143
1da177e4
LT		 1144static struct tty_driver *get_tty_driver(dev_t device, int *index)
1145{
1146 struct tty_driver *p;
1147
1148 list_for_each_entry(p, &tty_drivers, tty_drivers) {
1149 dev_t base = MKDEV(p->major, p->minor_start);
1150 if (device < base || device >= base + p->num)
1151 continue;
1152 *index = device - base;
1153 return p;
1154 }
1155 return NULL;
1156}
1157
af9b897e
AC		 1158/**
1159 * tty_check_change - check for POSIX terminal changes
1160 * @tty: tty to check
1161 *
1162 * If we try to write to, or set the state of, a terminal and we're
1163 * not in the foreground, send a SIGTTOU. If the signal is blocked or
1164 * ignored, go ahead and perform the operation. (POSIX 7.2)
1165 *
1166 * Locking: none
1da177e4 1167 */
af9b897e 1168
37bdfb07 1169int tty_check_change(struct tty_struct *tty)
1da177e4
LT		 1170{
1171 if (current->signal->tty != tty)
1172 return 0;
ab521dc0
EB		 1173 if (!tty->pgrp) {
1174 printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n");
1da177e4
LT		 1175 return 0;
1176 }
ab521dc0 1177 if (task_pgrp(current) == tty->pgrp)
1da177e4
LT		 1178 return 0;
1179 if (is_ignored(SIGTTOU))
1180 return 0;
3e7cd6c4 1181 if (is_current_pgrp_orphaned())
1da177e4 1182 return -EIO;
040b6362
ON		 1183 kill_pgrp(task_pgrp(current), SIGTTOU, 1);
1184 set_thread_flag(TIF_SIGPENDING);
1da177e4
LT		 1185 return -ERESTARTSYS;
1186}
1187
1188EXPORT_SYMBOL(tty_check_change);
1189
37bdfb07 1190static ssize_t hung_up_tty_read(struct file *file, char __user *buf,
1da177e4
LT		 1191 size_t count, loff_t *ppos)
1192{
1193 return 0;
1194}
1195
37bdfb07 1196static ssize_t hung_up_tty_write(struct file *file, const char __user *buf,
1da177e4
LT		 1197 size_t count, loff_t *ppos)
1198{
1199 return -EIO;
1200}
1201
1202/* No kernel lock held - none needed ;) */
37bdfb07 1203static unsigned int hung_up_tty_poll(struct file *filp, poll_table *wait)
1da177e4
LT		 1204{
1205 return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
1206}
1207
37bdfb07 1208static int hung_up_tty_ioctl(struct inode *inode, struct file *file,
38ad2ed0
PF		 1209 unsigned int cmd, unsigned long arg)
1210{
1211 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
1212}
1213
37bdfb07 1214static long hung_up_tty_compat_ioctl(struct file *file,
38ad2ed0 1215 unsigned int cmd, unsigned long arg)
1da177e4
LT		 1216{
1217 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
1218}
1219
62322d25 1220static const struct file_operations tty_fops = {
1da177e4
LT		 1221 .llseek = no_llseek,
1222 .read = tty_read,
1223 .write = tty_write,
1224 .poll = tty_poll,
1225 .ioctl = tty_ioctl,
e10cc1df 1226 .compat_ioctl = tty_compat_ioctl,
1da177e4
LT		 1227 .open = tty_open,
1228 .release = tty_release,
1229 .fasync = tty_fasync,
1230};
1231
1232#ifdef CONFIG_UNIX98_PTYS
62322d25 1233static const struct file_operations ptmx_fops = {
1da177e4
LT		 1234 .llseek = no_llseek,
1235 .read = tty_read,
1236 .write = tty_write,
1237 .poll = tty_poll,
1238 .ioctl = tty_ioctl,
e10cc1df 1239 .compat_ioctl = tty_compat_ioctl,
1da177e4
LT		 1240 .open = ptmx_open,
1241 .release = tty_release,
1242 .fasync = tty_fasync,
1243};
1244#endif
1245
62322d25 1246static const struct file_operations console_fops = {
1da177e4
LT		 1247 .llseek = no_llseek,
1248 .read = tty_read,
1249 .write = redirected_tty_write,
1250 .poll = tty_poll,
1251 .ioctl = tty_ioctl,
e10cc1df 1252 .compat_ioctl = tty_compat_ioctl,
1da177e4
LT		 1253 .open = tty_open,
1254 .release = tty_release,
1255 .fasync = tty_fasync,
1256};
1257
62322d25 1258static const struct file_operations hung_up_tty_fops = {
1da177e4
LT		 1259 .llseek = no_llseek,
1260 .read = hung_up_tty_read,
1261 .write = hung_up_tty_write,
1262 .poll = hung_up_tty_poll,
38ad2ed0
PF		 1263 .ioctl = hung_up_tty_ioctl,
1264 .compat_ioctl = hung_up_tty_compat_ioctl,
1da177e4
LT		 1265 .release = tty_release,
1266};
1267
1268static DEFINE_SPINLOCK(redirect_lock);
1269static struct file *redirect;
1270
1271/**
1272 * tty_wakeup - request more data
1273 * @tty: terminal
1274 *
1275 * Internal and external helper for wakeups of tty. This function
1276 * informs the line discipline if present that the driver is ready
1277 * to receive more output data.
1278 */
37bdfb07 1279
1da177e4
LT		 1280void tty_wakeup(struct tty_struct *tty)
1281{
1282 struct tty_ldisc *ld;
37bdfb07 1283
1da177e4
LT		 1284 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
1285 ld = tty_ldisc_ref(tty);
37bdfb07
AC		 1286 if (ld) {
1287 if (ld->write_wakeup)
1da177e4
LT		 1288 ld->write_wakeup(tty);
1289 tty_ldisc_deref(ld);
1290 }
1291 }
1292 wake_up_interruptible(&tty->write_wait);
1293}
1294
1295EXPORT_SYMBOL_GPL(tty_wakeup);
1296
1297/**
1298 * tty_ldisc_flush - flush line discipline queue
1299 * @tty: tty
1300 *
1301 * Flush the line discipline queue (if any) for this tty. If there
1302 * is no line discipline active this is a no-op.
1303 */
37bdfb07 1304
1da177e4
LT		 1305void tty_ldisc_flush(struct tty_struct *tty)
1306{
1307 struct tty_ldisc *ld = tty_ldisc_ref(tty);
37bdfb07
AC		 1308 if (ld) {
1309 if (ld->flush_buffer)
1da177e4
LT		 1310 ld->flush_buffer(tty);
1311 tty_ldisc_deref(ld);
1312 }
c5c34d48 1313 tty_buffer_flush(tty);
1da177e4
LT		 1314}
1315
1316EXPORT_SYMBOL_GPL(tty_ldisc_flush);
edc6afc5
AC		 1317
1318/**
1319 * tty_reset_termios - reset terminal state
1320 * @tty: tty to reset
1321 *
1322 * Restore a terminal to the driver default state
1323 */
1324
1325static void tty_reset_termios(struct tty_struct *tty)
1326{
1327 mutex_lock(&tty->termios_mutex);
1328 *tty->termios = tty->driver->init_termios;
1329 tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
1330 tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
1331 mutex_unlock(&tty->termios_mutex);
1332}
37bdfb07 1333
af9b897e
AC		 1334/**
1335 * do_tty_hangup - actual handler for hangup events
65f27f38 1336 * @work: tty device
af9b897e
AC		 1337 *
1338 * This can be called by the "eventd" kernel thread. That is process
1339 * synchronous but doesn't hold any locks, so we need to make sure we
1340 * have the appropriate locks for what we're doing.
1341 *
1342 * The hangup event clears any pending redirections onto the hung up
1343 * device. It ensures future writes will error and it does the needed
1344 * line discipline hangup and signal delivery. The tty object itself
1345 * remains intact.
1346 *
1347 * Locking:
1348 * BKL
24ec839c
PZ		 1349 * redirect lock for undoing redirection
1350 * file list lock for manipulating list of ttys
1351 * tty_ldisc_lock from called functions
1352 * termios_mutex resetting termios data
1353 * tasklist_lock to walk task list for hangup event
1354 * ->siglock to protect ->signal/->sighand
1da177e4 1355 */
65f27f38 1356static void do_tty_hangup(struct work_struct *work)
1da177e4 1357{
65f27f38
DH		 1358 struct tty_struct *tty =
1359 container_of(work, struct tty_struct, hangup_work);
37bdfb07 1360 struct file *cons_filp = NULL;
1da177e4
LT		 1361 struct file *filp, *f = NULL;
1362 struct task_struct *p;
1363 struct tty_ldisc *ld;
1364 int closecount = 0, n;
1365
1366 if (!tty)
1367 return;
1368
1369 /* inuse_filps is protected by the single kernel lock */
1370 lock_kernel();
1371
1372 spin_lock(&redirect_lock);
1373 if (redirect && redirect->private_data == tty) {
1374 f = redirect;
1375 redirect = NULL;
1376 }
1377 spin_unlock(&redirect_lock);
37bdfb07 1378
1da177e4
LT		 1379 check_tty_count(tty, "do_tty_hangup");
1380 file_list_lock();
1381 /* This breaks for file handles being sent over AF_UNIX sockets ? */
2f512016 1382 list_for_each_entry(filp, &tty->tty_files, f_u.fu_list) {
1da177e4
LT		 1383 if (filp->f_op->write == redirected_tty_write)
1384 cons_filp = filp;
1385 if (filp->f_op->write != tty_write)
1386 continue;
1387 closecount++;
1388 tty_fasync(-1, filp, 0); /* can't block */
1389 filp->f_op = &hung_up_tty_fops;
1390 }
1391 file_list_unlock();
37bdfb07
AC		 1392 /*
1393 * FIXME! What are the locking issues here? This may me overdoing
1394 * things... This question is especially important now that we've
1395 * removed the irqlock.
1396 */
1da177e4 1397 ld = tty_ldisc_ref(tty);
37bdfb07
AC		 1398 if (ld != NULL) {
1399 /* We may have no line discipline at this point */
1da177e4
LT		 1400 if (ld->flush_buffer)
1401 ld->flush_buffer(tty);
1402 if (tty->driver->flush_buffer)
1403 tty->driver->flush_buffer(tty);
1404 if ((test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) &&
1405 ld->write_wakeup)
1406 ld->write_wakeup(tty);
1407 if (ld->hangup)
1408 ld->hangup(tty);
1409 }
37bdfb07
AC		 1410 /*
1411 * FIXME: Once we trust the LDISC code better we can wait here for
1412 * ldisc completion and fix the driver call race
1413 */
1da177e4
LT		 1414 wake_up_interruptible(&tty->write_wait);
1415 wake_up_interruptible(&tty->read_wait);
1da177e4
LT		 1416 /*
1417 * Shutdown the current line discipline, and reset it to
1418 * N_TTY.
1419 */
1420 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
edc6afc5 1421 tty_reset_termios(tty);
1da177e4
LT		 1422 /* Defer ldisc switch */
1423 /* tty_deferred_ldisc_switch(N_TTY);
37bdfb07 1424
1da177e4
LT		 1425 This should get done automatically when the port closes and
1426 tty_release is called */
37bdfb07 1427
1da177e4 1428 read_lock(&tasklist_lock);
ab521dc0
EB		 1429 if (tty->session) {
1430 do_each_pid_task(tty->session, PIDTYPE_SID, p) {
24ec839c 1431 spin_lock_irq(&p->sighand->siglock);
1da177e4
LT		 1432 if (p->signal->tty == tty)
1433 p->signal->tty = NULL;
24ec839c
PZ		 1434 if (!p->signal->leader) {
1435 spin_unlock_irq(&p->sighand->siglock);
1da177e4 1436 continue;
24ec839c
PZ		 1437 }
1438 __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
1439 __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
ab521dc0
EB		 1440 put_pid(p->signal->tty_old_pgrp); /* A noop */
1441 if (tty->pgrp)
1442 p->signal->tty_old_pgrp = get_pid(tty->pgrp);
24ec839c 1443 spin_unlock_irq(&p->sighand->siglock);
ab521dc0 1444 } while_each_pid_task(tty->session, PIDTYPE_SID, p);
1da177e4
LT		 1445 }
1446 read_unlock(&tasklist_lock);
1447
1448 tty->flags = 0;
d9c1e9a8
EB		 1449 put_pid(tty->session);
1450 put_pid(tty->pgrp);
ab521dc0
EB		 1451 tty->session = NULL;
1452 tty->pgrp = NULL;
1da177e4
LT		 1453 tty->ctrl_status = 0;
1454 /*
37bdfb07
AC		 1455 * If one of the devices matches a console pointer, we
1456 * cannot just call hangup() because that will cause
1457 * tty->count and state->count to go out of sync.
1458 * So we just call close() the right number of times.
1da177e4
LT		 1459 */
1460 if (cons_filp) {
1461 if (tty->driver->close)
1462 for (n = 0; n < closecount; n++)
1463 tty->driver->close(tty, cons_filp);
1464 } else if (tty->driver->hangup)
1465 (tty->driver->hangup)(tty);
37bdfb07
AC		 1466 /*
1467 * We don't want to have driver/ldisc interactions beyond
1468 * the ones we did here. The driver layer expects no
1469 * calls after ->hangup() from the ldisc side. However we
1470 * can't yet guarantee all that.
1471 */
1da177e4
LT		 1472 set_bit(TTY_HUPPED, &tty->flags);
1473 if (ld) {
1474 tty_ldisc_enable(tty);
1475 tty_ldisc_deref(ld);
1476 }
1477 unlock_kernel();
1478 if (f)
1479 fput(f);
1480}
1481
af9b897e
AC		 1482/**
1483 * tty_hangup - trigger a hangup event
1484 * @tty: tty to hangup
1485 *
1486 * A carrier loss (virtual or otherwise) has occurred on this like
1487 * schedule a hangup sequence to run after this event.
1488 */
1489
37bdfb07 1490void tty_hangup(struct tty_struct *tty)
1da177e4
LT		 1491{
1492#ifdef TTY_DEBUG_HANGUP
1493 char buf[64];
1da177e4
LT		 1494 printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
1495#endif
1496 schedule_work(&tty->hangup_work);
1497}
1498
1499EXPORT_SYMBOL(tty_hangup);
1500
af9b897e
AC		 1501/**
1502 * tty_vhangup - process vhangup
1503 * @tty: tty to hangup
1504 *
1505 * The user has asked via system call for the terminal to be hung up.
1506 * We do this synchronously so that when the syscall returns the process
3a4fa0a2 1507 * is complete. That guarantee is necessary for security reasons.
af9b897e
AC		 1508 */
1509
37bdfb07 1510void tty_vhangup(struct tty_struct *tty)
1da177e4
LT		 1511{
1512#ifdef TTY_DEBUG_HANGUP
1513 char buf[64];
1514
1515 printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
1516#endif
65f27f38 1517 do_tty_hangup(&tty->hangup_work);
1da177e4 1518}
37bdfb07 1519
1da177e4
LT		 1520EXPORT_SYMBOL(tty_vhangup);
1521
af9b897e
AC		 1522/**
1523 * tty_hung_up_p - was tty hung up
1524 * @filp: file pointer of tty
1525 *
1526 * Return true if the tty has been subject to a vhangup or a carrier
1527 * loss
1528 */
1529
37bdfb07 1530int tty_hung_up_p(struct file *filp)
1da177e4
LT		 1531{
1532 return (filp->f_op == &hung_up_tty_fops);
1533}
1534
1535EXPORT_SYMBOL(tty_hung_up_p);
1536
522ed776 1537/**
37bdfb07
AC		 1538 * is_tty - checker whether file is a TTY
1539 * @filp: file handle that may be a tty
1540 *
1541 * Check if the file handle is a tty handle.
522ed776 1542 */
37bdfb07 1543
522ed776
MT		 1544int is_tty(struct file *filp)
1545{
1546 return filp->f_op->read == tty_read
1547 || filp->f_op->read == hung_up_tty_read;
1548}
1549
ab521dc0 1550static void session_clear_tty(struct pid *session)
24ec839c
PZ		 1551{
1552 struct task_struct *p;
ab521dc0 1553 do_each_pid_task(session, PIDTYPE_SID, p) {
24ec839c 1554 proc_clear_tty(p);
ab521dc0 1555 } while_each_pid_task(session, PIDTYPE_SID, p);
24ec839c
PZ		 1556}
1557
af9b897e
AC		 1558/**
1559 * disassociate_ctty - disconnect controlling tty
1560 * @on_exit: true if exiting so need to "hang up" the session
1da177e4 1561 *
af9b897e
AC		 1562 * This function is typically called only by the session leader, when
1563 * it wants to disassociate itself from its controlling tty.
1564 *
1565 * It performs the following functions:
1da177e4
LT		 1566 * (1) Sends a SIGHUP and SIGCONT to the foreground process group
1567 * (2) Clears the tty from being controlling the session
1568 * (3) Clears the controlling tty for all processes in the
1569 * session group.
1570 *
af9b897e
AC		 1571 * The argument on_exit is set to 1 if called when a process is
1572 * exiting; it is 0 if called by the ioctl TIOCNOTTY.
1573 *
24ec839c 1574 * Locking:
af9b897e 1575 * BKL is taken for hysterical raisins
24ec839c
PZ		 1576 * tty_mutex is taken to protect tty
1577 * ->siglock is taken to protect ->signal/->sighand
1578 * tasklist_lock is taken to walk process list for sessions
1579 * ->siglock is taken to protect ->signal/->sighand
1da177e4 1580 */
af9b897e 1581
1da177e4
LT		 1582void disassociate_ctty(int on_exit)
1583{
1584 struct tty_struct *tty;
ab521dc0 1585 struct pid *tty_pgrp = NULL;
1da177e4
LT		 1586
1587 lock_kernel();
1588
70522e12 1589 mutex_lock(&tty_mutex);
24ec839c 1590 tty = get_current_tty();
1da177e4 1591 if (tty) {
ab521dc0 1592 tty_pgrp = get_pid(tty->pgrp);
70522e12 1593 mutex_unlock(&tty_mutex);
24ec839c 1594 /* XXX: here we race, there is nothing protecting tty */
1da177e4
LT		 1595 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY)
1596 tty_vhangup(tty);
680a9671 1597 } else if (on_exit) {
ab521dc0 1598 struct pid *old_pgrp;
680a9671
EB		 1599 spin_lock_irq(&current->sighand->siglock);
1600 old_pgrp = current->signal->tty_old_pgrp;
ab521dc0 1601 current->signal->tty_old_pgrp = NULL;
680a9671 1602 spin_unlock_irq(&current->sighand->siglock);
24ec839c 1603 if (old_pgrp) {
ab521dc0
EB		 1604 kill_pgrp(old_pgrp, SIGHUP, on_exit);
1605 kill_pgrp(old_pgrp, SIGCONT, on_exit);
1606 put_pid(old_pgrp);
1da177e4 1607 }
70522e12 1608 mutex_unlock(&tty_mutex);
37bdfb07 1609 unlock_kernel();
1da177e4
LT		 1610 return;
1611 }
ab521dc0
EB		 1612 if (tty_pgrp) {
1613 kill_pgrp(tty_pgrp, SIGHUP, on_exit);
1da177e4 1614 if (!on_exit)
ab521dc0
EB		 1615 kill_pgrp(tty_pgrp, SIGCONT, on_exit);
1616 put_pid(tty_pgrp);
1da177e4
LT		 1617 }
1618
24ec839c 1619 spin_lock_irq(&current->sighand->siglock);
2a65f1d9 1620 put_pid(current->signal->tty_old_pgrp);
23cac8de 1621 current->signal->tty_old_pgrp = NULL;
24ec839c
PZ		 1622 spin_unlock_irq(&current->sighand->siglock);
1623
1624 mutex_lock(&tty_mutex);
1625 /* It is possible that do_tty_hangup has free'd this tty */
1626 tty = get_current_tty();
1627 if (tty) {
ab521dc0
EB		 1628 put_pid(tty->session);
1629 put_pid(tty->pgrp);
1630 tty->session = NULL;
1631 tty->pgrp = NULL;
24ec839c
PZ		 1632 } else {
1633#ifdef TTY_DEBUG_HANGUP
1634 printk(KERN_DEBUG "error attempted to write to tty [0x%p]"
1635 " = NULL", tty);
1636#endif
1637 }
1638 mutex_unlock(&tty_mutex);
1da177e4
LT		 1639
1640 /* Now clear signal->tty under the lock */
1641 read_lock(&tasklist_lock);
ab521dc0 1642 session_clear_tty(task_session(current));
1da177e4 1643 read_unlock(&tasklist_lock);
1da177e4
LT		 1644 unlock_kernel();
1645}
1646
98a27ba4
EB		 1647/**
1648 *
1649 * no_tty - Ensure the current process does not have a controlling tty
1650 */
1651void no_tty(void)
1652{
1653 struct task_struct *tsk = current;
1654 if (tsk->signal->leader)
1655 disassociate_ctty(0);
1656 proc_clear_tty(tsk);
1657}
1658
af9b897e
AC		 1659
1660/**
beb7dd86 1661 * stop_tty - propagate flow control
af9b897e
AC		 1662 * @tty: tty to stop
1663 *
1664 * Perform flow control to the driver. For PTY/TTY pairs we
beb7dd86 1665 * must also propagate the TIOCKPKT status. May be called
af9b897e
AC		 1666 * on an already stopped device and will not re-call the driver
1667 * method.
1668 *
1669 * This functionality is used by both the line disciplines for
1670 * halting incoming flow and by the driver. It may therefore be
1671 * called from any context, may be under the tty atomic_write_lock
1672 * but not always.
1673 *
1674 * Locking:
1675 * Broken. Relies on BKL which is unsafe here.
1676 */
1677
1da177e4
LT		 1678void stop_tty(struct tty_struct *tty)
1679{
1680 if (tty->stopped)
1681 return;
1682 tty->stopped = 1;
1683 if (tty->link && tty->link->packet) {
1684 tty->ctrl_status &= ~TIOCPKT_START;
1685 tty->ctrl_status |= TIOCPKT_STOP;
1686 wake_up_interruptible(&tty->link->read_wait);
1687 }
1688 if (tty->driver->stop)
1689 (tty->driver->stop)(tty);
1690}
1691
1692EXPORT_SYMBOL(stop_tty);
1693
af9b897e 1694/**
beb7dd86 1695 * start_tty - propagate flow control
af9b897e
AC		 1696 * @tty: tty to start
1697 *
1698 * Start a tty that has been stopped if at all possible. Perform
3a4fa0a2 1699 * any necessary wakeups and propagate the TIOCPKT status. If this
af9b897e
AC		 1700 * is the tty was previous stopped and is being started then the
1701 * driver start method is invoked and the line discipline woken.
1702 *
1703 * Locking:
1704 * Broken. Relies on BKL which is unsafe here.
1705 */
1706
1da177e4
LT		 1707void start_tty(struct tty_struct *tty)
1708{
1709 if (!tty->stopped || tty->flow_stopped)
1710 return;
1711 tty->stopped = 0;
1712 if (tty->link && tty->link->packet) {
1713 tty->ctrl_status &= ~TIOCPKT_STOP;
1714 tty->ctrl_status |= TIOCPKT_START;
1715 wake_up_interruptible(&tty->link->read_wait);
1716 }
1717 if (tty->driver->start)
1718 (tty->driver->start)(tty);
1da177e4
LT		 1719 /* If we have a running line discipline it may need kicking */
1720 tty_wakeup(tty);
1da177e4
LT		 1721}
1722
1723EXPORT_SYMBOL(start_tty);
1724
af9b897e
AC		 1725/**
1726 * tty_read - read method for tty device files
1727 * @file: pointer to tty file
1728 * @buf: user buffer
1729 * @count: size of user buffer
1730 * @ppos: unused
1731 *
1732 * Perform the read system call function on this terminal device. Checks
1733 * for hung up devices before calling the line discipline method.
1734 *
1735 * Locking:
1736 * Locks the line discipline internally while needed
1737 * For historical reasons the line discipline read method is
1738 * invoked under the BKL. This will go away in time so do not rely on it
1739 * in new code. Multiple read calls may be outstanding in parallel.
1740 */
1741
37bdfb07 1742static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
1da177e4
LT		 1743 loff_t *ppos)
1744{
1745 int i;
37bdfb07 1746 struct tty_struct *tty;
1da177e4
LT		 1747 struct inode *inode;
1748 struct tty_ldisc *ld;
1749
1750 tty = (struct tty_struct *)file->private_data;
a7113a96 1751 inode = file->f_path.dentry->d_inode;
1da177e4
LT		 1752 if (tty_paranoia_check(tty, inode, "tty_read"))
1753 return -EIO;
1754 if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
1755 return -EIO;
1756
1757 /* We want to wait for the line discipline to sort out in this
1758 situation */
1759 ld = tty_ldisc_ref_wait(tty);
1760 lock_kernel();
1761 if (ld->read)
37bdfb07 1762 i = (ld->read)(tty, file, buf, count);
1da177e4
LT		 1763 else
1764 i = -EIO;
1765 tty_ldisc_deref(ld);
1766 unlock_kernel();
1767 if (i > 0)
1768 inode->i_atime = current_fs_time(inode->i_sb);
1769 return i;
1770}
1771
9c1729db
AC		 1772void tty_write_unlock(struct tty_struct *tty)
1773{
1774 mutex_unlock(&tty->atomic_write_lock);
1775 wake_up_interruptible(&tty->write_wait);
1776}
1777
1778int tty_write_lock(struct tty_struct *tty, int ndelay)
1779{
1780 if (!mutex_trylock(&tty->atomic_write_lock)) {
1781 if (ndelay)
1782 return -EAGAIN;
1783 if (mutex_lock_interruptible(&tty->atomic_write_lock))
1784 return -ERESTARTSYS;
1785 }
1786 return 0;
1787}
1788
1da177e4
LT		 1789/*
1790 * Split writes up in sane blocksizes to avoid
1791 * denial-of-service type attacks
1792 */
1793static inline ssize_t do_tty_write(
1794 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1795 struct tty_struct *tty,
1796 struct file *file,
1797 const char __user *buf,
1798 size_t count)
1799{
9c1729db 1800 ssize_t ret, written = 0;
1da177e4 1801 unsigned int chunk;
37bdfb07 1802
9c1729db
AC		 1803 ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
1804 if (ret < 0)
1805 return ret;
1da177e4
LT		 1806
1807 /*
1808 * We chunk up writes into a temporary buffer. This
1809 * simplifies low-level drivers immensely, since they
1810 * don't have locking issues and user mode accesses.
1811 *
1812 * But if TTY_NO_WRITE_SPLIT is set, we should use a
1813 * big chunk-size..
1814 *
1815 * The default chunk-size is 2kB, because the NTTY
1816 * layer has problems with bigger chunks. It will
1817 * claim to be able to handle more characters than
1818 * it actually does.
af9b897e
AC		 1819 *
1820 * FIXME: This can probably go away now except that 64K chunks
1821 * are too likely to fail unless switched to vmalloc...
1da177e4
LT		 1822 */
1823 chunk = 2048;
1824 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1825 chunk = 65536;
1826 if (count < chunk)
1827 chunk = count;
1828
70522e12 1829 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1da177e4
LT		 1830 if (tty->write_cnt < chunk) {
1831 unsigned char *buf;
1832
1833 if (chunk < 1024)
1834 chunk = 1024;
1835
1836 buf = kmalloc(chunk, GFP_KERNEL);
1837 if (!buf) {
9c1729db
AC		 1838 ret = -ENOMEM;
1839 goto out;
1da177e4
LT		 1840 }
1841 kfree(tty->write_buf);
1842 tty->write_cnt = chunk;
1843 tty->write_buf = buf;
1844 }
1845
1846 /* Do the write .. */
1847 for (;;) {
1848 size_t size = count;
1849 if (size > chunk)
1850 size = chunk;
1851 ret = -EFAULT;
1852 if (copy_from_user(tty->write_buf, buf, size))
1853 break;
1854 lock_kernel();
1855 ret = write(tty, file, tty->write_buf, size);
1856 unlock_kernel();
1857 if (ret <= 0)
1858 break;
1859 written += ret;
1860 buf += ret;
1861 count -= ret;
1862 if (!count)
1863 break;
1864 ret = -ERESTARTSYS;
1865 if (signal_pending(current))
1866 break;
1867 cond_resched();
1868 }
1869 if (written) {
a7113a96 1870 struct inode *inode = file->f_path.dentry->d_inode;
1da177e4
LT		 1871 inode->i_mtime = current_fs_time(inode->i_sb);
1872 ret = written;
1873 }
9c1729db
AC		 1874out:
1875 tty_write_unlock(tty);
1da177e4
LT		 1876 return ret;
1877}
1878
1879
af9b897e
AC		 1880/**
1881 * tty_write - write method for tty device file
1882 * @file: tty file pointer
1883 * @buf: user data to write
1884 * @count: bytes to write
1885 * @ppos: unused
1886 *
1887 * Write data to a tty device via the line discipline.
1888 *
1889 * Locking:
1890 * Locks the line discipline as required
1891 * Writes to the tty driver are serialized by the atomic_write_lock
1892 * and are then processed in chunks to the device. The line discipline
1893 * write method will not be involked in parallel for each device
1894 * The line discipline write method is called under the big
1895 * kernel lock for historical reasons. New code should not rely on this.
1896 */
1897
37bdfb07
AC		 1898static ssize_t tty_write(struct file *file, const char __user *buf,
1899 size_t count, loff_t *ppos)
1da177e4 1900{
37bdfb07 1901 struct tty_struct *tty;
a7113a96 1902 struct inode *inode = file->f_path.dentry->d_inode;
1da177e4
LT		 1903 ssize_t ret;
1904 struct tty_ldisc *ld;
37bdfb07 1905
1da177e4
LT		 1906 tty = (struct tty_struct *)file->private_data;
1907 if (tty_paranoia_check(tty, inode, "tty_write"))
1908 return -EIO;
37bdfb07
AC		 1909 if (!tty || !tty->driver->write ||
1910 (test_bit(TTY_IO_ERROR, &tty->flags)))
1911 return -EIO;
1da177e4 1912
37bdfb07 1913 ld = tty_ldisc_ref_wait(tty);
1da177e4
LT		 1914 if (!ld->write)
1915 ret = -EIO;
1916 else
1917 ret = do_tty_write(ld->write, tty, file, buf, count);
1918 tty_ldisc_deref(ld);
1919 return ret;
1920}
1921
37bdfb07
AC		 1922ssize_t redirected_tty_write(struct file *file, const char __user *buf,
1923 size_t count, loff_t *ppos)
1da177e4
LT		 1924{
1925 struct file *p = NULL;
1926
1927 spin_lock(&redirect_lock);
1928 if (redirect) {
1929 get_file(redirect);
1930 p = redirect;
1931 }
1932 spin_unlock(&redirect_lock);
1933
1934 if (p) {
1935 ssize_t res;
1936 res = vfs_write(p, buf, count, &p->f_pos);
1937 fput(p);
1938 return res;
1939 }
1da177e4
LT		 1940 return tty_write(file, buf, count, ppos);
1941}
1942
1943static char ptychar[] = "pqrstuvwxyzabcde";
1944
af9b897e
AC		 1945/**
1946 * pty_line_name - generate name for a pty
1947 * @driver: the tty driver in use
1948 * @index: the minor number
1949 * @p: output buffer of at least 6 bytes
1950 *
1951 * Generate a name from a driver reference and write it to the output
1952 * buffer.
1953 *
1954 * Locking: None
1955 */
1956static void pty_line_name(struct tty_driver *driver, int index, char *p)
1da177e4
LT		 1957{
1958 int i = index + driver->name_base;
1959 /* ->name is initialized to "ttyp", but "tty" is expected */
1960 sprintf(p, "%s%c%x",
37bdfb07
AC		 1961 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1962 ptychar[i >> 4 & 0xf], i & 0xf);
1da177e4
LT		 1963}
1964
af9b897e
AC		 1965/**
1966 * pty_line_name - generate name for a tty
1967 * @driver: the tty driver in use
1968 * @index: the minor number
1969 * @p: output buffer of at least 7 bytes
1970 *
1971 * Generate a name from a driver reference and write it to the output
1972 * buffer.
1973 *
1974 * Locking: None
1975 */
1976static void tty_line_name(struct tty_driver *driver, int index, char *p)
1da177e4
LT		 1977{
1978 sprintf(p, "%s%d", driver->name, index + driver->name_base);
1979}
1980
af9b897e
AC		 1981/**
1982 * init_dev - initialise a tty device
1983 * @driver: tty driver we are opening a device on
1984 * @idx: device index
1985 * @tty: returned tty structure
1986 *
1987 * Prepare a tty device. This may not be a "new" clean device but
1988 * could also be an active device. The pty drivers require special
1989 * handling because of this.
1990 *
1991 * Locking:
1992 * The function is called under the tty_mutex, which
1993 * protects us from the tty struct or driver itself going away.
1994 *
1995 * On exit the tty device has the line discipline attached and
1996 * a reference count of 1. If a pair was created for pty/tty use
1997 * and the other was a pty master then it too has a reference count of 1.
1998 *
1da177e4 1999 * WSH 06/09/97: Rewritten to remove races and properly clean up after a
70522e12
IM		 2000 * failed open. The new code protects the open with a mutex, so it's
2001 * really quite straightforward. The mutex locking can probably be
1da177e4
LT		 2002 * relaxed for the (most common) case of reopening a tty.
2003 */
af9b897e 2004
1da177e4
LT		 2005static int init_dev(struct tty_driver *driver, int idx,
2006 struct tty_struct **ret_tty)
2007{
2008 struct tty_struct *tty, *o_tty;
edc6afc5
AC		 2009 struct ktermios *tp, **tp_loc, *o_tp, **o_tp_loc;
2010 struct ktermios *ltp, **ltp_loc, *o_ltp, **o_ltp_loc;
af9b897e 2011 int retval = 0;
1da177e4
LT		 2012
2013 /* check whether we're reopening an existing tty */
2014 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
2015 tty = devpts_get_tty(idx);
5a39e8c6
ASRF		 2016 /*
2017 * If we don't have a tty here on a slave open, it's because
2018 * the master already started the close process and there's
2019 * no relation between devpts file and tty anymore.
2020 */
2021 if (!tty && driver->subtype == PTY_TYPE_SLAVE) {
2022 retval = -EIO;
2023 goto end_init;
2024 }
2025 /*
2026 * It's safe from now on because init_dev() is called with
2027 * tty_mutex held and release_dev() won't change tty->count
2028 * or tty->flags without having to grab tty_mutex
2029 */
1da177e4
LT		 2030 if (tty && driver->subtype == PTY_TYPE_MASTER)
2031 tty = tty->link;
2032 } else {
2033 tty = driver->ttys[idx];
2034 }
2035 if (tty) goto fast_track;
2036
2037 /*
2038 * First time open is complex, especially for PTY devices.
2039 * This code guarantees that either everything succeeds and the
2040 * TTY is ready for operation, or else the table slots are vacated
37bdfb07 2041 * and the allocated memory released. (Except that the termios
1da177e4
LT		 2042 * and locked termios may be retained.)
2043 */
2044
2045 if (!try_module_get(driver->owner)) {
2046 retval = -ENODEV;
2047 goto end_init;
2048 }
2049
2050 o_tty = NULL;
2051 tp = o_tp = NULL;
2052 ltp = o_ltp = NULL;
2053
2054 tty = alloc_tty_struct();
37bdfb07 2055 if (!tty)
1da177e4
LT		 2056 goto fail_no_mem;
2057 initialize_tty_struct(tty);
2058 tty->driver = driver;
2059 tty->index = idx;
2060 tty_line_name(driver, idx, tty->name);
2061
2062 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
2063 tp_loc = &tty->termios;
2064 ltp_loc = &tty->termios_locked;
2065 } else {
2066 tp_loc = &driver->termios[idx];
2067 ltp_loc = &driver->termios_locked[idx];
2068 }
2069
2070 if (!*tp_loc) {
abcb1ff3 2071 tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
1da177e4
LT		 2072 if (!tp)
2073 goto free_mem_out;
2074 *tp = driver->init_termios;
2075 }
2076
2077 if (!*ltp_loc) {
506eb99a 2078 ltp = kzalloc(sizeof(struct ktermios), GFP_KERNEL);
1da177e4
LT		 2079 if (!ltp)
2080 goto free_mem_out;
1da177e4
LT		 2081 }
2082
2083 if (driver->type == TTY_DRIVER_TYPE_PTY) {
2084 o_tty = alloc_tty_struct();
2085 if (!o_tty)
2086 goto free_mem_out;
2087 initialize_tty_struct(o_tty);
2088 o_tty->driver = driver->other;
2089 o_tty->index = idx;
2090 tty_line_name(driver->other, idx, o_tty->name);
2091
2092 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
2093 o_tp_loc = &o_tty->termios;
2094 o_ltp_loc = &o_tty->termios_locked;
2095 } else {
2096 o_tp_loc = &driver->other->termios[idx];
2097 o_ltp_loc = &driver->other->termios_locked[idx];
2098 }
2099
2100 if (!*o_tp_loc) {
abcb1ff3 2101 o_tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
1da177e4
LT		 2102 if (!o_tp)
2103 goto free_mem_out;
2104 *o_tp = driver->other->init_termios;
2105 }
2106
2107 if (!*o_ltp_loc) {
506eb99a 2108 o_ltp = kzalloc(sizeof(struct ktermios), GFP_KERNEL);
1da177e4
LT		 2109 if (!o_ltp)
2110 goto free_mem_out;
1da177e4
LT		 2111 }
2112
2113 /*
2114 * Everything allocated ... set up the o_tty structure.
2115 */
37bdfb07 2116 if (!(driver->other->flags & TTY_DRIVER_DEVPTS_MEM))
1da177e4 2117 driver->other->ttys[idx] = o_tty;
1da177e4
LT		 2118 if (!*o_tp_loc)
2119 *o_tp_loc = o_tp;
2120 if (!*o_ltp_loc)
2121 *o_ltp_loc = o_ltp;
2122 o_tty->termios = *o_tp_loc;
2123 o_tty->termios_locked = *o_ltp_loc;
2124 driver->other->refcount++;
2125 if (driver->subtype == PTY_TYPE_MASTER)
2126 o_tty->count++;
2127
2128 /* Establish the links in both directions */
2129 tty->link = o_tty;
2130 o_tty->link = tty;
2131 }
2132
37bdfb07 2133 /*
1da177e4 2134 * All structures have been allocated, so now we install them.
d5698c28 2135 * Failures after this point use release_tty to clean up, so
1da177e4
LT		 2136 * there's no need to null out the local pointers.
2137 */
37bdfb07 2138 if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM))
1da177e4 2139 driver->ttys[idx] = tty;
37bdfb07 2140
1da177e4
LT		 2141 if (!*tp_loc)
2142 *tp_loc = tp;
2143 if (!*ltp_loc)
2144 *ltp_loc = ltp;
2145 tty->termios = *tp_loc;
2146 tty->termios_locked = *ltp_loc;
edc6afc5
AC		 2147 /* Compatibility until drivers always set this */
2148 tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
2149 tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
1da177e4
LT		 2150 driver->refcount++;
2151 tty->count++;
2152
37bdfb07 2153 /*
1da177e4 2154 * Structures all installed ... call the ldisc open routines.
d5698c28
CH		 2155 * If we fail here just call release_tty to clean up. No need
2156 * to decrement the use counts, as release_tty doesn't care.
1da177e4
LT		 2157 */
2158
2159 if (tty->ldisc.open) {
2160 retval = (tty->ldisc.open)(tty);
2161 if (retval)
2162 goto release_mem_out;
2163 }
2164 if (o_tty && o_tty->ldisc.open) {
2165 retval = (o_tty->ldisc.open)(o_tty);
2166 if (retval) {
2167 if (tty->ldisc.close)
2168 (tty->ldisc.close)(tty);
2169 goto release_mem_out;
2170 }
2171 tty_ldisc_enable(o_tty);
2172 }
2173 tty_ldisc_enable(tty);
2174 goto success;
2175
2176 /*
2177 * This fast open can be used if the tty is already open.
2178 * No memory is allocated, and the only failures are from
2179 * attempting to open a closing tty or attempting multiple
2180 * opens on a pty master.
2181 */
2182fast_track:
2183 if (test_bit(TTY_CLOSING, &tty->flags)) {
2184 retval = -EIO;
2185 goto end_init;
2186 }
2187 if (driver->type == TTY_DRIVER_TYPE_PTY &&
2188 driver->subtype == PTY_TYPE_MASTER) {
2189 /*
37bdfb07 2190 * special case for PTY masters: only one open permitted,
1da177e4
LT		 2191 * and the slave side open count is incremented as well.
2192 */
2193 if (tty->count) {
2194 retval = -EIO;
2195 goto end_init;
2196 }
2197 tty->link->count++;
2198 }
2199 tty->count++;
2200 tty->driver = driver; /* N.B. why do this every time?? */
2201
2202 /* FIXME */
37bdfb07 2203 if (!test_bit(TTY_LDISC, &tty->flags))
1da177e4
LT		 2204 printk(KERN_ERR "init_dev but no ldisc\n");
2205success:
2206 *ret_tty = tty;
37bdfb07 2207
70522e12 2208 /* All paths come through here to release the mutex */
1da177e4
LT		 2209end_init:
2210 return retval;
2211
2212 /* Release locally allocated memory ... nothing placed in slots */
2213free_mem_out:
735d5661 2214 kfree(o_tp);
1da177e4
LT		 2215 if (o_tty)
2216 free_tty_struct(o_tty);
735d5661
JJ		 2217 kfree(ltp);
2218 kfree(tp);
1da177e4
LT		 2219 free_tty_struct(tty);
2220
2221fail_no_mem:
2222 module_put(driver->owner);
2223 retval = -ENOMEM;
2224 goto end_init;
2225
d5698c28 2226 /* call the tty release_tty routine to clean out this slot */
1da177e4 2227release_mem_out:
4050914f
AM		 2228 if (printk_ratelimit())
2229 printk(KERN_INFO "init_dev: ldisc open failed, "
2230 "clearing slot %d\n", idx);
d5698c28 2231 release_tty(tty, idx);
1da177e4
LT		 2232 goto end_init;
2233}
2234
af9b897e 2235/**
d5698c28 2236 * release_one_tty - release tty structure memory
af9b897e
AC		 2237 *
2238 * Releases memory associated with a tty structure, and clears out the
2239 * driver table slots. This function is called when a device is no longer
2240 * in use. It also gets called when setup of a device fails.
2241 *
2242 * Locking:
2243 * tty_mutex - sometimes only
2244 * takes the file list lock internally when working on the list
2245 * of ttys that the driver keeps.
2246 * FIXME: should we require tty_mutex is held here ??
1da177e4 2247 */
d5698c28 2248static void release_one_tty(struct tty_struct *tty, int idx)
1da177e4 2249{
1da177e4 2250 int devpts = tty->driver->flags & TTY_DRIVER_DEVPTS_MEM;
d5698c28 2251 struct ktermios *tp;
1da177e4
LT		 2252
2253 if (!devpts)
2254 tty->driver->ttys[idx] = NULL;
d5698c28 2255
1da177e4
LT		 2256 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
2257 tp = tty->termios;
2258 if (!devpts)
2259 tty->driver->termios[idx] = NULL;
2260 kfree(tp);
2261
2262 tp = tty->termios_locked;
2263 if (!devpts)
2264 tty->driver->termios_locked[idx] = NULL;
2265 kfree(tp);
2266 }
2267
d5698c28 2268
1da177e4
LT		 2269 tty->magic = 0;
2270 tty->driver->refcount--;
d5698c28 2271
1da177e4
LT		 2272 file_list_lock();
2273 list_del_init(&tty->tty_files);
2274 file_list_unlock();
d5698c28 2275
1da177e4
LT		 2276 free_tty_struct(tty);
2277}
2278
d5698c28
CH		 2279/**
2280 * release_tty - release tty structure memory
2281 *
2282 * Release both @tty and a possible linked partner (think pty pair),
2283 * and decrement the refcount of the backing module.
2284 *
2285 * Locking:
2286 * tty_mutex - sometimes only
2287 * takes the file list lock internally when working on the list
2288 * of ttys that the driver keeps.
2289 * FIXME: should we require tty_mutex is held here ??
2290 */
2291static void release_tty(struct tty_struct *tty, int idx)
2292{
2293 struct tty_driver *driver = tty->driver;
2294
2295 if (tty->link)
2296 release_one_tty(tty->link, idx);
2297 release_one_tty(tty, idx);
2298 module_put(driver->owner);
2299}
2300
1da177e4
LT		 2301/*
2302 * Even releasing the tty structures is a tricky business.. We have
2303 * to be very careful that the structures are all released at the
2304 * same time, as interrupts might otherwise get the wrong pointers.
2305 *
2306 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
2307 * lead to double frees or releasing memory still in use.
2308 */
37bdfb07 2309static void release_dev(struct file *filp)
1da177e4
LT		 2310{
2311 struct tty_struct *tty, *o_tty;
2312 int pty_master, tty_closing, o_tty_closing, do_sleep;
14a6283e 2313 int devpts;
1da177e4
LT		 2314 int idx;
2315 char buf[64];
2316 unsigned long flags;
37bdfb07 2317
1da177e4 2318 tty = (struct tty_struct *)filp->private_data;
37bdfb07
AC		 2319 if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode,
2320 "release_dev"))
1da177e4
LT		 2321 return;
2322
2323 check_tty_count(tty, "release_dev");
2324
2325 tty_fasync(-1, filp, 0);
2326
2327 idx = tty->index;
2328 pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2329 tty->driver->subtype == PTY_TYPE_MASTER);
2330 devpts = (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) != 0;
1da177e4
LT		 2331 o_tty = tty->link;
2332
2333#ifdef TTY_PARANOIA_CHECK
2334 if (idx < 0 || idx >= tty->driver->num) {
2335 printk(KERN_DEBUG "release_dev: bad idx when trying to "
2336 "free (%s)\n", tty->name);
2337 return;
2338 }
2339 if (!(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2340 if (tty != tty->driver->ttys[idx]) {
2341 printk(KERN_DEBUG "release_dev: driver.table[%d] not tty "
2342 "for (%s)\n", idx, tty->name);
2343 return;
2344 }
2345 if (tty->termios != tty->driver->termios[idx]) {
2346 printk(KERN_DEBUG "release_dev: driver.termios[%d] not termios "
2347 "for (%s)\n",
2348 idx, tty->name);
2349 return;
2350 }
2351 if (tty->termios_locked != tty->driver->termios_locked[idx]) {
2352 printk(KERN_DEBUG "release_dev: driver.termios_locked[%d] not "
2353 "termios_locked for (%s)\n",
2354 idx, tty->name);
2355 return;
2356 }
2357 }
2358#endif
2359
2360#ifdef TTY_DEBUG_HANGUP
2361 printk(KERN_DEBUG "release_dev of %s (tty count=%d)...",
2362 tty_name(tty, buf), tty->count);
2363#endif
2364
2365#ifdef TTY_PARANOIA_CHECK
2366 if (tty->driver->other &&
2367 !(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2368 if (o_tty != tty->driver->other->ttys[idx]) {
2369 printk(KERN_DEBUG "release_dev: other->table[%d] "
2370 "not o_tty for (%s)\n",
2371 idx, tty->name);
2372 return;
2373 }
2374 if (o_tty->termios != tty->driver->other->termios[idx]) {
2375 printk(KERN_DEBUG "release_dev: other->termios[%d] "
2376 "not o_termios for (%s)\n",
2377 idx, tty->name);
2378 return;
2379 }
37bdfb07 2380 if (o_tty->termios_locked !=
1da177e4
LT		 2381 tty->driver->other->termios_locked[idx]) {
2382 printk(KERN_DEBUG "release_dev: other->termios_locked["
2383 "%d] not o_termios_locked for (%s)\n",
2384 idx, tty->name);
2385 return;
2386 }
2387 if (o_tty->link != tty) {
2388 printk(KERN_DEBUG "release_dev: bad pty pointers\n");
2389 return;
2390 }
2391 }
2392#endif
2393 if (tty->driver->close)
2394 tty->driver->close(tty, filp);
2395
2396 /*
2397 * Sanity check: if tty->count is going to zero, there shouldn't be
2398 * any waiters on tty->read_wait or tty->write_wait. We test the
2399 * wait queues and kick everyone out _before_ actually starting to
2400 * close. This ensures that we won't block while releasing the tty
2401 * structure.
2402 *
2403 * The test for the o_tty closing is necessary, since the master and
2404 * slave sides may close in any order. If the slave side closes out
2405 * first, its count will be one, since the master side holds an open.
2406 * Thus this test wouldn't be triggered at the time the slave closes,
2407 * so we do it now.
2408 *
2409 * Note that it's possible for the tty to be opened again while we're
2410 * flushing out waiters. By recalculating the closing flags before
2411 * each iteration we avoid any problems.
2412 */
2413 while (1) {
2414 /* Guard against races with tty->count changes elsewhere and
2415 opens on /dev/tty */
37bdfb07 2416
70522e12 2417 mutex_lock(&tty_mutex);
1da177e4
LT		 2418 tty_closing = tty->count <= 1;
2419 o_tty_closing = o_tty &&
2420 (o_tty->count <= (pty_master ? 1 : 0));
1da177e4
LT		 2421 do_sleep = 0;
2422
2423 if (tty_closing) {
2424 if (waitqueue_active(&tty->read_wait)) {
2425 wake_up(&tty->read_wait);
2426 do_sleep++;
2427 }
2428 if (waitqueue_active(&tty->write_wait)) {
2429 wake_up(&tty->write_wait);
2430 do_sleep++;
2431 }
2432 }
2433 if (o_tty_closing) {
2434 if (waitqueue_active(&o_tty->read_wait)) {
2435 wake_up(&o_tty->read_wait);
2436 do_sleep++;
2437 }
2438 if (waitqueue_active(&o_tty->write_wait)) {
2439 wake_up(&o_tty->write_wait);
2440 do_sleep++;
2441 }
2442 }
2443 if (!do_sleep)
2444 break;
2445
2446 printk(KERN_WARNING "release_dev: %s: read/write wait queue "
2447 "active!\n", tty_name(tty, buf));
70522e12 2448 mutex_unlock(&tty_mutex);
1da177e4 2449 schedule();
37bdfb07 2450 }
1da177e4
LT		 2451
2452 /*
37bdfb07
AC		 2453 * The closing flags are now consistent with the open counts on
2454 * both sides, and we've completed the last operation that could
1da177e4
LT		 2455 * block, so it's safe to proceed with closing.
2456 */
1da177e4
LT		 2457 if (pty_master) {
2458 if (--o_tty->count < 0) {
2459 printk(KERN_WARNING "release_dev: bad pty slave count "
2460 "(%d) for %s\n",
2461 o_tty->count, tty_name(o_tty, buf));
2462 o_tty->count = 0;
2463 }
2464 }
2465 if (--tty->count < 0) {
2466 printk(KERN_WARNING "release_dev: bad tty->count (%d) for %s\n",
2467 tty->count, tty_name(tty, buf));
2468 tty->count = 0;
2469 }
37bdfb07 2470
1da177e4
LT		 2471 /*
2472 * We've decremented tty->count, so we need to remove this file
2473 * descriptor off the tty->tty_files list; this serves two
2474 * purposes:
2475 * - check_tty_count sees the correct number of file descriptors
2476 * associated with this tty.
2477 * - do_tty_hangup no longer sees this file descriptor as
2478 * something that needs to be handled for hangups.
2479 */
2480 file_kill(filp);
2481 filp->private_data = NULL;
2482
2483 /*
2484 * Perform some housekeeping before deciding whether to return.
2485 *
2486 * Set the TTY_CLOSING flag if this was the last open. In the
2487 * case of a pty we may have to wait around for the other side
2488 * to close, and TTY_CLOSING makes sure we can't be reopened.
2489 */
37bdfb07 2490 if (tty_closing)
1da177e4 2491 set_bit(TTY_CLOSING, &tty->flags);
37bdfb07 2492 if (o_tty_closing)
1da177e4
LT		 2493 set_bit(TTY_CLOSING, &o_tty->flags);
2494
2495 /*
2496 * If _either_ side is closing, make sure there aren't any
2497 * processes that still think tty or o_tty is their controlling
2498 * tty.
2499 */
2500 if (tty_closing || o_tty_closing) {
1da177e4 2501 read_lock(&tasklist_lock);
24ec839c 2502 session_clear_tty(tty->session);
1da177e4 2503 if (o_tty)
24ec839c 2504 session_clear_tty(o_tty->session);
1da177e4
LT		 2505 read_unlock(&tasklist_lock);
2506 }
2507
70522e12 2508 mutex_unlock(&tty_mutex);
da965822 2509
1da177e4
LT		 2510 /* check whether both sides are closing ... */
2511 if (!tty_closing || (o_tty && !o_tty_closing))
2512 return;
37bdfb07 2513
1da177e4
LT		 2514#ifdef TTY_DEBUG_HANGUP
2515 printk(KERN_DEBUG "freeing tty structure...");
2516#endif
2517 /*
2518 * Prevent flush_to_ldisc() from rescheduling the work for later. Then
2519 * kill any delayed work. As this is the final close it does not
2520 * race with the set_ldisc code path.
2521 */
2522 clear_bit(TTY_LDISC, &tty->flags);
33f0f88f 2523 cancel_delayed_work(&tty->buf.work);
1da177e4
LT		 2524
2525 /*
33f0f88f 2526 * Wait for ->hangup_work and ->buf.work handlers to terminate
1da177e4 2527 */
37bdfb07 2528
1da177e4 2529 flush_scheduled_work();
37bdfb07 2530
1da177e4
LT		 2531 /*
2532 * Wait for any short term users (we know they are just driver
2533 * side waiters as the file is closing so user count on the file
2534 * side is zero.
2535 */
2536 spin_lock_irqsave(&tty_ldisc_lock, flags);
37bdfb07 2537 while (tty->ldisc.refcount) {
1da177e4
LT		 2538 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
2539 wait_event(tty_ldisc_wait, tty->ldisc.refcount == 0);
2540 spin_lock_irqsave(&tty_ldisc_lock, flags);
2541 }
2542 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
2543 /*
2544 * Shutdown the current line discipline, and reset it to N_TTY.
2545 * N.B. why reset ldisc when we're releasing the memory??
2546 *
2547 * FIXME: this MUST get fixed for the new reflocking
2548 */
2549 if (tty->ldisc.close)
2550 (tty->ldisc.close)(tty);
2551 tty_ldisc_put(tty->ldisc.num);
37bdfb07 2552
1da177e4
LT		 2553 /*
2554 * Switch the line discipline back
2555 */
2556 tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
37bdfb07 2557 tty_set_termios_ldisc(tty, N_TTY);
1da177e4
LT		 2558 if (o_tty) {
2559 /* FIXME: could o_tty be in setldisc here ? */
2560 clear_bit(TTY_LDISC, &o_tty->flags);
2561 if (o_tty->ldisc.close)
2562 (o_tty->ldisc.close)(o_tty);
2563 tty_ldisc_put(o_tty->ldisc.num);
2564 tty_ldisc_assign(o_tty, tty_ldisc_get(N_TTY));
37bdfb07 2565 tty_set_termios_ldisc(o_tty, N_TTY);
1da177e4
LT		 2566 }
2567 /*
d5698c28 2568 * The release_tty function takes care of the details of clearing
1da177e4
LT		 2569 * the slots and preserving the termios structure.
2570 */
d5698c28 2571 release_tty(tty, idx);
1da177e4
LT		 2572
2573#ifdef CONFIG_UNIX98_PTYS
2574 /* Make this pty number available for reallocation */
2575 if (devpts) {
a6752f3f 2576 mutex_lock(&allocated_ptys_lock);
1da177e4 2577 idr_remove(&allocated_ptys, idx);
a6752f3f 2578 mutex_unlock(&allocated_ptys_lock);
1da177e4
LT		 2579 }
2580#endif
2581
2582}
2583
af9b897e
AC		 2584/**
2585 * tty_open - open a tty device
2586 * @inode: inode of device file
2587 * @filp: file pointer to tty
1da177e4 2588 *
af9b897e
AC		 2589 * tty_open and tty_release keep up the tty count that contains the
2590 * number of opens done on a tty. We cannot use the inode-count, as
2591 * different inodes might point to the same tty.
1da177e4 2592 *
af9b897e
AC		 2593 * Open-counting is needed for pty masters, as well as for keeping
2594 * track of serial lines: DTR is dropped when the last close happens.
2595 * (This is not done solely through tty->count, now. - Ted 1/27/92)
2596 *
2597 * The termios state of a pty is reset on first open so that
2598 * settings don't persist across reuse.
2599 *
24ec839c
PZ		 2600 * Locking: tty_mutex protects tty, get_tty_driver and init_dev work.
2601 * tty->count should protect the rest.
2602 * ->siglock protects ->signal/->sighand
1da177e4 2603 */
af9b897e 2604
37bdfb07 2605static int tty_open(struct inode *inode, struct file *filp)
1da177e4
LT		 2606{
2607 struct tty_struct *tty;
2608 int noctty, retval;
2609 struct tty_driver *driver;
2610 int index;
2611 dev_t device = inode->i_rdev;
2612 unsigned short saved_flags = filp->f_flags;
2613
2614 nonseekable_open(inode, filp);
37bdfb07 2615
1da177e4
LT		 2616retry_open:
2617 noctty = filp->f_flags & O_NOCTTY;
2618 index = -1;
2619 retval = 0;
37bdfb07 2620
70522e12 2621 mutex_lock(&tty_mutex);
1da177e4 2622
37bdfb07 2623 if (device == MKDEV(TTYAUX_MAJOR, 0)) {
24ec839c
PZ		 2624 tty = get_current_tty();
2625 if (!tty) {
70522e12 2626 mutex_unlock(&tty_mutex);
1da177e4
LT		 2627 return -ENXIO;
2628 }
24ec839c
PZ		 2629 driver = tty->driver;
2630 index = tty->index;
1da177e4
LT		 2631 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
2632 /* noctty = 1; */
2633 goto got_driver;
2634 }
2635#ifdef CONFIG_VT
37bdfb07 2636 if (device == MKDEV(TTY_MAJOR, 0)) {
1da177e4
LT		 2637 extern struct tty_driver *console_driver;
2638 driver = console_driver;
2639 index = fg_console;
2640 noctty = 1;
2641 goto got_driver;
2642 }
2643#endif
37bdfb07 2644 if (device == MKDEV(TTYAUX_MAJOR, 1)) {
1da177e4
LT		 2645 driver = console_device(&index);
2646 if (driver) {
2647 /* Don't let /dev/console block */
2648 filp->f_flags |= O_NONBLOCK;
2649 noctty = 1;
2650 goto got_driver;
2651 }
70522e12 2652 mutex_unlock(&tty_mutex);
1da177e4
LT		 2653 return -ENODEV;
2654 }
2655
2656 driver = get_tty_driver(device, &index);
2657 if (!driver) {
70522e12 2658 mutex_unlock(&tty_mutex);
1da177e4
LT		 2659 return -ENODEV;
2660 }
2661got_driver:
2662 retval = init_dev(driver, index, &tty);
70522e12 2663 mutex_unlock(&tty_mutex);
1da177e4
LT		 2664 if (retval)
2665 return retval;
2666
2667 filp->private_data = tty;
2668 file_move(filp, &tty->tty_files);
2669 check_tty_count(tty, "tty_open");
2670 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2671 tty->driver->subtype == PTY_TYPE_MASTER)
2672 noctty = 1;
2673#ifdef TTY_DEBUG_HANGUP
2674 printk(KERN_DEBUG "opening %s...", tty->name);
2675#endif
2676 if (!retval) {
2677 if (tty->driver->open)
2678 retval = tty->driver->open(tty, filp);
2679 else
2680 retval = -ENODEV;
2681 }
2682 filp->f_flags = saved_flags;
2683
37bdfb07
AC		 2684 if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) &&
2685 !capable(CAP_SYS_ADMIN))
1da177e4
LT		 2686 retval = -EBUSY;
2687
2688 if (retval) {
2689#ifdef TTY_DEBUG_HANGUP
2690 printk(KERN_DEBUG "error %d in opening %s...", retval,
2691 tty->name);
2692#endif
2693 release_dev(filp);
2694 if (retval != -ERESTARTSYS)
2695 return retval;
2696 if (signal_pending(current))
2697 return retval;
2698 schedule();
2699 /*
2700 * Need to reset f_op in case a hangup happened.
2701 */
2702 if (filp->f_op == &hung_up_tty_fops)
2703 filp->f_op = &tty_fops;
2704 goto retry_open;
2705 }
24ec839c
PZ		 2706
2707 mutex_lock(&tty_mutex);
2708 spin_lock_irq(&current->sighand->siglock);
1da177e4
LT		 2709 if (!noctty &&
2710 current->signal->leader &&
2711 !current->signal->tty &&
ab521dc0 2712 tty->session == NULL)
2a65f1d9 2713 __proc_set_tty(current, tty);
24ec839c
PZ		 2714 spin_unlock_irq(&current->sighand->siglock);
2715 mutex_unlock(&tty_mutex);
522ed776 2716 tty_audit_opening();
1da177e4
LT		 2717 return 0;
2718}
2719
2720#ifdef CONFIG_UNIX98_PTYS
af9b897e
AC		 2721/**
2722 * ptmx_open - open a unix 98 pty master
2723 * @inode: inode of device file
2724 * @filp: file pointer to tty
2725 *
2726 * Allocate a unix98 pty master device from the ptmx driver.
2727 *
2728 * Locking: tty_mutex protects theinit_dev work. tty->count should
37bdfb07 2729 * protect the rest.
af9b897e
AC		 2730 * allocated_ptys_lock handles the list of free pty numbers
2731 */
2732
37bdfb07 2733static int ptmx_open(struct inode *inode, struct file *filp)
1da177e4
LT		 2734{
2735 struct tty_struct *tty;
2736 int retval;
2737 int index;
2738 int idr_ret;
2739
2740 nonseekable_open(inode, filp);
2741
2742 /* find a device that is not in use. */
a6752f3f 2743 mutex_lock(&allocated_ptys_lock);
1da177e4 2744 if (!idr_pre_get(&allocated_ptys, GFP_KERNEL)) {
a6752f3f 2745 mutex_unlock(&allocated_ptys_lock);
1da177e4
LT		 2746 return -ENOMEM;
2747 }
2748 idr_ret = idr_get_new(&allocated_ptys, NULL, &index);
2749 if (idr_ret < 0) {
a6752f3f 2750 mutex_unlock(&allocated_ptys_lock);
1da177e4
LT		 2751 if (idr_ret == -EAGAIN)
2752 return -ENOMEM;
2753 return -EIO;
2754 }
2755 if (index >= pty_limit) {
2756 idr_remove(&allocated_ptys, index);
a6752f3f 2757 mutex_unlock(&allocated_ptys_lock);
1da177e4
LT		 2758 return -EIO;
2759 }
a6752f3f 2760 mutex_unlock(&allocated_ptys_lock);
1da177e4 2761
70522e12 2762 mutex_lock(&tty_mutex);
1da177e4 2763 retval = init_dev(ptm_driver, index, &tty);
70522e12 2764 mutex_unlock(&tty_mutex);
37bdfb07 2765
1da177e4
LT		 2766 if (retval)
2767 goto out;
2768
2769 set_bit(TTY_PTY_LOCK, &tty->flags); /* LOCK THE SLAVE */
2770 filp->private_data = tty;
2771 file_move(filp, &tty->tty_files);
2772
2773 retval = -ENOMEM;
2774 if (devpts_pty_new(tty->link))
2775 goto out1;
2776
2777 check_tty_count(tty, "tty_open");
2778 retval = ptm_driver->open(tty, filp);
522ed776
MT		 2779 if (!retval) {
2780 tty_audit_opening();
1da177e4 2781 return 0;
522ed776 2782 }
1da177e4
LT		 2783out1:
2784 release_dev(filp);
9453a5ad 2785 return retval;
1da177e4 2786out:
a6752f3f 2787 mutex_lock(&allocated_ptys_lock);
1da177e4 2788 idr_remove(&allocated_ptys, index);
a6752f3f 2789 mutex_unlock(&allocated_ptys_lock);
1da177e4
LT		 2790 return retval;
2791}
2792#endif
2793
af9b897e
AC		 2794/**
2795 * tty_release - vfs callback for close
2796 * @inode: inode of tty
2797 * @filp: file pointer for handle to tty
2798 *
2799 * Called the last time each file handle is closed that references
2800 * this tty. There may however be several such references.
2801 *
2802 * Locking:
2803 * Takes bkl. See release_dev
2804 */
2805
37bdfb07 2806static int tty_release(struct inode *inode, struct file *filp)
1da177e4
LT		 2807{
2808 lock_kernel();
2809 release_dev(filp);
2810 unlock_kernel();
2811 return 0;
2812}
2813
af9b897e
AC		 2814/**
2815 * tty_poll - check tty status
2816 * @filp: file being polled
2817 * @wait: poll wait structures to update
2818 *
2819 * Call the line discipline polling method to obtain the poll
2820 * status of the device.
2821 *
2822 * Locking: locks called line discipline but ldisc poll method
2823 * may be re-entered freely by other callers.
2824 */
2825
37bdfb07 2826static unsigned int tty_poll(struct file *filp, poll_table *wait)
1da177e4 2827{
37bdfb07 2828 struct tty_struct *tty;
1da177e4
LT		 2829 struct tty_ldisc *ld;
2830 int ret = 0;
2831
2832 tty = (struct tty_struct *)filp->private_data;
a7113a96 2833 if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_poll"))
1da177e4 2834 return 0;
37bdfb07 2835
1da177e4
LT		 2836 ld = tty_ldisc_ref_wait(tty);
2837 if (ld->poll)
2838 ret = (ld->poll)(tty, filp, wait);
2839 tty_ldisc_deref(ld);
2840 return ret;
2841}
2842
37bdfb07 2843static int tty_fasync(int fd, struct file *filp, int on)
1da177e4 2844{
37bdfb07 2845 struct tty_struct *tty;
1da177e4
LT		 2846 int retval;
2847
2848 tty = (struct tty_struct *)filp->private_data;
a7113a96 2849 if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_fasync"))
1da177e4 2850 return 0;
37bdfb07 2851
1da177e4
LT		 2852 retval = fasync_helper(fd, filp, on, &tty->fasync);
2853 if (retval <= 0)
2854 return retval;
2855
2856 if (on) {
ab521dc0
EB		 2857 enum pid_type type;
2858 struct pid *pid;
1da177e4
LT		 2859 if (!waitqueue_active(&tty->read_wait))
2860 tty->minimum_to_wake = 1;
ab521dc0
EB		 2861 if (tty->pgrp) {
2862 pid = tty->pgrp;
2863 type = PIDTYPE_PGID;
2864 } else {
2865 pid = task_pid(current);
2866 type = PIDTYPE_PID;
2867 }
2868 retval = __f_setown(filp, pid, type, 0);
1da177e4
LT		 2869 if (retval)
2870 return retval;
2871 } else {
2872 if (!tty->fasync && !waitqueue_active(&tty->read_wait))
2873 tty->minimum_to_wake = N_TTY_BUF_SIZE;
2874 }
2875 return 0;
2876}
2877
af9b897e
AC		 2878/**
2879 * tiocsti - fake input character
2880 * @tty: tty to fake input into
2881 * @p: pointer to character
2882 *
3a4fa0a2 2883 * Fake input to a tty device. Does the necessary locking and
af9b897e
AC		 2884 * input management.
2885 *
2886 * FIXME: does not honour flow control ??
2887 *
2888 * Locking:
2889 * Called functions take tty_ldisc_lock
2890 * current->signal->tty check is safe without locks
28298232
AC		 2891 *
2892 * FIXME: may race normal receive processing
af9b897e
AC		 2893 */
2894
1da177e4
LT		 2895static int tiocsti(struct tty_struct *tty, char __user *p)
2896{
2897 char ch, mbz = 0;
2898 struct tty_ldisc *ld;
37bdfb07 2899
1da177e4
LT		 2900 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2901 return -EPERM;
2902 if (get_user(ch, p))
2903 return -EFAULT;
2904 ld = tty_ldisc_ref_wait(tty);
2905 ld->receive_buf(tty, &ch, &mbz, 1);
2906 tty_ldisc_deref(ld);
2907 return 0;
2908}
2909
af9b897e
AC		 2910/**
2911 * tiocgwinsz - implement window query ioctl
2912 * @tty; tty
2913 * @arg: user buffer for result
2914 *
808a0d38 2915 * Copies the kernel idea of the window size into the user buffer.
af9b897e 2916 *
24ec839c 2917 * Locking: tty->termios_mutex is taken to ensure the winsize data
808a0d38 2918 * is consistent.
af9b897e
AC		 2919 */
2920
37bdfb07 2921static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
1da177e4 2922{
808a0d38
AC		 2923 int err;
2924
5785c95b 2925 mutex_lock(&tty->termios_mutex);
808a0d38 2926 err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
5785c95b 2927 mutex_unlock(&tty->termios_mutex);
808a0d38
AC		 2928
2929 return err ? -EFAULT: 0;
1da177e4
LT		 2930}
2931
af9b897e
AC		 2932/**
2933 * tiocswinsz - implement window size set ioctl
2934 * @tty; tty
2935 * @arg: user buffer for result
2936 *
2937 * Copies the user idea of the window size to the kernel. Traditionally
2938 * this is just advisory information but for the Linux console it
2939 * actually has driver level meaning and triggers a VC resize.
2940 *
2941 * Locking:
ca9bda00
AC		 2942 * Called function use the console_sem is used to ensure we do
2943 * not try and resize the console twice at once.
24ec839c
PZ		 2944 * The tty->termios_mutex is used to ensure we don't double
2945 * resize and get confused. Lock order - tty->termios_mutex before
ca9bda00 2946 * console sem
af9b897e
AC		 2947 */
2948
1da177e4 2949static int tiocswinsz(struct tty_struct *tty, struct tty_struct *real_tty,
37bdfb07 2950 struct winsize __user *arg)
1da177e4
LT		 2951{
2952 struct winsize tmp_ws;
2953
2954 if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2955 return -EFAULT;
ca9bda00 2956
5785c95b 2957 mutex_lock(&tty->termios_mutex);
1da177e4 2958 if (!memcmp(&tmp_ws, &tty->winsize, sizeof(*arg)))
ca9bda00
AC		 2959 goto done;
2960
1da177e4
LT		 2961#ifdef CONFIG_VT
2962 if (tty->driver->type == TTY_DRIVER_TYPE_CONSOLE) {
5785c95b
AV		 2963 if (vc_lock_resize(tty->driver_data, tmp_ws.ws_col,
2964 tmp_ws.ws_row)) {
2965 mutex_unlock(&tty->termios_mutex);
37bdfb07 2966 return -ENXIO;
ca9bda00 2967 }
1da177e4
LT		 2968 }
2969#endif
ab521dc0
EB		 2970 if (tty->pgrp)
2971 kill_pgrp(tty->pgrp, SIGWINCH, 1);
2972 if ((real_tty->pgrp != tty->pgrp) && real_tty->pgrp)
2973 kill_pgrp(real_tty->pgrp, SIGWINCH, 1);
1da177e4
LT		 2974 tty->winsize = tmp_ws;
2975 real_tty->winsize = tmp_ws;
ca9bda00 2976done:
5785c95b 2977 mutex_unlock(&tty->termios_mutex);
1da177e4
LT		 2978 return 0;
2979}
2980
af9b897e
AC		 2981/**
2982 * tioccons - allow admin to move logical console
2983 * @file: the file to become console
2984 *
2985 * Allow the adminstrator to move the redirected console device
2986 *
2987 * Locking: uses redirect_lock to guard the redirect information
2988 */
2989
1da177e4
LT		 2990static int tioccons(struct file *file)
2991{
2992 if (!capable(CAP_SYS_ADMIN))
2993 return -EPERM;
2994 if (file->f_op->write == redirected_tty_write) {
2995 struct file *f;
2996 spin_lock(&redirect_lock);
2997 f = redirect;
2998 redirect = NULL;
2999 spin_unlock(&redirect_lock);
3000 if (f)
3001 fput(f);
3002 return 0;
3003 }
3004 spin_lock(&redirect_lock);
3005 if (redirect) {
3006 spin_unlock(&redirect_lock);
3007 return -EBUSY;
3008 }
3009 get_file(file);
3010 redirect = file;
3011 spin_unlock(&redirect_lock);
3012 return 0;
3013}
3014
af9b897e
AC		 3015/**
3016 * fionbio - non blocking ioctl
3017 * @file: file to set blocking value
3018 * @p: user parameter
3019 *
3020 * Historical tty interfaces had a blocking control ioctl before
3021 * the generic functionality existed. This piece of history is preserved
3022 * in the expected tty API of posix OS's.
3023 *
3024 * Locking: none, the open fle handle ensures it won't go away.
3025 */
1da177e4
LT		 3026
3027static int fionbio(struct file *file, int __user *p)
3028{
3029 int nonblock;
3030
3031 if (get_user(nonblock, p))
3032 return -EFAULT;
3033
3034 if (nonblock)
3035 file->f_flags |= O_NONBLOCK;
3036 else
3037 file->f_flags &= ~O_NONBLOCK;
3038 return 0;
3039}
3040
af9b897e
AC		 3041/**
3042 * tiocsctty - set controlling tty
3043 * @tty: tty structure
3044 * @arg: user argument
3045 *
3046 * This ioctl is used to manage job control. It permits a session
3047 * leader to set this tty as the controlling tty for the session.
3048 *
3049 * Locking:
28298232 3050 * Takes tty_mutex() to protect tty instance
24ec839c
PZ		 3051 * Takes tasklist_lock internally to walk sessions
3052 * Takes ->siglock() when updating signal->tty
af9b897e
AC		 3053 */
3054
1da177e4
LT		 3055static int tiocsctty(struct tty_struct *tty, int arg)
3056{
24ec839c 3057 int ret = 0;
ab521dc0 3058 if (current->signal->leader && (task_session(current) == tty->session))
24ec839c
PZ		 3059 return ret;
3060
3061 mutex_lock(&tty_mutex);
1da177e4
LT		 3062 /*
3063 * The process must be a session leader and
3064 * not have a controlling tty already.
3065 */
24ec839c
PZ		 3066 if (!current->signal->leader || current->signal->tty) {
3067 ret = -EPERM;
3068 goto unlock;
3069 }
3070
ab521dc0 3071 if (tty->session) {
1da177e4
LT		 3072 /*
3073 * This tty is already the controlling
3074 * tty for another session group!
3075 */
37bdfb07 3076 if (arg == 1 && capable(CAP_SYS_ADMIN)) {
1da177e4
LT		 3077 /*
3078 * Steal it away
3079 */
1da177e4 3080 read_lock(&tasklist_lock);
24ec839c 3081 session_clear_tty(tty->session);
1da177e4 3082 read_unlock(&tasklist_lock);
24ec839c
PZ		 3083 } else {
3084 ret = -EPERM;
3085 goto unlock;
3086 }
1da177e4 3087 }
24ec839c
PZ		 3088 proc_set_tty(current, tty);
3089unlock:
28298232 3090 mutex_unlock(&tty_mutex);
24ec839c 3091 return ret;
1da177e4
LT		 3092}
3093
af9b897e
AC		 3094/**
3095 * tiocgpgrp - get process group
3096 * @tty: tty passed by user
3097 * @real_tty: tty side of the tty pased by the user if a pty else the tty
3098 * @p: returned pid
3099 *
3100 * Obtain the process group of the tty. If there is no process group
3101 * return an error.
3102 *
24ec839c 3103 * Locking: none. Reference to current->signal->tty is safe.
af9b897e
AC		 3104 */
3105
1da177e4
LT		 3106static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3107{
3108 /*
3109 * (tty == real_tty) is a cheap way of
3110 * testing if the tty is NOT a master pty.
3111 */
3112 if (tty == real_tty && current->signal->tty != real_tty)
3113 return -ENOTTY;
b488893a 3114 return put_user(pid_vnr(real_tty->pgrp), p);
1da177e4
LT		 3115}
3116
af9b897e
AC		 3117/**
3118 * tiocspgrp - attempt to set process group
3119 * @tty: tty passed by user
3120 * @real_tty: tty side device matching tty passed by user
3121 * @p: pid pointer
3122 *
3123 * Set the process group of the tty to the session passed. Only
3124 * permitted where the tty session is our session.
3125 *
3126 * Locking: None
af9b897e
AC		 3127 */
3128
1da177e4
LT		 3129static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3130{
04a2e6a5
EB		 3131 struct pid *pgrp;
3132 pid_t pgrp_nr;
1da177e4
LT		 3133 int retval = tty_check_change(real_tty);
3134
3135 if (retval == -EIO)
3136 return -ENOTTY;
3137 if (retval)
3138 return retval;
3139 if (!current->signal->tty ||
3140 (current->signal->tty != real_tty) ||
ab521dc0 3141 (real_tty->session != task_session(current)))
1da177e4 3142 return -ENOTTY;
04a2e6a5 3143 if (get_user(pgrp_nr, p))
1da177e4 3144 return -EFAULT;
04a2e6a5 3145 if (pgrp_nr < 0)
1da177e4 3146 return -EINVAL;
04a2e6a5 3147 rcu_read_lock();
b488893a 3148 pgrp = find_vpid(pgrp_nr);
04a2e6a5
EB		 3149 retval = -ESRCH;
3150 if (!pgrp)
3151 goto out_unlock;
3152 retval = -EPERM;
3153 if (session_of_pgrp(pgrp) != task_session(current))
3154 goto out_unlock;
3155 retval = 0;
ab521dc0
EB		 3156 put_pid(real_tty->pgrp);
3157 real_tty->pgrp = get_pid(pgrp);
04a2e6a5
EB		 3158out_unlock:
3159 rcu_read_unlock();
3160 return retval;
1da177e4
LT		 3161}
3162
af9b897e
AC		 3163/**
3164 * tiocgsid - get session id
3165 * @tty: tty passed by user
3166 * @real_tty: tty side of the tty pased by the user if a pty else the tty
3167 * @p: pointer to returned session id
3168 *
3169 * Obtain the session id of the tty. If there is no session
3170 * return an error.
3171 *
24ec839c 3172 * Locking: none. Reference to current->signal->tty is safe.
af9b897e
AC		 3173 */
3174
1da177e4
LT		 3175static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3176{
3177 /*
3178 * (tty == real_tty) is a cheap way of
3179 * testing if the tty is NOT a master pty.
3180 */
3181 if (tty == real_tty && current->signal->tty != real_tty)
3182 return -ENOTTY;
ab521dc0 3183 if (!real_tty->session)
1da177e4 3184 return -ENOTTY;
b488893a 3185 return put_user(pid_vnr(real_tty->session), p);
1da177e4
LT		 3186}
3187
af9b897e
AC		 3188/**
3189 * tiocsetd - set line discipline
3190 * @tty: tty device
3191 * @p: pointer to user data
3192 *
3193 * Set the line discipline according to user request.
3194 *
3195 * Locking: see tty_set_ldisc, this function is just a helper
3196 */
3197
1da177e4
LT		 3198static int tiocsetd(struct tty_struct *tty, int __user *p)
3199{
3200 int ldisc;
3201
3202 if (get_user(ldisc, p))
3203 return -EFAULT;
3204 return tty_set_ldisc(tty, ldisc);
3205}
3206
af9b897e
AC		 3207/**
3208 * send_break - performed time break
3209 * @tty: device to break on
3210 * @duration: timeout in mS
3211 *
3212 * Perform a timed break on hardware that lacks its own driver level
3213 * timed break functionality.
3214 *
3215 * Locking:
28298232 3216 * atomic_write_lock serializes
af9b897e 3217 *
af9b897e
AC		 3218 */
3219
b20f3ae5 3220static int send_break(struct tty_struct *tty, unsigned int duration)
1da177e4 3221{
9c1729db 3222 if (tty_write_lock(tty, 0) < 0)
28298232 3223 return -EINTR;
1da177e4 3224 tty->driver->break_ctl(tty, -1);
9c1729db 3225 if (!signal_pending(current))
b20f3ae5 3226 msleep_interruptible(duration);
1da177e4 3227 tty->driver->break_ctl(tty, 0);
9c1729db 3228 tty_write_unlock(tty);
1da177e4
LT		 3229 if (signal_pending(current))
3230 return -EINTR;
3231 return 0;
3232}
3233
af9b897e
AC		 3234/**
3235 * tiocmget - get modem status
3236 * @tty: tty device
3237 * @file: user file pointer
3238 * @p: pointer to result
3239 *
3240 * Obtain the modem status bits from the tty driver if the feature
3241 * is supported. Return -EINVAL if it is not available.
3242 *
3243 * Locking: none (up to the driver)
3244 */
3245
3246static int tty_tiocmget(struct tty_struct *tty, struct file *file, int __user *p)
1da177e4
LT		 3247{
3248 int retval = -EINVAL;
3249
3250 if (tty->driver->tiocmget) {
3251 retval = tty->driver->tiocmget(tty, file);
3252
3253 if (retval >= 0)
3254 retval = put_user(retval, p);
3255 }
3256 return retval;
3257}
3258
af9b897e
AC		 3259/**
3260 * tiocmset - set modem status
3261 * @tty: tty device
3262 * @file: user file pointer
3263 * @cmd: command - clear bits, set bits or set all
3264 * @p: pointer to desired bits
3265 *
3266 * Set the modem status bits from the tty driver if the feature
3267 * is supported. Return -EINVAL if it is not available.
3268 *
3269 * Locking: none (up to the driver)
3270 */
3271
3272static int tty_tiocmset(struct tty_struct *tty, struct file *file, unsigned int cmd,
1da177e4
LT		 3273 unsigned __user *p)
3274{
3275 int retval = -EINVAL;
3276
3277 if (tty->driver->tiocmset) {
3278 unsigned int set, clear, val;
3279
3280 retval = get_user(val, p);
3281 if (retval)
3282 return retval;
3283
3284 set = clear = 0;
3285 switch (cmd) {
3286 case TIOCMBIS:
3287 set = val;
3288 break;
3289 case TIOCMBIC:
3290 clear = val;
3291 break;
3292 case TIOCMSET:
3293 set = val;
3294 clear = ~val;
3295 break;
3296 }
3297
3298 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
3299 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
3300
3301 retval = tty->driver->tiocmset(tty, file, set, clear);
3302 }
3303 return retval;
3304}
3305
3306/*
3307 * Split this up, as gcc can choke on it otherwise..
3308 */
37bdfb07 3309int tty_ioctl(struct inode *inode, struct file *file,
1da177e4
LT		 3310 unsigned int cmd, unsigned long arg)
3311{
3312 struct tty_struct *tty, *real_tty;
3313 void __user *p = (void __user *)arg;
3314 int retval;
3315 struct tty_ldisc *ld;
37bdfb07 3316
1da177e4
LT		 3317 tty = (struct tty_struct *)file->private_data;
3318 if (tty_paranoia_check(tty, inode, "tty_ioctl"))
3319 return -EINVAL;
3320
28298232
AC		 3321 /* CHECKME: is this safe as one end closes ? */
3322
1da177e4
LT		 3323 real_tty = tty;
3324 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
3325 tty->driver->subtype == PTY_TYPE_MASTER)
3326 real_tty = tty->link;
3327
3328 /*
3329 * Break handling by driver
3330 */
3331 if (!tty->driver->break_ctl) {
37bdfb07 3332 switch (cmd) {
1da177e4
LT		 3333 case TIOCSBRK:
3334 case TIOCCBRK:
3335 if (tty->driver->ioctl)
3336 return tty->driver->ioctl(tty, file, cmd, arg);
3337 return -EINVAL;
37bdfb07 3338
1da177e4
LT		 3339 /* These two ioctl's always return success; even if */
3340 /* the driver doesn't support them. */
3341 case TCSBRK:
3342 case TCSBRKP:
3343 if (!tty->driver->ioctl)
3344 return 0;
3345 retval = tty->driver->ioctl(tty, file, cmd, arg);
3346 if (retval == -ENOIOCTLCMD)
3347 retval = 0;
3348 return retval;
3349 }
3350 }
3351
3352 /*
3353 * Factor out some common prep work
3354 */
3355 switch (cmd) {
3356 case TIOCSETD:
3357 case TIOCSBRK:
3358 case TIOCCBRK:
3359 case TCSBRK:
37bdfb07 3360 case TCSBRKP:
1da177e4
LT		 3361 retval = tty_check_change(tty);
3362 if (retval)
3363 return retval;
3364 if (cmd != TIOCCBRK) {
3365 tty_wait_until_sent(tty, 0);
3366 if (signal_pending(current))
3367 return -EINTR;
3368 }
3369 break;
3370 }
3371
3372 switch (cmd) {
37bdfb07
AC		 3373 case TIOCSTI:
3374 return tiocsti(tty, p);
3375 case TIOCGWINSZ:
3376 return tiocgwinsz(tty, p);
3377 case TIOCSWINSZ:
3378 return tiocswinsz(tty, real_tty, p);
3379 case TIOCCONS:
3380 return real_tty != tty ? -EINVAL : tioccons(file);
3381 case FIONBIO:
3382 return fionbio(file, p);
3383 case TIOCEXCL:
3384 set_bit(TTY_EXCLUSIVE, &tty->flags);
3385 return 0;
3386 case TIOCNXCL:
3387 clear_bit(TTY_EXCLUSIVE, &tty->flags);
3388 return 0;
3389 case TIOCNOTTY:
3390 if (current->signal->tty != tty)
3391 return -ENOTTY;
3392 no_tty();
3393 return 0;
3394 case TIOCSCTTY:
3395 return tiocsctty(tty, arg);
3396 case TIOCGPGRP:
3397 return tiocgpgrp(tty, real_tty, p);
3398 case TIOCSPGRP:
3399 return tiocspgrp(tty, real_tty, p);
3400 case TIOCGSID:
3401 return tiocgsid(tty, real_tty, p);
3402 case TIOCGETD:
3403 /* FIXME: check this is ok */
3404 return put_user(tty->ldisc.num, (int __user *)p);
3405 case TIOCSETD:
3406 return tiocsetd(tty, p);
1da177e4 3407#ifdef CONFIG_VT
37bdfb07
AC		 3408 case TIOCLINUX:
3409 return tioclinux(tty, arg);
1da177e4 3410#endif
37bdfb07
AC		 3411 /*
3412 * Break handling
3413 */
3414 case TIOCSBRK: /* Turn break on, unconditionally */
3415 tty->driver->break_ctl(tty, -1);
3416 return 0;
1da177e4 3417
37bdfb07
AC		 3418 case TIOCCBRK: /* Turn break off, unconditionally */
3419 tty->driver->break_ctl(tty, 0);
3420 return 0;
3421 case TCSBRK: /* SVID version: non-zero arg --> no break */
3422 /* non-zero arg means wait for all output data
3423 * to be sent (performed above) but don't send break.
3424 * This is used by the tcdrain() termios function.
3425 */
3426 if (!arg)
3427 return send_break(tty, 250);
3428 return 0;
3429 case TCSBRKP: /* support for POSIX tcsendbreak() */
3430 return send_break(tty, arg ? arg*100 : 250);
3431
3432 case TIOCMGET:
3433 return tty_tiocmget(tty, file, p);
3434 case TIOCMSET:
3435 case TIOCMBIC:
3436 case TIOCMBIS:
3437 return tty_tiocmset(tty, file, cmd, p);
3438 case TCFLSH:
3439 switch (arg) {
3440 case TCIFLUSH:
3441 case TCIOFLUSH:
3442 /* flush tty buffer and allow ldisc to process ioctl */
3443 tty_buffer_flush(tty);
c5c34d48 3444 break;
37bdfb07
AC		 3445 }
3446 break;
1da177e4
LT		 3447 }
3448 if (tty->driver->ioctl) {
3449 retval = (tty->driver->ioctl)(tty, file, cmd, arg);
3450 if (retval != -ENOIOCTLCMD)
3451 return retval;
3452 }
3453 ld = tty_ldisc_ref_wait(tty);
3454 retval = -EINVAL;
3455 if (ld->ioctl) {
3456 retval = ld->ioctl(tty, file, cmd, arg);
3457 if (retval == -ENOIOCTLCMD)
3458 retval = -EINVAL;
3459 }
3460 tty_ldisc_deref(ld);
3461 return retval;
3462}
3463
e10cc1df 3464#ifdef CONFIG_COMPAT
37bdfb07 3465static long tty_compat_ioctl(struct file *file, unsigned int cmd,
e10cc1df
PF		 3466 unsigned long arg)
3467{
3468 struct inode *inode = file->f_dentry->d_inode;
3469 struct tty_struct *tty = file->private_data;
3470 struct tty_ldisc *ld;
3471 int retval = -ENOIOCTLCMD;
3472
3473 if (tty_paranoia_check(tty, inode, "tty_ioctl"))
3474 return -EINVAL;
3475
3476 if (tty->driver->compat_ioctl) {
3477 retval = (tty->driver->compat_ioctl)(tty, file, cmd, arg);
3478 if (retval != -ENOIOCTLCMD)
3479 return retval;
3480 }
3481
3482 ld = tty_ldisc_ref_wait(tty);
3483 if (ld->compat_ioctl)
3484 retval = ld->compat_ioctl(tty, file, cmd, arg);
3485 tty_ldisc_deref(ld);
3486
3487 return retval;
3488}
3489#endif
1da177e4
LT		 3490
3491/*
3492 * This implements the "Secure Attention Key" --- the idea is to
3493 * prevent trojan horses by killing all processes associated with this
3494 * tty when the user hits the "Secure Attention Key". Required for
3495 * super-paranoid applications --- see the Orange Book for more details.
37bdfb07 3496 *
1da177e4
LT		 3497 * This code could be nicer; ideally it should send a HUP, wait a few
3498 * seconds, then send a INT, and then a KILL signal. But you then
3499 * have to coordinate with the init process, since all processes associated
3500 * with the current tty must be dead before the new getty is allowed
3501 * to spawn.
3502 *
3503 * Now, if it would be correct ;-/ The current code has a nasty hole -
3504 * it doesn't catch files in flight. We may send the descriptor to ourselves
3505 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
3506 *
3507 * Nasty bug: do_SAK is being called in interrupt context. This can
3508 * deadlock. We punt it up to process context. AKPM - 16Mar2001
3509 */
8b6312f4 3510void __do_SAK(struct tty_struct *tty)
1da177e4
LT		 3511{
3512#ifdef TTY_SOFT_SAK
3513 tty_hangup(tty);
3514#else
652486fb 3515 struct task_struct *g, *p;
ab521dc0 3516 struct pid *session;
1da177e4
LT		 3517 int i;
3518 struct file *filp;
badf1662 3519 struct fdtable *fdt;
37bdfb07 3520
1da177e4
LT		 3521 if (!tty)
3522 return;
24ec839c 3523 session = tty->session;
37bdfb07 3524
b3f13deb 3525 tty_ldisc_flush(tty);
1da177e4
LT		 3526
3527 if (tty->driver->flush_buffer)
3528 tty->driver->flush_buffer(tty);
37bdfb07 3529
1da177e4 3530 read_lock(&tasklist_lock);
652486fb 3531 /* Kill the entire session */
ab521dc0 3532 do_each_pid_task(session, PIDTYPE_SID, p) {
652486fb 3533 printk(KERN_NOTICE "SAK: killed process %d"
a47afb0f 3534 " (%s): task_session_nr(p)==tty->session\n",
ba25f9dc 3535 task_pid_nr(p), p->comm);
652486fb 3536 send_sig(SIGKILL, p, 1);
ab521dc0 3537 } while_each_pid_task(session, PIDTYPE_SID, p);
652486fb
EB		 3538 /* Now kill any processes that happen to have the
3539 * tty open.
3540 */
3541 do_each_thread(g, p) {
3542 if (p->signal->tty == tty) {
1da177e4 3543 printk(KERN_NOTICE "SAK: killed process %d"
a47afb0f 3544 " (%s): task_session_nr(p)==tty->session\n",
ba25f9dc 3545 task_pid_nr(p), p->comm);
1da177e4
LT		 3546 send_sig(SIGKILL, p, 1);
3547 continue;
3548 }
3549 task_lock(p);
3550 if (p->files) {
ca99c1da
DS		 3551 /*
3552 * We don't take a ref to the file, so we must
3553 * hold ->file_lock instead.
3554 */
3555 spin_lock(&p->files->file_lock);
badf1662 3556 fdt = files_fdtable(p->files);
37bdfb07 3557 for (i = 0; i < fdt->max_fds; i++) {
1da177e4
LT		 3558 filp = fcheck_files(p->files, i);
3559 if (!filp)
3560 continue;
3561 if (filp->f_op->read == tty_read &&
3562 filp->private_data == tty) {
3563 printk(KERN_NOTICE "SAK: killed process %d"
3564 " (%s): fd#%d opened to the tty\n",
ba25f9dc 3565 task_pid_nr(p), p->comm, i);
20ac9437 3566 force_sig(SIGKILL, p);
1da177e4
LT		 3567 break;
3568 }
3569 }
ca99c1da 3570 spin_unlock(&p->files->file_lock);
1da177e4
LT		 3571 }
3572 task_unlock(p);
652486fb 3573 } while_each_thread(g, p);
1da177e4
LT		 3574 read_unlock(&tasklist_lock);
3575#endif
3576}
3577
8b6312f4
EB		 3578static void do_SAK_work(struct work_struct *work)
3579{
3580 struct tty_struct *tty =
3581 container_of(work, struct tty_struct, SAK_work);
3582 __do_SAK(tty);
3583}
3584
1da177e4
LT		 3585/*
3586 * The tq handling here is a little racy - tty->SAK_work may already be queued.
3587 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3588 * the values which we write to it will be identical to the values which it
3589 * already has. --akpm
3590 */
3591void do_SAK(struct tty_struct *tty)
3592{
3593 if (!tty)
3594 return;
1da177e4
LT		 3595 schedule_work(&tty->SAK_work);
3596}
3597
3598EXPORT_SYMBOL(do_SAK);
3599
af9b897e
AC		 3600/**
3601 * flush_to_ldisc
65f27f38 3602 * @work: tty structure passed from work queue.
af9b897e
AC		 3603 *
3604 * This routine is called out of the software interrupt to flush data
3605 * from the buffer chain to the line discipline.
3606 *
3607 * Locking: holds tty->buf.lock to guard buffer list. Drops the lock
3608 * while invoking the line discipline receive_buf method. The
3609 * receive_buf method is single threaded for each tty instance.
1da177e4 3610 */
37bdfb07 3611
65f27f38 3612static void flush_to_ldisc(struct work_struct *work)
1da177e4 3613{
65f27f38
DH		 3614 struct tty_struct *tty =
3615 container_of(work, struct tty_struct, buf.work.work);
1da177e4
LT		 3616 unsigned long flags;
3617 struct tty_ldisc *disc;
2c3bb20f 3618 struct tty_buffer *tbuf, *head;
8977d929
PF		 3619 char *char_buf;
3620 unsigned char *flag_buf;
1da177e4
LT		 3621
3622 disc = tty_ldisc_ref(tty);
3623 if (disc == NULL) /* !TTY_LDISC */
3624 return;
3625
808249ce 3626 spin_lock_irqsave(&tty->buf.lock, flags);
37bdfb07
AC		 3627 /* So we know a flush is running */
3628 set_bit(TTY_FLUSHING, &tty->flags);
2c3bb20f
PF		 3629 head = tty->buf.head;
3630 if (head != NULL) {
3631 tty->buf.head = NULL;
3632 for (;;) {
3633 int count = head->commit - head->read;
3634 if (!count) {
3635 if (head->next == NULL)
3636 break;
3637 tbuf = head;
3638 head = head->next;
3639 tty_buffer_free(tty, tbuf);
3640 continue;
3641 }
42fd552e
AC		 3642 /* Ldisc or user is trying to flush the buffers
3643 we are feeding to the ldisc, stop feeding the
3644 line discipline as we want to empty the queue */
3645 if (test_bit(TTY_FLUSHPENDING, &tty->flags))
3646 break;
2c3bb20f
PF		 3647 if (!tty->receive_room) {
3648 schedule_delayed_work(&tty->buf.work, 1);
3649 break;
3650 }
3651 if (count > tty->receive_room)
3652 count = tty->receive_room;
3653 char_buf = head->char_buf_ptr + head->read;
3654 flag_buf = head->flag_buf_ptr + head->read;
3655 head->read += count;
8977d929
PF		 3656 spin_unlock_irqrestore(&tty->buf.lock, flags);
3657 disc->receive_buf(tty, char_buf, flag_buf, count);
3658 spin_lock_irqsave(&tty->buf.lock, flags);
3659 }
42fd552e 3660 /* Restore the queue head */
2c3bb20f 3661 tty->buf.head = head;
33f0f88f 3662 }
42fd552e
AC		 3663 /* We may have a deferred request to flush the input buffer,
3664 if so pull the chain under the lock and empty the queue */
3665 if (test_bit(TTY_FLUSHPENDING, &tty->flags)) {
3666 __tty_buffer_flush(tty);
3667 clear_bit(TTY_FLUSHPENDING, &tty->flags);
3668 wake_up(&tty->read_wait);
3669 }
3670 clear_bit(TTY_FLUSHING, &tty->flags);
808249ce 3671 spin_unlock_irqrestore(&tty->buf.lock, flags);
817d6d3b 3672
1da177e4
LT		 3673 tty_ldisc_deref(disc);
3674}
3675
1da177e4
LT		 3676/**
3677 * tty_flip_buffer_push - terminal
3678 * @tty: tty to push
3679 *
3680 * Queue a push of the terminal flip buffers to the line discipline. This
3681 * function must not be called from IRQ context if tty->low_latency is set.
3682 *
3683 * In the event of the queue being busy for flipping the work will be
3684 * held off and retried later.
af9b897e
AC		 3685 *
3686 * Locking: tty buffer lock. Driver locks in low latency mode.
1da177e4
LT		 3687 */
3688
3689void tty_flip_buffer_push(struct tty_struct *tty)
3690{
808249ce
PF		 3691 unsigned long flags;
3692 spin_lock_irqsave(&tty->buf.lock, flags);
33b37a33 3693 if (tty->buf.tail != NULL)
8977d929 3694 tty->buf.tail->commit = tty->buf.tail->used;
808249ce
PF		 3695 spin_unlock_irqrestore(&tty->buf.lock, flags);
3696
1da177e4 3697 if (tty->low_latency)
65f27f38 3698 flush_to_ldisc(&tty->buf.work.work);
1da177e4 3699 else
33f0f88f 3700 schedule_delayed_work(&tty->buf.work, 1);
1da177e4
LT		 3701}
3702
3703EXPORT_SYMBOL(tty_flip_buffer_push);
3704
33f0f88f 3705
af9b897e
AC		 3706/**
3707 * initialize_tty_struct
3708 * @tty: tty to initialize
3709 *
3710 * This subroutine initializes a tty structure that has been newly
3711 * allocated.
3712 *
3713 * Locking: none - tty in question must not be exposed at this point
1da177e4 3714 */
af9b897e 3715
1da177e4
LT		 3716static void initialize_tty_struct(struct tty_struct *tty)
3717{
3718 memset(tty, 0, sizeof(struct tty_struct));
3719 tty->magic = TTY_MAGIC;
3720 tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
ab521dc0
EB		 3721 tty->session = NULL;
3722 tty->pgrp = NULL;
1da177e4 3723 tty->overrun_time = jiffies;
33f0f88f
AC		 3724 tty->buf.head = tty->buf.tail = NULL;
3725 tty_buffer_init(tty);
65f27f38 3726 INIT_DELAYED_WORK(&tty->buf.work, flush_to_ldisc);
5785c95b 3727 mutex_init(&tty->termios_mutex);
1da177e4
LT		 3728 init_waitqueue_head(&tty->write_wait);
3729 init_waitqueue_head(&tty->read_wait);
65f27f38 3730 INIT_WORK(&tty->hangup_work, do_tty_hangup);
70522e12
IM		 3731 mutex_init(&tty->atomic_read_lock);
3732 mutex_init(&tty->atomic_write_lock);
1da177e4
LT		 3733 spin_lock_init(&tty->read_lock);
3734 INIT_LIST_HEAD(&tty->tty_files);
7f1f86a0 3735 INIT_WORK(&tty->SAK_work, do_SAK_work);
1da177e4
LT		 3736}
3737
3738/*
3739 * The default put_char routine if the driver did not define one.
3740 */
af9b897e 3741
1da177e4
LT		 3742static void tty_default_put_char(struct tty_struct *tty, unsigned char ch)
3743{
3744 tty->driver->write(tty, &ch, 1);
3745}
3746
7fe845d1 3747static struct class *tty_class;
1da177e4
LT		 3748
3749/**
af9b897e
AC		 3750 * tty_register_device - register a tty device
3751 * @driver: the tty driver that describes the tty device
3752 * @index: the index in the tty driver for this tty device
3753 * @device: a struct device that is associated with this tty device.
3754 * This field is optional, if there is no known struct device
3755 * for this tty device it can be set to NULL safely.
1da177e4 3756 *
01107d34
GKH		 3757 * Returns a pointer to the struct device for this tty device
3758 * (or ERR_PTR(-EFOO) on error).
1cdcb6b4 3759 *
af9b897e
AC		 3760 * This call is required to be made to register an individual tty device
3761 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3762 * that bit is not set, this function should not be called by a tty
3763 * driver.
3764 *
3765 * Locking: ??
1da177e4 3766 */
af9b897e 3767
01107d34
GKH		 3768struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3769 struct device *device)
1da177e4
LT		 3770{
3771 char name[64];
3772 dev_t dev = MKDEV(driver->major, driver->minor_start) + index;
3773
3774 if (index >= driver->num) {
3775 printk(KERN_ERR "Attempt to register invalid tty line number "
3776 " (%d).\n", index);
1cdcb6b4 3777 return ERR_PTR(-EINVAL);
1da177e4
LT		 3778 }
3779
1da177e4
LT		 3780 if (driver->type == TTY_DRIVER_TYPE_PTY)
3781 pty_line_name(driver, index, name);
3782 else
3783 tty_line_name(driver, index, name);
1cdcb6b4 3784
01107d34 3785 return device_create(tty_class, device, dev, name);
1da177e4
LT		 3786}
3787
3788/**
af9b897e
AC		 3789 * tty_unregister_device - unregister a tty device
3790 * @driver: the tty driver that describes the tty device
3791 * @index: the index in the tty driver for this tty device
1da177e4 3792 *
af9b897e
AC		 3793 * If a tty device is registered with a call to tty_register_device() then
3794 * this function must be called when the tty device is gone.
3795 *
3796 * Locking: ??
1da177e4 3797 */
af9b897e 3798
1da177e4
LT		 3799void tty_unregister_device(struct tty_driver *driver, unsigned index)
3800{
37bdfb07
AC		 3801 device_destroy(tty_class,
3802 MKDEV(driver->major, driver->minor_start) + index);
1da177e4
LT		 3803}
3804
3805EXPORT_SYMBOL(tty_register_device);
3806EXPORT_SYMBOL(tty_unregister_device);
3807
3808struct tty_driver *alloc_tty_driver(int lines)
3809{
3810 struct tty_driver *driver;
3811
506eb99a 3812 driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL);
1da177e4 3813 if (driver) {
1da177e4
LT		 3814 driver->magic = TTY_DRIVER_MAGIC;
3815 driver->num = lines;
3816 /* later we'll move allocation of tables here */
3817 }
3818 return driver;
3819}
3820
3821void put_tty_driver(struct tty_driver *driver)
3822{
3823 kfree(driver);
3824}
3825
b68e31d0
JD		 3826void tty_set_operations(struct tty_driver *driver,
3827 const struct tty_operations *op)
1da177e4
LT		 3828{
3829 driver->open = op->open;
3830 driver->close = op->close;
3831 driver->write = op->write;
3832 driver->put_char = op->put_char;
3833 driver->flush_chars = op->flush_chars;
3834 driver->write_room = op->write_room;
3835 driver->chars_in_buffer = op->chars_in_buffer;
3836 driver->ioctl = op->ioctl;
e10cc1df 3837 driver->compat_ioctl = op->compat_ioctl;
1da177e4
LT		 3838 driver->set_termios = op->set_termios;
3839 driver->throttle = op->throttle;
3840 driver->unthrottle = op->unthrottle;
3841 driver->stop = op->stop;
3842 driver->start = op->start;
3843 driver->hangup = op->hangup;
3844 driver->break_ctl = op->break_ctl;
3845 driver->flush_buffer = op->flush_buffer;
3846 driver->set_ldisc = op->set_ldisc;
3847 driver->wait_until_sent = op->wait_until_sent;
3848 driver->send_xchar = op->send_xchar;
3849 driver->read_proc = op->read_proc;
3850 driver->write_proc = op->write_proc;
3851 driver->tiocmget = op->tiocmget;
3852 driver->tiocmset = op->tiocmset;
3853}
3854
3855
3856EXPORT_SYMBOL(alloc_tty_driver);
3857EXPORT_SYMBOL(put_tty_driver);
3858EXPORT_SYMBOL(tty_set_operations);
3859
3860/*
3861 * Called by a tty driver to register itself.
3862 */
3863int tty_register_driver(struct tty_driver *driver)
3864{
3865 int error;
37bdfb07 3866 int i;
1da177e4
LT		 3867 dev_t dev;
3868 void **p = NULL;
3869
3870 if (driver->flags & TTY_DRIVER_INSTALLED)
3871 return 0;
3872
543691a6
AW		 3873 if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM) && driver->num) {
3874 p = kzalloc(driver->num * 3 * sizeof(void *), GFP_KERNEL);
1da177e4
LT		 3875 if (!p)
3876 return -ENOMEM;
1da177e4
LT		 3877 }
3878
3879 if (!driver->major) {
37bdfb07
AC		 3880 error = alloc_chrdev_region(&dev, driver->minor_start,
3881 driver->num, driver->name);
1da177e4
LT		 3882 if (!error) {
3883 driver->major = MAJOR(dev);
3884 driver->minor_start = MINOR(dev);
3885 }
3886 } else {
3887 dev = MKDEV(driver->major, driver->minor_start);
e5717c48 3888 error = register_chrdev_region(dev, driver->num, driver->name);
1da177e4
LT		 3889 }
3890 if (error < 0) {
3891 kfree(p);
3892 return error;
3893 }
3894
3895 if (p) {
3896 driver->ttys = (struct tty_struct **)p;
edc6afc5 3897 driver->termios = (struct ktermios **)(p + driver->num);
37bdfb07
AC		 3898 driver->termios_locked = (struct ktermios **)
3899 (p + driver->num * 2);
1da177e4
LT		 3900 } else {
3901 driver->ttys = NULL;
3902 driver->termios = NULL;
3903 driver->termios_locked = NULL;
3904 }
3905
3906 cdev_init(&driver->cdev, &tty_fops);
3907 driver->cdev.owner = driver->owner;
3908 error = cdev_add(&driver->cdev, dev, driver->num);
3909 if (error) {
1da177e4
LT		 3910 unregister_chrdev_region(dev, driver->num);
3911 driver->ttys = NULL;
3912 driver->termios = driver->termios_locked = NULL;
3913 kfree(p);
3914 return error;
3915 }
3916
3917 if (!driver->put_char)
3918 driver->put_char = tty_default_put_char;
37bdfb07 3919
ca509f69 3920 mutex_lock(&tty_mutex);
1da177e4 3921 list_add(&driver->tty_drivers, &tty_drivers);
ca509f69 3922 mutex_unlock(&tty_mutex);
37bdfb07
AC		 3923
3924 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
3925 for (i = 0; i < driver->num; i++)
1da177e4
LT		 3926 tty_register_device(driver, i, NULL);
3927 }
3928 proc_tty_register_driver(driver);
3929 return 0;
3930}
3931
3932EXPORT_SYMBOL(tty_register_driver);
3933
3934/*
3935 * Called by a tty driver to unregister itself.
3936 */
3937int tty_unregister_driver(struct tty_driver *driver)
3938{
3939 int i;
edc6afc5 3940 struct ktermios *tp;
1da177e4
LT		 3941 void *p;
3942
3943 if (driver->refcount)
3944 return -EBUSY;
3945
3946 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3947 driver->num);
ca509f69 3948 mutex_lock(&tty_mutex);
1da177e4 3949 list_del(&driver->tty_drivers);
ca509f69 3950 mutex_unlock(&tty_mutex);
1da177e4
LT		 3951
3952 /*
3953 * Free the termios and termios_locked structures because
3954 * we don't want to get memory leaks when modular tty
3955 * drivers are removed from the kernel.
3956 */
3957 for (i = 0; i < driver->num; i++) {
3958 tp = driver->termios[i];
3959 if (tp) {
3960 driver->termios[i] = NULL;
3961 kfree(tp);
3962 }
3963 tp = driver->termios_locked[i];
3964 if (tp) {
3965 driver->termios_locked[i] = NULL;
3966 kfree(tp);
3967 }
331b8319 3968 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
1da177e4
LT		 3969 tty_unregister_device(driver, i);
3970 }
3971 p = driver->ttys;
3972 proc_tty_unregister_driver(driver);
3973 driver->ttys = NULL;
3974 driver->termios = driver->termios_locked = NULL;
3975 kfree(p);
3976 cdev_del(&driver->cdev);
3977 return 0;
3978}
1da177e4
LT		 3979EXPORT_SYMBOL(tty_unregister_driver);
3980
24ec839c
PZ		 3981dev_t tty_devnum(struct tty_struct *tty)
3982{
3983 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3984}
3985EXPORT_SYMBOL(tty_devnum);
3986
3987void proc_clear_tty(struct task_struct *p)
3988{
3989 spin_lock_irq(&p->sighand->siglock);
3990 p->signal->tty = NULL;
3991 spin_unlock_irq(&p->sighand->siglock);
3992}
7cac4ce5 3993EXPORT_SYMBOL(proc_clear_tty);
24ec839c 3994
2a65f1d9 3995static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
24ec839c
PZ		 3996{
3997 if (tty) {
d9c1e9a8
EB		 3998 /* We should not have a session or pgrp to here but.... */
3999 put_pid(tty->session);
4000 put_pid(tty->pgrp);
ab521dc0
EB		 4001 tty->session = get_pid(task_session(tsk));
4002 tty->pgrp = get_pid(task_pgrp(tsk));
24ec839c 4003 }
2a65f1d9 4004 put_pid(tsk->signal->tty_old_pgrp);
24ec839c 4005 tsk->signal->tty = tty;
ab521dc0 4006 tsk->signal->tty_old_pgrp = NULL;
24ec839c
PZ		 4007}
4008
98a27ba4 4009static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
24ec839c
PZ		 4010{
4011 spin_lock_irq(&tsk->sighand->siglock);
2a65f1d9 4012 __proc_set_tty(tsk, tty);
24ec839c
PZ		 4013 spin_unlock_irq(&tsk->sighand->siglock);
4014}
4015
4016struct tty_struct *get_current_tty(void)
4017{
4018 struct tty_struct *tty;
4019 WARN_ON_ONCE(!mutex_is_locked(&tty_mutex));
4020 tty = current->signal->tty;
4021 /*
4022 * session->tty can be changed/cleared from under us, make sure we
4023 * issue the load. The obtained pointer, when not NULL, is valid as
4024 * long as we hold tty_mutex.
4025 */
4026 barrier();
4027 return tty;
4028}
a311f743 4029EXPORT_SYMBOL_GPL(get_current_tty);
1da177e4
LT		 4030
4031/*
4032 * Initialize the console device. This is called *early*, so
4033 * we can't necessarily depend on lots of kernel help here.
4034 * Just do some early initializations, and do the complex setup
4035 * later.
4036 */
4037void __init console_init(void)
4038{
4039 initcall_t *call;
4040
4041 /* Setup the default TTY line discipline. */
4042 (void) tty_register_ldisc(N_TTY, &tty_ldisc_N_TTY);
4043
4044 /*
37bdfb07 4045 * set up the console device so that later boot sequences can
1da177e4
LT		 4046 * inform about problems etc..
4047 */
1da177e4
LT		 4048 call = __con_initcall_start;
4049 while (call < __con_initcall_end) {
4050 (*call)();
4051 call++;
4052 }
4053}
4054
1da177e4
LT		 4055static int __init tty_class_init(void)
4056{
7fe845d1 4057 tty_class = class_create(THIS_MODULE, "tty");
1da177e4
LT		 4058 if (IS_ERR(tty_class))
4059 return PTR_ERR(tty_class);
4060 return 0;
4061}
4062
4063postcore_initcall(tty_class_init);
4064
4065/* 3/2004 jmc: why do these devices exist? */
4066
4067static struct cdev tty_cdev, console_cdev;
4068#ifdef CONFIG_UNIX98_PTYS
4069static struct cdev ptmx_cdev;
4070#endif
4071#ifdef CONFIG_VT
4072static struct cdev vc0_cdev;
4073#endif
4074
4075/*
4076 * Ok, now we can initialize the rest of the tty devices and can count
4077 * on memory allocations, interrupts etc..
4078 */
4079static int __init tty_init(void)
4080{
4081 cdev_init(&tty_cdev, &tty_fops);
4082 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
4083 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
4084 panic("Couldn't register /dev/tty driver\n");
01107d34 4085 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), "tty");
1da177e4
LT		 4086
4087 cdev_init(&console_cdev, &console_fops);
4088 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
4089 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
4090 panic("Couldn't register /dev/console driver\n");
01107d34 4091 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), "console");
1da177e4
LT		 4092
4093#ifdef CONFIG_UNIX98_PTYS
4094 cdev_init(&ptmx_cdev, &ptmx_fops);
4095 if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) ||
4096 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 2), 1, "/dev/ptmx") < 0)
4097 panic("Couldn't register /dev/ptmx driver\n");
01107d34 4098 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 2), "ptmx");
1da177e4
LT		 4099#endif
4100
4101#ifdef CONFIG_VT
4102 cdev_init(&vc0_cdev, &console_fops);
4103 if (cdev_add(&vc0_cdev, MKDEV(TTY_MAJOR, 0), 1) ||
4104 register_chrdev_region(MKDEV(TTY_MAJOR, 0), 1, "/dev/vc/0") < 0)
4105 panic("Couldn't register /dev/tty0 driver\n");
01107d34 4106 device_create(tty_class, NULL, MKDEV(TTY_MAJOR, 0), "tty0");
1da177e4
LT		 4107
4108 vty_init();
4109#endif
4110 return 0;
4111}
4112module_init(tty_init);
Linux 6.x block layer and io_uring tree(s)