Merge branch 'sched-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel...
[linux-2.6] / drivers / char / tty_io.c
1 /*
2  *  linux/drivers/char/tty_io.c
3  *
4  *  Copyright (C) 1991, 1992  Linus Torvalds
5  */
6
7 /*
8  * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
9  * or rs-channels. It also implements echoing, cooked mode etc.
10  *
11  * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
12  *
13  * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
14  * tty_struct and tty_queue structures.  Previously there was an array
15  * of 256 tty_struct's which was statically allocated, and the
16  * tty_queue structures were allocated at boot time.  Both are now
17  * dynamically allocated only when the tty is open.
18  *
19  * Also restructured routines so that there is more of a separation
20  * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
21  * the low-level tty routines (serial.c, pty.c, console.c).  This
22  * makes for cleaner and more compact code.  -TYT, 9/17/92
23  *
24  * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
25  * which can be dynamically activated and de-activated by the line
26  * discipline handling modules (like SLIP).
27  *
28  * NOTE: pay no attention to the line discipline code (yet); its
29  * interface is still subject to change in this version...
30  * -- TYT, 1/31/92
31  *
32  * Added functionality to the OPOST tty handling.  No delays, but all
33  * other bits should be there.
34  *      -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
35  *
36  * Rewrote canonical mode and added more termios flags.
37  *      -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
38  *
39  * Reorganized FASYNC support so mouse code can share it.
40  *      -- ctm@ardi.com, 9Sep95
41  *
42  * New TIOCLINUX variants added.
43  *      -- mj@k332.feld.cvut.cz, 19-Nov-95
44  *
45  * Restrict vt switching via ioctl()
46  *      -- grif@cs.ucr.edu, 5-Dec-95
47  *
48  * Move console and virtual terminal code to more appropriate files,
49  * implement CONFIG_VT and generalize console device interface.
50  *      -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
51  *
52  * Rewrote init_dev and release_dev to eliminate races.
53  *      -- Bill Hawes <whawes@star.net>, June 97
54  *
55  * Added devfs support.
56  *      -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
57  *
58  * Added support for a Unix98-style ptmx device.
59  *      -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
60  *
61  * Reduced memory usage for older ARM systems
62  *      -- Russell King <rmk@arm.linux.org.uk>
63  *
64  * Move do_SAK() into process context.  Less stack use in devfs functions.
65  * alloc_tty_struct() always uses kmalloc()
66  *                       -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
67  */
68
69 #include <linux/types.h>
70 #include <linux/major.h>
71 #include <linux/errno.h>
72 #include <linux/signal.h>
73 #include <linux/fcntl.h>
74 #include <linux/sched.h>
75 #include <linux/interrupt.h>
76 #include <linux/tty.h>
77 #include <linux/tty_driver.h>
78 #include <linux/tty_flip.h>
79 #include <linux/devpts_fs.h>
80 #include <linux/file.h>
81 #include <linux/fdtable.h>
82 #include <linux/console.h>
83 #include <linux/timer.h>
84 #include <linux/ctype.h>
85 #include <linux/kd.h>
86 #include <linux/mm.h>
87 #include <linux/string.h>
88 #include <linux/slab.h>
89 #include <linux/poll.h>
90 #include <linux/proc_fs.h>
91 #include <linux/init.h>
92 #include <linux/module.h>
93 #include <linux/smp_lock.h>
94 #include <linux/device.h>
95 #include <linux/wait.h>
96 #include <linux/bitops.h>
97 #include <linux/delay.h>
98 #include <linux/seq_file.h>
99
100 #include <linux/uaccess.h>
101 #include <asm/system.h>
102
103 #include <linux/kbd_kern.h>
104 #include <linux/vt_kern.h>
105 #include <linux/selection.h>
106
107 #include <linux/kmod.h>
108 #include <linux/nsproxy.h>
109
110 #undef TTY_DEBUG_HANGUP
111
112 #define TTY_PARANOIA_CHECK 1
113 #define CHECK_TTY_COUNT 1
114
115 struct ktermios tty_std_termios = {     /* for the benefit of tty drivers  */
116         .c_iflag = ICRNL | IXON,
117         .c_oflag = OPOST | ONLCR,
118         .c_cflag = B38400 | CS8 | CREAD | HUPCL,
119         .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
120                    ECHOCTL | ECHOKE | IEXTEN,
121         .c_cc = INIT_C_CC,
122         .c_ispeed = 38400,
123         .c_ospeed = 38400
124 };
125
126 EXPORT_SYMBOL(tty_std_termios);
127
128 /* This list gets poked at by procfs and various bits of boot up code. This
129    could do with some rationalisation such as pulling the tty proc function
130    into this file */
131
132 LIST_HEAD(tty_drivers);                 /* linked list of tty drivers */
133
134 /* Mutex to protect creating and releasing a tty. This is shared with
135    vt.c for deeply disgusting hack reasons */
136 DEFINE_MUTEX(tty_mutex);
137 EXPORT_SYMBOL(tty_mutex);
138
139 #ifdef CONFIG_UNIX98_PTYS
140 extern struct tty_driver *ptm_driver;   /* Unix98 pty masters; for /dev/ptmx */
141 static int ptmx_open(struct inode *, struct file *);
142 #endif
143
144 static void initialize_tty_struct(struct tty_struct *tty);
145
146 static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
147 static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
148 ssize_t redirected_tty_write(struct file *, const char __user *,
149                                                         size_t, loff_t *);
150 static unsigned int tty_poll(struct file *, poll_table *);
151 static int tty_open(struct inode *, struct file *);
152 static int tty_release(struct inode *, struct file *);
153 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
154 #ifdef CONFIG_COMPAT
155 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
156                                 unsigned long arg);
157 #else
158 #define tty_compat_ioctl NULL
159 #endif
160 static int tty_fasync(int fd, struct file *filp, int on);
161 static void release_tty(struct tty_struct *tty, int idx);
162 static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
163 static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
164
165 /**
166  *      alloc_tty_struct        -       allocate a tty object
167  *
168  *      Return a new empty tty structure. The data fields have not
169  *      been initialized in any way but has been zeroed
170  *
171  *      Locking: none
172  */
173
174 static struct tty_struct *alloc_tty_struct(void)
175 {
176         return kzalloc(sizeof(struct tty_struct), GFP_KERNEL);
177 }
178
179 static void tty_buffer_free_all(struct tty_struct *);
180
181 /**
182  *      free_tty_struct         -       free a disused tty
183  *      @tty: tty struct to free
184  *
185  *      Free the write buffers, tty queue and tty memory itself.
186  *
187  *      Locking: none. Must be called after tty is definitely unused
188  */
189
190 static inline void free_tty_struct(struct tty_struct *tty)
191 {
192         kfree(tty->write_buf);
193         tty_buffer_free_all(tty);
194         kfree(tty);
195 }
196
197 #define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
198
199 /**
200  *      tty_name        -       return tty naming
201  *      @tty: tty structure
202  *      @buf: buffer for output
203  *
204  *      Convert a tty structure into a name. The name reflects the kernel
205  *      naming policy and if udev is in use may not reflect user space
206  *
207  *      Locking: none
208  */
209
210 char *tty_name(struct tty_struct *tty, char *buf)
211 {
212         if (!tty) /* Hmm.  NULL pointer.  That's fun. */
213                 strcpy(buf, "NULL tty");
214         else
215                 strcpy(buf, tty->name);
216         return buf;
217 }
218
219 EXPORT_SYMBOL(tty_name);
220
221 int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
222                               const char *routine)
223 {
224 #ifdef TTY_PARANOIA_CHECK
225         if (!tty) {
226                 printk(KERN_WARNING
227                         "null TTY for (%d:%d) in %s\n",
228                         imajor(inode), iminor(inode), routine);
229                 return 1;
230         }
231         if (tty->magic != TTY_MAGIC) {
232                 printk(KERN_WARNING
233                         "bad magic number for tty struct (%d:%d) in %s\n",
234                         imajor(inode), iminor(inode), routine);
235                 return 1;
236         }
237 #endif
238         return 0;
239 }
240
241 static int check_tty_count(struct tty_struct *tty, const char *routine)
242 {
243 #ifdef CHECK_TTY_COUNT
244         struct list_head *p;
245         int count = 0;
246
247         file_list_lock();
248         list_for_each(p, &tty->tty_files) {
249                 count++;
250         }
251         file_list_unlock();
252         if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
253             tty->driver->subtype == PTY_TYPE_SLAVE &&
254             tty->link && tty->link->count)
255                 count++;
256         if (tty->count != count) {
257                 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
258                                     "!= #fd's(%d) in %s\n",
259                        tty->name, tty->count, count, routine);
260                 return count;
261         }
262 #endif
263         return 0;
264 }
265
266 /*
267  * Tty buffer allocation management
268  */
269
270 /**
271  *      tty_buffer_free_all             -       free buffers used by a tty
272  *      @tty: tty to free from
273  *
274  *      Remove all the buffers pending on a tty whether queued with data
275  *      or in the free ring. Must be called when the tty is no longer in use
276  *
277  *      Locking: none
278  */
279
280 static void tty_buffer_free_all(struct tty_struct *tty)
281 {
282         struct tty_buffer *thead;
283         while ((thead = tty->buf.head) != NULL) {
284                 tty->buf.head = thead->next;
285                 kfree(thead);
286         }
287         while ((thead = tty->buf.free) != NULL) {
288                 tty->buf.free = thead->next;
289                 kfree(thead);
290         }
291         tty->buf.tail = NULL;
292         tty->buf.memory_used = 0;
293 }
294
295 /**
296  *      tty_buffer_init         -       prepare a tty buffer structure
297  *      @tty: tty to initialise
298  *
299  *      Set up the initial state of the buffer management for a tty device.
300  *      Must be called before the other tty buffer functions are used.
301  *
302  *      Locking: none
303  */
304
305 static void tty_buffer_init(struct tty_struct *tty)
306 {
307         spin_lock_init(&tty->buf.lock);
308         tty->buf.head = NULL;
309         tty->buf.tail = NULL;
310         tty->buf.free = NULL;
311         tty->buf.memory_used = 0;
312 }
313
314 /**
315  *      tty_buffer_alloc        -       allocate a tty buffer
316  *      @tty: tty device
317  *      @size: desired size (characters)
318  *
319  *      Allocate a new tty buffer to hold the desired number of characters.
320  *      Return NULL if out of memory or the allocation would exceed the
321  *      per device queue
322  *
323  *      Locking: Caller must hold tty->buf.lock
324  */
325
326 static struct tty_buffer *tty_buffer_alloc(struct tty_struct *tty, size_t size)
327 {
328         struct tty_buffer *p;
329
330         if (tty->buf.memory_used + size > 65536)
331                 return NULL;
332         p = kmalloc(sizeof(struct tty_buffer) + 2 * size, GFP_ATOMIC);
333         if (p == NULL)
334                 return NULL;
335         p->used = 0;
336         p->size = size;
337         p->next = NULL;
338         p->commit = 0;
339         p->read = 0;
340         p->char_buf_ptr = (char *)(p->data);
341         p->flag_buf_ptr = (unsigned char *)p->char_buf_ptr + size;
342         tty->buf.memory_used += size;
343         return p;
344 }
345
346 /**
347  *      tty_buffer_free         -       free a tty buffer
348  *      @tty: tty owning the buffer
349  *      @b: the buffer to free
350  *
351  *      Free a tty buffer, or add it to the free list according to our
352  *      internal strategy
353  *
354  *      Locking: Caller must hold tty->buf.lock
355  */
356
357 static void tty_buffer_free(struct tty_struct *tty, struct tty_buffer *b)
358 {
359         /* Dumb strategy for now - should keep some stats */
360         tty->buf.memory_used -= b->size;
361         WARN_ON(tty->buf.memory_used < 0);
362
363         if (b->size >= 512)
364                 kfree(b);
365         else {
366                 b->next = tty->buf.free;
367                 tty->buf.free = b;
368         }
369 }
370
371 /**
372  *      __tty_buffer_flush              -       flush full tty buffers
373  *      @tty: tty to flush
374  *
375  *      flush all the buffers containing receive data. Caller must
376  *      hold the buffer lock and must have ensured no parallel flush to
377  *      ldisc is running.
378  *
379  *      Locking: Caller must hold tty->buf.lock
380  */
381
382 static void __tty_buffer_flush(struct tty_struct *tty)
383 {
384         struct tty_buffer *thead;
385
386         while ((thead = tty->buf.head) != NULL) {
387                 tty->buf.head = thead->next;
388                 tty_buffer_free(tty, thead);
389         }
390         tty->buf.tail = NULL;
391 }
392
393 /**
394  *      tty_buffer_flush                -       flush full tty buffers
395  *      @tty: tty to flush
396  *
397  *      flush all the buffers containing receive data. If the buffer is
398  *      being processed by flush_to_ldisc then we defer the processing
399  *      to that function
400  *
401  *      Locking: none
402  */
403
404 static void tty_buffer_flush(struct tty_struct *tty)
405 {
406         unsigned long flags;
407         spin_lock_irqsave(&tty->buf.lock, flags);
408
409         /* If the data is being pushed to the tty layer then we can't
410            process it here. Instead set a flag and the flush_to_ldisc
411            path will process the flush request before it exits */
412         if (test_bit(TTY_FLUSHING, &tty->flags)) {
413                 set_bit(TTY_FLUSHPENDING, &tty->flags);
414                 spin_unlock_irqrestore(&tty->buf.lock, flags);
415                 wait_event(tty->read_wait,
416                                 test_bit(TTY_FLUSHPENDING, &tty->flags) == 0);
417                 return;
418         } else
419                 __tty_buffer_flush(tty);
420         spin_unlock_irqrestore(&tty->buf.lock, flags);
421 }
422
423 /**
424  *      tty_buffer_find         -       find a free tty buffer
425  *      @tty: tty owning the buffer
426  *      @size: characters wanted
427  *
428  *      Locate an existing suitable tty buffer or if we are lacking one then
429  *      allocate a new one. We round our buffers off in 256 character chunks
430  *      to get better allocation behaviour.
431  *
432  *      Locking: Caller must hold tty->buf.lock
433  */
434
435 static struct tty_buffer *tty_buffer_find(struct tty_struct *tty, size_t size)
436 {
437         struct tty_buffer **tbh = &tty->buf.free;
438         while ((*tbh) != NULL) {
439                 struct tty_buffer *t = *tbh;
440                 if (t->size >= size) {
441                         *tbh = t->next;
442                         t->next = NULL;
443                         t->used = 0;
444                         t->commit = 0;
445                         t->read = 0;
446                         tty->buf.memory_used += t->size;
447                         return t;
448                 }
449                 tbh = &((*tbh)->next);
450         }
451         /* Round the buffer size out */
452         size = (size + 0xFF) & ~0xFF;
453         return tty_buffer_alloc(tty, size);
454         /* Should possibly check if this fails for the largest buffer we
455            have queued and recycle that ? */
456 }
457
458 /**
459  *      tty_buffer_request_room         -       grow tty buffer if needed
460  *      @tty: tty structure
461  *      @size: size desired
462  *
463  *      Make at least size bytes of linear space available for the tty
464  *      buffer. If we fail return the size we managed to find.
465  *
466  *      Locking: Takes tty->buf.lock
467  */
468 int tty_buffer_request_room(struct tty_struct *tty, size_t size)
469 {
470         struct tty_buffer *b, *n;
471         int left;
472         unsigned long flags;
473
474         spin_lock_irqsave(&tty->buf.lock, flags);
475
476         /* OPTIMISATION: We could keep a per tty "zero" sized buffer to
477            remove this conditional if its worth it. This would be invisible
478            to the callers */
479         if ((b = tty->buf.tail) != NULL)
480                 left = b->size - b->used;
481         else
482                 left = 0;
483
484         if (left < size) {
485                 /* This is the slow path - looking for new buffers to use */
486                 if ((n = tty_buffer_find(tty, size)) != NULL) {
487                         if (b != NULL) {
488                                 b->next = n;
489                                 b->commit = b->used;
490                         } else
491                                 tty->buf.head = n;
492                         tty->buf.tail = n;
493                 } else
494                         size = left;
495         }
496
497         spin_unlock_irqrestore(&tty->buf.lock, flags);
498         return size;
499 }
500 EXPORT_SYMBOL_GPL(tty_buffer_request_room);
501
502 /**
503  *      tty_insert_flip_string  -       Add characters to the tty buffer
504  *      @tty: tty structure
505  *      @chars: characters
506  *      @size: size
507  *
508  *      Queue a series of bytes to the tty buffering. All the characters
509  *      passed are marked as without error. Returns the number added.
510  *
511  *      Locking: Called functions may take tty->buf.lock
512  */
513
514 int tty_insert_flip_string(struct tty_struct *tty, const unsigned char *chars,
515                                 size_t size)
516 {
517         int copied = 0;
518         do {
519                 int space = tty_buffer_request_room(tty, size - copied);
520                 struct tty_buffer *tb = tty->buf.tail;
521                 /* If there is no space then tb may be NULL */
522                 if (unlikely(space == 0))
523                         break;
524                 memcpy(tb->char_buf_ptr + tb->used, chars, space);
525                 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
526                 tb->used += space;
527                 copied += space;
528                 chars += space;
529                 /* There is a small chance that we need to split the data over
530                    several buffers. If this is the case we must loop */
531         } while (unlikely(size > copied));
532         return copied;
533 }
534 EXPORT_SYMBOL(tty_insert_flip_string);
535
536 /**
537  *      tty_insert_flip_string_flags    -       Add characters to the tty buffer
538  *      @tty: tty structure
539  *      @chars: characters
540  *      @flags: flag bytes
541  *      @size: size
542  *
543  *      Queue a series of bytes to the tty buffering. For each character
544  *      the flags array indicates the status of the character. Returns the
545  *      number added.
546  *
547  *      Locking: Called functions may take tty->buf.lock
548  */
549
550 int tty_insert_flip_string_flags(struct tty_struct *tty,
551                 const unsigned char *chars, const char *flags, size_t size)
552 {
553         int copied = 0;
554         do {
555                 int space = tty_buffer_request_room(tty, size - copied);
556                 struct tty_buffer *tb = tty->buf.tail;
557                 /* If there is no space then tb may be NULL */
558                 if (unlikely(space == 0))
559                         break;
560                 memcpy(tb->char_buf_ptr + tb->used, chars, space);
561                 memcpy(tb->flag_buf_ptr + tb->used, flags, space);
562                 tb->used += space;
563                 copied += space;
564                 chars += space;
565                 flags += space;
566                 /* There is a small chance that we need to split the data over
567                    several buffers. If this is the case we must loop */
568         } while (unlikely(size > copied));
569         return copied;
570 }
571 EXPORT_SYMBOL(tty_insert_flip_string_flags);
572
573 /**
574  *      tty_schedule_flip       -       push characters to ldisc
575  *      @tty: tty to push from
576  *
577  *      Takes any pending buffers and transfers their ownership to the
578  *      ldisc side of the queue. It then schedules those characters for
579  *      processing by the line discipline.
580  *
581  *      Locking: Takes tty->buf.lock
582  */
583
584 void tty_schedule_flip(struct tty_struct *tty)
585 {
586         unsigned long flags;
587         spin_lock_irqsave(&tty->buf.lock, flags);
588         if (tty->buf.tail != NULL)
589                 tty->buf.tail->commit = tty->buf.tail->used;
590         spin_unlock_irqrestore(&tty->buf.lock, flags);
591         schedule_delayed_work(&tty->buf.work, 1);
592 }
593 EXPORT_SYMBOL(tty_schedule_flip);
594
595 /**
596  *      tty_prepare_flip_string         -       make room for characters
597  *      @tty: tty
598  *      @chars: return pointer for character write area
599  *      @size: desired size
600  *
601  *      Prepare a block of space in the buffer for data. Returns the length
602  *      available and buffer pointer to the space which is now allocated and
603  *      accounted for as ready for normal characters. This is used for drivers
604  *      that need their own block copy routines into the buffer. There is no
605  *      guarantee the buffer is a DMA target!
606  *
607  *      Locking: May call functions taking tty->buf.lock
608  */
609
610 int tty_prepare_flip_string(struct tty_struct *tty, unsigned char **chars,
611                                                                 size_t size)
612 {
613         int space = tty_buffer_request_room(tty, size);
614         if (likely(space)) {
615                 struct tty_buffer *tb = tty->buf.tail;
616                 *chars = tb->char_buf_ptr + tb->used;
617                 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
618                 tb->used += space;
619         }
620         return space;
621 }
622
623 EXPORT_SYMBOL_GPL(tty_prepare_flip_string);
624
625 /**
626  *      tty_prepare_flip_string_flags   -       make room for characters
627  *      @tty: tty
628  *      @chars: return pointer for character write area
629  *      @flags: return pointer for status flag write area
630  *      @size: desired size
631  *
632  *      Prepare a block of space in the buffer for data. Returns the length
633  *      available and buffer pointer to the space which is now allocated and
634  *      accounted for as ready for characters. This is used for drivers
635  *      that need their own block copy routines into the buffer. There is no
636  *      guarantee the buffer is a DMA target!
637  *
638  *      Locking: May call functions taking tty->buf.lock
639  */
640
641 int tty_prepare_flip_string_flags(struct tty_struct *tty,
642                         unsigned char **chars, char **flags, size_t size)
643 {
644         int space = tty_buffer_request_room(tty, size);
645         if (likely(space)) {
646                 struct tty_buffer *tb = tty->buf.tail;
647                 *chars = tb->char_buf_ptr + tb->used;
648                 *flags = tb->flag_buf_ptr + tb->used;
649                 tb->used += space;
650         }
651         return space;
652 }
653
654 EXPORT_SYMBOL_GPL(tty_prepare_flip_string_flags);
655
656
657
658 /**
659  *      get_tty_driver          -       find device of a tty
660  *      @dev_t: device identifier
661  *      @index: returns the index of the tty
662  *
663  *      This routine returns a tty driver structure, given a device number
664  *      and also passes back the index number.
665  *
666  *      Locking: caller must hold tty_mutex
667  */
668
669 static struct tty_driver *get_tty_driver(dev_t device, int *index)
670 {
671         struct tty_driver *p;
672
673         list_for_each_entry(p, &tty_drivers, tty_drivers) {
674                 dev_t base = MKDEV(p->major, p->minor_start);
675                 if (device < base || device >= base + p->num)
676                         continue;
677                 *index = device - base;
678                 return p;
679         }
680         return NULL;
681 }
682
683 #ifdef CONFIG_CONSOLE_POLL
684
685 /**
686  *      tty_find_polling_driver -       find device of a polled tty
687  *      @name: name string to match
688  *      @line: pointer to resulting tty line nr
689  *
690  *      This routine returns a tty driver structure, given a name
691  *      and the condition that the tty driver is capable of polled
692  *      operation.
693  */
694 struct tty_driver *tty_find_polling_driver(char *name, int *line)
695 {
696         struct tty_driver *p, *res = NULL;
697         int tty_line = 0;
698         char *str;
699
700         mutex_lock(&tty_mutex);
701         /* Search through the tty devices to look for a match */
702         list_for_each_entry(p, &tty_drivers, tty_drivers) {
703                 str = name + strlen(p->name);
704                 tty_line = simple_strtoul(str, &str, 10);
705                 if (*str == ',')
706                         str++;
707                 if (*str == '\0')
708                         str = NULL;
709
710                 if (tty_line >= 0 && tty_line <= p->num && p->ops &&
711                     p->ops->poll_init && !p->ops->poll_init(p, tty_line, str)) {
712                         res = p;
713                         *line = tty_line;
714                         break;
715                 }
716         }
717         mutex_unlock(&tty_mutex);
718
719         return res;
720 }
721 EXPORT_SYMBOL_GPL(tty_find_polling_driver);
722 #endif
723
724 /**
725  *      tty_check_change        -       check for POSIX terminal changes
726  *      @tty: tty to check
727  *
728  *      If we try to write to, or set the state of, a terminal and we're
729  *      not in the foreground, send a SIGTTOU.  If the signal is blocked or
730  *      ignored, go ahead and perform the operation.  (POSIX 7.2)
731  *
732  *      Locking: ctrl_lock
733  */
734
735 int tty_check_change(struct tty_struct *tty)
736 {
737         unsigned long flags;
738         int ret = 0;
739
740         if (current->signal->tty != tty)
741                 return 0;
742
743         spin_lock_irqsave(&tty->ctrl_lock, flags);
744
745         if (!tty->pgrp) {
746                 printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n");
747                 goto out_unlock;
748         }
749         if (task_pgrp(current) == tty->pgrp)
750                 goto out_unlock;
751         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
752         if (is_ignored(SIGTTOU))
753                 goto out;
754         if (is_current_pgrp_orphaned()) {
755                 ret = -EIO;
756                 goto out;
757         }
758         kill_pgrp(task_pgrp(current), SIGTTOU, 1);
759         set_thread_flag(TIF_SIGPENDING);
760         ret = -ERESTARTSYS;
761 out:
762         return ret;
763 out_unlock:
764         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
765         return ret;
766 }
767
768 EXPORT_SYMBOL(tty_check_change);
769
770 static ssize_t hung_up_tty_read(struct file *file, char __user *buf,
771                                 size_t count, loff_t *ppos)
772 {
773         return 0;
774 }
775
776 static ssize_t hung_up_tty_write(struct file *file, const char __user *buf,
777                                  size_t count, loff_t *ppos)
778 {
779         return -EIO;
780 }
781
782 /* No kernel lock held - none needed ;) */
783 static unsigned int hung_up_tty_poll(struct file *filp, poll_table *wait)
784 {
785         return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
786 }
787
788 static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
789                 unsigned long arg)
790 {
791         return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
792 }
793
794 static long hung_up_tty_compat_ioctl(struct file *file,
795                                      unsigned int cmd, unsigned long arg)
796 {
797         return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
798 }
799
800 static const struct file_operations tty_fops = {
801         .llseek         = no_llseek,
802         .read           = tty_read,
803         .write          = tty_write,
804         .poll           = tty_poll,
805         .unlocked_ioctl = tty_ioctl,
806         .compat_ioctl   = tty_compat_ioctl,
807         .open           = tty_open,
808         .release        = tty_release,
809         .fasync         = tty_fasync,
810 };
811
812 #ifdef CONFIG_UNIX98_PTYS
813 static const struct file_operations ptmx_fops = {
814         .llseek         = no_llseek,
815         .read           = tty_read,
816         .write          = tty_write,
817         .poll           = tty_poll,
818         .unlocked_ioctl = tty_ioctl,
819         .compat_ioctl   = tty_compat_ioctl,
820         .open           = ptmx_open,
821         .release        = tty_release,
822         .fasync         = tty_fasync,
823 };
824 #endif
825
826 static const struct file_operations console_fops = {
827         .llseek         = no_llseek,
828         .read           = tty_read,
829         .write          = redirected_tty_write,
830         .poll           = tty_poll,
831         .unlocked_ioctl = tty_ioctl,
832         .compat_ioctl   = tty_compat_ioctl,
833         .open           = tty_open,
834         .release        = tty_release,
835         .fasync         = tty_fasync,
836 };
837
838 static const struct file_operations hung_up_tty_fops = {
839         .llseek         = no_llseek,
840         .read           = hung_up_tty_read,
841         .write          = hung_up_tty_write,
842         .poll           = hung_up_tty_poll,
843         .unlocked_ioctl = hung_up_tty_ioctl,
844         .compat_ioctl   = hung_up_tty_compat_ioctl,
845         .release        = tty_release,
846 };
847
848 static DEFINE_SPINLOCK(redirect_lock);
849 static struct file *redirect;
850
851 /**
852  *      tty_wakeup      -       request more data
853  *      @tty: terminal
854  *
855  *      Internal and external helper for wakeups of tty. This function
856  *      informs the line discipline if present that the driver is ready
857  *      to receive more output data.
858  */
859
860 void tty_wakeup(struct tty_struct *tty)
861 {
862         struct tty_ldisc *ld;
863
864         if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
865                 ld = tty_ldisc_ref(tty);
866                 if (ld) {
867                         if (ld->ops->write_wakeup)
868                                 ld->ops->write_wakeup(tty);
869                         tty_ldisc_deref(ld);
870                 }
871         }
872         wake_up_interruptible(&tty->write_wait);
873 }
874
875 EXPORT_SYMBOL_GPL(tty_wakeup);
876
877 /**
878  *      tty_ldisc_flush -       flush line discipline queue
879  *      @tty: tty
880  *
881  *      Flush the line discipline queue (if any) for this tty. If there
882  *      is no line discipline active this is a no-op.
883  */
884
885 void tty_ldisc_flush(struct tty_struct *tty)
886 {
887         struct tty_ldisc *ld = tty_ldisc_ref(tty);
888         if (ld) {
889                 if (ld->ops->flush_buffer)
890                         ld->ops->flush_buffer(tty);
891                 tty_ldisc_deref(ld);
892         }
893         tty_buffer_flush(tty);
894 }
895
896 EXPORT_SYMBOL_GPL(tty_ldisc_flush);
897
898 /**
899  *      tty_reset_termios       -       reset terminal state
900  *      @tty: tty to reset
901  *
902  *      Restore a terminal to the driver default state
903  */
904
905 static void tty_reset_termios(struct tty_struct *tty)
906 {
907         mutex_lock(&tty->termios_mutex);
908         *tty->termios = tty->driver->init_termios;
909         tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
910         tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
911         mutex_unlock(&tty->termios_mutex);
912 }
913
914 /**
915  *      do_tty_hangup           -       actual handler for hangup events
916  *      @work: tty device
917  *
918  *      This can be called by the "eventd" kernel thread.  That is process
919  *      synchronous but doesn't hold any locks, so we need to make sure we
920  *      have the appropriate locks for what we're doing.
921  *
922  *      The hangup event clears any pending redirections onto the hung up
923  *      device. It ensures future writes will error and it does the needed
924  *      line discipline hangup and signal delivery. The tty object itself
925  *      remains intact.
926  *
927  *      Locking:
928  *              BKL
929  *                redirect lock for undoing redirection
930  *                file list lock for manipulating list of ttys
931  *                tty_ldisc_lock from called functions
932  *                termios_mutex resetting termios data
933  *                tasklist_lock to walk task list for hangup event
934  *                  ->siglock to protect ->signal/->sighand
935  */
936 static void do_tty_hangup(struct work_struct *work)
937 {
938         struct tty_struct *tty =
939                 container_of(work, struct tty_struct, hangup_work);
940         struct file *cons_filp = NULL;
941         struct file *filp, *f = NULL;
942         struct task_struct *p;
943         struct tty_ldisc *ld;
944         int    closecount = 0, n;
945         unsigned long flags;
946
947         if (!tty)
948                 return;
949
950         /* inuse_filps is protected by the single kernel lock */
951         lock_kernel();
952
953         spin_lock(&redirect_lock);
954         if (redirect && redirect->private_data == tty) {
955                 f = redirect;
956                 redirect = NULL;
957         }
958         spin_unlock(&redirect_lock);
959
960         check_tty_count(tty, "do_tty_hangup");
961         file_list_lock();
962         /* This breaks for file handles being sent over AF_UNIX sockets ? */
963         list_for_each_entry(filp, &tty->tty_files, f_u.fu_list) {
964                 if (filp->f_op->write == redirected_tty_write)
965                         cons_filp = filp;
966                 if (filp->f_op->write != tty_write)
967                         continue;
968                 closecount++;
969                 tty_fasync(-1, filp, 0);        /* can't block */
970                 filp->f_op = &hung_up_tty_fops;
971         }
972         file_list_unlock();
973         /*
974          * FIXME! What are the locking issues here? This may me overdoing
975          * things... This question is especially important now that we've
976          * removed the irqlock.
977          */
978         ld = tty_ldisc_ref(tty);
979         if (ld != NULL) {
980                 /* We may have no line discipline at this point */
981                 if (ld->ops->flush_buffer)
982                         ld->ops->flush_buffer(tty);
983                 tty_driver_flush_buffer(tty);
984                 if ((test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) &&
985                     ld->ops->write_wakeup)
986                         ld->ops->write_wakeup(tty);
987                 if (ld->ops->hangup)
988                         ld->ops->hangup(tty);
989         }
990         /*
991          * FIXME: Once we trust the LDISC code better we can wait here for
992          * ldisc completion and fix the driver call race
993          */
994         wake_up_interruptible(&tty->write_wait);
995         wake_up_interruptible(&tty->read_wait);
996         /*
997          * Shutdown the current line discipline, and reset it to
998          * N_TTY.
999          */
1000         if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1001                 tty_reset_termios(tty);
1002         /* Defer ldisc switch */
1003         /* tty_deferred_ldisc_switch(N_TTY);
1004
1005           This should get done automatically when the port closes and
1006           tty_release is called */
1007
1008         read_lock(&tasklist_lock);
1009         if (tty->session) {
1010                 do_each_pid_task(tty->session, PIDTYPE_SID, p) {
1011                         spin_lock_irq(&p->sighand->siglock);
1012                         if (p->signal->tty == tty)
1013                                 p->signal->tty = NULL;
1014                         if (!p->signal->leader) {
1015                                 spin_unlock_irq(&p->sighand->siglock);
1016                                 continue;
1017                         }
1018                         __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
1019                         __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
1020                         put_pid(p->signal->tty_old_pgrp);  /* A noop */
1021                         spin_lock_irqsave(&tty->ctrl_lock, flags);
1022                         if (tty->pgrp)
1023                                 p->signal->tty_old_pgrp = get_pid(tty->pgrp);
1024                         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1025                         spin_unlock_irq(&p->sighand->siglock);
1026                 } while_each_pid_task(tty->session, PIDTYPE_SID, p);
1027         }
1028         read_unlock(&tasklist_lock);
1029
1030         spin_lock_irqsave(&tty->ctrl_lock, flags);
1031         tty->flags = 0;
1032         put_pid(tty->session);
1033         put_pid(tty->pgrp);
1034         tty->session = NULL;
1035         tty->pgrp = NULL;
1036         tty->ctrl_status = 0;
1037         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1038
1039         /*
1040          * If one of the devices matches a console pointer, we
1041          * cannot just call hangup() because that will cause
1042          * tty->count and state->count to go out of sync.
1043          * So we just call close() the right number of times.
1044          */
1045         if (cons_filp) {
1046                 if (tty->ops->close)
1047                         for (n = 0; n < closecount; n++)
1048                                 tty->ops->close(tty, cons_filp);
1049         } else if (tty->ops->hangup)
1050                 (tty->ops->hangup)(tty);
1051         /*
1052          * We don't want to have driver/ldisc interactions beyond
1053          * the ones we did here. The driver layer expects no
1054          * calls after ->hangup() from the ldisc side. However we
1055          * can't yet guarantee all that.
1056          */
1057         set_bit(TTY_HUPPED, &tty->flags);
1058         if (ld) {
1059                 tty_ldisc_enable(tty);
1060                 tty_ldisc_deref(ld);
1061         }
1062         unlock_kernel();
1063         if (f)
1064                 fput(f);
1065 }
1066
1067 /**
1068  *      tty_hangup              -       trigger a hangup event
1069  *      @tty: tty to hangup
1070  *
1071  *      A carrier loss (virtual or otherwise) has occurred on this like
1072  *      schedule a hangup sequence to run after this event.
1073  */
1074
1075 void tty_hangup(struct tty_struct *tty)
1076 {
1077 #ifdef TTY_DEBUG_HANGUP
1078         char    buf[64];
1079         printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
1080 #endif
1081         schedule_work(&tty->hangup_work);
1082 }
1083
1084 EXPORT_SYMBOL(tty_hangup);
1085
1086 /**
1087  *      tty_vhangup             -       process vhangup
1088  *      @tty: tty to hangup
1089  *
1090  *      The user has asked via system call for the terminal to be hung up.
1091  *      We do this synchronously so that when the syscall returns the process
1092  *      is complete. That guarantee is necessary for security reasons.
1093  */
1094
1095 void tty_vhangup(struct tty_struct *tty)
1096 {
1097 #ifdef TTY_DEBUG_HANGUP
1098         char    buf[64];
1099
1100         printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
1101 #endif
1102         do_tty_hangup(&tty->hangup_work);
1103 }
1104
1105 EXPORT_SYMBOL(tty_vhangup);
1106
1107 /**
1108  *      tty_hung_up_p           -       was tty hung up
1109  *      @filp: file pointer of tty
1110  *
1111  *      Return true if the tty has been subject to a vhangup or a carrier
1112  *      loss
1113  */
1114
1115 int tty_hung_up_p(struct file *filp)
1116 {
1117         return (filp->f_op == &hung_up_tty_fops);
1118 }
1119
1120 EXPORT_SYMBOL(tty_hung_up_p);
1121
1122 static void session_clear_tty(struct pid *session)
1123 {
1124         struct task_struct *p;
1125         do_each_pid_task(session, PIDTYPE_SID, p) {
1126                 proc_clear_tty(p);
1127         } while_each_pid_task(session, PIDTYPE_SID, p);
1128 }
1129
1130 /**
1131  *      disassociate_ctty       -       disconnect controlling tty
1132  *      @on_exit: true if exiting so need to "hang up" the session
1133  *
1134  *      This function is typically called only by the session leader, when
1135  *      it wants to disassociate itself from its controlling tty.
1136  *
1137  *      It performs the following functions:
1138  *      (1)  Sends a SIGHUP and SIGCONT to the foreground process group
1139  *      (2)  Clears the tty from being controlling the session
1140  *      (3)  Clears the controlling tty for all processes in the
1141  *              session group.
1142  *
1143  *      The argument on_exit is set to 1 if called when a process is
1144  *      exiting; it is 0 if called by the ioctl TIOCNOTTY.
1145  *
1146  *      Locking:
1147  *              BKL is taken for hysterical raisins
1148  *                tty_mutex is taken to protect tty
1149  *                ->siglock is taken to protect ->signal/->sighand
1150  *                tasklist_lock is taken to walk process list for sessions
1151  *                  ->siglock is taken to protect ->signal/->sighand
1152  */
1153
1154 void disassociate_ctty(int on_exit)
1155 {
1156         struct tty_struct *tty;
1157         struct pid *tty_pgrp = NULL;
1158
1159
1160         mutex_lock(&tty_mutex);
1161         tty = get_current_tty();
1162         if (tty) {
1163                 tty_pgrp = get_pid(tty->pgrp);
1164                 lock_kernel();
1165                 mutex_unlock(&tty_mutex);
1166                 /* XXX: here we race, there is nothing protecting tty */
1167                 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY)
1168                         tty_vhangup(tty);
1169                 unlock_kernel();
1170         } else if (on_exit) {
1171                 struct pid *old_pgrp;
1172                 spin_lock_irq(&current->sighand->siglock);
1173                 old_pgrp = current->signal->tty_old_pgrp;
1174                 current->signal->tty_old_pgrp = NULL;
1175                 spin_unlock_irq(&current->sighand->siglock);
1176                 if (old_pgrp) {
1177                         kill_pgrp(old_pgrp, SIGHUP, on_exit);
1178                         kill_pgrp(old_pgrp, SIGCONT, on_exit);
1179                         put_pid(old_pgrp);
1180                 }
1181                 mutex_unlock(&tty_mutex);
1182                 return;
1183         }
1184         if (tty_pgrp) {
1185                 kill_pgrp(tty_pgrp, SIGHUP, on_exit);
1186                 if (!on_exit)
1187                         kill_pgrp(tty_pgrp, SIGCONT, on_exit);
1188                 put_pid(tty_pgrp);
1189         }
1190
1191         spin_lock_irq(&current->sighand->siglock);
1192         put_pid(current->signal->tty_old_pgrp);
1193         current->signal->tty_old_pgrp = NULL;
1194         spin_unlock_irq(&current->sighand->siglock);
1195
1196         mutex_lock(&tty_mutex);
1197         /* It is possible that do_tty_hangup has free'd this tty */
1198         tty = get_current_tty();
1199         if (tty) {
1200                 unsigned long flags;
1201                 spin_lock_irqsave(&tty->ctrl_lock, flags);
1202                 put_pid(tty->session);
1203                 put_pid(tty->pgrp);
1204                 tty->session = NULL;
1205                 tty->pgrp = NULL;
1206                 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1207         } else {
1208 #ifdef TTY_DEBUG_HANGUP
1209                 printk(KERN_DEBUG "error attempted to write to tty [0x%p]"
1210                        " = NULL", tty);
1211 #endif
1212         }
1213         mutex_unlock(&tty_mutex);
1214
1215         /* Now clear signal->tty under the lock */
1216         read_lock(&tasklist_lock);
1217         session_clear_tty(task_session(current));
1218         read_unlock(&tasklist_lock);
1219 }
1220
1221 /**
1222  *
1223  *      no_tty  - Ensure the current process does not have a controlling tty
1224  */
1225 void no_tty(void)
1226 {
1227         struct task_struct *tsk = current;
1228         lock_kernel();
1229         if (tsk->signal->leader)
1230                 disassociate_ctty(0);
1231         unlock_kernel();
1232         proc_clear_tty(tsk);
1233 }
1234
1235
1236 /**
1237  *      stop_tty        -       propagate flow control
1238  *      @tty: tty to stop
1239  *
1240  *      Perform flow control to the driver. For PTY/TTY pairs we
1241  *      must also propagate the TIOCKPKT status. May be called
1242  *      on an already stopped device and will not re-call the driver
1243  *      method.
1244  *
1245  *      This functionality is used by both the line disciplines for
1246  *      halting incoming flow and by the driver. It may therefore be
1247  *      called from any context, may be under the tty atomic_write_lock
1248  *      but not always.
1249  *
1250  *      Locking:
1251  *              Uses the tty control lock internally
1252  */
1253
1254 void stop_tty(struct tty_struct *tty)
1255 {
1256         unsigned long flags;
1257         spin_lock_irqsave(&tty->ctrl_lock, flags);
1258         if (tty->stopped) {
1259                 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1260                 return;
1261         }
1262         tty->stopped = 1;
1263         if (tty->link && tty->link->packet) {
1264                 tty->ctrl_status &= ~TIOCPKT_START;
1265                 tty->ctrl_status |= TIOCPKT_STOP;
1266                 wake_up_interruptible(&tty->link->read_wait);
1267         }
1268         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1269         if (tty->ops->stop)
1270                 (tty->ops->stop)(tty);
1271 }
1272
1273 EXPORT_SYMBOL(stop_tty);
1274
1275 /**
1276  *      start_tty       -       propagate flow control
1277  *      @tty: tty to start
1278  *
1279  *      Start a tty that has been stopped if at all possible. Perform
1280  *      any necessary wakeups and propagate the TIOCPKT status. If this
1281  *      is the tty was previous stopped and is being started then the
1282  *      driver start method is invoked and the line discipline woken.
1283  *
1284  *      Locking:
1285  *              ctrl_lock
1286  */
1287
1288 void start_tty(struct tty_struct *tty)
1289 {
1290         unsigned long flags;
1291         spin_lock_irqsave(&tty->ctrl_lock, flags);
1292         if (!tty->stopped || tty->flow_stopped) {
1293                 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1294                 return;
1295         }
1296         tty->stopped = 0;
1297         if (tty->link && tty->link->packet) {
1298                 tty->ctrl_status &= ~TIOCPKT_STOP;
1299                 tty->ctrl_status |= TIOCPKT_START;
1300                 wake_up_interruptible(&tty->link->read_wait);
1301         }
1302         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1303         if (tty->ops->start)
1304                 (tty->ops->start)(tty);
1305         /* If we have a running line discipline it may need kicking */
1306         tty_wakeup(tty);
1307 }
1308
1309 EXPORT_SYMBOL(start_tty);
1310
1311 /**
1312  *      tty_read        -       read method for tty device files
1313  *      @file: pointer to tty file
1314  *      @buf: user buffer
1315  *      @count: size of user buffer
1316  *      @ppos: unused
1317  *
1318  *      Perform the read system call function on this terminal device. Checks
1319  *      for hung up devices before calling the line discipline method.
1320  *
1321  *      Locking:
1322  *              Locks the line discipline internally while needed. Multiple
1323  *      read calls may be outstanding in parallel.
1324  */
1325
1326 static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
1327                         loff_t *ppos)
1328 {
1329         int i;
1330         struct tty_struct *tty;
1331         struct inode *inode;
1332         struct tty_ldisc *ld;
1333
1334         tty = (struct tty_struct *)file->private_data;
1335         inode = file->f_path.dentry->d_inode;
1336         if (tty_paranoia_check(tty, inode, "tty_read"))
1337                 return -EIO;
1338         if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
1339                 return -EIO;
1340
1341         /* We want to wait for the line discipline to sort out in this
1342            situation */
1343         ld = tty_ldisc_ref_wait(tty);
1344         if (ld->ops->read)
1345                 i = (ld->ops->read)(tty, file, buf, count);
1346         else
1347                 i = -EIO;
1348         tty_ldisc_deref(ld);
1349         if (i > 0)
1350                 inode->i_atime = current_fs_time(inode->i_sb);
1351         return i;
1352 }
1353
1354 void tty_write_unlock(struct tty_struct *tty)
1355 {
1356         mutex_unlock(&tty->atomic_write_lock);
1357         wake_up_interruptible(&tty->write_wait);
1358 }
1359
1360 int tty_write_lock(struct tty_struct *tty, int ndelay)
1361 {
1362         if (!mutex_trylock(&tty->atomic_write_lock)) {
1363                 if (ndelay)
1364                         return -EAGAIN;
1365                 if (mutex_lock_interruptible(&tty->atomic_write_lock))
1366                         return -ERESTARTSYS;
1367         }
1368         return 0;
1369 }
1370
1371 /*
1372  * Split writes up in sane blocksizes to avoid
1373  * denial-of-service type attacks
1374  */
1375 static inline ssize_t do_tty_write(
1376         ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1377         struct tty_struct *tty,
1378         struct file *file,
1379         const char __user *buf,
1380         size_t count)
1381 {
1382         ssize_t ret, written = 0;
1383         unsigned int chunk;
1384
1385         ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
1386         if (ret < 0)
1387                 return ret;
1388
1389         /*
1390          * We chunk up writes into a temporary buffer. This
1391          * simplifies low-level drivers immensely, since they
1392          * don't have locking issues and user mode accesses.
1393          *
1394          * But if TTY_NO_WRITE_SPLIT is set, we should use a
1395          * big chunk-size..
1396          *
1397          * The default chunk-size is 2kB, because the NTTY
1398          * layer has problems with bigger chunks. It will
1399          * claim to be able to handle more characters than
1400          * it actually does.
1401          *
1402          * FIXME: This can probably go away now except that 64K chunks
1403          * are too likely to fail unless switched to vmalloc...
1404          */
1405         chunk = 2048;
1406         if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1407                 chunk = 65536;
1408         if (count < chunk)
1409                 chunk = count;
1410
1411         /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1412         if (tty->write_cnt < chunk) {
1413                 unsigned char *buf;
1414
1415                 if (chunk < 1024)
1416                         chunk = 1024;
1417
1418                 buf = kmalloc(chunk, GFP_KERNEL);
1419                 if (!buf) {
1420                         ret = -ENOMEM;
1421                         goto out;
1422                 }
1423                 kfree(tty->write_buf);
1424                 tty->write_cnt = chunk;
1425                 tty->write_buf = buf;
1426         }
1427
1428         /* Do the write .. */
1429         for (;;) {
1430                 size_t size = count;
1431                 if (size > chunk)
1432                         size = chunk;
1433                 ret = -EFAULT;
1434                 if (copy_from_user(tty->write_buf, buf, size))
1435                         break;
1436                 ret = write(tty, file, tty->write_buf, size);
1437                 if (ret <= 0)
1438                         break;
1439                 written += ret;
1440                 buf += ret;
1441                 count -= ret;
1442                 if (!count)
1443                         break;
1444                 ret = -ERESTARTSYS;
1445                 if (signal_pending(current))
1446                         break;
1447                 cond_resched();
1448         }
1449         if (written) {
1450                 struct inode *inode = file->f_path.dentry->d_inode;
1451                 inode->i_mtime = current_fs_time(inode->i_sb);
1452                 ret = written;
1453         }
1454 out:
1455         tty_write_unlock(tty);
1456         return ret;
1457 }
1458
1459
1460 /**
1461  *      tty_write               -       write method for tty device file
1462  *      @file: tty file pointer
1463  *      @buf: user data to write
1464  *      @count: bytes to write
1465  *      @ppos: unused
1466  *
1467  *      Write data to a tty device via the line discipline.
1468  *
1469  *      Locking:
1470  *              Locks the line discipline as required
1471  *              Writes to the tty driver are serialized by the atomic_write_lock
1472  *      and are then processed in chunks to the device. The line discipline
1473  *      write method will not be involked in parallel for each device
1474  *              The line discipline write method is called under the big
1475  *      kernel lock for historical reasons. New code should not rely on this.
1476  */
1477
1478 static ssize_t tty_write(struct file *file, const char __user *buf,
1479                                                 size_t count, loff_t *ppos)
1480 {
1481         struct tty_struct *tty;
1482         struct inode *inode = file->f_path.dentry->d_inode;
1483         ssize_t ret;
1484         struct tty_ldisc *ld;
1485
1486         tty = (struct tty_struct *)file->private_data;
1487         if (tty_paranoia_check(tty, inode, "tty_write"))
1488                 return -EIO;
1489         if (!tty || !tty->ops->write ||
1490                 (test_bit(TTY_IO_ERROR, &tty->flags)))
1491                         return -EIO;
1492         /* Short term debug to catch buggy drivers */
1493         if (tty->ops->write_room == NULL)
1494                 printk(KERN_ERR "tty driver %s lacks a write_room method.\n",
1495                         tty->driver->name);
1496         ld = tty_ldisc_ref_wait(tty);
1497         if (!ld->ops->write)
1498                 ret = -EIO;
1499         else
1500                 ret = do_tty_write(ld->ops->write, tty, file, buf, count);
1501         tty_ldisc_deref(ld);
1502         return ret;
1503 }
1504
1505 ssize_t redirected_tty_write(struct file *file, const char __user *buf,
1506                                                 size_t count, loff_t *ppos)
1507 {
1508         struct file *p = NULL;
1509
1510         spin_lock(&redirect_lock);
1511         if (redirect) {
1512                 get_file(redirect);
1513                 p = redirect;
1514         }
1515         spin_unlock(&redirect_lock);
1516
1517         if (p) {
1518                 ssize_t res;
1519                 res = vfs_write(p, buf, count, &p->f_pos);
1520                 fput(p);
1521                 return res;
1522         }
1523         return tty_write(file, buf, count, ppos);
1524 }
1525
1526 void tty_port_init(struct tty_port *port)
1527 {
1528         memset(port, 0, sizeof(*port));
1529         init_waitqueue_head(&port->open_wait);
1530         init_waitqueue_head(&port->close_wait);
1531         mutex_init(&port->mutex);
1532         port->close_delay = (50 * HZ) / 100;
1533         port->closing_wait = (3000 * HZ) / 100;
1534 }
1535 EXPORT_SYMBOL(tty_port_init);
1536
1537 int tty_port_alloc_xmit_buf(struct tty_port *port)
1538 {
1539         /* We may sleep in get_zeroed_page() */
1540         mutex_lock(&port->mutex);
1541         if (port->xmit_buf == NULL)
1542                 port->xmit_buf = (unsigned char *)get_zeroed_page(GFP_KERNEL);
1543         mutex_unlock(&port->mutex);
1544         if (port->xmit_buf == NULL)
1545                 return -ENOMEM;
1546         return 0;
1547 }
1548 EXPORT_SYMBOL(tty_port_alloc_xmit_buf);
1549
1550 void tty_port_free_xmit_buf(struct tty_port *port)
1551 {
1552         mutex_lock(&port->mutex);
1553         if (port->xmit_buf != NULL) {
1554                 free_page((unsigned long)port->xmit_buf);
1555                 port->xmit_buf = NULL;
1556         }
1557         mutex_unlock(&port->mutex);
1558 }
1559 EXPORT_SYMBOL(tty_port_free_xmit_buf);
1560
1561
1562 static char ptychar[] = "pqrstuvwxyzabcde";
1563
1564 /**
1565  *      pty_line_name   -       generate name for a pty
1566  *      @driver: the tty driver in use
1567  *      @index: the minor number
1568  *      @p: output buffer of at least 6 bytes
1569  *
1570  *      Generate a name from a driver reference and write it to the output
1571  *      buffer.
1572  *
1573  *      Locking: None
1574  */
1575 static void pty_line_name(struct tty_driver *driver, int index, char *p)
1576 {
1577         int i = index + driver->name_base;
1578         /* ->name is initialized to "ttyp", but "tty" is expected */
1579         sprintf(p, "%s%c%x",
1580                 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1581                 ptychar[i >> 4 & 0xf], i & 0xf);
1582 }
1583
1584 /**
1585  *      pty_line_name   -       generate name for a tty
1586  *      @driver: the tty driver in use
1587  *      @index: the minor number
1588  *      @p: output buffer of at least 7 bytes
1589  *
1590  *      Generate a name from a driver reference and write it to the output
1591  *      buffer.
1592  *
1593  *      Locking: None
1594  */
1595 static void tty_line_name(struct tty_driver *driver, int index, char *p)
1596 {
1597         sprintf(p, "%s%d", driver->name, index + driver->name_base);
1598 }
1599
1600 /**
1601  *      init_dev                -       initialise a tty device
1602  *      @driver: tty driver we are opening a device on
1603  *      @idx: device index
1604  *      @tty: returned tty structure
1605  *
1606  *      Prepare a tty device. This may not be a "new" clean device but
1607  *      could also be an active device. The pty drivers require special
1608  *      handling because of this.
1609  *
1610  *      Locking:
1611  *              The function is called under the tty_mutex, which
1612  *      protects us from the tty struct or driver itself going away.
1613  *
1614  *      On exit the tty device has the line discipline attached and
1615  *      a reference count of 1. If a pair was created for pty/tty use
1616  *      and the other was a pty master then it too has a reference count of 1.
1617  *
1618  * WSH 06/09/97: Rewritten to remove races and properly clean up after a
1619  * failed open.  The new code protects the open with a mutex, so it's
1620  * really quite straightforward.  The mutex locking can probably be
1621  * relaxed for the (most common) case of reopening a tty.
1622  */
1623
1624 static int init_dev(struct tty_driver *driver, int idx,
1625         struct tty_struct **ret_tty)
1626 {
1627         struct tty_struct *tty, *o_tty;
1628         struct ktermios *tp, **tp_loc, *o_tp, **o_tp_loc;
1629         struct ktermios *ltp, **ltp_loc, *o_ltp, **o_ltp_loc;
1630         int retval = 0;
1631
1632         /* check whether we're reopening an existing tty */
1633         if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1634                 tty = devpts_get_tty(idx);
1635                 /*
1636                  * If we don't have a tty here on a slave open, it's because
1637                  * the master already started the close process and there's
1638                  * no relation between devpts file and tty anymore.
1639                  */
1640                 if (!tty && driver->subtype == PTY_TYPE_SLAVE) {
1641                         retval = -EIO;
1642                         goto end_init;
1643                 }
1644                 /*
1645                  * It's safe from now on because init_dev() is called with
1646                  * tty_mutex held and release_dev() won't change tty->count
1647                  * or tty->flags without having to grab tty_mutex
1648                  */
1649                 if (tty && driver->subtype == PTY_TYPE_MASTER)
1650                         tty = tty->link;
1651         } else {
1652                 tty = driver->ttys[idx];
1653         }
1654         if (tty) goto fast_track;
1655
1656         /*
1657          * First time open is complex, especially for PTY devices.
1658          * This code guarantees that either everything succeeds and the
1659          * TTY is ready for operation, or else the table slots are vacated
1660          * and the allocated memory released.  (Except that the termios
1661          * and locked termios may be retained.)
1662          */
1663
1664         if (!try_module_get(driver->owner)) {
1665                 retval = -ENODEV;
1666                 goto end_init;
1667         }
1668
1669         o_tty = NULL;
1670         tp = o_tp = NULL;
1671         ltp = o_ltp = NULL;
1672
1673         tty = alloc_tty_struct();
1674         if (!tty)
1675                 goto fail_no_mem;
1676         initialize_tty_struct(tty);
1677         tty->driver = driver;
1678         tty->ops = driver->ops;
1679         tty->index = idx;
1680         tty_line_name(driver, idx, tty->name);
1681
1682         if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1683                 tp_loc = &tty->termios;
1684                 ltp_loc = &tty->termios_locked;
1685         } else {
1686                 tp_loc = &driver->termios[idx];
1687                 ltp_loc = &driver->termios_locked[idx];
1688         }
1689
1690         if (!*tp_loc) {
1691                 tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
1692                 if (!tp)
1693                         goto free_mem_out;
1694                 *tp = driver->init_termios;
1695         }
1696
1697         if (!*ltp_loc) {
1698                 ltp = kzalloc(sizeof(struct ktermios), GFP_KERNEL);
1699                 if (!ltp)
1700                         goto free_mem_out;
1701         }
1702
1703         if (driver->type == TTY_DRIVER_TYPE_PTY) {
1704                 o_tty = alloc_tty_struct();
1705                 if (!o_tty)
1706                         goto free_mem_out;
1707                 initialize_tty_struct(o_tty);
1708                 o_tty->driver = driver->other;
1709                 o_tty->ops = driver->ops;
1710                 o_tty->index = idx;
1711                 tty_line_name(driver->other, idx, o_tty->name);
1712
1713                 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1714                         o_tp_loc = &o_tty->termios;
1715                         o_ltp_loc = &o_tty->termios_locked;
1716                 } else {
1717                         o_tp_loc = &driver->other->termios[idx];
1718                         o_ltp_loc = &driver->other->termios_locked[idx];
1719                 }
1720
1721                 if (!*o_tp_loc) {
1722                         o_tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
1723                         if (!o_tp)
1724                                 goto free_mem_out;
1725                         *o_tp = driver->other->init_termios;
1726                 }
1727
1728                 if (!*o_ltp_loc) {
1729                         o_ltp = kzalloc(sizeof(struct ktermios), GFP_KERNEL);
1730                         if (!o_ltp)
1731                                 goto free_mem_out;
1732                 }
1733
1734                 /*
1735                  * Everything allocated ... set up the o_tty structure.
1736                  */
1737                 if (!(driver->other->flags & TTY_DRIVER_DEVPTS_MEM))
1738                         driver->other->ttys[idx] = o_tty;
1739                 if (!*o_tp_loc)
1740                         *o_tp_loc = o_tp;
1741                 if (!*o_ltp_loc)
1742                         *o_ltp_loc = o_ltp;
1743                 o_tty->termios = *o_tp_loc;
1744                 o_tty->termios_locked = *o_ltp_loc;
1745                 driver->other->refcount++;
1746                 if (driver->subtype == PTY_TYPE_MASTER)
1747                         o_tty->count++;
1748
1749                 /* Establish the links in both directions */
1750                 tty->link   = o_tty;
1751                 o_tty->link = tty;
1752         }
1753
1754         /*
1755          * All structures have been allocated, so now we install them.
1756          * Failures after this point use release_tty to clean up, so
1757          * there's no need to null out the local pointers.
1758          */
1759         if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM))
1760                 driver->ttys[idx] = tty;
1761
1762         if (!*tp_loc)
1763                 *tp_loc = tp;
1764         if (!*ltp_loc)
1765                 *ltp_loc = ltp;
1766         tty->termios = *tp_loc;
1767         tty->termios_locked = *ltp_loc;
1768         /* Compatibility until drivers always set this */
1769         tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
1770         tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
1771         driver->refcount++;
1772         tty->count++;
1773
1774         /*
1775          * Structures all installed ... call the ldisc open routines.
1776          * If we fail here just call release_tty to clean up.  No need
1777          * to decrement the use counts, as release_tty doesn't care.
1778          */
1779
1780         retval = tty_ldisc_setup(tty, o_tty);
1781
1782         if (retval)
1783                 goto release_mem_out;
1784          goto success;
1785
1786         /*
1787          * This fast open can be used if the tty is already open.
1788          * No memory is allocated, and the only failures are from
1789          * attempting to open a closing tty or attempting multiple
1790          * opens on a pty master.
1791          */
1792 fast_track:
1793         if (test_bit(TTY_CLOSING, &tty->flags)) {
1794                 retval = -EIO;
1795                 goto end_init;
1796         }
1797         if (driver->type == TTY_DRIVER_TYPE_PTY &&
1798             driver->subtype == PTY_TYPE_MASTER) {
1799                 /*
1800                  * special case for PTY masters: only one open permitted,
1801                  * and the slave side open count is incremented as well.
1802                  */
1803                 if (tty->count) {
1804                         retval = -EIO;
1805                         goto end_init;
1806                 }
1807                 tty->link->count++;
1808         }
1809         tty->count++;
1810         tty->driver = driver; /* N.B. why do this every time?? */
1811
1812         /* FIXME */
1813         if (!test_bit(TTY_LDISC, &tty->flags))
1814                 printk(KERN_ERR "init_dev but no ldisc\n");
1815 success:
1816         *ret_tty = tty;
1817
1818         /* All paths come through here to release the mutex */
1819 end_init:
1820         return retval;
1821
1822         /* Release locally allocated memory ... nothing placed in slots */
1823 free_mem_out:
1824         kfree(o_tp);
1825         if (o_tty)
1826                 free_tty_struct(o_tty);
1827         kfree(ltp);
1828         kfree(tp);
1829         free_tty_struct(tty);
1830
1831 fail_no_mem:
1832         module_put(driver->owner);
1833         retval = -ENOMEM;
1834         goto end_init;
1835
1836         /* call the tty release_tty routine to clean out this slot */
1837 release_mem_out:
1838         if (printk_ratelimit())
1839                 printk(KERN_INFO "init_dev: ldisc open failed, "
1840                                  "clearing slot %d\n", idx);
1841         release_tty(tty, idx);
1842         goto end_init;
1843 }
1844
1845 /**
1846  *      release_one_tty         -       release tty structure memory
1847  *
1848  *      Releases memory associated with a tty structure, and clears out the
1849  *      driver table slots. This function is called when a device is no longer
1850  *      in use. It also gets called when setup of a device fails.
1851  *
1852  *      Locking:
1853  *              tty_mutex - sometimes only
1854  *              takes the file list lock internally when working on the list
1855  *      of ttys that the driver keeps.
1856  *              FIXME: should we require tty_mutex is held here ??
1857  */
1858 static void release_one_tty(struct tty_struct *tty, int idx)
1859 {
1860         int devpts = tty->driver->flags & TTY_DRIVER_DEVPTS_MEM;
1861         struct ktermios *tp;
1862
1863         if (!devpts)
1864                 tty->driver->ttys[idx] = NULL;
1865
1866         if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
1867                 tp = tty->termios;
1868                 if (!devpts)
1869                         tty->driver->termios[idx] = NULL;
1870                 kfree(tp);
1871
1872                 tp = tty->termios_locked;
1873                 if (!devpts)
1874                         tty->driver->termios_locked[idx] = NULL;
1875                 kfree(tp);
1876         }
1877
1878
1879         tty->magic = 0;
1880         tty->driver->refcount--;
1881
1882         file_list_lock();
1883         list_del_init(&tty->tty_files);
1884         file_list_unlock();
1885
1886         free_tty_struct(tty);
1887 }
1888
1889 /**
1890  *      release_tty             -       release tty structure memory
1891  *
1892  *      Release both @tty and a possible linked partner (think pty pair),
1893  *      and decrement the refcount of the backing module.
1894  *
1895  *      Locking:
1896  *              tty_mutex - sometimes only
1897  *              takes the file list lock internally when working on the list
1898  *      of ttys that the driver keeps.
1899  *              FIXME: should we require tty_mutex is held here ??
1900  */
1901 static void release_tty(struct tty_struct *tty, int idx)
1902 {
1903         struct tty_driver *driver = tty->driver;
1904
1905         if (tty->link)
1906                 release_one_tty(tty->link, idx);
1907         release_one_tty(tty, idx);
1908         module_put(driver->owner);
1909 }
1910
1911 /*
1912  * Even releasing the tty structures is a tricky business.. We have
1913  * to be very careful that the structures are all released at the
1914  * same time, as interrupts might otherwise get the wrong pointers.
1915  *
1916  * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1917  * lead to double frees or releasing memory still in use.
1918  */
1919 static void release_dev(struct file *filp)
1920 {
1921         struct tty_struct *tty, *o_tty;
1922         int     pty_master, tty_closing, o_tty_closing, do_sleep;
1923         int     devpts;
1924         int     idx;
1925         char    buf[64];
1926
1927         tty = (struct tty_struct *)filp->private_data;
1928         if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode,
1929                                                         "release_dev"))
1930                 return;
1931
1932         check_tty_count(tty, "release_dev");
1933
1934         tty_fasync(-1, filp, 0);
1935
1936         idx = tty->index;
1937         pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1938                       tty->driver->subtype == PTY_TYPE_MASTER);
1939         devpts = (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) != 0;
1940         o_tty = tty->link;
1941
1942 #ifdef TTY_PARANOIA_CHECK
1943         if (idx < 0 || idx >= tty->driver->num) {
1944                 printk(KERN_DEBUG "release_dev: bad idx when trying to "
1945                                   "free (%s)\n", tty->name);
1946                 return;
1947         }
1948         if (!(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
1949                 if (tty != tty->driver->ttys[idx]) {
1950                         printk(KERN_DEBUG "release_dev: driver.table[%d] not tty "
1951                                "for (%s)\n", idx, tty->name);
1952                         return;
1953                 }
1954                 if (tty->termios != tty->driver->termios[idx]) {
1955                         printk(KERN_DEBUG "release_dev: driver.termios[%d] not termios "
1956                                "for (%s)\n",
1957                                idx, tty->name);
1958                         return;
1959                 }
1960                 if (tty->termios_locked != tty->driver->termios_locked[idx]) {
1961                         printk(KERN_DEBUG "release_dev: driver.termios_locked[%d] not "
1962                                "termios_locked for (%s)\n",
1963                                idx, tty->name);
1964                         return;
1965                 }
1966         }
1967 #endif
1968
1969 #ifdef TTY_DEBUG_HANGUP
1970         printk(KERN_DEBUG "release_dev of %s (tty count=%d)...",
1971                tty_name(tty, buf), tty->count);
1972 #endif
1973
1974 #ifdef TTY_PARANOIA_CHECK
1975         if (tty->driver->other &&
1976              !(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
1977                 if (o_tty != tty->driver->other->ttys[idx]) {
1978                         printk(KERN_DEBUG "release_dev: other->table[%d] "
1979                                           "not o_tty for (%s)\n",
1980                                idx, tty->name);
1981                         return;
1982                 }
1983                 if (o_tty->termios != tty->driver->other->termios[idx]) {
1984                         printk(KERN_DEBUG "release_dev: other->termios[%d] "
1985                                           "not o_termios for (%s)\n",
1986                                idx, tty->name);
1987                         return;
1988                 }
1989                 if (o_tty->termios_locked !=
1990                       tty->driver->other->termios_locked[idx]) {
1991                         printk(KERN_DEBUG "release_dev: other->termios_locked["
1992                                           "%d] not o_termios_locked for (%s)\n",
1993                                idx, tty->name);
1994                         return;
1995                 }
1996                 if (o_tty->link != tty) {
1997                         printk(KERN_DEBUG "release_dev: bad pty pointers\n");
1998                         return;
1999                 }
2000         }
2001 #endif
2002         if (tty->ops->close)
2003                 tty->ops->close(tty, filp);
2004
2005         /*
2006          * Sanity check: if tty->count is going to zero, there shouldn't be
2007          * any waiters on tty->read_wait or tty->write_wait.  We test the
2008          * wait queues and kick everyone out _before_ actually starting to
2009          * close.  This ensures that we won't block while releasing the tty
2010          * structure.
2011          *
2012          * The test for the o_tty closing is necessary, since the master and
2013          * slave sides may close in any order.  If the slave side closes out
2014          * first, its count will be one, since the master side holds an open.
2015          * Thus this test wouldn't be triggered at the time the slave closes,
2016          * so we do it now.
2017          *
2018          * Note that it's possible for the tty to be opened again while we're
2019          * flushing out waiters.  By recalculating the closing flags before
2020          * each iteration we avoid any problems.
2021          */
2022         while (1) {
2023                 /* Guard against races with tty->count changes elsewhere and
2024                    opens on /dev/tty */
2025
2026                 mutex_lock(&tty_mutex);
2027                 tty_closing = tty->count <= 1;
2028                 o_tty_closing = o_tty &&
2029                         (o_tty->count <= (pty_master ? 1 : 0));
2030                 do_sleep = 0;
2031
2032                 if (tty_closing) {
2033                         if (waitqueue_active(&tty->read_wait)) {
2034                                 wake_up(&tty->read_wait);
2035                                 do_sleep++;
2036                         }
2037                         if (waitqueue_active(&tty->write_wait)) {
2038                                 wake_up(&tty->write_wait);
2039                                 do_sleep++;
2040                         }
2041                 }
2042                 if (o_tty_closing) {
2043                         if (waitqueue_active(&o_tty->read_wait)) {
2044                                 wake_up(&o_tty->read_wait);
2045                                 do_sleep++;
2046                         }
2047                         if (waitqueue_active(&o_tty->write_wait)) {
2048                                 wake_up(&o_tty->write_wait);
2049                                 do_sleep++;
2050                         }
2051                 }
2052                 if (!do_sleep)
2053                         break;
2054
2055                 printk(KERN_WARNING "release_dev: %s: read/write wait queue "
2056                                     "active!\n", tty_name(tty, buf));
2057                 mutex_unlock(&tty_mutex);
2058                 schedule();
2059         }
2060
2061         /*
2062          * The closing flags are now consistent with the open counts on
2063          * both sides, and we've completed the last operation that could
2064          * block, so it's safe to proceed with closing.
2065          */
2066         if (pty_master) {
2067                 if (--o_tty->count < 0) {
2068                         printk(KERN_WARNING "release_dev: bad pty slave count "
2069                                             "(%d) for %s\n",
2070                                o_tty->count, tty_name(o_tty, buf));
2071                         o_tty->count = 0;
2072                 }
2073         }
2074         if (--tty->count < 0) {
2075                 printk(KERN_WARNING "release_dev: bad tty->count (%d) for %s\n",
2076                        tty->count, tty_name(tty, buf));
2077                 tty->count = 0;
2078         }
2079
2080         /*
2081          * We've decremented tty->count, so we need to remove this file
2082          * descriptor off the tty->tty_files list; this serves two
2083          * purposes:
2084          *  - check_tty_count sees the correct number of file descriptors
2085          *    associated with this tty.
2086          *  - do_tty_hangup no longer sees this file descriptor as
2087          *    something that needs to be handled for hangups.
2088          */
2089         file_kill(filp);
2090         filp->private_data = NULL;
2091
2092         /*
2093          * Perform some housekeeping before deciding whether to return.
2094          *
2095          * Set the TTY_CLOSING flag if this was the last open.  In the
2096          * case of a pty we may have to wait around for the other side
2097          * to close, and TTY_CLOSING makes sure we can't be reopened.
2098          */
2099         if (tty_closing)
2100                 set_bit(TTY_CLOSING, &tty->flags);
2101         if (o_tty_closing)
2102                 set_bit(TTY_CLOSING, &o_tty->flags);
2103
2104         /*
2105          * If _either_ side is closing, make sure there aren't any
2106          * processes that still think tty or o_tty is their controlling
2107          * tty.
2108          */
2109         if (tty_closing || o_tty_closing) {
2110                 read_lock(&tasklist_lock);
2111                 session_clear_tty(tty->session);
2112                 if (o_tty)
2113                         session_clear_tty(o_tty->session);
2114                 read_unlock(&tasklist_lock);
2115         }
2116
2117         mutex_unlock(&tty_mutex);
2118
2119         /* check whether both sides are closing ... */
2120         if (!tty_closing || (o_tty && !o_tty_closing))
2121                 return;
2122
2123 #ifdef TTY_DEBUG_HANGUP
2124         printk(KERN_DEBUG "freeing tty structure...");
2125 #endif
2126         /*
2127          * Ask the line discipline code to release its structures
2128          */
2129         tty_ldisc_release(tty, o_tty);
2130         /*
2131          * The release_tty function takes care of the details of clearing
2132          * the slots and preserving the termios structure.
2133          */
2134         release_tty(tty, idx);
2135
2136         /* Make this pty number available for reallocation */
2137         if (devpts)
2138                 devpts_kill_index(idx);
2139 }
2140
2141 /**
2142  *      tty_open                -       open a tty device
2143  *      @inode: inode of device file
2144  *      @filp: file pointer to tty
2145  *
2146  *      tty_open and tty_release keep up the tty count that contains the
2147  *      number of opens done on a tty. We cannot use the inode-count, as
2148  *      different inodes might point to the same tty.
2149  *
2150  *      Open-counting is needed for pty masters, as well as for keeping
2151  *      track of serial lines: DTR is dropped when the last close happens.
2152  *      (This is not done solely through tty->count, now.  - Ted 1/27/92)
2153  *
2154  *      The termios state of a pty is reset on first open so that
2155  *      settings don't persist across reuse.
2156  *
2157  *      Locking: tty_mutex protects tty, get_tty_driver and init_dev work.
2158  *               tty->count should protect the rest.
2159  *               ->siglock protects ->signal/->sighand
2160  */
2161
2162 static int __tty_open(struct inode *inode, struct file *filp)
2163 {
2164         struct tty_struct *tty;
2165         int noctty, retval;
2166         struct tty_driver *driver;
2167         int index;
2168         dev_t device = inode->i_rdev;
2169         unsigned short saved_flags = filp->f_flags;
2170
2171         nonseekable_open(inode, filp);
2172
2173 retry_open:
2174         noctty = filp->f_flags & O_NOCTTY;
2175         index  = -1;
2176         retval = 0;
2177
2178         mutex_lock(&tty_mutex);
2179
2180         if (device == MKDEV(TTYAUX_MAJOR, 0)) {
2181                 tty = get_current_tty();
2182                 if (!tty) {
2183                         mutex_unlock(&tty_mutex);
2184                         return -ENXIO;
2185                 }
2186                 driver = tty->driver;
2187                 index = tty->index;
2188                 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
2189                 /* noctty = 1; */
2190                 goto got_driver;
2191         }
2192 #ifdef CONFIG_VT
2193         if (device == MKDEV(TTY_MAJOR, 0)) {
2194                 extern struct tty_driver *console_driver;
2195                 driver = console_driver;
2196                 index = fg_console;
2197                 noctty = 1;
2198                 goto got_driver;
2199         }
2200 #endif
2201         if (device == MKDEV(TTYAUX_MAJOR, 1)) {
2202                 driver = console_device(&index);
2203                 if (driver) {
2204                         /* Don't let /dev/console block */
2205                         filp->f_flags |= O_NONBLOCK;
2206                         noctty = 1;
2207                         goto got_driver;
2208                 }
2209                 mutex_unlock(&tty_mutex);
2210                 return -ENODEV;
2211         }
2212
2213         driver = get_tty_driver(device, &index);
2214         if (!driver) {
2215                 mutex_unlock(&tty_mutex);
2216                 return -ENODEV;
2217         }
2218 got_driver:
2219         retval = init_dev(driver, index, &tty);
2220         mutex_unlock(&tty_mutex);
2221         if (retval)
2222                 return retval;
2223
2224         filp->private_data = tty;
2225         file_move(filp, &tty->tty_files);
2226         check_tty_count(tty, "tty_open");
2227         if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2228             tty->driver->subtype == PTY_TYPE_MASTER)
2229                 noctty = 1;
2230 #ifdef TTY_DEBUG_HANGUP
2231         printk(KERN_DEBUG "opening %s...", tty->name);
2232 #endif
2233         if (!retval) {
2234                 if (tty->ops->open)
2235                         retval = tty->ops->open(tty, filp);
2236                 else
2237                         retval = -ENODEV;
2238         }
2239         filp->f_flags = saved_flags;
2240
2241         if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) &&
2242                                                 !capable(CAP_SYS_ADMIN))
2243                 retval = -EBUSY;
2244
2245         if (retval) {
2246 #ifdef TTY_DEBUG_HANGUP
2247                 printk(KERN_DEBUG "error %d in opening %s...", retval,
2248                        tty->name);
2249 #endif
2250                 release_dev(filp);
2251                 if (retval != -ERESTARTSYS)
2252                         return retval;
2253                 if (signal_pending(current))
2254                         return retval;
2255                 schedule();
2256                 /*
2257                  * Need to reset f_op in case a hangup happened.
2258                  */
2259                 if (filp->f_op == &hung_up_tty_fops)
2260                         filp->f_op = &tty_fops;
2261                 goto retry_open;
2262         }
2263
2264         mutex_lock(&tty_mutex);
2265         spin_lock_irq(&current->sighand->siglock);
2266         if (!noctty &&
2267             current->signal->leader &&
2268             !current->signal->tty &&
2269             tty->session == NULL)
2270                 __proc_set_tty(current, tty);
2271         spin_unlock_irq(&current->sighand->siglock);
2272         mutex_unlock(&tty_mutex);
2273         return 0;
2274 }
2275
2276 /* BKL pushdown: scary code avoidance wrapper */
2277 static int tty_open(struct inode *inode, struct file *filp)
2278 {
2279         int ret;
2280
2281         lock_kernel();
2282         ret = __tty_open(inode, filp);
2283         unlock_kernel();
2284         return ret;
2285 }
2286
2287
2288
2289 #ifdef CONFIG_UNIX98_PTYS
2290 /**
2291  *      ptmx_open               -       open a unix 98 pty master
2292  *      @inode: inode of device file
2293  *      @filp: file pointer to tty
2294  *
2295  *      Allocate a unix98 pty master device from the ptmx driver.
2296  *
2297  *      Locking: tty_mutex protects theinit_dev work. tty->count should
2298  *              protect the rest.
2299  *              allocated_ptys_lock handles the list of free pty numbers
2300  */
2301
2302 static int __ptmx_open(struct inode *inode, struct file *filp)
2303 {
2304         struct tty_struct *tty;
2305         int retval;
2306         int index;
2307
2308         nonseekable_open(inode, filp);
2309
2310         /* find a device that is not in use. */
2311         index = devpts_new_index();
2312         if (index < 0)
2313                 return index;
2314
2315         mutex_lock(&tty_mutex);
2316         retval = init_dev(ptm_driver, index, &tty);
2317         mutex_unlock(&tty_mutex);
2318
2319         if (retval)
2320                 goto out;
2321
2322         set_bit(TTY_PTY_LOCK, &tty->flags); /* LOCK THE SLAVE */
2323         filp->private_data = tty;
2324         file_move(filp, &tty->tty_files);
2325
2326         retval = devpts_pty_new(tty->link);
2327         if (retval)
2328                 goto out1;
2329
2330         check_tty_count(tty, "ptmx_open");
2331         retval = ptm_driver->ops->open(tty, filp);
2332         if (!retval)
2333                 return 0;
2334 out1:
2335         release_dev(filp);
2336         return retval;
2337 out:
2338         devpts_kill_index(index);
2339         return retval;
2340 }
2341
2342 static int ptmx_open(struct inode *inode, struct file *filp)
2343 {
2344         int ret;
2345
2346         lock_kernel();
2347         ret = __ptmx_open(inode, filp);
2348         unlock_kernel();
2349         return ret;
2350 }
2351 #endif
2352
2353 /**
2354  *      tty_release             -       vfs callback for close
2355  *      @inode: inode of tty
2356  *      @filp: file pointer for handle to tty
2357  *
2358  *      Called the last time each file handle is closed that references
2359  *      this tty. There may however be several such references.
2360  *
2361  *      Locking:
2362  *              Takes bkl. See release_dev
2363  */
2364
2365 static int tty_release(struct inode *inode, struct file *filp)
2366 {
2367         lock_kernel();
2368         release_dev(filp);
2369         unlock_kernel();
2370         return 0;
2371 }
2372
2373 /**
2374  *      tty_poll        -       check tty status
2375  *      @filp: file being polled
2376  *      @wait: poll wait structures to update
2377  *
2378  *      Call the line discipline polling method to obtain the poll
2379  *      status of the device.
2380  *
2381  *      Locking: locks called line discipline but ldisc poll method
2382  *      may be re-entered freely by other callers.
2383  */
2384
2385 static unsigned int tty_poll(struct file *filp, poll_table *wait)
2386 {
2387         struct tty_struct *tty;
2388         struct tty_ldisc *ld;
2389         int ret = 0;
2390
2391         tty = (struct tty_struct *)filp->private_data;
2392         if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_poll"))
2393                 return 0;
2394
2395         ld = tty_ldisc_ref_wait(tty);
2396         if (ld->ops->poll)
2397                 ret = (ld->ops->poll)(tty, filp, wait);
2398         tty_ldisc_deref(ld);
2399         return ret;
2400 }
2401
2402 static int tty_fasync(int fd, struct file *filp, int on)
2403 {
2404         struct tty_struct *tty;
2405         unsigned long flags;
2406         int retval = 0;
2407
2408         lock_kernel();
2409         tty = (struct tty_struct *)filp->private_data;
2410         if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_fasync"))
2411                 goto out;
2412
2413         retval = fasync_helper(fd, filp, on, &tty->fasync);
2414         if (retval <= 0)
2415                 goto out;
2416
2417         if (on) {
2418                 enum pid_type type;
2419                 struct pid *pid;
2420                 if (!waitqueue_active(&tty->read_wait))
2421                         tty->minimum_to_wake = 1;
2422                 spin_lock_irqsave(&tty->ctrl_lock, flags);
2423                 if (tty->pgrp) {
2424                         pid = tty->pgrp;
2425                         type = PIDTYPE_PGID;
2426                 } else {
2427                         pid = task_pid(current);
2428                         type = PIDTYPE_PID;
2429                 }
2430                 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2431                 retval = __f_setown(filp, pid, type, 0);
2432                 if (retval)
2433                         goto out;
2434         } else {
2435                 if (!tty->fasync && !waitqueue_active(&tty->read_wait))
2436                         tty->minimum_to_wake = N_TTY_BUF_SIZE;
2437         }
2438         retval = 0;
2439 out:
2440         unlock_kernel();
2441         return retval;
2442 }
2443
2444 /**
2445  *      tiocsti                 -       fake input character
2446  *      @tty: tty to fake input into
2447  *      @p: pointer to character
2448  *
2449  *      Fake input to a tty device. Does the necessary locking and
2450  *      input management.
2451  *
2452  *      FIXME: does not honour flow control ??
2453  *
2454  *      Locking:
2455  *              Called functions take tty_ldisc_lock
2456  *              current->signal->tty check is safe without locks
2457  *
2458  *      FIXME: may race normal receive processing
2459  */
2460
2461 static int tiocsti(struct tty_struct *tty, char __user *p)
2462 {
2463         char ch, mbz = 0;
2464         struct tty_ldisc *ld;
2465
2466         if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2467                 return -EPERM;
2468         if (get_user(ch, p))
2469                 return -EFAULT;
2470         ld = tty_ldisc_ref_wait(tty);
2471         ld->ops->receive_buf(tty, &ch, &mbz, 1);
2472         tty_ldisc_deref(ld);
2473         return 0;
2474 }
2475
2476 /**
2477  *      tiocgwinsz              -       implement window query ioctl
2478  *      @tty; tty
2479  *      @arg: user buffer for result
2480  *
2481  *      Copies the kernel idea of the window size into the user buffer.
2482  *
2483  *      Locking: tty->termios_mutex is taken to ensure the winsize data
2484  *              is consistent.
2485  */
2486
2487 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2488 {
2489         int err;
2490
2491         mutex_lock(&tty->termios_mutex);
2492         err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2493         mutex_unlock(&tty->termios_mutex);
2494
2495         return err ? -EFAULT: 0;
2496 }
2497
2498 /**
2499  *      tty_do_resize           -       resize event
2500  *      @tty: tty being resized
2501  *      @real_tty: real tty (not the same as tty if using a pty/tty pair)
2502  *      @rows: rows (character)
2503  *      @cols: cols (character)
2504  *
2505  *      Update the termios variables and send the neccessary signals to
2506  *      peform a terminal resize correctly
2507  */
2508
2509 int tty_do_resize(struct tty_struct *tty, struct tty_struct *real_tty,
2510                                         struct winsize *ws)
2511 {
2512         struct pid *pgrp, *rpgrp;
2513         unsigned long flags;
2514
2515         /* For a PTY we need to lock the tty side */
2516         mutex_lock(&real_tty->termios_mutex);
2517         if (!memcmp(ws, &tty->winsize, sizeof(*ws)))
2518                 goto done;
2519         /* Get the PID values and reference them so we can
2520            avoid holding the tty ctrl lock while sending signals */
2521         spin_lock_irqsave(&tty->ctrl_lock, flags);
2522         pgrp = get_pid(tty->pgrp);
2523         rpgrp = get_pid(real_tty->pgrp);
2524         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2525
2526         if (pgrp)
2527                 kill_pgrp(pgrp, SIGWINCH, 1);
2528         if (rpgrp != pgrp && rpgrp)
2529                 kill_pgrp(rpgrp, SIGWINCH, 1);
2530
2531         put_pid(pgrp);
2532         put_pid(rpgrp);
2533
2534         tty->winsize = *ws;
2535         real_tty->winsize = *ws;
2536 done:
2537         mutex_unlock(&real_tty->termios_mutex);
2538         return 0;
2539 }
2540
2541 /**
2542  *      tiocswinsz              -       implement window size set ioctl
2543  *      @tty; tty
2544  *      @arg: user buffer for result
2545  *
2546  *      Copies the user idea of the window size to the kernel. Traditionally
2547  *      this is just advisory information but for the Linux console it
2548  *      actually has driver level meaning and triggers a VC resize.
2549  *
2550  *      Locking:
2551  *              Driver dependant. The default do_resize method takes the
2552  *      tty termios mutex and ctrl_lock. The console takes its own lock
2553  *      then calls into the default method.
2554  */
2555
2556 static int tiocswinsz(struct tty_struct *tty, struct tty_struct *real_tty,
2557         struct winsize __user *arg)
2558 {
2559         struct winsize tmp_ws;
2560         if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2561                 return -EFAULT;
2562
2563         if (tty->ops->resize)
2564                 return tty->ops->resize(tty, real_tty, &tmp_ws);
2565         else
2566                 return tty_do_resize(tty, real_tty, &tmp_ws);
2567 }
2568
2569 /**
2570  *      tioccons        -       allow admin to move logical console
2571  *      @file: the file to become console
2572  *
2573  *      Allow the adminstrator to move the redirected console device
2574  *
2575  *      Locking: uses redirect_lock to guard the redirect information
2576  */
2577
2578 static int tioccons(struct file *file)
2579 {
2580         if (!capable(CAP_SYS_ADMIN))
2581                 return -EPERM;
2582         if (file->f_op->write == redirected_tty_write) {
2583                 struct file *f;
2584                 spin_lock(&redirect_lock);
2585                 f = redirect;
2586                 redirect = NULL;
2587                 spin_unlock(&redirect_lock);
2588                 if (f)
2589                         fput(f);
2590                 return 0;
2591         }
2592         spin_lock(&redirect_lock);
2593         if (redirect) {
2594                 spin_unlock(&redirect_lock);
2595                 return -EBUSY;
2596         }
2597         get_file(file);
2598         redirect = file;
2599         spin_unlock(&redirect_lock);
2600         return 0;
2601 }
2602
2603 /**
2604  *      fionbio         -       non blocking ioctl
2605  *      @file: file to set blocking value
2606  *      @p: user parameter
2607  *
2608  *      Historical tty interfaces had a blocking control ioctl before
2609  *      the generic functionality existed. This piece of history is preserved
2610  *      in the expected tty API of posix OS's.
2611  *
2612  *      Locking: none, the open fle handle ensures it won't go away.
2613  */
2614
2615 static int fionbio(struct file *file, int __user *p)
2616 {
2617         int nonblock;
2618
2619         if (get_user(nonblock, p))
2620                 return -EFAULT;
2621
2622         /* file->f_flags is still BKL protected in the fs layer - vomit */
2623         lock_kernel();
2624         if (nonblock)
2625                 file->f_flags |= O_NONBLOCK;
2626         else
2627                 file->f_flags &= ~O_NONBLOCK;
2628         unlock_kernel();
2629         return 0;
2630 }
2631
2632 /**
2633  *      tiocsctty       -       set controlling tty
2634  *      @tty: tty structure
2635  *      @arg: user argument
2636  *
2637  *      This ioctl is used to manage job control. It permits a session
2638  *      leader to set this tty as the controlling tty for the session.
2639  *
2640  *      Locking:
2641  *              Takes tty_mutex() to protect tty instance
2642  *              Takes tasklist_lock internally to walk sessions
2643  *              Takes ->siglock() when updating signal->tty
2644  */
2645
2646 static int tiocsctty(struct tty_struct *tty, int arg)
2647 {
2648         int ret = 0;
2649         if (current->signal->leader && (task_session(current) == tty->session))
2650                 return ret;
2651
2652         mutex_lock(&tty_mutex);
2653         /*
2654          * The process must be a session leader and
2655          * not have a controlling tty already.
2656          */
2657         if (!current->signal->leader || current->signal->tty) {
2658                 ret = -EPERM;
2659                 goto unlock;
2660         }
2661
2662         if (tty->session) {
2663                 /*
2664                  * This tty is already the controlling
2665                  * tty for another session group!
2666                  */
2667                 if (arg == 1 && capable(CAP_SYS_ADMIN)) {
2668                         /*
2669                          * Steal it away
2670                          */
2671                         read_lock(&tasklist_lock);
2672                         session_clear_tty(tty->session);
2673                         read_unlock(&tasklist_lock);
2674                 } else {
2675                         ret = -EPERM;
2676                         goto unlock;
2677                 }
2678         }
2679         proc_set_tty(current, tty);
2680 unlock:
2681         mutex_unlock(&tty_mutex);
2682         return ret;
2683 }
2684
2685 /**
2686  *      tty_get_pgrp    -       return a ref counted pgrp pid
2687  *      @tty: tty to read
2688  *
2689  *      Returns a refcounted instance of the pid struct for the process
2690  *      group controlling the tty.
2691  */
2692
2693 struct pid *tty_get_pgrp(struct tty_struct *tty)
2694 {
2695         unsigned long flags;
2696         struct pid *pgrp;
2697
2698         spin_lock_irqsave(&tty->ctrl_lock, flags);
2699         pgrp = get_pid(tty->pgrp);
2700         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2701
2702         return pgrp;
2703 }
2704 EXPORT_SYMBOL_GPL(tty_get_pgrp);
2705
2706 /**
2707  *      tiocgpgrp               -       get process group
2708  *      @tty: tty passed by user
2709  *      @real_tty: tty side of the tty pased by the user if a pty else the tty
2710  *      @p: returned pid
2711  *
2712  *      Obtain the process group of the tty. If there is no process group
2713  *      return an error.
2714  *
2715  *      Locking: none. Reference to current->signal->tty is safe.
2716  */
2717
2718 static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2719 {
2720         struct pid *pid;
2721         int ret;
2722         /*
2723          * (tty == real_tty) is a cheap way of
2724          * testing if the tty is NOT a master pty.
2725          */
2726         if (tty == real_tty && current->signal->tty != real_tty)
2727                 return -ENOTTY;
2728         pid = tty_get_pgrp(real_tty);
2729         ret =  put_user(pid_vnr(pid), p);
2730         put_pid(pid);
2731         return ret;
2732 }
2733
2734 /**
2735  *      tiocspgrp               -       attempt to set process group
2736  *      @tty: tty passed by user
2737  *      @real_tty: tty side device matching tty passed by user
2738  *      @p: pid pointer
2739  *
2740  *      Set the process group of the tty to the session passed. Only
2741  *      permitted where the tty session is our session.
2742  *
2743  *      Locking: RCU, ctrl lock
2744  */
2745
2746 static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2747 {
2748         struct pid *pgrp;
2749         pid_t pgrp_nr;
2750         int retval = tty_check_change(real_tty);
2751         unsigned long flags;
2752
2753         if (retval == -EIO)
2754                 return -ENOTTY;
2755         if (retval)
2756                 return retval;
2757         if (!current->signal->tty ||
2758             (current->signal->tty != real_tty) ||
2759             (real_tty->session != task_session(current)))
2760                 return -ENOTTY;
2761         if (get_user(pgrp_nr, p))
2762                 return -EFAULT;
2763         if (pgrp_nr < 0)
2764                 return -EINVAL;
2765         rcu_read_lock();
2766         pgrp = find_vpid(pgrp_nr);
2767         retval = -ESRCH;
2768         if (!pgrp)
2769                 goto out_unlock;
2770         retval = -EPERM;
2771         if (session_of_pgrp(pgrp) != task_session(current))
2772                 goto out_unlock;
2773         retval = 0;
2774         spin_lock_irqsave(&tty->ctrl_lock, flags);
2775         put_pid(real_tty->pgrp);
2776         real_tty->pgrp = get_pid(pgrp);
2777         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2778 out_unlock:
2779         rcu_read_unlock();
2780         return retval;
2781 }
2782
2783 /**
2784  *      tiocgsid                -       get session id
2785  *      @tty: tty passed by user
2786  *      @real_tty: tty side of the tty pased by the user if a pty else the tty
2787  *      @p: pointer to returned session id
2788  *
2789  *      Obtain the session id of the tty. If there is no session
2790  *      return an error.
2791  *
2792  *      Locking: none. Reference to current->signal->tty is safe.
2793  */
2794
2795 static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2796 {
2797         /*
2798          * (tty == real_tty) is a cheap way of
2799          * testing if the tty is NOT a master pty.
2800         */
2801         if (tty == real_tty && current->signal->tty != real_tty)
2802                 return -ENOTTY;
2803         if (!real_tty->session)
2804                 return -ENOTTY;
2805         return put_user(pid_vnr(real_tty->session), p);
2806 }
2807
2808 /**
2809  *      tiocsetd        -       set line discipline
2810  *      @tty: tty device
2811  *      @p: pointer to user data
2812  *
2813  *      Set the line discipline according to user request.
2814  *
2815  *      Locking: see tty_set_ldisc, this function is just a helper
2816  */
2817
2818 static int tiocsetd(struct tty_struct *tty, int __user *p)
2819 {
2820         int ldisc;
2821         int ret;
2822
2823         if (get_user(ldisc, p))
2824                 return -EFAULT;
2825
2826         lock_kernel();
2827         ret = tty_set_ldisc(tty, ldisc);
2828         unlock_kernel();
2829
2830         return ret;
2831 }
2832
2833 /**
2834  *      send_break      -       performed time break
2835  *      @tty: device to break on
2836  *      @duration: timeout in mS
2837  *
2838  *      Perform a timed break on hardware that lacks its own driver level
2839  *      timed break functionality.
2840  *
2841  *      Locking:
2842  *              atomic_write_lock serializes
2843  *
2844  */
2845
2846 static int send_break(struct tty_struct *tty, unsigned int duration)
2847 {
2848         int retval;
2849
2850         if (tty->ops->break_ctl == NULL)
2851                 return 0;
2852
2853         if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
2854                 retval = tty->ops->break_ctl(tty, duration);
2855         else {
2856                 /* Do the work ourselves */
2857                 if (tty_write_lock(tty, 0) < 0)
2858                         return -EINTR;
2859                 retval = tty->ops->break_ctl(tty, -1);
2860                 if (retval)
2861                         goto out;
2862                 if (!signal_pending(current))
2863                         msleep_interruptible(duration);
2864                 retval = tty->ops->break_ctl(tty, 0);
2865 out:
2866                 tty_write_unlock(tty);
2867                 if (signal_pending(current))
2868                         retval = -EINTR;
2869         }
2870         return retval;
2871 }
2872
2873 /**
2874  *      tty_tiocmget            -       get modem status
2875  *      @tty: tty device
2876  *      @file: user file pointer
2877  *      @p: pointer to result
2878  *
2879  *      Obtain the modem status bits from the tty driver if the feature
2880  *      is supported. Return -EINVAL if it is not available.
2881  *
2882  *      Locking: none (up to the driver)
2883  */
2884
2885 static int tty_tiocmget(struct tty_struct *tty, struct file *file, int __user *p)
2886 {
2887         int retval = -EINVAL;
2888
2889         if (tty->ops->tiocmget) {
2890                 retval = tty->ops->tiocmget(tty, file);
2891
2892                 if (retval >= 0)
2893                         retval = put_user(retval, p);
2894         }
2895         return retval;
2896 }
2897
2898 /**
2899  *      tty_tiocmset            -       set modem status
2900  *      @tty: tty device
2901  *      @file: user file pointer
2902  *      @cmd: command - clear bits, set bits or set all
2903  *      @p: pointer to desired bits
2904  *
2905  *      Set the modem status bits from the tty driver if the feature
2906  *      is supported. Return -EINVAL if it is not available.
2907  *
2908  *      Locking: none (up to the driver)
2909  */
2910
2911 static int tty_tiocmset(struct tty_struct *tty, struct file *file, unsigned int cmd,
2912              unsigned __user *p)
2913 {
2914         int retval;
2915         unsigned int set, clear, val;
2916
2917         if (tty->ops->tiocmset == NULL)
2918                 return -EINVAL;
2919
2920         retval = get_user(val, p);
2921         if (retval)
2922                 return retval;
2923         set = clear = 0;
2924         switch (cmd) {
2925         case TIOCMBIS:
2926                 set = val;
2927                 break;
2928         case TIOCMBIC:
2929                 clear = val;
2930                 break;
2931         case TIOCMSET:
2932                 set = val;
2933                 clear = ~val;
2934                 break;
2935         }
2936         set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2937         clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2938         return tty->ops->tiocmset(tty, file, set, clear);
2939 }
2940
2941 /*
2942  * Split this up, as gcc can choke on it otherwise..
2943  */
2944 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2945 {
2946         struct tty_struct *tty, *real_tty;
2947         void __user *p = (void __user *)arg;
2948         int retval;
2949         struct tty_ldisc *ld;
2950         struct inode *inode = file->f_dentry->d_inode;
2951
2952         tty = (struct tty_struct *)file->private_data;
2953         if (tty_paranoia_check(tty, inode, "tty_ioctl"))
2954                 return -EINVAL;
2955
2956         real_tty = tty;
2957         if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2958             tty->driver->subtype == PTY_TYPE_MASTER)
2959                 real_tty = tty->link;
2960
2961
2962         /*
2963          * Factor out some common prep work
2964          */
2965         switch (cmd) {
2966         case TIOCSETD:
2967         case TIOCSBRK:
2968         case TIOCCBRK:
2969         case TCSBRK:
2970         case TCSBRKP:
2971                 retval = tty_check_change(tty);
2972                 if (retval)
2973                         return retval;
2974                 if (cmd != TIOCCBRK) {
2975                         tty_wait_until_sent(tty, 0);
2976                         if (signal_pending(current))
2977                                 return -EINTR;
2978                 }
2979                 break;
2980         }
2981
2982         /*
2983          *      Now do the stuff.
2984          */
2985         switch (cmd) {
2986         case TIOCSTI:
2987                 return tiocsti(tty, p);
2988         case TIOCGWINSZ:
2989                 return tiocgwinsz(tty, p);
2990         case TIOCSWINSZ:
2991                 return tiocswinsz(tty, real_tty, p);
2992         case TIOCCONS:
2993                 return real_tty != tty ? -EINVAL : tioccons(file);
2994         case FIONBIO:
2995                 return fionbio(file, p);
2996         case TIOCEXCL:
2997                 set_bit(TTY_EXCLUSIVE, &tty->flags);
2998                 return 0;
2999         case TIOCNXCL:
3000                 clear_bit(TTY_EXCLUSIVE, &tty->flags);
3001                 return 0;
3002         case TIOCNOTTY:
3003                 if (current->signal->tty != tty)
3004                         return -ENOTTY;
3005                 no_tty();
3006                 return 0;
3007         case TIOCSCTTY:
3008                 return tiocsctty(tty, arg);
3009         case TIOCGPGRP:
3010                 return tiocgpgrp(tty, real_tty, p);
3011         case TIOCSPGRP:
3012                 return tiocspgrp(tty, real_tty, p);
3013         case TIOCGSID:
3014                 return tiocgsid(tty, real_tty, p);
3015         case TIOCGETD:
3016                 return put_user(tty->ldisc.ops->num, (int __user *)p);
3017         case TIOCSETD:
3018                 return tiocsetd(tty, p);
3019 #ifdef CONFIG_VT
3020         case TIOCLINUX:
3021                 return tioclinux(tty, arg);
3022 #endif
3023         /*
3024          * Break handling
3025          */
3026         case TIOCSBRK:  /* Turn break on, unconditionally */
3027                 if (tty->ops->break_ctl)
3028                         return tty->ops->break_ctl(tty, -1);
3029                 return 0;
3030         case TIOCCBRK:  /* Turn break off, unconditionally */
3031                 if (tty->ops->break_ctl)
3032                         return tty->ops->break_ctl(tty, 0);
3033                 return 0;
3034         case TCSBRK:   /* SVID version: non-zero arg --> no break */
3035                 /* non-zero arg means wait for all output data
3036                  * to be sent (performed above) but don't send break.
3037                  * This is used by the tcdrain() termios function.
3038                  */
3039                 if (!arg)
3040                         return send_break(tty, 250);
3041                 return 0;
3042         case TCSBRKP:   /* support for POSIX tcsendbreak() */
3043                 return send_break(tty, arg ? arg*100 : 250);
3044
3045         case TIOCMGET:
3046                 return tty_tiocmget(tty, file, p);
3047         case TIOCMSET:
3048         case TIOCMBIC:
3049         case TIOCMBIS:
3050                 return tty_tiocmset(tty, file, cmd, p);
3051         case TCFLSH:
3052                 switch (arg) {
3053                 case TCIFLUSH:
3054                 case TCIOFLUSH:
3055                 /* flush tty buffer and allow ldisc to process ioctl */
3056                         tty_buffer_flush(tty);
3057                         break;
3058                 }
3059                 break;
3060         }
3061         if (tty->ops->ioctl) {
3062                 retval = (tty->ops->ioctl)(tty, file, cmd, arg);
3063                 if (retval != -ENOIOCTLCMD)
3064                         return retval;
3065         }
3066         ld = tty_ldisc_ref_wait(tty);
3067         retval = -EINVAL;
3068         if (ld->ops->ioctl) {
3069                 retval = ld->ops->ioctl(tty, file, cmd, arg);
3070                 if (retval == -ENOIOCTLCMD)
3071                         retval = -EINVAL;
3072         }
3073         tty_ldisc_deref(ld);
3074         return retval;
3075 }
3076
3077 #ifdef CONFIG_COMPAT
3078 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
3079                                 unsigned long arg)
3080 {
3081         struct inode *inode = file->f_dentry->d_inode;
3082         struct tty_struct *tty = file->private_data;
3083         struct tty_ldisc *ld;
3084         int retval = -ENOIOCTLCMD;
3085
3086         if (tty_paranoia_check(tty, inode, "tty_ioctl"))
3087                 return -EINVAL;
3088
3089         if (tty->ops->compat_ioctl) {
3090                 retval = (tty->ops->compat_ioctl)(tty, file, cmd, arg);
3091                 if (retval != -ENOIOCTLCMD)
3092                         return retval;
3093         }
3094
3095         ld = tty_ldisc_ref_wait(tty);
3096         if (ld->ops->compat_ioctl)
3097                 retval = ld->ops->compat_ioctl(tty, file, cmd, arg);
3098         tty_ldisc_deref(ld);
3099
3100         return retval;
3101 }
3102 #endif
3103
3104 /*
3105  * This implements the "Secure Attention Key" ---  the idea is to
3106  * prevent trojan horses by killing all processes associated with this
3107  * tty when the user hits the "Secure Attention Key".  Required for
3108  * super-paranoid applications --- see the Orange Book for more details.
3109  *
3110  * This code could be nicer; ideally it should send a HUP, wait a few
3111  * seconds, then send a INT, and then a KILL signal.  But you then
3112  * have to coordinate with the init process, since all processes associated
3113  * with the current tty must be dead before the new getty is allowed
3114  * to spawn.
3115  *
3116  * Now, if it would be correct ;-/ The current code has a nasty hole -
3117  * it doesn't catch files in flight. We may send the descriptor to ourselves
3118  * via AF_UNIX socket, close it and later fetch from socket. FIXME.
3119  *
3120  * Nasty bug: do_SAK is being called in interrupt context.  This can
3121  * deadlock.  We punt it up to process context.  AKPM - 16Mar2001
3122  */
3123 void __do_SAK(struct tty_struct *tty)
3124 {
3125 #ifdef TTY_SOFT_SAK
3126         tty_hangup(tty);
3127 #else
3128         struct task_struct *g, *p;
3129         struct pid *session;
3130         int             i;
3131         struct file     *filp;
3132         struct fdtable *fdt;
3133
3134         if (!tty)
3135                 return;
3136         session = tty->session;
3137
3138         tty_ldisc_flush(tty);
3139
3140         tty_driver_flush_buffer(tty);
3141
3142         read_lock(&tasklist_lock);
3143         /* Kill the entire session */
3144         do_each_pid_task(session, PIDTYPE_SID, p) {
3145                 printk(KERN_NOTICE "SAK: killed process %d"
3146                         " (%s): task_session_nr(p)==tty->session\n",
3147                         task_pid_nr(p), p->comm);
3148                 send_sig(SIGKILL, p, 1);
3149         } while_each_pid_task(session, PIDTYPE_SID, p);
3150         /* Now kill any processes that happen to have the
3151          * tty open.
3152          */
3153         do_each_thread(g, p) {
3154                 if (p->signal->tty == tty) {
3155                         printk(KERN_NOTICE "SAK: killed process %d"
3156                             " (%s): task_session_nr(p)==tty->session\n",
3157                             task_pid_nr(p), p->comm);
3158                         send_sig(SIGKILL, p, 1);
3159                         continue;
3160                 }
3161                 task_lock(p);
3162                 if (p->files) {
3163                         /*
3164                          * We don't take a ref to the file, so we must
3165                          * hold ->file_lock instead.
3166                          */
3167                         spin_lock(&p->files->file_lock);
3168                         fdt = files_fdtable(p->files);
3169                         for (i = 0; i < fdt->max_fds; i++) {
3170                                 filp = fcheck_files(p->files, i);
3171                                 if (!filp)
3172                                         continue;
3173                                 if (filp->f_op->read == tty_read &&
3174                                     filp->private_data == tty) {
3175                                         printk(KERN_NOTICE "SAK: killed process %d"
3176                                             " (%s): fd#%d opened to the tty\n",
3177                                             task_pid_nr(p), p->comm, i);
3178                                         force_sig(SIGKILL, p);
3179                                         break;
3180                                 }
3181                         }
3182                         spin_unlock(&p->files->file_lock);
3183                 }
3184                 task_unlock(p);
3185         } while_each_thread(g, p);
3186         read_unlock(&tasklist_lock);
3187 #endif
3188 }
3189
3190 static void do_SAK_work(struct work_struct *work)
3191 {
3192         struct tty_struct *tty =
3193                 container_of(work, struct tty_struct, SAK_work);
3194         __do_SAK(tty);
3195 }
3196
3197 /*
3198  * The tq handling here is a little racy - tty->SAK_work may already be queued.
3199  * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3200  * the values which we write to it will be identical to the values which it
3201  * already has. --akpm
3202  */
3203 void do_SAK(struct tty_struct *tty)
3204 {
3205         if (!tty)
3206                 return;
3207         schedule_work(&tty->SAK_work);
3208 }
3209
3210 EXPORT_SYMBOL(do_SAK);
3211
3212 /**
3213  *      flush_to_ldisc
3214  *      @work: tty structure passed from work queue.
3215  *
3216  *      This routine is called out of the software interrupt to flush data
3217  *      from the buffer chain to the line discipline.
3218  *
3219  *      Locking: holds tty->buf.lock to guard buffer list. Drops the lock
3220  *      while invoking the line discipline receive_buf method. The
3221  *      receive_buf method is single threaded for each tty instance.
3222  */
3223
3224 static void flush_to_ldisc(struct work_struct *work)
3225 {
3226         struct tty_struct *tty =
3227                 container_of(work, struct tty_struct, buf.work.work);
3228         unsigned long   flags;
3229         struct tty_ldisc *disc;
3230         struct tty_buffer *tbuf, *head;
3231         char *char_buf;
3232         unsigned char *flag_buf;
3233
3234         disc = tty_ldisc_ref(tty);
3235         if (disc == NULL)       /*  !TTY_LDISC */
3236                 return;
3237
3238         spin_lock_irqsave(&tty->buf.lock, flags);
3239         /* So we know a flush is running */
3240         set_bit(TTY_FLUSHING, &tty->flags);
3241         head = tty->buf.head;
3242         if (head != NULL) {
3243                 tty->buf.head = NULL;
3244                 for (;;) {
3245                         int count = head->commit - head->read;
3246                         if (!count) {
3247                                 if (head->next == NULL)
3248                                         break;
3249                                 tbuf = head;
3250                                 head = head->next;
3251                                 tty_buffer_free(tty, tbuf);
3252                                 continue;
3253                         }
3254                         /* Ldisc or user is trying to flush the buffers
3255                            we are feeding to the ldisc, stop feeding the
3256                            line discipline as we want to empty the queue */
3257                         if (test_bit(TTY_FLUSHPENDING, &tty->flags))
3258                                 break;
3259                         if (!tty->receive_room) {
3260                                 schedule_delayed_work(&tty->buf.work, 1);
3261                                 break;
3262                         }
3263                         if (count > tty->receive_room)
3264                                 count = tty->receive_room;
3265                         char_buf = head->char_buf_ptr + head->read;
3266                         flag_buf = head->flag_buf_ptr + head->read;
3267                         head->read += count;
3268                         spin_unlock_irqrestore(&tty->buf.lock, flags);
3269                         disc->ops->receive_buf(tty, char_buf,
3270                                                         flag_buf, count);
3271                         spin_lock_irqsave(&tty->buf.lock, flags);
3272                 }
3273                 /* Restore the queue head */
3274                 tty->buf.head = head;
3275         }
3276         /* We may have a deferred request to flush the input buffer,
3277            if so pull the chain under the lock and empty the queue */
3278         if (test_bit(TTY_FLUSHPENDING, &tty->flags)) {
3279                 __tty_buffer_flush(tty);
3280                 clear_bit(TTY_FLUSHPENDING, &tty->flags);
3281                 wake_up(&tty->read_wait);
3282         }
3283         clear_bit(TTY_FLUSHING, &tty->flags);
3284         spin_unlock_irqrestore(&tty->buf.lock, flags);
3285
3286         tty_ldisc_deref(disc);
3287 }
3288
3289 /**
3290  *      tty_flip_buffer_push    -       terminal
3291  *      @tty: tty to push
3292  *
3293  *      Queue a push of the terminal flip buffers to the line discipline. This
3294  *      function must not be called from IRQ context if tty->low_latency is set.
3295  *
3296  *      In the event of the queue being busy for flipping the work will be
3297  *      held off and retried later.
3298  *
3299  *      Locking: tty buffer lock. Driver locks in low latency mode.
3300  */
3301
3302 void tty_flip_buffer_push(struct tty_struct *tty)
3303 {
3304         unsigned long flags;
3305         spin_lock_irqsave(&tty->buf.lock, flags);
3306         if (tty->buf.tail != NULL)
3307                 tty->buf.tail->commit = tty->buf.tail->used;
3308         spin_unlock_irqrestore(&tty->buf.lock, flags);
3309
3310         if (tty->low_latency)
3311                 flush_to_ldisc(&tty->buf.work.work);
3312         else
3313                 schedule_delayed_work(&tty->buf.work, 1);
3314 }
3315
3316 EXPORT_SYMBOL(tty_flip_buffer_push);
3317
3318
3319 /**
3320  *      initialize_tty_struct
3321  *      @tty: tty to initialize
3322  *
3323  *      This subroutine initializes a tty structure that has been newly
3324  *      allocated.
3325  *
3326  *      Locking: none - tty in question must not be exposed at this point
3327  */
3328
3329 static void initialize_tty_struct(struct tty_struct *tty)
3330 {
3331         memset(tty, 0, sizeof(struct tty_struct));
3332         tty->magic = TTY_MAGIC;
3333         tty_ldisc_init(tty);
3334         tty->session = NULL;
3335         tty->pgrp = NULL;
3336         tty->overrun_time = jiffies;
3337         tty->buf.head = tty->buf.tail = NULL;
3338         tty_buffer_init(tty);
3339         INIT_DELAYED_WORK(&tty->buf.work, flush_to_ldisc);
3340         mutex_init(&tty->termios_mutex);
3341         init_waitqueue_head(&tty->write_wait);
3342         init_waitqueue_head(&tty->read_wait);
3343         INIT_WORK(&tty->hangup_work, do_tty_hangup);
3344         mutex_init(&tty->atomic_read_lock);
3345         mutex_init(&tty->atomic_write_lock);
3346         spin_lock_init(&tty->read_lock);
3347         spin_lock_init(&tty->ctrl_lock);
3348         INIT_LIST_HEAD(&tty->tty_files);
3349         INIT_WORK(&tty->SAK_work, do_SAK_work);
3350 }
3351
3352 /**
3353  *      tty_put_char    -       write one character to a tty
3354  *      @tty: tty
3355  *      @ch: character
3356  *
3357  *      Write one byte to the tty using the provided put_char method
3358  *      if present. Returns the number of characters successfully output.
3359  *
3360  *      Note: the specific put_char operation in the driver layer may go
3361  *      away soon. Don't call it directly, use this method
3362  */
3363
3364 int tty_put_char(struct tty_struct *tty, unsigned char ch)
3365 {
3366         if (tty->ops->put_char)
3367                 return tty->ops->put_char(tty, ch);
3368         return tty->ops->write(tty, &ch, 1);
3369 }
3370
3371 EXPORT_SYMBOL_GPL(tty_put_char);
3372
3373 static struct class *tty_class;
3374
3375 /**
3376  *      tty_register_device - register a tty device
3377  *      @driver: the tty driver that describes the tty device
3378  *      @index: the index in the tty driver for this tty device
3379  *      @device: a struct device that is associated with this tty device.
3380  *              This field is optional, if there is no known struct device
3381  *              for this tty device it can be set to NULL safely.
3382  *
3383  *      Returns a pointer to the struct device for this tty device
3384  *      (or ERR_PTR(-EFOO) on error).
3385  *
3386  *      This call is required to be made to register an individual tty device
3387  *      if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set.  If
3388  *      that bit is not set, this function should not be called by a tty
3389  *      driver.
3390  *
3391  *      Locking: ??
3392  */
3393
3394 struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3395                                    struct device *device)
3396 {
3397         char name[64];
3398         dev_t dev = MKDEV(driver->major, driver->minor_start) + index;
3399
3400         if (index >= driver->num) {
3401                 printk(KERN_ERR "Attempt to register invalid tty line number "
3402                        " (%d).\n", index);
3403                 return ERR_PTR(-EINVAL);
3404         }
3405
3406         if (driver->type == TTY_DRIVER_TYPE_PTY)
3407                 pty_line_name(driver, index, name);
3408         else
3409                 tty_line_name(driver, index, name);
3410
3411         return device_create_drvdata(tty_class, device, dev, NULL, name);
3412 }
3413
3414 /**
3415  *      tty_unregister_device - unregister a tty device
3416  *      @driver: the tty driver that describes the tty device
3417  *      @index: the index in the tty driver for this tty device
3418  *
3419  *      If a tty device is registered with a call to tty_register_device() then
3420  *      this function must be called when the tty device is gone.
3421  *
3422  *      Locking: ??
3423  */
3424
3425 void tty_unregister_device(struct tty_driver *driver, unsigned index)
3426 {
3427         device_destroy(tty_class,
3428                 MKDEV(driver->major, driver->minor_start) + index);
3429 }
3430
3431 EXPORT_SYMBOL(tty_register_device);
3432 EXPORT_SYMBOL(tty_unregister_device);
3433
3434 struct tty_driver *alloc_tty_driver(int lines)
3435 {
3436         struct tty_driver *driver;
3437
3438         driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL);
3439         if (driver) {
3440                 driver->magic = TTY_DRIVER_MAGIC;
3441                 driver->num = lines;
3442                 /* later we'll move allocation of tables here */
3443         }
3444         return driver;
3445 }
3446
3447 void put_tty_driver(struct tty_driver *driver)
3448 {
3449         kfree(driver);
3450 }
3451
3452 void tty_set_operations(struct tty_driver *driver,
3453                         const struct tty_operations *op)
3454 {
3455         driver->ops = op;
3456 };
3457
3458 EXPORT_SYMBOL(alloc_tty_driver);
3459 EXPORT_SYMBOL(put_tty_driver);
3460 EXPORT_SYMBOL(tty_set_operations);
3461
3462 /*
3463  * Called by a tty driver to register itself.
3464  */
3465 int tty_register_driver(struct tty_driver *driver)
3466 {
3467         int error;
3468         int i;
3469         dev_t dev;
3470         void **p = NULL;
3471
3472         if (driver->flags & TTY_DRIVER_INSTALLED)
3473                 return 0;
3474
3475         if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM) && driver->num) {
3476                 p = kzalloc(driver->num * 3 * sizeof(void *), GFP_KERNEL);
3477                 if (!p)
3478                         return -ENOMEM;
3479         }
3480
3481         if (!driver->major) {
3482                 error = alloc_chrdev_region(&dev, driver->minor_start,
3483                                                 driver->num, driver->name);
3484                 if (!error) {
3485                         driver->major = MAJOR(dev);
3486                         driver->minor_start = MINOR(dev);
3487                 }
3488         } else {
3489                 dev = MKDEV(driver->major, driver->minor_start);
3490                 error = register_chrdev_region(dev, driver->num, driver->name);
3491         }
3492         if (error < 0) {
3493                 kfree(p);
3494                 return error;
3495         }
3496
3497         if (p) {
3498                 driver->ttys = (struct tty_struct **)p;
3499                 driver->termios = (struct ktermios **)(p + driver->num);
3500                 driver->termios_locked = (struct ktermios **)
3501                                                         (p + driver->num * 2);
3502         } else {
3503                 driver->ttys = NULL;
3504                 driver->termios = NULL;
3505                 driver->termios_locked = NULL;
3506         }
3507
3508         cdev_init(&driver->cdev, &tty_fops);
3509         driver->cdev.owner = driver->owner;
3510         error = cdev_add(&driver->cdev, dev, driver->num);
3511         if (error) {
3512                 unregister_chrdev_region(dev, driver->num);
3513                 driver->ttys = NULL;
3514                 driver->termios = driver->termios_locked = NULL;
3515                 kfree(p);
3516                 return error;
3517         }
3518
3519         mutex_lock(&tty_mutex);
3520         list_add(&driver->tty_drivers, &tty_drivers);
3521         mutex_unlock(&tty_mutex);
3522
3523         if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
3524                 for (i = 0; i < driver->num; i++)
3525                     tty_register_device(driver, i, NULL);
3526         }
3527         proc_tty_register_driver(driver);
3528         return 0;
3529 }
3530
3531 EXPORT_SYMBOL(tty_register_driver);
3532
3533 /*
3534  * Called by a tty driver to unregister itself.
3535  */
3536 int tty_unregister_driver(struct tty_driver *driver)
3537 {
3538         int i;
3539         struct ktermios *tp;
3540         void *p;
3541
3542         if (driver->refcount)
3543                 return -EBUSY;
3544
3545         unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3546                                 driver->num);
3547         mutex_lock(&tty_mutex);
3548         list_del(&driver->tty_drivers);
3549         mutex_unlock(&tty_mutex);
3550
3551         /*
3552          * Free the termios and termios_locked structures because
3553          * we don't want to get memory leaks when modular tty
3554          * drivers are removed from the kernel.
3555          */
3556         for (i = 0; i < driver->num; i++) {
3557                 tp = driver->termios[i];
3558                 if (tp) {
3559                         driver->termios[i] = NULL;
3560                         kfree(tp);
3561                 }
3562                 tp = driver->termios_locked[i];
3563                 if (tp) {
3564                         driver->termios_locked[i] = NULL;
3565                         kfree(tp);
3566                 }
3567                 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3568                         tty_unregister_device(driver, i);
3569         }
3570         p = driver->ttys;
3571         proc_tty_unregister_driver(driver);
3572         driver->ttys = NULL;
3573         driver->termios = driver->termios_locked = NULL;
3574         kfree(p);
3575         cdev_del(&driver->cdev);
3576         return 0;
3577 }
3578 EXPORT_SYMBOL(tty_unregister_driver);
3579
3580 dev_t tty_devnum(struct tty_struct *tty)
3581 {
3582         return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3583 }
3584 EXPORT_SYMBOL(tty_devnum);
3585
3586 void proc_clear_tty(struct task_struct *p)
3587 {
3588         spin_lock_irq(&p->sighand->siglock);
3589         p->signal->tty = NULL;
3590         spin_unlock_irq(&p->sighand->siglock);
3591 }
3592
3593 /* Called under the sighand lock */
3594
3595 static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
3596 {
3597         if (tty) {
3598                 unsigned long flags;
3599                 /* We should not have a session or pgrp to put here but.... */
3600                 spin_lock_irqsave(&tty->ctrl_lock, flags);
3601                 put_pid(tty->session);
3602                 put_pid(tty->pgrp);
3603                 tty->pgrp = get_pid(task_pgrp(tsk));
3604                 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
3605                 tty->session = get_pid(task_session(tsk));
3606         }
3607         put_pid(tsk->signal->tty_old_pgrp);
3608         tsk->signal->tty = tty;
3609         tsk->signal->tty_old_pgrp = NULL;
3610 }
3611
3612 static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
3613 {
3614         spin_lock_irq(&tsk->sighand->siglock);
3615         __proc_set_tty(tsk, tty);
3616         spin_unlock_irq(&tsk->sighand->siglock);
3617 }
3618
3619 struct tty_struct *get_current_tty(void)
3620 {
3621         struct tty_struct *tty;
3622         WARN_ON_ONCE(!mutex_is_locked(&tty_mutex));
3623         tty = current->signal->tty;
3624         /*
3625          * session->tty can be changed/cleared from under us, make sure we
3626          * issue the load. The obtained pointer, when not NULL, is valid as
3627          * long as we hold tty_mutex.
3628          */
3629         barrier();
3630         return tty;
3631 }
3632 EXPORT_SYMBOL_GPL(get_current_tty);
3633
3634 /*
3635  * Initialize the console device. This is called *early*, so
3636  * we can't necessarily depend on lots of kernel help here.
3637  * Just do some early initializations, and do the complex setup
3638  * later.
3639  */
3640 void __init console_init(void)
3641 {
3642         initcall_t *call;
3643
3644         /* Setup the default TTY line discipline. */
3645         tty_ldisc_begin();
3646
3647         /*
3648          * set up the console device so that later boot sequences can
3649          * inform about problems etc..
3650          */
3651         call = __con_initcall_start;
3652         while (call < __con_initcall_end) {
3653                 (*call)();
3654                 call++;
3655         }
3656 }
3657
3658 static int __init tty_class_init(void)
3659 {
3660         tty_class = class_create(THIS_MODULE, "tty");
3661         if (IS_ERR(tty_class))
3662                 return PTR_ERR(tty_class);
3663         return 0;
3664 }
3665
3666 postcore_initcall(tty_class_init);
3667
3668 /* 3/2004 jmc: why do these devices exist? */
3669
3670 static struct cdev tty_cdev, console_cdev;
3671 #ifdef CONFIG_UNIX98_PTYS
3672 static struct cdev ptmx_cdev;
3673 #endif
3674 #ifdef CONFIG_VT
3675 static struct cdev vc0_cdev;
3676 #endif
3677
3678 /*
3679  * Ok, now we can initialize the rest of the tty devices and can count
3680  * on memory allocations, interrupts etc..
3681  */
3682 static int __init tty_init(void)
3683 {
3684         cdev_init(&tty_cdev, &tty_fops);
3685         if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3686             register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3687                 panic("Couldn't register /dev/tty driver\n");
3688         device_create_drvdata(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL,
3689                               "tty");
3690
3691         cdev_init(&console_cdev, &console_fops);
3692         if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3693             register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3694                 panic("Couldn't register /dev/console driver\n");
3695         device_create_drvdata(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), NULL,
3696                               "console");
3697
3698 #ifdef CONFIG_UNIX98_PTYS
3699         cdev_init(&ptmx_cdev, &ptmx_fops);
3700         if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) ||
3701             register_chrdev_region(MKDEV(TTYAUX_MAJOR, 2), 1, "/dev/ptmx") < 0)
3702                 panic("Couldn't register /dev/ptmx driver\n");
3703         device_create_drvdata(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 2), NULL, "ptmx");
3704 #endif
3705
3706 #ifdef CONFIG_VT
3707         cdev_init(&vc0_cdev, &console_fops);
3708         if (cdev_add(&vc0_cdev, MKDEV(TTY_MAJOR, 0), 1) ||
3709             register_chrdev_region(MKDEV(TTY_MAJOR, 0), 1, "/dev/vc/0") < 0)
3710                 panic("Couldn't register /dev/tty0 driver\n");
3711         device_create_drvdata(tty_class, NULL, MKDEV(TTY_MAJOR, 0), NULL, "tty0");
3712
3713         vty_init();
3714 #endif
3715         return 0;
3716 }
3717 module_init(tty_init);