projects / linux-2.6-block.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
devpts: propagate error code from devpts_pty_new
[linux-2.6-block.git] / drivers / char / tty_io.c
... / ...
CommitLineData
1/*
2 * linux/drivers/char/tty_io.c
3 *
4 * Copyright (C) 1991, 1992 Linus Torvalds
5 */
6
7/*
8 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
9 * or rs-channels. It also implements echoing, cooked mode etc.
10 *
11 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
12 *
13 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
14 * tty_struct and tty_queue structures. Previously there was an array
15 * of 256 tty_struct's which was statically allocated, and the
16 * tty_queue structures were allocated at boot time. Both are now
17 * dynamically allocated only when the tty is open.
18 *
19 * Also restructured routines so that there is more of a separation
20 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
21 * the low-level tty routines (serial.c, pty.c, console.c). This
22 * makes for cleaner and more compact code. -TYT, 9/17/92
23 *
24 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
25 * which can be dynamically activated and de-activated by the line
26 * discipline handling modules (like SLIP).
27 *
28 * NOTE: pay no attention to the line discipline code (yet); its
29 * interface is still subject to change in this version...
30 * -- TYT, 1/31/92
31 *
32 * Added functionality to the OPOST tty handling. No delays, but all
33 * other bits should be there.
34 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
35 *
36 * Rewrote canonical mode and added more termios flags.
37 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
38 *
39 * Reorganized FASYNC support so mouse code can share it.
40 * -- ctm@ardi.com, 9Sep95
41 *
42 * New TIOCLINUX variants added.
43 * -- mj@k332.feld.cvut.cz, 19-Nov-95
44 *
45 * Restrict vt switching via ioctl()
46 * -- grif@cs.ucr.edu, 5-Dec-95
47 *
48 * Move console and virtual terminal code to more appropriate files,
49 * implement CONFIG_VT and generalize console device interface.
50 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
51 *
52 * Rewrote init_dev and release_dev to eliminate races.
53 * -- Bill Hawes <whawes@star.net>, June 97
54 *
55 * Added devfs support.
56 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
57 *
58 * Added support for a Unix98-style ptmx device.
59 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
60 *
61 * Reduced memory usage for older ARM systems
62 * -- Russell King <rmk@arm.linux.org.uk>
63 *
64 * Move do_SAK() into process context. Less stack use in devfs functions.
65 * alloc_tty_struct() always uses kmalloc()
66 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
67 */
68
69#include <linux/types.h>
70#include <linux/major.h>
71#include <linux/errno.h>
72#include <linux/signal.h>
73#include <linux/fcntl.h>
74#include <linux/sched.h>
75#include <linux/interrupt.h>
76#include <linux/tty.h>
77#include <linux/tty_driver.h>
78#include <linux/tty_flip.h>
79#include <linux/devpts_fs.h>
80#include <linux/file.h>
81#include <linux/console.h>
82#include <linux/timer.h>
83#include <linux/ctype.h>
84#include <linux/kd.h>
85#include <linux/mm.h>
86#include <linux/string.h>
87#include <linux/slab.h>
88#include <linux/poll.h>
89#include <linux/proc_fs.h>
90#include <linux/init.h>
91#include <linux/module.h>
92#include <linux/smp_lock.h>
93#include <linux/device.h>
94#include <linux/idr.h>
95#include <linux/wait.h>
96#include <linux/bitops.h>
97#include <linux/delay.h>
98
99#include <asm/uaccess.h>
100#include <asm/system.h>
101
102#include <linux/kbd_kern.h>
103#include <linux/vt_kern.h>
104#include <linux/selection.h>
105
106#include <linux/kmod.h>
107#include <linux/nsproxy.h>
108
109#undef TTY_DEBUG_HANGUP
110
111#define TTY_PARANOIA_CHECK 1
112#define CHECK_TTY_COUNT 1
113
114struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
115 .c_iflag = ICRNL | IXON,
116 .c_oflag = OPOST | ONLCR,
117 .c_cflag = B38400 | CS8 | CREAD | HUPCL,
118 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
119 ECHOCTL | ECHOKE | IEXTEN,
120 .c_cc = INIT_C_CC,
121 .c_ispeed = 38400,
122 .c_ospeed = 38400
123};
124
125EXPORT_SYMBOL(tty_std_termios);
126
127/* This list gets poked at by procfs and various bits of boot up code. This
128 could do with some rationalisation such as pulling the tty proc function
129 into this file */
130
131LIST_HEAD(tty_drivers); /* linked list of tty drivers */
132
133/* Mutex to protect creating and releasing a tty. This is shared with
134 vt.c for deeply disgusting hack reasons */
135DEFINE_MUTEX(tty_mutex);
136EXPORT_SYMBOL(tty_mutex);
137
138#ifdef CONFIG_UNIX98_PTYS
139extern struct tty_driver *ptm_driver; /* Unix98 pty masters; for /dev/ptmx */
140extern int pty_limit; /* Config limit on Unix98 ptys */
141static DEFINE_IDR(allocated_ptys);
142static DEFINE_MUTEX(allocated_ptys_lock);
143static int ptmx_open(struct inode *, struct file *);
144#endif
145
146static void initialize_tty_struct(struct tty_struct *tty);
147
148static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
149static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
150ssize_t redirected_tty_write(struct file *, const char __user *,
151 size_t, loff_t *);
152static unsigned int tty_poll(struct file *, poll_table *);
153static int tty_open(struct inode *, struct file *);
154static int tty_release(struct inode *, struct file *);
155long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
156#ifdef CONFIG_COMPAT
157static long tty_compat_ioctl(struct file *file, unsigned int cmd,
158 unsigned long arg);
159#else
160#define tty_compat_ioctl NULL
161#endif
162static int tty_fasync(int fd, struct file *filp, int on);
163static void release_tty(struct tty_struct *tty, int idx);
164static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
165static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
166
167/**
168 * alloc_tty_struct - allocate a tty object
169 *
170 * Return a new empty tty structure. The data fields have not
171 * been initialized in any way but has been zeroed
172 *
173 * Locking: none
174 */
175
176static struct tty_struct *alloc_tty_struct(void)
177{
178 return kzalloc(sizeof(struct tty_struct), GFP_KERNEL);
179}
180
181static void tty_buffer_free_all(struct tty_struct *);
182
183/**
184 * free_tty_struct - free a disused tty
185 * @tty: tty struct to free
186 *
187 * Free the write buffers, tty queue and tty memory itself.
188 *
189 * Locking: none. Must be called after tty is definitely unused
190 */
191
192static inline void free_tty_struct(struct tty_struct *tty)
193{
194 kfree(tty->write_buf);
195 tty_buffer_free_all(tty);
196 kfree(tty);
197}
198
199#define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
200
201/**
202 * tty_name - return tty naming
203 * @tty: tty structure
204 * @buf: buffer for output
205 *
206 * Convert a tty structure into a name. The name reflects the kernel
207 * naming policy and if udev is in use may not reflect user space
208 *
209 * Locking: none
210 */
211
212char *tty_name(struct tty_struct *tty, char *buf)
213{
214 if (!tty) /* Hmm. NULL pointer. That's fun. */
215 strcpy(buf, "NULL tty");
216 else
217 strcpy(buf, tty->name);
218 return buf;
219}
220
221EXPORT_SYMBOL(tty_name);
222
223int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
224 const char *routine)
225{
226#ifdef TTY_PARANOIA_CHECK
227 if (!tty) {
228 printk(KERN_WARNING
229 "null TTY for (%d:%d) in %s\n",
230 imajor(inode), iminor(inode), routine);
231 return 1;
232 }
233 if (tty->magic != TTY_MAGIC) {
234 printk(KERN_WARNING
235 "bad magic number for tty struct (%d:%d) in %s\n",
236 imajor(inode), iminor(inode), routine);
237 return 1;
238 }
239#endif
240 return 0;
241}
242
243static int check_tty_count(struct tty_struct *tty, const char *routine)
244{
245#ifdef CHECK_TTY_COUNT
246 struct list_head *p;
247 int count = 0;
248
249 file_list_lock();
250 list_for_each(p, &tty->tty_files) {
251 count++;
252 }
253 file_list_unlock();
254 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
255 tty->driver->subtype == PTY_TYPE_SLAVE &&
256 tty->link && tty->link->count)
257 count++;
258 if (tty->count != count) {
259 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
260 "!= #fd's(%d) in %s\n",
261 tty->name, tty->count, count, routine);
262 return count;
263 }
264#endif
265 return 0;
266}
267
268/*
269 * Tty buffer allocation management
270 */
271
272/**
273 * tty_buffer_free_all - free buffers used by a tty
274 * @tty: tty to free from
275 *
276 * Remove all the buffers pending on a tty whether queued with data
277 * or in the free ring. Must be called when the tty is no longer in use
278 *
279 * Locking: none
280 */
281
282static void tty_buffer_free_all(struct tty_struct *tty)
283{
284 struct tty_buffer *thead;
285 while ((thead = tty->buf.head) != NULL) {
286 tty->buf.head = thead->next;
287 kfree(thead);
288 }
289 while ((thead = tty->buf.free) != NULL) {
290 tty->buf.free = thead->next;
291 kfree(thead);
292 }
293 tty->buf.tail = NULL;
294 tty->buf.memory_used = 0;
295}
296
297/**
298 * tty_buffer_init - prepare a tty buffer structure
299 * @tty: tty to initialise
300 *
301 * Set up the initial state of the buffer management for a tty device.
302 * Must be called before the other tty buffer functions are used.
303 *
304 * Locking: none
305 */
306
307static void tty_buffer_init(struct tty_struct *tty)
308{
309 spin_lock_init(&tty->buf.lock);
310 tty->buf.head = NULL;
311 tty->buf.tail = NULL;
312 tty->buf.free = NULL;
313 tty->buf.memory_used = 0;
314}
315
316/**
317 * tty_buffer_alloc - allocate a tty buffer
318 * @tty: tty device
319 * @size: desired size (characters)
320 *
321 * Allocate a new tty buffer to hold the desired number of characters.
322 * Return NULL if out of memory or the allocation would exceed the
323 * per device queue
324 *
325 * Locking: Caller must hold tty->buf.lock
326 */
327
328static struct tty_buffer *tty_buffer_alloc(struct tty_struct *tty, size_t size)
329{
330 struct tty_buffer *p;
331
332 if (tty->buf.memory_used + size > 65536)
333 return NULL;
334 p = kmalloc(sizeof(struct tty_buffer) + 2 * size, GFP_ATOMIC);
335 if (p == NULL)
336 return NULL;
337 p->used = 0;
338 p->size = size;
339 p->next = NULL;
340 p->commit = 0;
341 p->read = 0;
342 p->char_buf_ptr = (char *)(p->data);
343 p->flag_buf_ptr = (unsigned char *)p->char_buf_ptr + size;
344 tty->buf.memory_used += size;
345 return p;
346}
347
348/**
349 * tty_buffer_free - free a tty buffer
350 * @tty: tty owning the buffer
351 * @b: the buffer to free
352 *
353 * Free a tty buffer, or add it to the free list according to our
354 * internal strategy
355 *
356 * Locking: Caller must hold tty->buf.lock
357 */
358
359static void tty_buffer_free(struct tty_struct *tty, struct tty_buffer *b)
360{
361 /* Dumb strategy for now - should keep some stats */
362 tty->buf.memory_used -= b->size;
363 WARN_ON(tty->buf.memory_used < 0);
364
365 if (b->size >= 512)
366 kfree(b);
367 else {
368 b->next = tty->buf.free;
369 tty->buf.free = b;
370 }
371}
372
373/**
374 * __tty_buffer_flush - flush full tty buffers
375 * @tty: tty to flush
376 *
377 * flush all the buffers containing receive data. Caller must
378 * hold the buffer lock and must have ensured no parallel flush to
379 * ldisc is running.
380 *
381 * Locking: Caller must hold tty->buf.lock
382 */
383
384static void __tty_buffer_flush(struct tty_struct *tty)
385{
386 struct tty_buffer *thead;
387
388 while ((thead = tty->buf.head) != NULL) {
389 tty->buf.head = thead->next;
390 tty_buffer_free(tty, thead);
391 }
392 tty->buf.tail = NULL;
393}
394
395/**
396 * tty_buffer_flush - flush full tty buffers
397 * @tty: tty to flush
398 *
399 * flush all the buffers containing receive data. If the buffer is
400 * being processed by flush_to_ldisc then we defer the processing
401 * to that function
402 *
403 * Locking: none
404 */
405
406static void tty_buffer_flush(struct tty_struct *tty)
407{
408 unsigned long flags;
409 spin_lock_irqsave(&tty->buf.lock, flags);
410
411 /* If the data is being pushed to the tty layer then we can't
412 process it here. Instead set a flag and the flush_to_ldisc
413 path will process the flush request before it exits */
414 if (test_bit(TTY_FLUSHING, &tty->flags)) {
415 set_bit(TTY_FLUSHPENDING, &tty->flags);
416 spin_unlock_irqrestore(&tty->buf.lock, flags);
417 wait_event(tty->read_wait,
418 test_bit(TTY_FLUSHPENDING, &tty->flags) == 0);
419 return;
420 } else
421 __tty_buffer_flush(tty);
422 spin_unlock_irqrestore(&tty->buf.lock, flags);
423}
424
425/**
426 * tty_buffer_find - find a free tty buffer
427 * @tty: tty owning the buffer
428 * @size: characters wanted
429 *
430 * Locate an existing suitable tty buffer or if we are lacking one then
431 * allocate a new one. We round our buffers off in 256 character chunks
432 * to get better allocation behaviour.
433 *
434 * Locking: Caller must hold tty->buf.lock
435 */
436
437static struct tty_buffer *tty_buffer_find(struct tty_struct *tty, size_t size)
438{
439 struct tty_buffer **tbh = &tty->buf.free;
440 while ((*tbh) != NULL) {
441 struct tty_buffer *t = *tbh;
442 if (t->size >= size) {
443 *tbh = t->next;
444 t->next = NULL;
445 t->used = 0;
446 t->commit = 0;
447 t->read = 0;
448 tty->buf.memory_used += t->size;
449 return t;
450 }
451 tbh = &((*tbh)->next);
452 }
453 /* Round the buffer size out */
454 size = (size + 0xFF) & ~0xFF;
455 return tty_buffer_alloc(tty, size);
456 /* Should possibly check if this fails for the largest buffer we
457 have queued and recycle that ? */
458}
459
460/**
461 * tty_buffer_request_room - grow tty buffer if needed
462 * @tty: tty structure
463 * @size: size desired
464 *
465 * Make at least size bytes of linear space available for the tty
466 * buffer. If we fail return the size we managed to find.
467 *
468 * Locking: Takes tty->buf.lock
469 */
470int tty_buffer_request_room(struct tty_struct *tty, size_t size)
471{
472 struct tty_buffer *b, *n;
473 int left;
474 unsigned long flags;
475
476 spin_lock_irqsave(&tty->buf.lock, flags);
477
478 /* OPTIMISATION: We could keep a per tty "zero" sized buffer to
479 remove this conditional if its worth it. This would be invisible
480 to the callers */
481 if ((b = tty->buf.tail) != NULL)
482 left = b->size - b->used;
483 else
484 left = 0;
485
486 if (left < size) {
487 /* This is the slow path - looking for new buffers to use */
488 if ((n = tty_buffer_find(tty, size)) != NULL) {
489 if (b != NULL) {
490 b->next = n;
491 b->commit = b->used;
492 } else
493 tty->buf.head = n;
494 tty->buf.tail = n;
495 } else
496 size = left;
497 }
498
499 spin_unlock_irqrestore(&tty->buf.lock, flags);
500 return size;
501}
502EXPORT_SYMBOL_GPL(tty_buffer_request_room);
503
504/**
505 * tty_insert_flip_string - Add characters to the tty buffer
506 * @tty: tty structure
507 * @chars: characters
508 * @size: size
509 *
510 * Queue a series of bytes to the tty buffering. All the characters
511 * passed are marked as without error. Returns the number added.
512 *
513 * Locking: Called functions may take tty->buf.lock
514 */
515
516int tty_insert_flip_string(struct tty_struct *tty, const unsigned char *chars,
517 size_t size)
518{
519 int copied = 0;
520 do {
521 int space = tty_buffer_request_room(tty, size - copied);
522 struct tty_buffer *tb = tty->buf.tail;
523 /* If there is no space then tb may be NULL */
524 if (unlikely(space == 0))
525 break;
526 memcpy(tb->char_buf_ptr + tb->used, chars, space);
527 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
528 tb->used += space;
529 copied += space;
530 chars += space;
531 /* There is a small chance that we need to split the data over
532 several buffers. If this is the case we must loop */
533 } while (unlikely(size > copied));
534 return copied;
535}
536EXPORT_SYMBOL(tty_insert_flip_string);
537
538/**
539 * tty_insert_flip_string_flags - Add characters to the tty buffer
540 * @tty: tty structure
541 * @chars: characters
542 * @flags: flag bytes
543 * @size: size
544 *
545 * Queue a series of bytes to the tty buffering. For each character
546 * the flags array indicates the status of the character. Returns the
547 * number added.
548 *
549 * Locking: Called functions may take tty->buf.lock
550 */
551
552int tty_insert_flip_string_flags(struct tty_struct *tty,
553 const unsigned char *chars, const char *flags, size_t size)
554{
555 int copied = 0;
556 do {
557 int space = tty_buffer_request_room(tty, size - copied);
558 struct tty_buffer *tb = tty->buf.tail;
559 /* If there is no space then tb may be NULL */
560 if (unlikely(space == 0))
561 break;
562 memcpy(tb->char_buf_ptr + tb->used, chars, space);
563 memcpy(tb->flag_buf_ptr + tb->used, flags, space);
564 tb->used += space;
565 copied += space;
566 chars += space;
567 flags += space;
568 /* There is a small chance that we need to split the data over
569 several buffers. If this is the case we must loop */
570 } while (unlikely(size > copied));
571 return copied;
572}
573EXPORT_SYMBOL(tty_insert_flip_string_flags);
574
575/**
576 * tty_schedule_flip - push characters to ldisc
577 * @tty: tty to push from
578 *
579 * Takes any pending buffers and transfers their ownership to the
580 * ldisc side of the queue. It then schedules those characters for
581 * processing by the line discipline.
582 *
583 * Locking: Takes tty->buf.lock
584 */
585
586void tty_schedule_flip(struct tty_struct *tty)
587{
588 unsigned long flags;
589 spin_lock_irqsave(&tty->buf.lock, flags);
590 if (tty->buf.tail != NULL)
591 tty->buf.tail->commit = tty->buf.tail->used;
592 spin_unlock_irqrestore(&tty->buf.lock, flags);
593 schedule_delayed_work(&tty->buf.work, 1);
594}
595EXPORT_SYMBOL(tty_schedule_flip);
596
597/**
598 * tty_prepare_flip_string - make room for characters
599 * @tty: tty
600 * @chars: return pointer for character write area
601 * @size: desired size
602 *
603 * Prepare a block of space in the buffer for data. Returns the length
604 * available and buffer pointer to the space which is now allocated and
605 * accounted for as ready for normal characters. This is used for drivers
606 * that need their own block copy routines into the buffer. There is no
607 * guarantee the buffer is a DMA target!
608 *
609 * Locking: May call functions taking tty->buf.lock
610 */
611
612int tty_prepare_flip_string(struct tty_struct *tty, unsigned char **chars,
613 size_t size)
614{
615 int space = tty_buffer_request_room(tty, size);
616 if (likely(space)) {
617 struct tty_buffer *tb = tty->buf.tail;
618 *chars = tb->char_buf_ptr + tb->used;
619 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
620 tb->used += space;
621 }
622 return space;
623}
624
625EXPORT_SYMBOL_GPL(tty_prepare_flip_string);
626
627/**
628 * tty_prepare_flip_string_flags - make room for characters
629 * @tty: tty
630 * @chars: return pointer for character write area
631 * @flags: return pointer for status flag write area
632 * @size: desired size
633 *
634 * Prepare a block of space in the buffer for data. Returns the length
635 * available and buffer pointer to the space which is now allocated and
636 * accounted for as ready for characters. This is used for drivers
637 * that need their own block copy routines into the buffer. There is no
638 * guarantee the buffer is a DMA target!
639 *
640 * Locking: May call functions taking tty->buf.lock
641 */
642
643int tty_prepare_flip_string_flags(struct tty_struct *tty,
644 unsigned char **chars, char **flags, size_t size)
645{
646 int space = tty_buffer_request_room(tty, size);
647 if (likely(space)) {
648 struct tty_buffer *tb = tty->buf.tail;
649 *chars = tb->char_buf_ptr + tb->used;
650 *flags = tb->flag_buf_ptr + tb->used;
651 tb->used += space;
652 }
653 return space;
654}
655
656EXPORT_SYMBOL_GPL(tty_prepare_flip_string_flags);
657
658
659
660/**
661 * tty_set_termios_ldisc - set ldisc field
662 * @tty: tty structure
663 * @num: line discipline number
664 *
665 * This is probably overkill for real world processors but
666 * they are not on hot paths so a little discipline won't do
667 * any harm.
668 *
669 * Locking: takes termios_mutex
670 */
671
672static void tty_set_termios_ldisc(struct tty_struct *tty, int num)
673{
674 mutex_lock(&tty->termios_mutex);
675 tty->termios->c_line = num;
676 mutex_unlock(&tty->termios_mutex);
677}
678
679/*
680 * This guards the refcounted line discipline lists. The lock
681 * must be taken with irqs off because there are hangup path
682 * callers who will do ldisc lookups and cannot sleep.
683 */
684
685static DEFINE_SPINLOCK(tty_ldisc_lock);
686static DECLARE_WAIT_QUEUE_HEAD(tty_ldisc_wait);
687/* Line disc dispatch table */
688static struct tty_ldisc tty_ldiscs[NR_LDISCS];
689
690/**
691 * tty_register_ldisc - install a line discipline
692 * @disc: ldisc number
693 * @new_ldisc: pointer to the ldisc object
694 *
695 * Installs a new line discipline into the kernel. The discipline
696 * is set up as unreferenced and then made available to the kernel
697 * from this point onwards.
698 *
699 * Locking:
700 * takes tty_ldisc_lock to guard against ldisc races
701 */
702
703int tty_register_ldisc(int disc, struct tty_ldisc *new_ldisc)
704{
705 unsigned long flags;
706 int ret = 0;
707
708 if (disc < N_TTY || disc >= NR_LDISCS)
709 return -EINVAL;
710
711 spin_lock_irqsave(&tty_ldisc_lock, flags);
712 tty_ldiscs[disc] = *new_ldisc;
713 tty_ldiscs[disc].num = disc;
714 tty_ldiscs[disc].flags |= LDISC_FLAG_DEFINED;
715 tty_ldiscs[disc].refcount = 0;
716 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
717
718 return ret;
719}
720EXPORT_SYMBOL(tty_register_ldisc);
721
722/**
723 * tty_unregister_ldisc - unload a line discipline
724 * @disc: ldisc number
725 * @new_ldisc: pointer to the ldisc object
726 *
727 * Remove a line discipline from the kernel providing it is not
728 * currently in use.
729 *
730 * Locking:
731 * takes tty_ldisc_lock to guard against ldisc races
732 */
733
734int tty_unregister_ldisc(int disc)
735{
736 unsigned long flags;
737 int ret = 0;
738
739 if (disc < N_TTY || disc >= NR_LDISCS)
740 return -EINVAL;
741
742 spin_lock_irqsave(&tty_ldisc_lock, flags);
743 if (tty_ldiscs[disc].refcount)
744 ret = -EBUSY;
745 else
746 tty_ldiscs[disc].flags &= ~LDISC_FLAG_DEFINED;
747 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
748
749 return ret;
750}
751EXPORT_SYMBOL(tty_unregister_ldisc);
752
753/**
754 * tty_ldisc_get - take a reference to an ldisc
755 * @disc: ldisc number
756 *
757 * Takes a reference to a line discipline. Deals with refcounts and
758 * module locking counts. Returns NULL if the discipline is not available.
759 * Returns a pointer to the discipline and bumps the ref count if it is
760 * available
761 *
762 * Locking:
763 * takes tty_ldisc_lock to guard against ldisc races
764 */
765
766struct tty_ldisc *tty_ldisc_get(int disc)
767{
768 unsigned long flags;
769 struct tty_ldisc *ld;
770
771 if (disc < N_TTY || disc >= NR_LDISCS)
772 return NULL;
773
774 spin_lock_irqsave(&tty_ldisc_lock, flags);
775
776 ld = &tty_ldiscs[disc];
777 /* Check the entry is defined */
778 if (ld->flags & LDISC_FLAG_DEFINED) {
779 /* If the module is being unloaded we can't use it */
780 if (!try_module_get(ld->owner))
781 ld = NULL;
782 else /* lock it */
783 ld->refcount++;
784 } else
785 ld = NULL;
786 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
787 return ld;
788}
789
790EXPORT_SYMBOL_GPL(tty_ldisc_get);
791
792/**
793 * tty_ldisc_put - drop ldisc reference
794 * @disc: ldisc number
795 *
796 * Drop a reference to a line discipline. Manage refcounts and
797 * module usage counts
798 *
799 * Locking:
800 * takes tty_ldisc_lock to guard against ldisc races
801 */
802
803void tty_ldisc_put(int disc)
804{
805 struct tty_ldisc *ld;
806 unsigned long flags;
807
808 BUG_ON(disc < N_TTY || disc >= NR_LDISCS);
809
810 spin_lock_irqsave(&tty_ldisc_lock, flags);
811 ld = &tty_ldiscs[disc];
812 BUG_ON(ld->refcount == 0);
813 ld->refcount--;
814 module_put(ld->owner);
815 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
816}
817
818EXPORT_SYMBOL_GPL(tty_ldisc_put);
819
820/**
821 * tty_ldisc_assign - set ldisc on a tty
822 * @tty: tty to assign
823 * @ld: line discipline
824 *
825 * Install an instance of a line discipline into a tty structure. The
826 * ldisc must have a reference count above zero to ensure it remains/
827 * The tty instance refcount starts at zero.
828 *
829 * Locking:
830 * Caller must hold references
831 */
832
833static void tty_ldisc_assign(struct tty_struct *tty, struct tty_ldisc *ld)
834{
835 tty->ldisc = *ld;
836 tty->ldisc.refcount = 0;
837}
838
839/**
840 * tty_ldisc_try - internal helper
841 * @tty: the tty
842 *
843 * Make a single attempt to grab and bump the refcount on
844 * the tty ldisc. Return 0 on failure or 1 on success. This is
845 * used to implement both the waiting and non waiting versions
846 * of tty_ldisc_ref
847 *
848 * Locking: takes tty_ldisc_lock
849 */
850
851static int tty_ldisc_try(struct tty_struct *tty)
852{
853 unsigned long flags;
854 struct tty_ldisc *ld;
855 int ret = 0;
856
857 spin_lock_irqsave(&tty_ldisc_lock, flags);
858 ld = &tty->ldisc;
859 if (test_bit(TTY_LDISC, &tty->flags)) {
860 ld->refcount++;
861 ret = 1;
862 }
863 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
864 return ret;
865}
866
867/**
868 * tty_ldisc_ref_wait - wait for the tty ldisc
869 * @tty: tty device
870 *
871 * Dereference the line discipline for the terminal and take a
872 * reference to it. If the line discipline is in flux then
873 * wait patiently until it changes.
874 *
875 * Note: Must not be called from an IRQ/timer context. The caller
876 * must also be careful not to hold other locks that will deadlock
877 * against a discipline change, such as an existing ldisc reference
878 * (which we check for)
879 *
880 * Locking: call functions take tty_ldisc_lock
881 */
882
883struct tty_ldisc *tty_ldisc_ref_wait(struct tty_struct *tty)
884{
885 /* wait_event is a macro */
886 wait_event(tty_ldisc_wait, tty_ldisc_try(tty));
887 if (tty->ldisc.refcount == 0)
888 printk(KERN_ERR "tty_ldisc_ref_wait\n");
889 return &tty->ldisc;
890}
891
892EXPORT_SYMBOL_GPL(tty_ldisc_ref_wait);
893
894/**
895 * tty_ldisc_ref - get the tty ldisc
896 * @tty: tty device
897 *
898 * Dereference the line discipline for the terminal and take a
899 * reference to it. If the line discipline is in flux then
900 * return NULL. Can be called from IRQ and timer functions.
901 *
902 * Locking: called functions take tty_ldisc_lock
903 */
904
905struct tty_ldisc *tty_ldisc_ref(struct tty_struct *tty)
906{
907 if (tty_ldisc_try(tty))
908 return &tty->ldisc;
909 return NULL;
910}
911
912EXPORT_SYMBOL_GPL(tty_ldisc_ref);
913
914/**
915 * tty_ldisc_deref - free a tty ldisc reference
916 * @ld: reference to free up
917 *
918 * Undoes the effect of tty_ldisc_ref or tty_ldisc_ref_wait. May
919 * be called in IRQ context.
920 *
921 * Locking: takes tty_ldisc_lock
922 */
923
924void tty_ldisc_deref(struct tty_ldisc *ld)
925{
926 unsigned long flags;
927
928 BUG_ON(ld == NULL);
929
930 spin_lock_irqsave(&tty_ldisc_lock, flags);
931 if (ld->refcount == 0)
932 printk(KERN_ERR "tty_ldisc_deref: no references.\n");
933 else
934 ld->refcount--;
935 if (ld->refcount == 0)
936 wake_up(&tty_ldisc_wait);
937 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
938}
939
940EXPORT_SYMBOL_GPL(tty_ldisc_deref);
941
942/**
943 * tty_ldisc_enable - allow ldisc use
944 * @tty: terminal to activate ldisc on
945 *
946 * Set the TTY_LDISC flag when the line discipline can be called
947 * again. Do necessary wakeups for existing sleepers.
948 *
949 * Note: nobody should set this bit except via this function. Clearing
950 * directly is allowed.
951 */
952
953static void tty_ldisc_enable(struct tty_struct *tty)
954{
955 set_bit(TTY_LDISC, &tty->flags);
956 wake_up(&tty_ldisc_wait);
957}
958
959/**
960 * tty_set_ldisc - set line discipline
961 * @tty: the terminal to set
962 * @ldisc: the line discipline
963 *
964 * Set the discipline of a tty line. Must be called from a process
965 * context.
966 *
967 * Locking: takes tty_ldisc_lock.
968 * called functions take termios_mutex
969 */
970
971static int tty_set_ldisc(struct tty_struct *tty, int ldisc)
972{
973 int retval = 0;
974 struct tty_ldisc o_ldisc;
975 char buf[64];
976 int work;
977 unsigned long flags;
978 struct tty_ldisc *ld;
979 struct tty_struct *o_tty;
980
981 if ((ldisc < N_TTY) || (ldisc >= NR_LDISCS))
982 return -EINVAL;
983
984restart:
985
986 ld = tty_ldisc_get(ldisc);
987 /* Eduardo Blanco <ejbs@cs.cs.com.uy> */
988 /* Cyrus Durgin <cider@speakeasy.org> */
989 if (ld == NULL) {
990 request_module("tty-ldisc-%d", ldisc);
991 ld = tty_ldisc_get(ldisc);
992 }
993 if (ld == NULL)
994 return -EINVAL;
995
996 /*
997 * Problem: What do we do if this blocks ?
998 */
999
1000 tty_wait_until_sent(tty, 0);
1001
1002 if (tty->ldisc.num == ldisc) {
1003 tty_ldisc_put(ldisc);
1004 return 0;
1005 }
1006
1007 /*
1008 * No more input please, we are switching. The new ldisc
1009 * will update this value in the ldisc open function
1010 */
1011
1012 tty->receive_room = 0;
1013
1014 o_ldisc = tty->ldisc;
1015 o_tty = tty->link;
1016
1017 /*
1018 * Make sure we don't change while someone holds a
1019 * reference to the line discipline. The TTY_LDISC bit
1020 * prevents anyone taking a reference once it is clear.
1021 * We need the lock to avoid racing reference takers.
1022 */
1023
1024 spin_lock_irqsave(&tty_ldisc_lock, flags);
1025 if (tty->ldisc.refcount || (o_tty && o_tty->ldisc.refcount)) {
1026 if (tty->ldisc.refcount) {
1027 /* Free the new ldisc we grabbed. Must drop the lock
1028 first. */
1029 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1030 tty_ldisc_put(ldisc);
1031 /*
1032 * There are several reasons we may be busy, including
1033 * random momentary I/O traffic. We must therefore
1034 * retry. We could distinguish between blocking ops
1035 * and retries if we made tty_ldisc_wait() smarter.
1036 * That is up for discussion.
1037 */
1038 if (wait_event_interruptible(tty_ldisc_wait, tty->ldisc.refcount == 0) < 0)
1039 return -ERESTARTSYS;
1040 goto restart;
1041 }
1042 if (o_tty && o_tty->ldisc.refcount) {
1043 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1044 tty_ldisc_put(ldisc);
1045 if (wait_event_interruptible(tty_ldisc_wait, o_tty->ldisc.refcount == 0) < 0)
1046 return -ERESTARTSYS;
1047 goto restart;
1048 }
1049 }
1050 /*
1051 * If the TTY_LDISC bit is set, then we are racing against
1052 * another ldisc change
1053 */
1054 if (!test_bit(TTY_LDISC, &tty->flags)) {
1055 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1056 tty_ldisc_put(ldisc);
1057 ld = tty_ldisc_ref_wait(tty);
1058 tty_ldisc_deref(ld);
1059 goto restart;
1060 }
1061
1062 clear_bit(TTY_LDISC, &tty->flags);
1063 if (o_tty)
1064 clear_bit(TTY_LDISC, &o_tty->flags);
1065 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1066
1067 /*
1068 * From this point on we know nobody has an ldisc
1069 * usage reference, nor can they obtain one until
1070 * we say so later on.
1071 */
1072
1073 work = cancel_delayed_work(&tty->buf.work);
1074 /*
1075 * Wait for ->hangup_work and ->buf.work handlers to terminate
1076 */
1077 flush_scheduled_work();
1078 /* Shutdown the current discipline. */
1079 if (tty->ldisc.close)
1080 (tty->ldisc.close)(tty);
1081
1082 /* Now set up the new line discipline. */
1083 tty_ldisc_assign(tty, ld);
1084 tty_set_termios_ldisc(tty, ldisc);
1085 if (tty->ldisc.open)
1086 retval = (tty->ldisc.open)(tty);
1087 if (retval < 0) {
1088 tty_ldisc_put(ldisc);
1089 /* There is an outstanding reference here so this is safe */
1090 tty_ldisc_assign(tty, tty_ldisc_get(o_ldisc.num));
1091 tty_set_termios_ldisc(tty, tty->ldisc.num);
1092 if (tty->ldisc.open && (tty->ldisc.open(tty) < 0)) {
1093 tty_ldisc_put(o_ldisc.num);
1094 /* This driver is always present */
1095 tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
1096 tty_set_termios_ldisc(tty, N_TTY);
1097 if (tty->ldisc.open) {
1098 int r = tty->ldisc.open(tty);
1099
1100 if (r < 0)
1101 panic("Couldn't open N_TTY ldisc for "
1102 "%s --- error %d.",
1103 tty_name(tty, buf), r);
1104 }
1105 }
1106 }
1107 /* At this point we hold a reference to the new ldisc and a
1108 a reference to the old ldisc. If we ended up flipping back
1109 to the existing ldisc we have two references to it */
1110
1111 if (tty->ldisc.num != o_ldisc.num && tty->ops->set_ldisc)
1112 tty->ops->set_ldisc(tty);
1113
1114 tty_ldisc_put(o_ldisc.num);
1115
1116 /*
1117 * Allow ldisc referencing to occur as soon as the driver
1118 * ldisc callback completes.
1119 */
1120
1121 tty_ldisc_enable(tty);
1122 if (o_tty)
1123 tty_ldisc_enable(o_tty);
1124
1125 /* Restart it in case no characters kick it off. Safe if
1126 already running */
1127 if (work)
1128 schedule_delayed_work(&tty->buf.work, 1);
1129 return retval;
1130}
1131
1132/**
1133 * get_tty_driver - find device of a tty
1134 * @dev_t: device identifier
1135 * @index: returns the index of the tty
1136 *
1137 * This routine returns a tty driver structure, given a device number
1138 * and also passes back the index number.
1139 *
1140 * Locking: caller must hold tty_mutex
1141 */
1142
1143static struct tty_driver *get_tty_driver(dev_t device, int *index)
1144{
1145 struct tty_driver *p;
1146
1147 list_for_each_entry(p, &tty_drivers, tty_drivers) {
1148 dev_t base = MKDEV(p->major, p->minor_start);
1149 if (device < base || device >= base + p->num)
1150 continue;
1151 *index = device - base;
1152 return p;
1153 }
1154 return NULL;
1155}
1156
1157#ifdef CONFIG_CONSOLE_POLL
1158
1159/**
1160 * tty_find_polling_driver - find device of a polled tty
1161 * @name: name string to match
1162 * @line: pointer to resulting tty line nr
1163 *
1164 * This routine returns a tty driver structure, given a name
1165 * and the condition that the tty driver is capable of polled
1166 * operation.
1167 */
1168struct tty_driver *tty_find_polling_driver(char *name, int *line)
1169{
1170 struct tty_driver *p, *res = NULL;
1171 int tty_line = 0;
1172 char *str;
1173
1174 mutex_lock(&tty_mutex);
1175 /* Search through the tty devices to look for a match */
1176 list_for_each_entry(p, &tty_drivers, tty_drivers) {
1177 str = name + strlen(p->name);
1178 tty_line = simple_strtoul(str, &str, 10);
1179 if (*str == ',')
1180 str++;
1181 if (*str == '\0')
1182 str = NULL;
1183
1184 if (tty_line >= 0 && tty_line <= p->num && p->ops &&
1185 p->ops->poll_init && !p->ops->poll_init(p, tty_line, str)) {
1186 res = p;
1187 *line = tty_line;
1188 break;
1189 }
1190 }
1191 mutex_unlock(&tty_mutex);
1192
1193 return res;
1194}
1195EXPORT_SYMBOL_GPL(tty_find_polling_driver);
1196#endif
1197
1198/**
1199 * tty_check_change - check for POSIX terminal changes
1200 * @tty: tty to check
1201 *
1202 * If we try to write to, or set the state of, a terminal and we're
1203 * not in the foreground, send a SIGTTOU. If the signal is blocked or
1204 * ignored, go ahead and perform the operation. (POSIX 7.2)
1205 *
1206 * Locking: ctrl_lock
1207 */
1208
1209int tty_check_change(struct tty_struct *tty)
1210{
1211 unsigned long flags;
1212 int ret = 0;
1213
1214 if (current->signal->tty != tty)
1215 return 0;
1216
1217 spin_lock_irqsave(&tty->ctrl_lock, flags);
1218
1219 if (!tty->pgrp) {
1220 printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n");
1221 goto out;
1222 }
1223 if (task_pgrp(current) == tty->pgrp)
1224 goto out;
1225 if (is_ignored(SIGTTOU))
1226 goto out;
1227 if (is_current_pgrp_orphaned()) {
1228 ret = -EIO;
1229 goto out;
1230 }
1231 kill_pgrp(task_pgrp(current), SIGTTOU, 1);
1232 set_thread_flag(TIF_SIGPENDING);
1233 ret = -ERESTARTSYS;
1234out:
1235 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1236 return ret;
1237}
1238
1239EXPORT_SYMBOL(tty_check_change);
1240
1241static ssize_t hung_up_tty_read(struct file *file, char __user *buf,
1242 size_t count, loff_t *ppos)
1243{
1244 return 0;
1245}
1246
1247static ssize_t hung_up_tty_write(struct file *file, const char __user *buf,
1248 size_t count, loff_t *ppos)
1249{
1250 return -EIO;
1251}
1252
1253/* No kernel lock held - none needed ;) */
1254static unsigned int hung_up_tty_poll(struct file *filp, poll_table *wait)
1255{
1256 return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
1257}
1258
1259static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
1260 unsigned long arg)
1261{
1262 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
1263}
1264
1265static long hung_up_tty_compat_ioctl(struct file *file,
1266 unsigned int cmd, unsigned long arg)
1267{
1268 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
1269}
1270
1271static const struct file_operations tty_fops = {
1272 .llseek = no_llseek,
1273 .read = tty_read,
1274 .write = tty_write,
1275 .poll = tty_poll,
1276 .unlocked_ioctl = tty_ioctl,
1277 .compat_ioctl = tty_compat_ioctl,
1278 .open = tty_open,
1279 .release = tty_release,
1280 .fasync = tty_fasync,
1281};
1282
1283#ifdef CONFIG_UNIX98_PTYS
1284static const struct file_operations ptmx_fops = {
1285 .llseek = no_llseek,
1286 .read = tty_read,
1287 .write = tty_write,
1288 .poll = tty_poll,
1289 .unlocked_ioctl = tty_ioctl,
1290 .compat_ioctl = tty_compat_ioctl,
1291 .open = ptmx_open,
1292 .release = tty_release,
1293 .fasync = tty_fasync,
1294};
1295#endif
1296
1297static const struct file_operations console_fops = {
1298 .llseek = no_llseek,
1299 .read = tty_read,
1300 .write = redirected_tty_write,
1301 .poll = tty_poll,
1302 .unlocked_ioctl = tty_ioctl,
1303 .compat_ioctl = tty_compat_ioctl,
1304 .open = tty_open,
1305 .release = tty_release,
1306 .fasync = tty_fasync,
1307};
1308
1309static const struct file_operations hung_up_tty_fops = {
1310 .llseek = no_llseek,
1311 .read = hung_up_tty_read,
1312 .write = hung_up_tty_write,
1313 .poll = hung_up_tty_poll,
1314 .unlocked_ioctl = hung_up_tty_ioctl,
1315 .compat_ioctl = hung_up_tty_compat_ioctl,
1316 .release = tty_release,
1317};
1318
1319static DEFINE_SPINLOCK(redirect_lock);
1320static struct file *redirect;
1321
1322/**
1323 * tty_wakeup - request more data
1324 * @tty: terminal
1325 *
1326 * Internal and external helper for wakeups of tty. This function
1327 * informs the line discipline if present that the driver is ready
1328 * to receive more output data.
1329 */
1330
1331void tty_wakeup(struct tty_struct *tty)
1332{
1333 struct tty_ldisc *ld;
1334
1335 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
1336 ld = tty_ldisc_ref(tty);
1337 if (ld) {
1338 if (ld->write_wakeup)
1339 ld->write_wakeup(tty);
1340 tty_ldisc_deref(ld);
1341 }
1342 }
1343 wake_up_interruptible(&tty->write_wait);
1344}
1345
1346EXPORT_SYMBOL_GPL(tty_wakeup);
1347
1348/**
1349 * tty_ldisc_flush - flush line discipline queue
1350 * @tty: tty
1351 *
1352 * Flush the line discipline queue (if any) for this tty. If there
1353 * is no line discipline active this is a no-op.
1354 */
1355
1356void tty_ldisc_flush(struct tty_struct *tty)
1357{
1358 struct tty_ldisc *ld = tty_ldisc_ref(tty);
1359 if (ld) {
1360 if (ld->flush_buffer)
1361 ld->flush_buffer(tty);
1362 tty_ldisc_deref(ld);
1363 }
1364 tty_buffer_flush(tty);
1365}
1366
1367EXPORT_SYMBOL_GPL(tty_ldisc_flush);
1368
1369/**
1370 * tty_reset_termios - reset terminal state
1371 * @tty: tty to reset
1372 *
1373 * Restore a terminal to the driver default state
1374 */
1375
1376static void tty_reset_termios(struct tty_struct *tty)
1377{
1378 mutex_lock(&tty->termios_mutex);
1379 *tty->termios = tty->driver->init_termios;
1380 tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
1381 tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
1382 mutex_unlock(&tty->termios_mutex);
1383}
1384
1385/**
1386 * do_tty_hangup - actual handler for hangup events
1387 * @work: tty device
1388 *
1389 * This can be called by the "eventd" kernel thread. That is process
1390 * synchronous but doesn't hold any locks, so we need to make sure we
1391 * have the appropriate locks for what we're doing.
1392 *
1393 * The hangup event clears any pending redirections onto the hung up
1394 * device. It ensures future writes will error and it does the needed
1395 * line discipline hangup and signal delivery. The tty object itself
1396 * remains intact.
1397 *
1398 * Locking:
1399 * BKL
1400 * redirect lock for undoing redirection
1401 * file list lock for manipulating list of ttys
1402 * tty_ldisc_lock from called functions
1403 * termios_mutex resetting termios data
1404 * tasklist_lock to walk task list for hangup event
1405 * ->siglock to protect ->signal/->sighand
1406 */
1407static void do_tty_hangup(struct work_struct *work)
1408{
1409 struct tty_struct *tty =
1410 container_of(work, struct tty_struct, hangup_work);
1411 struct file *cons_filp = NULL;
1412 struct file *filp, *f = NULL;
1413 struct task_struct *p;
1414 struct tty_ldisc *ld;
1415 int closecount = 0, n;
1416 unsigned long flags;
1417
1418 if (!tty)
1419 return;
1420
1421 /* inuse_filps is protected by the single kernel lock */
1422 lock_kernel();
1423
1424 spin_lock(&redirect_lock);
1425 if (redirect && redirect->private_data == tty) {
1426 f = redirect;
1427 redirect = NULL;
1428 }
1429 spin_unlock(&redirect_lock);
1430
1431 check_tty_count(tty, "do_tty_hangup");
1432 file_list_lock();
1433 /* This breaks for file handles being sent over AF_UNIX sockets ? */
1434 list_for_each_entry(filp, &tty->tty_files, f_u.fu_list) {
1435 if (filp->f_op->write == redirected_tty_write)
1436 cons_filp = filp;
1437 if (filp->f_op->write != tty_write)
1438 continue;
1439 closecount++;
1440 tty_fasync(-1, filp, 0); /* can't block */
1441 filp->f_op = &hung_up_tty_fops;
1442 }
1443 file_list_unlock();
1444 /*
1445 * FIXME! What are the locking issues here? This may me overdoing
1446 * things... This question is especially important now that we've
1447 * removed the irqlock.
1448 */
1449 ld = tty_ldisc_ref(tty);
1450 if (ld != NULL) {
1451 /* We may have no line discipline at this point */
1452 if (ld->flush_buffer)
1453 ld->flush_buffer(tty);
1454 tty_driver_flush_buffer(tty);
1455 if ((test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) &&
1456 ld->write_wakeup)
1457 ld->write_wakeup(tty);
1458 if (ld->hangup)
1459 ld->hangup(tty);
1460 }
1461 /*
1462 * FIXME: Once we trust the LDISC code better we can wait here for
1463 * ldisc completion and fix the driver call race
1464 */
1465 wake_up_interruptible(&tty->write_wait);
1466 wake_up_interruptible(&tty->read_wait);
1467 /*
1468 * Shutdown the current line discipline, and reset it to
1469 * N_TTY.
1470 */
1471 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1472 tty_reset_termios(tty);
1473 /* Defer ldisc switch */
1474 /* tty_deferred_ldisc_switch(N_TTY);
1475
1476 This should get done automatically when the port closes and
1477 tty_release is called */
1478
1479 read_lock(&tasklist_lock);
1480 if (tty->session) {
1481 do_each_pid_task(tty->session, PIDTYPE_SID, p) {
1482 spin_lock_irq(&p->sighand->siglock);
1483 if (p->signal->tty == tty)
1484 p->signal->tty = NULL;
1485 if (!p->signal->leader) {
1486 spin_unlock_irq(&p->sighand->siglock);
1487 continue;
1488 }
1489 __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
1490 __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
1491 put_pid(p->signal->tty_old_pgrp); /* A noop */
1492 spin_lock_irqsave(&tty->ctrl_lock, flags);
1493 if (tty->pgrp)
1494 p->signal->tty_old_pgrp = get_pid(tty->pgrp);
1495 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1496 spin_unlock_irq(&p->sighand->siglock);
1497 } while_each_pid_task(tty->session, PIDTYPE_SID, p);
1498 }
1499 read_unlock(&tasklist_lock);
1500
1501 spin_lock_irqsave(&tty->ctrl_lock, flags);
1502 tty->flags = 0;
1503 put_pid(tty->session);
1504 put_pid(tty->pgrp);
1505 tty->session = NULL;
1506 tty->pgrp = NULL;
1507 tty->ctrl_status = 0;
1508 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1509
1510 /*
1511 * If one of the devices matches a console pointer, we
1512 * cannot just call hangup() because that will cause
1513 * tty->count and state->count to go out of sync.
1514 * So we just call close() the right number of times.
1515 */
1516 if (cons_filp) {
1517 if (tty->ops->close)
1518 for (n = 0; n < closecount; n++)
1519 tty->ops->close(tty, cons_filp);
1520 } else if (tty->ops->hangup)
1521 (tty->ops->hangup)(tty);
1522 /*
1523 * We don't want to have driver/ldisc interactions beyond
1524 * the ones we did here. The driver layer expects no
1525 * calls after ->hangup() from the ldisc side. However we
1526 * can't yet guarantee all that.
1527 */
1528 set_bit(TTY_HUPPED, &tty->flags);
1529 if (ld) {
1530 tty_ldisc_enable(tty);
1531 tty_ldisc_deref(ld);
1532 }
1533 unlock_kernel();
1534 if (f)
1535 fput(f);
1536}
1537
1538/**
1539 * tty_hangup - trigger a hangup event
1540 * @tty: tty to hangup
1541 *
1542 * A carrier loss (virtual or otherwise) has occurred on this like
1543 * schedule a hangup sequence to run after this event.
1544 */
1545
1546void tty_hangup(struct tty_struct *tty)
1547{
1548#ifdef TTY_DEBUG_HANGUP
1549 char buf[64];
1550 printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
1551#endif
1552 schedule_work(&tty->hangup_work);
1553}
1554
1555EXPORT_SYMBOL(tty_hangup);
1556
1557/**
1558 * tty_vhangup - process vhangup
1559 * @tty: tty to hangup
1560 *
1561 * The user has asked via system call for the terminal to be hung up.
1562 * We do this synchronously so that when the syscall returns the process
1563 * is complete. That guarantee is necessary for security reasons.
1564 */
1565
1566void tty_vhangup(struct tty_struct *tty)
1567{
1568#ifdef TTY_DEBUG_HANGUP
1569 char buf[64];
1570
1571 printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
1572#endif
1573 do_tty_hangup(&tty->hangup_work);
1574}
1575
1576EXPORT_SYMBOL(tty_vhangup);
1577
1578/**
1579 * tty_hung_up_p - was tty hung up
1580 * @filp: file pointer of tty
1581 *
1582 * Return true if the tty has been subject to a vhangup or a carrier
1583 * loss
1584 */
1585
1586int tty_hung_up_p(struct file *filp)
1587{
1588 return (filp->f_op == &hung_up_tty_fops);
1589}
1590
1591EXPORT_SYMBOL(tty_hung_up_p);
1592
1593/**
1594 * is_tty - checker whether file is a TTY
1595 * @filp: file handle that may be a tty
1596 *
1597 * Check if the file handle is a tty handle.
1598 */
1599
1600int is_tty(struct file *filp)
1601{
1602 return filp->f_op->read == tty_read
1603 || filp->f_op->read == hung_up_tty_read;
1604}
1605
1606static void session_clear_tty(struct pid *session)
1607{
1608 struct task_struct *p;
1609 do_each_pid_task(session, PIDTYPE_SID, p) {
1610 proc_clear_tty(p);
1611 } while_each_pid_task(session, PIDTYPE_SID, p);
1612}
1613
1614/**
1615 * disassociate_ctty - disconnect controlling tty
1616 * @on_exit: true if exiting so need to "hang up" the session
1617 *
1618 * This function is typically called only by the session leader, when
1619 * it wants to disassociate itself from its controlling tty.
1620 *
1621 * It performs the following functions:
1622 * (1) Sends a SIGHUP and SIGCONT to the foreground process group
1623 * (2) Clears the tty from being controlling the session
1624 * (3) Clears the controlling tty for all processes in the
1625 * session group.
1626 *
1627 * The argument on_exit is set to 1 if called when a process is
1628 * exiting; it is 0 if called by the ioctl TIOCNOTTY.
1629 *
1630 * Locking:
1631 * BKL is taken for hysterical raisins
1632 * tty_mutex is taken to protect tty
1633 * ->siglock is taken to protect ->signal/->sighand
1634 * tasklist_lock is taken to walk process list for sessions
1635 * ->siglock is taken to protect ->signal/->sighand
1636 */
1637
1638void disassociate_ctty(int on_exit)
1639{
1640 struct tty_struct *tty;
1641 struct pid *tty_pgrp = NULL;
1642
1643
1644 mutex_lock(&tty_mutex);
1645 tty = get_current_tty();
1646 if (tty) {
1647 tty_pgrp = get_pid(tty->pgrp);
1648 mutex_unlock(&tty_mutex);
1649 lock_kernel();
1650 /* XXX: here we race, there is nothing protecting tty */
1651 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY)
1652 tty_vhangup(tty);
1653 unlock_kernel();
1654 } else if (on_exit) {
1655 struct pid *old_pgrp;
1656 spin_lock_irq(&current->sighand->siglock);
1657 old_pgrp = current->signal->tty_old_pgrp;
1658 current->signal->tty_old_pgrp = NULL;
1659 spin_unlock_irq(&current->sighand->siglock);
1660 if (old_pgrp) {
1661 kill_pgrp(old_pgrp, SIGHUP, on_exit);
1662 kill_pgrp(old_pgrp, SIGCONT, on_exit);
1663 put_pid(old_pgrp);
1664 }
1665 mutex_unlock(&tty_mutex);
1666 return;
1667 }
1668 if (tty_pgrp) {
1669 kill_pgrp(tty_pgrp, SIGHUP, on_exit);
1670 if (!on_exit)
1671 kill_pgrp(tty_pgrp, SIGCONT, on_exit);
1672 put_pid(tty_pgrp);
1673 }
1674
1675 spin_lock_irq(&current->sighand->siglock);
1676 put_pid(current->signal->tty_old_pgrp);
1677 current->signal->tty_old_pgrp = NULL;
1678 spin_unlock_irq(&current->sighand->siglock);
1679
1680 mutex_lock(&tty_mutex);
1681 /* It is possible that do_tty_hangup has free'd this tty */
1682 tty = get_current_tty();
1683 if (tty) {
1684 unsigned long flags;
1685 spin_lock_irqsave(&tty->ctrl_lock, flags);
1686 put_pid(tty->session);
1687 put_pid(tty->pgrp);
1688 tty->session = NULL;
1689 tty->pgrp = NULL;
1690 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1691 } else {
1692#ifdef TTY_DEBUG_HANGUP
1693 printk(KERN_DEBUG "error attempted to write to tty [0x%p]"
1694 " = NULL", tty);
1695#endif
1696 }
1697 mutex_unlock(&tty_mutex);
1698
1699 /* Now clear signal->tty under the lock */
1700 read_lock(&tasklist_lock);
1701 session_clear_tty(task_session(current));
1702 read_unlock(&tasklist_lock);
1703}
1704
1705/**
1706 *
1707 * no_tty - Ensure the current process does not have a controlling tty
1708 */
1709void no_tty(void)
1710{
1711 struct task_struct *tsk = current;
1712 lock_kernel();
1713 if (tsk->signal->leader)
1714 disassociate_ctty(0);
1715 unlock_kernel();
1716 proc_clear_tty(tsk);
1717}
1718
1719
1720/**
1721 * stop_tty - propagate flow control
1722 * @tty: tty to stop
1723 *
1724 * Perform flow control to the driver. For PTY/TTY pairs we
1725 * must also propagate the TIOCKPKT status. May be called
1726 * on an already stopped device and will not re-call the driver
1727 * method.
1728 *
1729 * This functionality is used by both the line disciplines for
1730 * halting incoming flow and by the driver. It may therefore be
1731 * called from any context, may be under the tty atomic_write_lock
1732 * but not always.
1733 *
1734 * Locking:
1735 * Uses the tty control lock internally
1736 */
1737
1738void stop_tty(struct tty_struct *tty)
1739{
1740 unsigned long flags;
1741 spin_lock_irqsave(&tty->ctrl_lock, flags);
1742 if (tty->stopped) {
1743 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1744 return;
1745 }
1746 tty->stopped = 1;
1747 if (tty->link && tty->link->packet) {
1748 tty->ctrl_status &= ~TIOCPKT_START;
1749 tty->ctrl_status |= TIOCPKT_STOP;
1750 wake_up_interruptible(&tty->link->read_wait);
1751 }
1752 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1753 if (tty->ops->stop)
1754 (tty->ops->stop)(tty);
1755}
1756
1757EXPORT_SYMBOL(stop_tty);
1758
1759/**
1760 * start_tty - propagate flow control
1761 * @tty: tty to start
1762 *
1763 * Start a tty that has been stopped if at all possible. Perform
1764 * any necessary wakeups and propagate the TIOCPKT status. If this
1765 * is the tty was previous stopped and is being started then the
1766 * driver start method is invoked and the line discipline woken.
1767 *
1768 * Locking:
1769 * ctrl_lock
1770 */
1771
1772void start_tty(struct tty_struct *tty)
1773{
1774 unsigned long flags;
1775 spin_lock_irqsave(&tty->ctrl_lock, flags);
1776 if (!tty->stopped || tty->flow_stopped) {
1777 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1778 return;
1779 }
1780 tty->stopped = 0;
1781 if (tty->link && tty->link->packet) {
1782 tty->ctrl_status &= ~TIOCPKT_STOP;
1783 tty->ctrl_status |= TIOCPKT_START;
1784 wake_up_interruptible(&tty->link->read_wait);
1785 }
1786 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1787 if (tty->ops->start)
1788 (tty->ops->start)(tty);
1789 /* If we have a running line discipline it may need kicking */
1790 tty_wakeup(tty);
1791}
1792
1793EXPORT_SYMBOL(start_tty);
1794
1795/**
1796 * tty_read - read method for tty device files
1797 * @file: pointer to tty file
1798 * @buf: user buffer
1799 * @count: size of user buffer
1800 * @ppos: unused
1801 *
1802 * Perform the read system call function on this terminal device. Checks
1803 * for hung up devices before calling the line discipline method.
1804 *
1805 * Locking:
1806 * Locks the line discipline internally while needed. Multiple
1807 * read calls may be outstanding in parallel.
1808 */
1809
1810static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
1811 loff_t *ppos)
1812{
1813 int i;
1814 struct tty_struct *tty;
1815 struct inode *inode;
1816 struct tty_ldisc *ld;
1817
1818 tty = (struct tty_struct *)file->private_data;
1819 inode = file->f_path.dentry->d_inode;
1820 if (tty_paranoia_check(tty, inode, "tty_read"))
1821 return -EIO;
1822 if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
1823 return -EIO;
1824
1825 /* We want to wait for the line discipline to sort out in this
1826 situation */
1827 ld = tty_ldisc_ref_wait(tty);
1828 if (ld->read)
1829 i = (ld->read)(tty, file, buf, count);
1830 else
1831 i = -EIO;
1832 tty_ldisc_deref(ld);
1833 if (i > 0)
1834 inode->i_atime = current_fs_time(inode->i_sb);
1835 return i;
1836}
1837
1838void tty_write_unlock(struct tty_struct *tty)
1839{
1840 mutex_unlock(&tty->atomic_write_lock);
1841 wake_up_interruptible(&tty->write_wait);
1842}
1843
1844int tty_write_lock(struct tty_struct *tty, int ndelay)
1845{
1846 if (!mutex_trylock(&tty->atomic_write_lock)) {
1847 if (ndelay)
1848 return -EAGAIN;
1849 if (mutex_lock_interruptible(&tty->atomic_write_lock))
1850 return -ERESTARTSYS;
1851 }
1852 return 0;
1853}
1854
1855/*
1856 * Split writes up in sane blocksizes to avoid
1857 * denial-of-service type attacks
1858 */
1859static inline ssize_t do_tty_write(
1860 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1861 struct tty_struct *tty,
1862 struct file *file,
1863 const char __user *buf,
1864 size_t count)
1865{
1866 ssize_t ret, written = 0;
1867 unsigned int chunk;
1868
1869 ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
1870 if (ret < 0)
1871 return ret;
1872
1873 /*
1874 * We chunk up writes into a temporary buffer. This
1875 * simplifies low-level drivers immensely, since they
1876 * don't have locking issues and user mode accesses.
1877 *
1878 * But if TTY_NO_WRITE_SPLIT is set, we should use a
1879 * big chunk-size..
1880 *
1881 * The default chunk-size is 2kB, because the NTTY
1882 * layer has problems with bigger chunks. It will
1883 * claim to be able to handle more characters than
1884 * it actually does.
1885 *
1886 * FIXME: This can probably go away now except that 64K chunks
1887 * are too likely to fail unless switched to vmalloc...
1888 */
1889 chunk = 2048;
1890 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1891 chunk = 65536;
1892 if (count < chunk)
1893 chunk = count;
1894
1895 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1896 if (tty->write_cnt < chunk) {
1897 unsigned char *buf;
1898
1899 if (chunk < 1024)
1900 chunk = 1024;
1901
1902 buf = kmalloc(chunk, GFP_KERNEL);
1903 if (!buf) {
1904 ret = -ENOMEM;
1905 goto out;
1906 }
1907 kfree(tty->write_buf);
1908 tty->write_cnt = chunk;
1909 tty->write_buf = buf;
1910 }
1911
1912 /* Do the write .. */
1913 for (;;) {
1914 size_t size = count;
1915 if (size > chunk)
1916 size = chunk;
1917 ret = -EFAULT;
1918 if (copy_from_user(tty->write_buf, buf, size))
1919 break;
1920 ret = write(tty, file, tty->write_buf, size);
1921 if (ret <= 0)
1922 break;
1923 written += ret;
1924 buf += ret;
1925 count -= ret;
1926 if (!count)
1927 break;
1928 ret = -ERESTARTSYS;
1929 if (signal_pending(current))
1930 break;
1931 cond_resched();
1932 }
1933 if (written) {
1934 struct inode *inode = file->f_path.dentry->d_inode;
1935 inode->i_mtime = current_fs_time(inode->i_sb);
1936 ret = written;
1937 }
1938out:
1939 tty_write_unlock(tty);
1940 return ret;
1941}
1942
1943
1944/**
1945 * tty_write - write method for tty device file
1946 * @file: tty file pointer
1947 * @buf: user data to write
1948 * @count: bytes to write
1949 * @ppos: unused
1950 *
1951 * Write data to a tty device via the line discipline.
1952 *
1953 * Locking:
1954 * Locks the line discipline as required
1955 * Writes to the tty driver are serialized by the atomic_write_lock
1956 * and are then processed in chunks to the device. The line discipline
1957 * write method will not be involked in parallel for each device
1958 * The line discipline write method is called under the big
1959 * kernel lock for historical reasons. New code should not rely on this.
1960 */
1961
1962static ssize_t tty_write(struct file *file, const char __user *buf,
1963 size_t count, loff_t *ppos)
1964{
1965 struct tty_struct *tty;
1966 struct inode *inode = file->f_path.dentry->d_inode;
1967 ssize_t ret;
1968 struct tty_ldisc *ld;
1969
1970 tty = (struct tty_struct *)file->private_data;
1971 if (tty_paranoia_check(tty, inode, "tty_write"))
1972 return -EIO;
1973 if (!tty || !tty->ops->write ||
1974 (test_bit(TTY_IO_ERROR, &tty->flags)))
1975 return -EIO;
1976 /* Short term debug to catch buggy drivers */
1977 if (tty->ops->write_room == NULL)
1978 printk(KERN_ERR "tty driver %s lacks a write_room method.\n",
1979 tty->driver->name);
1980 ld = tty_ldisc_ref_wait(tty);
1981 if (!ld->write)
1982 ret = -EIO;
1983 else
1984 ret = do_tty_write(ld->write, tty, file, buf, count);
1985 tty_ldisc_deref(ld);
1986 return ret;
1987}
1988
1989ssize_t redirected_tty_write(struct file *file, const char __user *buf,
1990 size_t count, loff_t *ppos)
1991{
1992 struct file *p = NULL;
1993
1994 spin_lock(&redirect_lock);
1995 if (redirect) {
1996 get_file(redirect);
1997 p = redirect;
1998 }
1999 spin_unlock(&redirect_lock);
2000
2001 if (p) {
2002 ssize_t res;
2003 res = vfs_write(p, buf, count, &p->f_pos);
2004 fput(p);
2005 return res;
2006 }
2007 return tty_write(file, buf, count, ppos);
2008}
2009
2010static char ptychar[] = "pqrstuvwxyzabcde";
2011
2012/**
2013 * pty_line_name - generate name for a pty
2014 * @driver: the tty driver in use
2015 * @index: the minor number
2016 * @p: output buffer of at least 6 bytes
2017 *
2018 * Generate a name from a driver reference and write it to the output
2019 * buffer.
2020 *
2021 * Locking: None
2022 */
2023static void pty_line_name(struct tty_driver *driver, int index, char *p)
2024{
2025 int i = index + driver->name_base;
2026 /* ->name is initialized to "ttyp", but "tty" is expected */
2027 sprintf(p, "%s%c%x",
2028 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
2029 ptychar[i >> 4 & 0xf], i & 0xf);
2030}
2031
2032/**
2033 * pty_line_name - generate name for a tty
2034 * @driver: the tty driver in use
2035 * @index: the minor number
2036 * @p: output buffer of at least 7 bytes
2037 *
2038 * Generate a name from a driver reference and write it to the output
2039 * buffer.
2040 *
2041 * Locking: None
2042 */
2043static void tty_line_name(struct tty_driver *driver, int index, char *p)
2044{
2045 sprintf(p, "%s%d", driver->name, index + driver->name_base);
2046}
2047
2048/**
2049 * init_dev - initialise a tty device
2050 * @driver: tty driver we are opening a device on
2051 * @idx: device index
2052 * @tty: returned tty structure
2053 *
2054 * Prepare a tty device. This may not be a "new" clean device but
2055 * could also be an active device. The pty drivers require special
2056 * handling because of this.
2057 *
2058 * Locking:
2059 * The function is called under the tty_mutex, which
2060 * protects us from the tty struct or driver itself going away.
2061 *
2062 * On exit the tty device has the line discipline attached and
2063 * a reference count of 1. If a pair was created for pty/tty use
2064 * and the other was a pty master then it too has a reference count of 1.
2065 *
2066 * WSH 06/09/97: Rewritten to remove races and properly clean up after a
2067 * failed open. The new code protects the open with a mutex, so it's
2068 * really quite straightforward. The mutex locking can probably be
2069 * relaxed for the (most common) case of reopening a tty.
2070 */
2071
2072static int init_dev(struct tty_driver *driver, int idx,
2073 struct tty_struct **ret_tty)
2074{
2075 struct tty_struct *tty, *o_tty;
2076 struct ktermios *tp, **tp_loc, *o_tp, **o_tp_loc;
2077 struct ktermios *ltp, **ltp_loc, *o_ltp, **o_ltp_loc;
2078 int retval = 0;
2079
2080 /* check whether we're reopening an existing tty */
2081 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
2082 tty = devpts_get_tty(idx);
2083 /*
2084 * If we don't have a tty here on a slave open, it's because
2085 * the master already started the close process and there's
2086 * no relation between devpts file and tty anymore.
2087 */
2088 if (!tty && driver->subtype == PTY_TYPE_SLAVE) {
2089 retval = -EIO;
2090 goto end_init;
2091 }
2092 /*
2093 * It's safe from now on because init_dev() is called with
2094 * tty_mutex held and release_dev() won't change tty->count
2095 * or tty->flags without having to grab tty_mutex
2096 */
2097 if (tty && driver->subtype == PTY_TYPE_MASTER)
2098 tty = tty->link;
2099 } else {
2100 tty = driver->ttys[idx];
2101 }
2102 if (tty) goto fast_track;
2103
2104 /*
2105 * First time open is complex, especially for PTY devices.
2106 * This code guarantees that either everything succeeds and the
2107 * TTY is ready for operation, or else the table slots are vacated
2108 * and the allocated memory released. (Except that the termios
2109 * and locked termios may be retained.)
2110 */
2111
2112 if (!try_module_get(driver->owner)) {
2113 retval = -ENODEV;
2114 goto end_init;
2115 }
2116
2117 o_tty = NULL;
2118 tp = o_tp = NULL;
2119 ltp = o_ltp = NULL;
2120
2121 tty = alloc_tty_struct();
2122 if (!tty)
2123 goto fail_no_mem;
2124 initialize_tty_struct(tty);
2125 tty->driver = driver;
2126 tty->ops = driver->ops;
2127 tty->index = idx;
2128 tty_line_name(driver, idx, tty->name);
2129
2130 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
2131 tp_loc = &tty->termios;
2132 ltp_loc = &tty->termios_locked;
2133 } else {
2134 tp_loc = &driver->termios[idx];
2135 ltp_loc = &driver->termios_locked[idx];
2136 }
2137
2138 if (!*tp_loc) {
2139 tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
2140 if (!tp)
2141 goto free_mem_out;
2142 *tp = driver->init_termios;
2143 }
2144
2145 if (!*ltp_loc) {
2146 ltp = kzalloc(sizeof(struct ktermios), GFP_KERNEL);
2147 if (!ltp)
2148 goto free_mem_out;
2149 }
2150
2151 if (driver->type == TTY_DRIVER_TYPE_PTY) {
2152 o_tty = alloc_tty_struct();
2153 if (!o_tty)
2154 goto free_mem_out;
2155 initialize_tty_struct(o_tty);
2156 o_tty->driver = driver->other;
2157 o_tty->ops = driver->ops;
2158 o_tty->index = idx;
2159 tty_line_name(driver->other, idx, o_tty->name);
2160
2161 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
2162 o_tp_loc = &o_tty->termios;
2163 o_ltp_loc = &o_tty->termios_locked;
2164 } else {
2165 o_tp_loc = &driver->other->termios[idx];
2166 o_ltp_loc = &driver->other->termios_locked[idx];
2167 }
2168
2169 if (!*o_tp_loc) {
2170 o_tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
2171 if (!o_tp)
2172 goto free_mem_out;
2173 *o_tp = driver->other->init_termios;
2174 }
2175
2176 if (!*o_ltp_loc) {
2177 o_ltp = kzalloc(sizeof(struct ktermios), GFP_KERNEL);
2178 if (!o_ltp)
2179 goto free_mem_out;
2180 }
2181
2182 /*
2183 * Everything allocated ... set up the o_tty structure.
2184 */
2185 if (!(driver->other->flags & TTY_DRIVER_DEVPTS_MEM))
2186 driver->other->ttys[idx] = o_tty;
2187 if (!*o_tp_loc)
2188 *o_tp_loc = o_tp;
2189 if (!*o_ltp_loc)
2190 *o_ltp_loc = o_ltp;
2191 o_tty->termios = *o_tp_loc;
2192 o_tty->termios_locked = *o_ltp_loc;
2193 driver->other->refcount++;
2194 if (driver->subtype == PTY_TYPE_MASTER)
2195 o_tty->count++;
2196
2197 /* Establish the links in both directions */
2198 tty->link = o_tty;
2199 o_tty->link = tty;
2200 }
2201
2202 /*
2203 * All structures have been allocated, so now we install them.
2204 * Failures after this point use release_tty to clean up, so
2205 * there's no need to null out the local pointers.
2206 */
2207 if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM))
2208 driver->ttys[idx] = tty;
2209
2210 if (!*tp_loc)
2211 *tp_loc = tp;
2212 if (!*ltp_loc)
2213 *ltp_loc = ltp;
2214 tty->termios = *tp_loc;
2215 tty->termios_locked = *ltp_loc;
2216 /* Compatibility until drivers always set this */
2217 tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
2218 tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
2219 driver->refcount++;
2220 tty->count++;
2221
2222 /*
2223 * Structures all installed ... call the ldisc open routines.
2224 * If we fail here just call release_tty to clean up. No need
2225 * to decrement the use counts, as release_tty doesn't care.
2226 */
2227
2228 if (tty->ldisc.open) {
2229 retval = (tty->ldisc.open)(tty);
2230 if (retval)
2231 goto release_mem_out;
2232 }
2233 if (o_tty && o_tty->ldisc.open) {
2234 retval = (o_tty->ldisc.open)(o_tty);
2235 if (retval) {
2236 if (tty->ldisc.close)
2237 (tty->ldisc.close)(tty);
2238 goto release_mem_out;
2239 }
2240 tty_ldisc_enable(o_tty);
2241 }
2242 tty_ldisc_enable(tty);
2243 goto success;
2244
2245 /*
2246 * This fast open can be used if the tty is already open.
2247 * No memory is allocated, and the only failures are from
2248 * attempting to open a closing tty or attempting multiple
2249 * opens on a pty master.
2250 */
2251fast_track:
2252 if (test_bit(TTY_CLOSING, &tty->flags)) {
2253 retval = -EIO;
2254 goto end_init;
2255 }
2256 if (driver->type == TTY_DRIVER_TYPE_PTY &&
2257 driver->subtype == PTY_TYPE_MASTER) {
2258 /*
2259 * special case for PTY masters: only one open permitted,
2260 * and the slave side open count is incremented as well.
2261 */
2262 if (tty->count) {
2263 retval = -EIO;
2264 goto end_init;
2265 }
2266 tty->link->count++;
2267 }
2268 tty->count++;
2269 tty->driver = driver; /* N.B. why do this every time?? */
2270
2271 /* FIXME */
2272 if (!test_bit(TTY_LDISC, &tty->flags))
2273 printk(KERN_ERR "init_dev but no ldisc\n");
2274success:
2275 *ret_tty = tty;
2276
2277 /* All paths come through here to release the mutex */
2278end_init:
2279 return retval;
2280
2281 /* Release locally allocated memory ... nothing placed in slots */
2282free_mem_out:
2283 kfree(o_tp);
2284 if (o_tty)
2285 free_tty_struct(o_tty);
2286 kfree(ltp);
2287 kfree(tp);
2288 free_tty_struct(tty);
2289
2290fail_no_mem:
2291 module_put(driver->owner);
2292 retval = -ENOMEM;
2293 goto end_init;
2294
2295 /* call the tty release_tty routine to clean out this slot */
2296release_mem_out:
2297 if (printk_ratelimit())
2298 printk(KERN_INFO "init_dev: ldisc open failed, "
2299 "clearing slot %d\n", idx);
2300 release_tty(tty, idx);
2301 goto end_init;
2302}
2303
2304/**
2305 * release_one_tty - release tty structure memory
2306 *
2307 * Releases memory associated with a tty structure, and clears out the
2308 * driver table slots. This function is called when a device is no longer
2309 * in use. It also gets called when setup of a device fails.
2310 *
2311 * Locking:
2312 * tty_mutex - sometimes only
2313 * takes the file list lock internally when working on the list
2314 * of ttys that the driver keeps.
2315 * FIXME: should we require tty_mutex is held here ??
2316 */
2317static void release_one_tty(struct tty_struct *tty, int idx)
2318{
2319 int devpts = tty->driver->flags & TTY_DRIVER_DEVPTS_MEM;
2320 struct ktermios *tp;
2321
2322 if (!devpts)
2323 tty->driver->ttys[idx] = NULL;
2324
2325 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
2326 tp = tty->termios;
2327 if (!devpts)
2328 tty->driver->termios[idx] = NULL;
2329 kfree(tp);
2330
2331 tp = tty->termios_locked;
2332 if (!devpts)
2333 tty->driver->termios_locked[idx] = NULL;
2334 kfree(tp);
2335 }
2336
2337
2338 tty->magic = 0;
2339 tty->driver->refcount--;
2340
2341 file_list_lock();
2342 list_del_init(&tty->tty_files);
2343 file_list_unlock();
2344
2345 free_tty_struct(tty);
2346}
2347
2348/**
2349 * release_tty - release tty structure memory
2350 *
2351 * Release both @tty and a possible linked partner (think pty pair),
2352 * and decrement the refcount of the backing module.
2353 *
2354 * Locking:
2355 * tty_mutex - sometimes only
2356 * takes the file list lock internally when working on the list
2357 * of ttys that the driver keeps.
2358 * FIXME: should we require tty_mutex is held here ??
2359 */
2360static void release_tty(struct tty_struct *tty, int idx)
2361{
2362 struct tty_driver *driver = tty->driver;
2363
2364 if (tty->link)
2365 release_one_tty(tty->link, idx);
2366 release_one_tty(tty, idx);
2367 module_put(driver->owner);
2368}
2369
2370/*
2371 * Even releasing the tty structures is a tricky business.. We have
2372 * to be very careful that the structures are all released at the
2373 * same time, as interrupts might otherwise get the wrong pointers.
2374 *
2375 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
2376 * lead to double frees or releasing memory still in use.
2377 */
2378static void release_dev(struct file *filp)
2379{
2380 struct tty_struct *tty, *o_tty;
2381 int pty_master, tty_closing, o_tty_closing, do_sleep;
2382 int devpts;
2383 int idx;
2384 char buf[64];
2385 unsigned long flags;
2386
2387 tty = (struct tty_struct *)filp->private_data;
2388 if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode,
2389 "release_dev"))
2390 return;
2391
2392 check_tty_count(tty, "release_dev");
2393
2394 tty_fasync(-1, filp, 0);
2395
2396 idx = tty->index;
2397 pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2398 tty->driver->subtype == PTY_TYPE_MASTER);
2399 devpts = (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) != 0;
2400 o_tty = tty->link;
2401
2402#ifdef TTY_PARANOIA_CHECK
2403 if (idx < 0 || idx >= tty->driver->num) {
2404 printk(KERN_DEBUG "release_dev: bad idx when trying to "
2405 "free (%s)\n", tty->name);
2406 return;
2407 }
2408 if (!(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2409 if (tty != tty->driver->ttys[idx]) {
2410 printk(KERN_DEBUG "release_dev: driver.table[%d] not tty "
2411 "for (%s)\n", idx, tty->name);
2412 return;
2413 }
2414 if (tty->termios != tty->driver->termios[idx]) {
2415 printk(KERN_DEBUG "release_dev: driver.termios[%d] not termios "
2416 "for (%s)\n",
2417 idx, tty->name);
2418 return;
2419 }
2420 if (tty->termios_locked != tty->driver->termios_locked[idx]) {
2421 printk(KERN_DEBUG "release_dev: driver.termios_locked[%d] not "
2422 "termios_locked for (%s)\n",
2423 idx, tty->name);
2424 return;
2425 }
2426 }
2427#endif
2428
2429#ifdef TTY_DEBUG_HANGUP
2430 printk(KERN_DEBUG "release_dev of %s (tty count=%d)...",
2431 tty_name(tty, buf), tty->count);
2432#endif
2433
2434#ifdef TTY_PARANOIA_CHECK
2435 if (tty->driver->other &&
2436 !(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2437 if (o_tty != tty->driver->other->ttys[idx]) {
2438 printk(KERN_DEBUG "release_dev: other->table[%d] "
2439 "not o_tty for (%s)\n",
2440 idx, tty->name);
2441 return;
2442 }
2443 if (o_tty->termios != tty->driver->other->termios[idx]) {
2444 printk(KERN_DEBUG "release_dev: other->termios[%d] "
2445 "not o_termios for (%s)\n",
2446 idx, tty->name);
2447 return;
2448 }
2449 if (o_tty->termios_locked !=
2450 tty->driver->other->termios_locked[idx]) {
2451 printk(KERN_DEBUG "release_dev: other->termios_locked["
2452 "%d] not o_termios_locked for (%s)\n",
2453 idx, tty->name);
2454 return;
2455 }
2456 if (o_tty->link != tty) {
2457 printk(KERN_DEBUG "release_dev: bad pty pointers\n");
2458 return;
2459 }
2460 }
2461#endif
2462 if (tty->ops->close)
2463 tty->ops->close(tty, filp);
2464
2465 /*
2466 * Sanity check: if tty->count is going to zero, there shouldn't be
2467 * any waiters on tty->read_wait or tty->write_wait. We test the
2468 * wait queues and kick everyone out _before_ actually starting to
2469 * close. This ensures that we won't block while releasing the tty
2470 * structure.
2471 *
2472 * The test for the o_tty closing is necessary, since the master and
2473 * slave sides may close in any order. If the slave side closes out
2474 * first, its count will be one, since the master side holds an open.
2475 * Thus this test wouldn't be triggered at the time the slave closes,
2476 * so we do it now.
2477 *
2478 * Note that it's possible for the tty to be opened again while we're
2479 * flushing out waiters. By recalculating the closing flags before
2480 * each iteration we avoid any problems.
2481 */
2482 while (1) {
2483 /* Guard against races with tty->count changes elsewhere and
2484 opens on /dev/tty */
2485
2486 mutex_lock(&tty_mutex);
2487 tty_closing = tty->count <= 1;
2488 o_tty_closing = o_tty &&
2489 (o_tty->count <= (pty_master ? 1 : 0));
2490 do_sleep = 0;
2491
2492 if (tty_closing) {
2493 if (waitqueue_active(&tty->read_wait)) {
2494 wake_up(&tty->read_wait);
2495 do_sleep++;
2496 }
2497 if (waitqueue_active(&tty->write_wait)) {
2498 wake_up(&tty->write_wait);
2499 do_sleep++;
2500 }
2501 }
2502 if (o_tty_closing) {
2503 if (waitqueue_active(&o_tty->read_wait)) {
2504 wake_up(&o_tty->read_wait);
2505 do_sleep++;
2506 }
2507 if (waitqueue_active(&o_tty->write_wait)) {
2508 wake_up(&o_tty->write_wait);
2509 do_sleep++;
2510 }
2511 }
2512 if (!do_sleep)
2513 break;
2514
2515 printk(KERN_WARNING "release_dev: %s: read/write wait queue "
2516 "active!\n", tty_name(tty, buf));
2517 mutex_unlock(&tty_mutex);
2518 schedule();
2519 }
2520
2521 /*
2522 * The closing flags are now consistent with the open counts on
2523 * both sides, and we've completed the last operation that could
2524 * block, so it's safe to proceed with closing.
2525 */
2526 if (pty_master) {
2527 if (--o_tty->count < 0) {
2528 printk(KERN_WARNING "release_dev: bad pty slave count "
2529 "(%d) for %s\n",
2530 o_tty->count, tty_name(o_tty, buf));
2531 o_tty->count = 0;
2532 }
2533 }
2534 if (--tty->count < 0) {
2535 printk(KERN_WARNING "release_dev: bad tty->count (%d) for %s\n",
2536 tty->count, tty_name(tty, buf));
2537 tty->count = 0;
2538 }
2539
2540 /*
2541 * We've decremented tty->count, so we need to remove this file
2542 * descriptor off the tty->tty_files list; this serves two
2543 * purposes:
2544 * - check_tty_count sees the correct number of file descriptors
2545 * associated with this tty.
2546 * - do_tty_hangup no longer sees this file descriptor as
2547 * something that needs to be handled for hangups.
2548 */
2549 file_kill(filp);
2550 filp->private_data = NULL;
2551
2552 /*
2553 * Perform some housekeeping before deciding whether to return.
2554 *
2555 * Set the TTY_CLOSING flag if this was the last open. In the
2556 * case of a pty we may have to wait around for the other side
2557 * to close, and TTY_CLOSING makes sure we can't be reopened.
2558 */
2559 if (tty_closing)
2560 set_bit(TTY_CLOSING, &tty->flags);
2561 if (o_tty_closing)
2562 set_bit(TTY_CLOSING, &o_tty->flags);
2563
2564 /*
2565 * If _either_ side is closing, make sure there aren't any
2566 * processes that still think tty or o_tty is their controlling
2567 * tty.
2568 */
2569 if (tty_closing || o_tty_closing) {
2570 read_lock(&tasklist_lock);
2571 session_clear_tty(tty->session);
2572 if (o_tty)
2573 session_clear_tty(o_tty->session);
2574 read_unlock(&tasklist_lock);
2575 }
2576
2577 mutex_unlock(&tty_mutex);
2578
2579 /* check whether both sides are closing ... */
2580 if (!tty_closing || (o_tty && !o_tty_closing))
2581 return;
2582
2583#ifdef TTY_DEBUG_HANGUP
2584 printk(KERN_DEBUG "freeing tty structure...");
2585#endif
2586 /*
2587 * Prevent flush_to_ldisc() from rescheduling the work for later. Then
2588 * kill any delayed work. As this is the final close it does not
2589 * race with the set_ldisc code path.
2590 */
2591 clear_bit(TTY_LDISC, &tty->flags);
2592 cancel_delayed_work(&tty->buf.work);
2593
2594 /*
2595 * Wait for ->hangup_work and ->buf.work handlers to terminate
2596 */
2597
2598 flush_scheduled_work();
2599
2600 /*
2601 * Wait for any short term users (we know they are just driver
2602 * side waiters as the file is closing so user count on the file
2603 * side is zero.
2604 */
2605 spin_lock_irqsave(&tty_ldisc_lock, flags);
2606 while (tty->ldisc.refcount) {
2607 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
2608 wait_event(tty_ldisc_wait, tty->ldisc.refcount == 0);
2609 spin_lock_irqsave(&tty_ldisc_lock, flags);
2610 }
2611 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
2612 /*
2613 * Shutdown the current line discipline, and reset it to N_TTY.
2614 * N.B. why reset ldisc when we're releasing the memory??
2615 *
2616 * FIXME: this MUST get fixed for the new reflocking
2617 */
2618 if (tty->ldisc.close)
2619 (tty->ldisc.close)(tty);
2620 tty_ldisc_put(tty->ldisc.num);
2621
2622 /*
2623 * Switch the line discipline back
2624 */
2625 tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
2626 tty_set_termios_ldisc(tty, N_TTY);
2627 if (o_tty) {
2628 /* FIXME: could o_tty be in setldisc here ? */
2629 clear_bit(TTY_LDISC, &o_tty->flags);
2630 if (o_tty->ldisc.close)
2631 (o_tty->ldisc.close)(o_tty);
2632 tty_ldisc_put(o_tty->ldisc.num);
2633 tty_ldisc_assign(o_tty, tty_ldisc_get(N_TTY));
2634 tty_set_termios_ldisc(o_tty, N_TTY);
2635 }
2636 /*
2637 * The release_tty function takes care of the details of clearing
2638 * the slots and preserving the termios structure.
2639 */
2640 release_tty(tty, idx);
2641
2642#ifdef CONFIG_UNIX98_PTYS
2643 /* Make this pty number available for reallocation */
2644 if (devpts) {
2645 mutex_lock(&allocated_ptys_lock);
2646 idr_remove(&allocated_ptys, idx);
2647 mutex_unlock(&allocated_ptys_lock);
2648 }
2649#endif
2650
2651}
2652
2653/**
2654 * tty_open - open a tty device
2655 * @inode: inode of device file
2656 * @filp: file pointer to tty
2657 *
2658 * tty_open and tty_release keep up the tty count that contains the
2659 * number of opens done on a tty. We cannot use the inode-count, as
2660 * different inodes might point to the same tty.
2661 *
2662 * Open-counting is needed for pty masters, as well as for keeping
2663 * track of serial lines: DTR is dropped when the last close happens.
2664 * (This is not done solely through tty->count, now. - Ted 1/27/92)
2665 *
2666 * The termios state of a pty is reset on first open so that
2667 * settings don't persist across reuse.
2668 *
2669 * Locking: tty_mutex protects tty, get_tty_driver and init_dev work.
2670 * tty->count should protect the rest.
2671 * ->siglock protects ->signal/->sighand
2672 */
2673
2674static int tty_open(struct inode *inode, struct file *filp)
2675{
2676 struct tty_struct *tty;
2677 int noctty, retval;
2678 struct tty_driver *driver;
2679 int index;
2680 dev_t device = inode->i_rdev;
2681 unsigned short saved_flags = filp->f_flags;
2682
2683 nonseekable_open(inode, filp);
2684
2685retry_open:
2686 noctty = filp->f_flags & O_NOCTTY;
2687 index = -1;
2688 retval = 0;
2689
2690 mutex_lock(&tty_mutex);
2691
2692 if (device == MKDEV(TTYAUX_MAJOR, 0)) {
2693 tty = get_current_tty();
2694 if (!tty) {
2695 mutex_unlock(&tty_mutex);
2696 return -ENXIO;
2697 }
2698 driver = tty->driver;
2699 index = tty->index;
2700 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
2701 /* noctty = 1; */
2702 goto got_driver;
2703 }
2704#ifdef CONFIG_VT
2705 if (device == MKDEV(TTY_MAJOR, 0)) {
2706 extern struct tty_driver *console_driver;
2707 driver = console_driver;
2708 index = fg_console;
2709 noctty = 1;
2710 goto got_driver;
2711 }
2712#endif
2713 if (device == MKDEV(TTYAUX_MAJOR, 1)) {
2714 driver = console_device(&index);
2715 if (driver) {
2716 /* Don't let /dev/console block */
2717 filp->f_flags |= O_NONBLOCK;
2718 noctty = 1;
2719 goto got_driver;
2720 }
2721 mutex_unlock(&tty_mutex);
2722 return -ENODEV;
2723 }
2724
2725 driver = get_tty_driver(device, &index);
2726 if (!driver) {
2727 mutex_unlock(&tty_mutex);
2728 return -ENODEV;
2729 }
2730got_driver:
2731 retval = init_dev(driver, index, &tty);
2732 mutex_unlock(&tty_mutex);
2733 if (retval)
2734 return retval;
2735
2736 filp->private_data = tty;
2737 file_move(filp, &tty->tty_files);
2738 check_tty_count(tty, "tty_open");
2739 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2740 tty->driver->subtype == PTY_TYPE_MASTER)
2741 noctty = 1;
2742#ifdef TTY_DEBUG_HANGUP
2743 printk(KERN_DEBUG "opening %s...", tty->name);
2744#endif
2745 if (!retval) {
2746 if (tty->ops->open)
2747 retval = tty->ops->open(tty, filp);
2748 else
2749 retval = -ENODEV;
2750 }
2751 filp->f_flags = saved_flags;
2752
2753 if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) &&
2754 !capable(CAP_SYS_ADMIN))
2755 retval = -EBUSY;
2756
2757 if (retval) {
2758#ifdef TTY_DEBUG_HANGUP
2759 printk(KERN_DEBUG "error %d in opening %s...", retval,
2760 tty->name);
2761#endif
2762 release_dev(filp);
2763 if (retval != -ERESTARTSYS)
2764 return retval;
2765 if (signal_pending(current))
2766 return retval;
2767 schedule();
2768 /*
2769 * Need to reset f_op in case a hangup happened.
2770 */
2771 if (filp->f_op == &hung_up_tty_fops)
2772 filp->f_op = &tty_fops;
2773 goto retry_open;
2774 }
2775
2776 mutex_lock(&tty_mutex);
2777 spin_lock_irq(&current->sighand->siglock);
2778 if (!noctty &&
2779 current->signal->leader &&
2780 !current->signal->tty &&
2781 tty->session == NULL)
2782 __proc_set_tty(current, tty);
2783 spin_unlock_irq(&current->sighand->siglock);
2784 mutex_unlock(&tty_mutex);
2785 return 0;
2786}
2787
2788#ifdef CONFIG_UNIX98_PTYS
2789/**
2790 * ptmx_open - open a unix 98 pty master
2791 * @inode: inode of device file
2792 * @filp: file pointer to tty
2793 *
2794 * Allocate a unix98 pty master device from the ptmx driver.
2795 *
2796 * Locking: tty_mutex protects theinit_dev work. tty->count should
2797 * protect the rest.
2798 * allocated_ptys_lock handles the list of free pty numbers
2799 */
2800
2801static int ptmx_open(struct inode *inode, struct file *filp)
2802{
2803 struct tty_struct *tty;
2804 int retval;
2805 int index;
2806 int idr_ret;
2807
2808 nonseekable_open(inode, filp);
2809
2810 /* find a device that is not in use. */
2811 mutex_lock(&allocated_ptys_lock);
2812 if (!idr_pre_get(&allocated_ptys, GFP_KERNEL)) {
2813 mutex_unlock(&allocated_ptys_lock);
2814 return -ENOMEM;
2815 }
2816 idr_ret = idr_get_new(&allocated_ptys, NULL, &index);
2817 if (idr_ret < 0) {
2818 mutex_unlock(&allocated_ptys_lock);
2819 if (idr_ret == -EAGAIN)
2820 return -ENOMEM;
2821 return -EIO;
2822 }
2823 if (index >= pty_limit) {
2824 idr_remove(&allocated_ptys, index);
2825 mutex_unlock(&allocated_ptys_lock);
2826 return -EIO;
2827 }
2828 mutex_unlock(&allocated_ptys_lock);
2829
2830 mutex_lock(&tty_mutex);
2831 retval = init_dev(ptm_driver, index, &tty);
2832 mutex_unlock(&tty_mutex);
2833
2834 if (retval)
2835 goto out;
2836
2837 set_bit(TTY_PTY_LOCK, &tty->flags); /* LOCK THE SLAVE */
2838 filp->private_data = tty;
2839 file_move(filp, &tty->tty_files);
2840
2841 retval = devpts_pty_new(tty->link);
2842 if (retval)
2843 goto out1;
2844
2845 check_tty_count(tty, "ptmx_open");
2846 retval = ptm_driver->ops->open(tty, filp);
2847 if (!retval)
2848 return 0;
2849out1:
2850 release_dev(filp);
2851 return retval;
2852out:
2853 mutex_lock(&allocated_ptys_lock);
2854 idr_remove(&allocated_ptys, index);
2855 mutex_unlock(&allocated_ptys_lock);
2856 return retval;
2857}
2858#endif
2859
2860/**
2861 * tty_release - vfs callback for close
2862 * @inode: inode of tty
2863 * @filp: file pointer for handle to tty
2864 *
2865 * Called the last time each file handle is closed that references
2866 * this tty. There may however be several such references.
2867 *
2868 * Locking:
2869 * Takes bkl. See release_dev
2870 */
2871
2872static int tty_release(struct inode *inode, struct file *filp)
2873{
2874 lock_kernel();
2875 release_dev(filp);
2876 unlock_kernel();
2877 return 0;
2878}
2879
2880/**
2881 * tty_poll - check tty status
2882 * @filp: file being polled
2883 * @wait: poll wait structures to update
2884 *
2885 * Call the line discipline polling method to obtain the poll
2886 * status of the device.
2887 *
2888 * Locking: locks called line discipline but ldisc poll method
2889 * may be re-entered freely by other callers.
2890 */
2891
2892static unsigned int tty_poll(struct file *filp, poll_table *wait)
2893{
2894 struct tty_struct *tty;
2895 struct tty_ldisc *ld;
2896 int ret = 0;
2897
2898 tty = (struct tty_struct *)filp->private_data;
2899 if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_poll"))
2900 return 0;
2901
2902 ld = tty_ldisc_ref_wait(tty);
2903 if (ld->poll)
2904 ret = (ld->poll)(tty, filp, wait);
2905 tty_ldisc_deref(ld);
2906 return ret;
2907}
2908
2909static int tty_fasync(int fd, struct file *filp, int on)
2910{
2911 struct tty_struct *tty;
2912 unsigned long flags;
2913 int retval;
2914
2915 tty = (struct tty_struct *)filp->private_data;
2916 if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_fasync"))
2917 return 0;
2918
2919 retval = fasync_helper(fd, filp, on, &tty->fasync);
2920 if (retval <= 0)
2921 return retval;
2922
2923 if (on) {
2924 enum pid_type type;
2925 struct pid *pid;
2926 if (!waitqueue_active(&tty->read_wait))
2927 tty->minimum_to_wake = 1;
2928 spin_lock_irqsave(&tty->ctrl_lock, flags);
2929 if (tty->pgrp) {
2930 pid = tty->pgrp;
2931 type = PIDTYPE_PGID;
2932 } else {
2933 pid = task_pid(current);
2934 type = PIDTYPE_PID;
2935 }
2936 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2937 retval = __f_setown(filp, pid, type, 0);
2938 if (retval)
2939 return retval;
2940 } else {
2941 if (!tty->fasync && !waitqueue_active(&tty->read_wait))
2942 tty->minimum_to_wake = N_TTY_BUF_SIZE;
2943 }
2944 return 0;
2945}
2946
2947/**
2948 * tiocsti - fake input character
2949 * @tty: tty to fake input into
2950 * @p: pointer to character
2951 *
2952 * Fake input to a tty device. Does the necessary locking and
2953 * input management.
2954 *
2955 * FIXME: does not honour flow control ??
2956 *
2957 * Locking:
2958 * Called functions take tty_ldisc_lock
2959 * current->signal->tty check is safe without locks
2960 *
2961 * FIXME: may race normal receive processing
2962 */
2963
2964static int tiocsti(struct tty_struct *tty, char __user *p)
2965{
2966 char ch, mbz = 0;
2967 struct tty_ldisc *ld;
2968
2969 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2970 return -EPERM;
2971 if (get_user(ch, p))
2972 return -EFAULT;
2973 ld = tty_ldisc_ref_wait(tty);
2974 ld->receive_buf(tty, &ch, &mbz, 1);
2975 tty_ldisc_deref(ld);
2976 return 0;
2977}
2978
2979/**
2980 * tiocgwinsz - implement window query ioctl
2981 * @tty; tty
2982 * @arg: user buffer for result
2983 *
2984 * Copies the kernel idea of the window size into the user buffer.
2985 *
2986 * Locking: tty->termios_mutex is taken to ensure the winsize data
2987 * is consistent.
2988 */
2989
2990static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2991{
2992 int err;
2993
2994 mutex_lock(&tty->termios_mutex);
2995 err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2996 mutex_unlock(&tty->termios_mutex);
2997
2998 return err ? -EFAULT: 0;
2999}
3000
3001/**
3002 * tiocswinsz - implement window size set ioctl
3003 * @tty; tty
3004 * @arg: user buffer for result
3005 *
3006 * Copies the user idea of the window size to the kernel. Traditionally
3007 * this is just advisory information but for the Linux console it
3008 * actually has driver level meaning and triggers a VC resize.
3009 *
3010 * Locking:
3011 * Called function use the console_sem is used to ensure we do
3012 * not try and resize the console twice at once.
3013 * The tty->termios_mutex is used to ensure we don't double
3014 * resize and get confused. Lock order - tty->termios_mutex before
3015 * console sem
3016 */
3017
3018static int tiocswinsz(struct tty_struct *tty, struct tty_struct *real_tty,
3019 struct winsize __user *arg)
3020{
3021 struct winsize tmp_ws;
3022 struct pid *pgrp, *rpgrp;
3023 unsigned long flags;
3024
3025 if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
3026 return -EFAULT;
3027
3028 mutex_lock(&tty->termios_mutex);
3029 if (!memcmp(&tmp_ws, &tty->winsize, sizeof(*arg)))
3030 goto done;
3031
3032#ifdef CONFIG_VT
3033 if (tty->driver->type == TTY_DRIVER_TYPE_CONSOLE) {
3034 if (vc_lock_resize(tty->driver_data, tmp_ws.ws_col,
3035 tmp_ws.ws_row)) {
3036 mutex_unlock(&tty->termios_mutex);
3037 return -ENXIO;
3038 }
3039 }
3040#endif
3041 /* Get the PID values and reference them so we can
3042 avoid holding the tty ctrl lock while sending signals */
3043 spin_lock_irqsave(&tty->ctrl_lock, flags);
3044 pgrp = get_pid(tty->pgrp);
3045 rpgrp = get_pid(real_tty->pgrp);
3046 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
3047
3048 if (pgrp)
3049 kill_pgrp(pgrp, SIGWINCH, 1);
3050 if (rpgrp != pgrp && rpgrp)
3051 kill_pgrp(rpgrp, SIGWINCH, 1);
3052
3053 put_pid(pgrp);
3054 put_pid(rpgrp);
3055
3056 tty->winsize = tmp_ws;
3057 real_tty->winsize = tmp_ws;
3058done:
3059 mutex_unlock(&tty->termios_mutex);
3060 return 0;
3061}
3062
3063/**
3064 * tioccons - allow admin to move logical console
3065 * @file: the file to become console
3066 *
3067 * Allow the adminstrator to move the redirected console device
3068 *
3069 * Locking: uses redirect_lock to guard the redirect information
3070 */
3071
3072static int tioccons(struct file *file)
3073{
3074 if (!capable(CAP_SYS_ADMIN))
3075 return -EPERM;
3076 if (file->f_op->write == redirected_tty_write) {
3077 struct file *f;
3078 spin_lock(&redirect_lock);
3079 f = redirect;
3080 redirect = NULL;
3081 spin_unlock(&redirect_lock);
3082 if (f)
3083 fput(f);
3084 return 0;
3085 }
3086 spin_lock(&redirect_lock);
3087 if (redirect) {
3088 spin_unlock(&redirect_lock);
3089 return -EBUSY;
3090 }
3091 get_file(file);
3092 redirect = file;
3093 spin_unlock(&redirect_lock);
3094 return 0;
3095}
3096
3097/**
3098 * fionbio - non blocking ioctl
3099 * @file: file to set blocking value
3100 * @p: user parameter
3101 *
3102 * Historical tty interfaces had a blocking control ioctl before
3103 * the generic functionality existed. This piece of history is preserved
3104 * in the expected tty API of posix OS's.
3105 *
3106 * Locking: none, the open fle handle ensures it won't go away.
3107 */
3108
3109static int fionbio(struct file *file, int __user *p)
3110{
3111 int nonblock;
3112
3113 if (get_user(nonblock, p))
3114 return -EFAULT;
3115
3116 /* file->f_flags is still BKL protected in the fs layer - vomit */
3117 lock_kernel();
3118 if (nonblock)
3119 file->f_flags |= O_NONBLOCK;
3120 else
3121 file->f_flags &= ~O_NONBLOCK;
3122 unlock_kernel();
3123 return 0;
3124}
3125
3126/**
3127 * tiocsctty - set controlling tty
3128 * @tty: tty structure
3129 * @arg: user argument
3130 *
3131 * This ioctl is used to manage job control. It permits a session
3132 * leader to set this tty as the controlling tty for the session.
3133 *
3134 * Locking:
3135 * Takes tty_mutex() to protect tty instance
3136 * Takes tasklist_lock internally to walk sessions
3137 * Takes ->siglock() when updating signal->tty
3138 */
3139
3140static int tiocsctty(struct tty_struct *tty, int arg)
3141{
3142 int ret = 0;
3143 if (current->signal->leader && (task_session(current) == tty->session))
3144 return ret;
3145
3146 mutex_lock(&tty_mutex);
3147 /*
3148 * The process must be a session leader and
3149 * not have a controlling tty already.
3150 */
3151 if (!current->signal->leader || current->signal->tty) {
3152 ret = -EPERM;
3153 goto unlock;
3154 }
3155
3156 if (tty->session) {
3157 /*
3158 * This tty is already the controlling
3159 * tty for another session group!
3160 */
3161 if (arg == 1 && capable(CAP_SYS_ADMIN)) {
3162 /*
3163 * Steal it away
3164 */
3165 read_lock(&tasklist_lock);
3166 session_clear_tty(tty->session);
3167 read_unlock(&tasklist_lock);
3168 } else {
3169 ret = -EPERM;
3170 goto unlock;
3171 }
3172 }
3173 proc_set_tty(current, tty);
3174unlock:
3175 mutex_unlock(&tty_mutex);
3176 return ret;
3177}
3178
3179/**
3180 * tty_get_pgrp - return a ref counted pgrp pid
3181 * @tty: tty to read
3182 *
3183 * Returns a refcounted instance of the pid struct for the process
3184 * group controlling the tty.
3185 */
3186
3187struct pid *tty_get_pgrp(struct tty_struct *tty)
3188{
3189 unsigned long flags;
3190 struct pid *pgrp;
3191
3192 spin_lock_irqsave(&tty->ctrl_lock, flags);
3193 pgrp = get_pid(tty->pgrp);
3194 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
3195
3196 return pgrp;
3197}
3198EXPORT_SYMBOL_GPL(tty_get_pgrp);
3199
3200/**
3201 * tiocgpgrp - get process group
3202 * @tty: tty passed by user
3203 * @real_tty: tty side of the tty pased by the user if a pty else the tty
3204 * @p: returned pid
3205 *
3206 * Obtain the process group of the tty. If there is no process group
3207 * return an error.
3208 *
3209 * Locking: none. Reference to current->signal->tty is safe.
3210 */
3211
3212static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3213{
3214 struct pid *pid;
3215 int ret;
3216 /*
3217 * (tty == real_tty) is a cheap way of
3218 * testing if the tty is NOT a master pty.
3219 */
3220 if (tty == real_tty && current->signal->tty != real_tty)
3221 return -ENOTTY;
3222 pid = tty_get_pgrp(real_tty);
3223 ret = put_user(pid_vnr(pid), p);
3224 put_pid(pid);
3225 return ret;
3226}
3227
3228/**
3229 * tiocspgrp - attempt to set process group
3230 * @tty: tty passed by user
3231 * @real_tty: tty side device matching tty passed by user
3232 * @p: pid pointer
3233 *
3234 * Set the process group of the tty to the session passed. Only
3235 * permitted where the tty session is our session.
3236 *
3237 * Locking: RCU, ctrl lock
3238 */
3239
3240static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3241{
3242 struct pid *pgrp;
3243 pid_t pgrp_nr;
3244 int retval = tty_check_change(real_tty);
3245 unsigned long flags;
3246
3247 if (retval == -EIO)
3248 return -ENOTTY;
3249 if (retval)
3250 return retval;
3251 if (!current->signal->tty ||
3252 (current->signal->tty != real_tty) ||
3253 (real_tty->session != task_session(current)))
3254 return -ENOTTY;
3255 if (get_user(pgrp_nr, p))
3256 return -EFAULT;
3257 if (pgrp_nr < 0)
3258 return -EINVAL;
3259 rcu_read_lock();
3260 pgrp = find_vpid(pgrp_nr);
3261 retval = -ESRCH;
3262 if (!pgrp)
3263 goto out_unlock;
3264 retval = -EPERM;
3265 if (session_of_pgrp(pgrp) != task_session(current))
3266 goto out_unlock;
3267 retval = 0;
3268 spin_lock_irqsave(&tty->ctrl_lock, flags);
3269 put_pid(real_tty->pgrp);
3270 real_tty->pgrp = get_pid(pgrp);
3271 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
3272out_unlock:
3273 rcu_read_unlock();
3274 return retval;
3275}
3276
3277/**
3278 * tiocgsid - get session id
3279 * @tty: tty passed by user
3280 * @real_tty: tty side of the tty pased by the user if a pty else the tty
3281 * @p: pointer to returned session id
3282 *
3283 * Obtain the session id of the tty. If there is no session
3284 * return an error.
3285 *
3286 * Locking: none. Reference to current->signal->tty is safe.
3287 */
3288
3289static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3290{
3291 /*
3292 * (tty == real_tty) is a cheap way of
3293 * testing if the tty is NOT a master pty.
3294 */
3295 if (tty == real_tty && current->signal->tty != real_tty)
3296 return -ENOTTY;
3297 if (!real_tty->session)
3298 return -ENOTTY;
3299 return put_user(pid_vnr(real_tty->session), p);
3300}
3301
3302/**
3303 * tiocsetd - set line discipline
3304 * @tty: tty device
3305 * @p: pointer to user data
3306 *
3307 * Set the line discipline according to user request.
3308 *
3309 * Locking: see tty_set_ldisc, this function is just a helper
3310 */
3311
3312static int tiocsetd(struct tty_struct *tty, int __user *p)
3313{
3314 int ldisc;
3315 int ret;
3316
3317 if (get_user(ldisc, p))
3318 return -EFAULT;
3319
3320 lock_kernel();
3321 ret = tty_set_ldisc(tty, ldisc);
3322 unlock_kernel();
3323
3324 return ret;
3325}
3326
3327/**
3328 * send_break - performed time break
3329 * @tty: device to break on
3330 * @duration: timeout in mS
3331 *
3332 * Perform a timed break on hardware that lacks its own driver level
3333 * timed break functionality.
3334 *
3335 * Locking:
3336 * atomic_write_lock serializes
3337 *
3338 */
3339
3340static int send_break(struct tty_struct *tty, unsigned int duration)
3341{
3342 if (tty_write_lock(tty, 0) < 0)
3343 return -EINTR;
3344 tty->ops->break_ctl(tty, -1);
3345 if (!signal_pending(current))
3346 msleep_interruptible(duration);
3347 tty->ops->break_ctl(tty, 0);
3348 tty_write_unlock(tty);
3349 if (!signal_pending(current))
3350 return -EINTR;
3351 return 0;
3352}
3353
3354/**
3355 * tty_tiocmget - get modem status
3356 * @tty: tty device
3357 * @file: user file pointer
3358 * @p: pointer to result
3359 *
3360 * Obtain the modem status bits from the tty driver if the feature
3361 * is supported. Return -EINVAL if it is not available.
3362 *
3363 * Locking: none (up to the driver)
3364 */
3365
3366static int tty_tiocmget(struct tty_struct *tty, struct file *file, int __user *p)
3367{
3368 int retval = -EINVAL;
3369
3370 if (tty->ops->tiocmget) {
3371 retval = tty->ops->tiocmget(tty, file);
3372
3373 if (retval >= 0)
3374 retval = put_user(retval, p);
3375 }
3376 return retval;
3377}
3378
3379/**
3380 * tty_tiocmset - set modem status
3381 * @tty: tty device
3382 * @file: user file pointer
3383 * @cmd: command - clear bits, set bits or set all
3384 * @p: pointer to desired bits
3385 *
3386 * Set the modem status bits from the tty driver if the feature
3387 * is supported. Return -EINVAL if it is not available.
3388 *
3389 * Locking: none (up to the driver)
3390 */
3391
3392static int tty_tiocmset(struct tty_struct *tty, struct file *file, unsigned int cmd,
3393 unsigned __user *p)
3394{
3395 int retval = -EINVAL;
3396
3397 if (tty->ops->tiocmset) {
3398 unsigned int set, clear, val;
3399
3400 retval = get_user(val, p);
3401 if (retval)
3402 return retval;
3403
3404 set = clear = 0;
3405 switch (cmd) {
3406 case TIOCMBIS:
3407 set = val;
3408 break;
3409 case TIOCMBIC:
3410 clear = val;
3411 break;
3412 case TIOCMSET:
3413 set = val;
3414 clear = ~val;
3415 break;
3416 }
3417
3418 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
3419 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
3420
3421 retval = tty->ops->tiocmset(tty, file, set, clear);
3422 }
3423 return retval;
3424}
3425
3426/*
3427 * Split this up, as gcc can choke on it otherwise..
3428 */
3429long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
3430{
3431 struct tty_struct *tty, *real_tty;
3432 void __user *p = (void __user *)arg;
3433 int retval;
3434 struct tty_ldisc *ld;
3435 struct inode *inode = file->f_dentry->d_inode;
3436
3437 tty = (struct tty_struct *)file->private_data;
3438 if (tty_paranoia_check(tty, inode, "tty_ioctl"))
3439 return -EINVAL;
3440
3441 real_tty = tty;
3442 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
3443 tty->driver->subtype == PTY_TYPE_MASTER)
3444 real_tty = tty->link;
3445
3446 /*
3447 * Break handling by driver
3448 */
3449
3450 retval = -EINVAL;
3451
3452 if (!tty->ops->break_ctl) {
3453 switch (cmd) {
3454 case TIOCSBRK:
3455 case TIOCCBRK:
3456 if (tty->ops->ioctl)
3457 retval = tty->ops->ioctl(tty, file, cmd, arg);
3458 if (retval != -EINVAL && retval != -ENOIOCTLCMD)
3459 printk(KERN_WARNING "tty: driver %s needs updating to use break_ctl\n", tty->driver->name);
3460 return retval;
3461
3462 /* These two ioctl's always return success; even if */
3463 /* the driver doesn't support them. */
3464 case TCSBRK:
3465 case TCSBRKP:
3466 if (!tty->ops->ioctl)
3467 return 0;
3468 retval = tty->ops->ioctl(tty, file, cmd, arg);
3469 if (retval != -EINVAL && retval != -ENOIOCTLCMD)
3470 printk(KERN_WARNING "tty: driver %s needs updating to use break_ctl\n", tty->driver->name);
3471 if (retval == -ENOIOCTLCMD)
3472 retval = 0;
3473 return retval;
3474 }
3475 }
3476
3477 /*
3478 * Factor out some common prep work
3479 */
3480 switch (cmd) {
3481 case TIOCSETD:
3482 case TIOCSBRK:
3483 case TIOCCBRK:
3484 case TCSBRK:
3485 case TCSBRKP:
3486 retval = tty_check_change(tty);
3487 if (retval)
3488 return retval;
3489 if (cmd != TIOCCBRK) {
3490 tty_wait_until_sent(tty, 0);
3491 if (signal_pending(current))
3492 return -EINTR;
3493 }
3494 break;
3495 }
3496
3497 switch (cmd) {
3498 case TIOCSTI:
3499 return tiocsti(tty, p);
3500 case TIOCGWINSZ:
3501 return tiocgwinsz(tty, p);
3502 case TIOCSWINSZ:
3503 return tiocswinsz(tty, real_tty, p);
3504 case TIOCCONS:
3505 return real_tty != tty ? -EINVAL : tioccons(file);
3506 case FIONBIO:
3507 return fionbio(file, p);
3508 case TIOCEXCL:
3509 set_bit(TTY_EXCLUSIVE, &tty->flags);
3510 return 0;
3511 case TIOCNXCL:
3512 clear_bit(TTY_EXCLUSIVE, &tty->flags);
3513 return 0;
3514 case TIOCNOTTY:
3515 if (current->signal->tty != tty)
3516 return -ENOTTY;
3517 no_tty();
3518 return 0;
3519 case TIOCSCTTY:
3520 return tiocsctty(tty, arg);
3521 case TIOCGPGRP:
3522 return tiocgpgrp(tty, real_tty, p);
3523 case TIOCSPGRP:
3524 return tiocspgrp(tty, real_tty, p);
3525 case TIOCGSID:
3526 return tiocgsid(tty, real_tty, p);
3527 case TIOCGETD:
3528 return put_user(tty->ldisc.num, (int __user *)p);
3529 case TIOCSETD:
3530 return tiocsetd(tty, p);
3531#ifdef CONFIG_VT
3532 case TIOCLINUX:
3533 return tioclinux(tty, arg);
3534#endif
3535 /*
3536 * Break handling
3537 */
3538 case TIOCSBRK: /* Turn break on, unconditionally */
3539 if (tty->ops->break_ctl)
3540 tty->ops->break_ctl(tty, -1);
3541 return 0;
3542
3543 case TIOCCBRK: /* Turn break off, unconditionally */
3544 if (tty->ops->break_ctl)
3545 tty->ops->break_ctl(tty, 0);
3546 return 0;
3547 case TCSBRK: /* SVID version: non-zero arg --> no break */
3548 /* non-zero arg means wait for all output data
3549 * to be sent (performed above) but don't send break.
3550 * This is used by the tcdrain() termios function.
3551 */
3552 if (!arg)
3553 return send_break(tty, 250);
3554 return 0;
3555 case TCSBRKP: /* support for POSIX tcsendbreak() */
3556 return send_break(tty, arg ? arg*100 : 250);
3557
3558 case TIOCMGET:
3559 return tty_tiocmget(tty, file, p);
3560 case TIOCMSET:
3561 case TIOCMBIC:
3562 case TIOCMBIS:
3563 return tty_tiocmset(tty, file, cmd, p);
3564 case TCFLSH:
3565 switch (arg) {
3566 case TCIFLUSH:
3567 case TCIOFLUSH:
3568 /* flush tty buffer and allow ldisc to process ioctl */
3569 tty_buffer_flush(tty);
3570 break;
3571 }
3572 break;
3573 }
3574 if (tty->ops->ioctl) {
3575 retval = (tty->ops->ioctl)(tty, file, cmd, arg);
3576 if (retval != -ENOIOCTLCMD)
3577 return retval;
3578 }
3579 ld = tty_ldisc_ref_wait(tty);
3580 retval = -EINVAL;
3581 if (ld->ioctl) {
3582 retval = ld->ioctl(tty, file, cmd, arg);
3583 if (retval == -ENOIOCTLCMD)
3584 retval = -EINVAL;
3585 }
3586 tty_ldisc_deref(ld);
3587 return retval;
3588}
3589
3590#ifdef CONFIG_COMPAT
3591static long tty_compat_ioctl(struct file *file, unsigned int cmd,
3592 unsigned long arg)
3593{
3594 struct inode *inode = file->f_dentry->d_inode;
3595 struct tty_struct *tty = file->private_data;
3596 struct tty_ldisc *ld;
3597 int retval = -ENOIOCTLCMD;
3598
3599 if (tty_paranoia_check(tty, inode, "tty_ioctl"))
3600 return -EINVAL;
3601
3602 if (tty->ops->compat_ioctl) {
3603 retval = (tty->ops->compat_ioctl)(tty, file, cmd, arg);
3604 if (retval != -ENOIOCTLCMD)
3605 return retval;
3606 }
3607
3608 ld = tty_ldisc_ref_wait(tty);
3609 if (ld->compat_ioctl)
3610 retval = ld->compat_ioctl(tty, file, cmd, arg);
3611 tty_ldisc_deref(ld);
3612
3613 return retval;
3614}
3615#endif
3616
3617/*
3618 * This implements the "Secure Attention Key" --- the idea is to
3619 * prevent trojan horses by killing all processes associated with this
3620 * tty when the user hits the "Secure Attention Key". Required for
3621 * super-paranoid applications --- see the Orange Book for more details.
3622 *
3623 * This code could be nicer; ideally it should send a HUP, wait a few
3624 * seconds, then send a INT, and then a KILL signal. But you then
3625 * have to coordinate with the init process, since all processes associated
3626 * with the current tty must be dead before the new getty is allowed
3627 * to spawn.
3628 *
3629 * Now, if it would be correct ;-/ The current code has a nasty hole -
3630 * it doesn't catch files in flight. We may send the descriptor to ourselves
3631 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
3632 *
3633 * Nasty bug: do_SAK is being called in interrupt context. This can
3634 * deadlock. We punt it up to process context. AKPM - 16Mar2001
3635 */
3636void __do_SAK(struct tty_struct *tty)
3637{
3638#ifdef TTY_SOFT_SAK
3639 tty_hangup(tty);
3640#else
3641 struct task_struct *g, *p;
3642 struct pid *session;
3643 int i;
3644 struct file *filp;
3645 struct fdtable *fdt;
3646
3647 if (!tty)
3648 return;
3649 session = tty->session;
3650
3651 tty_ldisc_flush(tty);
3652
3653 tty_driver_flush_buffer(tty);
3654
3655 read_lock(&tasklist_lock);
3656 /* Kill the entire session */
3657 do_each_pid_task(session, PIDTYPE_SID, p) {
3658 printk(KERN_NOTICE "SAK: killed process %d"
3659 " (%s): task_session_nr(p)==tty->session\n",
3660 task_pid_nr(p), p->comm);
3661 send_sig(SIGKILL, p, 1);
3662 } while_each_pid_task(session, PIDTYPE_SID, p);
3663 /* Now kill any processes that happen to have the
3664 * tty open.
3665 */
3666 do_each_thread(g, p) {
3667 if (p->signal->tty == tty) {
3668 printk(KERN_NOTICE "SAK: killed process %d"
3669 " (%s): task_session_nr(p)==tty->session\n",
3670 task_pid_nr(p), p->comm);
3671 send_sig(SIGKILL, p, 1);
3672 continue;
3673 }
3674 task_lock(p);
3675 if (p->files) {
3676 /*
3677 * We don't take a ref to the file, so we must
3678 * hold ->file_lock instead.
3679 */
3680 spin_lock(&p->files->file_lock);
3681 fdt = files_fdtable(p->files);
3682 for (i = 0; i < fdt->max_fds; i++) {
3683 filp = fcheck_files(p->files, i);
3684 if (!filp)
3685 continue;
3686 if (filp->f_op->read == tty_read &&
3687 filp->private_data == tty) {
3688 printk(KERN_NOTICE "SAK: killed process %d"
3689 " (%s): fd#%d opened to the tty\n",
3690 task_pid_nr(p), p->comm, i);
3691 force_sig(SIGKILL, p);
3692 break;
3693 }
3694 }
3695 spin_unlock(&p->files->file_lock);
3696 }
3697 task_unlock(p);
3698 } while_each_thread(g, p);
3699 read_unlock(&tasklist_lock);
3700#endif
3701}
3702
3703static void do_SAK_work(struct work_struct *work)
3704{
3705 struct tty_struct *tty =
3706 container_of(work, struct tty_struct, SAK_work);
3707 __do_SAK(tty);
3708}
3709
3710/*
3711 * The tq handling here is a little racy - tty->SAK_work may already be queued.
3712 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3713 * the values which we write to it will be identical to the values which it
3714 * already has. --akpm
3715 */
3716void do_SAK(struct tty_struct *tty)
3717{
3718 if (!tty)
3719 return;
3720 schedule_work(&tty->SAK_work);
3721}
3722
3723EXPORT_SYMBOL(do_SAK);
3724
3725/**
3726 * flush_to_ldisc
3727 * @work: tty structure passed from work queue.
3728 *
3729 * This routine is called out of the software interrupt to flush data
3730 * from the buffer chain to the line discipline.
3731 *
3732 * Locking: holds tty->buf.lock to guard buffer list. Drops the lock
3733 * while invoking the line discipline receive_buf method. The
3734 * receive_buf method is single threaded for each tty instance.
3735 */
3736
3737static void flush_to_ldisc(struct work_struct *work)
3738{
3739 struct tty_struct *tty =
3740 container_of(work, struct tty_struct, buf.work.work);
3741 unsigned long flags;
3742 struct tty_ldisc *disc;
3743 struct tty_buffer *tbuf, *head;
3744 char *char_buf;
3745 unsigned char *flag_buf;
3746
3747 disc = tty_ldisc_ref(tty);
3748 if (disc == NULL) /* !TTY_LDISC */
3749 return;
3750
3751 spin_lock_irqsave(&tty->buf.lock, flags);
3752 /* So we know a flush is running */
3753 set_bit(TTY_FLUSHING, &tty->flags);
3754 head = tty->buf.head;
3755 if (head != NULL) {
3756 tty->buf.head = NULL;
3757 for (;;) {
3758 int count = head->commit - head->read;
3759 if (!count) {
3760 if (head->next == NULL)
3761 break;
3762 tbuf = head;
3763 head = head->next;
3764 tty_buffer_free(tty, tbuf);
3765 continue;
3766 }
3767 /* Ldisc or user is trying to flush the buffers
3768 we are feeding to the ldisc, stop feeding the
3769 line discipline as we want to empty the queue */
3770 if (test_bit(TTY_FLUSHPENDING, &tty->flags))
3771 break;
3772 if (!tty->receive_room) {
3773 schedule_delayed_work(&tty->buf.work, 1);
3774 break;
3775 }
3776 if (count > tty->receive_room)
3777 count = tty->receive_room;
3778 char_buf = head->char_buf_ptr + head->read;
3779 flag_buf = head->flag_buf_ptr + head->read;
3780 head->read += count;
3781 spin_unlock_irqrestore(&tty->buf.lock, flags);
3782 disc->receive_buf(tty, char_buf, flag_buf, count);
3783 spin_lock_irqsave(&tty->buf.lock, flags);
3784 }
3785 /* Restore the queue head */
3786 tty->buf.head = head;
3787 }
3788 /* We may have a deferred request to flush the input buffer,
3789 if so pull the chain under the lock and empty the queue */
3790 if (test_bit(TTY_FLUSHPENDING, &tty->flags)) {
3791 __tty_buffer_flush(tty);
3792 clear_bit(TTY_FLUSHPENDING, &tty->flags);
3793 wake_up(&tty->read_wait);
3794 }
3795 clear_bit(TTY_FLUSHING, &tty->flags);
3796 spin_unlock_irqrestore(&tty->buf.lock, flags);
3797
3798 tty_ldisc_deref(disc);
3799}
3800
3801/**
3802 * tty_flip_buffer_push - terminal
3803 * @tty: tty to push
3804 *
3805 * Queue a push of the terminal flip buffers to the line discipline. This
3806 * function must not be called from IRQ context if tty->low_latency is set.
3807 *
3808 * In the event of the queue being busy for flipping the work will be
3809 * held off and retried later.
3810 *
3811 * Locking: tty buffer lock. Driver locks in low latency mode.
3812 */
3813
3814void tty_flip_buffer_push(struct tty_struct *tty)
3815{
3816 unsigned long flags;
3817 spin_lock_irqsave(&tty->buf.lock, flags);
3818 if (tty->buf.tail != NULL)
3819 tty->buf.tail->commit = tty->buf.tail->used;
3820 spin_unlock_irqrestore(&tty->buf.lock, flags);
3821
3822 if (tty->low_latency)
3823 flush_to_ldisc(&tty->buf.work.work);
3824 else
3825 schedule_delayed_work(&tty->buf.work, 1);
3826}
3827
3828EXPORT_SYMBOL(tty_flip_buffer_push);
3829
3830
3831/**
3832 * initialize_tty_struct
3833 * @tty: tty to initialize
3834 *
3835 * This subroutine initializes a tty structure that has been newly
3836 * allocated.
3837 *
3838 * Locking: none - tty in question must not be exposed at this point
3839 */
3840
3841static void initialize_tty_struct(struct tty_struct *tty)
3842{
3843 memset(tty, 0, sizeof(struct tty_struct));
3844 tty->magic = TTY_MAGIC;
3845 tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
3846 tty->session = NULL;
3847 tty->pgrp = NULL;
3848 tty->overrun_time = jiffies;
3849 tty->buf.head = tty->buf.tail = NULL;
3850 tty_buffer_init(tty);
3851 INIT_DELAYED_WORK(&tty->buf.work, flush_to_ldisc);
3852 mutex_init(&tty->termios_mutex);
3853 init_waitqueue_head(&tty->write_wait);
3854 init_waitqueue_head(&tty->read_wait);
3855 INIT_WORK(&tty->hangup_work, do_tty_hangup);
3856 mutex_init(&tty->atomic_read_lock);
3857 mutex_init(&tty->atomic_write_lock);
3858 spin_lock_init(&tty->read_lock);
3859 spin_lock_init(&tty->ctrl_lock);
3860 INIT_LIST_HEAD(&tty->tty_files);
3861 INIT_WORK(&tty->SAK_work, do_SAK_work);
3862}
3863
3864/**
3865 * tty_put_char - write one character to a tty
3866 * @tty: tty
3867 * @ch: character
3868 *
3869 * Write one byte to the tty using the provided put_char method
3870 * if present. Returns the number of characters successfully output.
3871 *
3872 * Note: the specific put_char operation in the driver layer may go
3873 * away soon. Don't call it directly, use this method
3874 */
3875
3876int tty_put_char(struct tty_struct *tty, unsigned char ch)
3877{
3878 if (tty->ops->put_char)
3879 return tty->ops->put_char(tty, ch);
3880 return tty->ops->write(tty, &ch, 1);
3881}
3882
3883EXPORT_SYMBOL_GPL(tty_put_char);
3884
3885static struct class *tty_class;
3886
3887/**
3888 * tty_register_device - register a tty device
3889 * @driver: the tty driver that describes the tty device
3890 * @index: the index in the tty driver for this tty device
3891 * @device: a struct device that is associated with this tty device.
3892 * This field is optional, if there is no known struct device
3893 * for this tty device it can be set to NULL safely.
3894 *
3895 * Returns a pointer to the struct device for this tty device
3896 * (or ERR_PTR(-EFOO) on error).
3897 *
3898 * This call is required to be made to register an individual tty device
3899 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3900 * that bit is not set, this function should not be called by a tty
3901 * driver.
3902 *
3903 * Locking: ??
3904 */
3905
3906struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3907 struct device *device)
3908{
3909 char name[64];
3910 dev_t dev = MKDEV(driver->major, driver->minor_start) + index;
3911
3912 if (index >= driver->num) {
3913 printk(KERN_ERR "Attempt to register invalid tty line number "
3914 " (%d).\n", index);
3915 return ERR_PTR(-EINVAL);
3916 }
3917
3918 if (driver->type == TTY_DRIVER_TYPE_PTY)
3919 pty_line_name(driver, index, name);
3920 else
3921 tty_line_name(driver, index, name);
3922
3923 return device_create(tty_class, device, dev, name);
3924}
3925
3926/**
3927 * tty_unregister_device - unregister a tty device
3928 * @driver: the tty driver that describes the tty device
3929 * @index: the index in the tty driver for this tty device
3930 *
3931 * If a tty device is registered with a call to tty_register_device() then
3932 * this function must be called when the tty device is gone.
3933 *
3934 * Locking: ??
3935 */
3936
3937void tty_unregister_device(struct tty_driver *driver, unsigned index)
3938{
3939 device_destroy(tty_class,
3940 MKDEV(driver->major, driver->minor_start) + index);
3941}
3942
3943EXPORT_SYMBOL(tty_register_device);
3944EXPORT_SYMBOL(tty_unregister_device);
3945
3946struct tty_driver *alloc_tty_driver(int lines)
3947{
3948 struct tty_driver *driver;
3949
3950 driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL);
3951 if (driver) {
3952 driver->magic = TTY_DRIVER_MAGIC;
3953 driver->num = lines;
3954 /* later we'll move allocation of tables here */
3955 }
3956 return driver;
3957}
3958
3959void put_tty_driver(struct tty_driver *driver)
3960{
3961 kfree(driver);
3962}
3963
3964void tty_set_operations(struct tty_driver *driver,
3965 const struct tty_operations *op)
3966{
3967 driver->ops = op;
3968};
3969
3970EXPORT_SYMBOL(alloc_tty_driver);
3971EXPORT_SYMBOL(put_tty_driver);
3972EXPORT_SYMBOL(tty_set_operations);
3973
3974/*
3975 * Called by a tty driver to register itself.
3976 */
3977int tty_register_driver(struct tty_driver *driver)
3978{
3979 int error;
3980 int i;
3981 dev_t dev;
3982 void **p = NULL;
3983
3984 if (driver->flags & TTY_DRIVER_INSTALLED)
3985 return 0;
3986
3987 if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM) && driver->num) {
3988 p = kzalloc(driver->num * 3 * sizeof(void *), GFP_KERNEL);
3989 if (!p)
3990 return -ENOMEM;
3991 }
3992
3993 if (!driver->major) {
3994 error = alloc_chrdev_region(&dev, driver->minor_start,
3995 driver->num, driver->name);
3996 if (!error) {
3997 driver->major = MAJOR(dev);
3998 driver->minor_start = MINOR(dev);
3999 }
4000 } else {
4001 dev = MKDEV(driver->major, driver->minor_start);
4002 error = register_chrdev_region(dev, driver->num, driver->name);
4003 }
4004 if (error < 0) {
4005 kfree(p);
4006 return error;
4007 }
4008
4009 if (p) {
4010 driver->ttys = (struct tty_struct **)p;
4011 driver->termios = (struct ktermios **)(p + driver->num);
4012 driver->termios_locked = (struct ktermios **)
4013 (p + driver->num * 2);
4014 } else {
4015 driver->ttys = NULL;
4016 driver->termios = NULL;
4017 driver->termios_locked = NULL;
4018 }
4019
4020 cdev_init(&driver->cdev, &tty_fops);
4021 driver->cdev.owner = driver->owner;
4022 error = cdev_add(&driver->cdev, dev, driver->num);
4023 if (error) {
4024 unregister_chrdev_region(dev, driver->num);
4025 driver->ttys = NULL;
4026 driver->termios = driver->termios_locked = NULL;
4027 kfree(p);
4028 return error;
4029 }
4030
4031 mutex_lock(&tty_mutex);
4032 list_add(&driver->tty_drivers, &tty_drivers);
4033 mutex_unlock(&tty_mutex);
4034
4035 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
4036 for (i = 0; i < driver->num; i++)
4037 tty_register_device(driver, i, NULL);
4038 }
4039 proc_tty_register_driver(driver);
4040 return 0;
4041}
4042
4043EXPORT_SYMBOL(tty_register_driver);
4044
4045/*
4046 * Called by a tty driver to unregister itself.
4047 */
4048int tty_unregister_driver(struct tty_driver *driver)
4049{
4050 int i;
4051 struct ktermios *tp;
4052 void *p;
4053
4054 if (driver->refcount)
4055 return -EBUSY;
4056
4057 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
4058 driver->num);
4059 mutex_lock(&tty_mutex);
4060 list_del(&driver->tty_drivers);
4061 mutex_unlock(&tty_mutex);
4062
4063 /*
4064 * Free the termios and termios_locked structures because
4065 * we don't want to get memory leaks when modular tty
4066 * drivers are removed from the kernel.
4067 */
4068 for (i = 0; i < driver->num; i++) {
4069 tp = driver->termios[i];
4070 if (tp) {
4071 driver->termios[i] = NULL;
4072 kfree(tp);
4073 }
4074 tp = driver->termios_locked[i];
4075 if (tp) {
4076 driver->termios_locked[i] = NULL;
4077 kfree(tp);
4078 }
4079 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
4080 tty_unregister_device(driver, i);
4081 }
4082 p = driver->ttys;
4083 proc_tty_unregister_driver(driver);
4084 driver->ttys = NULL;
4085 driver->termios = driver->termios_locked = NULL;
4086 kfree(p);
4087 cdev_del(&driver->cdev);
4088 return 0;
4089}
4090EXPORT_SYMBOL(tty_unregister_driver);
4091
4092dev_t tty_devnum(struct tty_struct *tty)
4093{
4094 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
4095}
4096EXPORT_SYMBOL(tty_devnum);
4097
4098void proc_clear_tty(struct task_struct *p)
4099{
4100 spin_lock_irq(&p->sighand->siglock);
4101 p->signal->tty = NULL;
4102 spin_unlock_irq(&p->sighand->siglock);
4103}
4104EXPORT_SYMBOL(proc_clear_tty);
4105
4106/* Called under the sighand lock */
4107
4108static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
4109{
4110 if (tty) {
4111 unsigned long flags;
4112 /* We should not have a session or pgrp to put here but.... */
4113 spin_lock_irqsave(&tty->ctrl_lock, flags);
4114 put_pid(tty->session);
4115 put_pid(tty->pgrp);
4116 tty->pgrp = get_pid(task_pgrp(tsk));
4117 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
4118 tty->session = get_pid(task_session(tsk));
4119 }
4120 put_pid(tsk->signal->tty_old_pgrp);
4121 tsk->signal->tty = tty;
4122 tsk->signal->tty_old_pgrp = NULL;
4123}
4124
4125static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
4126{
4127 spin_lock_irq(&tsk->sighand->siglock);
4128 __proc_set_tty(tsk, tty);
4129 spin_unlock_irq(&tsk->sighand->siglock);
4130}
4131
4132struct tty_struct *get_current_tty(void)
4133{
4134 struct tty_struct *tty;
4135 WARN_ON_ONCE(!mutex_is_locked(&tty_mutex));
4136 tty = current->signal->tty;
4137 /*
4138 * session->tty can be changed/cleared from under us, make sure we
4139 * issue the load. The obtained pointer, when not NULL, is valid as
4140 * long as we hold tty_mutex.
4141 */
4142 barrier();
4143 return tty;
4144}
4145EXPORT_SYMBOL_GPL(get_current_tty);
4146
4147/*
4148 * Initialize the console device. This is called *early*, so
4149 * we can't necessarily depend on lots of kernel help here.
4150 * Just do some early initializations, and do the complex setup
4151 * later.
4152 */
4153void __init console_init(void)
4154{
4155 initcall_t *call;
4156
4157 /* Setup the default TTY line discipline. */
4158 (void) tty_register_ldisc(N_TTY, &tty_ldisc_N_TTY);
4159
4160 /*
4161 * set up the console device so that later boot sequences can
4162 * inform about problems etc..
4163 */
4164 call = __con_initcall_start;
4165 while (call < __con_initcall_end) {
4166 (*call)();
4167 call++;
4168 }
4169}
4170
4171static int __init tty_class_init(void)
4172{
4173 tty_class = class_create(THIS_MODULE, "tty");
4174 if (IS_ERR(tty_class))
4175 return PTR_ERR(tty_class);
4176 return 0;
4177}
4178
4179postcore_initcall(tty_class_init);
4180
4181/* 3/2004 jmc: why do these devices exist? */
4182
4183static struct cdev tty_cdev, console_cdev;
4184#ifdef CONFIG_UNIX98_PTYS
4185static struct cdev ptmx_cdev;
4186#endif
4187#ifdef CONFIG_VT
4188static struct cdev vc0_cdev;
4189#endif
4190
4191/*
4192 * Ok, now we can initialize the rest of the tty devices and can count
4193 * on memory allocations, interrupts etc..
4194 */
4195static int __init tty_init(void)
4196{
4197 cdev_init(&tty_cdev, &tty_fops);
4198 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
4199 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
4200 panic("Couldn't register /dev/tty driver\n");
4201 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), "tty");
4202
4203 cdev_init(&console_cdev, &console_fops);
4204 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
4205 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
4206 panic("Couldn't register /dev/console driver\n");
4207 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), "console");
4208
4209#ifdef CONFIG_UNIX98_PTYS
4210 cdev_init(&ptmx_cdev, &ptmx_fops);
4211 if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) ||
4212 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 2), 1, "/dev/ptmx") < 0)
4213 panic("Couldn't register /dev/ptmx driver\n");
4214 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 2), "ptmx");
4215#endif
4216
4217#ifdef CONFIG_VT
4218 cdev_init(&vc0_cdev, &console_fops);
4219 if (cdev_add(&vc0_cdev, MKDEV(TTY_MAJOR, 0), 1) ||
4220 register_chrdev_region(MKDEV(TTY_MAJOR, 0), 1, "/dev/vc/0") < 0)
4221 panic("Couldn't register /dev/tty0 driver\n");
4222 device_create(tty_class, NULL, MKDEV(TTY_MAJOR, 0), "tty0");
4223
4224 vty_init();
4225#endif
4226 return 0;
4227}
4228module_init(tty_init);
Linux 6.x block layer and io_uring tree(s)