]> bbs.cooldavid.org Git - net-next-2.6.git/blame - drivers/char/tty_io.c
git://bbs.cooldavid.org / net-next-2.6.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Audit: add TTY input auditing
[net-next-2.6.git] / drivers / char / tty_io.c
CommitLineData
1da177e4
LT		 1/*
2 * linux/drivers/char/tty_io.c
3 *
4 * Copyright (C) 1991, 1992 Linus Torvalds
5 */
6
7/*
8 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
9 * or rs-channels. It also implements echoing, cooked mode etc.
10 *
11 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
12 *
13 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
14 * tty_struct and tty_queue structures. Previously there was an array
15 * of 256 tty_struct's which was statically allocated, and the
16 * tty_queue structures were allocated at boot time. Both are now
17 * dynamically allocated only when the tty is open.
18 *
19 * Also restructured routines so that there is more of a separation
20 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
21 * the low-level tty routines (serial.c, pty.c, console.c). This
22 * makes for cleaner and more compact code. -TYT, 9/17/92
23 *
24 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
25 * which can be dynamically activated and de-activated by the line
26 * discipline handling modules (like SLIP).
27 *
28 * NOTE: pay no attention to the line discipline code (yet); its
29 * interface is still subject to change in this version...
30 * -- TYT, 1/31/92
31 *
32 * Added functionality to the OPOST tty handling. No delays, but all
33 * other bits should be there.
34 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
35 *
36 * Rewrote canonical mode and added more termios flags.
37 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
38 *
39 * Reorganized FASYNC support so mouse code can share it.
40 * -- ctm@ardi.com, 9Sep95
41 *
42 * New TIOCLINUX variants added.
43 * -- mj@k332.feld.cvut.cz, 19-Nov-95
44 *
45 * Restrict vt switching via ioctl()
46 * -- grif@cs.ucr.edu, 5-Dec-95
47 *
48 * Move console and virtual terminal code to more appropriate files,
49 * implement CONFIG_VT and generalize console device interface.
50 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
51 *
52 * Rewrote init_dev and release_dev to eliminate races.
53 * -- Bill Hawes <whawes@star.net>, June 97
54 *
55 * Added devfs support.
56 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
57 *
58 * Added support for a Unix98-style ptmx device.
59 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
60 *
61 * Reduced memory usage for older ARM systems
62 * -- Russell King <rmk@arm.linux.org.uk>
63 *
64 * Move do_SAK() into process context. Less stack use in devfs functions.
65 * alloc_tty_struct() always uses kmalloc() -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
66 */
67
1da177e4
LT		 68#include <linux/types.h>
69#include <linux/major.h>
70#include <linux/errno.h>
71#include <linux/signal.h>
72#include <linux/fcntl.h>
73#include <linux/sched.h>
74#include <linux/interrupt.h>
75#include <linux/tty.h>
76#include <linux/tty_driver.h>
77#include <linux/tty_flip.h>
78#include <linux/devpts_fs.h>
79#include <linux/file.h>
80#include <linux/console.h>
81#include <linux/timer.h>
82#include <linux/ctype.h>
83#include <linux/kd.h>
84#include <linux/mm.h>
85#include <linux/string.h>
86#include <linux/slab.h>
87#include <linux/poll.h>
88#include <linux/proc_fs.h>
89#include <linux/init.h>
90#include <linux/module.h>
91#include <linux/smp_lock.h>
92#include <linux/device.h>
93#include <linux/idr.h>
94#include <linux/wait.h>
95#include <linux/bitops.h>
b20f3ae5 96#include <linux/delay.h>
1da177e4
LT		 97
98#include <asm/uaccess.h>
99#include <asm/system.h>
100
101#include <linux/kbd_kern.h>
102#include <linux/vt_kern.h>
103#include <linux/selection.h>
1da177e4
LT		 104
105#include <linux/kmod.h>
106
107#undef TTY_DEBUG_HANGUP
108
109#define TTY_PARANOIA_CHECK 1
110#define CHECK_TTY_COUNT 1
111
edc6afc5 112struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
1da177e4
LT		 113 .c_iflag = ICRNL | IXON,
114 .c_oflag = OPOST | ONLCR,
115 .c_cflag = B38400 | CS8 | CREAD | HUPCL,
116 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
117 ECHOCTL | ECHOKE | IEXTEN,
edc6afc5
AC		 118 .c_cc = INIT_C_CC,
119 .c_ispeed = 38400,
120 .c_ospeed = 38400
1da177e4
LT		 121};
122
123EXPORT_SYMBOL(tty_std_termios);
124
125/* This list gets poked at by procfs and various bits of boot up code. This
126 could do with some rationalisation such as pulling the tty proc function
127 into this file */
128
129LIST_HEAD(tty_drivers); /* linked list of tty drivers */
130
24ec839c 131/* Mutex to protect creating and releasing a tty. This is shared with
1da177e4 132 vt.c for deeply disgusting hack reasons */
70522e12 133DEFINE_MUTEX(tty_mutex);
de2a84f2 134EXPORT_SYMBOL(tty_mutex);
1da177e4
LT		 135
136#ifdef CONFIG_UNIX98_PTYS
137extern struct tty_driver *ptm_driver; /* Unix98 pty masters; for /dev/ptmx */
138extern int pty_limit; /* Config limit on Unix98 ptys */
139static DEFINE_IDR(allocated_ptys);
140static DECLARE_MUTEX(allocated_ptys_lock);
141static int ptmx_open(struct inode *, struct file *);
142#endif
143
1da177e4
LT		 144static void initialize_tty_struct(struct tty_struct *tty);
145
146static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
147static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
148ssize_t redirected_tty_write(struct file *, const char __user *, size_t, loff_t *);
149static unsigned int tty_poll(struct file *, poll_table *);
150static int tty_open(struct inode *, struct file *);
151static int tty_release(struct inode *, struct file *);
152int tty_ioctl(struct inode * inode, struct file * file,
153 unsigned int cmd, unsigned long arg);
e10cc1df
PF		 154#ifdef CONFIG_COMPAT
155static long tty_compat_ioctl(struct file * file, unsigned int cmd,
156 unsigned long arg);
157#else
158#define tty_compat_ioctl NULL
159#endif
1da177e4 160static int tty_fasync(int fd, struct file * filp, int on);
d5698c28 161static void release_tty(struct tty_struct *tty, int idx);
2a65f1d9 162static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
98a27ba4 163static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
1da177e4 164
af9b897e
AC		 165/**
166 * alloc_tty_struct - allocate a tty object
167 *
168 * Return a new empty tty structure. The data fields have not
169 * been initialized in any way but has been zeroed
170 *
171 * Locking: none
af9b897e 172 */
1da177e4
LT		 173
174static struct tty_struct *alloc_tty_struct(void)
175{
1266b1e1 176 return kzalloc(sizeof(struct tty_struct), GFP_KERNEL);
1da177e4
LT		 177}
178
33f0f88f
AC		 179static void tty_buffer_free_all(struct tty_struct *);
180
af9b897e
AC		 181/**
182 * free_tty_struct - free a disused tty
183 * @tty: tty struct to free
184 *
185 * Free the write buffers, tty queue and tty memory itself.
186 *
187 * Locking: none. Must be called after tty is definitely unused
188 */
189
1da177e4
LT		 190static inline void free_tty_struct(struct tty_struct *tty)
191{
192 kfree(tty->write_buf);
33f0f88f 193 tty_buffer_free_all(tty);
1da177e4
LT		 194 kfree(tty);
195}
196
197#define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
198
af9b897e
AC		 199/**
200 * tty_name - return tty naming
201 * @tty: tty structure
202 * @buf: buffer for output
203 *
204 * Convert a tty structure into a name. The name reflects the kernel
205 * naming policy and if udev is in use may not reflect user space
206 *
207 * Locking: none
208 */
209
1da177e4
LT		 210char *tty_name(struct tty_struct *tty, char *buf)
211{
212 if (!tty) /* Hmm. NULL pointer. That's fun. */
213 strcpy(buf, "NULL tty");
214 else
215 strcpy(buf, tty->name);
216 return buf;
217}
218
219EXPORT_SYMBOL(tty_name);
220
d769a669 221int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
1da177e4
LT		 222 const char *routine)
223{
224#ifdef TTY_PARANOIA_CHECK
225 if (!tty) {
226 printk(KERN_WARNING
227 "null TTY for (%d:%d) in %s\n",
228 imajor(inode), iminor(inode), routine);
229 return 1;
230 }
231 if (tty->magic != TTY_MAGIC) {
232 printk(KERN_WARNING
233 "bad magic number for tty struct (%d:%d) in %s\n",
234 imajor(inode), iminor(inode), routine);
235 return 1;
236 }
237#endif
238 return 0;
239}
240
241static int check_tty_count(struct tty_struct *tty, const char *routine)
242{
243#ifdef CHECK_TTY_COUNT
244 struct list_head *p;
245 int count = 0;
246
247 file_list_lock();
248 list_for_each(p, &tty->tty_files) {
249 count++;
250 }
251 file_list_unlock();
252 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
253 tty->driver->subtype == PTY_TYPE_SLAVE &&
254 tty->link && tty->link->count)
255 count++;
256 if (tty->count != count) {
257 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
258 "!= #fd's(%d) in %s\n",
259 tty->name, tty->count, count, routine);
260 return count;
24ec839c 261 }
1da177e4
LT		 262#endif
263 return 0;
264}
265
33f0f88f
AC		 266/*
267 * Tty buffer allocation management
268 */
269
af9b897e
AC		 270/**
271 * tty_buffer_free_all - free buffers used by a tty
272 * @tty: tty to free from
273 *
274 * Remove all the buffers pending on a tty whether queued with data
275 * or in the free ring. Must be called when the tty is no longer in use
276 *
277 * Locking: none
278 */
279
33f0f88f
AC		 280static void tty_buffer_free_all(struct tty_struct *tty)
281{
282 struct tty_buffer *thead;
283 while((thead = tty->buf.head) != NULL) {
284 tty->buf.head = thead->next;
285 kfree(thead);
286 }
287 while((thead = tty->buf.free) != NULL) {
288 tty->buf.free = thead->next;
289 kfree(thead);
290 }
291 tty->buf.tail = NULL;
01da5fd8 292 tty->buf.memory_used = 0;
33f0f88f
AC		 293}
294
01da5fd8
AC		 295/**
296 * tty_buffer_init - prepare a tty buffer structure
297 * @tty: tty to initialise
298 *
299 * Set up the initial state of the buffer management for a tty device.
300 * Must be called before the other tty buffer functions are used.
301 *
302 * Locking: none
303 */
304
33f0f88f
AC		 305static void tty_buffer_init(struct tty_struct *tty)
306{
808249ce 307 spin_lock_init(&tty->buf.lock);
33f0f88f
AC		 308 tty->buf.head = NULL;
309 tty->buf.tail = NULL;
310 tty->buf.free = NULL;
01da5fd8 311 tty->buf.memory_used = 0;
33f0f88f
AC		 312}
313
01da5fd8
AC		 314/**
315 * tty_buffer_alloc - allocate a tty buffer
316 * @tty: tty device
317 * @size: desired size (characters)
318 *
319 * Allocate a new tty buffer to hold the desired number of characters.
320 * Return NULL if out of memory or the allocation would exceed the
321 * per device queue
322 *
323 * Locking: Caller must hold tty->buf.lock
324 */
325
326static struct tty_buffer *tty_buffer_alloc(struct tty_struct *tty, size_t size)
33f0f88f 327{
01da5fd8
AC		 328 struct tty_buffer *p;
329
330 if (tty->buf.memory_used + size > 65536)
331 return NULL;
332 p = kmalloc(sizeof(struct tty_buffer) + 2 * size, GFP_ATOMIC);
33f0f88f
AC		 333 if(p == NULL)
334 return NULL;
335 p->used = 0;
336 p->size = size;
337 p->next = NULL;
8977d929
PF		 338 p->commit = 0;
339 p->read = 0;
33f0f88f
AC		 340 p->char_buf_ptr = (char *)(p->data);
341 p->flag_buf_ptr = (unsigned char *)p->char_buf_ptr + size;
01da5fd8 342 tty->buf.memory_used += size;
33f0f88f
AC		 343 return p;
344}
345
01da5fd8
AC		 346/**
347 * tty_buffer_free - free a tty buffer
348 * @tty: tty owning the buffer
349 * @b: the buffer to free
350 *
351 * Free a tty buffer, or add it to the free list according to our
352 * internal strategy
353 *
354 * Locking: Caller must hold tty->buf.lock
355 */
33f0f88f
AC		 356
357static void tty_buffer_free(struct tty_struct *tty, struct tty_buffer *b)
358{
359 /* Dumb strategy for now - should keep some stats */
01da5fd8
AC		 360 tty->buf.memory_used -= b->size;
361 WARN_ON(tty->buf.memory_used < 0);
362
33f0f88f
AC		 363 if(b->size >= 512)
364 kfree(b);
365 else {
366 b->next = tty->buf.free;
367 tty->buf.free = b;
368 }
369}
370
c5c34d48
PF		 371/**
372 * tty_buffer_flush - flush full tty buffers
373 * @tty: tty to flush
374 *
375 * flush all the buffers containing receive data
376 *
377 * Locking: none
378 */
379
380static void tty_buffer_flush(struct tty_struct *tty)
381{
382 struct tty_buffer *thead;
383 unsigned long flags;
384
385 spin_lock_irqsave(&tty->buf.lock, flags);
386 while((thead = tty->buf.head) != NULL) {
387 tty->buf.head = thead->next;
388 tty_buffer_free(tty, thead);
389 }
390 tty->buf.tail = NULL;
391 spin_unlock_irqrestore(&tty->buf.lock, flags);
392}
393
01da5fd8
AC		 394/**
395 * tty_buffer_find - find a free tty buffer
396 * @tty: tty owning the buffer
397 * @size: characters wanted
398 *
399 * Locate an existing suitable tty buffer or if we are lacking one then
400 * allocate a new one. We round our buffers off in 256 character chunks
401 * to get better allocation behaviour.
402 *
403 * Locking: Caller must hold tty->buf.lock
404 */
405
33f0f88f
AC		 406static struct tty_buffer *tty_buffer_find(struct tty_struct *tty, size_t size)
407{
408 struct tty_buffer **tbh = &tty->buf.free;
409 while((*tbh) != NULL) {
410 struct tty_buffer *t = *tbh;
411 if(t->size >= size) {
412 *tbh = t->next;
413 t->next = NULL;
414 t->used = 0;
8977d929
PF		 415 t->commit = 0;
416 t->read = 0;
01da5fd8 417 tty->buf.memory_used += t->size;
33f0f88f
AC		 418 return t;
419 }
420 tbh = &((*tbh)->next);
421 }
422 /* Round the buffer size out */
423 size = (size + 0xFF) & ~ 0xFF;
01da5fd8 424 return tty_buffer_alloc(tty, size);
33f0f88f
AC		 425 /* Should possibly check if this fails for the largest buffer we
426 have queued and recycle that ? */
427}
428
01da5fd8
AC		 429/**
430 * tty_buffer_request_room - grow tty buffer if needed
431 * @tty: tty structure
432 * @size: size desired
433 *
434 * Make at least size bytes of linear space available for the tty
435 * buffer. If we fail return the size we managed to find.
436 *
437 * Locking: Takes tty->buf.lock
438 */
33f0f88f
AC		 439int tty_buffer_request_room(struct tty_struct *tty, size_t size)
440{
808249ce
PF		 441 struct tty_buffer *b, *n;
442 int left;
443 unsigned long flags;
444
445 spin_lock_irqsave(&tty->buf.lock, flags);
33f0f88f
AC		 446
447 /* OPTIMISATION: We could keep a per tty "zero" sized buffer to
448 remove this conditional if its worth it. This would be invisible
449 to the callers */
33b37a33 450 if ((b = tty->buf.tail) != NULL)
33f0f88f 451 left = b->size - b->used;
33b37a33 452 else
808249ce
PF		 453 left = 0;
454
455 if (left < size) {
456 /* This is the slow path - looking for new buffers to use */
457 if ((n = tty_buffer_find(tty, size)) != NULL) {
458 if (b != NULL) {
459 b->next = n;
8977d929 460 b->commit = b->used;
808249ce
PF		 461 } else
462 tty->buf.head = n;
463 tty->buf.tail = n;
808249ce
PF		 464 } else
465 size = left;
466 }
467
468 spin_unlock_irqrestore(&tty->buf.lock, flags);
33f0f88f
AC		 469 return size;
470}
33f0f88f
AC		 471EXPORT_SYMBOL_GPL(tty_buffer_request_room);
472
af9b897e
AC		 473/**
474 * tty_insert_flip_string - Add characters to the tty buffer
475 * @tty: tty structure
476 * @chars: characters
477 * @size: size
478 *
479 * Queue a series of bytes to the tty buffering. All the characters
480 * passed are marked as without error. Returns the number added.
481 *
482 * Locking: Called functions may take tty->buf.lock
483 */
484
e1a25090
AM		 485int tty_insert_flip_string(struct tty_struct *tty, const unsigned char *chars,
486 size_t size)
33f0f88f
AC		 487{
488 int copied = 0;
489 do {
490 int space = tty_buffer_request_room(tty, size - copied);
491 struct tty_buffer *tb = tty->buf.tail;
492 /* If there is no space then tb may be NULL */
493 if(unlikely(space == 0))
494 break;
495 memcpy(tb->char_buf_ptr + tb->used, chars, space);
496 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
497 tb->used += space;
498 copied += space;
499 chars += space;
527063ba
AD		 500 /* There is a small chance that we need to split the data over
501 several buffers. If this is the case we must loop */
502 } while (unlikely(size > copied));
33f0f88f
AC		 503 return copied;
504}
ee37df78 505EXPORT_SYMBOL(tty_insert_flip_string);
33f0f88f 506
af9b897e
AC		 507/**
508 * tty_insert_flip_string_flags - Add characters to the tty buffer
509 * @tty: tty structure
510 * @chars: characters
511 * @flags: flag bytes
512 * @size: size
513 *
514 * Queue a series of bytes to the tty buffering. For each character
515 * the flags array indicates the status of the character. Returns the
516 * number added.
517 *
518 * Locking: Called functions may take tty->buf.lock
519 */
520
e1a25090
AM		 521int tty_insert_flip_string_flags(struct tty_struct *tty,
522 const unsigned char *chars, const char *flags, size_t size)
33f0f88f
AC		 523{
524 int copied = 0;
525 do {
526 int space = tty_buffer_request_room(tty, size - copied);
527 struct tty_buffer *tb = tty->buf.tail;
528 /* If there is no space then tb may be NULL */
529 if(unlikely(space == 0))
530 break;
531 memcpy(tb->char_buf_ptr + tb->used, chars, space);
532 memcpy(tb->flag_buf_ptr + tb->used, flags, space);
533 tb->used += space;
534 copied += space;
535 chars += space;
536 flags += space;
527063ba
AD		 537 /* There is a small chance that we need to split the data over
538 several buffers. If this is the case we must loop */
539 } while (unlikely(size > copied));
33f0f88f
AC		 540 return copied;
541}
ff4547f4 542EXPORT_SYMBOL(tty_insert_flip_string_flags);
33f0f88f 543
af9b897e
AC		 544/**
545 * tty_schedule_flip - push characters to ldisc
546 * @tty: tty to push from
547 *
548 * Takes any pending buffers and transfers their ownership to the
549 * ldisc side of the queue. It then schedules those characters for
550 * processing by the line discipline.
551 *
552 * Locking: Takes tty->buf.lock
553 */
554
e1a25090
AM		 555void tty_schedule_flip(struct tty_struct *tty)
556{
557 unsigned long flags;
558 spin_lock_irqsave(&tty->buf.lock, flags);
33b37a33 559 if (tty->buf.tail != NULL)
e1a25090 560 tty->buf.tail->commit = tty->buf.tail->used;
e1a25090
AM		 561 spin_unlock_irqrestore(&tty->buf.lock, flags);
562 schedule_delayed_work(&tty->buf.work, 1);
563}
564EXPORT_SYMBOL(tty_schedule_flip);
33f0f88f 565
af9b897e
AC		 566/**
567 * tty_prepare_flip_string - make room for characters
568 * @tty: tty
569 * @chars: return pointer for character write area
570 * @size: desired size
571 *
33f0f88f
AC		 572 * Prepare a block of space in the buffer for data. Returns the length
573 * available and buffer pointer to the space which is now allocated and
574 * accounted for as ready for normal characters. This is used for drivers
575 * that need their own block copy routines into the buffer. There is no
576 * guarantee the buffer is a DMA target!
af9b897e
AC		 577 *
578 * Locking: May call functions taking tty->buf.lock
33f0f88f
AC		 579 */
580
581int tty_prepare_flip_string(struct tty_struct *tty, unsigned char **chars, size_t size)
582{
583 int space = tty_buffer_request_room(tty, size);
808249ce
PF		 584 if (likely(space)) {
585 struct tty_buffer *tb = tty->buf.tail;
586 *chars = tb->char_buf_ptr + tb->used;
587 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
588 tb->used += space;
589 }
33f0f88f
AC		 590 return space;
591}
592
593EXPORT_SYMBOL_GPL(tty_prepare_flip_string);
594
af9b897e
AC		 595/**
596 * tty_prepare_flip_string_flags - make room for characters
597 * @tty: tty
598 * @chars: return pointer for character write area
599 * @flags: return pointer for status flag write area
600 * @size: desired size
601 *
33f0f88f
AC		 602 * Prepare a block of space in the buffer for data. Returns the length
603 * available and buffer pointer to the space which is now allocated and
604 * accounted for as ready for characters. This is used for drivers
605 * that need their own block copy routines into the buffer. There is no
606 * guarantee the buffer is a DMA target!
af9b897e
AC		 607 *
608 * Locking: May call functions taking tty->buf.lock
33f0f88f
AC		 609 */
610
611int tty_prepare_flip_string_flags(struct tty_struct *tty, unsigned char **chars, char **flags, size_t size)
612{
613 int space = tty_buffer_request_room(tty, size);
808249ce
PF		 614 if (likely(space)) {
615 struct tty_buffer *tb = tty->buf.tail;
616 *chars = tb->char_buf_ptr + tb->used;
617 *flags = tb->flag_buf_ptr + tb->used;
618 tb->used += space;
619 }
33f0f88f
AC		 620 return space;
621}
622
623EXPORT_SYMBOL_GPL(tty_prepare_flip_string_flags);
624
625
626
af9b897e
AC		 627/**
628 * tty_set_termios_ldisc - set ldisc field
629 * @tty: tty structure
630 * @num: line discipline number
631 *
1da177e4
LT		 632 * This is probably overkill for real world processors but
633 * they are not on hot paths so a little discipline won't do
634 * any harm.
af9b897e 635 *
24ec839c 636 * Locking: takes termios_mutex
1da177e4
LT		 637 */
638
639static void tty_set_termios_ldisc(struct tty_struct *tty, int num)
640{
5785c95b 641 mutex_lock(&tty->termios_mutex);
1da177e4 642 tty->termios->c_line = num;
5785c95b 643 mutex_unlock(&tty->termios_mutex);
1da177e4
LT		 644}
645
646/*
647 * This guards the refcounted line discipline lists. The lock
648 * must be taken with irqs off because there are hangup path
649 * callers who will do ldisc lookups and cannot sleep.
650 */
651
652static DEFINE_SPINLOCK(tty_ldisc_lock);
653static DECLARE_WAIT_QUEUE_HEAD(tty_ldisc_wait);
bfb07599 654static struct tty_ldisc tty_ldiscs[NR_LDISCS]; /* line disc dispatch table */
1da177e4 655
af9b897e
AC		 656/**
657 * tty_register_ldisc - install a line discipline
658 * @disc: ldisc number
659 * @new_ldisc: pointer to the ldisc object
660 *
661 * Installs a new line discipline into the kernel. The discipline
662 * is set up as unreferenced and then made available to the kernel
663 * from this point onwards.
664 *
665 * Locking:
666 * takes tty_ldisc_lock to guard against ldisc races
667 */
668
1da177e4
LT		 669int tty_register_ldisc(int disc, struct tty_ldisc *new_ldisc)
670{
671 unsigned long flags;
672 int ret = 0;
673
674 if (disc < N_TTY || disc >= NR_LDISCS)
675 return -EINVAL;
676
677 spin_lock_irqsave(&tty_ldisc_lock, flags);
bfb07599
AD		 678 tty_ldiscs[disc] = *new_ldisc;
679 tty_ldiscs[disc].num = disc;
680 tty_ldiscs[disc].flags |= LDISC_FLAG_DEFINED;
681 tty_ldiscs[disc].refcount = 0;
1da177e4
LT		 682 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
683
684 return ret;
685}
1da177e4
LT		 686EXPORT_SYMBOL(tty_register_ldisc);
687
af9b897e
AC		 688/**
689 * tty_unregister_ldisc - unload a line discipline
690 * @disc: ldisc number
691 * @new_ldisc: pointer to the ldisc object
692 *
693 * Remove a line discipline from the kernel providing it is not
694 * currently in use.
695 *
696 * Locking:
697 * takes tty_ldisc_lock to guard against ldisc races
698 */
699
bfb07599
AD		 700int tty_unregister_ldisc(int disc)
701{
702 unsigned long flags;
703 int ret = 0;
704
705 if (disc < N_TTY || disc >= NR_LDISCS)
706 return -EINVAL;
707
708 spin_lock_irqsave(&tty_ldisc_lock, flags);
709 if (tty_ldiscs[disc].refcount)
710 ret = -EBUSY;
711 else
712 tty_ldiscs[disc].flags &= ~LDISC_FLAG_DEFINED;
713 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
714
715 return ret;
716}
717EXPORT_SYMBOL(tty_unregister_ldisc);
718
af9b897e
AC		 719/**
720 * tty_ldisc_get - take a reference to an ldisc
721 * @disc: ldisc number
722 *
723 * Takes a reference to a line discipline. Deals with refcounts and
724 * module locking counts. Returns NULL if the discipline is not available.
725 * Returns a pointer to the discipline and bumps the ref count if it is
726 * available
727 *
728 * Locking:
729 * takes tty_ldisc_lock to guard against ldisc races
730 */
731
1da177e4
LT		 732struct tty_ldisc *tty_ldisc_get(int disc)
733{
734 unsigned long flags;
735 struct tty_ldisc *ld;
736
737 if (disc < N_TTY || disc >= NR_LDISCS)
738 return NULL;
739
740 spin_lock_irqsave(&tty_ldisc_lock, flags);
741
742 ld = &tty_ldiscs[disc];
743 /* Check the entry is defined */
744 if(ld->flags & LDISC_FLAG_DEFINED)
745 {
746 /* If the module is being unloaded we can't use it */
747 if (!try_module_get(ld->owner))
748 ld = NULL;
749 else /* lock it */
750 ld->refcount++;
751 }
752 else
753 ld = NULL;
754 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
755 return ld;
756}
757
758EXPORT_SYMBOL_GPL(tty_ldisc_get);
759
af9b897e
AC		 760/**
761 * tty_ldisc_put - drop ldisc reference
762 * @disc: ldisc number
763 *
764 * Drop a reference to a line discipline. Manage refcounts and
765 * module usage counts
766 *
767 * Locking:
768 * takes tty_ldisc_lock to guard against ldisc races
769 */
770
1da177e4
LT		 771void tty_ldisc_put(int disc)
772{
773 struct tty_ldisc *ld;
774 unsigned long flags;
775
56ee4827 776 BUG_ON(disc < N_TTY || disc >= NR_LDISCS);
1da177e4
LT		 777
778 spin_lock_irqsave(&tty_ldisc_lock, flags);
779 ld = &tty_ldiscs[disc];
56ee4827
ES		 780 BUG_ON(ld->refcount == 0);
781 ld->refcount--;
1da177e4
LT		 782 module_put(ld->owner);
783 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
784}
785
786EXPORT_SYMBOL_GPL(tty_ldisc_put);
787
af9b897e
AC		 788/**
789 * tty_ldisc_assign - set ldisc on a tty
790 * @tty: tty to assign
791 * @ld: line discipline
792 *
793 * Install an instance of a line discipline into a tty structure. The
794 * ldisc must have a reference count above zero to ensure it remains/
795 * The tty instance refcount starts at zero.
796 *
797 * Locking:
798 * Caller must hold references
799 */
800
1da177e4
LT		 801static void tty_ldisc_assign(struct tty_struct *tty, struct tty_ldisc *ld)
802{
803 tty->ldisc = *ld;
804 tty->ldisc.refcount = 0;
805}
806
807/**
808 * tty_ldisc_try - internal helper
809 * @tty: the tty
810 *
811 * Make a single attempt to grab and bump the refcount on
812 * the tty ldisc. Return 0 on failure or 1 on success. This is
813 * used to implement both the waiting and non waiting versions
814 * of tty_ldisc_ref
af9b897e
AC		 815 *
816 * Locking: takes tty_ldisc_lock
1da177e4
LT		 817 */
818
819static int tty_ldisc_try(struct tty_struct *tty)
820{
821 unsigned long flags;
822 struct tty_ldisc *ld;
823 int ret = 0;
824
825 spin_lock_irqsave(&tty_ldisc_lock, flags);
826 ld = &tty->ldisc;
827 if(test_bit(TTY_LDISC, &tty->flags))
828 {
829 ld->refcount++;
830 ret = 1;
831 }
832 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
833 return ret;
834}
835
836/**
837 * tty_ldisc_ref_wait - wait for the tty ldisc
838 * @tty: tty device
839 *
840 * Dereference the line discipline for the terminal and take a
841 * reference to it. If the line discipline is in flux then
842 * wait patiently until it changes.
843 *
844 * Note: Must not be called from an IRQ/timer context. The caller
845 * must also be careful not to hold other locks that will deadlock
846 * against a discipline change, such as an existing ldisc reference
847 * (which we check for)
af9b897e
AC		 848 *
849 * Locking: call functions take tty_ldisc_lock
1da177e4
LT		 850 */
851
852struct tty_ldisc *tty_ldisc_ref_wait(struct tty_struct *tty)
853{
854 /* wait_event is a macro */
855 wait_event(tty_ldisc_wait, tty_ldisc_try(tty));
856 if(tty->ldisc.refcount == 0)
857 printk(KERN_ERR "tty_ldisc_ref_wait\n");
858 return &tty->ldisc;
859}
860
861EXPORT_SYMBOL_GPL(tty_ldisc_ref_wait);
862
863/**
864 * tty_ldisc_ref - get the tty ldisc
865 * @tty: tty device
866 *
867 * Dereference the line discipline for the terminal and take a
868 * reference to it. If the line discipline is in flux then
869 * return NULL. Can be called from IRQ and timer functions.
af9b897e
AC		 870 *
871 * Locking: called functions take tty_ldisc_lock
1da177e4
LT		 872 */
873
874struct tty_ldisc *tty_ldisc_ref(struct tty_struct *tty)
875{
876 if(tty_ldisc_try(tty))
877 return &tty->ldisc;
878 return NULL;
879}
880
881EXPORT_SYMBOL_GPL(tty_ldisc_ref);
882
883/**
884 * tty_ldisc_deref - free a tty ldisc reference
885 * @ld: reference to free up
886 *
887 * Undoes the effect of tty_ldisc_ref or tty_ldisc_ref_wait. May
888 * be called in IRQ context.
af9b897e
AC		 889 *
890 * Locking: takes tty_ldisc_lock
1da177e4
LT		 891 */
892
893void tty_ldisc_deref(struct tty_ldisc *ld)
894{
895 unsigned long flags;
896
56ee4827 897 BUG_ON(ld == NULL);
1da177e4
LT		 898
899 spin_lock_irqsave(&tty_ldisc_lock, flags);
900 if(ld->refcount == 0)
901 printk(KERN_ERR "tty_ldisc_deref: no references.\n");
902 else
903 ld->refcount--;
904 if(ld->refcount == 0)
905 wake_up(&tty_ldisc_wait);
906 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
907}
908
909EXPORT_SYMBOL_GPL(tty_ldisc_deref);
910
911/**
912 * tty_ldisc_enable - allow ldisc use
913 * @tty: terminal to activate ldisc on
914 *
915 * Set the TTY_LDISC flag when the line discipline can be called
916 * again. Do neccessary wakeups for existing sleepers.
917 *
918 * Note: nobody should set this bit except via this function. Clearing
919 * directly is allowed.
920 */
921
922static void tty_ldisc_enable(struct tty_struct *tty)
923{
924 set_bit(TTY_LDISC, &tty->flags);
925 wake_up(&tty_ldisc_wait);
926}
927
928/**
929 * tty_set_ldisc - set line discipline
930 * @tty: the terminal to set
931 * @ldisc: the line discipline
932 *
933 * Set the discipline of a tty line. Must be called from a process
934 * context.
af9b897e
AC		 935 *
936 * Locking: takes tty_ldisc_lock.
24ec839c 937 * called functions take termios_mutex
1da177e4
LT		 938 */
939
940static int tty_set_ldisc(struct tty_struct *tty, int ldisc)
941{
ff55fe20
JB		 942 int retval = 0;
943 struct tty_ldisc o_ldisc;
1da177e4
LT		 944 char buf[64];
945 int work;
946 unsigned long flags;
947 struct tty_ldisc *ld;
ff55fe20 948 struct tty_struct *o_tty;
1da177e4
LT		 949
950 if ((ldisc < N_TTY) || (ldisc >= NR_LDISCS))
951 return -EINVAL;
952
953restart:
954
1da177e4
LT		 955 ld = tty_ldisc_get(ldisc);
956 /* Eduardo Blanco <ejbs@cs.cs.com.uy> */
957 /* Cyrus Durgin <cider@speakeasy.org> */
958 if (ld == NULL) {
959 request_module("tty-ldisc-%d", ldisc);
960 ld = tty_ldisc_get(ldisc);
961 }
962 if (ld == NULL)
963 return -EINVAL;
964
33f0f88f
AC		 965 /*
966 * Problem: What do we do if this blocks ?
967 */
968
1da177e4
LT		 969 tty_wait_until_sent(tty, 0);
970
ff55fe20
JB		 971 if (tty->ldisc.num == ldisc) {
972 tty_ldisc_put(ldisc);
973 return 0;
974 }
975
ae030e43
PF		 976 /*
977 * No more input please, we are switching. The new ldisc
978 * will update this value in the ldisc open function
979 */
980
981 tty->receive_room = 0;
982
ff55fe20
JB		 983 o_ldisc = tty->ldisc;
984 o_tty = tty->link;
985
1da177e4
LT		 986 /*
987 * Make sure we don't change while someone holds a
988 * reference to the line discipline. The TTY_LDISC bit
989 * prevents anyone taking a reference once it is clear.
990 * We need the lock to avoid racing reference takers.
991 */
ff55fe20 992
1da177e4 993 spin_lock_irqsave(&tty_ldisc_lock, flags);
ff55fe20
JB		 994 if (tty->ldisc.refcount || (o_tty && o_tty->ldisc.refcount)) {
995 if(tty->ldisc.refcount) {
996 /* Free the new ldisc we grabbed. Must drop the lock
997 first. */
998 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
999 tty_ldisc_put(ldisc);
1000 /*
1001 * There are several reasons we may be busy, including
1002 * random momentary I/O traffic. We must therefore
1003 * retry. We could distinguish between blocking ops
1004 * and retries if we made tty_ldisc_wait() smarter. That
1005 * is up for discussion.
1006 */
1007 if (wait_event_interruptible(tty_ldisc_wait, tty->ldisc.refcount == 0) < 0)
1008 return -ERESTARTSYS;
1009 goto restart;
1010 }
1011 if(o_tty && o_tty->ldisc.refcount) {
1012 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1013 tty_ldisc_put(ldisc);
1014 if (wait_event_interruptible(tty_ldisc_wait, o_tty->ldisc.refcount == 0) < 0)
1015 return -ERESTARTSYS;
1016 goto restart;
1017 }
1018 }
1019
1020 /* if the TTY_LDISC bit is set, then we are racing against another ldisc change */
1021
1022 if (!test_bit(TTY_LDISC, &tty->flags)) {
1da177e4
LT		 1023 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1024 tty_ldisc_put(ldisc);
ff55fe20
JB		 1025 ld = tty_ldisc_ref_wait(tty);
1026 tty_ldisc_deref(ld);
1da177e4
LT		 1027 goto restart;
1028 }
ff55fe20
JB		 1029
1030 clear_bit(TTY_LDISC, &tty->flags);
817d6d3b 1031 if (o_tty)
ff55fe20 1032 clear_bit(TTY_LDISC, &o_tty->flags);
1da177e4 1033 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
ff55fe20 1034
1da177e4
LT		 1035 /*
1036 * From this point on we know nobody has an ldisc
1037 * usage reference, nor can they obtain one until
1038 * we say so later on.
1039 */
ff55fe20 1040
33f0f88f 1041 work = cancel_delayed_work(&tty->buf.work);
1da177e4 1042 /*
33f0f88f 1043 * Wait for ->hangup_work and ->buf.work handlers to terminate
1da177e4
LT		 1044 */
1045
1046 flush_scheduled_work();
1047 /* Shutdown the current discipline. */
1048 if (tty->ldisc.close)
1049 (tty->ldisc.close)(tty);
1050
1051 /* Now set up the new line discipline. */
1052 tty_ldisc_assign(tty, ld);
1053 tty_set_termios_ldisc(tty, ldisc);
1054 if (tty->ldisc.open)
1055 retval = (tty->ldisc.open)(tty);
1056 if (retval < 0) {
1057 tty_ldisc_put(ldisc);
1058 /* There is an outstanding reference here so this is safe */
1059 tty_ldisc_assign(tty, tty_ldisc_get(o_ldisc.num));
1060 tty_set_termios_ldisc(tty, tty->ldisc.num);
1061 if (tty->ldisc.open && (tty->ldisc.open(tty) < 0)) {
1062 tty_ldisc_put(o_ldisc.num);
1063 /* This driver is always present */
1064 tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
1065 tty_set_termios_ldisc(tty, N_TTY);
1066 if (tty->ldisc.open) {
1067 int r = tty->ldisc.open(tty);
1068
1069 if (r < 0)
1070 panic("Couldn't open N_TTY ldisc for "
1071 "%s --- error %d.",
1072 tty_name(tty, buf), r);
1073 }
1074 }
1075 }
1076 /* At this point we hold a reference to the new ldisc and a
1077 a reference to the old ldisc. If we ended up flipping back
1078 to the existing ldisc we have two references to it */
1079
1080 if (tty->ldisc.num != o_ldisc.num && tty->driver->set_ldisc)
1081 tty->driver->set_ldisc(tty);
1082
1083 tty_ldisc_put(o_ldisc.num);
1084
1085 /*
1086 * Allow ldisc referencing to occur as soon as the driver
1087 * ldisc callback completes.
1088 */
1089
1090 tty_ldisc_enable(tty);
ff55fe20
JB		 1091 if (o_tty)
1092 tty_ldisc_enable(o_tty);
1da177e4
LT		 1093
1094 /* Restart it in case no characters kick it off. Safe if
1095 already running */
ff55fe20 1096 if (work)
33f0f88f 1097 schedule_delayed_work(&tty->buf.work, 1);
1da177e4
LT		 1098 return retval;
1099}
1100
af9b897e
AC		 1101/**
1102 * get_tty_driver - find device of a tty
1103 * @dev_t: device identifier
1104 * @index: returns the index of the tty
1105 *
1106 * This routine returns a tty driver structure, given a device number
1107 * and also passes back the index number.
1108 *
1109 * Locking: caller must hold tty_mutex
1da177e4 1110 */
af9b897e 1111
1da177e4
LT		 1112static struct tty_driver *get_tty_driver(dev_t device, int *index)
1113{
1114 struct tty_driver *p;
1115
1116 list_for_each_entry(p, &tty_drivers, tty_drivers) {
1117 dev_t base = MKDEV(p->major, p->minor_start);
1118 if (device < base || device >= base + p->num)
1119 continue;
1120 *index = device - base;
1121 return p;
1122 }
1123 return NULL;
1124}
1125
af9b897e
AC		 1126/**
1127 * tty_check_change - check for POSIX terminal changes
1128 * @tty: tty to check
1129 *
1130 * If we try to write to, or set the state of, a terminal and we're
1131 * not in the foreground, send a SIGTTOU. If the signal is blocked or
1132 * ignored, go ahead and perform the operation. (POSIX 7.2)
1133 *
1134 * Locking: none
1da177e4 1135 */
af9b897e 1136
1da177e4
LT		 1137int tty_check_change(struct tty_struct * tty)
1138{
1139 if (current->signal->tty != tty)
1140 return 0;
ab521dc0
EB		 1141 if (!tty->pgrp) {
1142 printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n");
1da177e4
LT		 1143 return 0;
1144 }
ab521dc0 1145 if (task_pgrp(current) == tty->pgrp)
1da177e4
LT		 1146 return 0;
1147 if (is_ignored(SIGTTOU))
1148 return 0;
3e7cd6c4 1149 if (is_current_pgrp_orphaned())
1da177e4 1150 return -EIO;
040b6362
ON		 1151 kill_pgrp(task_pgrp(current), SIGTTOU, 1);
1152 set_thread_flag(TIF_SIGPENDING);
1da177e4
LT		 1153 return -ERESTARTSYS;
1154}
1155
1156EXPORT_SYMBOL(tty_check_change);
1157
1158static ssize_t hung_up_tty_read(struct file * file, char __user * buf,
1159 size_t count, loff_t *ppos)
1160{
1161 return 0;
1162}
1163
1164static ssize_t hung_up_tty_write(struct file * file, const char __user * buf,
1165 size_t count, loff_t *ppos)
1166{
1167 return -EIO;
1168}
1169
1170/* No kernel lock held - none needed ;) */
1171static unsigned int hung_up_tty_poll(struct file * filp, poll_table * wait)
1172{
1173 return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
1174}
1175
38ad2ed0
PF		 1176static int hung_up_tty_ioctl(struct inode * inode, struct file * file,
1177 unsigned int cmd, unsigned long arg)
1178{
1179 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
1180}
1181
1182static long hung_up_tty_compat_ioctl(struct file * file,
1183 unsigned int cmd, unsigned long arg)
1da177e4
LT		 1184{
1185 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
1186}
1187
62322d25 1188static const struct file_operations tty_fops = {
1da177e4
LT		 1189 .llseek = no_llseek,
1190 .read = tty_read,
1191 .write = tty_write,
1192 .poll = tty_poll,
1193 .ioctl = tty_ioctl,
e10cc1df 1194 .compat_ioctl = tty_compat_ioctl,
1da177e4
LT		 1195 .open = tty_open,
1196 .release = tty_release,
1197 .fasync = tty_fasync,
1198};
1199
1200#ifdef CONFIG_UNIX98_PTYS
62322d25 1201static const struct file_operations ptmx_fops = {
1da177e4
LT		 1202 .llseek = no_llseek,
1203 .read = tty_read,
1204 .write = tty_write,
1205 .poll = tty_poll,
1206 .ioctl = tty_ioctl,
e10cc1df 1207 .compat_ioctl = tty_compat_ioctl,
1da177e4
LT		 1208 .open = ptmx_open,
1209 .release = tty_release,
1210 .fasync = tty_fasync,
1211};
1212#endif
1213
62322d25 1214static const struct file_operations console_fops = {
1da177e4
LT		 1215 .llseek = no_llseek,
1216 .read = tty_read,
1217 .write = redirected_tty_write,
1218 .poll = tty_poll,
1219 .ioctl = tty_ioctl,
e10cc1df 1220 .compat_ioctl = tty_compat_ioctl,
1da177e4
LT		 1221 .open = tty_open,
1222 .release = tty_release,
1223 .fasync = tty_fasync,
1224};
1225
62322d25 1226static const struct file_operations hung_up_tty_fops = {
1da177e4
LT		 1227 .llseek = no_llseek,
1228 .read = hung_up_tty_read,
1229 .write = hung_up_tty_write,
1230 .poll = hung_up_tty_poll,
38ad2ed0
PF		 1231 .ioctl = hung_up_tty_ioctl,
1232 .compat_ioctl = hung_up_tty_compat_ioctl,
1da177e4
LT		 1233 .release = tty_release,
1234};
1235
1236static DEFINE_SPINLOCK(redirect_lock);
1237static struct file *redirect;
1238
1239/**
1240 * tty_wakeup - request more data
1241 * @tty: terminal
1242 *
1243 * Internal and external helper for wakeups of tty. This function
1244 * informs the line discipline if present that the driver is ready
1245 * to receive more output data.
1246 */
1247
1248void tty_wakeup(struct tty_struct *tty)
1249{
1250 struct tty_ldisc *ld;
1251
1252 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
1253 ld = tty_ldisc_ref(tty);
1254 if(ld) {
1255 if(ld->write_wakeup)
1256 ld->write_wakeup(tty);
1257 tty_ldisc_deref(ld);
1258 }
1259 }
1260 wake_up_interruptible(&tty->write_wait);
1261}
1262
1263EXPORT_SYMBOL_GPL(tty_wakeup);
1264
1265/**
1266 * tty_ldisc_flush - flush line discipline queue
1267 * @tty: tty
1268 *
1269 * Flush the line discipline queue (if any) for this tty. If there
1270 * is no line discipline active this is a no-op.
1271 */
1272
1273void tty_ldisc_flush(struct tty_struct *tty)
1274{
1275 struct tty_ldisc *ld = tty_ldisc_ref(tty);
1276 if(ld) {
1277 if(ld->flush_buffer)
1278 ld->flush_buffer(tty);
1279 tty_ldisc_deref(ld);
1280 }
c5c34d48 1281 tty_buffer_flush(tty);
1da177e4
LT		 1282}
1283
1284EXPORT_SYMBOL_GPL(tty_ldisc_flush);
edc6afc5
AC		 1285
1286/**
1287 * tty_reset_termios - reset terminal state
1288 * @tty: tty to reset
1289 *
1290 * Restore a terminal to the driver default state
1291 */
1292
1293static void tty_reset_termios(struct tty_struct *tty)
1294{
1295 mutex_lock(&tty->termios_mutex);
1296 *tty->termios = tty->driver->init_termios;
1297 tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
1298 tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
1299 mutex_unlock(&tty->termios_mutex);
1300}
1da177e4 1301
af9b897e
AC		 1302/**
1303 * do_tty_hangup - actual handler for hangup events
65f27f38 1304 * @work: tty device
af9b897e
AC		 1305 *
1306 * This can be called by the "eventd" kernel thread. That is process
1307 * synchronous but doesn't hold any locks, so we need to make sure we
1308 * have the appropriate locks for what we're doing.
1309 *
1310 * The hangup event clears any pending redirections onto the hung up
1311 * device. It ensures future writes will error and it does the needed
1312 * line discipline hangup and signal delivery. The tty object itself
1313 * remains intact.
1314 *
1315 * Locking:
1316 * BKL
24ec839c
PZ		 1317 * redirect lock for undoing redirection
1318 * file list lock for manipulating list of ttys
1319 * tty_ldisc_lock from called functions
1320 * termios_mutex resetting termios data
1321 * tasklist_lock to walk task list for hangup event
1322 * ->siglock to protect ->signal/->sighand
1da177e4 1323 */
65f27f38 1324static void do_tty_hangup(struct work_struct *work)
1da177e4 1325{
65f27f38
DH		 1326 struct tty_struct *tty =
1327 container_of(work, struct tty_struct, hangup_work);
1da177e4
LT		 1328 struct file * cons_filp = NULL;
1329 struct file *filp, *f = NULL;
1330 struct task_struct *p;
1331 struct tty_ldisc *ld;
1332 int closecount = 0, n;
1333
1334 if (!tty)
1335 return;
1336
1337 /* inuse_filps is protected by the single kernel lock */
1338 lock_kernel();
1339
1340 spin_lock(&redirect_lock);
1341 if (redirect && redirect->private_data == tty) {
1342 f = redirect;
1343 redirect = NULL;
1344 }
1345 spin_unlock(&redirect_lock);
1346
1347 check_tty_count(tty, "do_tty_hangup");
1348 file_list_lock();
1349 /* This breaks for file handles being sent over AF_UNIX sockets ? */
2f512016 1350 list_for_each_entry(filp, &tty->tty_files, f_u.fu_list) {
1da177e4
LT		 1351 if (filp->f_op->write == redirected_tty_write)
1352 cons_filp = filp;
1353 if (filp->f_op->write != tty_write)
1354 continue;
1355 closecount++;
1356 tty_fasync(-1, filp, 0); /* can't block */
1357 filp->f_op = &hung_up_tty_fops;
1358 }
1359 file_list_unlock();
1360
1361 /* FIXME! What are the locking issues here? This may me overdoing things..
1362 * this question is especially important now that we've removed the irqlock. */
1363
1364 ld = tty_ldisc_ref(tty);
1365 if(ld != NULL) /* We may have no line discipline at this point */
1366 {
1367 if (ld->flush_buffer)
1368 ld->flush_buffer(tty);
1369 if (tty->driver->flush_buffer)
1370 tty->driver->flush_buffer(tty);
1371 if ((test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) &&
1372 ld->write_wakeup)
1373 ld->write_wakeup(tty);
1374 if (ld->hangup)
1375 ld->hangup(tty);
1376 }
1377
1378 /* FIXME: Once we trust the LDISC code better we can wait here for
1379 ldisc completion and fix the driver call race */
1380
1381 wake_up_interruptible(&tty->write_wait);
1382 wake_up_interruptible(&tty->read_wait);
1383
1384 /*
1385 * Shutdown the current line discipline, and reset it to
1386 * N_TTY.
1387 */
1388 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
edc6afc5 1389 tty_reset_termios(tty);
1da177e4
LT		 1390
1391 /* Defer ldisc switch */
1392 /* tty_deferred_ldisc_switch(N_TTY);
1393
1394 This should get done automatically when the port closes and
1395 tty_release is called */
1396
1397 read_lock(&tasklist_lock);
ab521dc0
EB		 1398 if (tty->session) {
1399 do_each_pid_task(tty->session, PIDTYPE_SID, p) {
24ec839c 1400 spin_lock_irq(&p->sighand->siglock);
1da177e4
LT		 1401 if (p->signal->tty == tty)
1402 p->signal->tty = NULL;
24ec839c
PZ		 1403 if (!p->signal->leader) {
1404 spin_unlock_irq(&p->sighand->siglock);
1da177e4 1405 continue;
24ec839c
PZ		 1406 }
1407 __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
1408 __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
ab521dc0
EB		 1409 put_pid(p->signal->tty_old_pgrp); /* A noop */
1410 if (tty->pgrp)
1411 p->signal->tty_old_pgrp = get_pid(tty->pgrp);
24ec839c 1412 spin_unlock_irq(&p->sighand->siglock);
ab521dc0 1413 } while_each_pid_task(tty->session, PIDTYPE_SID, p);
1da177e4
LT		 1414 }
1415 read_unlock(&tasklist_lock);
1416
1417 tty->flags = 0;
d9c1e9a8
EB		 1418 put_pid(tty->session);
1419 put_pid(tty->pgrp);
ab521dc0
EB		 1420 tty->session = NULL;
1421 tty->pgrp = NULL;
1da177e4
LT		 1422 tty->ctrl_status = 0;
1423 /*
1424 * If one of the devices matches a console pointer, we
1425 * cannot just call hangup() because that will cause
1426 * tty->count and state->count to go out of sync.
1427 * So we just call close() the right number of times.
1428 */
1429 if (cons_filp) {
1430 if (tty->driver->close)
1431 for (n = 0; n < closecount; n++)
1432 tty->driver->close(tty, cons_filp);
1433 } else if (tty->driver->hangup)
1434 (tty->driver->hangup)(tty);
1435
1436 /* We don't want to have driver/ldisc interactions beyond
1437 the ones we did here. The driver layer expects no
1438 calls after ->hangup() from the ldisc side. However we
1439 can't yet guarantee all that */
1440
1441 set_bit(TTY_HUPPED, &tty->flags);
1442 if (ld) {
1443 tty_ldisc_enable(tty);
1444 tty_ldisc_deref(ld);
1445 }
1446 unlock_kernel();
1447 if (f)
1448 fput(f);
1449}
1450
af9b897e
AC		 1451/**
1452 * tty_hangup - trigger a hangup event
1453 * @tty: tty to hangup
1454 *
1455 * A carrier loss (virtual or otherwise) has occurred on this like
1456 * schedule a hangup sequence to run after this event.
1457 */
1458
1da177e4
LT		 1459void tty_hangup(struct tty_struct * tty)
1460{
1461#ifdef TTY_DEBUG_HANGUP
1462 char buf[64];
1463
1464 printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
1465#endif
1466 schedule_work(&tty->hangup_work);
1467}
1468
1469EXPORT_SYMBOL(tty_hangup);
1470
af9b897e
AC		 1471/**
1472 * tty_vhangup - process vhangup
1473 * @tty: tty to hangup
1474 *
1475 * The user has asked via system call for the terminal to be hung up.
1476 * We do this synchronously so that when the syscall returns the process
1477 * is complete. That guarantee is neccessary for security reasons.
1478 */
1479
1da177e4
LT		 1480void tty_vhangup(struct tty_struct * tty)
1481{
1482#ifdef TTY_DEBUG_HANGUP
1483 char buf[64];
1484
1485 printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
1486#endif
65f27f38 1487 do_tty_hangup(&tty->hangup_work);
1da177e4
LT		 1488}
1489EXPORT_SYMBOL(tty_vhangup);
1490
af9b897e
AC		 1491/**
1492 * tty_hung_up_p - was tty hung up
1493 * @filp: file pointer of tty
1494 *
1495 * Return true if the tty has been subject to a vhangup or a carrier
1496 * loss
1497 */
1498
1da177e4
LT		 1499int tty_hung_up_p(struct file * filp)
1500{
1501 return (filp->f_op == &hung_up_tty_fops);
1502}
1503
1504EXPORT_SYMBOL(tty_hung_up_p);
1505
522ed776
MT		 1506/**
1507 * is_tty - checker whether file is a TTY
1508 */
1509int is_tty(struct file *filp)
1510{
1511 return filp->f_op->read == tty_read
1512 || filp->f_op->read == hung_up_tty_read;
1513}
1514
ab521dc0 1515static void session_clear_tty(struct pid *session)
24ec839c
PZ		 1516{
1517 struct task_struct *p;
ab521dc0 1518 do_each_pid_task(session, PIDTYPE_SID, p) {
24ec839c 1519 proc_clear_tty(p);
ab521dc0 1520 } while_each_pid_task(session, PIDTYPE_SID, p);
24ec839c
PZ		 1521}
1522
af9b897e
AC		 1523/**
1524 * disassociate_ctty - disconnect controlling tty
1525 * @on_exit: true if exiting so need to "hang up" the session
1da177e4 1526 *
af9b897e
AC		 1527 * This function is typically called only by the session leader, when
1528 * it wants to disassociate itself from its controlling tty.
1529 *
1530 * It performs the following functions:
1da177e4
LT		 1531 * (1) Sends a SIGHUP and SIGCONT to the foreground process group
1532 * (2) Clears the tty from being controlling the session
1533 * (3) Clears the controlling tty for all processes in the
1534 * session group.
1535 *
af9b897e
AC		 1536 * The argument on_exit is set to 1 if called when a process is
1537 * exiting; it is 0 if called by the ioctl TIOCNOTTY.
1538 *
24ec839c 1539 * Locking:
af9b897e 1540 * BKL is taken for hysterical raisins
24ec839c
PZ		 1541 * tty_mutex is taken to protect tty
1542 * ->siglock is taken to protect ->signal/->sighand
1543 * tasklist_lock is taken to walk process list for sessions
1544 * ->siglock is taken to protect ->signal/->sighand
1da177e4 1545 */
af9b897e 1546
1da177e4
LT		 1547void disassociate_ctty(int on_exit)
1548{
1549 struct tty_struct *tty;
ab521dc0 1550 struct pid *tty_pgrp = NULL;
1da177e4
LT		 1551
1552 lock_kernel();
1553
70522e12 1554 mutex_lock(&tty_mutex);
24ec839c 1555 tty = get_current_tty();
1da177e4 1556 if (tty) {
ab521dc0 1557 tty_pgrp = get_pid(tty->pgrp);
70522e12 1558 mutex_unlock(&tty_mutex);
24ec839c 1559 /* XXX: here we race, there is nothing protecting tty */
1da177e4
LT		 1560 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY)
1561 tty_vhangup(tty);
680a9671 1562 } else if (on_exit) {
ab521dc0 1563 struct pid *old_pgrp;
680a9671
EB		 1564 spin_lock_irq(&current->sighand->siglock);
1565 old_pgrp = current->signal->tty_old_pgrp;
ab521dc0 1566 current->signal->tty_old_pgrp = NULL;
680a9671 1567 spin_unlock_irq(&current->sighand->siglock);
24ec839c 1568 if (old_pgrp) {
ab521dc0
EB		 1569 kill_pgrp(old_pgrp, SIGHUP, on_exit);
1570 kill_pgrp(old_pgrp, SIGCONT, on_exit);
1571 put_pid(old_pgrp);
1da177e4 1572 }
70522e12 1573 mutex_unlock(&tty_mutex);
1da177e4
LT		 1574 unlock_kernel();
1575 return;
1576 }
ab521dc0
EB		 1577 if (tty_pgrp) {
1578 kill_pgrp(tty_pgrp, SIGHUP, on_exit);
1da177e4 1579 if (!on_exit)
ab521dc0
EB		 1580 kill_pgrp(tty_pgrp, SIGCONT, on_exit);
1581 put_pid(tty_pgrp);
1da177e4
LT		 1582 }
1583
24ec839c 1584 spin_lock_irq(&current->sighand->siglock);
2a65f1d9 1585 put_pid(current->signal->tty_old_pgrp);
23cac8de 1586 current->signal->tty_old_pgrp = NULL;
24ec839c
PZ		 1587 spin_unlock_irq(&current->sighand->siglock);
1588
1589 mutex_lock(&tty_mutex);
1590 /* It is possible that do_tty_hangup has free'd this tty */
1591 tty = get_current_tty();
1592 if (tty) {
ab521dc0
EB		 1593 put_pid(tty->session);
1594 put_pid(tty->pgrp);
1595 tty->session = NULL;
1596 tty->pgrp = NULL;
24ec839c
PZ		 1597 } else {
1598#ifdef TTY_DEBUG_HANGUP
1599 printk(KERN_DEBUG "error attempted to write to tty [0x%p]"
1600 " = NULL", tty);
1601#endif
1602 }
1603 mutex_unlock(&tty_mutex);
1da177e4
LT		 1604
1605 /* Now clear signal->tty under the lock */
1606 read_lock(&tasklist_lock);
ab521dc0 1607 session_clear_tty(task_session(current));
1da177e4 1608 read_unlock(&tasklist_lock);
1da177e4
LT		 1609 unlock_kernel();
1610}
1611
98a27ba4
EB		 1612/**
1613 *
1614 * no_tty - Ensure the current process does not have a controlling tty
1615 */
1616void no_tty(void)
1617{
1618 struct task_struct *tsk = current;
1619 if (tsk->signal->leader)
1620 disassociate_ctty(0);
1621 proc_clear_tty(tsk);
1622}
1623
af9b897e
AC		 1624
1625/**
beb7dd86 1626 * stop_tty - propagate flow control
af9b897e
AC		 1627 * @tty: tty to stop
1628 *
1629 * Perform flow control to the driver. For PTY/TTY pairs we
beb7dd86 1630 * must also propagate the TIOCKPKT status. May be called
af9b897e
AC		 1631 * on an already stopped device and will not re-call the driver
1632 * method.
1633 *
1634 * This functionality is used by both the line disciplines for
1635 * halting incoming flow and by the driver. It may therefore be
1636 * called from any context, may be under the tty atomic_write_lock
1637 * but not always.
1638 *
1639 * Locking:
1640 * Broken. Relies on BKL which is unsafe here.
1641 */
1642
1da177e4
LT		 1643void stop_tty(struct tty_struct *tty)
1644{
1645 if (tty->stopped)
1646 return;
1647 tty->stopped = 1;
1648 if (tty->link && tty->link->packet) {
1649 tty->ctrl_status &= ~TIOCPKT_START;
1650 tty->ctrl_status |= TIOCPKT_STOP;
1651 wake_up_interruptible(&tty->link->read_wait);
1652 }
1653 if (tty->driver->stop)
1654 (tty->driver->stop)(tty);
1655}
1656
1657EXPORT_SYMBOL(stop_tty);
1658
af9b897e 1659/**
beb7dd86 1660 * start_tty - propagate flow control
af9b897e
AC		 1661 * @tty: tty to start
1662 *
1663 * Start a tty that has been stopped if at all possible. Perform
beb7dd86 1664 * any neccessary wakeups and propagate the TIOCPKT status. If this
af9b897e
AC		 1665 * is the tty was previous stopped and is being started then the
1666 * driver start method is invoked and the line discipline woken.
1667 *
1668 * Locking:
1669 * Broken. Relies on BKL which is unsafe here.
1670 */
1671
1da177e4
LT		 1672void start_tty(struct tty_struct *tty)
1673{
1674 if (!tty->stopped || tty->flow_stopped)
1675 return;
1676 tty->stopped = 0;
1677 if (tty->link && tty->link->packet) {
1678 tty->ctrl_status &= ~TIOCPKT_STOP;
1679 tty->ctrl_status |= TIOCPKT_START;
1680 wake_up_interruptible(&tty->link->read_wait);
1681 }
1682 if (tty->driver->start)
1683 (tty->driver->start)(tty);
1684
1685 /* If we have a running line discipline it may need kicking */
1686 tty_wakeup(tty);
1da177e4
LT		 1687}
1688
1689EXPORT_SYMBOL(start_tty);
1690
af9b897e
AC		 1691/**
1692 * tty_read - read method for tty device files
1693 * @file: pointer to tty file
1694 * @buf: user buffer
1695 * @count: size of user buffer
1696 * @ppos: unused
1697 *
1698 * Perform the read system call function on this terminal device. Checks
1699 * for hung up devices before calling the line discipline method.
1700 *
1701 * Locking:
1702 * Locks the line discipline internally while needed
1703 * For historical reasons the line discipline read method is
1704 * invoked under the BKL. This will go away in time so do not rely on it
1705 * in new code. Multiple read calls may be outstanding in parallel.
1706 */
1707
1da177e4
LT		 1708static ssize_t tty_read(struct file * file, char __user * buf, size_t count,
1709 loff_t *ppos)
1710{
1711 int i;
1712 struct tty_struct * tty;
1713 struct inode *inode;
1714 struct tty_ldisc *ld;
1715
1716 tty = (struct tty_struct *)file->private_data;
a7113a96 1717 inode = file->f_path.dentry->d_inode;
1da177e4
LT		 1718 if (tty_paranoia_check(tty, inode, "tty_read"))
1719 return -EIO;
1720 if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
1721 return -EIO;
1722
1723 /* We want to wait for the line discipline to sort out in this
1724 situation */
1725 ld = tty_ldisc_ref_wait(tty);
1726 lock_kernel();
1727 if (ld->read)
1728 i = (ld->read)(tty,file,buf,count);
1729 else
1730 i = -EIO;
1731 tty_ldisc_deref(ld);
1732 unlock_kernel();
1733 if (i > 0)
1734 inode->i_atime = current_fs_time(inode->i_sb);
1735 return i;
1736}
1737
9c1729db
AC		 1738void tty_write_unlock(struct tty_struct *tty)
1739{
1740 mutex_unlock(&tty->atomic_write_lock);
1741 wake_up_interruptible(&tty->write_wait);
1742}
1743
1744int tty_write_lock(struct tty_struct *tty, int ndelay)
1745{
1746 if (!mutex_trylock(&tty->atomic_write_lock)) {
1747 if (ndelay)
1748 return -EAGAIN;
1749 if (mutex_lock_interruptible(&tty->atomic_write_lock))
1750 return -ERESTARTSYS;
1751 }
1752 return 0;
1753}
1754
1da177e4
LT		 1755/*
1756 * Split writes up in sane blocksizes to avoid
1757 * denial-of-service type attacks
1758 */
1759static inline ssize_t do_tty_write(
1760 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1761 struct tty_struct *tty,
1762 struct file *file,
1763 const char __user *buf,
1764 size_t count)
1765{
9c1729db 1766 ssize_t ret, written = 0;
1da177e4
LT		 1767 unsigned int chunk;
1768
9c1729db
AC		 1769 ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
1770 if (ret < 0)
1771 return ret;
1da177e4
LT		 1772
1773 /*
1774 * We chunk up writes into a temporary buffer. This
1775 * simplifies low-level drivers immensely, since they
1776 * don't have locking issues and user mode accesses.
1777 *
1778 * But if TTY_NO_WRITE_SPLIT is set, we should use a
1779 * big chunk-size..
1780 *
1781 * The default chunk-size is 2kB, because the NTTY
1782 * layer has problems with bigger chunks. It will
1783 * claim to be able to handle more characters than
1784 * it actually does.
af9b897e
AC		 1785 *
1786 * FIXME: This can probably go away now except that 64K chunks
1787 * are too likely to fail unless switched to vmalloc...
1da177e4
LT		 1788 */
1789 chunk = 2048;
1790 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1791 chunk = 65536;
1792 if (count < chunk)
1793 chunk = count;
1794
70522e12 1795 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1da177e4
LT		 1796 if (tty->write_cnt < chunk) {
1797 unsigned char *buf;
1798
1799 if (chunk < 1024)
1800 chunk = 1024;
1801
1802 buf = kmalloc(chunk, GFP_KERNEL);
1803 if (!buf) {
9c1729db
AC		 1804 ret = -ENOMEM;
1805 goto out;
1da177e4
LT		 1806 }
1807 kfree(tty->write_buf);
1808 tty->write_cnt = chunk;
1809 tty->write_buf = buf;
1810 }
1811
1812 /* Do the write .. */
1813 for (;;) {
1814 size_t size = count;
1815 if (size > chunk)
1816 size = chunk;
1817 ret = -EFAULT;
1818 if (copy_from_user(tty->write_buf, buf, size))
1819 break;
1820 lock_kernel();
1821 ret = write(tty, file, tty->write_buf, size);
1822 unlock_kernel();
1823 if (ret <= 0)
1824 break;
1825 written += ret;
1826 buf += ret;
1827 count -= ret;
1828 if (!count)
1829 break;
1830 ret = -ERESTARTSYS;
1831 if (signal_pending(current))
1832 break;
1833 cond_resched();
1834 }
1835 if (written) {
a7113a96 1836 struct inode *inode = file->f_path.dentry->d_inode;
1da177e4
LT		 1837 inode->i_mtime = current_fs_time(inode->i_sb);
1838 ret = written;
1839 }
9c1729db
AC		 1840out:
1841 tty_write_unlock(tty);
1da177e4
LT		 1842 return ret;
1843}
1844
1845
af9b897e
AC		 1846/**
1847 * tty_write - write method for tty device file
1848 * @file: tty file pointer
1849 * @buf: user data to write
1850 * @count: bytes to write
1851 * @ppos: unused
1852 *
1853 * Write data to a tty device via the line discipline.
1854 *
1855 * Locking:
1856 * Locks the line discipline as required
1857 * Writes to the tty driver are serialized by the atomic_write_lock
1858 * and are then processed in chunks to the device. The line discipline
1859 * write method will not be involked in parallel for each device
1860 * The line discipline write method is called under the big
1861 * kernel lock for historical reasons. New code should not rely on this.
1862 */
1863
1da177e4
LT		 1864static ssize_t tty_write(struct file * file, const char __user * buf, size_t count,
1865 loff_t *ppos)
1866{
1867 struct tty_struct * tty;
a7113a96 1868 struct inode *inode = file->f_path.dentry->d_inode;
1da177e4
LT		 1869 ssize_t ret;
1870 struct tty_ldisc *ld;
1871
1872 tty = (struct tty_struct *)file->private_data;
1873 if (tty_paranoia_check(tty, inode, "tty_write"))
1874 return -EIO;
1875 if (!tty || !tty->driver->write || (test_bit(TTY_IO_ERROR, &tty->flags)))
1876 return -EIO;
1877
1878 ld = tty_ldisc_ref_wait(tty);
1879 if (!ld->write)
1880 ret = -EIO;
1881 else
1882 ret = do_tty_write(ld->write, tty, file, buf, count);
1883 tty_ldisc_deref(ld);
1884 return ret;
1885}
1886
1887ssize_t redirected_tty_write(struct file * file, const char __user * buf, size_t count,
1888 loff_t *ppos)
1889{
1890 struct file *p = NULL;
1891
1892 spin_lock(&redirect_lock);
1893 if (redirect) {
1894 get_file(redirect);
1895 p = redirect;
1896 }
1897 spin_unlock(&redirect_lock);
1898
1899 if (p) {
1900 ssize_t res;
1901 res = vfs_write(p, buf, count, &p->f_pos);
1902 fput(p);
1903 return res;
1904 }
1905
1906 return tty_write(file, buf, count, ppos);
1907}
1908
1909static char ptychar[] = "pqrstuvwxyzabcde";
1910
af9b897e
AC		 1911/**
1912 * pty_line_name - generate name for a pty
1913 * @driver: the tty driver in use
1914 * @index: the minor number
1915 * @p: output buffer of at least 6 bytes
1916 *
1917 * Generate a name from a driver reference and write it to the output
1918 * buffer.
1919 *
1920 * Locking: None
1921 */
1922static void pty_line_name(struct tty_driver *driver, int index, char *p)
1da177e4
LT		 1923{
1924 int i = index + driver->name_base;
1925 /* ->name is initialized to "ttyp", but "tty" is expected */
1926 sprintf(p, "%s%c%x",
1927 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1928 ptychar[i >> 4 & 0xf], i & 0xf);
1929}
1930
af9b897e
AC		 1931/**
1932 * pty_line_name - generate name for a tty
1933 * @driver: the tty driver in use
1934 * @index: the minor number
1935 * @p: output buffer of at least 7 bytes
1936 *
1937 * Generate a name from a driver reference and write it to the output
1938 * buffer.
1939 *
1940 * Locking: None
1941 */
1942static void tty_line_name(struct tty_driver *driver, int index, char *p)
1da177e4
LT		 1943{
1944 sprintf(p, "%s%d", driver->name, index + driver->name_base);
1945}
1946
af9b897e
AC		 1947/**
1948 * init_dev - initialise a tty device
1949 * @driver: tty driver we are opening a device on
1950 * @idx: device index
1951 * @tty: returned tty structure
1952 *
1953 * Prepare a tty device. This may not be a "new" clean device but
1954 * could also be an active device. The pty drivers require special
1955 * handling because of this.
1956 *
1957 * Locking:
1958 * The function is called under the tty_mutex, which
1959 * protects us from the tty struct or driver itself going away.
1960 *
1961 * On exit the tty device has the line discipline attached and
1962 * a reference count of 1. If a pair was created for pty/tty use
1963 * and the other was a pty master then it too has a reference count of 1.
1964 *
1da177e4 1965 * WSH 06/09/97: Rewritten to remove races and properly clean up after a
70522e12
IM		 1966 * failed open. The new code protects the open with a mutex, so it's
1967 * really quite straightforward. The mutex locking can probably be
1da177e4
LT		 1968 * relaxed for the (most common) case of reopening a tty.
1969 */
af9b897e 1970
1da177e4
LT		 1971static int init_dev(struct tty_driver *driver, int idx,
1972 struct tty_struct **ret_tty)
1973{
1974 struct tty_struct *tty, *o_tty;
edc6afc5
AC		 1975 struct ktermios *tp, **tp_loc, *o_tp, **o_tp_loc;
1976 struct ktermios *ltp, **ltp_loc, *o_ltp, **o_ltp_loc;
af9b897e 1977 int retval = 0;
1da177e4
LT		 1978
1979 /* check whether we're reopening an existing tty */
1980 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1981 tty = devpts_get_tty(idx);
5a39e8c6
ASRF		 1982 /*
1983 * If we don't have a tty here on a slave open, it's because
1984 * the master already started the close process and there's
1985 * no relation between devpts file and tty anymore.
1986 */
1987 if (!tty && driver->subtype == PTY_TYPE_SLAVE) {
1988 retval = -EIO;
1989 goto end_init;
1990 }
1991 /*
1992 * It's safe from now on because init_dev() is called with
1993 * tty_mutex held and release_dev() won't change tty->count
1994 * or tty->flags without having to grab tty_mutex
1995 */
1da177e4
LT		 1996 if (tty && driver->subtype == PTY_TYPE_MASTER)
1997 tty = tty->link;
1998 } else {
1999 tty = driver->ttys[idx];
2000 }
2001 if (tty) goto fast_track;
2002
2003 /*
2004 * First time open is complex, especially for PTY devices.
2005 * This code guarantees that either everything succeeds and the
2006 * TTY is ready for operation, or else the table slots are vacated
2007 * and the allocated memory released. (Except that the termios
2008 * and locked termios may be retained.)
2009 */
2010
2011 if (!try_module_get(driver->owner)) {
2012 retval = -ENODEV;
2013 goto end_init;
2014 }
2015
2016 o_tty = NULL;
2017 tp = o_tp = NULL;
2018 ltp = o_ltp = NULL;
2019
2020 tty = alloc_tty_struct();
2021 if(!tty)
2022 goto fail_no_mem;
2023 initialize_tty_struct(tty);
2024 tty->driver = driver;
2025 tty->index = idx;
2026 tty_line_name(driver, idx, tty->name);
2027
2028 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
2029 tp_loc = &tty->termios;
2030 ltp_loc = &tty->termios_locked;
2031 } else {
2032 tp_loc = &driver->termios[idx];
2033 ltp_loc = &driver->termios_locked[idx];
2034 }
2035
2036 if (!*tp_loc) {
edc6afc5 2037 tp = (struct ktermios *) kmalloc(sizeof(struct ktermios),
1da177e4
LT		 2038 GFP_KERNEL);
2039 if (!tp)
2040 goto free_mem_out;
2041 *tp = driver->init_termios;
2042 }
2043
2044 if (!*ltp_loc) {
506eb99a 2045 ltp = kzalloc(sizeof(struct ktermios), GFP_KERNEL);
1da177e4
LT		 2046 if (!ltp)
2047 goto free_mem_out;
1da177e4
LT		 2048 }
2049
2050 if (driver->type == TTY_DRIVER_TYPE_PTY) {
2051 o_tty = alloc_tty_struct();
2052 if (!o_tty)
2053 goto free_mem_out;
2054 initialize_tty_struct(o_tty);
2055 o_tty->driver = driver->other;
2056 o_tty->index = idx;
2057 tty_line_name(driver->other, idx, o_tty->name);
2058
2059 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
2060 o_tp_loc = &o_tty->termios;
2061 o_ltp_loc = &o_tty->termios_locked;
2062 } else {
2063 o_tp_loc = &driver->other->termios[idx];
2064 o_ltp_loc = &driver->other->termios_locked[idx];
2065 }
2066
2067 if (!*o_tp_loc) {
edc6afc5
AC		 2068 o_tp = (struct ktermios *)
2069 kmalloc(sizeof(struct ktermios), GFP_KERNEL);
1da177e4
LT		 2070 if (!o_tp)
2071 goto free_mem_out;
2072 *o_tp = driver->other->init_termios;
2073 }
2074
2075 if (!*o_ltp_loc) {
506eb99a 2076 o_ltp = kzalloc(sizeof(struct ktermios), GFP_KERNEL);
1da177e4
LT		 2077 if (!o_ltp)
2078 goto free_mem_out;
1da177e4
LT		 2079 }
2080
2081 /*
2082 * Everything allocated ... set up the o_tty structure.
2083 */
2084 if (!(driver->other->flags & TTY_DRIVER_DEVPTS_MEM)) {
2085 driver->other->ttys[idx] = o_tty;
2086 }
2087 if (!*o_tp_loc)
2088 *o_tp_loc = o_tp;
2089 if (!*o_ltp_loc)
2090 *o_ltp_loc = o_ltp;
2091 o_tty->termios = *o_tp_loc;
2092 o_tty->termios_locked = *o_ltp_loc;
2093 driver->other->refcount++;
2094 if (driver->subtype == PTY_TYPE_MASTER)
2095 o_tty->count++;
2096
2097 /* Establish the links in both directions */
2098 tty->link = o_tty;
2099 o_tty->link = tty;
2100 }
2101
2102 /*
2103 * All structures have been allocated, so now we install them.
d5698c28 2104 * Failures after this point use release_tty to clean up, so
1da177e4
LT		 2105 * there's no need to null out the local pointers.
2106 */
2107 if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2108 driver->ttys[idx] = tty;
2109 }
2110
2111 if (!*tp_loc)
2112 *tp_loc = tp;
2113 if (!*ltp_loc)
2114 *ltp_loc = ltp;
2115 tty->termios = *tp_loc;
2116 tty->termios_locked = *ltp_loc;
edc6afc5
AC		 2117 /* Compatibility until drivers always set this */
2118 tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
2119 tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
1da177e4
LT		 2120 driver->refcount++;
2121 tty->count++;
2122
2123 /*
2124 * Structures all installed ... call the ldisc open routines.
d5698c28
CH		 2125 * If we fail here just call release_tty to clean up. No need
2126 * to decrement the use counts, as release_tty doesn't care.
1da177e4
LT		 2127 */
2128
2129 if (tty->ldisc.open) {
2130 retval = (tty->ldisc.open)(tty);
2131 if (retval)
2132 goto release_mem_out;
2133 }
2134 if (o_tty && o_tty->ldisc.open) {
2135 retval = (o_tty->ldisc.open)(o_tty);
2136 if (retval) {
2137 if (tty->ldisc.close)
2138 (tty->ldisc.close)(tty);
2139 goto release_mem_out;
2140 }
2141 tty_ldisc_enable(o_tty);
2142 }
2143 tty_ldisc_enable(tty);
2144 goto success;
2145
2146 /*
2147 * This fast open can be used if the tty is already open.
2148 * No memory is allocated, and the only failures are from
2149 * attempting to open a closing tty or attempting multiple
2150 * opens on a pty master.
2151 */
2152fast_track:
2153 if (test_bit(TTY_CLOSING, &tty->flags)) {
2154 retval = -EIO;
2155 goto end_init;
2156 }
2157 if (driver->type == TTY_DRIVER_TYPE_PTY &&
2158 driver->subtype == PTY_TYPE_MASTER) {
2159 /*
2160 * special case for PTY masters: only one open permitted,
2161 * and the slave side open count is incremented as well.
2162 */
2163 if (tty->count) {
2164 retval = -EIO;
2165 goto end_init;
2166 }
2167 tty->link->count++;
2168 }
2169 tty->count++;
2170 tty->driver = driver; /* N.B. why do this every time?? */
2171
2172 /* FIXME */
2173 if(!test_bit(TTY_LDISC, &tty->flags))
2174 printk(KERN_ERR "init_dev but no ldisc\n");
2175success:
2176 *ret_tty = tty;
2177
70522e12 2178 /* All paths come through here to release the mutex */
1da177e4
LT		 2179end_init:
2180 return retval;
2181
2182 /* Release locally allocated memory ... nothing placed in slots */
2183free_mem_out:
735d5661 2184 kfree(o_tp);
1da177e4
LT		 2185 if (o_tty)
2186 free_tty_struct(o_tty);
735d5661
JJ		 2187 kfree(ltp);
2188 kfree(tp);
1da177e4
LT		 2189 free_tty_struct(tty);
2190
2191fail_no_mem:
2192 module_put(driver->owner);
2193 retval = -ENOMEM;
2194 goto end_init;
2195
d5698c28 2196 /* call the tty release_tty routine to clean out this slot */
1da177e4 2197release_mem_out:
4050914f
AM		 2198 if (printk_ratelimit())
2199 printk(KERN_INFO "init_dev: ldisc open failed, "
2200 "clearing slot %d\n", idx);
d5698c28 2201 release_tty(tty, idx);
1da177e4
LT		 2202 goto end_init;
2203}
2204
af9b897e 2205/**
d5698c28 2206 * release_one_tty - release tty structure memory
af9b897e
AC		 2207 *
2208 * Releases memory associated with a tty structure, and clears out the
2209 * driver table slots. This function is called when a device is no longer
2210 * in use. It also gets called when setup of a device fails.
2211 *
2212 * Locking:
2213 * tty_mutex - sometimes only
2214 * takes the file list lock internally when working on the list
2215 * of ttys that the driver keeps.
2216 * FIXME: should we require tty_mutex is held here ??
1da177e4 2217 */
d5698c28 2218static void release_one_tty(struct tty_struct *tty, int idx)
1da177e4 2219{
1da177e4 2220 int devpts = tty->driver->flags & TTY_DRIVER_DEVPTS_MEM;
d5698c28 2221 struct ktermios *tp;
1da177e4
LT		 2222
2223 if (!devpts)
2224 tty->driver->ttys[idx] = NULL;
d5698c28 2225
1da177e4
LT		 2226 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
2227 tp = tty->termios;
2228 if (!devpts)
2229 tty->driver->termios[idx] = NULL;
2230 kfree(tp);
2231
2232 tp = tty->termios_locked;
2233 if (!devpts)
2234 tty->driver->termios_locked[idx] = NULL;
2235 kfree(tp);
2236 }
2237
d5698c28 2238
1da177e4
LT		 2239 tty->magic = 0;
2240 tty->driver->refcount--;
d5698c28 2241
1da177e4
LT		 2242 file_list_lock();
2243 list_del_init(&tty->tty_files);
2244 file_list_unlock();
d5698c28 2245
1da177e4
LT		 2246 free_tty_struct(tty);
2247}
2248
d5698c28
CH		 2249/**
2250 * release_tty - release tty structure memory
2251 *
2252 * Release both @tty and a possible linked partner (think pty pair),
2253 * and decrement the refcount of the backing module.
2254 *
2255 * Locking:
2256 * tty_mutex - sometimes only
2257 * takes the file list lock internally when working on the list
2258 * of ttys that the driver keeps.
2259 * FIXME: should we require tty_mutex is held here ??
2260 */
2261static void release_tty(struct tty_struct *tty, int idx)
2262{
2263 struct tty_driver *driver = tty->driver;
2264
2265 if (tty->link)
2266 release_one_tty(tty->link, idx);
2267 release_one_tty(tty, idx);
2268 module_put(driver->owner);
2269}
2270
1da177e4
LT		 2271/*
2272 * Even releasing the tty structures is a tricky business.. We have
2273 * to be very careful that the structures are all released at the
2274 * same time, as interrupts might otherwise get the wrong pointers.
2275 *
2276 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
2277 * lead to double frees or releasing memory still in use.
2278 */
2279static void release_dev(struct file * filp)
2280{
2281 struct tty_struct *tty, *o_tty;
2282 int pty_master, tty_closing, o_tty_closing, do_sleep;
14a6283e 2283 int devpts;
1da177e4
LT		 2284 int idx;
2285 char buf[64];
2286 unsigned long flags;
2287
2288 tty = (struct tty_struct *)filp->private_data;
a7113a96 2289 if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "release_dev"))
1da177e4
LT		 2290 return;
2291
2292 check_tty_count(tty, "release_dev");
2293
2294 tty_fasync(-1, filp, 0);
2295
2296 idx = tty->index;
2297 pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2298 tty->driver->subtype == PTY_TYPE_MASTER);
2299 devpts = (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) != 0;
1da177e4
LT		 2300 o_tty = tty->link;
2301
2302#ifdef TTY_PARANOIA_CHECK
2303 if (idx < 0 || idx >= tty->driver->num) {
2304 printk(KERN_DEBUG "release_dev: bad idx when trying to "
2305 "free (%s)\n", tty->name);
2306 return;
2307 }
2308 if (!(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2309 if (tty != tty->driver->ttys[idx]) {
2310 printk(KERN_DEBUG "release_dev: driver.table[%d] not tty "
2311 "for (%s)\n", idx, tty->name);
2312 return;
2313 }
2314 if (tty->termios != tty->driver->termios[idx]) {
2315 printk(KERN_DEBUG "release_dev: driver.termios[%d] not termios "
2316 "for (%s)\n",
2317 idx, tty->name);
2318 return;
2319 }
2320 if (tty->termios_locked != tty->driver->termios_locked[idx]) {
2321 printk(KERN_DEBUG "release_dev: driver.termios_locked[%d] not "
2322 "termios_locked for (%s)\n",
2323 idx, tty->name);
2324 return;
2325 }
2326 }
2327#endif
2328
2329#ifdef TTY_DEBUG_HANGUP
2330 printk(KERN_DEBUG "release_dev of %s (tty count=%d)...",
2331 tty_name(tty, buf), tty->count);
2332#endif
2333
2334#ifdef TTY_PARANOIA_CHECK
2335 if (tty->driver->other &&
2336 !(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2337 if (o_tty != tty->driver->other->ttys[idx]) {
2338 printk(KERN_DEBUG "release_dev: other->table[%d] "
2339 "not o_tty for (%s)\n",
2340 idx, tty->name);
2341 return;
2342 }
2343 if (o_tty->termios != tty->driver->other->termios[idx]) {
2344 printk(KERN_DEBUG "release_dev: other->termios[%d] "
2345 "not o_termios for (%s)\n",
2346 idx, tty->name);
2347 return;
2348 }
2349 if (o_tty->termios_locked !=
2350 tty->driver->other->termios_locked[idx]) {
2351 printk(KERN_DEBUG "release_dev: other->termios_locked["
2352 "%d] not o_termios_locked for (%s)\n",
2353 idx, tty->name);
2354 return;
2355 }
2356 if (o_tty->link != tty) {
2357 printk(KERN_DEBUG "release_dev: bad pty pointers\n");
2358 return;
2359 }
2360 }
2361#endif
2362 if (tty->driver->close)
2363 tty->driver->close(tty, filp);
2364
2365 /*
2366 * Sanity check: if tty->count is going to zero, there shouldn't be
2367 * any waiters on tty->read_wait or tty->write_wait. We test the
2368 * wait queues and kick everyone out _before_ actually starting to
2369 * close. This ensures that we won't block while releasing the tty
2370 * structure.
2371 *
2372 * The test for the o_tty closing is necessary, since the master and
2373 * slave sides may close in any order. If the slave side closes out
2374 * first, its count will be one, since the master side holds an open.
2375 * Thus this test wouldn't be triggered at the time the slave closes,
2376 * so we do it now.
2377 *
2378 * Note that it's possible for the tty to be opened again while we're
2379 * flushing out waiters. By recalculating the closing flags before
2380 * each iteration we avoid any problems.
2381 */
2382 while (1) {
2383 /* Guard against races with tty->count changes elsewhere and
2384 opens on /dev/tty */
2385
70522e12 2386 mutex_lock(&tty_mutex);
1da177e4
LT		 2387 tty_closing = tty->count <= 1;
2388 o_tty_closing = o_tty &&
2389 (o_tty->count <= (pty_master ? 1 : 0));
1da177e4
LT		 2390 do_sleep = 0;
2391
2392 if (tty_closing) {
2393 if (waitqueue_active(&tty->read_wait)) {
2394 wake_up(&tty->read_wait);
2395 do_sleep++;
2396 }
2397 if (waitqueue_active(&tty->write_wait)) {
2398 wake_up(&tty->write_wait);
2399 do_sleep++;
2400 }
2401 }
2402 if (o_tty_closing) {
2403 if (waitqueue_active(&o_tty->read_wait)) {
2404 wake_up(&o_tty->read_wait);
2405 do_sleep++;
2406 }
2407 if (waitqueue_active(&o_tty->write_wait)) {
2408 wake_up(&o_tty->write_wait);
2409 do_sleep++;
2410 }
2411 }
2412 if (!do_sleep)
2413 break;
2414
2415 printk(KERN_WARNING "release_dev: %s: read/write wait queue "
2416 "active!\n", tty_name(tty, buf));
70522e12 2417 mutex_unlock(&tty_mutex);
1da177e4
LT		 2418 schedule();
2419 }
2420
2421 /*
2422 * The closing flags are now consistent with the open counts on
2423 * both sides, and we've completed the last operation that could
2424 * block, so it's safe to proceed with closing.
2425 */
1da177e4
LT		 2426 if (pty_master) {
2427 if (--o_tty->count < 0) {
2428 printk(KERN_WARNING "release_dev: bad pty slave count "
2429 "(%d) for %s\n",
2430 o_tty->count, tty_name(o_tty, buf));
2431 o_tty->count = 0;
2432 }
2433 }
2434 if (--tty->count < 0) {
2435 printk(KERN_WARNING "release_dev: bad tty->count (%d) for %s\n",
2436 tty->count, tty_name(tty, buf));
2437 tty->count = 0;
2438 }
1da177e4
LT		 2439
2440 /*
2441 * We've decremented tty->count, so we need to remove this file
2442 * descriptor off the tty->tty_files list; this serves two
2443 * purposes:
2444 * - check_tty_count sees the correct number of file descriptors
2445 * associated with this tty.
2446 * - do_tty_hangup no longer sees this file descriptor as
2447 * something that needs to be handled for hangups.
2448 */
2449 file_kill(filp);
2450 filp->private_data = NULL;
2451
2452 /*
2453 * Perform some housekeeping before deciding whether to return.
2454 *
2455 * Set the TTY_CLOSING flag if this was the last open. In the
2456 * case of a pty we may have to wait around for the other side
2457 * to close, and TTY_CLOSING makes sure we can't be reopened.
2458 */
2459 if(tty_closing)
2460 set_bit(TTY_CLOSING, &tty->flags);
2461 if(o_tty_closing)
2462 set_bit(TTY_CLOSING, &o_tty->flags);
2463
2464 /*
2465 * If _either_ side is closing, make sure there aren't any
2466 * processes that still think tty or o_tty is their controlling
2467 * tty.
2468 */
2469 if (tty_closing || o_tty_closing) {
1da177e4 2470 read_lock(&tasklist_lock);
24ec839c 2471 session_clear_tty(tty->session);
1da177e4 2472 if (o_tty)
24ec839c 2473 session_clear_tty(o_tty->session);
1da177e4
LT		 2474 read_unlock(&tasklist_lock);
2475 }
2476
70522e12 2477 mutex_unlock(&tty_mutex);
da965822 2478
1da177e4
LT		 2479 /* check whether both sides are closing ... */
2480 if (!tty_closing || (o_tty && !o_tty_closing))
2481 return;
2482
2483#ifdef TTY_DEBUG_HANGUP
2484 printk(KERN_DEBUG "freeing tty structure...");
2485#endif
2486 /*
2487 * Prevent flush_to_ldisc() from rescheduling the work for later. Then
2488 * kill any delayed work. As this is the final close it does not
2489 * race with the set_ldisc code path.
2490 */
2491 clear_bit(TTY_LDISC, &tty->flags);
33f0f88f 2492 cancel_delayed_work(&tty->buf.work);
1da177e4
LT		 2493
2494 /*
33f0f88f 2495 * Wait for ->hangup_work and ->buf.work handlers to terminate
1da177e4
LT		 2496 */
2497
2498 flush_scheduled_work();
2499
2500 /*
2501 * Wait for any short term users (we know they are just driver
2502 * side waiters as the file is closing so user count on the file
2503 * side is zero.
2504 */
2505 spin_lock_irqsave(&tty_ldisc_lock, flags);
2506 while(tty->ldisc.refcount)
2507 {
2508 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
2509 wait_event(tty_ldisc_wait, tty->ldisc.refcount == 0);
2510 spin_lock_irqsave(&tty_ldisc_lock, flags);
2511 }
2512 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
2513 /*
2514 * Shutdown the current line discipline, and reset it to N_TTY.
2515 * N.B. why reset ldisc when we're releasing the memory??
2516 *
2517 * FIXME: this MUST get fixed for the new reflocking
2518 */
2519 if (tty->ldisc.close)
2520 (tty->ldisc.close)(tty);
2521 tty_ldisc_put(tty->ldisc.num);
2522
2523 /*
2524 * Switch the line discipline back
2525 */
2526 tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
2527 tty_set_termios_ldisc(tty,N_TTY);
2528 if (o_tty) {
2529 /* FIXME: could o_tty be in setldisc here ? */
2530 clear_bit(TTY_LDISC, &o_tty->flags);
2531 if (o_tty->ldisc.close)
2532 (o_tty->ldisc.close)(o_tty);
2533 tty_ldisc_put(o_tty->ldisc.num);
2534 tty_ldisc_assign(o_tty, tty_ldisc_get(N_TTY));
2535 tty_set_termios_ldisc(o_tty,N_TTY);
2536 }
2537 /*
d5698c28 2538 * The release_tty function takes care of the details of clearing
1da177e4
LT		 2539 * the slots and preserving the termios structure.
2540 */
d5698c28 2541 release_tty(tty, idx);
1da177e4
LT		 2542
2543#ifdef CONFIG_UNIX98_PTYS
2544 /* Make this pty number available for reallocation */
2545 if (devpts) {
2546 down(&allocated_ptys_lock);
2547 idr_remove(&allocated_ptys, idx);
2548 up(&allocated_ptys_lock);
2549 }
2550#endif
2551
2552}
2553
af9b897e
AC		 2554/**
2555 * tty_open - open a tty device
2556 * @inode: inode of device file
2557 * @filp: file pointer to tty
1da177e4 2558 *
af9b897e
AC		 2559 * tty_open and tty_release keep up the tty count that contains the
2560 * number of opens done on a tty. We cannot use the inode-count, as
2561 * different inodes might point to the same tty.
1da177e4 2562 *
af9b897e
AC		 2563 * Open-counting is needed for pty masters, as well as for keeping
2564 * track of serial lines: DTR is dropped when the last close happens.
2565 * (This is not done solely through tty->count, now. - Ted 1/27/92)
2566 *
2567 * The termios state of a pty is reset on first open so that
2568 * settings don't persist across reuse.
2569 *
24ec839c
PZ		 2570 * Locking: tty_mutex protects tty, get_tty_driver and init_dev work.
2571 * tty->count should protect the rest.
2572 * ->siglock protects ->signal/->sighand
1da177e4 2573 */
af9b897e 2574
1da177e4
LT		 2575static int tty_open(struct inode * inode, struct file * filp)
2576{
2577 struct tty_struct *tty;
2578 int noctty, retval;
2579 struct tty_driver *driver;
2580 int index;
2581 dev_t device = inode->i_rdev;
2582 unsigned short saved_flags = filp->f_flags;
2583
2584 nonseekable_open(inode, filp);
2585
2586retry_open:
2587 noctty = filp->f_flags & O_NOCTTY;
2588 index = -1;
2589 retval = 0;
2590
70522e12 2591 mutex_lock(&tty_mutex);
1da177e4
LT		 2592
2593 if (device == MKDEV(TTYAUX_MAJOR,0)) {
24ec839c
PZ		 2594 tty = get_current_tty();
2595 if (!tty) {
70522e12 2596 mutex_unlock(&tty_mutex);
1da177e4
LT		 2597 return -ENXIO;
2598 }
24ec839c
PZ		 2599 driver = tty->driver;
2600 index = tty->index;
1da177e4
LT		 2601 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
2602 /* noctty = 1; */
2603 goto got_driver;
2604 }
2605#ifdef CONFIG_VT
2606 if (device == MKDEV(TTY_MAJOR,0)) {
2607 extern struct tty_driver *console_driver;
2608 driver = console_driver;
2609 index = fg_console;
2610 noctty = 1;
2611 goto got_driver;
2612 }
2613#endif
2614 if (device == MKDEV(TTYAUX_MAJOR,1)) {
2615 driver = console_device(&index);
2616 if (driver) {
2617 /* Don't let /dev/console block */
2618 filp->f_flags |= O_NONBLOCK;
2619 noctty = 1;
2620 goto got_driver;
2621 }
70522e12 2622 mutex_unlock(&tty_mutex);
1da177e4
LT		 2623 return -ENODEV;
2624 }
2625
2626 driver = get_tty_driver(device, &index);
2627 if (!driver) {
70522e12 2628 mutex_unlock(&tty_mutex);
1da177e4
LT		 2629 return -ENODEV;
2630 }
2631got_driver:
2632 retval = init_dev(driver, index, &tty);
70522e12 2633 mutex_unlock(&tty_mutex);
1da177e4
LT		 2634 if (retval)
2635 return retval;
2636
2637 filp->private_data = tty;
2638 file_move(filp, &tty->tty_files);
2639 check_tty_count(tty, "tty_open");
2640 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2641 tty->driver->subtype == PTY_TYPE_MASTER)
2642 noctty = 1;
2643#ifdef TTY_DEBUG_HANGUP
2644 printk(KERN_DEBUG "opening %s...", tty->name);
2645#endif
2646 if (!retval) {
2647 if (tty->driver->open)
2648 retval = tty->driver->open(tty, filp);
2649 else
2650 retval = -ENODEV;
2651 }
2652 filp->f_flags = saved_flags;
2653
2654 if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN))
2655 retval = -EBUSY;
2656
2657 if (retval) {
2658#ifdef TTY_DEBUG_HANGUP
2659 printk(KERN_DEBUG "error %d in opening %s...", retval,
2660 tty->name);
2661#endif
2662 release_dev(filp);
2663 if (retval != -ERESTARTSYS)
2664 return retval;
2665 if (signal_pending(current))
2666 return retval;
2667 schedule();
2668 /*
2669 * Need to reset f_op in case a hangup happened.
2670 */
2671 if (filp->f_op == &hung_up_tty_fops)
2672 filp->f_op = &tty_fops;
2673 goto retry_open;
2674 }
24ec839c
PZ		 2675
2676 mutex_lock(&tty_mutex);
2677 spin_lock_irq(&current->sighand->siglock);
1da177e4
LT		 2678 if (!noctty &&
2679 current->signal->leader &&
2680 !current->signal->tty &&
ab521dc0 2681 tty->session == NULL)
2a65f1d9 2682 __proc_set_tty(current, tty);
24ec839c
PZ		 2683 spin_unlock_irq(&current->sighand->siglock);
2684 mutex_unlock(&tty_mutex);
522ed776 2685 tty_audit_opening();
1da177e4
LT		 2686 return 0;
2687}
2688
2689#ifdef CONFIG_UNIX98_PTYS
af9b897e
AC		 2690/**
2691 * ptmx_open - open a unix 98 pty master
2692 * @inode: inode of device file
2693 * @filp: file pointer to tty
2694 *
2695 * Allocate a unix98 pty master device from the ptmx driver.
2696 *
2697 * Locking: tty_mutex protects theinit_dev work. tty->count should
2698 protect the rest.
2699 * allocated_ptys_lock handles the list of free pty numbers
2700 */
2701
1da177e4
LT		 2702static int ptmx_open(struct inode * inode, struct file * filp)
2703{
2704 struct tty_struct *tty;
2705 int retval;
2706 int index;
2707 int idr_ret;
2708
2709 nonseekable_open(inode, filp);
2710
2711 /* find a device that is not in use. */
2712 down(&allocated_ptys_lock);
2713 if (!idr_pre_get(&allocated_ptys, GFP_KERNEL)) {
2714 up(&allocated_ptys_lock);
2715 return -ENOMEM;
2716 }
2717 idr_ret = idr_get_new(&allocated_ptys, NULL, &index);
2718 if (idr_ret < 0) {
2719 up(&allocated_ptys_lock);
2720 if (idr_ret == -EAGAIN)
2721 return -ENOMEM;
2722 return -EIO;
2723 }
2724 if (index >= pty_limit) {
2725 idr_remove(&allocated_ptys, index);
2726 up(&allocated_ptys_lock);
2727 return -EIO;
2728 }
2729 up(&allocated_ptys_lock);
2730
70522e12 2731 mutex_lock(&tty_mutex);
1da177e4 2732 retval = init_dev(ptm_driver, index, &tty);
70522e12 2733 mutex_unlock(&tty_mutex);
1da177e4
LT		 2734
2735 if (retval)
2736 goto out;
2737
2738 set_bit(TTY_PTY_LOCK, &tty->flags); /* LOCK THE SLAVE */
2739 filp->private_data = tty;
2740 file_move(filp, &tty->tty_files);
2741
2742 retval = -ENOMEM;
2743 if (devpts_pty_new(tty->link))
2744 goto out1;
2745
2746 check_tty_count(tty, "tty_open");
2747 retval = ptm_driver->open(tty, filp);
522ed776
MT		 2748 if (!retval) {
2749 tty_audit_opening();
1da177e4 2750 return 0;
522ed776 2751 }
1da177e4
LT		 2752out1:
2753 release_dev(filp);
9453a5ad 2754 return retval;
1da177e4
LT		 2755out:
2756 down(&allocated_ptys_lock);
2757 idr_remove(&allocated_ptys, index);
2758 up(&allocated_ptys_lock);
2759 return retval;
2760}
2761#endif
2762
af9b897e
AC		 2763/**
2764 * tty_release - vfs callback for close
2765 * @inode: inode of tty
2766 * @filp: file pointer for handle to tty
2767 *
2768 * Called the last time each file handle is closed that references
2769 * this tty. There may however be several such references.
2770 *
2771 * Locking:
2772 * Takes bkl. See release_dev
2773 */
2774
1da177e4
LT		 2775static int tty_release(struct inode * inode, struct file * filp)
2776{
2777 lock_kernel();
2778 release_dev(filp);
2779 unlock_kernel();
2780 return 0;
2781}
2782
af9b897e
AC		 2783/**
2784 * tty_poll - check tty status
2785 * @filp: file being polled
2786 * @wait: poll wait structures to update
2787 *
2788 * Call the line discipline polling method to obtain the poll
2789 * status of the device.
2790 *
2791 * Locking: locks called line discipline but ldisc poll method
2792 * may be re-entered freely by other callers.
2793 */
2794
1da177e4
LT		 2795static unsigned int tty_poll(struct file * filp, poll_table * wait)
2796{
2797 struct tty_struct * tty;
2798 struct tty_ldisc *ld;
2799 int ret = 0;
2800
2801 tty = (struct tty_struct *)filp->private_data;
a7113a96 2802 if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_poll"))
1da177e4
LT		 2803 return 0;
2804
2805 ld = tty_ldisc_ref_wait(tty);
2806 if (ld->poll)
2807 ret = (ld->poll)(tty, filp, wait);
2808 tty_ldisc_deref(ld);
2809 return ret;
2810}
2811
2812static int tty_fasync(int fd, struct file * filp, int on)
2813{
2814 struct tty_struct * tty;
2815 int retval;
2816
2817 tty = (struct tty_struct *)filp->private_data;
a7113a96 2818 if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_fasync"))
1da177e4
LT		 2819 return 0;
2820
2821 retval = fasync_helper(fd, filp, on, &tty->fasync);
2822 if (retval <= 0)
2823 return retval;
2824
2825 if (on) {
ab521dc0
EB		 2826 enum pid_type type;
2827 struct pid *pid;
1da177e4
LT		 2828 if (!waitqueue_active(&tty->read_wait))
2829 tty->minimum_to_wake = 1;
ab521dc0
EB		 2830 if (tty->pgrp) {
2831 pid = tty->pgrp;
2832 type = PIDTYPE_PGID;
2833 } else {
2834 pid = task_pid(current);
2835 type = PIDTYPE_PID;
2836 }
2837 retval = __f_setown(filp, pid, type, 0);
1da177e4
LT		 2838 if (retval)
2839 return retval;
2840 } else {
2841 if (!tty->fasync && !waitqueue_active(&tty->read_wait))
2842 tty->minimum_to_wake = N_TTY_BUF_SIZE;
2843 }
2844 return 0;
2845}
2846
af9b897e
AC		 2847/**
2848 * tiocsti - fake input character
2849 * @tty: tty to fake input into
2850 * @p: pointer to character
2851 *
2852 * Fake input to a tty device. Does the neccessary locking and
2853 * input management.
2854 *
2855 * FIXME: does not honour flow control ??
2856 *
2857 * Locking:
2858 * Called functions take tty_ldisc_lock
2859 * current->signal->tty check is safe without locks
28298232
AC		 2860 *
2861 * FIXME: may race normal receive processing
af9b897e
AC		 2862 */
2863
1da177e4
LT		 2864static int tiocsti(struct tty_struct *tty, char __user *p)
2865{
2866 char ch, mbz = 0;
2867 struct tty_ldisc *ld;
2868
2869 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2870 return -EPERM;
2871 if (get_user(ch, p))
2872 return -EFAULT;
2873 ld = tty_ldisc_ref_wait(tty);
2874 ld->receive_buf(tty, &ch, &mbz, 1);
2875 tty_ldisc_deref(ld);
2876 return 0;
2877}
2878
af9b897e
AC		 2879/**
2880 * tiocgwinsz - implement window query ioctl
2881 * @tty; tty
2882 * @arg: user buffer for result
2883 *
808a0d38 2884 * Copies the kernel idea of the window size into the user buffer.
af9b897e 2885 *
24ec839c 2886 * Locking: tty->termios_mutex is taken to ensure the winsize data
808a0d38 2887 * is consistent.
af9b897e
AC		 2888 */
2889
1da177e4
LT		 2890static int tiocgwinsz(struct tty_struct *tty, struct winsize __user * arg)
2891{
808a0d38
AC		 2892 int err;
2893
5785c95b 2894 mutex_lock(&tty->termios_mutex);
808a0d38 2895 err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
5785c95b 2896 mutex_unlock(&tty->termios_mutex);
808a0d38
AC		 2897
2898 return err ? -EFAULT: 0;
1da177e4
LT		 2899}
2900
af9b897e
AC		 2901/**
2902 * tiocswinsz - implement window size set ioctl
2903 * @tty; tty
2904 * @arg: user buffer for result
2905 *
2906 * Copies the user idea of the window size to the kernel. Traditionally
2907 * this is just advisory information but for the Linux console it
2908 * actually has driver level meaning and triggers a VC resize.
2909 *
2910 * Locking:
ca9bda00
AC		 2911 * Called function use the console_sem is used to ensure we do
2912 * not try and resize the console twice at once.
24ec839c
PZ		 2913 * The tty->termios_mutex is used to ensure we don't double
2914 * resize and get confused. Lock order - tty->termios_mutex before
ca9bda00 2915 * console sem
af9b897e
AC		 2916 */
2917
1da177e4
LT		 2918static int tiocswinsz(struct tty_struct *tty, struct tty_struct *real_tty,
2919 struct winsize __user * arg)
2920{
2921 struct winsize tmp_ws;
2922
2923 if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2924 return -EFAULT;
ca9bda00 2925
5785c95b 2926 mutex_lock(&tty->termios_mutex);
1da177e4 2927 if (!memcmp(&tmp_ws, &tty->winsize, sizeof(*arg)))
ca9bda00
AC		 2928 goto done;
2929
1da177e4
LT		 2930#ifdef CONFIG_VT
2931 if (tty->driver->type == TTY_DRIVER_TYPE_CONSOLE) {
5785c95b
AV		 2932 if (vc_lock_resize(tty->driver_data, tmp_ws.ws_col,
2933 tmp_ws.ws_row)) {
2934 mutex_unlock(&tty->termios_mutex);
ca9bda00
AC		 2935 return -ENXIO;
2936 }
1da177e4
LT		 2937 }
2938#endif
ab521dc0
EB		 2939 if (tty->pgrp)
2940 kill_pgrp(tty->pgrp, SIGWINCH, 1);
2941 if ((real_tty->pgrp != tty->pgrp) && real_tty->pgrp)
2942 kill_pgrp(real_tty->pgrp, SIGWINCH, 1);
1da177e4
LT		 2943 tty->winsize = tmp_ws;
2944 real_tty->winsize = tmp_ws;
ca9bda00 2945done:
5785c95b 2946 mutex_unlock(&tty->termios_mutex);
1da177e4
LT		 2947 return 0;
2948}
2949
af9b897e
AC		 2950/**
2951 * tioccons - allow admin to move logical console
2952 * @file: the file to become console
2953 *
2954 * Allow the adminstrator to move the redirected console device
2955 *
2956 * Locking: uses redirect_lock to guard the redirect information
2957 */
2958
1da177e4
LT		 2959static int tioccons(struct file *file)
2960{
2961 if (!capable(CAP_SYS_ADMIN))
2962 return -EPERM;
2963 if (file->f_op->write == redirected_tty_write) {
2964 struct file *f;
2965 spin_lock(&redirect_lock);
2966 f = redirect;
2967 redirect = NULL;
2968 spin_unlock(&redirect_lock);
2969 if (f)
2970 fput(f);
2971 return 0;
2972 }
2973 spin_lock(&redirect_lock);
2974 if (redirect) {
2975 spin_unlock(&redirect_lock);
2976 return -EBUSY;
2977 }
2978 get_file(file);
2979 redirect = file;
2980 spin_unlock(&redirect_lock);
2981 return 0;
2982}
2983
af9b897e
AC		 2984/**
2985 * fionbio - non blocking ioctl
2986 * @file: file to set blocking value
2987 * @p: user parameter
2988 *
2989 * Historical tty interfaces had a blocking control ioctl before
2990 * the generic functionality existed. This piece of history is preserved
2991 * in the expected tty API of posix OS's.
2992 *
2993 * Locking: none, the open fle handle ensures it won't go away.
2994 */
1da177e4
LT		 2995
2996static int fionbio(struct file *file, int __user *p)
2997{
2998 int nonblock;
2999
3000 if (get_user(nonblock, p))
3001 return -EFAULT;
3002
3003 if (nonblock)
3004 file->f_flags |= O_NONBLOCK;
3005 else
3006 file->f_flags &= ~O_NONBLOCK;
3007 return 0;
3008}
3009
af9b897e
AC		 3010/**
3011 * tiocsctty - set controlling tty
3012 * @tty: tty structure
3013 * @arg: user argument
3014 *
3015 * This ioctl is used to manage job control. It permits a session
3016 * leader to set this tty as the controlling tty for the session.
3017 *
3018 * Locking:
28298232 3019 * Takes tty_mutex() to protect tty instance
24ec839c
PZ		 3020 * Takes tasklist_lock internally to walk sessions
3021 * Takes ->siglock() when updating signal->tty
af9b897e
AC		 3022 */
3023
1da177e4
LT		 3024static int tiocsctty(struct tty_struct *tty, int arg)
3025{
24ec839c 3026 int ret = 0;
ab521dc0 3027 if (current->signal->leader && (task_session(current) == tty->session))
24ec839c
PZ		 3028 return ret;
3029
3030 mutex_lock(&tty_mutex);
1da177e4
LT		 3031 /*
3032 * The process must be a session leader and
3033 * not have a controlling tty already.
3034 */
24ec839c
PZ		 3035 if (!current->signal->leader || current->signal->tty) {
3036 ret = -EPERM;
3037 goto unlock;
3038 }
3039
ab521dc0 3040 if (tty->session) {
1da177e4
LT		 3041 /*
3042 * This tty is already the controlling
3043 * tty for another session group!
3044 */
3045 if ((arg == 1) && capable(CAP_SYS_ADMIN)) {
3046 /*
3047 * Steal it away
3048 */
1da177e4 3049 read_lock(&tasklist_lock);
24ec839c 3050 session_clear_tty(tty->session);
1da177e4 3051 read_unlock(&tasklist_lock);
24ec839c
PZ		 3052 } else {
3053 ret = -EPERM;
3054 goto unlock;
3055 }
1da177e4 3056 }
24ec839c
PZ		 3057 proc_set_tty(current, tty);
3058unlock:
28298232 3059 mutex_unlock(&tty_mutex);
24ec839c 3060 return ret;
1da177e4
LT		 3061}
3062
af9b897e
AC		 3063/**
3064 * tiocgpgrp - get process group
3065 * @tty: tty passed by user
3066 * @real_tty: tty side of the tty pased by the user if a pty else the tty
3067 * @p: returned pid
3068 *
3069 * Obtain the process group of the tty. If there is no process group
3070 * return an error.
3071 *
24ec839c 3072 * Locking: none. Reference to current->signal->tty is safe.
af9b897e
AC		 3073 */
3074
1da177e4
LT		 3075static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3076{
3077 /*
3078 * (tty == real_tty) is a cheap way of
3079 * testing if the tty is NOT a master pty.
3080 */
3081 if (tty == real_tty && current->signal->tty != real_tty)
3082 return -ENOTTY;
ab521dc0 3083 return put_user(pid_nr(real_tty->pgrp), p);
1da177e4
LT		 3084}
3085
af9b897e
AC		 3086/**
3087 * tiocspgrp - attempt to set process group
3088 * @tty: tty passed by user
3089 * @real_tty: tty side device matching tty passed by user
3090 * @p: pid pointer
3091 *
3092 * Set the process group of the tty to the session passed. Only
3093 * permitted where the tty session is our session.
3094 *
3095 * Locking: None
af9b897e
AC		 3096 */
3097
1da177e4
LT		 3098static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3099{
04a2e6a5
EB		 3100 struct pid *pgrp;
3101 pid_t pgrp_nr;
1da177e4
LT		 3102 int retval = tty_check_change(real_tty);
3103
3104 if (retval == -EIO)
3105 return -ENOTTY;
3106 if (retval)
3107 return retval;
3108 if (!current->signal->tty ||
3109 (current->signal->tty != real_tty) ||
ab521dc0 3110 (real_tty->session != task_session(current)))
1da177e4 3111 return -ENOTTY;
04a2e6a5 3112 if (get_user(pgrp_nr, p))
1da177e4 3113 return -EFAULT;
04a2e6a5 3114 if (pgrp_nr < 0)
1da177e4 3115 return -EINVAL;
04a2e6a5
EB		 3116 rcu_read_lock();
3117 pgrp = find_pid(pgrp_nr);
3118 retval = -ESRCH;
3119 if (!pgrp)
3120 goto out_unlock;
3121 retval = -EPERM;
3122 if (session_of_pgrp(pgrp) != task_session(current))
3123 goto out_unlock;
3124 retval = 0;
ab521dc0
EB		 3125 put_pid(real_tty->pgrp);
3126 real_tty->pgrp = get_pid(pgrp);
04a2e6a5
EB		 3127out_unlock:
3128 rcu_read_unlock();
3129 return retval;
1da177e4
LT		 3130}
3131
af9b897e
AC		 3132/**
3133 * tiocgsid - get session id
3134 * @tty: tty passed by user
3135 * @real_tty: tty side of the tty pased by the user if a pty else the tty
3136 * @p: pointer to returned session id
3137 *
3138 * Obtain the session id of the tty. If there is no session
3139 * return an error.
3140 *
24ec839c 3141 * Locking: none. Reference to current->signal->tty is safe.
af9b897e
AC		 3142 */
3143
1da177e4
LT		 3144static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3145{
3146 /*
3147 * (tty == real_tty) is a cheap way of
3148 * testing if the tty is NOT a master pty.
3149 */
3150 if (tty == real_tty && current->signal->tty != real_tty)
3151 return -ENOTTY;
ab521dc0 3152 if (!real_tty->session)
1da177e4 3153 return -ENOTTY;
ab521dc0 3154 return put_user(pid_nr(real_tty->session), p);
1da177e4
LT		 3155}
3156
af9b897e
AC		 3157/**
3158 * tiocsetd - set line discipline
3159 * @tty: tty device
3160 * @p: pointer to user data
3161 *
3162 * Set the line discipline according to user request.
3163 *
3164 * Locking: see tty_set_ldisc, this function is just a helper
3165 */
3166
1da177e4
LT		 3167static int tiocsetd(struct tty_struct *tty, int __user *p)
3168{
3169 int ldisc;
3170
3171 if (get_user(ldisc, p))
3172 return -EFAULT;
3173 return tty_set_ldisc(tty, ldisc);
3174}
3175
af9b897e
AC		 3176/**
3177 * send_break - performed time break
3178 * @tty: device to break on
3179 * @duration: timeout in mS
3180 *
3181 * Perform a timed break on hardware that lacks its own driver level
3182 * timed break functionality.
3183 *
3184 * Locking:
28298232 3185 * atomic_write_lock serializes
af9b897e 3186 *
af9b897e
AC		 3187 */
3188
b20f3ae5 3189static int send_break(struct tty_struct *tty, unsigned int duration)
1da177e4 3190{
9c1729db 3191 if (tty_write_lock(tty, 0) < 0)
28298232 3192 return -EINTR;
1da177e4 3193 tty->driver->break_ctl(tty, -1);
9c1729db 3194 if (!signal_pending(current))
b20f3ae5 3195 msleep_interruptible(duration);
1da177e4 3196 tty->driver->break_ctl(tty, 0);
9c1729db 3197 tty_write_unlock(tty);
1da177e4
LT		 3198 if (signal_pending(current))
3199 return -EINTR;
3200 return 0;
3201}
3202
af9b897e
AC		 3203/**
3204 * tiocmget - get modem status
3205 * @tty: tty device
3206 * @file: user file pointer
3207 * @p: pointer to result
3208 *
3209 * Obtain the modem status bits from the tty driver if the feature
3210 * is supported. Return -EINVAL if it is not available.
3211 *
3212 * Locking: none (up to the driver)
3213 */
3214
3215static int tty_tiocmget(struct tty_struct *tty, struct file *file, int __user *p)
1da177e4
LT		 3216{
3217 int retval = -EINVAL;
3218
3219 if (tty->driver->tiocmget) {
3220 retval = tty->driver->tiocmget(tty, file);
3221
3222 if (retval >= 0)
3223 retval = put_user(retval, p);
3224 }
3225 return retval;
3226}
3227
af9b897e
AC		 3228/**
3229 * tiocmset - set modem status
3230 * @tty: tty device
3231 * @file: user file pointer
3232 * @cmd: command - clear bits, set bits or set all
3233 * @p: pointer to desired bits
3234 *
3235 * Set the modem status bits from the tty driver if the feature
3236 * is supported. Return -EINVAL if it is not available.
3237 *
3238 * Locking: none (up to the driver)
3239 */
3240
3241static int tty_tiocmset(struct tty_struct *tty, struct file *file, unsigned int cmd,
1da177e4
LT		 3242 unsigned __user *p)
3243{
3244 int retval = -EINVAL;
3245
3246 if (tty->driver->tiocmset) {
3247 unsigned int set, clear, val;
3248
3249 retval = get_user(val, p);
3250 if (retval)
3251 return retval;
3252
3253 set = clear = 0;
3254 switch (cmd) {
3255 case TIOCMBIS:
3256 set = val;
3257 break;
3258 case TIOCMBIC:
3259 clear = val;
3260 break;
3261 case TIOCMSET:
3262 set = val;
3263 clear = ~val;
3264 break;
3265 }
3266
3267 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
3268 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
3269
3270 retval = tty->driver->tiocmset(tty, file, set, clear);
3271 }
3272 return retval;
3273}
3274
3275/*
3276 * Split this up, as gcc can choke on it otherwise..
3277 */
3278int tty_ioctl(struct inode * inode, struct file * file,
3279 unsigned int cmd, unsigned long arg)
3280{
3281 struct tty_struct *tty, *real_tty;
3282 void __user *p = (void __user *)arg;
3283 int retval;
3284 struct tty_ldisc *ld;
3285
3286 tty = (struct tty_struct *)file->private_data;
3287 if (tty_paranoia_check(tty, inode, "tty_ioctl"))
3288 return -EINVAL;
3289
28298232
AC		 3290 /* CHECKME: is this safe as one end closes ? */
3291
1da177e4
LT		 3292 real_tty = tty;
3293 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
3294 tty->driver->subtype == PTY_TYPE_MASTER)
3295 real_tty = tty->link;
3296
3297 /*
3298 * Break handling by driver
3299 */
3300 if (!tty->driver->break_ctl) {
3301 switch(cmd) {
3302 case TIOCSBRK:
3303 case TIOCCBRK:
3304 if (tty->driver->ioctl)
3305 return tty->driver->ioctl(tty, file, cmd, arg);
3306 return -EINVAL;
3307
3308 /* These two ioctl's always return success; even if */
3309 /* the driver doesn't support them. */
3310 case TCSBRK:
3311 case TCSBRKP:
3312 if (!tty->driver->ioctl)
3313 return 0;
3314 retval = tty->driver->ioctl(tty, file, cmd, arg);
3315 if (retval == -ENOIOCTLCMD)
3316 retval = 0;
3317 return retval;
3318 }
3319 }
3320
3321 /*
3322 * Factor out some common prep work
3323 */
3324 switch (cmd) {
3325 case TIOCSETD:
3326 case TIOCSBRK:
3327 case TIOCCBRK:
3328 case TCSBRK:
3329 case TCSBRKP:
3330 retval = tty_check_change(tty);
3331 if (retval)
3332 return retval;
3333 if (cmd != TIOCCBRK) {
3334 tty_wait_until_sent(tty, 0);
3335 if (signal_pending(current))
3336 return -EINTR;
3337 }
3338 break;
3339 }
3340
3341 switch (cmd) {
3342 case TIOCSTI:
3343 return tiocsti(tty, p);
3344 case TIOCGWINSZ:
3345 return tiocgwinsz(tty, p);
3346 case TIOCSWINSZ:
3347 return tiocswinsz(tty, real_tty, p);
3348 case TIOCCONS:
3349 return real_tty!=tty ? -EINVAL : tioccons(file);
3350 case FIONBIO:
3351 return fionbio(file, p);
3352 case TIOCEXCL:
3353 set_bit(TTY_EXCLUSIVE, &tty->flags);
3354 return 0;
3355 case TIOCNXCL:
3356 clear_bit(TTY_EXCLUSIVE, &tty->flags);
3357 return 0;
3358 case TIOCNOTTY:
3359 if (current->signal->tty != tty)
3360 return -ENOTTY;
98a27ba4 3361 no_tty();
1da177e4
LT		 3362 return 0;
3363 case TIOCSCTTY:
3364 return tiocsctty(tty, arg);
3365 case TIOCGPGRP:
3366 return tiocgpgrp(tty, real_tty, p);
3367 case TIOCSPGRP:
3368 return tiocspgrp(tty, real_tty, p);
3369 case TIOCGSID:
3370 return tiocgsid(tty, real_tty, p);
3371 case TIOCGETD:
3372 /* FIXME: check this is ok */
3373 return put_user(tty->ldisc.num, (int __user *)p);
3374 case TIOCSETD:
3375 return tiocsetd(tty, p);
3376#ifdef CONFIG_VT
3377 case TIOCLINUX:
3378 return tioclinux(tty, arg);
3379#endif
3380 /*
3381 * Break handling
3382 */
3383 case TIOCSBRK: /* Turn break on, unconditionally */
3384 tty->driver->break_ctl(tty, -1);
3385 return 0;
3386
3387 case TIOCCBRK: /* Turn break off, unconditionally */
3388 tty->driver->break_ctl(tty, 0);
3389 return 0;
3390 case TCSBRK: /* SVID version: non-zero arg --> no break */
283fef59
PF		 3391 /* non-zero arg means wait for all output data
3392 * to be sent (performed above) but don't send break.
3393 * This is used by the tcdrain() termios function.
1da177e4
LT		 3394 */
3395 if (!arg)
b20f3ae5 3396 return send_break(tty, 250);
1da177e4
LT		 3397 return 0;
3398 case TCSBRKP: /* support for POSIX tcsendbreak() */
b20f3ae5 3399 return send_break(tty, arg ? arg*100 : 250);
1da177e4
LT		 3400
3401 case TIOCMGET:
3402 return tty_tiocmget(tty, file, p);
3403
3404 case TIOCMSET:
3405 case TIOCMBIC:
3406 case TIOCMBIS:
3407 return tty_tiocmset(tty, file, cmd, p);
c5c34d48
PF		 3408 case TCFLSH:
3409 switch (arg) {
3410 case TCIFLUSH:
3411 case TCIOFLUSH:
3412 /* flush tty buffer and allow ldisc to process ioctl */
3413 tty_buffer_flush(tty);
3414 break;
3415 }
3416 break;
1da177e4
LT		 3417 }
3418 if (tty->driver->ioctl) {
3419 retval = (tty->driver->ioctl)(tty, file, cmd, arg);
3420 if (retval != -ENOIOCTLCMD)
3421 return retval;
3422 }
3423 ld = tty_ldisc_ref_wait(tty);
3424 retval = -EINVAL;
3425 if (ld->ioctl) {
3426 retval = ld->ioctl(tty, file, cmd, arg);
3427 if (retval == -ENOIOCTLCMD)
3428 retval = -EINVAL;
3429 }
3430 tty_ldisc_deref(ld);
3431 return retval;
3432}
3433
e10cc1df
PF		 3434#ifdef CONFIG_COMPAT
3435static long tty_compat_ioctl(struct file * file, unsigned int cmd,
3436 unsigned long arg)
3437{
3438 struct inode *inode = file->f_dentry->d_inode;
3439 struct tty_struct *tty = file->private_data;
3440 struct tty_ldisc *ld;
3441 int retval = -ENOIOCTLCMD;
3442
3443 if (tty_paranoia_check(tty, inode, "tty_ioctl"))
3444 return -EINVAL;
3445
3446 if (tty->driver->compat_ioctl) {
3447 retval = (tty->driver->compat_ioctl)(tty, file, cmd, arg);
3448 if (retval != -ENOIOCTLCMD)
3449 return retval;
3450 }
3451
3452 ld = tty_ldisc_ref_wait(tty);
3453 if (ld->compat_ioctl)
3454 retval = ld->compat_ioctl(tty, file, cmd, arg);
3455 tty_ldisc_deref(ld);
3456
3457 return retval;
3458}
3459#endif
1da177e4
LT		 3460
3461/*
3462 * This implements the "Secure Attention Key" --- the idea is to
3463 * prevent trojan horses by killing all processes associated with this
3464 * tty when the user hits the "Secure Attention Key". Required for
3465 * super-paranoid applications --- see the Orange Book for more details.
3466 *
3467 * This code could be nicer; ideally it should send a HUP, wait a few
3468 * seconds, then send a INT, and then a KILL signal. But you then
3469 * have to coordinate with the init process, since all processes associated
3470 * with the current tty must be dead before the new getty is allowed
3471 * to spawn.
3472 *
3473 * Now, if it would be correct ;-/ The current code has a nasty hole -
3474 * it doesn't catch files in flight. We may send the descriptor to ourselves
3475 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
3476 *
3477 * Nasty bug: do_SAK is being called in interrupt context. This can
3478 * deadlock. We punt it up to process context. AKPM - 16Mar2001
3479 */
8b6312f4 3480void __do_SAK(struct tty_struct *tty)
1da177e4
LT		 3481{
3482#ifdef TTY_SOFT_SAK
3483 tty_hangup(tty);
3484#else
652486fb 3485 struct task_struct *g, *p;
ab521dc0 3486 struct pid *session;
1da177e4
LT		 3487 int i;
3488 struct file *filp;
badf1662 3489 struct fdtable *fdt;
1da177e4
LT		 3490
3491 if (!tty)
3492 return;
24ec839c 3493 session = tty->session;
1da177e4 3494
b3f13deb 3495 tty_ldisc_flush(tty);
1da177e4
LT		 3496
3497 if (tty->driver->flush_buffer)
3498 tty->driver->flush_buffer(tty);
3499
3500 read_lock(&tasklist_lock);
652486fb 3501 /* Kill the entire session */
ab521dc0 3502 do_each_pid_task(session, PIDTYPE_SID, p) {
652486fb 3503 printk(KERN_NOTICE "SAK: killed process %d"
937949d9 3504 " (%s): process_session(p)==tty->session\n",
652486fb
EB		 3505 p->pid, p->comm);
3506 send_sig(SIGKILL, p, 1);
ab521dc0 3507 } while_each_pid_task(session, PIDTYPE_SID, p);
652486fb
EB		 3508 /* Now kill any processes that happen to have the
3509 * tty open.
3510 */
3511 do_each_thread(g, p) {
3512 if (p->signal->tty == tty) {
1da177e4 3513 printk(KERN_NOTICE "SAK: killed process %d"
937949d9 3514 " (%s): process_session(p)==tty->session\n",
1da177e4
LT		 3515 p->pid, p->comm);
3516 send_sig(SIGKILL, p, 1);
3517 continue;
3518 }
3519 task_lock(p);
3520 if (p->files) {
ca99c1da
DS		 3521 /*
3522 * We don't take a ref to the file, so we must
3523 * hold ->file_lock instead.
3524 */
3525 spin_lock(&p->files->file_lock);
badf1662
DS		 3526 fdt = files_fdtable(p->files);
3527 for (i=0; i < fdt->max_fds; i++) {
1da177e4
LT		 3528 filp = fcheck_files(p->files, i);
3529 if (!filp)
3530 continue;
3531 if (filp->f_op->read == tty_read &&
3532 filp->private_data == tty) {
3533 printk(KERN_NOTICE "SAK: killed process %d"
3534 " (%s): fd#%d opened to the tty\n",
3535 p->pid, p->comm, i);
20ac9437 3536 force_sig(SIGKILL, p);
1da177e4
LT		 3537 break;
3538 }
3539 }
ca99c1da 3540 spin_unlock(&p->files->file_lock);
1da177e4
LT		 3541 }
3542 task_unlock(p);
652486fb 3543 } while_each_thread(g, p);
1da177e4
LT		 3544 read_unlock(&tasklist_lock);
3545#endif
3546}
3547
8b6312f4
EB		 3548static void do_SAK_work(struct work_struct *work)
3549{
3550 struct tty_struct *tty =
3551 container_of(work, struct tty_struct, SAK_work);
3552 __do_SAK(tty);
3553}
3554
1da177e4
LT		 3555/*
3556 * The tq handling here is a little racy - tty->SAK_work may already be queued.
3557 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3558 * the values which we write to it will be identical to the values which it
3559 * already has. --akpm
3560 */
3561void do_SAK(struct tty_struct *tty)
3562{
3563 if (!tty)
3564 return;
1da177e4
LT		 3565 schedule_work(&tty->SAK_work);
3566}
3567
3568EXPORT_SYMBOL(do_SAK);
3569
af9b897e
AC		 3570/**
3571 * flush_to_ldisc
65f27f38 3572 * @work: tty structure passed from work queue.
af9b897e
AC		 3573 *
3574 * This routine is called out of the software interrupt to flush data
3575 * from the buffer chain to the line discipline.
3576 *
3577 * Locking: holds tty->buf.lock to guard buffer list. Drops the lock
3578 * while invoking the line discipline receive_buf method. The
3579 * receive_buf method is single threaded for each tty instance.
1da177e4
LT		 3580 */
3581
65f27f38 3582static void flush_to_ldisc(struct work_struct *work)
1da177e4 3583{
65f27f38
DH		 3584 struct tty_struct *tty =
3585 container_of(work, struct tty_struct, buf.work.work);
1da177e4
LT		 3586 unsigned long flags;
3587 struct tty_ldisc *disc;
2c3bb20f 3588 struct tty_buffer *tbuf, *head;
8977d929
PF		 3589 char *char_buf;
3590 unsigned char *flag_buf;
1da177e4
LT		 3591
3592 disc = tty_ldisc_ref(tty);
3593 if (disc == NULL) /* !TTY_LDISC */
3594 return;
3595
808249ce 3596 spin_lock_irqsave(&tty->buf.lock, flags);
2c3bb20f
PF		 3597 head = tty->buf.head;
3598 if (head != NULL) {
3599 tty->buf.head = NULL;
3600 for (;;) {
3601 int count = head->commit - head->read;
3602 if (!count) {
3603 if (head->next == NULL)
3604 break;
3605 tbuf = head;
3606 head = head->next;
3607 tty_buffer_free(tty, tbuf);
3608 continue;
3609 }
3610 if (!tty->receive_room) {
3611 schedule_delayed_work(&tty->buf.work, 1);
3612 break;
3613 }
3614 if (count > tty->receive_room)
3615 count = tty->receive_room;
3616 char_buf = head->char_buf_ptr + head->read;
3617 flag_buf = head->flag_buf_ptr + head->read;
3618 head->read += count;
8977d929
PF		 3619 spin_unlock_irqrestore(&tty->buf.lock, flags);
3620 disc->receive_buf(tty, char_buf, flag_buf, count);
3621 spin_lock_irqsave(&tty->buf.lock, flags);
3622 }
2c3bb20f 3623 tty->buf.head = head;
33f0f88f 3624 }
808249ce 3625 spin_unlock_irqrestore(&tty->buf.lock, flags);
817d6d3b 3626
1da177e4
LT		 3627 tty_ldisc_deref(disc);
3628}
3629
1da177e4
LT		 3630/**
3631 * tty_flip_buffer_push - terminal
3632 * @tty: tty to push
3633 *
3634 * Queue a push of the terminal flip buffers to the line discipline. This
3635 * function must not be called from IRQ context if tty->low_latency is set.
3636 *
3637 * In the event of the queue being busy for flipping the work will be
3638 * held off and retried later.
af9b897e
AC		 3639 *
3640 * Locking: tty buffer lock. Driver locks in low latency mode.
1da177e4
LT		 3641 */
3642
3643void tty_flip_buffer_push(struct tty_struct *tty)
3644{
808249ce
PF		 3645 unsigned long flags;
3646 spin_lock_irqsave(&tty->buf.lock, flags);
33b37a33 3647 if (tty->buf.tail != NULL)
8977d929 3648 tty->buf.tail->commit = tty->buf.tail->used;
808249ce
PF		 3649 spin_unlock_irqrestore(&tty->buf.lock, flags);
3650
1da177e4 3651 if (tty->low_latency)
65f27f38 3652 flush_to_ldisc(&tty->buf.work.work);
1da177e4 3653 else
33f0f88f 3654 schedule_delayed_work(&tty->buf.work, 1);
1da177e4
LT		 3655}
3656
3657EXPORT_SYMBOL(tty_flip_buffer_push);
3658
33f0f88f 3659
af9b897e
AC		 3660/**
3661 * initialize_tty_struct
3662 * @tty: tty to initialize
3663 *
3664 * This subroutine initializes a tty structure that has been newly
3665 * allocated.
3666 *
3667 * Locking: none - tty in question must not be exposed at this point
1da177e4 3668 */
af9b897e 3669
1da177e4
LT		 3670static void initialize_tty_struct(struct tty_struct *tty)
3671{
3672 memset(tty, 0, sizeof(struct tty_struct));
3673 tty->magic = TTY_MAGIC;
3674 tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
ab521dc0
EB		 3675 tty->session = NULL;
3676 tty->pgrp = NULL;
1da177e4 3677 tty->overrun_time = jiffies;
33f0f88f
AC		 3678 tty->buf.head = tty->buf.tail = NULL;
3679 tty_buffer_init(tty);
65f27f38 3680 INIT_DELAYED_WORK(&tty->buf.work, flush_to_ldisc);
33f0f88f 3681 init_MUTEX(&tty->buf.pty_sem);
5785c95b 3682 mutex_init(&tty->termios_mutex);
1da177e4
LT		 3683 init_waitqueue_head(&tty->write_wait);
3684 init_waitqueue_head(&tty->read_wait);
65f27f38 3685 INIT_WORK(&tty->hangup_work, do_tty_hangup);
70522e12
IM		 3686 mutex_init(&tty->atomic_read_lock);
3687 mutex_init(&tty->atomic_write_lock);
1da177e4
LT		 3688 spin_lock_init(&tty->read_lock);
3689 INIT_LIST_HEAD(&tty->tty_files);
7f1f86a0 3690 INIT_WORK(&tty->SAK_work, do_SAK_work);
1da177e4
LT		 3691}
3692
3693/*
3694 * The default put_char routine if the driver did not define one.
3695 */
af9b897e 3696
1da177e4
LT		 3697static void tty_default_put_char(struct tty_struct *tty, unsigned char ch)
3698{
3699 tty->driver->write(tty, &ch, 1);
3700}
3701
7fe845d1 3702static struct class *tty_class;
1da177e4
LT		 3703
3704/**
af9b897e
AC		 3705 * tty_register_device - register a tty device
3706 * @driver: the tty driver that describes the tty device
3707 * @index: the index in the tty driver for this tty device
3708 * @device: a struct device that is associated with this tty device.
3709 * This field is optional, if there is no known struct device
3710 * for this tty device it can be set to NULL safely.
1da177e4 3711 *
01107d34
GKH		 3712 * Returns a pointer to the struct device for this tty device
3713 * (or ERR_PTR(-EFOO) on error).
1cdcb6b4 3714 *
af9b897e
AC		 3715 * This call is required to be made to register an individual tty device
3716 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3717 * that bit is not set, this function should not be called by a tty
3718 * driver.
3719 *
3720 * Locking: ??
1da177e4 3721 */
af9b897e 3722
01107d34
GKH		 3723struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3724 struct device *device)
1da177e4
LT		 3725{
3726 char name[64];
3727 dev_t dev = MKDEV(driver->major, driver->minor_start) + index;
3728
3729 if (index >= driver->num) {
3730 printk(KERN_ERR "Attempt to register invalid tty line number "
3731 " (%d).\n", index);
1cdcb6b4 3732 return ERR_PTR(-EINVAL);
1da177e4
LT		 3733 }
3734
1da177e4
LT		 3735 if (driver->type == TTY_DRIVER_TYPE_PTY)
3736 pty_line_name(driver, index, name);
3737 else
3738 tty_line_name(driver, index, name);
1cdcb6b4 3739
01107d34 3740 return device_create(tty_class, device, dev, name);
1da177e4
LT		 3741}
3742
3743/**
af9b897e
AC		 3744 * tty_unregister_device - unregister a tty device
3745 * @driver: the tty driver that describes the tty device
3746 * @index: the index in the tty driver for this tty device
1da177e4 3747 *
af9b897e
AC		 3748 * If a tty device is registered with a call to tty_register_device() then
3749 * this function must be called when the tty device is gone.
3750 *
3751 * Locking: ??
1da177e4 3752 */
af9b897e 3753
1da177e4
LT		 3754void tty_unregister_device(struct tty_driver *driver, unsigned index)
3755{
01107d34 3756 device_destroy(tty_class, MKDEV(driver->major, driver->minor_start) + index);
1da177e4
LT		 3757}
3758
3759EXPORT_SYMBOL(tty_register_device);
3760EXPORT_SYMBOL(tty_unregister_device);
3761
3762struct tty_driver *alloc_tty_driver(int lines)
3763{
3764 struct tty_driver *driver;
3765
506eb99a 3766 driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL);
1da177e4 3767 if (driver) {
1da177e4
LT		 3768 driver->magic = TTY_DRIVER_MAGIC;
3769 driver->num = lines;
3770 /* later we'll move allocation of tables here */
3771 }
3772 return driver;
3773}
3774
3775void put_tty_driver(struct tty_driver *driver)
3776{
3777 kfree(driver);
3778}
3779
b68e31d0
JD		 3780void tty_set_operations(struct tty_driver *driver,
3781 const struct tty_operations *op)
1da177e4
LT		 3782{
3783 driver->open = op->open;
3784 driver->close = op->close;
3785 driver->write = op->write;
3786 driver->put_char = op->put_char;
3787 driver->flush_chars = op->flush_chars;
3788 driver->write_room = op->write_room;
3789 driver->chars_in_buffer = op->chars_in_buffer;
3790 driver->ioctl = op->ioctl;
e10cc1df 3791 driver->compat_ioctl = op->compat_ioctl;
1da177e4
LT		 3792 driver->set_termios = op->set_termios;
3793 driver->throttle = op->throttle;
3794 driver->unthrottle = op->unthrottle;
3795 driver->stop = op->stop;
3796 driver->start = op->start;
3797 driver->hangup = op->hangup;
3798 driver->break_ctl = op->break_ctl;
3799 driver->flush_buffer = op->flush_buffer;
3800 driver->set_ldisc = op->set_ldisc;
3801 driver->wait_until_sent = op->wait_until_sent;
3802 driver->send_xchar = op->send_xchar;
3803 driver->read_proc = op->read_proc;
3804 driver->write_proc = op->write_proc;
3805 driver->tiocmget = op->tiocmget;
3806 driver->tiocmset = op->tiocmset;
3807}
3808
3809
3810EXPORT_SYMBOL(alloc_tty_driver);
3811EXPORT_SYMBOL(put_tty_driver);
3812EXPORT_SYMBOL(tty_set_operations);
3813
3814/*
3815 * Called by a tty driver to register itself.
3816 */
3817int tty_register_driver(struct tty_driver *driver)
3818{
3819 int error;
3820 int i;
3821 dev_t dev;
3822 void **p = NULL;
3823
3824 if (driver->flags & TTY_DRIVER_INSTALLED)
3825 return 0;
3826
543691a6
AW		 3827 if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM) && driver->num) {
3828 p = kzalloc(driver->num * 3 * sizeof(void *), GFP_KERNEL);
1da177e4
LT		 3829 if (!p)
3830 return -ENOMEM;
1da177e4
LT		 3831 }
3832
3833 if (!driver->major) {
3834 error = alloc_chrdev_region(&dev, driver->minor_start, driver->num,
e5717c48 3835 driver->name);
1da177e4
LT		 3836 if (!error) {
3837 driver->major = MAJOR(dev);
3838 driver->minor_start = MINOR(dev);
3839 }
3840 } else {
3841 dev = MKDEV(driver->major, driver->minor_start);
e5717c48 3842 error = register_chrdev_region(dev, driver->num, driver->name);
1da177e4
LT		 3843 }
3844 if (error < 0) {
3845 kfree(p);
3846 return error;
3847 }
3848
3849 if (p) {
3850 driver->ttys = (struct tty_struct **)p;
edc6afc5
AC		 3851 driver->termios = (struct ktermios **)(p + driver->num);
3852 driver->termios_locked = (struct ktermios **)(p + driver->num * 2);
1da177e4
LT		 3853 } else {
3854 driver->ttys = NULL;
3855 driver->termios = NULL;
3856 driver->termios_locked = NULL;
3857 }
3858
3859 cdev_init(&driver->cdev, &tty_fops);
3860 driver->cdev.owner = driver->owner;
3861 error = cdev_add(&driver->cdev, dev, driver->num);
3862 if (error) {
1da177e4
LT		 3863 unregister_chrdev_region(dev, driver->num);
3864 driver->ttys = NULL;
3865 driver->termios = driver->termios_locked = NULL;
3866 kfree(p);
3867 return error;
3868 }
3869
3870 if (!driver->put_char)
3871 driver->put_char = tty_default_put_char;
3872
ca509f69 3873 mutex_lock(&tty_mutex);
1da177e4 3874 list_add(&driver->tty_drivers, &tty_drivers);
ca509f69 3875 mutex_unlock(&tty_mutex);
1da177e4 3876
331b8319 3877 if ( !(driver->flags & TTY_DRIVER_DYNAMIC_DEV) ) {
1da177e4
LT		 3878 for(i = 0; i < driver->num; i++)
3879 tty_register_device(driver, i, NULL);
3880 }
3881 proc_tty_register_driver(driver);
3882 return 0;
3883}
3884
3885EXPORT_SYMBOL(tty_register_driver);
3886
3887/*
3888 * Called by a tty driver to unregister itself.
3889 */
3890int tty_unregister_driver(struct tty_driver *driver)
3891{
3892 int i;
edc6afc5 3893 struct ktermios *tp;
1da177e4
LT		 3894 void *p;
3895
3896 if (driver->refcount)
3897 return -EBUSY;
3898
3899 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3900 driver->num);
ca509f69 3901 mutex_lock(&tty_mutex);
1da177e4 3902 list_del(&driver->tty_drivers);
ca509f69 3903 mutex_unlock(&tty_mutex);
1da177e4
LT		 3904
3905 /*
3906 * Free the termios and termios_locked structures because
3907 * we don't want to get memory leaks when modular tty
3908 * drivers are removed from the kernel.
3909 */
3910 for (i = 0; i < driver->num; i++) {
3911 tp = driver->termios[i];
3912 if (tp) {
3913 driver->termios[i] = NULL;
3914 kfree(tp);
3915 }
3916 tp = driver->termios_locked[i];
3917 if (tp) {
3918 driver->termios_locked[i] = NULL;
3919 kfree(tp);
3920 }
331b8319 3921 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
1da177e4
LT		 3922 tty_unregister_device(driver, i);
3923 }
3924 p = driver->ttys;
3925 proc_tty_unregister_driver(driver);
3926 driver->ttys = NULL;
3927 driver->termios = driver->termios_locked = NULL;
3928 kfree(p);
3929 cdev_del(&driver->cdev);
3930 return 0;
3931}
1da177e4
LT		 3932EXPORT_SYMBOL(tty_unregister_driver);
3933
24ec839c
PZ		 3934dev_t tty_devnum(struct tty_struct *tty)
3935{
3936 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3937}
3938EXPORT_SYMBOL(tty_devnum);
3939
3940void proc_clear_tty(struct task_struct *p)
3941{
3942 spin_lock_irq(&p->sighand->siglock);
3943 p->signal->tty = NULL;
3944 spin_unlock_irq(&p->sighand->siglock);
3945}
7cac4ce5 3946EXPORT_SYMBOL(proc_clear_tty);
24ec839c 3947
2a65f1d9 3948static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
24ec839c
PZ		 3949{
3950 if (tty) {
d9c1e9a8
EB		 3951 /* We should not have a session or pgrp to here but.... */
3952 put_pid(tty->session);
3953 put_pid(tty->pgrp);
ab521dc0
EB		 3954 tty->session = get_pid(task_session(tsk));
3955 tty->pgrp = get_pid(task_pgrp(tsk));
24ec839c 3956 }
2a65f1d9 3957 put_pid(tsk->signal->tty_old_pgrp);
24ec839c 3958 tsk->signal->tty = tty;
ab521dc0 3959 tsk->signal->tty_old_pgrp = NULL;
24ec839c
PZ		 3960}
3961
98a27ba4 3962static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
24ec839c
PZ		 3963{
3964 spin_lock_irq(&tsk->sighand->siglock);
2a65f1d9 3965 __proc_set_tty(tsk, tty);
24ec839c
PZ		 3966 spin_unlock_irq(&tsk->sighand->siglock);
3967}
3968
3969struct tty_struct *get_current_tty(void)
3970{
3971 struct tty_struct *tty;
3972 WARN_ON_ONCE(!mutex_is_locked(&tty_mutex));
3973 tty = current->signal->tty;
3974 /*
3975 * session->tty can be changed/cleared from under us, make sure we
3976 * issue the load. The obtained pointer, when not NULL, is valid as
3977 * long as we hold tty_mutex.
3978 */
3979 barrier();
3980 return tty;
3981}
a311f743 3982EXPORT_SYMBOL_GPL(get_current_tty);
1da177e4
LT		 3983
3984/*
3985 * Initialize the console device. This is called *early*, so
3986 * we can't necessarily depend on lots of kernel help here.
3987 * Just do some early initializations, and do the complex setup
3988 * later.
3989 */
3990void __init console_init(void)
3991{
3992 initcall_t *call;
3993
3994 /* Setup the default TTY line discipline. */
3995 (void) tty_register_ldisc(N_TTY, &tty_ldisc_N_TTY);
3996
3997 /*
3998 * set up the console device so that later boot sequences can
3999 * inform about problems etc..
4000 */
1da177e4
LT		 4001 call = __con_initcall_start;
4002 while (call < __con_initcall_end) {
4003 (*call)();
4004 call++;
4005 }
4006}
4007
4008#ifdef CONFIG_VT
4009extern int vty_init(void);
4010#endif
4011
4012static int __init tty_class_init(void)
4013{
7fe845d1 4014 tty_class = class_create(THIS_MODULE, "tty");
1da177e4
LT		 4015 if (IS_ERR(tty_class))
4016 return PTR_ERR(tty_class);
4017 return 0;
4018}
4019
4020postcore_initcall(tty_class_init);
4021
4022/* 3/2004 jmc: why do these devices exist? */
4023
4024static struct cdev tty_cdev, console_cdev;
4025#ifdef CONFIG_UNIX98_PTYS
4026static struct cdev ptmx_cdev;
4027#endif
4028#ifdef CONFIG_VT
4029static struct cdev vc0_cdev;
4030#endif
4031
4032/*
4033 * Ok, now we can initialize the rest of the tty devices and can count
4034 * on memory allocations, interrupts etc..
4035 */
4036static int __init tty_init(void)
4037{
4038 cdev_init(&tty_cdev, &tty_fops);
4039 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
4040 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
4041 panic("Couldn't register /dev/tty driver\n");
01107d34 4042 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), "tty");
1da177e4
LT		 4043
4044 cdev_init(&console_cdev, &console_fops);
4045 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
4046 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
4047 panic("Couldn't register /dev/console driver\n");
01107d34 4048 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), "console");
1da177e4
LT		 4049
4050#ifdef CONFIG_UNIX98_PTYS
4051 cdev_init(&ptmx_cdev, &ptmx_fops);
4052 if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) ||
4053 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 2), 1, "/dev/ptmx") < 0)
4054 panic("Couldn't register /dev/ptmx driver\n");
01107d34 4055 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 2), "ptmx");
1da177e4
LT		 4056#endif
4057
4058#ifdef CONFIG_VT
4059 cdev_init(&vc0_cdev, &console_fops);
4060 if (cdev_add(&vc0_cdev, MKDEV(TTY_MAJOR, 0), 1) ||
4061 register_chrdev_region(MKDEV(TTY_MAJOR, 0), 1, "/dev/vc/0") < 0)
4062 panic("Couldn't register /dev/tty0 driver\n");
01107d34 4063 device_create(tty_class, NULL, MKDEV(TTY_MAJOR, 0), "tty0");
1da177e4
LT		 4064
4065 vty_init();
4066#endif
4067 return 0;
4068}
4069module_init(tty_init);
Clone of davem's net-next-2.6 tree