projects / linux-2.6-block.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
tun: fasync BKL pushdown
[linux-2.6-block.git] / drivers / char / tty_io.c
... / ...
CommitLineData
1/*
2 * linux/drivers/char/tty_io.c
3 *
4 * Copyright (C) 1991, 1992 Linus Torvalds
5 */
6
7/*
8 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
9 * or rs-channels. It also implements echoing, cooked mode etc.
10 *
11 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
12 *
13 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
14 * tty_struct and tty_queue structures. Previously there was an array
15 * of 256 tty_struct's which was statically allocated, and the
16 * tty_queue structures were allocated at boot time. Both are now
17 * dynamically allocated only when the tty is open.
18 *
19 * Also restructured routines so that there is more of a separation
20 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
21 * the low-level tty routines (serial.c, pty.c, console.c). This
22 * makes for cleaner and more compact code. -TYT, 9/17/92
23 *
24 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
25 * which can be dynamically activated and de-activated by the line
26 * discipline handling modules (like SLIP).
27 *
28 * NOTE: pay no attention to the line discipline code (yet); its
29 * interface is still subject to change in this version...
30 * -- TYT, 1/31/92
31 *
32 * Added functionality to the OPOST tty handling. No delays, but all
33 * other bits should be there.
34 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
35 *
36 * Rewrote canonical mode and added more termios flags.
37 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
38 *
39 * Reorganized FASYNC support so mouse code can share it.
40 * -- ctm@ardi.com, 9Sep95
41 *
42 * New TIOCLINUX variants added.
43 * -- mj@k332.feld.cvut.cz, 19-Nov-95
44 *
45 * Restrict vt switching via ioctl()
46 * -- grif@cs.ucr.edu, 5-Dec-95
47 *
48 * Move console and virtual terminal code to more appropriate files,
49 * implement CONFIG_VT and generalize console device interface.
50 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
51 *
52 * Rewrote init_dev and release_dev to eliminate races.
53 * -- Bill Hawes <whawes@star.net>, June 97
54 *
55 * Added devfs support.
56 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
57 *
58 * Added support for a Unix98-style ptmx device.
59 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
60 *
61 * Reduced memory usage for older ARM systems
62 * -- Russell King <rmk@arm.linux.org.uk>
63 *
64 * Move do_SAK() into process context. Less stack use in devfs functions.
65 * alloc_tty_struct() always uses kmalloc()
66 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
67 */
68
69#include <linux/types.h>
70#include <linux/major.h>
71#include <linux/errno.h>
72#include <linux/signal.h>
73#include <linux/fcntl.h>
74#include <linux/sched.h>
75#include <linux/interrupt.h>
76#include <linux/tty.h>
77#include <linux/tty_driver.h>
78#include <linux/tty_flip.h>
79#include <linux/devpts_fs.h>
80#include <linux/file.h>
81#include <linux/fdtable.h>
82#include <linux/console.h>
83#include <linux/timer.h>
84#include <linux/ctype.h>
85#include <linux/kd.h>
86#include <linux/mm.h>
87#include <linux/string.h>
88#include <linux/slab.h>
89#include <linux/poll.h>
90#include <linux/proc_fs.h>
91#include <linux/init.h>
92#include <linux/module.h>
93#include <linux/smp_lock.h>
94#include <linux/device.h>
95#include <linux/wait.h>
96#include <linux/bitops.h>
97#include <linux/delay.h>
98
99#include <asm/uaccess.h>
100#include <asm/system.h>
101
102#include <linux/kbd_kern.h>
103#include <linux/vt_kern.h>
104#include <linux/selection.h>
105
106#include <linux/kmod.h>
107#include <linux/nsproxy.h>
108
109#undef TTY_DEBUG_HANGUP
110
111#define TTY_PARANOIA_CHECK 1
112#define CHECK_TTY_COUNT 1
113
114struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
115 .c_iflag = ICRNL | IXON,
116 .c_oflag = OPOST | ONLCR,
117 .c_cflag = B38400 | CS8 | CREAD | HUPCL,
118 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
119 ECHOCTL | ECHOKE | IEXTEN,
120 .c_cc = INIT_C_CC,
121 .c_ispeed = 38400,
122 .c_ospeed = 38400
123};
124
125EXPORT_SYMBOL(tty_std_termios);
126
127/* This list gets poked at by procfs and various bits of boot up code. This
128 could do with some rationalisation such as pulling the tty proc function
129 into this file */
130
131LIST_HEAD(tty_drivers); /* linked list of tty drivers */
132
133/* Mutex to protect creating and releasing a tty. This is shared with
134 vt.c for deeply disgusting hack reasons */
135DEFINE_MUTEX(tty_mutex);
136EXPORT_SYMBOL(tty_mutex);
137
138#ifdef CONFIG_UNIX98_PTYS
139extern struct tty_driver *ptm_driver; /* Unix98 pty masters; for /dev/ptmx */
140static int ptmx_open(struct inode *, struct file *);
141#endif
142
143static void initialize_tty_struct(struct tty_struct *tty);
144
145static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
146static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
147ssize_t redirected_tty_write(struct file *, const char __user *,
148 size_t, loff_t *);
149static unsigned int tty_poll(struct file *, poll_table *);
150static int tty_open(struct inode *, struct file *);
151static int tty_release(struct inode *, struct file *);
152long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
153#ifdef CONFIG_COMPAT
154static long tty_compat_ioctl(struct file *file, unsigned int cmd,
155 unsigned long arg);
156#else
157#define tty_compat_ioctl NULL
158#endif
159static int tty_fasync(int fd, struct file *filp, int on);
160static void release_tty(struct tty_struct *tty, int idx);
161static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
162static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
163
164/**
165 * alloc_tty_struct - allocate a tty object
166 *
167 * Return a new empty tty structure. The data fields have not
168 * been initialized in any way but has been zeroed
169 *
170 * Locking: none
171 */
172
173static struct tty_struct *alloc_tty_struct(void)
174{
175 return kzalloc(sizeof(struct tty_struct), GFP_KERNEL);
176}
177
178static void tty_buffer_free_all(struct tty_struct *);
179
180/**
181 * free_tty_struct - free a disused tty
182 * @tty: tty struct to free
183 *
184 * Free the write buffers, tty queue and tty memory itself.
185 *
186 * Locking: none. Must be called after tty is definitely unused
187 */
188
189static inline void free_tty_struct(struct tty_struct *tty)
190{
191 kfree(tty->write_buf);
192 tty_buffer_free_all(tty);
193 kfree(tty);
194}
195
196#define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
197
198/**
199 * tty_name - return tty naming
200 * @tty: tty structure
201 * @buf: buffer for output
202 *
203 * Convert a tty structure into a name. The name reflects the kernel
204 * naming policy and if udev is in use may not reflect user space
205 *
206 * Locking: none
207 */
208
209char *tty_name(struct tty_struct *tty, char *buf)
210{
211 if (!tty) /* Hmm. NULL pointer. That's fun. */
212 strcpy(buf, "NULL tty");
213 else
214 strcpy(buf, tty->name);
215 return buf;
216}
217
218EXPORT_SYMBOL(tty_name);
219
220int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
221 const char *routine)
222{
223#ifdef TTY_PARANOIA_CHECK
224 if (!tty) {
225 printk(KERN_WARNING
226 "null TTY for (%d:%d) in %s\n",
227 imajor(inode), iminor(inode), routine);
228 return 1;
229 }
230 if (tty->magic != TTY_MAGIC) {
231 printk(KERN_WARNING
232 "bad magic number for tty struct (%d:%d) in %s\n",
233 imajor(inode), iminor(inode), routine);
234 return 1;
235 }
236#endif
237 return 0;
238}
239
240static int check_tty_count(struct tty_struct *tty, const char *routine)
241{
242#ifdef CHECK_TTY_COUNT
243 struct list_head *p;
244 int count = 0;
245
246 file_list_lock();
247 list_for_each(p, &tty->tty_files) {
248 count++;
249 }
250 file_list_unlock();
251 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
252 tty->driver->subtype == PTY_TYPE_SLAVE &&
253 tty->link && tty->link->count)
254 count++;
255 if (tty->count != count) {
256 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
257 "!= #fd's(%d) in %s\n",
258 tty->name, tty->count, count, routine);
259 return count;
260 }
261#endif
262 return 0;
263}
264
265/*
266 * Tty buffer allocation management
267 */
268
269/**
270 * tty_buffer_free_all - free buffers used by a tty
271 * @tty: tty to free from
272 *
273 * Remove all the buffers pending on a tty whether queued with data
274 * or in the free ring. Must be called when the tty is no longer in use
275 *
276 * Locking: none
277 */
278
279static void tty_buffer_free_all(struct tty_struct *tty)
280{
281 struct tty_buffer *thead;
282 while ((thead = tty->buf.head) != NULL) {
283 tty->buf.head = thead->next;
284 kfree(thead);
285 }
286 while ((thead = tty->buf.free) != NULL) {
287 tty->buf.free = thead->next;
288 kfree(thead);
289 }
290 tty->buf.tail = NULL;
291 tty->buf.memory_used = 0;
292}
293
294/**
295 * tty_buffer_init - prepare a tty buffer structure
296 * @tty: tty to initialise
297 *
298 * Set up the initial state of the buffer management for a tty device.
299 * Must be called before the other tty buffer functions are used.
300 *
301 * Locking: none
302 */
303
304static void tty_buffer_init(struct tty_struct *tty)
305{
306 spin_lock_init(&tty->buf.lock);
307 tty->buf.head = NULL;
308 tty->buf.tail = NULL;
309 tty->buf.free = NULL;
310 tty->buf.memory_used = 0;
311}
312
313/**
314 * tty_buffer_alloc - allocate a tty buffer
315 * @tty: tty device
316 * @size: desired size (characters)
317 *
318 * Allocate a new tty buffer to hold the desired number of characters.
319 * Return NULL if out of memory or the allocation would exceed the
320 * per device queue
321 *
322 * Locking: Caller must hold tty->buf.lock
323 */
324
325static struct tty_buffer *tty_buffer_alloc(struct tty_struct *tty, size_t size)
326{
327 struct tty_buffer *p;
328
329 if (tty->buf.memory_used + size > 65536)
330 return NULL;
331 p = kmalloc(sizeof(struct tty_buffer) + 2 * size, GFP_ATOMIC);
332 if (p == NULL)
333 return NULL;
334 p->used = 0;
335 p->size = size;
336 p->next = NULL;
337 p->commit = 0;
338 p->read = 0;
339 p->char_buf_ptr = (char *)(p->data);
340 p->flag_buf_ptr = (unsigned char *)p->char_buf_ptr + size;
341 tty->buf.memory_used += size;
342 return p;
343}
344
345/**
346 * tty_buffer_free - free a tty buffer
347 * @tty: tty owning the buffer
348 * @b: the buffer to free
349 *
350 * Free a tty buffer, or add it to the free list according to our
351 * internal strategy
352 *
353 * Locking: Caller must hold tty->buf.lock
354 */
355
356static void tty_buffer_free(struct tty_struct *tty, struct tty_buffer *b)
357{
358 /* Dumb strategy for now - should keep some stats */
359 tty->buf.memory_used -= b->size;
360 WARN_ON(tty->buf.memory_used < 0);
361
362 if (b->size >= 512)
363 kfree(b);
364 else {
365 b->next = tty->buf.free;
366 tty->buf.free = b;
367 }
368}
369
370/**
371 * __tty_buffer_flush - flush full tty buffers
372 * @tty: tty to flush
373 *
374 * flush all the buffers containing receive data. Caller must
375 * hold the buffer lock and must have ensured no parallel flush to
376 * ldisc is running.
377 *
378 * Locking: Caller must hold tty->buf.lock
379 */
380
381static void __tty_buffer_flush(struct tty_struct *tty)
382{
383 struct tty_buffer *thead;
384
385 while ((thead = tty->buf.head) != NULL) {
386 tty->buf.head = thead->next;
387 tty_buffer_free(tty, thead);
388 }
389 tty->buf.tail = NULL;
390}
391
392/**
393 * tty_buffer_flush - flush full tty buffers
394 * @tty: tty to flush
395 *
396 * flush all the buffers containing receive data. If the buffer is
397 * being processed by flush_to_ldisc then we defer the processing
398 * to that function
399 *
400 * Locking: none
401 */
402
403static void tty_buffer_flush(struct tty_struct *tty)
404{
405 unsigned long flags;
406 spin_lock_irqsave(&tty->buf.lock, flags);
407
408 /* If the data is being pushed to the tty layer then we can't
409 process it here. Instead set a flag and the flush_to_ldisc
410 path will process the flush request before it exits */
411 if (test_bit(TTY_FLUSHING, &tty->flags)) {
412 set_bit(TTY_FLUSHPENDING, &tty->flags);
413 spin_unlock_irqrestore(&tty->buf.lock, flags);
414 wait_event(tty->read_wait,
415 test_bit(TTY_FLUSHPENDING, &tty->flags) == 0);
416 return;
417 } else
418 __tty_buffer_flush(tty);
419 spin_unlock_irqrestore(&tty->buf.lock, flags);
420}
421
422/**
423 * tty_buffer_find - find a free tty buffer
424 * @tty: tty owning the buffer
425 * @size: characters wanted
426 *
427 * Locate an existing suitable tty buffer or if we are lacking one then
428 * allocate a new one. We round our buffers off in 256 character chunks
429 * to get better allocation behaviour.
430 *
431 * Locking: Caller must hold tty->buf.lock
432 */
433
434static struct tty_buffer *tty_buffer_find(struct tty_struct *tty, size_t size)
435{
436 struct tty_buffer **tbh = &tty->buf.free;
437 while ((*tbh) != NULL) {
438 struct tty_buffer *t = *tbh;
439 if (t->size >= size) {
440 *tbh = t->next;
441 t->next = NULL;
442 t->used = 0;
443 t->commit = 0;
444 t->read = 0;
445 tty->buf.memory_used += t->size;
446 return t;
447 }
448 tbh = &((*tbh)->next);
449 }
450 /* Round the buffer size out */
451 size = (size + 0xFF) & ~0xFF;
452 return tty_buffer_alloc(tty, size);
453 /* Should possibly check if this fails for the largest buffer we
454 have queued and recycle that ? */
455}
456
457/**
458 * tty_buffer_request_room - grow tty buffer if needed
459 * @tty: tty structure
460 * @size: size desired
461 *
462 * Make at least size bytes of linear space available for the tty
463 * buffer. If we fail return the size we managed to find.
464 *
465 * Locking: Takes tty->buf.lock
466 */
467int tty_buffer_request_room(struct tty_struct *tty, size_t size)
468{
469 struct tty_buffer *b, *n;
470 int left;
471 unsigned long flags;
472
473 spin_lock_irqsave(&tty->buf.lock, flags);
474
475 /* OPTIMISATION: We could keep a per tty "zero" sized buffer to
476 remove this conditional if its worth it. This would be invisible
477 to the callers */
478 if ((b = tty->buf.tail) != NULL)
479 left = b->size - b->used;
480 else
481 left = 0;
482
483 if (left < size) {
484 /* This is the slow path - looking for new buffers to use */
485 if ((n = tty_buffer_find(tty, size)) != NULL) {
486 if (b != NULL) {
487 b->next = n;
488 b->commit = b->used;
489 } else
490 tty->buf.head = n;
491 tty->buf.tail = n;
492 } else
493 size = left;
494 }
495
496 spin_unlock_irqrestore(&tty->buf.lock, flags);
497 return size;
498}
499EXPORT_SYMBOL_GPL(tty_buffer_request_room);
500
501/**
502 * tty_insert_flip_string - Add characters to the tty buffer
503 * @tty: tty structure
504 * @chars: characters
505 * @size: size
506 *
507 * Queue a series of bytes to the tty buffering. All the characters
508 * passed are marked as without error. Returns the number added.
509 *
510 * Locking: Called functions may take tty->buf.lock
511 */
512
513int tty_insert_flip_string(struct tty_struct *tty, const unsigned char *chars,
514 size_t size)
515{
516 int copied = 0;
517 do {
518 int space = tty_buffer_request_room(tty, size - copied);
519 struct tty_buffer *tb = tty->buf.tail;
520 /* If there is no space then tb may be NULL */
521 if (unlikely(space == 0))
522 break;
523 memcpy(tb->char_buf_ptr + tb->used, chars, space);
524 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
525 tb->used += space;
526 copied += space;
527 chars += space;
528 /* There is a small chance that we need to split the data over
529 several buffers. If this is the case we must loop */
530 } while (unlikely(size > copied));
531 return copied;
532}
533EXPORT_SYMBOL(tty_insert_flip_string);
534
535/**
536 * tty_insert_flip_string_flags - Add characters to the tty buffer
537 * @tty: tty structure
538 * @chars: characters
539 * @flags: flag bytes
540 * @size: size
541 *
542 * Queue a series of bytes to the tty buffering. For each character
543 * the flags array indicates the status of the character. Returns the
544 * number added.
545 *
546 * Locking: Called functions may take tty->buf.lock
547 */
548
549int tty_insert_flip_string_flags(struct tty_struct *tty,
550 const unsigned char *chars, const char *flags, size_t size)
551{
552 int copied = 0;
553 do {
554 int space = tty_buffer_request_room(tty, size - copied);
555 struct tty_buffer *tb = tty->buf.tail;
556 /* If there is no space then tb may be NULL */
557 if (unlikely(space == 0))
558 break;
559 memcpy(tb->char_buf_ptr + tb->used, chars, space);
560 memcpy(tb->flag_buf_ptr + tb->used, flags, space);
561 tb->used += space;
562 copied += space;
563 chars += space;
564 flags += space;
565 /* There is a small chance that we need to split the data over
566 several buffers. If this is the case we must loop */
567 } while (unlikely(size > copied));
568 return copied;
569}
570EXPORT_SYMBOL(tty_insert_flip_string_flags);
571
572/**
573 * tty_schedule_flip - push characters to ldisc
574 * @tty: tty to push from
575 *
576 * Takes any pending buffers and transfers their ownership to the
577 * ldisc side of the queue. It then schedules those characters for
578 * processing by the line discipline.
579 *
580 * Locking: Takes tty->buf.lock
581 */
582
583void tty_schedule_flip(struct tty_struct *tty)
584{
585 unsigned long flags;
586 spin_lock_irqsave(&tty->buf.lock, flags);
587 if (tty->buf.tail != NULL)
588 tty->buf.tail->commit = tty->buf.tail->used;
589 spin_unlock_irqrestore(&tty->buf.lock, flags);
590 schedule_delayed_work(&tty->buf.work, 1);
591}
592EXPORT_SYMBOL(tty_schedule_flip);
593
594/**
595 * tty_prepare_flip_string - make room for characters
596 * @tty: tty
597 * @chars: return pointer for character write area
598 * @size: desired size
599 *
600 * Prepare a block of space in the buffer for data. Returns the length
601 * available and buffer pointer to the space which is now allocated and
602 * accounted for as ready for normal characters. This is used for drivers
603 * that need their own block copy routines into the buffer. There is no
604 * guarantee the buffer is a DMA target!
605 *
606 * Locking: May call functions taking tty->buf.lock
607 */
608
609int tty_prepare_flip_string(struct tty_struct *tty, unsigned char **chars,
610 size_t size)
611{
612 int space = tty_buffer_request_room(tty, size);
613 if (likely(space)) {
614 struct tty_buffer *tb = tty->buf.tail;
615 *chars = tb->char_buf_ptr + tb->used;
616 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
617 tb->used += space;
618 }
619 return space;
620}
621
622EXPORT_SYMBOL_GPL(tty_prepare_flip_string);
623
624/**
625 * tty_prepare_flip_string_flags - make room for characters
626 * @tty: tty
627 * @chars: return pointer for character write area
628 * @flags: return pointer for status flag write area
629 * @size: desired size
630 *
631 * Prepare a block of space in the buffer for data. Returns the length
632 * available and buffer pointer to the space which is now allocated and
633 * accounted for as ready for characters. This is used for drivers
634 * that need their own block copy routines into the buffer. There is no
635 * guarantee the buffer is a DMA target!
636 *
637 * Locking: May call functions taking tty->buf.lock
638 */
639
640int tty_prepare_flip_string_flags(struct tty_struct *tty,
641 unsigned char **chars, char **flags, size_t size)
642{
643 int space = tty_buffer_request_room(tty, size);
644 if (likely(space)) {
645 struct tty_buffer *tb = tty->buf.tail;
646 *chars = tb->char_buf_ptr + tb->used;
647 *flags = tb->flag_buf_ptr + tb->used;
648 tb->used += space;
649 }
650 return space;
651}
652
653EXPORT_SYMBOL_GPL(tty_prepare_flip_string_flags);
654
655
656
657/**
658 * tty_set_termios_ldisc - set ldisc field
659 * @tty: tty structure
660 * @num: line discipline number
661 *
662 * This is probably overkill for real world processors but
663 * they are not on hot paths so a little discipline won't do
664 * any harm.
665 *
666 * Locking: takes termios_mutex
667 */
668
669static void tty_set_termios_ldisc(struct tty_struct *tty, int num)
670{
671 mutex_lock(&tty->termios_mutex);
672 tty->termios->c_line = num;
673 mutex_unlock(&tty->termios_mutex);
674}
675
676/*
677 * This guards the refcounted line discipline lists. The lock
678 * must be taken with irqs off because there are hangup path
679 * callers who will do ldisc lookups and cannot sleep.
680 */
681
682static DEFINE_SPINLOCK(tty_ldisc_lock);
683static DECLARE_WAIT_QUEUE_HEAD(tty_ldisc_wait);
684/* Line disc dispatch table */
685static struct tty_ldisc tty_ldiscs[NR_LDISCS];
686
687/**
688 * tty_register_ldisc - install a line discipline
689 * @disc: ldisc number
690 * @new_ldisc: pointer to the ldisc object
691 *
692 * Installs a new line discipline into the kernel. The discipline
693 * is set up as unreferenced and then made available to the kernel
694 * from this point onwards.
695 *
696 * Locking:
697 * takes tty_ldisc_lock to guard against ldisc races
698 */
699
700int tty_register_ldisc(int disc, struct tty_ldisc *new_ldisc)
701{
702 unsigned long flags;
703 int ret = 0;
704
705 if (disc < N_TTY || disc >= NR_LDISCS)
706 return -EINVAL;
707
708 spin_lock_irqsave(&tty_ldisc_lock, flags);
709 tty_ldiscs[disc] = *new_ldisc;
710 tty_ldiscs[disc].num = disc;
711 tty_ldiscs[disc].flags |= LDISC_FLAG_DEFINED;
712 tty_ldiscs[disc].refcount = 0;
713 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
714
715 return ret;
716}
717EXPORT_SYMBOL(tty_register_ldisc);
718
719/**
720 * tty_unregister_ldisc - unload a line discipline
721 * @disc: ldisc number
722 * @new_ldisc: pointer to the ldisc object
723 *
724 * Remove a line discipline from the kernel providing it is not
725 * currently in use.
726 *
727 * Locking:
728 * takes tty_ldisc_lock to guard against ldisc races
729 */
730
731int tty_unregister_ldisc(int disc)
732{
733 unsigned long flags;
734 int ret = 0;
735
736 if (disc < N_TTY || disc >= NR_LDISCS)
737 return -EINVAL;
738
739 spin_lock_irqsave(&tty_ldisc_lock, flags);
740 if (tty_ldiscs[disc].refcount)
741 ret = -EBUSY;
742 else
743 tty_ldiscs[disc].flags &= ~LDISC_FLAG_DEFINED;
744 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
745
746 return ret;
747}
748EXPORT_SYMBOL(tty_unregister_ldisc);
749
750/**
751 * tty_ldisc_get - take a reference to an ldisc
752 * @disc: ldisc number
753 *
754 * Takes a reference to a line discipline. Deals with refcounts and
755 * module locking counts. Returns NULL if the discipline is not available.
756 * Returns a pointer to the discipline and bumps the ref count if it is
757 * available
758 *
759 * Locking:
760 * takes tty_ldisc_lock to guard against ldisc races
761 */
762
763struct tty_ldisc *tty_ldisc_get(int disc)
764{
765 unsigned long flags;
766 struct tty_ldisc *ld;
767
768 if (disc < N_TTY || disc >= NR_LDISCS)
769 return NULL;
770
771 spin_lock_irqsave(&tty_ldisc_lock, flags);
772
773 ld = &tty_ldiscs[disc];
774 /* Check the entry is defined */
775 if (ld->flags & LDISC_FLAG_DEFINED) {
776 /* If the module is being unloaded we can't use it */
777 if (!try_module_get(ld->owner))
778 ld = NULL;
779 else /* lock it */
780 ld->refcount++;
781 } else
782 ld = NULL;
783 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
784 return ld;
785}
786
787EXPORT_SYMBOL_GPL(tty_ldisc_get);
788
789/**
790 * tty_ldisc_put - drop ldisc reference
791 * @disc: ldisc number
792 *
793 * Drop a reference to a line discipline. Manage refcounts and
794 * module usage counts
795 *
796 * Locking:
797 * takes tty_ldisc_lock to guard against ldisc races
798 */
799
800void tty_ldisc_put(int disc)
801{
802 struct tty_ldisc *ld;
803 unsigned long flags;
804
805 BUG_ON(disc < N_TTY || disc >= NR_LDISCS);
806
807 spin_lock_irqsave(&tty_ldisc_lock, flags);
808 ld = &tty_ldiscs[disc];
809 BUG_ON(ld->refcount == 0);
810 ld->refcount--;
811 module_put(ld->owner);
812 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
813}
814
815EXPORT_SYMBOL_GPL(tty_ldisc_put);
816
817/**
818 * tty_ldisc_assign - set ldisc on a tty
819 * @tty: tty to assign
820 * @ld: line discipline
821 *
822 * Install an instance of a line discipline into a tty structure. The
823 * ldisc must have a reference count above zero to ensure it remains/
824 * The tty instance refcount starts at zero.
825 *
826 * Locking:
827 * Caller must hold references
828 */
829
830static void tty_ldisc_assign(struct tty_struct *tty, struct tty_ldisc *ld)
831{
832 tty->ldisc = *ld;
833 tty->ldisc.refcount = 0;
834}
835
836/**
837 * tty_ldisc_try - internal helper
838 * @tty: the tty
839 *
840 * Make a single attempt to grab and bump the refcount on
841 * the tty ldisc. Return 0 on failure or 1 on success. This is
842 * used to implement both the waiting and non waiting versions
843 * of tty_ldisc_ref
844 *
845 * Locking: takes tty_ldisc_lock
846 */
847
848static int tty_ldisc_try(struct tty_struct *tty)
849{
850 unsigned long flags;
851 struct tty_ldisc *ld;
852 int ret = 0;
853
854 spin_lock_irqsave(&tty_ldisc_lock, flags);
855 ld = &tty->ldisc;
856 if (test_bit(TTY_LDISC, &tty->flags)) {
857 ld->refcount++;
858 ret = 1;
859 }
860 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
861 return ret;
862}
863
864/**
865 * tty_ldisc_ref_wait - wait for the tty ldisc
866 * @tty: tty device
867 *
868 * Dereference the line discipline for the terminal and take a
869 * reference to it. If the line discipline is in flux then
870 * wait patiently until it changes.
871 *
872 * Note: Must not be called from an IRQ/timer context. The caller
873 * must also be careful not to hold other locks that will deadlock
874 * against a discipline change, such as an existing ldisc reference
875 * (which we check for)
876 *
877 * Locking: call functions take tty_ldisc_lock
878 */
879
880struct tty_ldisc *tty_ldisc_ref_wait(struct tty_struct *tty)
881{
882 /* wait_event is a macro */
883 wait_event(tty_ldisc_wait, tty_ldisc_try(tty));
884 if (tty->ldisc.refcount == 0)
885 printk(KERN_ERR "tty_ldisc_ref_wait\n");
886 return &tty->ldisc;
887}
888
889EXPORT_SYMBOL_GPL(tty_ldisc_ref_wait);
890
891/**
892 * tty_ldisc_ref - get the tty ldisc
893 * @tty: tty device
894 *
895 * Dereference the line discipline for the terminal and take a
896 * reference to it. If the line discipline is in flux then
897 * return NULL. Can be called from IRQ and timer functions.
898 *
899 * Locking: called functions take tty_ldisc_lock
900 */
901
902struct tty_ldisc *tty_ldisc_ref(struct tty_struct *tty)
903{
904 if (tty_ldisc_try(tty))
905 return &tty->ldisc;
906 return NULL;
907}
908
909EXPORT_SYMBOL_GPL(tty_ldisc_ref);
910
911/**
912 * tty_ldisc_deref - free a tty ldisc reference
913 * @ld: reference to free up
914 *
915 * Undoes the effect of tty_ldisc_ref or tty_ldisc_ref_wait. May
916 * be called in IRQ context.
917 *
918 * Locking: takes tty_ldisc_lock
919 */
920
921void tty_ldisc_deref(struct tty_ldisc *ld)
922{
923 unsigned long flags;
924
925 BUG_ON(ld == NULL);
926
927 spin_lock_irqsave(&tty_ldisc_lock, flags);
928 if (ld->refcount == 0)
929 printk(KERN_ERR "tty_ldisc_deref: no references.\n");
930 else
931 ld->refcount--;
932 if (ld->refcount == 0)
933 wake_up(&tty_ldisc_wait);
934 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
935}
936
937EXPORT_SYMBOL_GPL(tty_ldisc_deref);
938
939/**
940 * tty_ldisc_enable - allow ldisc use
941 * @tty: terminal to activate ldisc on
942 *
943 * Set the TTY_LDISC flag when the line discipline can be called
944 * again. Do necessary wakeups for existing sleepers.
945 *
946 * Note: nobody should set this bit except via this function. Clearing
947 * directly is allowed.
948 */
949
950static void tty_ldisc_enable(struct tty_struct *tty)
951{
952 set_bit(TTY_LDISC, &tty->flags);
953 wake_up(&tty_ldisc_wait);
954}
955
956/**
957 * tty_set_ldisc - set line discipline
958 * @tty: the terminal to set
959 * @ldisc: the line discipline
960 *
961 * Set the discipline of a tty line. Must be called from a process
962 * context.
963 *
964 * Locking: takes tty_ldisc_lock.
965 * called functions take termios_mutex
966 */
967
968static int tty_set_ldisc(struct tty_struct *tty, int ldisc)
969{
970 int retval = 0;
971 struct tty_ldisc o_ldisc;
972 char buf[64];
973 int work;
974 unsigned long flags;
975 struct tty_ldisc *ld;
976 struct tty_struct *o_tty;
977
978 if ((ldisc < N_TTY) || (ldisc >= NR_LDISCS))
979 return -EINVAL;
980
981restart:
982
983 ld = tty_ldisc_get(ldisc);
984 /* Eduardo Blanco <ejbs@cs.cs.com.uy> */
985 /* Cyrus Durgin <cider@speakeasy.org> */
986 if (ld == NULL) {
987 request_module("tty-ldisc-%d", ldisc);
988 ld = tty_ldisc_get(ldisc);
989 }
990 if (ld == NULL)
991 return -EINVAL;
992
993 /*
994 * Problem: What do we do if this blocks ?
995 */
996
997 tty_wait_until_sent(tty, 0);
998
999 if (tty->ldisc.num == ldisc) {
1000 tty_ldisc_put(ldisc);
1001 return 0;
1002 }
1003
1004 /*
1005 * No more input please, we are switching. The new ldisc
1006 * will update this value in the ldisc open function
1007 */
1008
1009 tty->receive_room = 0;
1010
1011 o_ldisc = tty->ldisc;
1012 o_tty = tty->link;
1013
1014 /*
1015 * Make sure we don't change while someone holds a
1016 * reference to the line discipline. The TTY_LDISC bit
1017 * prevents anyone taking a reference once it is clear.
1018 * We need the lock to avoid racing reference takers.
1019 */
1020
1021 spin_lock_irqsave(&tty_ldisc_lock, flags);
1022 if (tty->ldisc.refcount || (o_tty && o_tty->ldisc.refcount)) {
1023 if (tty->ldisc.refcount) {
1024 /* Free the new ldisc we grabbed. Must drop the lock
1025 first. */
1026 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1027 tty_ldisc_put(ldisc);
1028 /*
1029 * There are several reasons we may be busy, including
1030 * random momentary I/O traffic. We must therefore
1031 * retry. We could distinguish between blocking ops
1032 * and retries if we made tty_ldisc_wait() smarter.
1033 * That is up for discussion.
1034 */
1035 if (wait_event_interruptible(tty_ldisc_wait, tty->ldisc.refcount == 0) < 0)
1036 return -ERESTARTSYS;
1037 goto restart;
1038 }
1039 if (o_tty && o_tty->ldisc.refcount) {
1040 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1041 tty_ldisc_put(ldisc);
1042 if (wait_event_interruptible(tty_ldisc_wait, o_tty->ldisc.refcount == 0) < 0)
1043 return -ERESTARTSYS;
1044 goto restart;
1045 }
1046 }
1047 /*
1048 * If the TTY_LDISC bit is set, then we are racing against
1049 * another ldisc change
1050 */
1051 if (!test_bit(TTY_LDISC, &tty->flags)) {
1052 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1053 tty_ldisc_put(ldisc);
1054 ld = tty_ldisc_ref_wait(tty);
1055 tty_ldisc_deref(ld);
1056 goto restart;
1057 }
1058
1059 clear_bit(TTY_LDISC, &tty->flags);
1060 if (o_tty)
1061 clear_bit(TTY_LDISC, &o_tty->flags);
1062 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1063
1064 /*
1065 * From this point on we know nobody has an ldisc
1066 * usage reference, nor can they obtain one until
1067 * we say so later on.
1068 */
1069
1070 work = cancel_delayed_work(&tty->buf.work);
1071 /*
1072 * Wait for ->hangup_work and ->buf.work handlers to terminate
1073 */
1074 flush_scheduled_work();
1075 /* Shutdown the current discipline. */
1076 if (tty->ldisc.close)
1077 (tty->ldisc.close)(tty);
1078
1079 /* Now set up the new line discipline. */
1080 tty_ldisc_assign(tty, ld);
1081 tty_set_termios_ldisc(tty, ldisc);
1082 if (tty->ldisc.open)
1083 retval = (tty->ldisc.open)(tty);
1084 if (retval < 0) {
1085 tty_ldisc_put(ldisc);
1086 /* There is an outstanding reference here so this is safe */
1087 tty_ldisc_assign(tty, tty_ldisc_get(o_ldisc.num));
1088 tty_set_termios_ldisc(tty, tty->ldisc.num);
1089 if (tty->ldisc.open && (tty->ldisc.open(tty) < 0)) {
1090 tty_ldisc_put(o_ldisc.num);
1091 /* This driver is always present */
1092 tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
1093 tty_set_termios_ldisc(tty, N_TTY);
1094 if (tty->ldisc.open) {
1095 int r = tty->ldisc.open(tty);
1096
1097 if (r < 0)
1098 panic("Couldn't open N_TTY ldisc for "
1099 "%s --- error %d.",
1100 tty_name(tty, buf), r);
1101 }
1102 }
1103 }
1104 /* At this point we hold a reference to the new ldisc and a
1105 a reference to the old ldisc. If we ended up flipping back
1106 to the existing ldisc we have two references to it */
1107
1108 if (tty->ldisc.num != o_ldisc.num && tty->ops->set_ldisc)
1109 tty->ops->set_ldisc(tty);
1110
1111 tty_ldisc_put(o_ldisc.num);
1112
1113 /*
1114 * Allow ldisc referencing to occur as soon as the driver
1115 * ldisc callback completes.
1116 */
1117
1118 tty_ldisc_enable(tty);
1119 if (o_tty)
1120 tty_ldisc_enable(o_tty);
1121
1122 /* Restart it in case no characters kick it off. Safe if
1123 already running */
1124 if (work)
1125 schedule_delayed_work(&tty->buf.work, 1);
1126 return retval;
1127}
1128
1129/**
1130 * get_tty_driver - find device of a tty
1131 * @dev_t: device identifier
1132 * @index: returns the index of the tty
1133 *
1134 * This routine returns a tty driver structure, given a device number
1135 * and also passes back the index number.
1136 *
1137 * Locking: caller must hold tty_mutex
1138 */
1139
1140static struct tty_driver *get_tty_driver(dev_t device, int *index)
1141{
1142 struct tty_driver *p;
1143
1144 list_for_each_entry(p, &tty_drivers, tty_drivers) {
1145 dev_t base = MKDEV(p->major, p->minor_start);
1146 if (device < base || device >= base + p->num)
1147 continue;
1148 *index = device - base;
1149 return p;
1150 }
1151 return NULL;
1152}
1153
1154#ifdef CONFIG_CONSOLE_POLL
1155
1156/**
1157 * tty_find_polling_driver - find device of a polled tty
1158 * @name: name string to match
1159 * @line: pointer to resulting tty line nr
1160 *
1161 * This routine returns a tty driver structure, given a name
1162 * and the condition that the tty driver is capable of polled
1163 * operation.
1164 */
1165struct tty_driver *tty_find_polling_driver(char *name, int *line)
1166{
1167 struct tty_driver *p, *res = NULL;
1168 int tty_line = 0;
1169 char *str;
1170
1171 mutex_lock(&tty_mutex);
1172 /* Search through the tty devices to look for a match */
1173 list_for_each_entry(p, &tty_drivers, tty_drivers) {
1174 str = name + strlen(p->name);
1175 tty_line = simple_strtoul(str, &str, 10);
1176 if (*str == ',')
1177 str++;
1178 if (*str == '\0')
1179 str = NULL;
1180
1181 if (tty_line >= 0 && tty_line <= p->num && p->ops &&
1182 p->ops->poll_init && !p->ops->poll_init(p, tty_line, str)) {
1183 res = p;
1184 *line = tty_line;
1185 break;
1186 }
1187 }
1188 mutex_unlock(&tty_mutex);
1189
1190 return res;
1191}
1192EXPORT_SYMBOL_GPL(tty_find_polling_driver);
1193#endif
1194
1195/**
1196 * tty_check_change - check for POSIX terminal changes
1197 * @tty: tty to check
1198 *
1199 * If we try to write to, or set the state of, a terminal and we're
1200 * not in the foreground, send a SIGTTOU. If the signal is blocked or
1201 * ignored, go ahead and perform the operation. (POSIX 7.2)
1202 *
1203 * Locking: ctrl_lock
1204 */
1205
1206int tty_check_change(struct tty_struct *tty)
1207{
1208 unsigned long flags;
1209 int ret = 0;
1210
1211 if (current->signal->tty != tty)
1212 return 0;
1213
1214 spin_lock_irqsave(&tty->ctrl_lock, flags);
1215
1216 if (!tty->pgrp) {
1217 printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n");
1218 goto out_unlock;
1219 }
1220 if (task_pgrp(current) == tty->pgrp)
1221 goto out_unlock;
1222 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1223 if (is_ignored(SIGTTOU))
1224 goto out;
1225 if (is_current_pgrp_orphaned()) {
1226 ret = -EIO;
1227 goto out;
1228 }
1229 kill_pgrp(task_pgrp(current), SIGTTOU, 1);
1230 set_thread_flag(TIF_SIGPENDING);
1231 ret = -ERESTARTSYS;
1232out:
1233 return ret;
1234out_unlock:
1235 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1236 return ret;
1237}
1238
1239EXPORT_SYMBOL(tty_check_change);
1240
1241static ssize_t hung_up_tty_read(struct file *file, char __user *buf,
1242 size_t count, loff_t *ppos)
1243{
1244 return 0;
1245}
1246
1247static ssize_t hung_up_tty_write(struct file *file, const char __user *buf,
1248 size_t count, loff_t *ppos)
1249{
1250 return -EIO;
1251}
1252
1253/* No kernel lock held - none needed ;) */
1254static unsigned int hung_up_tty_poll(struct file *filp, poll_table *wait)
1255{
1256 return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
1257}
1258
1259static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
1260 unsigned long arg)
1261{
1262 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
1263}
1264
1265static long hung_up_tty_compat_ioctl(struct file *file,
1266 unsigned int cmd, unsigned long arg)
1267{
1268 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
1269}
1270
1271static const struct file_operations tty_fops = {
1272 .llseek = no_llseek,
1273 .read = tty_read,
1274 .write = tty_write,
1275 .poll = tty_poll,
1276 .unlocked_ioctl = tty_ioctl,
1277 .compat_ioctl = tty_compat_ioctl,
1278 .open = tty_open,
1279 .release = tty_release,
1280 .fasync = tty_fasync,
1281};
1282
1283#ifdef CONFIG_UNIX98_PTYS
1284static const struct file_operations ptmx_fops = {
1285 .llseek = no_llseek,
1286 .read = tty_read,
1287 .write = tty_write,
1288 .poll = tty_poll,
1289 .unlocked_ioctl = tty_ioctl,
1290 .compat_ioctl = tty_compat_ioctl,
1291 .open = ptmx_open,
1292 .release = tty_release,
1293 .fasync = tty_fasync,
1294};
1295#endif
1296
1297static const struct file_operations console_fops = {
1298 .llseek = no_llseek,
1299 .read = tty_read,
1300 .write = redirected_tty_write,
1301 .poll = tty_poll,
1302 .unlocked_ioctl = tty_ioctl,
1303 .compat_ioctl = tty_compat_ioctl,
1304 .open = tty_open,
1305 .release = tty_release,
1306 .fasync = tty_fasync,
1307};
1308
1309static const struct file_operations hung_up_tty_fops = {
1310 .llseek = no_llseek,
1311 .read = hung_up_tty_read,
1312 .write = hung_up_tty_write,
1313 .poll = hung_up_tty_poll,
1314 .unlocked_ioctl = hung_up_tty_ioctl,
1315 .compat_ioctl = hung_up_tty_compat_ioctl,
1316 .release = tty_release,
1317};
1318
1319static DEFINE_SPINLOCK(redirect_lock);
1320static struct file *redirect;
1321
1322/**
1323 * tty_wakeup - request more data
1324 * @tty: terminal
1325 *
1326 * Internal and external helper for wakeups of tty. This function
1327 * informs the line discipline if present that the driver is ready
1328 * to receive more output data.
1329 */
1330
1331void tty_wakeup(struct tty_struct *tty)
1332{
1333 struct tty_ldisc *ld;
1334
1335 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
1336 ld = tty_ldisc_ref(tty);
1337 if (ld) {
1338 if (ld->write_wakeup)
1339 ld->write_wakeup(tty);
1340 tty_ldisc_deref(ld);
1341 }
1342 }
1343 wake_up_interruptible(&tty->write_wait);
1344}
1345
1346EXPORT_SYMBOL_GPL(tty_wakeup);
1347
1348/**
1349 * tty_ldisc_flush - flush line discipline queue
1350 * @tty: tty
1351 *
1352 * Flush the line discipline queue (if any) for this tty. If there
1353 * is no line discipline active this is a no-op.
1354 */
1355
1356void tty_ldisc_flush(struct tty_struct *tty)
1357{
1358 struct tty_ldisc *ld = tty_ldisc_ref(tty);
1359 if (ld) {
1360 if (ld->flush_buffer)
1361 ld->flush_buffer(tty);
1362 tty_ldisc_deref(ld);
1363 }
1364 tty_buffer_flush(tty);
1365}
1366
1367EXPORT_SYMBOL_GPL(tty_ldisc_flush);
1368
1369/**
1370 * tty_reset_termios - reset terminal state
1371 * @tty: tty to reset
1372 *
1373 * Restore a terminal to the driver default state
1374 */
1375
1376static void tty_reset_termios(struct tty_struct *tty)
1377{
1378 mutex_lock(&tty->termios_mutex);
1379 *tty->termios = tty->driver->init_termios;
1380 tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
1381 tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
1382 mutex_unlock(&tty->termios_mutex);
1383}
1384
1385/**
1386 * do_tty_hangup - actual handler for hangup events
1387 * @work: tty device
1388 *
1389 * This can be called by the "eventd" kernel thread. That is process
1390 * synchronous but doesn't hold any locks, so we need to make sure we
1391 * have the appropriate locks for what we're doing.
1392 *
1393 * The hangup event clears any pending redirections onto the hung up
1394 * device. It ensures future writes will error and it does the needed
1395 * line discipline hangup and signal delivery. The tty object itself
1396 * remains intact.
1397 *
1398 * Locking:
1399 * BKL
1400 * redirect lock for undoing redirection
1401 * file list lock for manipulating list of ttys
1402 * tty_ldisc_lock from called functions
1403 * termios_mutex resetting termios data
1404 * tasklist_lock to walk task list for hangup event
1405 * ->siglock to protect ->signal/->sighand
1406 */
1407static void do_tty_hangup(struct work_struct *work)
1408{
1409 struct tty_struct *tty =
1410 container_of(work, struct tty_struct, hangup_work);
1411 struct file *cons_filp = NULL;
1412 struct file *filp, *f = NULL;
1413 struct task_struct *p;
1414 struct tty_ldisc *ld;
1415 int closecount = 0, n;
1416 unsigned long flags;
1417
1418 if (!tty)
1419 return;
1420
1421 /* inuse_filps is protected by the single kernel lock */
1422 lock_kernel();
1423
1424 spin_lock(&redirect_lock);
1425 if (redirect && redirect->private_data == tty) {
1426 f = redirect;
1427 redirect = NULL;
1428 }
1429 spin_unlock(&redirect_lock);
1430
1431 check_tty_count(tty, "do_tty_hangup");
1432 file_list_lock();
1433 /* This breaks for file handles being sent over AF_UNIX sockets ? */
1434 list_for_each_entry(filp, &tty->tty_files, f_u.fu_list) {
1435 if (filp->f_op->write == redirected_tty_write)
1436 cons_filp = filp;
1437 if (filp->f_op->write != tty_write)
1438 continue;
1439 closecount++;
1440 tty_fasync(-1, filp, 0); /* can't block */
1441 filp->f_op = &hung_up_tty_fops;
1442 }
1443 file_list_unlock();
1444 /*
1445 * FIXME! What are the locking issues here? This may me overdoing
1446 * things... This question is especially important now that we've
1447 * removed the irqlock.
1448 */
1449 ld = tty_ldisc_ref(tty);
1450 if (ld != NULL) {
1451 /* We may have no line discipline at this point */
1452 if (ld->flush_buffer)
1453 ld->flush_buffer(tty);
1454 tty_driver_flush_buffer(tty);
1455 if ((test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) &&
1456 ld->write_wakeup)
1457 ld->write_wakeup(tty);
1458 if (ld->hangup)
1459 ld->hangup(tty);
1460 }
1461 /*
1462 * FIXME: Once we trust the LDISC code better we can wait here for
1463 * ldisc completion and fix the driver call race
1464 */
1465 wake_up_interruptible(&tty->write_wait);
1466 wake_up_interruptible(&tty->read_wait);
1467 /*
1468 * Shutdown the current line discipline, and reset it to
1469 * N_TTY.
1470 */
1471 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1472 tty_reset_termios(tty);
1473 /* Defer ldisc switch */
1474 /* tty_deferred_ldisc_switch(N_TTY);
1475
1476 This should get done automatically when the port closes and
1477 tty_release is called */
1478
1479 read_lock(&tasklist_lock);
1480 if (tty->session) {
1481 do_each_pid_task(tty->session, PIDTYPE_SID, p) {
1482 spin_lock_irq(&p->sighand->siglock);
1483 if (p->signal->tty == tty)
1484 p->signal->tty = NULL;
1485 if (!p->signal->leader) {
1486 spin_unlock_irq(&p->sighand->siglock);
1487 continue;
1488 }
1489 __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
1490 __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
1491 put_pid(p->signal->tty_old_pgrp); /* A noop */
1492 spin_lock_irqsave(&tty->ctrl_lock, flags);
1493 if (tty->pgrp)
1494 p->signal->tty_old_pgrp = get_pid(tty->pgrp);
1495 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1496 spin_unlock_irq(&p->sighand->siglock);
1497 } while_each_pid_task(tty->session, PIDTYPE_SID, p);
1498 }
1499 read_unlock(&tasklist_lock);
1500
1501 spin_lock_irqsave(&tty->ctrl_lock, flags);
1502 tty->flags = 0;
1503 put_pid(tty->session);
1504 put_pid(tty->pgrp);
1505 tty->session = NULL;
1506 tty->pgrp = NULL;
1507 tty->ctrl_status = 0;
1508 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1509
1510 /*
1511 * If one of the devices matches a console pointer, we
1512 * cannot just call hangup() because that will cause
1513 * tty->count and state->count to go out of sync.
1514 * So we just call close() the right number of times.
1515 */
1516 if (cons_filp) {
1517 if (tty->ops->close)
1518 for (n = 0; n < closecount; n++)
1519 tty->ops->close(tty, cons_filp);
1520 } else if (tty->ops->hangup)
1521 (tty->ops->hangup)(tty);
1522 /*
1523 * We don't want to have driver/ldisc interactions beyond
1524 * the ones we did here. The driver layer expects no
1525 * calls after ->hangup() from the ldisc side. However we
1526 * can't yet guarantee all that.
1527 */
1528 set_bit(TTY_HUPPED, &tty->flags);
1529 if (ld) {
1530 tty_ldisc_enable(tty);
1531 tty_ldisc_deref(ld);
1532 }
1533 unlock_kernel();
1534 if (f)
1535 fput(f);
1536}
1537
1538/**
1539 * tty_hangup - trigger a hangup event
1540 * @tty: tty to hangup
1541 *
1542 * A carrier loss (virtual or otherwise) has occurred on this like
1543 * schedule a hangup sequence to run after this event.
1544 */
1545
1546void tty_hangup(struct tty_struct *tty)
1547{
1548#ifdef TTY_DEBUG_HANGUP
1549 char buf[64];
1550 printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
1551#endif
1552 schedule_work(&tty->hangup_work);
1553}
1554
1555EXPORT_SYMBOL(tty_hangup);
1556
1557/**
1558 * tty_vhangup - process vhangup
1559 * @tty: tty to hangup
1560 *
1561 * The user has asked via system call for the terminal to be hung up.
1562 * We do this synchronously so that when the syscall returns the process
1563 * is complete. That guarantee is necessary for security reasons.
1564 */
1565
1566void tty_vhangup(struct tty_struct *tty)
1567{
1568#ifdef TTY_DEBUG_HANGUP
1569 char buf[64];
1570
1571 printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
1572#endif
1573 do_tty_hangup(&tty->hangup_work);
1574}
1575
1576EXPORT_SYMBOL(tty_vhangup);
1577
1578/**
1579 * tty_hung_up_p - was tty hung up
1580 * @filp: file pointer of tty
1581 *
1582 * Return true if the tty has been subject to a vhangup or a carrier
1583 * loss
1584 */
1585
1586int tty_hung_up_p(struct file *filp)
1587{
1588 return (filp->f_op == &hung_up_tty_fops);
1589}
1590
1591EXPORT_SYMBOL(tty_hung_up_p);
1592
1593/**
1594 * is_tty - checker whether file is a TTY
1595 * @filp: file handle that may be a tty
1596 *
1597 * Check if the file handle is a tty handle.
1598 */
1599
1600int is_tty(struct file *filp)
1601{
1602 return filp->f_op->read == tty_read
1603 || filp->f_op->read == hung_up_tty_read;
1604}
1605
1606static void session_clear_tty(struct pid *session)
1607{
1608 struct task_struct *p;
1609 do_each_pid_task(session, PIDTYPE_SID, p) {
1610 proc_clear_tty(p);
1611 } while_each_pid_task(session, PIDTYPE_SID, p);
1612}
1613
1614/**
1615 * disassociate_ctty - disconnect controlling tty
1616 * @on_exit: true if exiting so need to "hang up" the session
1617 *
1618 * This function is typically called only by the session leader, when
1619 * it wants to disassociate itself from its controlling tty.
1620 *
1621 * It performs the following functions:
1622 * (1) Sends a SIGHUP and SIGCONT to the foreground process group
1623 * (2) Clears the tty from being controlling the session
1624 * (3) Clears the controlling tty for all processes in the
1625 * session group.
1626 *
1627 * The argument on_exit is set to 1 if called when a process is
1628 * exiting; it is 0 if called by the ioctl TIOCNOTTY.
1629 *
1630 * Locking:
1631 * BKL is taken for hysterical raisins
1632 * tty_mutex is taken to protect tty
1633 * ->siglock is taken to protect ->signal/->sighand
1634 * tasklist_lock is taken to walk process list for sessions
1635 * ->siglock is taken to protect ->signal/->sighand
1636 */
1637
1638void disassociate_ctty(int on_exit)
1639{
1640 struct tty_struct *tty;
1641 struct pid *tty_pgrp = NULL;
1642
1643
1644 mutex_lock(&tty_mutex);
1645 tty = get_current_tty();
1646 if (tty) {
1647 tty_pgrp = get_pid(tty->pgrp);
1648 mutex_unlock(&tty_mutex);
1649 lock_kernel();
1650 /* XXX: here we race, there is nothing protecting tty */
1651 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY)
1652 tty_vhangup(tty);
1653 unlock_kernel();
1654 } else if (on_exit) {
1655 struct pid *old_pgrp;
1656 spin_lock_irq(&current->sighand->siglock);
1657 old_pgrp = current->signal->tty_old_pgrp;
1658 current->signal->tty_old_pgrp = NULL;
1659 spin_unlock_irq(&current->sighand->siglock);
1660 if (old_pgrp) {
1661 kill_pgrp(old_pgrp, SIGHUP, on_exit);
1662 kill_pgrp(old_pgrp, SIGCONT, on_exit);
1663 put_pid(old_pgrp);
1664 }
1665 mutex_unlock(&tty_mutex);
1666 return;
1667 }
1668 if (tty_pgrp) {
1669 kill_pgrp(tty_pgrp, SIGHUP, on_exit);
1670 if (!on_exit)
1671 kill_pgrp(tty_pgrp, SIGCONT, on_exit);
1672 put_pid(tty_pgrp);
1673 }
1674
1675 spin_lock_irq(&current->sighand->siglock);
1676 put_pid(current->signal->tty_old_pgrp);
1677 current->signal->tty_old_pgrp = NULL;
1678 spin_unlock_irq(&current->sighand->siglock);
1679
1680 mutex_lock(&tty_mutex);
1681 /* It is possible that do_tty_hangup has free'd this tty */
1682 tty = get_current_tty();
1683 if (tty) {
1684 unsigned long flags;
1685 spin_lock_irqsave(&tty->ctrl_lock, flags);
1686 put_pid(tty->session);
1687 put_pid(tty->pgrp);
1688 tty->session = NULL;
1689 tty->pgrp = NULL;
1690 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1691 } else {
1692#ifdef TTY_DEBUG_HANGUP
1693 printk(KERN_DEBUG "error attempted to write to tty [0x%p]"
1694 " = NULL", tty);
1695#endif
1696 }
1697 mutex_unlock(&tty_mutex);
1698
1699 /* Now clear signal->tty under the lock */
1700 read_lock(&tasklist_lock);
1701 session_clear_tty(task_session(current));
1702 read_unlock(&tasklist_lock);
1703}
1704
1705/**
1706 *
1707 * no_tty - Ensure the current process does not have a controlling tty
1708 */
1709void no_tty(void)
1710{
1711 struct task_struct *tsk = current;
1712 lock_kernel();
1713 if (tsk->signal->leader)
1714 disassociate_ctty(0);
1715 unlock_kernel();
1716 proc_clear_tty(tsk);
1717}
1718
1719
1720/**
1721 * stop_tty - propagate flow control
1722 * @tty: tty to stop
1723 *
1724 * Perform flow control to the driver. For PTY/TTY pairs we
1725 * must also propagate the TIOCKPKT status. May be called
1726 * on an already stopped device and will not re-call the driver
1727 * method.
1728 *
1729 * This functionality is used by both the line disciplines for
1730 * halting incoming flow and by the driver. It may therefore be
1731 * called from any context, may be under the tty atomic_write_lock
1732 * but not always.
1733 *
1734 * Locking:
1735 * Uses the tty control lock internally
1736 */
1737
1738void stop_tty(struct tty_struct *tty)
1739{
1740 unsigned long flags;
1741 spin_lock_irqsave(&tty->ctrl_lock, flags);
1742 if (tty->stopped) {
1743 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1744 return;
1745 }
1746 tty->stopped = 1;
1747 if (tty->link && tty->link->packet) {
1748 tty->ctrl_status &= ~TIOCPKT_START;
1749 tty->ctrl_status |= TIOCPKT_STOP;
1750 wake_up_interruptible(&tty->link->read_wait);
1751 }
1752 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1753 if (tty->ops->stop)
1754 (tty->ops->stop)(tty);
1755}
1756
1757EXPORT_SYMBOL(stop_tty);
1758
1759/**
1760 * start_tty - propagate flow control
1761 * @tty: tty to start
1762 *
1763 * Start a tty that has been stopped if at all possible. Perform
1764 * any necessary wakeups and propagate the TIOCPKT status. If this
1765 * is the tty was previous stopped and is being started then the
1766 * driver start method is invoked and the line discipline woken.
1767 *
1768 * Locking:
1769 * ctrl_lock
1770 */
1771
1772void start_tty(struct tty_struct *tty)
1773{
1774 unsigned long flags;
1775 spin_lock_irqsave(&tty->ctrl_lock, flags);
1776 if (!tty->stopped || tty->flow_stopped) {
1777 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1778 return;
1779 }
1780 tty->stopped = 0;
1781 if (tty->link && tty->link->packet) {
1782 tty->ctrl_status &= ~TIOCPKT_STOP;
1783 tty->ctrl_status |= TIOCPKT_START;
1784 wake_up_interruptible(&tty->link->read_wait);
1785 }
1786 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1787 if (tty->ops->start)
1788 (tty->ops->start)(tty);
1789 /* If we have a running line discipline it may need kicking */
1790 tty_wakeup(tty);
1791}
1792
1793EXPORT_SYMBOL(start_tty);
1794
1795/**
1796 * tty_read - read method for tty device files
1797 * @file: pointer to tty file
1798 * @buf: user buffer
1799 * @count: size of user buffer
1800 * @ppos: unused
1801 *
1802 * Perform the read system call function on this terminal device. Checks
1803 * for hung up devices before calling the line discipline method.
1804 *
1805 * Locking:
1806 * Locks the line discipline internally while needed. Multiple
1807 * read calls may be outstanding in parallel.
1808 */
1809
1810static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
1811 loff_t *ppos)
1812{
1813 int i;
1814 struct tty_struct *tty;
1815 struct inode *inode;
1816 struct tty_ldisc *ld;
1817
1818 tty = (struct tty_struct *)file->private_data;
1819 inode = file->f_path.dentry->d_inode;
1820 if (tty_paranoia_check(tty, inode, "tty_read"))
1821 return -EIO;
1822 if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
1823 return -EIO;
1824
1825 /* We want to wait for the line discipline to sort out in this
1826 situation */
1827 ld = tty_ldisc_ref_wait(tty);
1828 if (ld->read)
1829 i = (ld->read)(tty, file, buf, count);
1830 else
1831 i = -EIO;
1832 tty_ldisc_deref(ld);
1833 if (i > 0)
1834 inode->i_atime = current_fs_time(inode->i_sb);
1835 return i;
1836}
1837
1838void tty_write_unlock(struct tty_struct *tty)
1839{
1840 mutex_unlock(&tty->atomic_write_lock);
1841 wake_up_interruptible(&tty->write_wait);
1842}
1843
1844int tty_write_lock(struct tty_struct *tty, int ndelay)
1845{
1846 if (!mutex_trylock(&tty->atomic_write_lock)) {
1847 if (ndelay)
1848 return -EAGAIN;
1849 if (mutex_lock_interruptible(&tty->atomic_write_lock))
1850 return -ERESTARTSYS;
1851 }
1852 return 0;
1853}
1854
1855/*
1856 * Split writes up in sane blocksizes to avoid
1857 * denial-of-service type attacks
1858 */
1859static inline ssize_t do_tty_write(
1860 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1861 struct tty_struct *tty,
1862 struct file *file,
1863 const char __user *buf,
1864 size_t count)
1865{
1866 ssize_t ret, written = 0;
1867 unsigned int chunk;
1868
1869 ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
1870 if (ret < 0)
1871 return ret;
1872
1873 /*
1874 * We chunk up writes into a temporary buffer. This
1875 * simplifies low-level drivers immensely, since they
1876 * don't have locking issues and user mode accesses.
1877 *
1878 * But if TTY_NO_WRITE_SPLIT is set, we should use a
1879 * big chunk-size..
1880 *
1881 * The default chunk-size is 2kB, because the NTTY
1882 * layer has problems with bigger chunks. It will
1883 * claim to be able to handle more characters than
1884 * it actually does.
1885 *
1886 * FIXME: This can probably go away now except that 64K chunks
1887 * are too likely to fail unless switched to vmalloc...
1888 */
1889 chunk = 2048;
1890 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1891 chunk = 65536;
1892 if (count < chunk)
1893 chunk = count;
1894
1895 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1896 if (tty->write_cnt < chunk) {
1897 unsigned char *buf;
1898
1899 if (chunk < 1024)
1900 chunk = 1024;
1901
1902 buf = kmalloc(chunk, GFP_KERNEL);
1903 if (!buf) {
1904 ret = -ENOMEM;
1905 goto out;
1906 }
1907 kfree(tty->write_buf);
1908 tty->write_cnt = chunk;
1909 tty->write_buf = buf;
1910 }
1911
1912 /* Do the write .. */
1913 for (;;) {
1914 size_t size = count;
1915 if (size > chunk)
1916 size = chunk;
1917 ret = -EFAULT;
1918 if (copy_from_user(tty->write_buf, buf, size))
1919 break;
1920 ret = write(tty, file, tty->write_buf, size);
1921 if (ret <= 0)
1922 break;
1923 written += ret;
1924 buf += ret;
1925 count -= ret;
1926 if (!count)
1927 break;
1928 ret = -ERESTARTSYS;
1929 if (signal_pending(current))
1930 break;
1931 cond_resched();
1932 }
1933 if (written) {
1934 struct inode *inode = file->f_path.dentry->d_inode;
1935 inode->i_mtime = current_fs_time(inode->i_sb);
1936 ret = written;
1937 }
1938out:
1939 tty_write_unlock(tty);
1940 return ret;
1941}
1942
1943
1944/**
1945 * tty_write - write method for tty device file
1946 * @file: tty file pointer
1947 * @buf: user data to write
1948 * @count: bytes to write
1949 * @ppos: unused
1950 *
1951 * Write data to a tty device via the line discipline.
1952 *
1953 * Locking:
1954 * Locks the line discipline as required
1955 * Writes to the tty driver are serialized by the atomic_write_lock
1956 * and are then processed in chunks to the device. The line discipline
1957 * write method will not be involked in parallel for each device
1958 * The line discipline write method is called under the big
1959 * kernel lock for historical reasons. New code should not rely on this.
1960 */
1961
1962static ssize_t tty_write(struct file *file, const char __user *buf,
1963 size_t count, loff_t *ppos)
1964{
1965 struct tty_struct *tty;
1966 struct inode *inode = file->f_path.dentry->d_inode;
1967 ssize_t ret;
1968 struct tty_ldisc *ld;
1969
1970 tty = (struct tty_struct *)file->private_data;
1971 if (tty_paranoia_check(tty, inode, "tty_write"))
1972 return -EIO;
1973 if (!tty || !tty->ops->write ||
1974 (test_bit(TTY_IO_ERROR, &tty->flags)))
1975 return -EIO;
1976 /* Short term debug to catch buggy drivers */
1977 if (tty->ops->write_room == NULL)
1978 printk(KERN_ERR "tty driver %s lacks a write_room method.\n",
1979 tty->driver->name);
1980 ld = tty_ldisc_ref_wait(tty);
1981 if (!ld->write)
1982 ret = -EIO;
1983 else
1984 ret = do_tty_write(ld->write, tty, file, buf, count);
1985 tty_ldisc_deref(ld);
1986 return ret;
1987}
1988
1989ssize_t redirected_tty_write(struct file *file, const char __user *buf,
1990 size_t count, loff_t *ppos)
1991{
1992 struct file *p = NULL;
1993
1994 spin_lock(&redirect_lock);
1995 if (redirect) {
1996 get_file(redirect);
1997 p = redirect;
1998 }
1999 spin_unlock(&redirect_lock);
2000
2001 if (p) {
2002 ssize_t res;
2003 res = vfs_write(p, buf, count, &p->f_pos);
2004 fput(p);
2005 return res;
2006 }
2007 return tty_write(file, buf, count, ppos);
2008}
2009
2010static char ptychar[] = "pqrstuvwxyzabcde";
2011
2012/**
2013 * pty_line_name - generate name for a pty
2014 * @driver: the tty driver in use
2015 * @index: the minor number
2016 * @p: output buffer of at least 6 bytes
2017 *
2018 * Generate a name from a driver reference and write it to the output
2019 * buffer.
2020 *
2021 * Locking: None
2022 */
2023static void pty_line_name(struct tty_driver *driver, int index, char *p)
2024{
2025 int i = index + driver->name_base;
2026 /* ->name is initialized to "ttyp", but "tty" is expected */
2027 sprintf(p, "%s%c%x",
2028 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
2029 ptychar[i >> 4 & 0xf], i & 0xf);
2030}
2031
2032/**
2033 * pty_line_name - generate name for a tty
2034 * @driver: the tty driver in use
2035 * @index: the minor number
2036 * @p: output buffer of at least 7 bytes
2037 *
2038 * Generate a name from a driver reference and write it to the output
2039 * buffer.
2040 *
2041 * Locking: None
2042 */
2043static void tty_line_name(struct tty_driver *driver, int index, char *p)
2044{
2045 sprintf(p, "%s%d", driver->name, index + driver->name_base);
2046}
2047
2048/**
2049 * init_dev - initialise a tty device
2050 * @driver: tty driver we are opening a device on
2051 * @idx: device index
2052 * @tty: returned tty structure
2053 *
2054 * Prepare a tty device. This may not be a "new" clean device but
2055 * could also be an active device. The pty drivers require special
2056 * handling because of this.
2057 *
2058 * Locking:
2059 * The function is called under the tty_mutex, which
2060 * protects us from the tty struct or driver itself going away.
2061 *
2062 * On exit the tty device has the line discipline attached and
2063 * a reference count of 1. If a pair was created for pty/tty use
2064 * and the other was a pty master then it too has a reference count of 1.
2065 *
2066 * WSH 06/09/97: Rewritten to remove races and properly clean up after a
2067 * failed open. The new code protects the open with a mutex, so it's
2068 * really quite straightforward. The mutex locking can probably be
2069 * relaxed for the (most common) case of reopening a tty.
2070 */
2071
2072static int init_dev(struct tty_driver *driver, int idx,
2073 struct tty_struct **ret_tty)
2074{
2075 struct tty_struct *tty, *o_tty;
2076 struct ktermios *tp, **tp_loc, *o_tp, **o_tp_loc;
2077 struct ktermios *ltp, **ltp_loc, *o_ltp, **o_ltp_loc;
2078 int retval = 0;
2079
2080 /* check whether we're reopening an existing tty */
2081 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
2082 tty = devpts_get_tty(idx);
2083 /*
2084 * If we don't have a tty here on a slave open, it's because
2085 * the master already started the close process and there's
2086 * no relation between devpts file and tty anymore.
2087 */
2088 if (!tty && driver->subtype == PTY_TYPE_SLAVE) {
2089 retval = -EIO;
2090 goto end_init;
2091 }
2092 /*
2093 * It's safe from now on because init_dev() is called with
2094 * tty_mutex held and release_dev() won't change tty->count
2095 * or tty->flags without having to grab tty_mutex
2096 */
2097 if (tty && driver->subtype == PTY_TYPE_MASTER)
2098 tty = tty->link;
2099 } else {
2100 tty = driver->ttys[idx];
2101 }
2102 if (tty) goto fast_track;
2103
2104 /*
2105 * First time open is complex, especially for PTY devices.
2106 * This code guarantees that either everything succeeds and the
2107 * TTY is ready for operation, or else the table slots are vacated
2108 * and the allocated memory released. (Except that the termios
2109 * and locked termios may be retained.)
2110 */
2111
2112 if (!try_module_get(driver->owner)) {
2113 retval = -ENODEV;
2114 goto end_init;
2115 }
2116
2117 o_tty = NULL;
2118 tp = o_tp = NULL;
2119 ltp = o_ltp = NULL;
2120
2121 tty = alloc_tty_struct();
2122 if (!tty)
2123 goto fail_no_mem;
2124 initialize_tty_struct(tty);
2125 tty->driver = driver;
2126 tty->ops = driver->ops;
2127 tty->index = idx;
2128 tty_line_name(driver, idx, tty->name);
2129
2130 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
2131 tp_loc = &tty->termios;
2132 ltp_loc = &tty->termios_locked;
2133 } else {
2134 tp_loc = &driver->termios[idx];
2135 ltp_loc = &driver->termios_locked[idx];
2136 }
2137
2138 if (!*tp_loc) {
2139 tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
2140 if (!tp)
2141 goto free_mem_out;
2142 *tp = driver->init_termios;
2143 }
2144
2145 if (!*ltp_loc) {
2146 ltp = kzalloc(sizeof(struct ktermios), GFP_KERNEL);
2147 if (!ltp)
2148 goto free_mem_out;
2149 }
2150
2151 if (driver->type == TTY_DRIVER_TYPE_PTY) {
2152 o_tty = alloc_tty_struct();
2153 if (!o_tty)
2154 goto free_mem_out;
2155 initialize_tty_struct(o_tty);
2156 o_tty->driver = driver->other;
2157 o_tty->ops = driver->ops;
2158 o_tty->index = idx;
2159 tty_line_name(driver->other, idx, o_tty->name);
2160
2161 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
2162 o_tp_loc = &o_tty->termios;
2163 o_ltp_loc = &o_tty->termios_locked;
2164 } else {
2165 o_tp_loc = &driver->other->termios[idx];
2166 o_ltp_loc = &driver->other->termios_locked[idx];
2167 }
2168
2169 if (!*o_tp_loc) {
2170 o_tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
2171 if (!o_tp)
2172 goto free_mem_out;
2173 *o_tp = driver->other->init_termios;
2174 }
2175
2176 if (!*o_ltp_loc) {
2177 o_ltp = kzalloc(sizeof(struct ktermios), GFP_KERNEL);
2178 if (!o_ltp)
2179 goto free_mem_out;
2180 }
2181
2182 /*
2183 * Everything allocated ... set up the o_tty structure.
2184 */
2185 if (!(driver->other->flags & TTY_DRIVER_DEVPTS_MEM))
2186 driver->other->ttys[idx] = o_tty;
2187 if (!*o_tp_loc)
2188 *o_tp_loc = o_tp;
2189 if (!*o_ltp_loc)
2190 *o_ltp_loc = o_ltp;
2191 o_tty->termios = *o_tp_loc;
2192 o_tty->termios_locked = *o_ltp_loc;
2193 driver->other->refcount++;
2194 if (driver->subtype == PTY_TYPE_MASTER)
2195 o_tty->count++;
2196
2197 /* Establish the links in both directions */
2198 tty->link = o_tty;
2199 o_tty->link = tty;
2200 }
2201
2202 /*
2203 * All structures have been allocated, so now we install them.
2204 * Failures after this point use release_tty to clean up, so
2205 * there's no need to null out the local pointers.
2206 */
2207 if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM))
2208 driver->ttys[idx] = tty;
2209
2210 if (!*tp_loc)
2211 *tp_loc = tp;
2212 if (!*ltp_loc)
2213 *ltp_loc = ltp;
2214 tty->termios = *tp_loc;
2215 tty->termios_locked = *ltp_loc;
2216 /* Compatibility until drivers always set this */
2217 tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
2218 tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
2219 driver->refcount++;
2220 tty->count++;
2221
2222 /*
2223 * Structures all installed ... call the ldisc open routines.
2224 * If we fail here just call release_tty to clean up. No need
2225 * to decrement the use counts, as release_tty doesn't care.
2226 */
2227
2228 if (tty->ldisc.open) {
2229 retval = (tty->ldisc.open)(tty);
2230 if (retval)
2231 goto release_mem_out;
2232 }
2233 if (o_tty && o_tty->ldisc.open) {
2234 retval = (o_tty->ldisc.open)(o_tty);
2235 if (retval) {
2236 if (tty->ldisc.close)
2237 (tty->ldisc.close)(tty);
2238 goto release_mem_out;
2239 }
2240 tty_ldisc_enable(o_tty);
2241 }
2242 tty_ldisc_enable(tty);
2243 goto success;
2244
2245 /*
2246 * This fast open can be used if the tty is already open.
2247 * No memory is allocated, and the only failures are from
2248 * attempting to open a closing tty or attempting multiple
2249 * opens on a pty master.
2250 */
2251fast_track:
2252 if (test_bit(TTY_CLOSING, &tty->flags)) {
2253 retval = -EIO;
2254 goto end_init;
2255 }
2256 if (driver->type == TTY_DRIVER_TYPE_PTY &&
2257 driver->subtype == PTY_TYPE_MASTER) {
2258 /*
2259 * special case for PTY masters: only one open permitted,
2260 * and the slave side open count is incremented as well.
2261 */
2262 if (tty->count) {
2263 retval = -EIO;
2264 goto end_init;
2265 }
2266 tty->link->count++;
2267 }
2268 tty->count++;
2269 tty->driver = driver; /* N.B. why do this every time?? */
2270
2271 /* FIXME */
2272 if (!test_bit(TTY_LDISC, &tty->flags))
2273 printk(KERN_ERR "init_dev but no ldisc\n");
2274success:
2275 *ret_tty = tty;
2276
2277 /* All paths come through here to release the mutex */
2278end_init:
2279 return retval;
2280
2281 /* Release locally allocated memory ... nothing placed in slots */
2282free_mem_out:
2283 kfree(o_tp);
2284 if (o_tty)
2285 free_tty_struct(o_tty);
2286 kfree(ltp);
2287 kfree(tp);
2288 free_tty_struct(tty);
2289
2290fail_no_mem:
2291 module_put(driver->owner);
2292 retval = -ENOMEM;
2293 goto end_init;
2294
2295 /* call the tty release_tty routine to clean out this slot */
2296release_mem_out:
2297 if (printk_ratelimit())
2298 printk(KERN_INFO "init_dev: ldisc open failed, "
2299 "clearing slot %d\n", idx);
2300 release_tty(tty, idx);
2301 goto end_init;
2302}
2303
2304/**
2305 * release_one_tty - release tty structure memory
2306 *
2307 * Releases memory associated with a tty structure, and clears out the
2308 * driver table slots. This function is called when a device is no longer
2309 * in use. It also gets called when setup of a device fails.
2310 *
2311 * Locking:
2312 * tty_mutex - sometimes only
2313 * takes the file list lock internally when working on the list
2314 * of ttys that the driver keeps.
2315 * FIXME: should we require tty_mutex is held here ??
2316 */
2317static void release_one_tty(struct tty_struct *tty, int idx)
2318{
2319 int devpts = tty->driver->flags & TTY_DRIVER_DEVPTS_MEM;
2320 struct ktermios *tp;
2321
2322 if (!devpts)
2323 tty->driver->ttys[idx] = NULL;
2324
2325 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
2326 tp = tty->termios;
2327 if (!devpts)
2328 tty->driver->termios[idx] = NULL;
2329 kfree(tp);
2330
2331 tp = tty->termios_locked;
2332 if (!devpts)
2333 tty->driver->termios_locked[idx] = NULL;
2334 kfree(tp);
2335 }
2336
2337
2338 tty->magic = 0;
2339 tty->driver->refcount--;
2340
2341 file_list_lock();
2342 list_del_init(&tty->tty_files);
2343 file_list_unlock();
2344
2345 free_tty_struct(tty);
2346}
2347
2348/**
2349 * release_tty - release tty structure memory
2350 *
2351 * Release both @tty and a possible linked partner (think pty pair),
2352 * and decrement the refcount of the backing module.
2353 *
2354 * Locking:
2355 * tty_mutex - sometimes only
2356 * takes the file list lock internally when working on the list
2357 * of ttys that the driver keeps.
2358 * FIXME: should we require tty_mutex is held here ??
2359 */
2360static void release_tty(struct tty_struct *tty, int idx)
2361{
2362 struct tty_driver *driver = tty->driver;
2363
2364 if (tty->link)
2365 release_one_tty(tty->link, idx);
2366 release_one_tty(tty, idx);
2367 module_put(driver->owner);
2368}
2369
2370/*
2371 * Even releasing the tty structures is a tricky business.. We have
2372 * to be very careful that the structures are all released at the
2373 * same time, as interrupts might otherwise get the wrong pointers.
2374 *
2375 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
2376 * lead to double frees or releasing memory still in use.
2377 */
2378static void release_dev(struct file *filp)
2379{
2380 struct tty_struct *tty, *o_tty;
2381 int pty_master, tty_closing, o_tty_closing, do_sleep;
2382 int devpts;
2383 int idx;
2384 char buf[64];
2385 unsigned long flags;
2386
2387 tty = (struct tty_struct *)filp->private_data;
2388 if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode,
2389 "release_dev"))
2390 return;
2391
2392 check_tty_count(tty, "release_dev");
2393
2394 tty_fasync(-1, filp, 0);
2395
2396 idx = tty->index;
2397 pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2398 tty->driver->subtype == PTY_TYPE_MASTER);
2399 devpts = (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) != 0;
2400 o_tty = tty->link;
2401
2402#ifdef TTY_PARANOIA_CHECK
2403 if (idx < 0 || idx >= tty->driver->num) {
2404 printk(KERN_DEBUG "release_dev: bad idx when trying to "
2405 "free (%s)\n", tty->name);
2406 return;
2407 }
2408 if (!(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2409 if (tty != tty->driver->ttys[idx]) {
2410 printk(KERN_DEBUG "release_dev: driver.table[%d] not tty "
2411 "for (%s)\n", idx, tty->name);
2412 return;
2413 }
2414 if (tty->termios != tty->driver->termios[idx]) {
2415 printk(KERN_DEBUG "release_dev: driver.termios[%d] not termios "
2416 "for (%s)\n",
2417 idx, tty->name);
2418 return;
2419 }
2420 if (tty->termios_locked != tty->driver->termios_locked[idx]) {
2421 printk(KERN_DEBUG "release_dev: driver.termios_locked[%d] not "
2422 "termios_locked for (%s)\n",
2423 idx, tty->name);
2424 return;
2425 }
2426 }
2427#endif
2428
2429#ifdef TTY_DEBUG_HANGUP
2430 printk(KERN_DEBUG "release_dev of %s (tty count=%d)...",
2431 tty_name(tty, buf), tty->count);
2432#endif
2433
2434#ifdef TTY_PARANOIA_CHECK
2435 if (tty->driver->other &&
2436 !(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2437 if (o_tty != tty->driver->other->ttys[idx]) {
2438 printk(KERN_DEBUG "release_dev: other->table[%d] "
2439 "not o_tty for (%s)\n",
2440 idx, tty->name);
2441 return;
2442 }
2443 if (o_tty->termios != tty->driver->other->termios[idx]) {
2444 printk(KERN_DEBUG "release_dev: other->termios[%d] "
2445 "not o_termios for (%s)\n",
2446 idx, tty->name);
2447 return;
2448 }
2449 if (o_tty->termios_locked !=
2450 tty->driver->other->termios_locked[idx]) {
2451 printk(KERN_DEBUG "release_dev: other->termios_locked["
2452 "%d] not o_termios_locked for (%s)\n",
2453 idx, tty->name);
2454 return;
2455 }
2456 if (o_tty->link != tty) {
2457 printk(KERN_DEBUG "release_dev: bad pty pointers\n");
2458 return;
2459 }
2460 }
2461#endif
2462 if (tty->ops->close)
2463 tty->ops->close(tty, filp);
2464
2465 /*
2466 * Sanity check: if tty->count is going to zero, there shouldn't be
2467 * any waiters on tty->read_wait or tty->write_wait. We test the
2468 * wait queues and kick everyone out _before_ actually starting to
2469 * close. This ensures that we won't block while releasing the tty
2470 * structure.
2471 *
2472 * The test for the o_tty closing is necessary, since the master and
2473 * slave sides may close in any order. If the slave side closes out
2474 * first, its count will be one, since the master side holds an open.
2475 * Thus this test wouldn't be triggered at the time the slave closes,
2476 * so we do it now.
2477 *
2478 * Note that it's possible for the tty to be opened again while we're
2479 * flushing out waiters. By recalculating the closing flags before
2480 * each iteration we avoid any problems.
2481 */
2482 while (1) {
2483 /* Guard against races with tty->count changes elsewhere and
2484 opens on /dev/tty */
2485
2486 mutex_lock(&tty_mutex);
2487 tty_closing = tty->count <= 1;
2488 o_tty_closing = o_tty &&
2489 (o_tty->count <= (pty_master ? 1 : 0));
2490 do_sleep = 0;
2491
2492 if (tty_closing) {
2493 if (waitqueue_active(&tty->read_wait)) {
2494 wake_up(&tty->read_wait);
2495 do_sleep++;
2496 }
2497 if (waitqueue_active(&tty->write_wait)) {
2498 wake_up(&tty->write_wait);
2499 do_sleep++;
2500 }
2501 }
2502 if (o_tty_closing) {
2503 if (waitqueue_active(&o_tty->read_wait)) {
2504 wake_up(&o_tty->read_wait);
2505 do_sleep++;
2506 }
2507 if (waitqueue_active(&o_tty->write_wait)) {
2508 wake_up(&o_tty->write_wait);
2509 do_sleep++;
2510 }
2511 }
2512 if (!do_sleep)
2513 break;
2514
2515 printk(KERN_WARNING "release_dev: %s: read/write wait queue "
2516 "active!\n", tty_name(tty, buf));
2517 mutex_unlock(&tty_mutex);
2518 schedule();
2519 }
2520
2521 /*
2522 * The closing flags are now consistent with the open counts on
2523 * both sides, and we've completed the last operation that could
2524 * block, so it's safe to proceed with closing.
2525 */
2526 if (pty_master) {
2527 if (--o_tty->count < 0) {
2528 printk(KERN_WARNING "release_dev: bad pty slave count "
2529 "(%d) for %s\n",
2530 o_tty->count, tty_name(o_tty, buf));
2531 o_tty->count = 0;
2532 }
2533 }
2534 if (--tty->count < 0) {
2535 printk(KERN_WARNING "release_dev: bad tty->count (%d) for %s\n",
2536 tty->count, tty_name(tty, buf));
2537 tty->count = 0;
2538 }
2539
2540 /*
2541 * We've decremented tty->count, so we need to remove this file
2542 * descriptor off the tty->tty_files list; this serves two
2543 * purposes:
2544 * - check_tty_count sees the correct number of file descriptors
2545 * associated with this tty.
2546 * - do_tty_hangup no longer sees this file descriptor as
2547 * something that needs to be handled for hangups.
2548 */
2549 file_kill(filp);
2550 filp->private_data = NULL;
2551
2552 /*
2553 * Perform some housekeeping before deciding whether to return.
2554 *
2555 * Set the TTY_CLOSING flag if this was the last open. In the
2556 * case of a pty we may have to wait around for the other side
2557 * to close, and TTY_CLOSING makes sure we can't be reopened.
2558 */
2559 if (tty_closing)
2560 set_bit(TTY_CLOSING, &tty->flags);
2561 if (o_tty_closing)
2562 set_bit(TTY_CLOSING, &o_tty->flags);
2563
2564 /*
2565 * If _either_ side is closing, make sure there aren't any
2566 * processes that still think tty or o_tty is their controlling
2567 * tty.
2568 */
2569 if (tty_closing || o_tty_closing) {
2570 read_lock(&tasklist_lock);
2571 session_clear_tty(tty->session);
2572 if (o_tty)
2573 session_clear_tty(o_tty->session);
2574 read_unlock(&tasklist_lock);
2575 }
2576
2577 mutex_unlock(&tty_mutex);
2578
2579 /* check whether both sides are closing ... */
2580 if (!tty_closing || (o_tty && !o_tty_closing))
2581 return;
2582
2583#ifdef TTY_DEBUG_HANGUP
2584 printk(KERN_DEBUG "freeing tty structure...");
2585#endif
2586 /*
2587 * Prevent flush_to_ldisc() from rescheduling the work for later. Then
2588 * kill any delayed work. As this is the final close it does not
2589 * race with the set_ldisc code path.
2590 */
2591 clear_bit(TTY_LDISC, &tty->flags);
2592 cancel_delayed_work(&tty->buf.work);
2593
2594 /*
2595 * Wait for ->hangup_work and ->buf.work handlers to terminate
2596 */
2597
2598 flush_scheduled_work();
2599
2600 /*
2601 * Wait for any short term users (we know they are just driver
2602 * side waiters as the file is closing so user count on the file
2603 * side is zero.
2604 */
2605 spin_lock_irqsave(&tty_ldisc_lock, flags);
2606 while (tty->ldisc.refcount) {
2607 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
2608 wait_event(tty_ldisc_wait, tty->ldisc.refcount == 0);
2609 spin_lock_irqsave(&tty_ldisc_lock, flags);
2610 }
2611 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
2612 /*
2613 * Shutdown the current line discipline, and reset it to N_TTY.
2614 * N.B. why reset ldisc when we're releasing the memory??
2615 *
2616 * FIXME: this MUST get fixed for the new reflocking
2617 */
2618 if (tty->ldisc.close)
2619 (tty->ldisc.close)(tty);
2620 tty_ldisc_put(tty->ldisc.num);
2621
2622 /*
2623 * Switch the line discipline back
2624 */
2625 tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
2626 tty_set_termios_ldisc(tty, N_TTY);
2627 if (o_tty) {
2628 /* FIXME: could o_tty be in setldisc here ? */
2629 clear_bit(TTY_LDISC, &o_tty->flags);
2630 if (o_tty->ldisc.close)
2631 (o_tty->ldisc.close)(o_tty);
2632 tty_ldisc_put(o_tty->ldisc.num);
2633 tty_ldisc_assign(o_tty, tty_ldisc_get(N_TTY));
2634 tty_set_termios_ldisc(o_tty, N_TTY);
2635 }
2636 /*
2637 * The release_tty function takes care of the details of clearing
2638 * the slots and preserving the termios structure.
2639 */
2640 release_tty(tty, idx);
2641
2642 /* Make this pty number available for reallocation */
2643 if (devpts)
2644 devpts_kill_index(idx);
2645}
2646
2647/**
2648 * tty_open - open a tty device
2649 * @inode: inode of device file
2650 * @filp: file pointer to tty
2651 *
2652 * tty_open and tty_release keep up the tty count that contains the
2653 * number of opens done on a tty. We cannot use the inode-count, as
2654 * different inodes might point to the same tty.
2655 *
2656 * Open-counting is needed for pty masters, as well as for keeping
2657 * track of serial lines: DTR is dropped when the last close happens.
2658 * (This is not done solely through tty->count, now. - Ted 1/27/92)
2659 *
2660 * The termios state of a pty is reset on first open so that
2661 * settings don't persist across reuse.
2662 *
2663 * Locking: tty_mutex protects tty, get_tty_driver and init_dev work.
2664 * tty->count should protect the rest.
2665 * ->siglock protects ->signal/->sighand
2666 */
2667
2668static int __tty_open(struct inode *inode, struct file *filp)
2669{
2670 struct tty_struct *tty;
2671 int noctty, retval;
2672 struct tty_driver *driver;
2673 int index;
2674 dev_t device = inode->i_rdev;
2675 unsigned short saved_flags = filp->f_flags;
2676
2677 nonseekable_open(inode, filp);
2678
2679retry_open:
2680 noctty = filp->f_flags & O_NOCTTY;
2681 index = -1;
2682 retval = 0;
2683
2684 mutex_lock(&tty_mutex);
2685
2686 if (device == MKDEV(TTYAUX_MAJOR, 0)) {
2687 tty = get_current_tty();
2688 if (!tty) {
2689 mutex_unlock(&tty_mutex);
2690 return -ENXIO;
2691 }
2692 driver = tty->driver;
2693 index = tty->index;
2694 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
2695 /* noctty = 1; */
2696 goto got_driver;
2697 }
2698#ifdef CONFIG_VT
2699 if (device == MKDEV(TTY_MAJOR, 0)) {
2700 extern struct tty_driver *console_driver;
2701 driver = console_driver;
2702 index = fg_console;
2703 noctty = 1;
2704 goto got_driver;
2705 }
2706#endif
2707 if (device == MKDEV(TTYAUX_MAJOR, 1)) {
2708 driver = console_device(&index);
2709 if (driver) {
2710 /* Don't let /dev/console block */
2711 filp->f_flags |= O_NONBLOCK;
2712 noctty = 1;
2713 goto got_driver;
2714 }
2715 mutex_unlock(&tty_mutex);
2716 return -ENODEV;
2717 }
2718
2719 driver = get_tty_driver(device, &index);
2720 if (!driver) {
2721 mutex_unlock(&tty_mutex);
2722 return -ENODEV;
2723 }
2724got_driver:
2725 retval = init_dev(driver, index, &tty);
2726 mutex_unlock(&tty_mutex);
2727 if (retval)
2728 return retval;
2729
2730 filp->private_data = tty;
2731 file_move(filp, &tty->tty_files);
2732 check_tty_count(tty, "tty_open");
2733 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2734 tty->driver->subtype == PTY_TYPE_MASTER)
2735 noctty = 1;
2736#ifdef TTY_DEBUG_HANGUP
2737 printk(KERN_DEBUG "opening %s...", tty->name);
2738#endif
2739 if (!retval) {
2740 if (tty->ops->open)
2741 retval = tty->ops->open(tty, filp);
2742 else
2743 retval = -ENODEV;
2744 }
2745 filp->f_flags = saved_flags;
2746
2747 if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) &&
2748 !capable(CAP_SYS_ADMIN))
2749 retval = -EBUSY;
2750
2751 if (retval) {
2752#ifdef TTY_DEBUG_HANGUP
2753 printk(KERN_DEBUG "error %d in opening %s...", retval,
2754 tty->name);
2755#endif
2756 release_dev(filp);
2757 if (retval != -ERESTARTSYS)
2758 return retval;
2759 if (signal_pending(current))
2760 return retval;
2761 schedule();
2762 /*
2763 * Need to reset f_op in case a hangup happened.
2764 */
2765 if (filp->f_op == &hung_up_tty_fops)
2766 filp->f_op = &tty_fops;
2767 goto retry_open;
2768 }
2769
2770 mutex_lock(&tty_mutex);
2771 spin_lock_irq(&current->sighand->siglock);
2772 if (!noctty &&
2773 current->signal->leader &&
2774 !current->signal->tty &&
2775 tty->session == NULL)
2776 __proc_set_tty(current, tty);
2777 spin_unlock_irq(&current->sighand->siglock);
2778 mutex_unlock(&tty_mutex);
2779 return 0;
2780}
2781
2782/* BKL pushdown: scary code avoidance wrapper */
2783static int tty_open(struct inode *inode, struct file *filp)
2784{
2785 int ret;
2786
2787 lock_kernel();
2788 ret = __tty_open(inode, filp);
2789 unlock_kernel();
2790 return ret;
2791}
2792
2793
2794
2795#ifdef CONFIG_UNIX98_PTYS
2796/**
2797 * ptmx_open - open a unix 98 pty master
2798 * @inode: inode of device file
2799 * @filp: file pointer to tty
2800 *
2801 * Allocate a unix98 pty master device from the ptmx driver.
2802 *
2803 * Locking: tty_mutex protects theinit_dev work. tty->count should
2804 * protect the rest.
2805 * allocated_ptys_lock handles the list of free pty numbers
2806 */
2807
2808static int __ptmx_open(struct inode *inode, struct file *filp)
2809{
2810 struct tty_struct *tty;
2811 int retval;
2812 int index;
2813
2814 nonseekable_open(inode, filp);
2815
2816 /* find a device that is not in use. */
2817 index = devpts_new_index();
2818 if (index < 0)
2819 return index;
2820
2821 mutex_lock(&tty_mutex);
2822 retval = init_dev(ptm_driver, index, &tty);
2823 mutex_unlock(&tty_mutex);
2824
2825 if (retval)
2826 goto out;
2827
2828 set_bit(TTY_PTY_LOCK, &tty->flags); /* LOCK THE SLAVE */
2829 filp->private_data = tty;
2830 file_move(filp, &tty->tty_files);
2831
2832 retval = devpts_pty_new(tty->link);
2833 if (retval)
2834 goto out1;
2835
2836 check_tty_count(tty, "ptmx_open");
2837 retval = ptm_driver->ops->open(tty, filp);
2838 if (!retval)
2839 return 0;
2840out1:
2841 release_dev(filp);
2842 return retval;
2843out:
2844 devpts_kill_index(index);
2845 return retval;
2846}
2847
2848static int ptmx_open(struct inode *inode, struct file *filp)
2849{
2850 int ret;
2851
2852 lock_kernel();
2853 ret = __ptmx_open(inode, filp);
2854 unlock_kernel();
2855 return ret;
2856}
2857#endif
2858
2859/**
2860 * tty_release - vfs callback for close
2861 * @inode: inode of tty
2862 * @filp: file pointer for handle to tty
2863 *
2864 * Called the last time each file handle is closed that references
2865 * this tty. There may however be several such references.
2866 *
2867 * Locking:
2868 * Takes bkl. See release_dev
2869 */
2870
2871static int tty_release(struct inode *inode, struct file *filp)
2872{
2873 lock_kernel();
2874 release_dev(filp);
2875 unlock_kernel();
2876 return 0;
2877}
2878
2879/**
2880 * tty_poll - check tty status
2881 * @filp: file being polled
2882 * @wait: poll wait structures to update
2883 *
2884 * Call the line discipline polling method to obtain the poll
2885 * status of the device.
2886 *
2887 * Locking: locks called line discipline but ldisc poll method
2888 * may be re-entered freely by other callers.
2889 */
2890
2891static unsigned int tty_poll(struct file *filp, poll_table *wait)
2892{
2893 struct tty_struct *tty;
2894 struct tty_ldisc *ld;
2895 int ret = 0;
2896
2897 tty = (struct tty_struct *)filp->private_data;
2898 if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_poll"))
2899 return 0;
2900
2901 ld = tty_ldisc_ref_wait(tty);
2902 if (ld->poll)
2903 ret = (ld->poll)(tty, filp, wait);
2904 tty_ldisc_deref(ld);
2905 return ret;
2906}
2907
2908static int tty_fasync(int fd, struct file *filp, int on)
2909{
2910 struct tty_struct *tty;
2911 unsigned long flags;
2912 int retval;
2913
2914 tty = (struct tty_struct *)filp->private_data;
2915 if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_fasync"))
2916 return 0;
2917
2918 retval = fasync_helper(fd, filp, on, &tty->fasync);
2919 if (retval <= 0)
2920 return retval;
2921
2922 if (on) {
2923 enum pid_type type;
2924 struct pid *pid;
2925 if (!waitqueue_active(&tty->read_wait))
2926 tty->minimum_to_wake = 1;
2927 spin_lock_irqsave(&tty->ctrl_lock, flags);
2928 if (tty->pgrp) {
2929 pid = tty->pgrp;
2930 type = PIDTYPE_PGID;
2931 } else {
2932 pid = task_pid(current);
2933 type = PIDTYPE_PID;
2934 }
2935 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2936 retval = __f_setown(filp, pid, type, 0);
2937 if (retval)
2938 return retval;
2939 } else {
2940 if (!tty->fasync && !waitqueue_active(&tty->read_wait))
2941 tty->minimum_to_wake = N_TTY_BUF_SIZE;
2942 }
2943 return 0;
2944}
2945
2946/**
2947 * tiocsti - fake input character
2948 * @tty: tty to fake input into
2949 * @p: pointer to character
2950 *
2951 * Fake input to a tty device. Does the necessary locking and
2952 * input management.
2953 *
2954 * FIXME: does not honour flow control ??
2955 *
2956 * Locking:
2957 * Called functions take tty_ldisc_lock
2958 * current->signal->tty check is safe without locks
2959 *
2960 * FIXME: may race normal receive processing
2961 */
2962
2963static int tiocsti(struct tty_struct *tty, char __user *p)
2964{
2965 char ch, mbz = 0;
2966 struct tty_ldisc *ld;
2967
2968 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2969 return -EPERM;
2970 if (get_user(ch, p))
2971 return -EFAULT;
2972 ld = tty_ldisc_ref_wait(tty);
2973 ld->receive_buf(tty, &ch, &mbz, 1);
2974 tty_ldisc_deref(ld);
2975 return 0;
2976}
2977
2978/**
2979 * tiocgwinsz - implement window query ioctl
2980 * @tty; tty
2981 * @arg: user buffer for result
2982 *
2983 * Copies the kernel idea of the window size into the user buffer.
2984 *
2985 * Locking: tty->termios_mutex is taken to ensure the winsize data
2986 * is consistent.
2987 */
2988
2989static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2990{
2991 int err;
2992
2993 mutex_lock(&tty->termios_mutex);
2994 err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2995 mutex_unlock(&tty->termios_mutex);
2996
2997 return err ? -EFAULT: 0;
2998}
2999
3000/**
3001 * tiocswinsz - implement window size set ioctl
3002 * @tty; tty
3003 * @arg: user buffer for result
3004 *
3005 * Copies the user idea of the window size to the kernel. Traditionally
3006 * this is just advisory information but for the Linux console it
3007 * actually has driver level meaning and triggers a VC resize.
3008 *
3009 * Locking:
3010 * Called function use the console_sem is used to ensure we do
3011 * not try and resize the console twice at once.
3012 * The tty->termios_mutex is used to ensure we don't double
3013 * resize and get confused. Lock order - tty->termios_mutex before
3014 * console sem
3015 */
3016
3017static int tiocswinsz(struct tty_struct *tty, struct tty_struct *real_tty,
3018 struct winsize __user *arg)
3019{
3020 struct winsize tmp_ws;
3021 struct pid *pgrp, *rpgrp;
3022 unsigned long flags;
3023
3024 if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
3025 return -EFAULT;
3026
3027 mutex_lock(&tty->termios_mutex);
3028 if (!memcmp(&tmp_ws, &tty->winsize, sizeof(*arg)))
3029 goto done;
3030
3031#ifdef CONFIG_VT
3032 if (tty->driver->type == TTY_DRIVER_TYPE_CONSOLE) {
3033 if (vc_lock_resize(tty->driver_data, tmp_ws.ws_col,
3034 tmp_ws.ws_row)) {
3035 mutex_unlock(&tty->termios_mutex);
3036 return -ENXIO;
3037 }
3038 }
3039#endif
3040 /* Get the PID values and reference them so we can
3041 avoid holding the tty ctrl lock while sending signals */
3042 spin_lock_irqsave(&tty->ctrl_lock, flags);
3043 pgrp = get_pid(tty->pgrp);
3044 rpgrp = get_pid(real_tty->pgrp);
3045 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
3046
3047 if (pgrp)
3048 kill_pgrp(pgrp, SIGWINCH, 1);
3049 if (rpgrp != pgrp && rpgrp)
3050 kill_pgrp(rpgrp, SIGWINCH, 1);
3051
3052 put_pid(pgrp);
3053 put_pid(rpgrp);
3054
3055 tty->winsize = tmp_ws;
3056 real_tty->winsize = tmp_ws;
3057done:
3058 mutex_unlock(&tty->termios_mutex);
3059 return 0;
3060}
3061
3062/**
3063 * tioccons - allow admin to move logical console
3064 * @file: the file to become console
3065 *
3066 * Allow the adminstrator to move the redirected console device
3067 *
3068 * Locking: uses redirect_lock to guard the redirect information
3069 */
3070
3071static int tioccons(struct file *file)
3072{
3073 if (!capable(CAP_SYS_ADMIN))
3074 return -EPERM;
3075 if (file->f_op->write == redirected_tty_write) {
3076 struct file *f;
3077 spin_lock(&redirect_lock);
3078 f = redirect;
3079 redirect = NULL;
3080 spin_unlock(&redirect_lock);
3081 if (f)
3082 fput(f);
3083 return 0;
3084 }
3085 spin_lock(&redirect_lock);
3086 if (redirect) {
3087 spin_unlock(&redirect_lock);
3088 return -EBUSY;
3089 }
3090 get_file(file);
3091 redirect = file;
3092 spin_unlock(&redirect_lock);
3093 return 0;
3094}
3095
3096/**
3097 * fionbio - non blocking ioctl
3098 * @file: file to set blocking value
3099 * @p: user parameter
3100 *
3101 * Historical tty interfaces had a blocking control ioctl before
3102 * the generic functionality existed. This piece of history is preserved
3103 * in the expected tty API of posix OS's.
3104 *
3105 * Locking: none, the open fle handle ensures it won't go away.
3106 */
3107
3108static int fionbio(struct file *file, int __user *p)
3109{
3110 int nonblock;
3111
3112 if (get_user(nonblock, p))
3113 return -EFAULT;
3114
3115 /* file->f_flags is still BKL protected in the fs layer - vomit */
3116 lock_kernel();
3117 if (nonblock)
3118 file->f_flags |= O_NONBLOCK;
3119 else
3120 file->f_flags &= ~O_NONBLOCK;
3121 unlock_kernel();
3122 return 0;
3123}
3124
3125/**
3126 * tiocsctty - set controlling tty
3127 * @tty: tty structure
3128 * @arg: user argument
3129 *
3130 * This ioctl is used to manage job control. It permits a session
3131 * leader to set this tty as the controlling tty for the session.
3132 *
3133 * Locking:
3134 * Takes tty_mutex() to protect tty instance
3135 * Takes tasklist_lock internally to walk sessions
3136 * Takes ->siglock() when updating signal->tty
3137 */
3138
3139static int tiocsctty(struct tty_struct *tty, int arg)
3140{
3141 int ret = 0;
3142 if (current->signal->leader && (task_session(current) == tty->session))
3143 return ret;
3144
3145 mutex_lock(&tty_mutex);
3146 /*
3147 * The process must be a session leader and
3148 * not have a controlling tty already.
3149 */
3150 if (!current->signal->leader || current->signal->tty) {
3151 ret = -EPERM;
3152 goto unlock;
3153 }
3154
3155 if (tty->session) {
3156 /*
3157 * This tty is already the controlling
3158 * tty for another session group!
3159 */
3160 if (arg == 1 && capable(CAP_SYS_ADMIN)) {
3161 /*
3162 * Steal it away
3163 */
3164 read_lock(&tasklist_lock);
3165 session_clear_tty(tty->session);
3166 read_unlock(&tasklist_lock);
3167 } else {
3168 ret = -EPERM;
3169 goto unlock;
3170 }
3171 }
3172 proc_set_tty(current, tty);
3173unlock:
3174 mutex_unlock(&tty_mutex);
3175 return ret;
3176}
3177
3178/**
3179 * tty_get_pgrp - return a ref counted pgrp pid
3180 * @tty: tty to read
3181 *
3182 * Returns a refcounted instance of the pid struct for the process
3183 * group controlling the tty.
3184 */
3185
3186struct pid *tty_get_pgrp(struct tty_struct *tty)
3187{
3188 unsigned long flags;
3189 struct pid *pgrp;
3190
3191 spin_lock_irqsave(&tty->ctrl_lock, flags);
3192 pgrp = get_pid(tty->pgrp);
3193 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
3194
3195 return pgrp;
3196}
3197EXPORT_SYMBOL_GPL(tty_get_pgrp);
3198
3199/**
3200 * tiocgpgrp - get process group
3201 * @tty: tty passed by user
3202 * @real_tty: tty side of the tty pased by the user if a pty else the tty
3203 * @p: returned pid
3204 *
3205 * Obtain the process group of the tty. If there is no process group
3206 * return an error.
3207 *
3208 * Locking: none. Reference to current->signal->tty is safe.
3209 */
3210
3211static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3212{
3213 struct pid *pid;
3214 int ret;
3215 /*
3216 * (tty == real_tty) is a cheap way of
3217 * testing if the tty is NOT a master pty.
3218 */
3219 if (tty == real_tty && current->signal->tty != real_tty)
3220 return -ENOTTY;
3221 pid = tty_get_pgrp(real_tty);
3222 ret = put_user(pid_vnr(pid), p);
3223 put_pid(pid);
3224 return ret;
3225}
3226
3227/**
3228 * tiocspgrp - attempt to set process group
3229 * @tty: tty passed by user
3230 * @real_tty: tty side device matching tty passed by user
3231 * @p: pid pointer
3232 *
3233 * Set the process group of the tty to the session passed. Only
3234 * permitted where the tty session is our session.
3235 *
3236 * Locking: RCU, ctrl lock
3237 */
3238
3239static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3240{
3241 struct pid *pgrp;
3242 pid_t pgrp_nr;
3243 int retval = tty_check_change(real_tty);
3244 unsigned long flags;
3245
3246 if (retval == -EIO)
3247 return -ENOTTY;
3248 if (retval)
3249 return retval;
3250 if (!current->signal->tty ||
3251 (current->signal->tty != real_tty) ||
3252 (real_tty->session != task_session(current)))
3253 return -ENOTTY;
3254 if (get_user(pgrp_nr, p))
3255 return -EFAULT;
3256 if (pgrp_nr < 0)
3257 return -EINVAL;
3258 rcu_read_lock();
3259 pgrp = find_vpid(pgrp_nr);
3260 retval = -ESRCH;
3261 if (!pgrp)
3262 goto out_unlock;
3263 retval = -EPERM;
3264 if (session_of_pgrp(pgrp) != task_session(current))
3265 goto out_unlock;
3266 retval = 0;
3267 spin_lock_irqsave(&tty->ctrl_lock, flags);
3268 put_pid(real_tty->pgrp);
3269 real_tty->pgrp = get_pid(pgrp);
3270 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
3271out_unlock:
3272 rcu_read_unlock();
3273 return retval;
3274}
3275
3276/**
3277 * tiocgsid - get session id
3278 * @tty: tty passed by user
3279 * @real_tty: tty side of the tty pased by the user if a pty else the tty
3280 * @p: pointer to returned session id
3281 *
3282 * Obtain the session id of the tty. If there is no session
3283 * return an error.
3284 *
3285 * Locking: none. Reference to current->signal->tty is safe.
3286 */
3287
3288static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3289{
3290 /*
3291 * (tty == real_tty) is a cheap way of
3292 * testing if the tty is NOT a master pty.
3293 */
3294 if (tty == real_tty && current->signal->tty != real_tty)
3295 return -ENOTTY;
3296 if (!real_tty->session)
3297 return -ENOTTY;
3298 return put_user(pid_vnr(real_tty->session), p);
3299}
3300
3301/**
3302 * tiocsetd - set line discipline
3303 * @tty: tty device
3304 * @p: pointer to user data
3305 *
3306 * Set the line discipline according to user request.
3307 *
3308 * Locking: see tty_set_ldisc, this function is just a helper
3309 */
3310
3311static int tiocsetd(struct tty_struct *tty, int __user *p)
3312{
3313 int ldisc;
3314 int ret;
3315
3316 if (get_user(ldisc, p))
3317 return -EFAULT;
3318
3319 lock_kernel();
3320 ret = tty_set_ldisc(tty, ldisc);
3321 unlock_kernel();
3322
3323 return ret;
3324}
3325
3326/**
3327 * send_break - performed time break
3328 * @tty: device to break on
3329 * @duration: timeout in mS
3330 *
3331 * Perform a timed break on hardware that lacks its own driver level
3332 * timed break functionality.
3333 *
3334 * Locking:
3335 * atomic_write_lock serializes
3336 *
3337 */
3338
3339static int send_break(struct tty_struct *tty, unsigned int duration)
3340{
3341 if (tty_write_lock(tty, 0) < 0)
3342 return -EINTR;
3343 tty->ops->break_ctl(tty, -1);
3344 if (!signal_pending(current))
3345 msleep_interruptible(duration);
3346 tty->ops->break_ctl(tty, 0);
3347 tty_write_unlock(tty);
3348 if (!signal_pending(current))
3349 return -EINTR;
3350 return 0;
3351}
3352
3353/**
3354 * tty_tiocmget - get modem status
3355 * @tty: tty device
3356 * @file: user file pointer
3357 * @p: pointer to result
3358 *
3359 * Obtain the modem status bits from the tty driver if the feature
3360 * is supported. Return -EINVAL if it is not available.
3361 *
3362 * Locking: none (up to the driver)
3363 */
3364
3365static int tty_tiocmget(struct tty_struct *tty, struct file *file, int __user *p)
3366{
3367 int retval = -EINVAL;
3368
3369 if (tty->ops->tiocmget) {
3370 retval = tty->ops->tiocmget(tty, file);
3371
3372 if (retval >= 0)
3373 retval = put_user(retval, p);
3374 }
3375 return retval;
3376}
3377
3378/**
3379 * tty_tiocmset - set modem status
3380 * @tty: tty device
3381 * @file: user file pointer
3382 * @cmd: command - clear bits, set bits or set all
3383 * @p: pointer to desired bits
3384 *
3385 * Set the modem status bits from the tty driver if the feature
3386 * is supported. Return -EINVAL if it is not available.
3387 *
3388 * Locking: none (up to the driver)
3389 */
3390
3391static int tty_tiocmset(struct tty_struct *tty, struct file *file, unsigned int cmd,
3392 unsigned __user *p)
3393{
3394 int retval = -EINVAL;
3395
3396 if (tty->ops->tiocmset) {
3397 unsigned int set, clear, val;
3398
3399 retval = get_user(val, p);
3400 if (retval)
3401 return retval;
3402
3403 set = clear = 0;
3404 switch (cmd) {
3405 case TIOCMBIS:
3406 set = val;
3407 break;
3408 case TIOCMBIC:
3409 clear = val;
3410 break;
3411 case TIOCMSET:
3412 set = val;
3413 clear = ~val;
3414 break;
3415 }
3416
3417 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
3418 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
3419
3420 retval = tty->ops->tiocmset(tty, file, set, clear);
3421 }
3422 return retval;
3423}
3424
3425/*
3426 * Split this up, as gcc can choke on it otherwise..
3427 */
3428long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
3429{
3430 struct tty_struct *tty, *real_tty;
3431 void __user *p = (void __user *)arg;
3432 int retval;
3433 struct tty_ldisc *ld;
3434 struct inode *inode = file->f_dentry->d_inode;
3435
3436 tty = (struct tty_struct *)file->private_data;
3437 if (tty_paranoia_check(tty, inode, "tty_ioctl"))
3438 return -EINVAL;
3439
3440 real_tty = tty;
3441 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
3442 tty->driver->subtype == PTY_TYPE_MASTER)
3443 real_tty = tty->link;
3444
3445 /*
3446 * Break handling by driver
3447 */
3448
3449 retval = -EINVAL;
3450
3451 if (!tty->ops->break_ctl) {
3452 switch (cmd) {
3453 case TIOCSBRK:
3454 case TIOCCBRK:
3455 if (tty->ops->ioctl)
3456 retval = tty->ops->ioctl(tty, file, cmd, arg);
3457 if (retval != -EINVAL && retval != -ENOIOCTLCMD)
3458 printk(KERN_WARNING "tty: driver %s needs updating to use break_ctl\n", tty->driver->name);
3459 return retval;
3460
3461 /* These two ioctl's always return success; even if */
3462 /* the driver doesn't support them. */
3463 case TCSBRK:
3464 case TCSBRKP:
3465 if (!tty->ops->ioctl)
3466 return 0;
3467 retval = tty->ops->ioctl(tty, file, cmd, arg);
3468 if (retval != -EINVAL && retval != -ENOIOCTLCMD)
3469 printk(KERN_WARNING "tty: driver %s needs updating to use break_ctl\n", tty->driver->name);
3470 if (retval == -ENOIOCTLCMD)
3471 retval = 0;
3472 return retval;
3473 }
3474 }
3475
3476 /*
3477 * Factor out some common prep work
3478 */
3479 switch (cmd) {
3480 case TIOCSETD:
3481 case TIOCSBRK:
3482 case TIOCCBRK:
3483 case TCSBRK:
3484 case TCSBRKP:
3485 retval = tty_check_change(tty);
3486 if (retval)
3487 return retval;
3488 if (cmd != TIOCCBRK) {
3489 tty_wait_until_sent(tty, 0);
3490 if (signal_pending(current))
3491 return -EINTR;
3492 }
3493 break;
3494 }
3495
3496 switch (cmd) {
3497 case TIOCSTI:
3498 return tiocsti(tty, p);
3499 case TIOCGWINSZ:
3500 return tiocgwinsz(tty, p);
3501 case TIOCSWINSZ:
3502 return tiocswinsz(tty, real_tty, p);
3503 case TIOCCONS:
3504 return real_tty != tty ? -EINVAL : tioccons(file);
3505 case FIONBIO:
3506 return fionbio(file, p);
3507 case TIOCEXCL:
3508 set_bit(TTY_EXCLUSIVE, &tty->flags);
3509 return 0;
3510 case TIOCNXCL:
3511 clear_bit(TTY_EXCLUSIVE, &tty->flags);
3512 return 0;
3513 case TIOCNOTTY:
3514 if (current->signal->tty != tty)
3515 return -ENOTTY;
3516 no_tty();
3517 return 0;
3518 case TIOCSCTTY:
3519 return tiocsctty(tty, arg);
3520 case TIOCGPGRP:
3521 return tiocgpgrp(tty, real_tty, p);
3522 case TIOCSPGRP:
3523 return tiocspgrp(tty, real_tty, p);
3524 case TIOCGSID:
3525 return tiocgsid(tty, real_tty, p);
3526 case TIOCGETD:
3527 return put_user(tty->ldisc.num, (int __user *)p);
3528 case TIOCSETD:
3529 return tiocsetd(tty, p);
3530#ifdef CONFIG_VT
3531 case TIOCLINUX:
3532 return tioclinux(tty, arg);
3533#endif
3534 /*
3535 * Break handling
3536 */
3537 case TIOCSBRK: /* Turn break on, unconditionally */
3538 if (tty->ops->break_ctl)
3539 tty->ops->break_ctl(tty, -1);
3540 return 0;
3541
3542 case TIOCCBRK: /* Turn break off, unconditionally */
3543 if (tty->ops->break_ctl)
3544 tty->ops->break_ctl(tty, 0);
3545 return 0;
3546 case TCSBRK: /* SVID version: non-zero arg --> no break */
3547 /* non-zero arg means wait for all output data
3548 * to be sent (performed above) but don't send break.
3549 * This is used by the tcdrain() termios function.
3550 */
3551 if (!arg)
3552 return send_break(tty, 250);
3553 return 0;
3554 case TCSBRKP: /* support for POSIX tcsendbreak() */
3555 return send_break(tty, arg ? arg*100 : 250);
3556
3557 case TIOCMGET:
3558 return tty_tiocmget(tty, file, p);
3559 case TIOCMSET:
3560 case TIOCMBIC:
3561 case TIOCMBIS:
3562 return tty_tiocmset(tty, file, cmd, p);
3563 case TCFLSH:
3564 switch (arg) {
3565 case TCIFLUSH:
3566 case TCIOFLUSH:
3567 /* flush tty buffer and allow ldisc to process ioctl */
3568 tty_buffer_flush(tty);
3569 break;
3570 }
3571 break;
3572 }
3573 if (tty->ops->ioctl) {
3574 retval = (tty->ops->ioctl)(tty, file, cmd, arg);
3575 if (retval != -ENOIOCTLCMD)
3576 return retval;
3577 }
3578 ld = tty_ldisc_ref_wait(tty);
3579 retval = -EINVAL;
3580 if (ld->ioctl) {
3581 retval = ld->ioctl(tty, file, cmd, arg);
3582 if (retval == -ENOIOCTLCMD)
3583 retval = -EINVAL;
3584 }
3585 tty_ldisc_deref(ld);
3586 return retval;
3587}
3588
3589#ifdef CONFIG_COMPAT
3590static long tty_compat_ioctl(struct file *file, unsigned int cmd,
3591 unsigned long arg)
3592{
3593 struct inode *inode = file->f_dentry->d_inode;
3594 struct tty_struct *tty = file->private_data;
3595 struct tty_ldisc *ld;
3596 int retval = -ENOIOCTLCMD;
3597
3598 if (tty_paranoia_check(tty, inode, "tty_ioctl"))
3599 return -EINVAL;
3600
3601 if (tty->ops->compat_ioctl) {
3602 retval = (tty->ops->compat_ioctl)(tty, file, cmd, arg);
3603 if (retval != -ENOIOCTLCMD)
3604 return retval;
3605 }
3606
3607 ld = tty_ldisc_ref_wait(tty);
3608 if (ld->compat_ioctl)
3609 retval = ld->compat_ioctl(tty, file, cmd, arg);
3610 tty_ldisc_deref(ld);
3611
3612 return retval;
3613}
3614#endif
3615
3616/*
3617 * This implements the "Secure Attention Key" --- the idea is to
3618 * prevent trojan horses by killing all processes associated with this
3619 * tty when the user hits the "Secure Attention Key". Required for
3620 * super-paranoid applications --- see the Orange Book for more details.
3621 *
3622 * This code could be nicer; ideally it should send a HUP, wait a few
3623 * seconds, then send a INT, and then a KILL signal. But you then
3624 * have to coordinate with the init process, since all processes associated
3625 * with the current tty must be dead before the new getty is allowed
3626 * to spawn.
3627 *
3628 * Now, if it would be correct ;-/ The current code has a nasty hole -
3629 * it doesn't catch files in flight. We may send the descriptor to ourselves
3630 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
3631 *
3632 * Nasty bug: do_SAK is being called in interrupt context. This can
3633 * deadlock. We punt it up to process context. AKPM - 16Mar2001
3634 */
3635void __do_SAK(struct tty_struct *tty)
3636{
3637#ifdef TTY_SOFT_SAK
3638 tty_hangup(tty);
3639#else
3640 struct task_struct *g, *p;
3641 struct pid *session;
3642 int i;
3643 struct file *filp;
3644 struct fdtable *fdt;
3645
3646 if (!tty)
3647 return;
3648 session = tty->session;
3649
3650 tty_ldisc_flush(tty);
3651
3652 tty_driver_flush_buffer(tty);
3653
3654 read_lock(&tasklist_lock);
3655 /* Kill the entire session */
3656 do_each_pid_task(session, PIDTYPE_SID, p) {
3657 printk(KERN_NOTICE "SAK: killed process %d"
3658 " (%s): task_session_nr(p)==tty->session\n",
3659 task_pid_nr(p), p->comm);
3660 send_sig(SIGKILL, p, 1);
3661 } while_each_pid_task(session, PIDTYPE_SID, p);
3662 /* Now kill any processes that happen to have the
3663 * tty open.
3664 */
3665 do_each_thread(g, p) {
3666 if (p->signal->tty == tty) {
3667 printk(KERN_NOTICE "SAK: killed process %d"
3668 " (%s): task_session_nr(p)==tty->session\n",
3669 task_pid_nr(p), p->comm);
3670 send_sig(SIGKILL, p, 1);
3671 continue;
3672 }
3673 task_lock(p);
3674 if (p->files) {
3675 /*
3676 * We don't take a ref to the file, so we must
3677 * hold ->file_lock instead.
3678 */
3679 spin_lock(&p->files->file_lock);
3680 fdt = files_fdtable(p->files);
3681 for (i = 0; i < fdt->max_fds; i++) {
3682 filp = fcheck_files(p->files, i);
3683 if (!filp)
3684 continue;
3685 if (filp->f_op->read == tty_read &&
3686 filp->private_data == tty) {
3687 printk(KERN_NOTICE "SAK: killed process %d"
3688 " (%s): fd#%d opened to the tty\n",
3689 task_pid_nr(p), p->comm, i);
3690 force_sig(SIGKILL, p);
3691 break;
3692 }
3693 }
3694 spin_unlock(&p->files->file_lock);
3695 }
3696 task_unlock(p);
3697 } while_each_thread(g, p);
3698 read_unlock(&tasklist_lock);
3699#endif
3700}
3701
3702static void do_SAK_work(struct work_struct *work)
3703{
3704 struct tty_struct *tty =
3705 container_of(work, struct tty_struct, SAK_work);
3706 __do_SAK(tty);
3707}
3708
3709/*
3710 * The tq handling here is a little racy - tty->SAK_work may already be queued.
3711 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3712 * the values which we write to it will be identical to the values which it
3713 * already has. --akpm
3714 */
3715void do_SAK(struct tty_struct *tty)
3716{
3717 if (!tty)
3718 return;
3719 schedule_work(&tty->SAK_work);
3720}
3721
3722EXPORT_SYMBOL(do_SAK);
3723
3724/**
3725 * flush_to_ldisc
3726 * @work: tty structure passed from work queue.
3727 *
3728 * This routine is called out of the software interrupt to flush data
3729 * from the buffer chain to the line discipline.
3730 *
3731 * Locking: holds tty->buf.lock to guard buffer list. Drops the lock
3732 * while invoking the line discipline receive_buf method. The
3733 * receive_buf method is single threaded for each tty instance.
3734 */
3735
3736static void flush_to_ldisc(struct work_struct *work)
3737{
3738 struct tty_struct *tty =
3739 container_of(work, struct tty_struct, buf.work.work);
3740 unsigned long flags;
3741 struct tty_ldisc *disc;
3742 struct tty_buffer *tbuf, *head;
3743 char *char_buf;
3744 unsigned char *flag_buf;
3745
3746 disc = tty_ldisc_ref(tty);
3747 if (disc == NULL) /* !TTY_LDISC */
3748 return;
3749
3750 spin_lock_irqsave(&tty->buf.lock, flags);
3751 /* So we know a flush is running */
3752 set_bit(TTY_FLUSHING, &tty->flags);
3753 head = tty->buf.head;
3754 if (head != NULL) {
3755 tty->buf.head = NULL;
3756 for (;;) {
3757 int count = head->commit - head->read;
3758 if (!count) {
3759 if (head->next == NULL)
3760 break;
3761 tbuf = head;
3762 head = head->next;
3763 tty_buffer_free(tty, tbuf);
3764 continue;
3765 }
3766 /* Ldisc or user is trying to flush the buffers
3767 we are feeding to the ldisc, stop feeding the
3768 line discipline as we want to empty the queue */
3769 if (test_bit(TTY_FLUSHPENDING, &tty->flags))
3770 break;
3771 if (!tty->receive_room) {
3772 schedule_delayed_work(&tty->buf.work, 1);
3773 break;
3774 }
3775 if (count > tty->receive_room)
3776 count = tty->receive_room;
3777 char_buf = head->char_buf_ptr + head->read;
3778 flag_buf = head->flag_buf_ptr + head->read;
3779 head->read += count;
3780 spin_unlock_irqrestore(&tty->buf.lock, flags);
3781 disc->receive_buf(tty, char_buf, flag_buf, count);
3782 spin_lock_irqsave(&tty->buf.lock, flags);
3783 }
3784 /* Restore the queue head */
3785 tty->buf.head = head;
3786 }
3787 /* We may have a deferred request to flush the input buffer,
3788 if so pull the chain under the lock and empty the queue */
3789 if (test_bit(TTY_FLUSHPENDING, &tty->flags)) {
3790 __tty_buffer_flush(tty);
3791 clear_bit(TTY_FLUSHPENDING, &tty->flags);
3792 wake_up(&tty->read_wait);
3793 }
3794 clear_bit(TTY_FLUSHING, &tty->flags);
3795 spin_unlock_irqrestore(&tty->buf.lock, flags);
3796
3797 tty_ldisc_deref(disc);
3798}
3799
3800/**
3801 * tty_flip_buffer_push - terminal
3802 * @tty: tty to push
3803 *
3804 * Queue a push of the terminal flip buffers to the line discipline. This
3805 * function must not be called from IRQ context if tty->low_latency is set.
3806 *
3807 * In the event of the queue being busy for flipping the work will be
3808 * held off and retried later.
3809 *
3810 * Locking: tty buffer lock. Driver locks in low latency mode.
3811 */
3812
3813void tty_flip_buffer_push(struct tty_struct *tty)
3814{
3815 unsigned long flags;
3816 spin_lock_irqsave(&tty->buf.lock, flags);
3817 if (tty->buf.tail != NULL)
3818 tty->buf.tail->commit = tty->buf.tail->used;
3819 spin_unlock_irqrestore(&tty->buf.lock, flags);
3820
3821 if (tty->low_latency)
3822 flush_to_ldisc(&tty->buf.work.work);
3823 else
3824 schedule_delayed_work(&tty->buf.work, 1);
3825}
3826
3827EXPORT_SYMBOL(tty_flip_buffer_push);
3828
3829
3830/**
3831 * initialize_tty_struct
3832 * @tty: tty to initialize
3833 *
3834 * This subroutine initializes a tty structure that has been newly
3835 * allocated.
3836 *
3837 * Locking: none - tty in question must not be exposed at this point
3838 */
3839
3840static void initialize_tty_struct(struct tty_struct *tty)
3841{
3842 memset(tty, 0, sizeof(struct tty_struct));
3843 tty->magic = TTY_MAGIC;
3844 tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
3845 tty->session = NULL;
3846 tty->pgrp = NULL;
3847 tty->overrun_time = jiffies;
3848 tty->buf.head = tty->buf.tail = NULL;
3849 tty_buffer_init(tty);
3850 INIT_DELAYED_WORK(&tty->buf.work, flush_to_ldisc);
3851 mutex_init(&tty->termios_mutex);
3852 init_waitqueue_head(&tty->write_wait);
3853 init_waitqueue_head(&tty->read_wait);
3854 INIT_WORK(&tty->hangup_work, do_tty_hangup);
3855 mutex_init(&tty->atomic_read_lock);
3856 mutex_init(&tty->atomic_write_lock);
3857 spin_lock_init(&tty->read_lock);
3858 spin_lock_init(&tty->ctrl_lock);
3859 INIT_LIST_HEAD(&tty->tty_files);
3860 INIT_WORK(&tty->SAK_work, do_SAK_work);
3861}
3862
3863/**
3864 * tty_put_char - write one character to a tty
3865 * @tty: tty
3866 * @ch: character
3867 *
3868 * Write one byte to the tty using the provided put_char method
3869 * if present. Returns the number of characters successfully output.
3870 *
3871 * Note: the specific put_char operation in the driver layer may go
3872 * away soon. Don't call it directly, use this method
3873 */
3874
3875int tty_put_char(struct tty_struct *tty, unsigned char ch)
3876{
3877 if (tty->ops->put_char)
3878 return tty->ops->put_char(tty, ch);
3879 return tty->ops->write(tty, &ch, 1);
3880}
3881
3882EXPORT_SYMBOL_GPL(tty_put_char);
3883
3884static struct class *tty_class;
3885
3886/**
3887 * tty_register_device - register a tty device
3888 * @driver: the tty driver that describes the tty device
3889 * @index: the index in the tty driver for this tty device
3890 * @device: a struct device that is associated with this tty device.
3891 * This field is optional, if there is no known struct device
3892 * for this tty device it can be set to NULL safely.
3893 *
3894 * Returns a pointer to the struct device for this tty device
3895 * (or ERR_PTR(-EFOO) on error).
3896 *
3897 * This call is required to be made to register an individual tty device
3898 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3899 * that bit is not set, this function should not be called by a tty
3900 * driver.
3901 *
3902 * Locking: ??
3903 */
3904
3905struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3906 struct device *device)
3907{
3908 char name[64];
3909 dev_t dev = MKDEV(driver->major, driver->minor_start) + index;
3910
3911 if (index >= driver->num) {
3912 printk(KERN_ERR "Attempt to register invalid tty line number "
3913 " (%d).\n", index);
3914 return ERR_PTR(-EINVAL);
3915 }
3916
3917 if (driver->type == TTY_DRIVER_TYPE_PTY)
3918 pty_line_name(driver, index, name);
3919 else
3920 tty_line_name(driver, index, name);
3921
3922 return device_create(tty_class, device, dev, name);
3923}
3924
3925/**
3926 * tty_unregister_device - unregister a tty device
3927 * @driver: the tty driver that describes the tty device
3928 * @index: the index in the tty driver for this tty device
3929 *
3930 * If a tty device is registered with a call to tty_register_device() then
3931 * this function must be called when the tty device is gone.
3932 *
3933 * Locking: ??
3934 */
3935
3936void tty_unregister_device(struct tty_driver *driver, unsigned index)
3937{
3938 device_destroy(tty_class,
3939 MKDEV(driver->major, driver->minor_start) + index);
3940}
3941
3942EXPORT_SYMBOL(tty_register_device);
3943EXPORT_SYMBOL(tty_unregister_device);
3944
3945struct tty_driver *alloc_tty_driver(int lines)
3946{
3947 struct tty_driver *driver;
3948
3949 driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL);
3950 if (driver) {
3951 driver->magic = TTY_DRIVER_MAGIC;
3952 driver->num = lines;
3953 /* later we'll move allocation of tables here */
3954 }
3955 return driver;
3956}
3957
3958void put_tty_driver(struct tty_driver *driver)
3959{
3960 kfree(driver);
3961}
3962
3963void tty_set_operations(struct tty_driver *driver,
3964 const struct tty_operations *op)
3965{
3966 driver->ops = op;
3967};
3968
3969EXPORT_SYMBOL(alloc_tty_driver);
3970EXPORT_SYMBOL(put_tty_driver);
3971EXPORT_SYMBOL(tty_set_operations);
3972
3973/*
3974 * Called by a tty driver to register itself.
3975 */
3976int tty_register_driver(struct tty_driver *driver)
3977{
3978 int error;
3979 int i;
3980 dev_t dev;
3981 void **p = NULL;
3982
3983 if (driver->flags & TTY_DRIVER_INSTALLED)
3984 return 0;
3985
3986 if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM) && driver->num) {
3987 p = kzalloc(driver->num * 3 * sizeof(void *), GFP_KERNEL);
3988 if (!p)
3989 return -ENOMEM;
3990 }
3991
3992 if (!driver->major) {
3993 error = alloc_chrdev_region(&dev, driver->minor_start,
3994 driver->num, driver->name);
3995 if (!error) {
3996 driver->major = MAJOR(dev);
3997 driver->minor_start = MINOR(dev);
3998 }
3999 } else {
4000 dev = MKDEV(driver->major, driver->minor_start);
4001 error = register_chrdev_region(dev, driver->num, driver->name);
4002 }
4003 if (error < 0) {
4004 kfree(p);
4005 return error;
4006 }
4007
4008 if (p) {
4009 driver->ttys = (struct tty_struct **)p;
4010 driver->termios = (struct ktermios **)(p + driver->num);
4011 driver->termios_locked = (struct ktermios **)
4012 (p + driver->num * 2);
4013 } else {
4014 driver->ttys = NULL;
4015 driver->termios = NULL;
4016 driver->termios_locked = NULL;
4017 }
4018
4019 cdev_init(&driver->cdev, &tty_fops);
4020 driver->cdev.owner = driver->owner;
4021 error = cdev_add(&driver->cdev, dev, driver->num);
4022 if (error) {
4023 unregister_chrdev_region(dev, driver->num);
4024 driver->ttys = NULL;
4025 driver->termios = driver->termios_locked = NULL;
4026 kfree(p);
4027 return error;
4028 }
4029
4030 mutex_lock(&tty_mutex);
4031 list_add(&driver->tty_drivers, &tty_drivers);
4032 mutex_unlock(&tty_mutex);
4033
4034 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
4035 for (i = 0; i < driver->num; i++)
4036 tty_register_device(driver, i, NULL);
4037 }
4038 proc_tty_register_driver(driver);
4039 return 0;
4040}
4041
4042EXPORT_SYMBOL(tty_register_driver);
4043
4044/*
4045 * Called by a tty driver to unregister itself.
4046 */
4047int tty_unregister_driver(struct tty_driver *driver)
4048{
4049 int i;
4050 struct ktermios *tp;
4051 void *p;
4052
4053 if (driver->refcount)
4054 return -EBUSY;
4055
4056 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
4057 driver->num);
4058 mutex_lock(&tty_mutex);
4059 list_del(&driver->tty_drivers);
4060 mutex_unlock(&tty_mutex);
4061
4062 /*
4063 * Free the termios and termios_locked structures because
4064 * we don't want to get memory leaks when modular tty
4065 * drivers are removed from the kernel.
4066 */
4067 for (i = 0; i < driver->num; i++) {
4068 tp = driver->termios[i];
4069 if (tp) {
4070 driver->termios[i] = NULL;
4071 kfree(tp);
4072 }
4073 tp = driver->termios_locked[i];
4074 if (tp) {
4075 driver->termios_locked[i] = NULL;
4076 kfree(tp);
4077 }
4078 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
4079 tty_unregister_device(driver, i);
4080 }
4081 p = driver->ttys;
4082 proc_tty_unregister_driver(driver);
4083 driver->ttys = NULL;
4084 driver->termios = driver->termios_locked = NULL;
4085 kfree(p);
4086 cdev_del(&driver->cdev);
4087 return 0;
4088}
4089EXPORT_SYMBOL(tty_unregister_driver);
4090
4091dev_t tty_devnum(struct tty_struct *tty)
4092{
4093 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
4094}
4095EXPORT_SYMBOL(tty_devnum);
4096
4097void proc_clear_tty(struct task_struct *p)
4098{
4099 spin_lock_irq(&p->sighand->siglock);
4100 p->signal->tty = NULL;
4101 spin_unlock_irq(&p->sighand->siglock);
4102}
4103EXPORT_SYMBOL(proc_clear_tty);
4104
4105/* Called under the sighand lock */
4106
4107static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
4108{
4109 if (tty) {
4110 unsigned long flags;
4111 /* We should not have a session or pgrp to put here but.... */
4112 spin_lock_irqsave(&tty->ctrl_lock, flags);
4113 put_pid(tty->session);
4114 put_pid(tty->pgrp);
4115 tty->pgrp = get_pid(task_pgrp(tsk));
4116 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
4117 tty->session = get_pid(task_session(tsk));
4118 }
4119 put_pid(tsk->signal->tty_old_pgrp);
4120 tsk->signal->tty = tty;
4121 tsk->signal->tty_old_pgrp = NULL;
4122}
4123
4124static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
4125{
4126 spin_lock_irq(&tsk->sighand->siglock);
4127 __proc_set_tty(tsk, tty);
4128 spin_unlock_irq(&tsk->sighand->siglock);
4129}
4130
4131struct tty_struct *get_current_tty(void)
4132{
4133 struct tty_struct *tty;
4134 WARN_ON_ONCE(!mutex_is_locked(&tty_mutex));
4135 tty = current->signal->tty;
4136 /*
4137 * session->tty can be changed/cleared from under us, make sure we
4138 * issue the load. The obtained pointer, when not NULL, is valid as
4139 * long as we hold tty_mutex.
4140 */
4141 barrier();
4142 return tty;
4143}
4144EXPORT_SYMBOL_GPL(get_current_tty);
4145
4146/*
4147 * Initialize the console device. This is called *early*, so
4148 * we can't necessarily depend on lots of kernel help here.
4149 * Just do some early initializations, and do the complex setup
4150 * later.
4151 */
4152void __init console_init(void)
4153{
4154 initcall_t *call;
4155
4156 /* Setup the default TTY line discipline. */
4157 (void) tty_register_ldisc(N_TTY, &tty_ldisc_N_TTY);
4158
4159 /*
4160 * set up the console device so that later boot sequences can
4161 * inform about problems etc..
4162 */
4163 call = __con_initcall_start;
4164 while (call < __con_initcall_end) {
4165 (*call)();
4166 call++;
4167 }
4168}
4169
4170static int __init tty_class_init(void)
4171{
4172 tty_class = class_create(THIS_MODULE, "tty");
4173 if (IS_ERR(tty_class))
4174 return PTR_ERR(tty_class);
4175 return 0;
4176}
4177
4178postcore_initcall(tty_class_init);
4179
4180/* 3/2004 jmc: why do these devices exist? */
4181
4182static struct cdev tty_cdev, console_cdev;
4183#ifdef CONFIG_UNIX98_PTYS
4184static struct cdev ptmx_cdev;
4185#endif
4186#ifdef CONFIG_VT
4187static struct cdev vc0_cdev;
4188#endif
4189
4190/*
4191 * Ok, now we can initialize the rest of the tty devices and can count
4192 * on memory allocations, interrupts etc..
4193 */
4194static int __init tty_init(void)
4195{
4196 cdev_init(&tty_cdev, &tty_fops);
4197 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
4198 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
4199 panic("Couldn't register /dev/tty driver\n");
4200 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), "tty");
4201
4202 cdev_init(&console_cdev, &console_fops);
4203 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
4204 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
4205 panic("Couldn't register /dev/console driver\n");
4206 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), "console");
4207
4208#ifdef CONFIG_UNIX98_PTYS
4209 cdev_init(&ptmx_cdev, &ptmx_fops);
4210 if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) ||
4211 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 2), 1, "/dev/ptmx") < 0)
4212 panic("Couldn't register /dev/ptmx driver\n");
4213 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 2), "ptmx");
4214#endif
4215
4216#ifdef CONFIG_VT
4217 cdev_init(&vc0_cdev, &console_fops);
4218 if (cdev_add(&vc0_cdev, MKDEV(TTY_MAJOR, 0), 1) ||
4219 register_chrdev_region(MKDEV(TTY_MAJOR, 0), 1, "/dev/vc/0") < 0)
4220 panic("Couldn't register /dev/tty0 driver\n");
4221 device_create(tty_class, NULL, MKDEV(TTY_MAJOR, 0), "tty0");
4222
4223 vty_init();
4224#endif
4225 return 0;
4226}
4227module_init(tty_init);
Linux 6.x block layer and io_uring tree(s)