Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/x86/linux...
[linux-2.6] / drivers / char / tty_io.c
1 /*
2  *  linux/drivers/char/tty_io.c
3  *
4  *  Copyright (C) 1991, 1992  Linus Torvalds
5  */
6
7 /*
8  * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
9  * or rs-channels. It also implements echoing, cooked mode etc.
10  *
11  * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
12  *
13  * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
14  * tty_struct and tty_queue structures.  Previously there was an array
15  * of 256 tty_struct's which was statically allocated, and the
16  * tty_queue structures were allocated at boot time.  Both are now
17  * dynamically allocated only when the tty is open.
18  *
19  * Also restructured routines so that there is more of a separation
20  * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
21  * the low-level tty routines (serial.c, pty.c, console.c).  This
22  * makes for cleaner and more compact code.  -TYT, 9/17/92
23  *
24  * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
25  * which can be dynamically activated and de-activated by the line
26  * discipline handling modules (like SLIP).
27  *
28  * NOTE: pay no attention to the line discipline code (yet); its
29  * interface is still subject to change in this version...
30  * -- TYT, 1/31/92
31  *
32  * Added functionality to the OPOST tty handling.  No delays, but all
33  * other bits should be there.
34  *      -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
35  *
36  * Rewrote canonical mode and added more termios flags.
37  *      -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
38  *
39  * Reorganized FASYNC support so mouse code can share it.
40  *      -- ctm@ardi.com, 9Sep95
41  *
42  * New TIOCLINUX variants added.
43  *      -- mj@k332.feld.cvut.cz, 19-Nov-95
44  *
45  * Restrict vt switching via ioctl()
46  *      -- grif@cs.ucr.edu, 5-Dec-95
47  *
48  * Move console and virtual terminal code to more appropriate files,
49  * implement CONFIG_VT and generalize console device interface.
50  *      -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
51  *
52  * Rewrote init_dev and release_dev to eliminate races.
53  *      -- Bill Hawes <whawes@star.net>, June 97
54  *
55  * Added devfs support.
56  *      -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
57  *
58  * Added support for a Unix98-style ptmx device.
59  *      -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
60  *
61  * Reduced memory usage for older ARM systems
62  *      -- Russell King <rmk@arm.linux.org.uk>
63  *
64  * Move do_SAK() into process context.  Less stack use in devfs functions.
65  * alloc_tty_struct() always uses kmalloc()
66  *                       -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
67  */
68
69 #include <linux/types.h>
70 #include <linux/major.h>
71 #include <linux/errno.h>
72 #include <linux/signal.h>
73 #include <linux/fcntl.h>
74 #include <linux/sched.h>
75 #include <linux/interrupt.h>
76 #include <linux/tty.h>
77 #include <linux/tty_driver.h>
78 #include <linux/tty_flip.h>
79 #include <linux/devpts_fs.h>
80 #include <linux/file.h>
81 #include <linux/fdtable.h>
82 #include <linux/console.h>
83 #include <linux/timer.h>
84 #include <linux/ctype.h>
85 #include <linux/kd.h>
86 #include <linux/mm.h>
87 #include <linux/string.h>
88 #include <linux/slab.h>
89 #include <linux/poll.h>
90 #include <linux/proc_fs.h>
91 #include <linux/init.h>
92 #include <linux/module.h>
93 #include <linux/smp_lock.h>
94 #include <linux/device.h>
95 #include <linux/wait.h>
96 #include <linux/bitops.h>
97 #include <linux/delay.h>
98
99 #include <asm/uaccess.h>
100 #include <asm/system.h>
101
102 #include <linux/kbd_kern.h>
103 #include <linux/vt_kern.h>
104 #include <linux/selection.h>
105
106 #include <linux/kmod.h>
107 #include <linux/nsproxy.h>
108
109 #undef TTY_DEBUG_HANGUP
110
111 #define TTY_PARANOIA_CHECK 1
112 #define CHECK_TTY_COUNT 1
113
114 struct ktermios tty_std_termios = {     /* for the benefit of tty drivers  */
115         .c_iflag = ICRNL | IXON,
116         .c_oflag = OPOST | ONLCR,
117         .c_cflag = B38400 | CS8 | CREAD | HUPCL,
118         .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
119                    ECHOCTL | ECHOKE | IEXTEN,
120         .c_cc = INIT_C_CC,
121         .c_ispeed = 38400,
122         .c_ospeed = 38400
123 };
124
125 EXPORT_SYMBOL(tty_std_termios);
126
127 /* This list gets poked at by procfs and various bits of boot up code. This
128    could do with some rationalisation such as pulling the tty proc function
129    into this file */
130
131 LIST_HEAD(tty_drivers);                 /* linked list of tty drivers */
132
133 /* Mutex to protect creating and releasing a tty. This is shared with
134    vt.c for deeply disgusting hack reasons */
135 DEFINE_MUTEX(tty_mutex);
136 EXPORT_SYMBOL(tty_mutex);
137
138 #ifdef CONFIG_UNIX98_PTYS
139 extern struct tty_driver *ptm_driver;   /* Unix98 pty masters; for /dev/ptmx */
140 static int ptmx_open(struct inode *, struct file *);
141 #endif
142
143 static void initialize_tty_struct(struct tty_struct *tty);
144
145 static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
146 static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
147 ssize_t redirected_tty_write(struct file *, const char __user *,
148                                                         size_t, loff_t *);
149 static unsigned int tty_poll(struct file *, poll_table *);
150 static int tty_open(struct inode *, struct file *);
151 static int tty_release(struct inode *, struct file *);
152 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
153 #ifdef CONFIG_COMPAT
154 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
155                                 unsigned long arg);
156 #else
157 #define tty_compat_ioctl NULL
158 #endif
159 static int tty_fasync(int fd, struct file *filp, int on);
160 static void release_tty(struct tty_struct *tty, int idx);
161 static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
162 static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
163
164 /**
165  *      alloc_tty_struct        -       allocate a tty object
166  *
167  *      Return a new empty tty structure. The data fields have not
168  *      been initialized in any way but has been zeroed
169  *
170  *      Locking: none
171  */
172
173 static struct tty_struct *alloc_tty_struct(void)
174 {
175         return kzalloc(sizeof(struct tty_struct), GFP_KERNEL);
176 }
177
178 static void tty_buffer_free_all(struct tty_struct *);
179
180 /**
181  *      free_tty_struct         -       free a disused tty
182  *      @tty: tty struct to free
183  *
184  *      Free the write buffers, tty queue and tty memory itself.
185  *
186  *      Locking: none. Must be called after tty is definitely unused
187  */
188
189 static inline void free_tty_struct(struct tty_struct *tty)
190 {
191         kfree(tty->write_buf);
192         tty_buffer_free_all(tty);
193         kfree(tty);
194 }
195
196 #define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
197
198 /**
199  *      tty_name        -       return tty naming
200  *      @tty: tty structure
201  *      @buf: buffer for output
202  *
203  *      Convert a tty structure into a name. The name reflects the kernel
204  *      naming policy and if udev is in use may not reflect user space
205  *
206  *      Locking: none
207  */
208
209 char *tty_name(struct tty_struct *tty, char *buf)
210 {
211         if (!tty) /* Hmm.  NULL pointer.  That's fun. */
212                 strcpy(buf, "NULL tty");
213         else
214                 strcpy(buf, tty->name);
215         return buf;
216 }
217
218 EXPORT_SYMBOL(tty_name);
219
220 int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
221                               const char *routine)
222 {
223 #ifdef TTY_PARANOIA_CHECK
224         if (!tty) {
225                 printk(KERN_WARNING
226                         "null TTY for (%d:%d) in %s\n",
227                         imajor(inode), iminor(inode), routine);
228                 return 1;
229         }
230         if (tty->magic != TTY_MAGIC) {
231                 printk(KERN_WARNING
232                         "bad magic number for tty struct (%d:%d) in %s\n",
233                         imajor(inode), iminor(inode), routine);
234                 return 1;
235         }
236 #endif
237         return 0;
238 }
239
240 static int check_tty_count(struct tty_struct *tty, const char *routine)
241 {
242 #ifdef CHECK_TTY_COUNT
243         struct list_head *p;
244         int count = 0;
245
246         file_list_lock();
247         list_for_each(p, &tty->tty_files) {
248                 count++;
249         }
250         file_list_unlock();
251         if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
252             tty->driver->subtype == PTY_TYPE_SLAVE &&
253             tty->link && tty->link->count)
254                 count++;
255         if (tty->count != count) {
256                 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
257                                     "!= #fd's(%d) in %s\n",
258                        tty->name, tty->count, count, routine);
259                 return count;
260         }
261 #endif
262         return 0;
263 }
264
265 /*
266  * Tty buffer allocation management
267  */
268
269 /**
270  *      tty_buffer_free_all             -       free buffers used by a tty
271  *      @tty: tty to free from
272  *
273  *      Remove all the buffers pending on a tty whether queued with data
274  *      or in the free ring. Must be called when the tty is no longer in use
275  *
276  *      Locking: none
277  */
278
279 static void tty_buffer_free_all(struct tty_struct *tty)
280 {
281         struct tty_buffer *thead;
282         while ((thead = tty->buf.head) != NULL) {
283                 tty->buf.head = thead->next;
284                 kfree(thead);
285         }
286         while ((thead = tty->buf.free) != NULL) {
287                 tty->buf.free = thead->next;
288                 kfree(thead);
289         }
290         tty->buf.tail = NULL;
291         tty->buf.memory_used = 0;
292 }
293
294 /**
295  *      tty_buffer_init         -       prepare a tty buffer structure
296  *      @tty: tty to initialise
297  *
298  *      Set up the initial state of the buffer management for a tty device.
299  *      Must be called before the other tty buffer functions are used.
300  *
301  *      Locking: none
302  */
303
304 static void tty_buffer_init(struct tty_struct *tty)
305 {
306         spin_lock_init(&tty->buf.lock);
307         tty->buf.head = NULL;
308         tty->buf.tail = NULL;
309         tty->buf.free = NULL;
310         tty->buf.memory_used = 0;
311 }
312
313 /**
314  *      tty_buffer_alloc        -       allocate a tty buffer
315  *      @tty: tty device
316  *      @size: desired size (characters)
317  *
318  *      Allocate a new tty buffer to hold the desired number of characters.
319  *      Return NULL if out of memory or the allocation would exceed the
320  *      per device queue
321  *
322  *      Locking: Caller must hold tty->buf.lock
323  */
324
325 static struct tty_buffer *tty_buffer_alloc(struct tty_struct *tty, size_t size)
326 {
327         struct tty_buffer *p;
328
329         if (tty->buf.memory_used + size > 65536)
330                 return NULL;
331         p = kmalloc(sizeof(struct tty_buffer) + 2 * size, GFP_ATOMIC);
332         if (p == NULL)
333                 return NULL;
334         p->used = 0;
335         p->size = size;
336         p->next = NULL;
337         p->commit = 0;
338         p->read = 0;
339         p->char_buf_ptr = (char *)(p->data);
340         p->flag_buf_ptr = (unsigned char *)p->char_buf_ptr + size;
341         tty->buf.memory_used += size;
342         return p;
343 }
344
345 /**
346  *      tty_buffer_free         -       free a tty buffer
347  *      @tty: tty owning the buffer
348  *      @b: the buffer to free
349  *
350  *      Free a tty buffer, or add it to the free list according to our
351  *      internal strategy
352  *
353  *      Locking: Caller must hold tty->buf.lock
354  */
355
356 static void tty_buffer_free(struct tty_struct *tty, struct tty_buffer *b)
357 {
358         /* Dumb strategy for now - should keep some stats */
359         tty->buf.memory_used -= b->size;
360         WARN_ON(tty->buf.memory_used < 0);
361
362         if (b->size >= 512)
363                 kfree(b);
364         else {
365                 b->next = tty->buf.free;
366                 tty->buf.free = b;
367         }
368 }
369
370 /**
371  *      __tty_buffer_flush              -       flush full tty buffers
372  *      @tty: tty to flush
373  *
374  *      flush all the buffers containing receive data. Caller must
375  *      hold the buffer lock and must have ensured no parallel flush to
376  *      ldisc is running.
377  *
378  *      Locking: Caller must hold tty->buf.lock
379  */
380
381 static void __tty_buffer_flush(struct tty_struct *tty)
382 {
383         struct tty_buffer *thead;
384
385         while ((thead = tty->buf.head) != NULL) {
386                 tty->buf.head = thead->next;
387                 tty_buffer_free(tty, thead);
388         }
389         tty->buf.tail = NULL;
390 }
391
392 /**
393  *      tty_buffer_flush                -       flush full tty buffers
394  *      @tty: tty to flush
395  *
396  *      flush all the buffers containing receive data. If the buffer is
397  *      being processed by flush_to_ldisc then we defer the processing
398  *      to that function
399  *
400  *      Locking: none
401  */
402
403 static void tty_buffer_flush(struct tty_struct *tty)
404 {
405         unsigned long flags;
406         spin_lock_irqsave(&tty->buf.lock, flags);
407
408         /* If the data is being pushed to the tty layer then we can't
409            process it here. Instead set a flag and the flush_to_ldisc
410            path will process the flush request before it exits */
411         if (test_bit(TTY_FLUSHING, &tty->flags)) {
412                 set_bit(TTY_FLUSHPENDING, &tty->flags);
413                 spin_unlock_irqrestore(&tty->buf.lock, flags);
414                 wait_event(tty->read_wait,
415                                 test_bit(TTY_FLUSHPENDING, &tty->flags) == 0);
416                 return;
417         } else
418                 __tty_buffer_flush(tty);
419         spin_unlock_irqrestore(&tty->buf.lock, flags);
420 }
421
422 /**
423  *      tty_buffer_find         -       find a free tty buffer
424  *      @tty: tty owning the buffer
425  *      @size: characters wanted
426  *
427  *      Locate an existing suitable tty buffer or if we are lacking one then
428  *      allocate a new one. We round our buffers off in 256 character chunks
429  *      to get better allocation behaviour.
430  *
431  *      Locking: Caller must hold tty->buf.lock
432  */
433
434 static struct tty_buffer *tty_buffer_find(struct tty_struct *tty, size_t size)
435 {
436         struct tty_buffer **tbh = &tty->buf.free;
437         while ((*tbh) != NULL) {
438                 struct tty_buffer *t = *tbh;
439                 if (t->size >= size) {
440                         *tbh = t->next;
441                         t->next = NULL;
442                         t->used = 0;
443                         t->commit = 0;
444                         t->read = 0;
445                         tty->buf.memory_used += t->size;
446                         return t;
447                 }
448                 tbh = &((*tbh)->next);
449         }
450         /* Round the buffer size out */
451         size = (size + 0xFF) & ~0xFF;
452         return tty_buffer_alloc(tty, size);
453         /* Should possibly check if this fails for the largest buffer we
454            have queued and recycle that ? */
455 }
456
457 /**
458  *      tty_buffer_request_room         -       grow tty buffer if needed
459  *      @tty: tty structure
460  *      @size: size desired
461  *
462  *      Make at least size bytes of linear space available for the tty
463  *      buffer. If we fail return the size we managed to find.
464  *
465  *      Locking: Takes tty->buf.lock
466  */
467 int tty_buffer_request_room(struct tty_struct *tty, size_t size)
468 {
469         struct tty_buffer *b, *n;
470         int left;
471         unsigned long flags;
472
473         spin_lock_irqsave(&tty->buf.lock, flags);
474
475         /* OPTIMISATION: We could keep a per tty "zero" sized buffer to
476            remove this conditional if its worth it. This would be invisible
477            to the callers */
478         if ((b = tty->buf.tail) != NULL)
479                 left = b->size - b->used;
480         else
481                 left = 0;
482
483         if (left < size) {
484                 /* This is the slow path - looking for new buffers to use */
485                 if ((n = tty_buffer_find(tty, size)) != NULL) {
486                         if (b != NULL) {
487                                 b->next = n;
488                                 b->commit = b->used;
489                         } else
490                                 tty->buf.head = n;
491                         tty->buf.tail = n;
492                 } else
493                         size = left;
494         }
495
496         spin_unlock_irqrestore(&tty->buf.lock, flags);
497         return size;
498 }
499 EXPORT_SYMBOL_GPL(tty_buffer_request_room);
500
501 /**
502  *      tty_insert_flip_string  -       Add characters to the tty buffer
503  *      @tty: tty structure
504  *      @chars: characters
505  *      @size: size
506  *
507  *      Queue a series of bytes to the tty buffering. All the characters
508  *      passed are marked as without error. Returns the number added.
509  *
510  *      Locking: Called functions may take tty->buf.lock
511  */
512
513 int tty_insert_flip_string(struct tty_struct *tty, const unsigned char *chars,
514                                 size_t size)
515 {
516         int copied = 0;
517         do {
518                 int space = tty_buffer_request_room(tty, size - copied);
519                 struct tty_buffer *tb = tty->buf.tail;
520                 /* If there is no space then tb may be NULL */
521                 if (unlikely(space == 0))
522                         break;
523                 memcpy(tb->char_buf_ptr + tb->used, chars, space);
524                 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
525                 tb->used += space;
526                 copied += space;
527                 chars += space;
528                 /* There is a small chance that we need to split the data over
529                    several buffers. If this is the case we must loop */
530         } while (unlikely(size > copied));
531         return copied;
532 }
533 EXPORT_SYMBOL(tty_insert_flip_string);
534
535 /**
536  *      tty_insert_flip_string_flags    -       Add characters to the tty buffer
537  *      @tty: tty structure
538  *      @chars: characters
539  *      @flags: flag bytes
540  *      @size: size
541  *
542  *      Queue a series of bytes to the tty buffering. For each character
543  *      the flags array indicates the status of the character. Returns the
544  *      number added.
545  *
546  *      Locking: Called functions may take tty->buf.lock
547  */
548
549 int tty_insert_flip_string_flags(struct tty_struct *tty,
550                 const unsigned char *chars, const char *flags, size_t size)
551 {
552         int copied = 0;
553         do {
554                 int space = tty_buffer_request_room(tty, size - copied);
555                 struct tty_buffer *tb = tty->buf.tail;
556                 /* If there is no space then tb may be NULL */
557                 if (unlikely(space == 0))
558                         break;
559                 memcpy(tb->char_buf_ptr + tb->used, chars, space);
560                 memcpy(tb->flag_buf_ptr + tb->used, flags, space);
561                 tb->used += space;
562                 copied += space;
563                 chars += space;
564                 flags += space;
565                 /* There is a small chance that we need to split the data over
566                    several buffers. If this is the case we must loop */
567         } while (unlikely(size > copied));
568         return copied;
569 }
570 EXPORT_SYMBOL(tty_insert_flip_string_flags);
571
572 /**
573  *      tty_schedule_flip       -       push characters to ldisc
574  *      @tty: tty to push from
575  *
576  *      Takes any pending buffers and transfers their ownership to the
577  *      ldisc side of the queue. It then schedules those characters for
578  *      processing by the line discipline.
579  *
580  *      Locking: Takes tty->buf.lock
581  */
582
583 void tty_schedule_flip(struct tty_struct *tty)
584 {
585         unsigned long flags;
586         spin_lock_irqsave(&tty->buf.lock, flags);
587         if (tty->buf.tail != NULL)
588                 tty->buf.tail->commit = tty->buf.tail->used;
589         spin_unlock_irqrestore(&tty->buf.lock, flags);
590         schedule_delayed_work(&tty->buf.work, 1);
591 }
592 EXPORT_SYMBOL(tty_schedule_flip);
593
594 /**
595  *      tty_prepare_flip_string         -       make room for characters
596  *      @tty: tty
597  *      @chars: return pointer for character write area
598  *      @size: desired size
599  *
600  *      Prepare a block of space in the buffer for data. Returns the length
601  *      available and buffer pointer to the space which is now allocated and
602  *      accounted for as ready for normal characters. This is used for drivers
603  *      that need their own block copy routines into the buffer. There is no
604  *      guarantee the buffer is a DMA target!
605  *
606  *      Locking: May call functions taking tty->buf.lock
607  */
608
609 int tty_prepare_flip_string(struct tty_struct *tty, unsigned char **chars,
610                                                                 size_t size)
611 {
612         int space = tty_buffer_request_room(tty, size);
613         if (likely(space)) {
614                 struct tty_buffer *tb = tty->buf.tail;
615                 *chars = tb->char_buf_ptr + tb->used;
616                 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
617                 tb->used += space;
618         }
619         return space;
620 }
621
622 EXPORT_SYMBOL_GPL(tty_prepare_flip_string);
623
624 /**
625  *      tty_prepare_flip_string_flags   -       make room for characters
626  *      @tty: tty
627  *      @chars: return pointer for character write area
628  *      @flags: return pointer for status flag write area
629  *      @size: desired size
630  *
631  *      Prepare a block of space in the buffer for data. Returns the length
632  *      available and buffer pointer to the space which is now allocated and
633  *      accounted for as ready for characters. This is used for drivers
634  *      that need their own block copy routines into the buffer. There is no
635  *      guarantee the buffer is a DMA target!
636  *
637  *      Locking: May call functions taking tty->buf.lock
638  */
639
640 int tty_prepare_flip_string_flags(struct tty_struct *tty,
641                         unsigned char **chars, char **flags, size_t size)
642 {
643         int space = tty_buffer_request_room(tty, size);
644         if (likely(space)) {
645                 struct tty_buffer *tb = tty->buf.tail;
646                 *chars = tb->char_buf_ptr + tb->used;
647                 *flags = tb->flag_buf_ptr + tb->used;
648                 tb->used += space;
649         }
650         return space;
651 }
652
653 EXPORT_SYMBOL_GPL(tty_prepare_flip_string_flags);
654
655
656
657 /**
658  *      tty_set_termios_ldisc           -       set ldisc field
659  *      @tty: tty structure
660  *      @num: line discipline number
661  *
662  *      This is probably overkill for real world processors but
663  *      they are not on hot paths so a little discipline won't do
664  *      any harm.
665  *
666  *      Locking: takes termios_mutex
667  */
668
669 static void tty_set_termios_ldisc(struct tty_struct *tty, int num)
670 {
671         mutex_lock(&tty->termios_mutex);
672         tty->termios->c_line = num;
673         mutex_unlock(&tty->termios_mutex);
674 }
675
676 /*
677  *      This guards the refcounted line discipline lists. The lock
678  *      must be taken with irqs off because there are hangup path
679  *      callers who will do ldisc lookups and cannot sleep.
680  */
681
682 static DEFINE_SPINLOCK(tty_ldisc_lock);
683 static DECLARE_WAIT_QUEUE_HEAD(tty_ldisc_wait);
684 /* Line disc dispatch table */
685 static struct tty_ldisc tty_ldiscs[NR_LDISCS];
686
687 /**
688  *      tty_register_ldisc      -       install a line discipline
689  *      @disc: ldisc number
690  *      @new_ldisc: pointer to the ldisc object
691  *
692  *      Installs a new line discipline into the kernel. The discipline
693  *      is set up as unreferenced and then made available to the kernel
694  *      from this point onwards.
695  *
696  *      Locking:
697  *              takes tty_ldisc_lock to guard against ldisc races
698  */
699
700 int tty_register_ldisc(int disc, struct tty_ldisc *new_ldisc)
701 {
702         unsigned long flags;
703         int ret = 0;
704
705         if (disc < N_TTY || disc >= NR_LDISCS)
706                 return -EINVAL;
707
708         spin_lock_irqsave(&tty_ldisc_lock, flags);
709         tty_ldiscs[disc] = *new_ldisc;
710         tty_ldiscs[disc].num = disc;
711         tty_ldiscs[disc].flags |= LDISC_FLAG_DEFINED;
712         tty_ldiscs[disc].refcount = 0;
713         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
714
715         return ret;
716 }
717 EXPORT_SYMBOL(tty_register_ldisc);
718
719 /**
720  *      tty_unregister_ldisc    -       unload a line discipline
721  *      @disc: ldisc number
722  *      @new_ldisc: pointer to the ldisc object
723  *
724  *      Remove a line discipline from the kernel providing it is not
725  *      currently in use.
726  *
727  *      Locking:
728  *              takes tty_ldisc_lock to guard against ldisc races
729  */
730
731 int tty_unregister_ldisc(int disc)
732 {
733         unsigned long flags;
734         int ret = 0;
735
736         if (disc < N_TTY || disc >= NR_LDISCS)
737                 return -EINVAL;
738
739         spin_lock_irqsave(&tty_ldisc_lock, flags);
740         if (tty_ldiscs[disc].refcount)
741                 ret = -EBUSY;
742         else
743                 tty_ldiscs[disc].flags &= ~LDISC_FLAG_DEFINED;
744         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
745
746         return ret;
747 }
748 EXPORT_SYMBOL(tty_unregister_ldisc);
749
750 /**
751  *      tty_ldisc_get           -       take a reference to an ldisc
752  *      @disc: ldisc number
753  *
754  *      Takes a reference to a line discipline. Deals with refcounts and
755  *      module locking counts. Returns NULL if the discipline is not available.
756  *      Returns a pointer to the discipline and bumps the ref count if it is
757  *      available
758  *
759  *      Locking:
760  *              takes tty_ldisc_lock to guard against ldisc races
761  */
762
763 struct tty_ldisc *tty_ldisc_get(int disc)
764 {
765         unsigned long flags;
766         struct tty_ldisc *ld;
767
768         if (disc < N_TTY || disc >= NR_LDISCS)
769                 return NULL;
770
771         spin_lock_irqsave(&tty_ldisc_lock, flags);
772
773         ld = &tty_ldiscs[disc];
774         /* Check the entry is defined */
775         if (ld->flags & LDISC_FLAG_DEFINED) {
776                 /* If the module is being unloaded we can't use it */
777                 if (!try_module_get(ld->owner))
778                         ld = NULL;
779                 else /* lock it */
780                         ld->refcount++;
781         } else
782                 ld = NULL;
783         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
784         return ld;
785 }
786
787 EXPORT_SYMBOL_GPL(tty_ldisc_get);
788
789 /**
790  *      tty_ldisc_put           -       drop ldisc reference
791  *      @disc: ldisc number
792  *
793  *      Drop a reference to a line discipline. Manage refcounts and
794  *      module usage counts
795  *
796  *      Locking:
797  *              takes tty_ldisc_lock to guard against ldisc races
798  */
799
800 void tty_ldisc_put(int disc)
801 {
802         struct tty_ldisc *ld;
803         unsigned long flags;
804
805         BUG_ON(disc < N_TTY || disc >= NR_LDISCS);
806
807         spin_lock_irqsave(&tty_ldisc_lock, flags);
808         ld = &tty_ldiscs[disc];
809         BUG_ON(ld->refcount == 0);
810         ld->refcount--;
811         module_put(ld->owner);
812         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
813 }
814
815 EXPORT_SYMBOL_GPL(tty_ldisc_put);
816
817 /**
818  *      tty_ldisc_assign        -       set ldisc on a tty
819  *      @tty: tty to assign
820  *      @ld: line discipline
821  *
822  *      Install an instance of a line discipline into a tty structure. The
823  *      ldisc must have a reference count above zero to ensure it remains/
824  *      The tty instance refcount starts at zero.
825  *
826  *      Locking:
827  *              Caller must hold references
828  */
829
830 static void tty_ldisc_assign(struct tty_struct *tty, struct tty_ldisc *ld)
831 {
832         tty->ldisc = *ld;
833         tty->ldisc.refcount = 0;
834 }
835
836 /**
837  *      tty_ldisc_try           -       internal helper
838  *      @tty: the tty
839  *
840  *      Make a single attempt to grab and bump the refcount on
841  *      the tty ldisc. Return 0 on failure or 1 on success. This is
842  *      used to implement both the waiting and non waiting versions
843  *      of tty_ldisc_ref
844  *
845  *      Locking: takes tty_ldisc_lock
846  */
847
848 static int tty_ldisc_try(struct tty_struct *tty)
849 {
850         unsigned long flags;
851         struct tty_ldisc *ld;
852         int ret = 0;
853
854         spin_lock_irqsave(&tty_ldisc_lock, flags);
855         ld = &tty->ldisc;
856         if (test_bit(TTY_LDISC, &tty->flags)) {
857                 ld->refcount++;
858                 ret = 1;
859         }
860         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
861         return ret;
862 }
863
864 /**
865  *      tty_ldisc_ref_wait      -       wait for the tty ldisc
866  *      @tty: tty device
867  *
868  *      Dereference the line discipline for the terminal and take a
869  *      reference to it. If the line discipline is in flux then
870  *      wait patiently until it changes.
871  *
872  *      Note: Must not be called from an IRQ/timer context. The caller
873  *      must also be careful not to hold other locks that will deadlock
874  *      against a discipline change, such as an existing ldisc reference
875  *      (which we check for)
876  *
877  *      Locking: call functions take tty_ldisc_lock
878  */
879
880 struct tty_ldisc *tty_ldisc_ref_wait(struct tty_struct *tty)
881 {
882         /* wait_event is a macro */
883         wait_event(tty_ldisc_wait, tty_ldisc_try(tty));
884         if (tty->ldisc.refcount == 0)
885                 printk(KERN_ERR "tty_ldisc_ref_wait\n");
886         return &tty->ldisc;
887 }
888
889 EXPORT_SYMBOL_GPL(tty_ldisc_ref_wait);
890
891 /**
892  *      tty_ldisc_ref           -       get the tty ldisc
893  *      @tty: tty device
894  *
895  *      Dereference the line discipline for the terminal and take a
896  *      reference to it. If the line discipline is in flux then
897  *      return NULL. Can be called from IRQ and timer functions.
898  *
899  *      Locking: called functions take tty_ldisc_lock
900  */
901
902 struct tty_ldisc *tty_ldisc_ref(struct tty_struct *tty)
903 {
904         if (tty_ldisc_try(tty))
905                 return &tty->ldisc;
906         return NULL;
907 }
908
909 EXPORT_SYMBOL_GPL(tty_ldisc_ref);
910
911 /**
912  *      tty_ldisc_deref         -       free a tty ldisc reference
913  *      @ld: reference to free up
914  *
915  *      Undoes the effect of tty_ldisc_ref or tty_ldisc_ref_wait. May
916  *      be called in IRQ context.
917  *
918  *      Locking: takes tty_ldisc_lock
919  */
920
921 void tty_ldisc_deref(struct tty_ldisc *ld)
922 {
923         unsigned long flags;
924
925         BUG_ON(ld == NULL);
926
927         spin_lock_irqsave(&tty_ldisc_lock, flags);
928         if (ld->refcount == 0)
929                 printk(KERN_ERR "tty_ldisc_deref: no references.\n");
930         else
931                 ld->refcount--;
932         if (ld->refcount == 0)
933                 wake_up(&tty_ldisc_wait);
934         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
935 }
936
937 EXPORT_SYMBOL_GPL(tty_ldisc_deref);
938
939 /**
940  *      tty_ldisc_enable        -       allow ldisc use
941  *      @tty: terminal to activate ldisc on
942  *
943  *      Set the TTY_LDISC flag when the line discipline can be called
944  *      again. Do necessary wakeups for existing sleepers.
945  *
946  *      Note: nobody should set this bit except via this function. Clearing
947  *      directly is allowed.
948  */
949
950 static void tty_ldisc_enable(struct tty_struct *tty)
951 {
952         set_bit(TTY_LDISC, &tty->flags);
953         wake_up(&tty_ldisc_wait);
954 }
955
956 /**
957  *      tty_set_ldisc           -       set line discipline
958  *      @tty: the terminal to set
959  *      @ldisc: the line discipline
960  *
961  *      Set the discipline of a tty line. Must be called from a process
962  *      context.
963  *
964  *      Locking: takes tty_ldisc_lock.
965  *               called functions take termios_mutex
966  */
967
968 static int tty_set_ldisc(struct tty_struct *tty, int ldisc)
969 {
970         int retval = 0;
971         struct tty_ldisc o_ldisc;
972         char buf[64];
973         int work;
974         unsigned long flags;
975         struct tty_ldisc *ld;
976         struct tty_struct *o_tty;
977
978         if ((ldisc < N_TTY) || (ldisc >= NR_LDISCS))
979                 return -EINVAL;
980
981 restart:
982
983         ld = tty_ldisc_get(ldisc);
984         /* Eduardo Blanco <ejbs@cs.cs.com.uy> */
985         /* Cyrus Durgin <cider@speakeasy.org> */
986         if (ld == NULL) {
987                 request_module("tty-ldisc-%d", ldisc);
988                 ld = tty_ldisc_get(ldisc);
989         }
990         if (ld == NULL)
991                 return -EINVAL;
992
993         /*
994          *      Problem: What do we do if this blocks ?
995          */
996
997         tty_wait_until_sent(tty, 0);
998
999         if (tty->ldisc.num == ldisc) {
1000                 tty_ldisc_put(ldisc);
1001                 return 0;
1002         }
1003
1004         /*
1005          *      No more input please, we are switching. The new ldisc
1006          *      will update this value in the ldisc open function
1007          */
1008
1009         tty->receive_room = 0;
1010
1011         o_ldisc = tty->ldisc;
1012         o_tty = tty->link;
1013
1014         /*
1015          *      Make sure we don't change while someone holds a
1016          *      reference to the line discipline. The TTY_LDISC bit
1017          *      prevents anyone taking a reference once it is clear.
1018          *      We need the lock to avoid racing reference takers.
1019          */
1020
1021         spin_lock_irqsave(&tty_ldisc_lock, flags);
1022         if (tty->ldisc.refcount || (o_tty && o_tty->ldisc.refcount)) {
1023                 if (tty->ldisc.refcount) {
1024                         /* Free the new ldisc we grabbed. Must drop the lock
1025                            first. */
1026                         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1027                         tty_ldisc_put(ldisc);
1028                         /*
1029                          * There are several reasons we may be busy, including
1030                          * random momentary I/O traffic. We must therefore
1031                          * retry. We could distinguish between blocking ops
1032                          * and retries if we made tty_ldisc_wait() smarter.
1033                          * That is up for discussion.
1034                          */
1035                         if (wait_event_interruptible(tty_ldisc_wait, tty->ldisc.refcount == 0) < 0)
1036                                 return -ERESTARTSYS;
1037                         goto restart;
1038                 }
1039                 if (o_tty && o_tty->ldisc.refcount) {
1040                         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1041                         tty_ldisc_put(ldisc);
1042                         if (wait_event_interruptible(tty_ldisc_wait, o_tty->ldisc.refcount == 0) < 0)
1043                                 return -ERESTARTSYS;
1044                         goto restart;
1045                 }
1046         }
1047         /*
1048          *      If the TTY_LDISC bit is set, then we are racing against
1049          *      another ldisc change
1050          */
1051         if (!test_bit(TTY_LDISC, &tty->flags)) {
1052                 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1053                 tty_ldisc_put(ldisc);
1054                 ld = tty_ldisc_ref_wait(tty);
1055                 tty_ldisc_deref(ld);
1056                 goto restart;
1057         }
1058
1059         clear_bit(TTY_LDISC, &tty->flags);
1060         if (o_tty)
1061                 clear_bit(TTY_LDISC, &o_tty->flags);
1062         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1063
1064         /*
1065          *      From this point on we know nobody has an ldisc
1066          *      usage reference, nor can they obtain one until
1067          *      we say so later on.
1068          */
1069
1070         work = cancel_delayed_work(&tty->buf.work);
1071         /*
1072          * Wait for ->hangup_work and ->buf.work handlers to terminate
1073          */
1074         flush_scheduled_work();
1075         /* Shutdown the current discipline. */
1076         if (tty->ldisc.close)
1077                 (tty->ldisc.close)(tty);
1078
1079         /* Now set up the new line discipline. */
1080         tty_ldisc_assign(tty, ld);
1081         tty_set_termios_ldisc(tty, ldisc);
1082         if (tty->ldisc.open)
1083                 retval = (tty->ldisc.open)(tty);
1084         if (retval < 0) {
1085                 tty_ldisc_put(ldisc);
1086                 /* There is an outstanding reference here so this is safe */
1087                 tty_ldisc_assign(tty, tty_ldisc_get(o_ldisc.num));
1088                 tty_set_termios_ldisc(tty, tty->ldisc.num);
1089                 if (tty->ldisc.open && (tty->ldisc.open(tty) < 0)) {
1090                         tty_ldisc_put(o_ldisc.num);
1091                         /* This driver is always present */
1092                         tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
1093                         tty_set_termios_ldisc(tty, N_TTY);
1094                         if (tty->ldisc.open) {
1095                                 int r = tty->ldisc.open(tty);
1096
1097                                 if (r < 0)
1098                                         panic("Couldn't open N_TTY ldisc for "
1099                                               "%s --- error %d.",
1100                                               tty_name(tty, buf), r);
1101                         }
1102                 }
1103         }
1104         /* At this point we hold a reference to the new ldisc and a
1105            a reference to the old ldisc. If we ended up flipping back
1106            to the existing ldisc we have two references to it */
1107
1108         if (tty->ldisc.num != o_ldisc.num && tty->ops->set_ldisc)
1109                 tty->ops->set_ldisc(tty);
1110
1111         tty_ldisc_put(o_ldisc.num);
1112
1113         /*
1114          *      Allow ldisc referencing to occur as soon as the driver
1115          *      ldisc callback completes.
1116          */
1117
1118         tty_ldisc_enable(tty);
1119         if (o_tty)
1120                 tty_ldisc_enable(o_tty);
1121
1122         /* Restart it in case no characters kick it off. Safe if
1123            already running */
1124         if (work)
1125                 schedule_delayed_work(&tty->buf.work, 1);
1126         return retval;
1127 }
1128
1129 /**
1130  *      get_tty_driver          -       find device of a tty
1131  *      @dev_t: device identifier
1132  *      @index: returns the index of the tty
1133  *
1134  *      This routine returns a tty driver structure, given a device number
1135  *      and also passes back the index number.
1136  *
1137  *      Locking: caller must hold tty_mutex
1138  */
1139
1140 static struct tty_driver *get_tty_driver(dev_t device, int *index)
1141 {
1142         struct tty_driver *p;
1143
1144         list_for_each_entry(p, &tty_drivers, tty_drivers) {
1145                 dev_t base = MKDEV(p->major, p->minor_start);
1146                 if (device < base || device >= base + p->num)
1147                         continue;
1148                 *index = device - base;
1149                 return p;
1150         }
1151         return NULL;
1152 }
1153
1154 #ifdef CONFIG_CONSOLE_POLL
1155
1156 /**
1157  *      tty_find_polling_driver -       find device of a polled tty
1158  *      @name: name string to match
1159  *      @line: pointer to resulting tty line nr
1160  *
1161  *      This routine returns a tty driver structure, given a name
1162  *      and the condition that the tty driver is capable of polled
1163  *      operation.
1164  */
1165 struct tty_driver *tty_find_polling_driver(char *name, int *line)
1166 {
1167         struct tty_driver *p, *res = NULL;
1168         int tty_line = 0;
1169         char *str;
1170
1171         mutex_lock(&tty_mutex);
1172         /* Search through the tty devices to look for a match */
1173         list_for_each_entry(p, &tty_drivers, tty_drivers) {
1174                 str = name + strlen(p->name);
1175                 tty_line = simple_strtoul(str, &str, 10);
1176                 if (*str == ',')
1177                         str++;
1178                 if (*str == '\0')
1179                         str = NULL;
1180
1181                 if (tty_line >= 0 && tty_line <= p->num && p->ops &&
1182                     p->ops->poll_init && !p->ops->poll_init(p, tty_line, str)) {
1183                         res = p;
1184                         *line = tty_line;
1185                         break;
1186                 }
1187         }
1188         mutex_unlock(&tty_mutex);
1189
1190         return res;
1191 }
1192 EXPORT_SYMBOL_GPL(tty_find_polling_driver);
1193 #endif
1194
1195 /**
1196  *      tty_check_change        -       check for POSIX terminal changes
1197  *      @tty: tty to check
1198  *
1199  *      If we try to write to, or set the state of, a terminal and we're
1200  *      not in the foreground, send a SIGTTOU.  If the signal is blocked or
1201  *      ignored, go ahead and perform the operation.  (POSIX 7.2)
1202  *
1203  *      Locking: ctrl_lock
1204  */
1205
1206 int tty_check_change(struct tty_struct *tty)
1207 {
1208         unsigned long flags;
1209         int ret = 0;
1210
1211         if (current->signal->tty != tty)
1212                 return 0;
1213
1214         spin_lock_irqsave(&tty->ctrl_lock, flags);
1215
1216         if (!tty->pgrp) {
1217                 printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n");
1218                 goto out;
1219         }
1220         if (task_pgrp(current) == tty->pgrp)
1221                 goto out;
1222         if (is_ignored(SIGTTOU))
1223                 goto out;
1224         if (is_current_pgrp_orphaned()) {
1225                 ret = -EIO;
1226                 goto out;
1227         }
1228         kill_pgrp(task_pgrp(current), SIGTTOU, 1);
1229         set_thread_flag(TIF_SIGPENDING);
1230         ret = -ERESTARTSYS;
1231 out:
1232         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1233         return ret;
1234 }
1235
1236 EXPORT_SYMBOL(tty_check_change);
1237
1238 static ssize_t hung_up_tty_read(struct file *file, char __user *buf,
1239                                 size_t count, loff_t *ppos)
1240 {
1241         return 0;
1242 }
1243
1244 static ssize_t hung_up_tty_write(struct file *file, const char __user *buf,
1245                                  size_t count, loff_t *ppos)
1246 {
1247         return -EIO;
1248 }
1249
1250 /* No kernel lock held - none needed ;) */
1251 static unsigned int hung_up_tty_poll(struct file *filp, poll_table *wait)
1252 {
1253         return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
1254 }
1255
1256 static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
1257                 unsigned long arg)
1258 {
1259         return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
1260 }
1261
1262 static long hung_up_tty_compat_ioctl(struct file *file,
1263                                      unsigned int cmd, unsigned long arg)
1264 {
1265         return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
1266 }
1267
1268 static const struct file_operations tty_fops = {
1269         .llseek         = no_llseek,
1270         .read           = tty_read,
1271         .write          = tty_write,
1272         .poll           = tty_poll,
1273         .unlocked_ioctl = tty_ioctl,
1274         .compat_ioctl   = tty_compat_ioctl,
1275         .open           = tty_open,
1276         .release        = tty_release,
1277         .fasync         = tty_fasync,
1278 };
1279
1280 #ifdef CONFIG_UNIX98_PTYS
1281 static const struct file_operations ptmx_fops = {
1282         .llseek         = no_llseek,
1283         .read           = tty_read,
1284         .write          = tty_write,
1285         .poll           = tty_poll,
1286         .unlocked_ioctl = tty_ioctl,
1287         .compat_ioctl   = tty_compat_ioctl,
1288         .open           = ptmx_open,
1289         .release        = tty_release,
1290         .fasync         = tty_fasync,
1291 };
1292 #endif
1293
1294 static const struct file_operations console_fops = {
1295         .llseek         = no_llseek,
1296         .read           = tty_read,
1297         .write          = redirected_tty_write,
1298         .poll           = tty_poll,
1299         .unlocked_ioctl = tty_ioctl,
1300         .compat_ioctl   = tty_compat_ioctl,
1301         .open           = tty_open,
1302         .release        = tty_release,
1303         .fasync         = tty_fasync,
1304 };
1305
1306 static const struct file_operations hung_up_tty_fops = {
1307         .llseek         = no_llseek,
1308         .read           = hung_up_tty_read,
1309         .write          = hung_up_tty_write,
1310         .poll           = hung_up_tty_poll,
1311         .unlocked_ioctl = hung_up_tty_ioctl,
1312         .compat_ioctl   = hung_up_tty_compat_ioctl,
1313         .release        = tty_release,
1314 };
1315
1316 static DEFINE_SPINLOCK(redirect_lock);
1317 static struct file *redirect;
1318
1319 /**
1320  *      tty_wakeup      -       request more data
1321  *      @tty: terminal
1322  *
1323  *      Internal and external helper for wakeups of tty. This function
1324  *      informs the line discipline if present that the driver is ready
1325  *      to receive more output data.
1326  */
1327
1328 void tty_wakeup(struct tty_struct *tty)
1329 {
1330         struct tty_ldisc *ld;
1331
1332         if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
1333                 ld = tty_ldisc_ref(tty);
1334                 if (ld) {
1335                         if (ld->write_wakeup)
1336                                 ld->write_wakeup(tty);
1337                         tty_ldisc_deref(ld);
1338                 }
1339         }
1340         wake_up_interruptible(&tty->write_wait);
1341 }
1342
1343 EXPORT_SYMBOL_GPL(tty_wakeup);
1344
1345 /**
1346  *      tty_ldisc_flush -       flush line discipline queue
1347  *      @tty: tty
1348  *
1349  *      Flush the line discipline queue (if any) for this tty. If there
1350  *      is no line discipline active this is a no-op.
1351  */
1352
1353 void tty_ldisc_flush(struct tty_struct *tty)
1354 {
1355         struct tty_ldisc *ld = tty_ldisc_ref(tty);
1356         if (ld) {
1357                 if (ld->flush_buffer)
1358                         ld->flush_buffer(tty);
1359                 tty_ldisc_deref(ld);
1360         }
1361         tty_buffer_flush(tty);
1362 }
1363
1364 EXPORT_SYMBOL_GPL(tty_ldisc_flush);
1365
1366 /**
1367  *      tty_reset_termios       -       reset terminal state
1368  *      @tty: tty to reset
1369  *
1370  *      Restore a terminal to the driver default state
1371  */
1372
1373 static void tty_reset_termios(struct tty_struct *tty)
1374 {
1375         mutex_lock(&tty->termios_mutex);
1376         *tty->termios = tty->driver->init_termios;
1377         tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
1378         tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
1379         mutex_unlock(&tty->termios_mutex);
1380 }
1381
1382 /**
1383  *      do_tty_hangup           -       actual handler for hangup events
1384  *      @work: tty device
1385  *
1386  *      This can be called by the "eventd" kernel thread.  That is process
1387  *      synchronous but doesn't hold any locks, so we need to make sure we
1388  *      have the appropriate locks for what we're doing.
1389  *
1390  *      The hangup event clears any pending redirections onto the hung up
1391  *      device. It ensures future writes will error and it does the needed
1392  *      line discipline hangup and signal delivery. The tty object itself
1393  *      remains intact.
1394  *
1395  *      Locking:
1396  *              BKL
1397  *                redirect lock for undoing redirection
1398  *                file list lock for manipulating list of ttys
1399  *                tty_ldisc_lock from called functions
1400  *                termios_mutex resetting termios data
1401  *                tasklist_lock to walk task list for hangup event
1402  *                  ->siglock to protect ->signal/->sighand
1403  */
1404 static void do_tty_hangup(struct work_struct *work)
1405 {
1406         struct tty_struct *tty =
1407                 container_of(work, struct tty_struct, hangup_work);
1408         struct file *cons_filp = NULL;
1409         struct file *filp, *f = NULL;
1410         struct task_struct *p;
1411         struct tty_ldisc *ld;
1412         int    closecount = 0, n;
1413         unsigned long flags;
1414
1415         if (!tty)
1416                 return;
1417
1418         /* inuse_filps is protected by the single kernel lock */
1419         lock_kernel();
1420
1421         spin_lock(&redirect_lock);
1422         if (redirect && redirect->private_data == tty) {
1423                 f = redirect;
1424                 redirect = NULL;
1425         }
1426         spin_unlock(&redirect_lock);
1427
1428         check_tty_count(tty, "do_tty_hangup");
1429         file_list_lock();
1430         /* This breaks for file handles being sent over AF_UNIX sockets ? */
1431         list_for_each_entry(filp, &tty->tty_files, f_u.fu_list) {
1432                 if (filp->f_op->write == redirected_tty_write)
1433                         cons_filp = filp;
1434                 if (filp->f_op->write != tty_write)
1435                         continue;
1436                 closecount++;
1437                 tty_fasync(-1, filp, 0);        /* can't block */
1438                 filp->f_op = &hung_up_tty_fops;
1439         }
1440         file_list_unlock();
1441         /*
1442          * FIXME! What are the locking issues here? This may me overdoing
1443          * things... This question is especially important now that we've
1444          * removed the irqlock.
1445          */
1446         ld = tty_ldisc_ref(tty);
1447         if (ld != NULL) {
1448                 /* We may have no line discipline at this point */
1449                 if (ld->flush_buffer)
1450                         ld->flush_buffer(tty);
1451                 tty_driver_flush_buffer(tty);
1452                 if ((test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) &&
1453                     ld->write_wakeup)
1454                         ld->write_wakeup(tty);
1455                 if (ld->hangup)
1456                         ld->hangup(tty);
1457         }
1458         /*
1459          * FIXME: Once we trust the LDISC code better we can wait here for
1460          * ldisc completion and fix the driver call race
1461          */
1462         wake_up_interruptible(&tty->write_wait);
1463         wake_up_interruptible(&tty->read_wait);
1464         /*
1465          * Shutdown the current line discipline, and reset it to
1466          * N_TTY.
1467          */
1468         if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1469                 tty_reset_termios(tty);
1470         /* Defer ldisc switch */
1471         /* tty_deferred_ldisc_switch(N_TTY);
1472
1473           This should get done automatically when the port closes and
1474           tty_release is called */
1475
1476         read_lock(&tasklist_lock);
1477         if (tty->session) {
1478                 do_each_pid_task(tty->session, PIDTYPE_SID, p) {
1479                         spin_lock_irq(&p->sighand->siglock);
1480                         if (p->signal->tty == tty)
1481                                 p->signal->tty = NULL;
1482                         if (!p->signal->leader) {
1483                                 spin_unlock_irq(&p->sighand->siglock);
1484                                 continue;
1485                         }
1486                         __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
1487                         __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
1488                         put_pid(p->signal->tty_old_pgrp);  /* A noop */
1489                         spin_lock_irqsave(&tty->ctrl_lock, flags);
1490                         if (tty->pgrp)
1491                                 p->signal->tty_old_pgrp = get_pid(tty->pgrp);
1492                         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1493                         spin_unlock_irq(&p->sighand->siglock);
1494                 } while_each_pid_task(tty->session, PIDTYPE_SID, p);
1495         }
1496         read_unlock(&tasklist_lock);
1497
1498         spin_lock_irqsave(&tty->ctrl_lock, flags);
1499         tty->flags = 0;
1500         put_pid(tty->session);
1501         put_pid(tty->pgrp);
1502         tty->session = NULL;
1503         tty->pgrp = NULL;
1504         tty->ctrl_status = 0;
1505         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1506
1507         /*
1508          * If one of the devices matches a console pointer, we
1509          * cannot just call hangup() because that will cause
1510          * tty->count and state->count to go out of sync.
1511          * So we just call close() the right number of times.
1512          */
1513         if (cons_filp) {
1514                 if (tty->ops->close)
1515                         for (n = 0; n < closecount; n++)
1516                                 tty->ops->close(tty, cons_filp);
1517         } else if (tty->ops->hangup)
1518                 (tty->ops->hangup)(tty);
1519         /*
1520          * We don't want to have driver/ldisc interactions beyond
1521          * the ones we did here. The driver layer expects no
1522          * calls after ->hangup() from the ldisc side. However we
1523          * can't yet guarantee all that.
1524          */
1525         set_bit(TTY_HUPPED, &tty->flags);
1526         if (ld) {
1527                 tty_ldisc_enable(tty);
1528                 tty_ldisc_deref(ld);
1529         }
1530         unlock_kernel();
1531         if (f)
1532                 fput(f);
1533 }
1534
1535 /**
1536  *      tty_hangup              -       trigger a hangup event
1537  *      @tty: tty to hangup
1538  *
1539  *      A carrier loss (virtual or otherwise) has occurred on this like
1540  *      schedule a hangup sequence to run after this event.
1541  */
1542
1543 void tty_hangup(struct tty_struct *tty)
1544 {
1545 #ifdef TTY_DEBUG_HANGUP
1546         char    buf[64];
1547         printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
1548 #endif
1549         schedule_work(&tty->hangup_work);
1550 }
1551
1552 EXPORT_SYMBOL(tty_hangup);
1553
1554 /**
1555  *      tty_vhangup             -       process vhangup
1556  *      @tty: tty to hangup
1557  *
1558  *      The user has asked via system call for the terminal to be hung up.
1559  *      We do this synchronously so that when the syscall returns the process
1560  *      is complete. That guarantee is necessary for security reasons.
1561  */
1562
1563 void tty_vhangup(struct tty_struct *tty)
1564 {
1565 #ifdef TTY_DEBUG_HANGUP
1566         char    buf[64];
1567
1568         printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
1569 #endif
1570         do_tty_hangup(&tty->hangup_work);
1571 }
1572
1573 EXPORT_SYMBOL(tty_vhangup);
1574
1575 /**
1576  *      tty_hung_up_p           -       was tty hung up
1577  *      @filp: file pointer of tty
1578  *
1579  *      Return true if the tty has been subject to a vhangup or a carrier
1580  *      loss
1581  */
1582
1583 int tty_hung_up_p(struct file *filp)
1584 {
1585         return (filp->f_op == &hung_up_tty_fops);
1586 }
1587
1588 EXPORT_SYMBOL(tty_hung_up_p);
1589
1590 /**
1591  *      is_tty  -       checker whether file is a TTY
1592  *      @filp:          file handle that may be a tty
1593  *
1594  *      Check if the file handle is a tty handle.
1595  */
1596
1597 int is_tty(struct file *filp)
1598 {
1599         return filp->f_op->read == tty_read
1600                 || filp->f_op->read == hung_up_tty_read;
1601 }
1602
1603 static void session_clear_tty(struct pid *session)
1604 {
1605         struct task_struct *p;
1606         do_each_pid_task(session, PIDTYPE_SID, p) {
1607                 proc_clear_tty(p);
1608         } while_each_pid_task(session, PIDTYPE_SID, p);
1609 }
1610
1611 /**
1612  *      disassociate_ctty       -       disconnect controlling tty
1613  *      @on_exit: true if exiting so need to "hang up" the session
1614  *
1615  *      This function is typically called only by the session leader, when
1616  *      it wants to disassociate itself from its controlling tty.
1617  *
1618  *      It performs the following functions:
1619  *      (1)  Sends a SIGHUP and SIGCONT to the foreground process group
1620  *      (2)  Clears the tty from being controlling the session
1621  *      (3)  Clears the controlling tty for all processes in the
1622  *              session group.
1623  *
1624  *      The argument on_exit is set to 1 if called when a process is
1625  *      exiting; it is 0 if called by the ioctl TIOCNOTTY.
1626  *
1627  *      Locking:
1628  *              BKL is taken for hysterical raisins
1629  *                tty_mutex is taken to protect tty
1630  *                ->siglock is taken to protect ->signal/->sighand
1631  *                tasklist_lock is taken to walk process list for sessions
1632  *                  ->siglock is taken to protect ->signal/->sighand
1633  */
1634
1635 void disassociate_ctty(int on_exit)
1636 {
1637         struct tty_struct *tty;
1638         struct pid *tty_pgrp = NULL;
1639
1640
1641         mutex_lock(&tty_mutex);
1642         tty = get_current_tty();
1643         if (tty) {
1644                 tty_pgrp = get_pid(tty->pgrp);
1645                 mutex_unlock(&tty_mutex);
1646                 lock_kernel();
1647                 /* XXX: here we race, there is nothing protecting tty */
1648                 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY)
1649                         tty_vhangup(tty);
1650                 unlock_kernel();
1651         } else if (on_exit) {
1652                 struct pid *old_pgrp;
1653                 spin_lock_irq(&current->sighand->siglock);
1654                 old_pgrp = current->signal->tty_old_pgrp;
1655                 current->signal->tty_old_pgrp = NULL;
1656                 spin_unlock_irq(&current->sighand->siglock);
1657                 if (old_pgrp) {
1658                         kill_pgrp(old_pgrp, SIGHUP, on_exit);
1659                         kill_pgrp(old_pgrp, SIGCONT, on_exit);
1660                         put_pid(old_pgrp);
1661                 }
1662                 mutex_unlock(&tty_mutex);
1663                 return;
1664         }
1665         if (tty_pgrp) {
1666                 kill_pgrp(tty_pgrp, SIGHUP, on_exit);
1667                 if (!on_exit)
1668                         kill_pgrp(tty_pgrp, SIGCONT, on_exit);
1669                 put_pid(tty_pgrp);
1670         }
1671
1672         spin_lock_irq(&current->sighand->siglock);
1673         put_pid(current->signal->tty_old_pgrp);
1674         current->signal->tty_old_pgrp = NULL;
1675         spin_unlock_irq(&current->sighand->siglock);
1676
1677         mutex_lock(&tty_mutex);
1678         /* It is possible that do_tty_hangup has free'd this tty */
1679         tty = get_current_tty();
1680         if (tty) {
1681                 unsigned long flags;
1682                 spin_lock_irqsave(&tty->ctrl_lock, flags);
1683                 put_pid(tty->session);
1684                 put_pid(tty->pgrp);
1685                 tty->session = NULL;
1686                 tty->pgrp = NULL;
1687                 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1688         } else {
1689 #ifdef TTY_DEBUG_HANGUP
1690                 printk(KERN_DEBUG "error attempted to write to tty [0x%p]"
1691                        " = NULL", tty);
1692 #endif
1693         }
1694         mutex_unlock(&tty_mutex);
1695
1696         /* Now clear signal->tty under the lock */
1697         read_lock(&tasklist_lock);
1698         session_clear_tty(task_session(current));
1699         read_unlock(&tasklist_lock);
1700 }
1701
1702 /**
1703  *
1704  *      no_tty  - Ensure the current process does not have a controlling tty
1705  */
1706 void no_tty(void)
1707 {
1708         struct task_struct *tsk = current;
1709         lock_kernel();
1710         if (tsk->signal->leader)
1711                 disassociate_ctty(0);
1712         unlock_kernel();
1713         proc_clear_tty(tsk);
1714 }
1715
1716
1717 /**
1718  *      stop_tty        -       propagate flow control
1719  *      @tty: tty to stop
1720  *
1721  *      Perform flow control to the driver. For PTY/TTY pairs we
1722  *      must also propagate the TIOCKPKT status. May be called
1723  *      on an already stopped device and will not re-call the driver
1724  *      method.
1725  *
1726  *      This functionality is used by both the line disciplines for
1727  *      halting incoming flow and by the driver. It may therefore be
1728  *      called from any context, may be under the tty atomic_write_lock
1729  *      but not always.
1730  *
1731  *      Locking:
1732  *              Uses the tty control lock internally
1733  */
1734
1735 void stop_tty(struct tty_struct *tty)
1736 {
1737         unsigned long flags;
1738         spin_lock_irqsave(&tty->ctrl_lock, flags);
1739         if (tty->stopped) {
1740                 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1741                 return;
1742         }
1743         tty->stopped = 1;
1744         if (tty->link && tty->link->packet) {
1745                 tty->ctrl_status &= ~TIOCPKT_START;
1746                 tty->ctrl_status |= TIOCPKT_STOP;
1747                 wake_up_interruptible(&tty->link->read_wait);
1748         }
1749         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1750         if (tty->ops->stop)
1751                 (tty->ops->stop)(tty);
1752 }
1753
1754 EXPORT_SYMBOL(stop_tty);
1755
1756 /**
1757  *      start_tty       -       propagate flow control
1758  *      @tty: tty to start
1759  *
1760  *      Start a tty that has been stopped if at all possible. Perform
1761  *      any necessary wakeups and propagate the TIOCPKT status. If this
1762  *      is the tty was previous stopped and is being started then the
1763  *      driver start method is invoked and the line discipline woken.
1764  *
1765  *      Locking:
1766  *              ctrl_lock
1767  */
1768
1769 void start_tty(struct tty_struct *tty)
1770 {
1771         unsigned long flags;
1772         spin_lock_irqsave(&tty->ctrl_lock, flags);
1773         if (!tty->stopped || tty->flow_stopped) {
1774                 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1775                 return;
1776         }
1777         tty->stopped = 0;
1778         if (tty->link && tty->link->packet) {
1779                 tty->ctrl_status &= ~TIOCPKT_STOP;
1780                 tty->ctrl_status |= TIOCPKT_START;
1781                 wake_up_interruptible(&tty->link->read_wait);
1782         }
1783         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1784         if (tty->ops->start)
1785                 (tty->ops->start)(tty);
1786         /* If we have a running line discipline it may need kicking */
1787         tty_wakeup(tty);
1788 }
1789
1790 EXPORT_SYMBOL(start_tty);
1791
1792 /**
1793  *      tty_read        -       read method for tty device files
1794  *      @file: pointer to tty file
1795  *      @buf: user buffer
1796  *      @count: size of user buffer
1797  *      @ppos: unused
1798  *
1799  *      Perform the read system call function on this terminal device. Checks
1800  *      for hung up devices before calling the line discipline method.
1801  *
1802  *      Locking:
1803  *              Locks the line discipline internally while needed. Multiple
1804  *      read calls may be outstanding in parallel.
1805  */
1806
1807 static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
1808                         loff_t *ppos)
1809 {
1810         int i;
1811         struct tty_struct *tty;
1812         struct inode *inode;
1813         struct tty_ldisc *ld;
1814
1815         tty = (struct tty_struct *)file->private_data;
1816         inode = file->f_path.dentry->d_inode;
1817         if (tty_paranoia_check(tty, inode, "tty_read"))
1818                 return -EIO;
1819         if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
1820                 return -EIO;
1821
1822         /* We want to wait for the line discipline to sort out in this
1823            situation */
1824         ld = tty_ldisc_ref_wait(tty);
1825         if (ld->read)
1826                 i = (ld->read)(tty, file, buf, count);
1827         else
1828                 i = -EIO;
1829         tty_ldisc_deref(ld);
1830         if (i > 0)
1831                 inode->i_atime = current_fs_time(inode->i_sb);
1832         return i;
1833 }
1834
1835 void tty_write_unlock(struct tty_struct *tty)
1836 {
1837         mutex_unlock(&tty->atomic_write_lock);
1838         wake_up_interruptible(&tty->write_wait);
1839 }
1840
1841 int tty_write_lock(struct tty_struct *tty, int ndelay)
1842 {
1843         if (!mutex_trylock(&tty->atomic_write_lock)) {
1844                 if (ndelay)
1845                         return -EAGAIN;
1846                 if (mutex_lock_interruptible(&tty->atomic_write_lock))
1847                         return -ERESTARTSYS;
1848         }
1849         return 0;
1850 }
1851
1852 /*
1853  * Split writes up in sane blocksizes to avoid
1854  * denial-of-service type attacks
1855  */
1856 static inline ssize_t do_tty_write(
1857         ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1858         struct tty_struct *tty,
1859         struct file *file,
1860         const char __user *buf,
1861         size_t count)
1862 {
1863         ssize_t ret, written = 0;
1864         unsigned int chunk;
1865
1866         ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
1867         if (ret < 0)
1868                 return ret;
1869
1870         /*
1871          * We chunk up writes into a temporary buffer. This
1872          * simplifies low-level drivers immensely, since they
1873          * don't have locking issues and user mode accesses.
1874          *
1875          * But if TTY_NO_WRITE_SPLIT is set, we should use a
1876          * big chunk-size..
1877          *
1878          * The default chunk-size is 2kB, because the NTTY
1879          * layer has problems with bigger chunks. It will
1880          * claim to be able to handle more characters than
1881          * it actually does.
1882          *
1883          * FIXME: This can probably go away now except that 64K chunks
1884          * are too likely to fail unless switched to vmalloc...
1885          */
1886         chunk = 2048;
1887         if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1888                 chunk = 65536;
1889         if (count < chunk)
1890                 chunk = count;
1891
1892         /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1893         if (tty->write_cnt < chunk) {
1894                 unsigned char *buf;
1895
1896                 if (chunk < 1024)
1897                         chunk = 1024;
1898
1899                 buf = kmalloc(chunk, GFP_KERNEL);
1900                 if (!buf) {
1901                         ret = -ENOMEM;
1902                         goto out;
1903                 }
1904                 kfree(tty->write_buf);
1905                 tty->write_cnt = chunk;
1906                 tty->write_buf = buf;
1907         }
1908
1909         /* Do the write .. */
1910         for (;;) {
1911                 size_t size = count;
1912                 if (size > chunk)
1913                         size = chunk;
1914                 ret = -EFAULT;
1915                 if (copy_from_user(tty->write_buf, buf, size))
1916                         break;
1917                 ret = write(tty, file, tty->write_buf, size);
1918                 if (ret <= 0)
1919                         break;
1920                 written += ret;
1921                 buf += ret;
1922                 count -= ret;
1923                 if (!count)
1924                         break;
1925                 ret = -ERESTARTSYS;
1926                 if (signal_pending(current))
1927                         break;
1928                 cond_resched();
1929         }
1930         if (written) {
1931                 struct inode *inode = file->f_path.dentry->d_inode;
1932                 inode->i_mtime = current_fs_time(inode->i_sb);
1933                 ret = written;
1934         }
1935 out:
1936         tty_write_unlock(tty);
1937         return ret;
1938 }
1939
1940
1941 /**
1942  *      tty_write               -       write method for tty device file
1943  *      @file: tty file pointer
1944  *      @buf: user data to write
1945  *      @count: bytes to write
1946  *      @ppos: unused
1947  *
1948  *      Write data to a tty device via the line discipline.
1949  *
1950  *      Locking:
1951  *              Locks the line discipline as required
1952  *              Writes to the tty driver are serialized by the atomic_write_lock
1953  *      and are then processed in chunks to the device. The line discipline
1954  *      write method will not be involked in parallel for each device
1955  *              The line discipline write method is called under the big
1956  *      kernel lock for historical reasons. New code should not rely on this.
1957  */
1958
1959 static ssize_t tty_write(struct file *file, const char __user *buf,
1960                                                 size_t count, loff_t *ppos)
1961 {
1962         struct tty_struct *tty;
1963         struct inode *inode = file->f_path.dentry->d_inode;
1964         ssize_t ret;
1965         struct tty_ldisc *ld;
1966
1967         tty = (struct tty_struct *)file->private_data;
1968         if (tty_paranoia_check(tty, inode, "tty_write"))
1969                 return -EIO;
1970         if (!tty || !tty->ops->write ||
1971                 (test_bit(TTY_IO_ERROR, &tty->flags)))
1972                         return -EIO;
1973         /* Short term debug to catch buggy drivers */
1974         if (tty->ops->write_room == NULL)
1975                 printk(KERN_ERR "tty driver %s lacks a write_room method.\n",
1976                         tty->driver->name);
1977         ld = tty_ldisc_ref_wait(tty);
1978         if (!ld->write)
1979                 ret = -EIO;
1980         else
1981                 ret = do_tty_write(ld->write, tty, file, buf, count);
1982         tty_ldisc_deref(ld);
1983         return ret;
1984 }
1985
1986 ssize_t redirected_tty_write(struct file *file, const char __user *buf,
1987                                                 size_t count, loff_t *ppos)
1988 {
1989         struct file *p = NULL;
1990
1991         spin_lock(&redirect_lock);
1992         if (redirect) {
1993                 get_file(redirect);
1994                 p = redirect;
1995         }
1996         spin_unlock(&redirect_lock);
1997
1998         if (p) {
1999                 ssize_t res;
2000                 res = vfs_write(p, buf, count, &p->f_pos);
2001                 fput(p);
2002                 return res;
2003         }
2004         return tty_write(file, buf, count, ppos);
2005 }
2006
2007 static char ptychar[] = "pqrstuvwxyzabcde";
2008
2009 /**
2010  *      pty_line_name   -       generate name for a pty
2011  *      @driver: the tty driver in use
2012  *      @index: the minor number
2013  *      @p: output buffer of at least 6 bytes
2014  *
2015  *      Generate a name from a driver reference and write it to the output
2016  *      buffer.
2017  *
2018  *      Locking: None
2019  */
2020 static void pty_line_name(struct tty_driver *driver, int index, char *p)
2021 {
2022         int i = index + driver->name_base;
2023         /* ->name is initialized to "ttyp", but "tty" is expected */
2024         sprintf(p, "%s%c%x",
2025                 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
2026                 ptychar[i >> 4 & 0xf], i & 0xf);
2027 }
2028
2029 /**
2030  *      pty_line_name   -       generate name for a tty
2031  *      @driver: the tty driver in use
2032  *      @index: the minor number
2033  *      @p: output buffer of at least 7 bytes
2034  *
2035  *      Generate a name from a driver reference and write it to the output
2036  *      buffer.
2037  *
2038  *      Locking: None
2039  */
2040 static void tty_line_name(struct tty_driver *driver, int index, char *p)
2041 {
2042         sprintf(p, "%s%d", driver->name, index + driver->name_base);
2043 }
2044
2045 /**
2046  *      init_dev                -       initialise a tty device
2047  *      @driver: tty driver we are opening a device on
2048  *      @idx: device index
2049  *      @tty: returned tty structure
2050  *
2051  *      Prepare a tty device. This may not be a "new" clean device but
2052  *      could also be an active device. The pty drivers require special
2053  *      handling because of this.
2054  *
2055  *      Locking:
2056  *              The function is called under the tty_mutex, which
2057  *      protects us from the tty struct or driver itself going away.
2058  *
2059  *      On exit the tty device has the line discipline attached and
2060  *      a reference count of 1. If a pair was created for pty/tty use
2061  *      and the other was a pty master then it too has a reference count of 1.
2062  *
2063  * WSH 06/09/97: Rewritten to remove races and properly clean up after a
2064  * failed open.  The new code protects the open with a mutex, so it's
2065  * really quite straightforward.  The mutex locking can probably be
2066  * relaxed for the (most common) case of reopening a tty.
2067  */
2068
2069 static int init_dev(struct tty_driver *driver, int idx,
2070         struct tty_struct **ret_tty)
2071 {
2072         struct tty_struct *tty, *o_tty;
2073         struct ktermios *tp, **tp_loc, *o_tp, **o_tp_loc;
2074         struct ktermios *ltp, **ltp_loc, *o_ltp, **o_ltp_loc;
2075         int retval = 0;
2076
2077         /* check whether we're reopening an existing tty */
2078         if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
2079                 tty = devpts_get_tty(idx);
2080                 /*
2081                  * If we don't have a tty here on a slave open, it's because
2082                  * the master already started the close process and there's
2083                  * no relation between devpts file and tty anymore.
2084                  */
2085                 if (!tty && driver->subtype == PTY_TYPE_SLAVE) {
2086                         retval = -EIO;
2087                         goto end_init;
2088                 }
2089                 /*
2090                  * It's safe from now on because init_dev() is called with
2091                  * tty_mutex held and release_dev() won't change tty->count
2092                  * or tty->flags without having to grab tty_mutex
2093                  */
2094                 if (tty && driver->subtype == PTY_TYPE_MASTER)
2095                         tty = tty->link;
2096         } else {
2097                 tty = driver->ttys[idx];
2098         }
2099         if (tty) goto fast_track;
2100
2101         /*
2102          * First time open is complex, especially for PTY devices.
2103          * This code guarantees that either everything succeeds and the
2104          * TTY is ready for operation, or else the table slots are vacated
2105          * and the allocated memory released.  (Except that the termios
2106          * and locked termios may be retained.)
2107          */
2108
2109         if (!try_module_get(driver->owner)) {
2110                 retval = -ENODEV;
2111                 goto end_init;
2112         }
2113
2114         o_tty = NULL;
2115         tp = o_tp = NULL;
2116         ltp = o_ltp = NULL;
2117
2118         tty = alloc_tty_struct();
2119         if (!tty)
2120                 goto fail_no_mem;
2121         initialize_tty_struct(tty);
2122         tty->driver = driver;
2123         tty->ops = driver->ops;
2124         tty->index = idx;
2125         tty_line_name(driver, idx, tty->name);
2126
2127         if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
2128                 tp_loc = &tty->termios;
2129                 ltp_loc = &tty->termios_locked;
2130         } else {
2131                 tp_loc = &driver->termios[idx];
2132                 ltp_loc = &driver->termios_locked[idx];
2133         }
2134
2135         if (!*tp_loc) {
2136                 tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
2137                 if (!tp)
2138                         goto free_mem_out;
2139                 *tp = driver->init_termios;
2140         }
2141
2142         if (!*ltp_loc) {
2143                 ltp = kzalloc(sizeof(struct ktermios), GFP_KERNEL);
2144                 if (!ltp)
2145                         goto free_mem_out;
2146         }
2147
2148         if (driver->type == TTY_DRIVER_TYPE_PTY) {
2149                 o_tty = alloc_tty_struct();
2150                 if (!o_tty)
2151                         goto free_mem_out;
2152                 initialize_tty_struct(o_tty);
2153                 o_tty->driver = driver->other;
2154                 o_tty->ops = driver->ops;
2155                 o_tty->index = idx;
2156                 tty_line_name(driver->other, idx, o_tty->name);
2157
2158                 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
2159                         o_tp_loc = &o_tty->termios;
2160                         o_ltp_loc = &o_tty->termios_locked;
2161                 } else {
2162                         o_tp_loc = &driver->other->termios[idx];
2163                         o_ltp_loc = &driver->other->termios_locked[idx];
2164                 }
2165
2166                 if (!*o_tp_loc) {
2167                         o_tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
2168                         if (!o_tp)
2169                                 goto free_mem_out;
2170                         *o_tp = driver->other->init_termios;
2171                 }
2172
2173                 if (!*o_ltp_loc) {
2174                         o_ltp = kzalloc(sizeof(struct ktermios), GFP_KERNEL);
2175                         if (!o_ltp)
2176                                 goto free_mem_out;
2177                 }
2178
2179                 /*
2180                  * Everything allocated ... set up the o_tty structure.
2181                  */
2182                 if (!(driver->other->flags & TTY_DRIVER_DEVPTS_MEM))
2183                         driver->other->ttys[idx] = o_tty;
2184                 if (!*o_tp_loc)
2185                         *o_tp_loc = o_tp;
2186                 if (!*o_ltp_loc)
2187                         *o_ltp_loc = o_ltp;
2188                 o_tty->termios = *o_tp_loc;
2189                 o_tty->termios_locked = *o_ltp_loc;
2190                 driver->other->refcount++;
2191                 if (driver->subtype == PTY_TYPE_MASTER)
2192                         o_tty->count++;
2193
2194                 /* Establish the links in both directions */
2195                 tty->link   = o_tty;
2196                 o_tty->link = tty;
2197         }
2198
2199         /*
2200          * All structures have been allocated, so now we install them.
2201          * Failures after this point use release_tty to clean up, so
2202          * there's no need to null out the local pointers.
2203          */
2204         if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM))
2205                 driver->ttys[idx] = tty;
2206
2207         if (!*tp_loc)
2208                 *tp_loc = tp;
2209         if (!*ltp_loc)
2210                 *ltp_loc = ltp;
2211         tty->termios = *tp_loc;
2212         tty->termios_locked = *ltp_loc;
2213         /* Compatibility until drivers always set this */
2214         tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
2215         tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
2216         driver->refcount++;
2217         tty->count++;
2218
2219         /*
2220          * Structures all installed ... call the ldisc open routines.
2221          * If we fail here just call release_tty to clean up.  No need
2222          * to decrement the use counts, as release_tty doesn't care.
2223          */
2224
2225         if (tty->ldisc.open) {
2226                 retval = (tty->ldisc.open)(tty);
2227                 if (retval)
2228                         goto release_mem_out;
2229         }
2230         if (o_tty && o_tty->ldisc.open) {
2231                 retval = (o_tty->ldisc.open)(o_tty);
2232                 if (retval) {
2233                         if (tty->ldisc.close)
2234                                 (tty->ldisc.close)(tty);
2235                         goto release_mem_out;
2236                 }
2237                 tty_ldisc_enable(o_tty);
2238         }
2239         tty_ldisc_enable(tty);
2240         goto success;
2241
2242         /*
2243          * This fast open can be used if the tty is already open.
2244          * No memory is allocated, and the only failures are from
2245          * attempting to open a closing tty or attempting multiple
2246          * opens on a pty master.
2247          */
2248 fast_track:
2249         if (test_bit(TTY_CLOSING, &tty->flags)) {
2250                 retval = -EIO;
2251                 goto end_init;
2252         }
2253         if (driver->type == TTY_DRIVER_TYPE_PTY &&
2254             driver->subtype == PTY_TYPE_MASTER) {
2255                 /*
2256                  * special case for PTY masters: only one open permitted,
2257                  * and the slave side open count is incremented as well.
2258                  */
2259                 if (tty->count) {
2260                         retval = -EIO;
2261                         goto end_init;
2262                 }
2263                 tty->link->count++;
2264         }
2265         tty->count++;
2266         tty->driver = driver; /* N.B. why do this every time?? */
2267
2268         /* FIXME */
2269         if (!test_bit(TTY_LDISC, &tty->flags))
2270                 printk(KERN_ERR "init_dev but no ldisc\n");
2271 success:
2272         *ret_tty = tty;
2273
2274         /* All paths come through here to release the mutex */
2275 end_init:
2276         return retval;
2277
2278         /* Release locally allocated memory ... nothing placed in slots */
2279 free_mem_out:
2280         kfree(o_tp);
2281         if (o_tty)
2282                 free_tty_struct(o_tty);
2283         kfree(ltp);
2284         kfree(tp);
2285         free_tty_struct(tty);
2286
2287 fail_no_mem:
2288         module_put(driver->owner);
2289         retval = -ENOMEM;
2290         goto end_init;
2291
2292         /* call the tty release_tty routine to clean out this slot */
2293 release_mem_out:
2294         if (printk_ratelimit())
2295                 printk(KERN_INFO "init_dev: ldisc open failed, "
2296                                  "clearing slot %d\n", idx);
2297         release_tty(tty, idx);
2298         goto end_init;
2299 }
2300
2301 /**
2302  *      release_one_tty         -       release tty structure memory
2303  *
2304  *      Releases memory associated with a tty structure, and clears out the
2305  *      driver table slots. This function is called when a device is no longer
2306  *      in use. It also gets called when setup of a device fails.
2307  *
2308  *      Locking:
2309  *              tty_mutex - sometimes only
2310  *              takes the file list lock internally when working on the list
2311  *      of ttys that the driver keeps.
2312  *              FIXME: should we require tty_mutex is held here ??
2313  */
2314 static void release_one_tty(struct tty_struct *tty, int idx)
2315 {
2316         int devpts = tty->driver->flags & TTY_DRIVER_DEVPTS_MEM;
2317         struct ktermios *tp;
2318
2319         if (!devpts)
2320                 tty->driver->ttys[idx] = NULL;
2321
2322         if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
2323                 tp = tty->termios;
2324                 if (!devpts)
2325                         tty->driver->termios[idx] = NULL;
2326                 kfree(tp);
2327
2328                 tp = tty->termios_locked;
2329                 if (!devpts)
2330                         tty->driver->termios_locked[idx] = NULL;
2331                 kfree(tp);
2332         }
2333
2334
2335         tty->magic = 0;
2336         tty->driver->refcount--;
2337
2338         file_list_lock();
2339         list_del_init(&tty->tty_files);
2340         file_list_unlock();
2341
2342         free_tty_struct(tty);
2343 }
2344
2345 /**
2346  *      release_tty             -       release tty structure memory
2347  *
2348  *      Release both @tty and a possible linked partner (think pty pair),
2349  *      and decrement the refcount of the backing module.
2350  *
2351  *      Locking:
2352  *              tty_mutex - sometimes only
2353  *              takes the file list lock internally when working on the list
2354  *      of ttys that the driver keeps.
2355  *              FIXME: should we require tty_mutex is held here ??
2356  */
2357 static void release_tty(struct tty_struct *tty, int idx)
2358 {
2359         struct tty_driver *driver = tty->driver;
2360
2361         if (tty->link)
2362                 release_one_tty(tty->link, idx);
2363         release_one_tty(tty, idx);
2364         module_put(driver->owner);
2365 }
2366
2367 /*
2368  * Even releasing the tty structures is a tricky business.. We have
2369  * to be very careful that the structures are all released at the
2370  * same time, as interrupts might otherwise get the wrong pointers.
2371  *
2372  * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
2373  * lead to double frees or releasing memory still in use.
2374  */
2375 static void release_dev(struct file *filp)
2376 {
2377         struct tty_struct *tty, *o_tty;
2378         int     pty_master, tty_closing, o_tty_closing, do_sleep;
2379         int     devpts;
2380         int     idx;
2381         char    buf[64];
2382         unsigned long flags;
2383
2384         tty = (struct tty_struct *)filp->private_data;
2385         if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode,
2386                                                         "release_dev"))
2387                 return;
2388
2389         check_tty_count(tty, "release_dev");
2390
2391         tty_fasync(-1, filp, 0);
2392
2393         idx = tty->index;
2394         pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2395                       tty->driver->subtype == PTY_TYPE_MASTER);
2396         devpts = (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) != 0;
2397         o_tty = tty->link;
2398
2399 #ifdef TTY_PARANOIA_CHECK
2400         if (idx < 0 || idx >= tty->driver->num) {
2401                 printk(KERN_DEBUG "release_dev: bad idx when trying to "
2402                                   "free (%s)\n", tty->name);
2403                 return;
2404         }
2405         if (!(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2406                 if (tty != tty->driver->ttys[idx]) {
2407                         printk(KERN_DEBUG "release_dev: driver.table[%d] not tty "
2408                                "for (%s)\n", idx, tty->name);
2409                         return;
2410                 }
2411                 if (tty->termios != tty->driver->termios[idx]) {
2412                         printk(KERN_DEBUG "release_dev: driver.termios[%d] not termios "
2413                                "for (%s)\n",
2414                                idx, tty->name);
2415                         return;
2416                 }
2417                 if (tty->termios_locked != tty->driver->termios_locked[idx]) {
2418                         printk(KERN_DEBUG "release_dev: driver.termios_locked[%d] not "
2419                                "termios_locked for (%s)\n",
2420                                idx, tty->name);
2421                         return;
2422                 }
2423         }
2424 #endif
2425
2426 #ifdef TTY_DEBUG_HANGUP
2427         printk(KERN_DEBUG "release_dev of %s (tty count=%d)...",
2428                tty_name(tty, buf), tty->count);
2429 #endif
2430
2431 #ifdef TTY_PARANOIA_CHECK
2432         if (tty->driver->other &&
2433              !(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2434                 if (o_tty != tty->driver->other->ttys[idx]) {
2435                         printk(KERN_DEBUG "release_dev: other->table[%d] "
2436                                           "not o_tty for (%s)\n",
2437                                idx, tty->name);
2438                         return;
2439                 }
2440                 if (o_tty->termios != tty->driver->other->termios[idx]) {
2441                         printk(KERN_DEBUG "release_dev: other->termios[%d] "
2442                                           "not o_termios for (%s)\n",
2443                                idx, tty->name);
2444                         return;
2445                 }
2446                 if (o_tty->termios_locked !=
2447                       tty->driver->other->termios_locked[idx]) {
2448                         printk(KERN_DEBUG "release_dev: other->termios_locked["
2449                                           "%d] not o_termios_locked for (%s)\n",
2450                                idx, tty->name);
2451                         return;
2452                 }
2453                 if (o_tty->link != tty) {
2454                         printk(KERN_DEBUG "release_dev: bad pty pointers\n");
2455                         return;
2456                 }
2457         }
2458 #endif
2459         if (tty->ops->close)
2460                 tty->ops->close(tty, filp);
2461
2462         /*
2463          * Sanity check: if tty->count is going to zero, there shouldn't be
2464          * any waiters on tty->read_wait or tty->write_wait.  We test the
2465          * wait queues and kick everyone out _before_ actually starting to
2466          * close.  This ensures that we won't block while releasing the tty
2467          * structure.
2468          *
2469          * The test for the o_tty closing is necessary, since the master and
2470          * slave sides may close in any order.  If the slave side closes out
2471          * first, its count will be one, since the master side holds an open.
2472          * Thus this test wouldn't be triggered at the time the slave closes,
2473          * so we do it now.
2474          *
2475          * Note that it's possible for the tty to be opened again while we're
2476          * flushing out waiters.  By recalculating the closing flags before
2477          * each iteration we avoid any problems.
2478          */
2479         while (1) {
2480                 /* Guard against races with tty->count changes elsewhere and
2481                    opens on /dev/tty */
2482
2483                 mutex_lock(&tty_mutex);
2484                 tty_closing = tty->count <= 1;
2485                 o_tty_closing = o_tty &&
2486                         (o_tty->count <= (pty_master ? 1 : 0));
2487                 do_sleep = 0;
2488
2489                 if (tty_closing) {
2490                         if (waitqueue_active(&tty->read_wait)) {
2491                                 wake_up(&tty->read_wait);
2492                                 do_sleep++;
2493                         }
2494                         if (waitqueue_active(&tty->write_wait)) {
2495                                 wake_up(&tty->write_wait);
2496                                 do_sleep++;
2497                         }
2498                 }
2499                 if (o_tty_closing) {
2500                         if (waitqueue_active(&o_tty->read_wait)) {
2501                                 wake_up(&o_tty->read_wait);
2502                                 do_sleep++;
2503                         }
2504                         if (waitqueue_active(&o_tty->write_wait)) {
2505                                 wake_up(&o_tty->write_wait);
2506                                 do_sleep++;
2507                         }
2508                 }
2509                 if (!do_sleep)
2510                         break;
2511
2512                 printk(KERN_WARNING "release_dev: %s: read/write wait queue "
2513                                     "active!\n", tty_name(tty, buf));
2514                 mutex_unlock(&tty_mutex);
2515                 schedule();
2516         }
2517
2518         /*
2519          * The closing flags are now consistent with the open counts on
2520          * both sides, and we've completed the last operation that could
2521          * block, so it's safe to proceed with closing.
2522          */
2523         if (pty_master) {
2524                 if (--o_tty->count < 0) {
2525                         printk(KERN_WARNING "release_dev: bad pty slave count "
2526                                             "(%d) for %s\n",
2527                                o_tty->count, tty_name(o_tty, buf));
2528                         o_tty->count = 0;
2529                 }
2530         }
2531         if (--tty->count < 0) {
2532                 printk(KERN_WARNING "release_dev: bad tty->count (%d) for %s\n",
2533                        tty->count, tty_name(tty, buf));
2534                 tty->count = 0;
2535         }
2536
2537         /*
2538          * We've decremented tty->count, so we need to remove this file
2539          * descriptor off the tty->tty_files list; this serves two
2540          * purposes:
2541          *  - check_tty_count sees the correct number of file descriptors
2542          *    associated with this tty.
2543          *  - do_tty_hangup no longer sees this file descriptor as
2544          *    something that needs to be handled for hangups.
2545          */
2546         file_kill(filp);
2547         filp->private_data = NULL;
2548
2549         /*
2550          * Perform some housekeeping before deciding whether to return.
2551          *
2552          * Set the TTY_CLOSING flag if this was the last open.  In the
2553          * case of a pty we may have to wait around for the other side
2554          * to close, and TTY_CLOSING makes sure we can't be reopened.
2555          */
2556         if (tty_closing)
2557                 set_bit(TTY_CLOSING, &tty->flags);
2558         if (o_tty_closing)
2559                 set_bit(TTY_CLOSING, &o_tty->flags);
2560
2561         /*
2562          * If _either_ side is closing, make sure there aren't any
2563          * processes that still think tty or o_tty is their controlling
2564          * tty.
2565          */
2566         if (tty_closing || o_tty_closing) {
2567                 read_lock(&tasklist_lock);
2568                 session_clear_tty(tty->session);
2569                 if (o_tty)
2570                         session_clear_tty(o_tty->session);
2571                 read_unlock(&tasklist_lock);
2572         }
2573
2574         mutex_unlock(&tty_mutex);
2575
2576         /* check whether both sides are closing ... */
2577         if (!tty_closing || (o_tty && !o_tty_closing))
2578                 return;
2579
2580 #ifdef TTY_DEBUG_HANGUP
2581         printk(KERN_DEBUG "freeing tty structure...");
2582 #endif
2583         /*
2584          * Prevent flush_to_ldisc() from rescheduling the work for later.  Then
2585          * kill any delayed work. As this is the final close it does not
2586          * race with the set_ldisc code path.
2587          */
2588         clear_bit(TTY_LDISC, &tty->flags);
2589         cancel_delayed_work(&tty->buf.work);
2590
2591         /*
2592          * Wait for ->hangup_work and ->buf.work handlers to terminate
2593          */
2594
2595         flush_scheduled_work();
2596
2597         /*
2598          * Wait for any short term users (we know they are just driver
2599          * side waiters as the file is closing so user count on the file
2600          * side is zero.
2601          */
2602         spin_lock_irqsave(&tty_ldisc_lock, flags);
2603         while (tty->ldisc.refcount) {
2604                 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
2605                 wait_event(tty_ldisc_wait, tty->ldisc.refcount == 0);
2606                 spin_lock_irqsave(&tty_ldisc_lock, flags);
2607         }
2608         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
2609         /*
2610          * Shutdown the current line discipline, and reset it to N_TTY.
2611          * N.B. why reset ldisc when we're releasing the memory??
2612          *
2613          * FIXME: this MUST get fixed for the new reflocking
2614          */
2615         if (tty->ldisc.close)
2616                 (tty->ldisc.close)(tty);
2617         tty_ldisc_put(tty->ldisc.num);
2618
2619         /*
2620          *      Switch the line discipline back
2621          */
2622         tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
2623         tty_set_termios_ldisc(tty, N_TTY);
2624         if (o_tty) {
2625                 /* FIXME: could o_tty be in setldisc here ? */
2626                 clear_bit(TTY_LDISC, &o_tty->flags);
2627                 if (o_tty->ldisc.close)
2628                         (o_tty->ldisc.close)(o_tty);
2629                 tty_ldisc_put(o_tty->ldisc.num);
2630                 tty_ldisc_assign(o_tty, tty_ldisc_get(N_TTY));
2631                 tty_set_termios_ldisc(o_tty, N_TTY);
2632         }
2633         /*
2634          * The release_tty function takes care of the details of clearing
2635          * the slots and preserving the termios structure.
2636          */
2637         release_tty(tty, idx);
2638
2639         /* Make this pty number available for reallocation */
2640         if (devpts)
2641                 devpts_kill_index(idx);
2642 }
2643
2644 /**
2645  *      tty_open                -       open a tty device
2646  *      @inode: inode of device file
2647  *      @filp: file pointer to tty
2648  *
2649  *      tty_open and tty_release keep up the tty count that contains the
2650  *      number of opens done on a tty. We cannot use the inode-count, as
2651  *      different inodes might point to the same tty.
2652  *
2653  *      Open-counting is needed for pty masters, as well as for keeping
2654  *      track of serial lines: DTR is dropped when the last close happens.
2655  *      (This is not done solely through tty->count, now.  - Ted 1/27/92)
2656  *
2657  *      The termios state of a pty is reset on first open so that
2658  *      settings don't persist across reuse.
2659  *
2660  *      Locking: tty_mutex protects tty, get_tty_driver and init_dev work.
2661  *               tty->count should protect the rest.
2662  *               ->siglock protects ->signal/->sighand
2663  */
2664
2665 static int tty_open(struct inode *inode, struct file *filp)
2666 {
2667         struct tty_struct *tty;
2668         int noctty, retval;
2669         struct tty_driver *driver;
2670         int index;
2671         dev_t device = inode->i_rdev;
2672         unsigned short saved_flags = filp->f_flags;
2673
2674         nonseekable_open(inode, filp);
2675
2676 retry_open:
2677         noctty = filp->f_flags & O_NOCTTY;
2678         index  = -1;
2679         retval = 0;
2680
2681         mutex_lock(&tty_mutex);
2682
2683         if (device == MKDEV(TTYAUX_MAJOR, 0)) {
2684                 tty = get_current_tty();
2685                 if (!tty) {
2686                         mutex_unlock(&tty_mutex);
2687                         return -ENXIO;
2688                 }
2689                 driver = tty->driver;
2690                 index = tty->index;
2691                 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
2692                 /* noctty = 1; */
2693                 goto got_driver;
2694         }
2695 #ifdef CONFIG_VT
2696         if (device == MKDEV(TTY_MAJOR, 0)) {
2697                 extern struct tty_driver *console_driver;
2698                 driver = console_driver;
2699                 index = fg_console;
2700                 noctty = 1;
2701                 goto got_driver;
2702         }
2703 #endif
2704         if (device == MKDEV(TTYAUX_MAJOR, 1)) {
2705                 driver = console_device(&index);
2706                 if (driver) {
2707                         /* Don't let /dev/console block */
2708                         filp->f_flags |= O_NONBLOCK;
2709                         noctty = 1;
2710                         goto got_driver;
2711                 }
2712                 mutex_unlock(&tty_mutex);
2713                 return -ENODEV;
2714         }
2715
2716         driver = get_tty_driver(device, &index);
2717         if (!driver) {
2718                 mutex_unlock(&tty_mutex);
2719                 return -ENODEV;
2720         }
2721 got_driver:
2722         retval = init_dev(driver, index, &tty);
2723         mutex_unlock(&tty_mutex);
2724         if (retval)
2725                 return retval;
2726
2727         filp->private_data = tty;
2728         file_move(filp, &tty->tty_files);
2729         check_tty_count(tty, "tty_open");
2730         if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2731             tty->driver->subtype == PTY_TYPE_MASTER)
2732                 noctty = 1;
2733 #ifdef TTY_DEBUG_HANGUP
2734         printk(KERN_DEBUG "opening %s...", tty->name);
2735 #endif
2736         if (!retval) {
2737                 if (tty->ops->open)
2738                         retval = tty->ops->open(tty, filp);
2739                 else
2740                         retval = -ENODEV;
2741         }
2742         filp->f_flags = saved_flags;
2743
2744         if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) &&
2745                                                 !capable(CAP_SYS_ADMIN))
2746                 retval = -EBUSY;
2747
2748         if (retval) {
2749 #ifdef TTY_DEBUG_HANGUP
2750                 printk(KERN_DEBUG "error %d in opening %s...", retval,
2751                        tty->name);
2752 #endif
2753                 release_dev(filp);
2754                 if (retval != -ERESTARTSYS)
2755                         return retval;
2756                 if (signal_pending(current))
2757                         return retval;
2758                 schedule();
2759                 /*
2760                  * Need to reset f_op in case a hangup happened.
2761                  */
2762                 if (filp->f_op == &hung_up_tty_fops)
2763                         filp->f_op = &tty_fops;
2764                 goto retry_open;
2765         }
2766
2767         mutex_lock(&tty_mutex);
2768         spin_lock_irq(&current->sighand->siglock);
2769         if (!noctty &&
2770             current->signal->leader &&
2771             !current->signal->tty &&
2772             tty->session == NULL)
2773                 __proc_set_tty(current, tty);
2774         spin_unlock_irq(&current->sighand->siglock);
2775         mutex_unlock(&tty_mutex);
2776         return 0;
2777 }
2778
2779 #ifdef CONFIG_UNIX98_PTYS
2780 /**
2781  *      ptmx_open               -       open a unix 98 pty master
2782  *      @inode: inode of device file
2783  *      @filp: file pointer to tty
2784  *
2785  *      Allocate a unix98 pty master device from the ptmx driver.
2786  *
2787  *      Locking: tty_mutex protects theinit_dev work. tty->count should
2788  *              protect the rest.
2789  *              allocated_ptys_lock handles the list of free pty numbers
2790  */
2791
2792 static int ptmx_open(struct inode *inode, struct file *filp)
2793 {
2794         struct tty_struct *tty;
2795         int retval;
2796         int index;
2797
2798         nonseekable_open(inode, filp);
2799
2800         /* find a device that is not in use. */
2801         index = devpts_new_index();
2802         if (index < 0)
2803                 return index;
2804
2805         mutex_lock(&tty_mutex);
2806         retval = init_dev(ptm_driver, index, &tty);
2807         mutex_unlock(&tty_mutex);
2808
2809         if (retval)
2810                 goto out;
2811
2812         set_bit(TTY_PTY_LOCK, &tty->flags); /* LOCK THE SLAVE */
2813         filp->private_data = tty;
2814         file_move(filp, &tty->tty_files);
2815
2816         retval = devpts_pty_new(tty->link);
2817         if (retval)
2818                 goto out1;
2819
2820         check_tty_count(tty, "ptmx_open");
2821         retval = ptm_driver->ops->open(tty, filp);
2822         if (!retval)
2823                 return 0;
2824 out1:
2825         release_dev(filp);
2826         return retval;
2827 out:
2828         devpts_kill_index(index);
2829         return retval;
2830 }
2831 #endif
2832
2833 /**
2834  *      tty_release             -       vfs callback for close
2835  *      @inode: inode of tty
2836  *      @filp: file pointer for handle to tty
2837  *
2838  *      Called the last time each file handle is closed that references
2839  *      this tty. There may however be several such references.
2840  *
2841  *      Locking:
2842  *              Takes bkl. See release_dev
2843  */
2844
2845 static int tty_release(struct inode *inode, struct file *filp)
2846 {
2847         lock_kernel();
2848         release_dev(filp);
2849         unlock_kernel();
2850         return 0;
2851 }
2852
2853 /**
2854  *      tty_poll        -       check tty status
2855  *      @filp: file being polled
2856  *      @wait: poll wait structures to update
2857  *
2858  *      Call the line discipline polling method to obtain the poll
2859  *      status of the device.
2860  *
2861  *      Locking: locks called line discipline but ldisc poll method
2862  *      may be re-entered freely by other callers.
2863  */
2864
2865 static unsigned int tty_poll(struct file *filp, poll_table *wait)
2866 {
2867         struct tty_struct *tty;
2868         struct tty_ldisc *ld;
2869         int ret = 0;
2870
2871         tty = (struct tty_struct *)filp->private_data;
2872         if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_poll"))
2873                 return 0;
2874
2875         ld = tty_ldisc_ref_wait(tty);
2876         if (ld->poll)
2877                 ret = (ld->poll)(tty, filp, wait);
2878         tty_ldisc_deref(ld);
2879         return ret;
2880 }
2881
2882 static int tty_fasync(int fd, struct file *filp, int on)
2883 {
2884         struct tty_struct *tty;
2885         unsigned long flags;
2886         int retval;
2887
2888         tty = (struct tty_struct *)filp->private_data;
2889         if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_fasync"))
2890                 return 0;
2891
2892         retval = fasync_helper(fd, filp, on, &tty->fasync);
2893         if (retval <= 0)
2894                 return retval;
2895
2896         if (on) {
2897                 enum pid_type type;
2898                 struct pid *pid;
2899                 if (!waitqueue_active(&tty->read_wait))
2900                         tty->minimum_to_wake = 1;
2901                 spin_lock_irqsave(&tty->ctrl_lock, flags);
2902                 if (tty->pgrp) {
2903                         pid = tty->pgrp;
2904                         type = PIDTYPE_PGID;
2905                 } else {
2906                         pid = task_pid(current);
2907                         type = PIDTYPE_PID;
2908                 }
2909                 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2910                 retval = __f_setown(filp, pid, type, 0);
2911                 if (retval)
2912                         return retval;
2913         } else {
2914                 if (!tty->fasync && !waitqueue_active(&tty->read_wait))
2915                         tty->minimum_to_wake = N_TTY_BUF_SIZE;
2916         }
2917         return 0;
2918 }
2919
2920 /**
2921  *      tiocsti                 -       fake input character
2922  *      @tty: tty to fake input into
2923  *      @p: pointer to character
2924  *
2925  *      Fake input to a tty device. Does the necessary locking and
2926  *      input management.
2927  *
2928  *      FIXME: does not honour flow control ??
2929  *
2930  *      Locking:
2931  *              Called functions take tty_ldisc_lock
2932  *              current->signal->tty check is safe without locks
2933  *
2934  *      FIXME: may race normal receive processing
2935  */
2936
2937 static int tiocsti(struct tty_struct *tty, char __user *p)
2938 {
2939         char ch, mbz = 0;
2940         struct tty_ldisc *ld;
2941
2942         if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2943                 return -EPERM;
2944         if (get_user(ch, p))
2945                 return -EFAULT;
2946         ld = tty_ldisc_ref_wait(tty);
2947         ld->receive_buf(tty, &ch, &mbz, 1);
2948         tty_ldisc_deref(ld);
2949         return 0;
2950 }
2951
2952 /**
2953  *      tiocgwinsz              -       implement window query ioctl
2954  *      @tty; tty
2955  *      @arg: user buffer for result
2956  *
2957  *      Copies the kernel idea of the window size into the user buffer.
2958  *
2959  *      Locking: tty->termios_mutex is taken to ensure the winsize data
2960  *              is consistent.
2961  */
2962
2963 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2964 {
2965         int err;
2966
2967         mutex_lock(&tty->termios_mutex);
2968         err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2969         mutex_unlock(&tty->termios_mutex);
2970
2971         return err ? -EFAULT: 0;
2972 }
2973
2974 /**
2975  *      tiocswinsz              -       implement window size set ioctl
2976  *      @tty; tty
2977  *      @arg: user buffer for result
2978  *
2979  *      Copies the user idea of the window size to the kernel. Traditionally
2980  *      this is just advisory information but for the Linux console it
2981  *      actually has driver level meaning and triggers a VC resize.
2982  *
2983  *      Locking:
2984  *              Called function use the console_sem is used to ensure we do
2985  *      not try and resize the console twice at once.
2986  *              The tty->termios_mutex is used to ensure we don't double
2987  *      resize and get confused. Lock order - tty->termios_mutex before
2988  *      console sem
2989  */
2990
2991 static int tiocswinsz(struct tty_struct *tty, struct tty_struct *real_tty,
2992         struct winsize __user *arg)
2993 {
2994         struct winsize tmp_ws;
2995         struct pid *pgrp, *rpgrp;
2996         unsigned long flags;
2997
2998         if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2999                 return -EFAULT;
3000
3001         mutex_lock(&tty->termios_mutex);
3002         if (!memcmp(&tmp_ws, &tty->winsize, sizeof(*arg)))
3003                 goto done;
3004
3005 #ifdef CONFIG_VT
3006         if (tty->driver->type == TTY_DRIVER_TYPE_CONSOLE) {
3007                 if (vc_lock_resize(tty->driver_data, tmp_ws.ws_col,
3008                                         tmp_ws.ws_row)) {
3009                         mutex_unlock(&tty->termios_mutex);
3010                         return -ENXIO;
3011                 }
3012         }
3013 #endif
3014         /* Get the PID values and reference them so we can
3015            avoid holding the tty ctrl lock while sending signals */
3016         spin_lock_irqsave(&tty->ctrl_lock, flags);
3017         pgrp = get_pid(tty->pgrp);
3018         rpgrp = get_pid(real_tty->pgrp);
3019         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
3020
3021         if (pgrp)
3022                 kill_pgrp(pgrp, SIGWINCH, 1);
3023         if (rpgrp != pgrp && rpgrp)
3024                 kill_pgrp(rpgrp, SIGWINCH, 1);
3025
3026         put_pid(pgrp);
3027         put_pid(rpgrp);
3028
3029         tty->winsize = tmp_ws;
3030         real_tty->winsize = tmp_ws;
3031 done:
3032         mutex_unlock(&tty->termios_mutex);
3033         return 0;
3034 }
3035
3036 /**
3037  *      tioccons        -       allow admin to move logical console
3038  *      @file: the file to become console
3039  *
3040  *      Allow the adminstrator to move the redirected console device
3041  *
3042  *      Locking: uses redirect_lock to guard the redirect information
3043  */
3044
3045 static int tioccons(struct file *file)
3046 {
3047         if (!capable(CAP_SYS_ADMIN))
3048                 return -EPERM;
3049         if (file->f_op->write == redirected_tty_write) {
3050                 struct file *f;
3051                 spin_lock(&redirect_lock);
3052                 f = redirect;
3053                 redirect = NULL;
3054                 spin_unlock(&redirect_lock);
3055                 if (f)
3056                         fput(f);
3057                 return 0;
3058         }
3059         spin_lock(&redirect_lock);
3060         if (redirect) {
3061                 spin_unlock(&redirect_lock);
3062                 return -EBUSY;
3063         }
3064         get_file(file);
3065         redirect = file;
3066         spin_unlock(&redirect_lock);
3067         return 0;
3068 }
3069
3070 /**
3071  *      fionbio         -       non blocking ioctl
3072  *      @file: file to set blocking value
3073  *      @p: user parameter
3074  *
3075  *      Historical tty interfaces had a blocking control ioctl before
3076  *      the generic functionality existed. This piece of history is preserved
3077  *      in the expected tty API of posix OS's.
3078  *
3079  *      Locking: none, the open fle handle ensures it won't go away.
3080  */
3081
3082 static int fionbio(struct file *file, int __user *p)
3083 {
3084         int nonblock;
3085
3086         if (get_user(nonblock, p))
3087                 return -EFAULT;
3088
3089         /* file->f_flags is still BKL protected in the fs layer - vomit */
3090         lock_kernel();
3091         if (nonblock)
3092                 file->f_flags |= O_NONBLOCK;
3093         else
3094                 file->f_flags &= ~O_NONBLOCK;
3095         unlock_kernel();
3096         return 0;
3097 }
3098
3099 /**
3100  *      tiocsctty       -       set controlling tty
3101  *      @tty: tty structure
3102  *      @arg: user argument
3103  *
3104  *      This ioctl is used to manage job control. It permits a session
3105  *      leader to set this tty as the controlling tty for the session.
3106  *
3107  *      Locking:
3108  *              Takes tty_mutex() to protect tty instance
3109  *              Takes tasklist_lock internally to walk sessions
3110  *              Takes ->siglock() when updating signal->tty
3111  */
3112
3113 static int tiocsctty(struct tty_struct *tty, int arg)
3114 {
3115         int ret = 0;
3116         if (current->signal->leader && (task_session(current) == tty->session))
3117                 return ret;
3118
3119         mutex_lock(&tty_mutex);
3120         /*
3121          * The process must be a session leader and
3122          * not have a controlling tty already.
3123          */
3124         if (!current->signal->leader || current->signal->tty) {
3125                 ret = -EPERM;
3126                 goto unlock;
3127         }
3128
3129         if (tty->session) {
3130                 /*
3131                  * This tty is already the controlling
3132                  * tty for another session group!
3133                  */
3134                 if (arg == 1 && capable(CAP_SYS_ADMIN)) {
3135                         /*
3136                          * Steal it away
3137                          */
3138                         read_lock(&tasklist_lock);
3139                         session_clear_tty(tty->session);
3140                         read_unlock(&tasklist_lock);
3141                 } else {
3142                         ret = -EPERM;
3143                         goto unlock;
3144                 }
3145         }
3146         proc_set_tty(current, tty);
3147 unlock:
3148         mutex_unlock(&tty_mutex);
3149         return ret;
3150 }
3151
3152 /**
3153  *      tty_get_pgrp    -       return a ref counted pgrp pid
3154  *      @tty: tty to read
3155  *
3156  *      Returns a refcounted instance of the pid struct for the process
3157  *      group controlling the tty.
3158  */
3159
3160 struct pid *tty_get_pgrp(struct tty_struct *tty)
3161 {
3162         unsigned long flags;
3163         struct pid *pgrp;
3164
3165         spin_lock_irqsave(&tty->ctrl_lock, flags);
3166         pgrp = get_pid(tty->pgrp);
3167         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
3168
3169         return pgrp;
3170 }
3171 EXPORT_SYMBOL_GPL(tty_get_pgrp);
3172
3173 /**
3174  *      tiocgpgrp               -       get process group
3175  *      @tty: tty passed by user
3176  *      @real_tty: tty side of the tty pased by the user if a pty else the tty
3177  *      @p: returned pid
3178  *
3179  *      Obtain the process group of the tty. If there is no process group
3180  *      return an error.
3181  *
3182  *      Locking: none. Reference to current->signal->tty is safe.
3183  */
3184
3185 static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3186 {
3187         struct pid *pid;
3188         int ret;
3189         /*
3190          * (tty == real_tty) is a cheap way of
3191          * testing if the tty is NOT a master pty.
3192          */
3193         if (tty == real_tty && current->signal->tty != real_tty)
3194                 return -ENOTTY;
3195         pid = tty_get_pgrp(real_tty);
3196         ret =  put_user(pid_vnr(pid), p);
3197         put_pid(pid);
3198         return ret;
3199 }
3200
3201 /**
3202  *      tiocspgrp               -       attempt to set process group
3203  *      @tty: tty passed by user
3204  *      @real_tty: tty side device matching tty passed by user
3205  *      @p: pid pointer
3206  *
3207  *      Set the process group of the tty to the session passed. Only
3208  *      permitted where the tty session is our session.
3209  *
3210  *      Locking: RCU, ctrl lock
3211  */
3212
3213 static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3214 {
3215         struct pid *pgrp;
3216         pid_t pgrp_nr;
3217         int retval = tty_check_change(real_tty);
3218         unsigned long flags;
3219
3220         if (retval == -EIO)
3221                 return -ENOTTY;
3222         if (retval)
3223                 return retval;
3224         if (!current->signal->tty ||
3225             (current->signal->tty != real_tty) ||
3226             (real_tty->session != task_session(current)))
3227                 return -ENOTTY;
3228         if (get_user(pgrp_nr, p))
3229                 return -EFAULT;
3230         if (pgrp_nr < 0)
3231                 return -EINVAL;
3232         rcu_read_lock();
3233         pgrp = find_vpid(pgrp_nr);
3234         retval = -ESRCH;
3235         if (!pgrp)
3236                 goto out_unlock;
3237         retval = -EPERM;
3238         if (session_of_pgrp(pgrp) != task_session(current))
3239                 goto out_unlock;
3240         retval = 0;
3241         spin_lock_irqsave(&tty->ctrl_lock, flags);
3242         put_pid(real_tty->pgrp);
3243         real_tty->pgrp = get_pid(pgrp);
3244         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
3245 out_unlock:
3246         rcu_read_unlock();
3247         return retval;
3248 }
3249
3250 /**
3251  *      tiocgsid                -       get session id
3252  *      @tty: tty passed by user
3253  *      @real_tty: tty side of the tty pased by the user if a pty else the tty
3254  *      @p: pointer to returned session id
3255  *
3256  *      Obtain the session id of the tty. If there is no session
3257  *      return an error.
3258  *
3259  *      Locking: none. Reference to current->signal->tty is safe.
3260  */
3261
3262 static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3263 {
3264         /*
3265          * (tty == real_tty) is a cheap way of
3266          * testing if the tty is NOT a master pty.
3267         */
3268         if (tty == real_tty && current->signal->tty != real_tty)
3269                 return -ENOTTY;
3270         if (!real_tty->session)
3271                 return -ENOTTY;
3272         return put_user(pid_vnr(real_tty->session), p);
3273 }
3274
3275 /**
3276  *      tiocsetd        -       set line discipline
3277  *      @tty: tty device
3278  *      @p: pointer to user data
3279  *
3280  *      Set the line discipline according to user request.
3281  *
3282  *      Locking: see tty_set_ldisc, this function is just a helper
3283  */
3284
3285 static int tiocsetd(struct tty_struct *tty, int __user *p)
3286 {
3287         int ldisc;
3288         int ret;
3289
3290         if (get_user(ldisc, p))
3291                 return -EFAULT;
3292
3293         lock_kernel();
3294         ret = tty_set_ldisc(tty, ldisc);
3295         unlock_kernel();
3296
3297         return ret;
3298 }
3299
3300 /**
3301  *      send_break      -       performed time break
3302  *      @tty: device to break on
3303  *      @duration: timeout in mS
3304  *
3305  *      Perform a timed break on hardware that lacks its own driver level
3306  *      timed break functionality.
3307  *
3308  *      Locking:
3309  *              atomic_write_lock serializes
3310  *
3311  */
3312
3313 static int send_break(struct tty_struct *tty, unsigned int duration)
3314 {
3315         if (tty_write_lock(tty, 0) < 0)
3316                 return -EINTR;
3317         tty->ops->break_ctl(tty, -1);
3318         if (!signal_pending(current))
3319                 msleep_interruptible(duration);
3320         tty->ops->break_ctl(tty, 0);
3321         tty_write_unlock(tty);
3322         if (!signal_pending(current))
3323                 return -EINTR;
3324         return 0;
3325 }
3326
3327 /**
3328  *      tty_tiocmget            -       get modem status
3329  *      @tty: tty device
3330  *      @file: user file pointer
3331  *      @p: pointer to result
3332  *
3333  *      Obtain the modem status bits from the tty driver if the feature
3334  *      is supported. Return -EINVAL if it is not available.
3335  *
3336  *      Locking: none (up to the driver)
3337  */
3338
3339 static int tty_tiocmget(struct tty_struct *tty, struct file *file, int __user *p)
3340 {
3341         int retval = -EINVAL;
3342
3343         if (tty->ops->tiocmget) {
3344                 retval = tty->ops->tiocmget(tty, file);
3345
3346                 if (retval >= 0)
3347                         retval = put_user(retval, p);
3348         }
3349         return retval;
3350 }
3351
3352 /**
3353  *      tty_tiocmset            -       set modem status
3354  *      @tty: tty device
3355  *      @file: user file pointer
3356  *      @cmd: command - clear bits, set bits or set all
3357  *      @p: pointer to desired bits
3358  *
3359  *      Set the modem status bits from the tty driver if the feature
3360  *      is supported. Return -EINVAL if it is not available.
3361  *
3362  *      Locking: none (up to the driver)
3363  */
3364
3365 static int tty_tiocmset(struct tty_struct *tty, struct file *file, unsigned int cmd,
3366              unsigned __user *p)
3367 {
3368         int retval = -EINVAL;
3369
3370         if (tty->ops->tiocmset) {
3371                 unsigned int set, clear, val;
3372
3373                 retval = get_user(val, p);
3374                 if (retval)
3375                         return retval;
3376
3377                 set = clear = 0;
3378                 switch (cmd) {
3379                 case TIOCMBIS:
3380                         set = val;
3381                         break;
3382                 case TIOCMBIC:
3383                         clear = val;
3384                         break;
3385                 case TIOCMSET:
3386                         set = val;
3387                         clear = ~val;
3388                         break;
3389                 }
3390
3391                 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
3392                 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
3393
3394                 retval = tty->ops->tiocmset(tty, file, set, clear);
3395         }
3396         return retval;
3397 }
3398
3399 /*
3400  * Split this up, as gcc can choke on it otherwise..
3401  */
3402 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
3403 {
3404         struct tty_struct *tty, *real_tty;
3405         void __user *p = (void __user *)arg;
3406         int retval;
3407         struct tty_ldisc *ld;
3408         struct inode *inode = file->f_dentry->d_inode;
3409
3410         tty = (struct tty_struct *)file->private_data;
3411         if (tty_paranoia_check(tty, inode, "tty_ioctl"))
3412                 return -EINVAL;
3413
3414         real_tty = tty;
3415         if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
3416             tty->driver->subtype == PTY_TYPE_MASTER)
3417                 real_tty = tty->link;
3418
3419         /*
3420          * Break handling by driver
3421          */
3422
3423         retval = -EINVAL;
3424
3425         if (!tty->ops->break_ctl) {
3426                 switch (cmd) {
3427                 case TIOCSBRK:
3428                 case TIOCCBRK:
3429                         if (tty->ops->ioctl)
3430                                 retval = tty->ops->ioctl(tty, file, cmd, arg);
3431                         if (retval != -EINVAL && retval != -ENOIOCTLCMD)
3432                                 printk(KERN_WARNING "tty: driver %s needs updating to use break_ctl\n", tty->driver->name);
3433                         return retval;
3434
3435                 /* These two ioctl's always return success; even if */
3436                 /* the driver doesn't support them. */
3437                 case TCSBRK:
3438                 case TCSBRKP:
3439                         if (!tty->ops->ioctl)
3440                                 return 0;
3441                         retval = tty->ops->ioctl(tty, file, cmd, arg);
3442                         if (retval != -EINVAL && retval != -ENOIOCTLCMD)
3443                                 printk(KERN_WARNING "tty: driver %s needs updating to use break_ctl\n", tty->driver->name);
3444                         if (retval == -ENOIOCTLCMD)
3445                                 retval = 0;
3446                         return retval;
3447                 }
3448         }
3449
3450         /*
3451          * Factor out some common prep work
3452          */
3453         switch (cmd) {
3454         case TIOCSETD:
3455         case TIOCSBRK:
3456         case TIOCCBRK:
3457         case TCSBRK:
3458         case TCSBRKP:
3459                 retval = tty_check_change(tty);
3460                 if (retval)
3461                         return retval;
3462                 if (cmd != TIOCCBRK) {
3463                         tty_wait_until_sent(tty, 0);
3464                         if (signal_pending(current))
3465                                 return -EINTR;
3466                 }
3467                 break;
3468         }
3469
3470         switch (cmd) {
3471         case TIOCSTI:
3472                 return tiocsti(tty, p);
3473         case TIOCGWINSZ:
3474                 return tiocgwinsz(tty, p);
3475         case TIOCSWINSZ:
3476                 return tiocswinsz(tty, real_tty, p);
3477         case TIOCCONS:
3478                 return real_tty != tty ? -EINVAL : tioccons(file);
3479         case FIONBIO:
3480                 return fionbio(file, p);
3481         case TIOCEXCL:
3482                 set_bit(TTY_EXCLUSIVE, &tty->flags);
3483                 return 0;
3484         case TIOCNXCL:
3485                 clear_bit(TTY_EXCLUSIVE, &tty->flags);
3486                 return 0;
3487         case TIOCNOTTY:
3488                 if (current->signal->tty != tty)
3489                         return -ENOTTY;
3490                 no_tty();
3491                 return 0;
3492         case TIOCSCTTY:
3493                 return tiocsctty(tty, arg);
3494         case TIOCGPGRP:
3495                 return tiocgpgrp(tty, real_tty, p);
3496         case TIOCSPGRP:
3497                 return tiocspgrp(tty, real_tty, p);
3498         case TIOCGSID:
3499                 return tiocgsid(tty, real_tty, p);
3500         case TIOCGETD:
3501                 return put_user(tty->ldisc.num, (int __user *)p);
3502         case TIOCSETD:
3503                 return tiocsetd(tty, p);
3504 #ifdef CONFIG_VT
3505         case TIOCLINUX:
3506                 return tioclinux(tty, arg);
3507 #endif
3508         /*
3509          * Break handling
3510          */
3511         case TIOCSBRK:  /* Turn break on, unconditionally */
3512                 if (tty->ops->break_ctl)
3513                         tty->ops->break_ctl(tty, -1);
3514                 return 0;
3515
3516         case TIOCCBRK:  /* Turn break off, unconditionally */
3517                 if (tty->ops->break_ctl)
3518                         tty->ops->break_ctl(tty, 0);
3519                 return 0;
3520         case TCSBRK:   /* SVID version: non-zero arg --> no break */
3521                 /* non-zero arg means wait for all output data
3522                  * to be sent (performed above) but don't send break.
3523                  * This is used by the tcdrain() termios function.
3524                  */
3525                 if (!arg)
3526                         return send_break(tty, 250);
3527                 return 0;
3528         case TCSBRKP:   /* support for POSIX tcsendbreak() */
3529                 return send_break(tty, arg ? arg*100 : 250);
3530
3531         case TIOCMGET:
3532                 return tty_tiocmget(tty, file, p);
3533         case TIOCMSET:
3534         case TIOCMBIC:
3535         case TIOCMBIS:
3536                 return tty_tiocmset(tty, file, cmd, p);
3537         case TCFLSH:
3538                 switch (arg) {
3539                 case TCIFLUSH:
3540                 case TCIOFLUSH:
3541                 /* flush tty buffer and allow ldisc to process ioctl */
3542                         tty_buffer_flush(tty);
3543                         break;
3544                 }
3545                 break;
3546         }
3547         if (tty->ops->ioctl) {
3548                 retval = (tty->ops->ioctl)(tty, file, cmd, arg);
3549                 if (retval != -ENOIOCTLCMD)
3550                         return retval;
3551         }
3552         ld = tty_ldisc_ref_wait(tty);
3553         retval = -EINVAL;
3554         if (ld->ioctl) {
3555                 retval = ld->ioctl(tty, file, cmd, arg);
3556                 if (retval == -ENOIOCTLCMD)
3557                         retval = -EINVAL;
3558         }
3559         tty_ldisc_deref(ld);
3560         return retval;
3561 }
3562
3563 #ifdef CONFIG_COMPAT
3564 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
3565                                 unsigned long arg)
3566 {
3567         struct inode *inode = file->f_dentry->d_inode;
3568         struct tty_struct *tty = file->private_data;
3569         struct tty_ldisc *ld;
3570         int retval = -ENOIOCTLCMD;
3571
3572         if (tty_paranoia_check(tty, inode, "tty_ioctl"))
3573                 return -EINVAL;
3574
3575         if (tty->ops->compat_ioctl) {
3576                 retval = (tty->ops->compat_ioctl)(tty, file, cmd, arg);
3577                 if (retval != -ENOIOCTLCMD)
3578                         return retval;
3579         }
3580
3581         ld = tty_ldisc_ref_wait(tty);
3582         if (ld->compat_ioctl)
3583                 retval = ld->compat_ioctl(tty, file, cmd, arg);
3584         tty_ldisc_deref(ld);
3585
3586         return retval;
3587 }
3588 #endif
3589
3590 /*
3591  * This implements the "Secure Attention Key" ---  the idea is to
3592  * prevent trojan horses by killing all processes associated with this
3593  * tty when the user hits the "Secure Attention Key".  Required for
3594  * super-paranoid applications --- see the Orange Book for more details.
3595  *
3596  * This code could be nicer; ideally it should send a HUP, wait a few
3597  * seconds, then send a INT, and then a KILL signal.  But you then
3598  * have to coordinate with the init process, since all processes associated
3599  * with the current tty must be dead before the new getty is allowed
3600  * to spawn.
3601  *
3602  * Now, if it would be correct ;-/ The current code has a nasty hole -
3603  * it doesn't catch files in flight. We may send the descriptor to ourselves
3604  * via AF_UNIX socket, close it and later fetch from socket. FIXME.
3605  *
3606  * Nasty bug: do_SAK is being called in interrupt context.  This can
3607  * deadlock.  We punt it up to process context.  AKPM - 16Mar2001
3608  */
3609 void __do_SAK(struct tty_struct *tty)
3610 {
3611 #ifdef TTY_SOFT_SAK
3612         tty_hangup(tty);
3613 #else
3614         struct task_struct *g, *p;
3615         struct pid *session;
3616         int             i;
3617         struct file     *filp;
3618         struct fdtable *fdt;
3619
3620         if (!tty)
3621                 return;
3622         session = tty->session;
3623
3624         tty_ldisc_flush(tty);
3625
3626         tty_driver_flush_buffer(tty);
3627
3628         read_lock(&tasklist_lock);
3629         /* Kill the entire session */
3630         do_each_pid_task(session, PIDTYPE_SID, p) {
3631                 printk(KERN_NOTICE "SAK: killed process %d"
3632                         " (%s): task_session_nr(p)==tty->session\n",
3633                         task_pid_nr(p), p->comm);
3634                 send_sig(SIGKILL, p, 1);
3635         } while_each_pid_task(session, PIDTYPE_SID, p);
3636         /* Now kill any processes that happen to have the
3637          * tty open.
3638          */
3639         do_each_thread(g, p) {
3640                 if (p->signal->tty == tty) {
3641                         printk(KERN_NOTICE "SAK: killed process %d"
3642                             " (%s): task_session_nr(p)==tty->session\n",
3643                             task_pid_nr(p), p->comm);
3644                         send_sig(SIGKILL, p, 1);
3645                         continue;
3646                 }
3647                 task_lock(p);
3648                 if (p->files) {
3649                         /*
3650                          * We don't take a ref to the file, so we must
3651                          * hold ->file_lock instead.
3652                          */
3653                         spin_lock(&p->files->file_lock);
3654                         fdt = files_fdtable(p->files);
3655                         for (i = 0; i < fdt->max_fds; i++) {
3656                                 filp = fcheck_files(p->files, i);
3657                                 if (!filp)
3658                                         continue;
3659                                 if (filp->f_op->read == tty_read &&
3660                                     filp->private_data == tty) {
3661                                         printk(KERN_NOTICE "SAK: killed process %d"
3662                                             " (%s): fd#%d opened to the tty\n",
3663                                             task_pid_nr(p), p->comm, i);
3664                                         force_sig(SIGKILL, p);
3665                                         break;
3666                                 }
3667                         }
3668                         spin_unlock(&p->files->file_lock);
3669                 }
3670                 task_unlock(p);
3671         } while_each_thread(g, p);
3672         read_unlock(&tasklist_lock);
3673 #endif
3674 }
3675
3676 static void do_SAK_work(struct work_struct *work)
3677 {
3678         struct tty_struct *tty =
3679                 container_of(work, struct tty_struct, SAK_work);
3680         __do_SAK(tty);
3681 }
3682
3683 /*
3684  * The tq handling here is a little racy - tty->SAK_work may already be queued.
3685  * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3686  * the values which we write to it will be identical to the values which it
3687  * already has. --akpm
3688  */
3689 void do_SAK(struct tty_struct *tty)
3690 {
3691         if (!tty)
3692                 return;
3693         schedule_work(&tty->SAK_work);
3694 }
3695
3696 EXPORT_SYMBOL(do_SAK);
3697
3698 /**
3699  *      flush_to_ldisc
3700  *      @work: tty structure passed from work queue.
3701  *
3702  *      This routine is called out of the software interrupt to flush data
3703  *      from the buffer chain to the line discipline.
3704  *
3705  *      Locking: holds tty->buf.lock to guard buffer list. Drops the lock
3706  *      while invoking the line discipline receive_buf method. The
3707  *      receive_buf method is single threaded for each tty instance.
3708  */
3709
3710 static void flush_to_ldisc(struct work_struct *work)
3711 {
3712         struct tty_struct *tty =
3713                 container_of(work, struct tty_struct, buf.work.work);
3714         unsigned long   flags;
3715         struct tty_ldisc *disc;
3716         struct tty_buffer *tbuf, *head;
3717         char *char_buf;
3718         unsigned char *flag_buf;
3719
3720         disc = tty_ldisc_ref(tty);
3721         if (disc == NULL)       /*  !TTY_LDISC */
3722                 return;
3723
3724         spin_lock_irqsave(&tty->buf.lock, flags);
3725         /* So we know a flush is running */
3726         set_bit(TTY_FLUSHING, &tty->flags);
3727         head = tty->buf.head;
3728         if (head != NULL) {
3729                 tty->buf.head = NULL;
3730                 for (;;) {
3731                         int count = head->commit - head->read;
3732                         if (!count) {
3733                                 if (head->next == NULL)
3734                                         break;
3735                                 tbuf = head;
3736                                 head = head->next;
3737                                 tty_buffer_free(tty, tbuf);
3738                                 continue;
3739                         }
3740                         /* Ldisc or user is trying to flush the buffers
3741                            we are feeding to the ldisc, stop feeding the
3742                            line discipline as we want to empty the queue */
3743                         if (test_bit(TTY_FLUSHPENDING, &tty->flags))
3744                                 break;
3745                         if (!tty->receive_room) {
3746                                 schedule_delayed_work(&tty->buf.work, 1);
3747                                 break;
3748                         }
3749                         if (count > tty->receive_room)
3750                                 count = tty->receive_room;
3751                         char_buf = head->char_buf_ptr + head->read;
3752                         flag_buf = head->flag_buf_ptr + head->read;
3753                         head->read += count;
3754                         spin_unlock_irqrestore(&tty->buf.lock, flags);
3755                         disc->receive_buf(tty, char_buf, flag_buf, count);
3756                         spin_lock_irqsave(&tty->buf.lock, flags);
3757                 }
3758                 /* Restore the queue head */
3759                 tty->buf.head = head;
3760         }
3761         /* We may have a deferred request to flush the input buffer,
3762            if so pull the chain under the lock and empty the queue */
3763         if (test_bit(TTY_FLUSHPENDING, &tty->flags)) {
3764                 __tty_buffer_flush(tty);
3765                 clear_bit(TTY_FLUSHPENDING, &tty->flags);
3766                 wake_up(&tty->read_wait);
3767         }
3768         clear_bit(TTY_FLUSHING, &tty->flags);
3769         spin_unlock_irqrestore(&tty->buf.lock, flags);
3770
3771         tty_ldisc_deref(disc);
3772 }
3773
3774 /**
3775  *      tty_flip_buffer_push    -       terminal
3776  *      @tty: tty to push
3777  *
3778  *      Queue a push of the terminal flip buffers to the line discipline. This
3779  *      function must not be called from IRQ context if tty->low_latency is set.
3780  *
3781  *      In the event of the queue being busy for flipping the work will be
3782  *      held off and retried later.
3783  *
3784  *      Locking: tty buffer lock. Driver locks in low latency mode.
3785  */
3786
3787 void tty_flip_buffer_push(struct tty_struct *tty)
3788 {
3789         unsigned long flags;
3790         spin_lock_irqsave(&tty->buf.lock, flags);
3791         if (tty->buf.tail != NULL)
3792                 tty->buf.tail->commit = tty->buf.tail->used;
3793         spin_unlock_irqrestore(&tty->buf.lock, flags);
3794
3795         if (tty->low_latency)
3796                 flush_to_ldisc(&tty->buf.work.work);
3797         else
3798                 schedule_delayed_work(&tty->buf.work, 1);
3799 }
3800
3801 EXPORT_SYMBOL(tty_flip_buffer_push);
3802
3803
3804 /**
3805  *      initialize_tty_struct
3806  *      @tty: tty to initialize
3807  *
3808  *      This subroutine initializes a tty structure that has been newly
3809  *      allocated.
3810  *
3811  *      Locking: none - tty in question must not be exposed at this point
3812  */
3813
3814 static void initialize_tty_struct(struct tty_struct *tty)
3815 {
3816         memset(tty, 0, sizeof(struct tty_struct));
3817         tty->magic = TTY_MAGIC;
3818         tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
3819         tty->session = NULL;
3820         tty->pgrp = NULL;
3821         tty->overrun_time = jiffies;
3822         tty->buf.head = tty->buf.tail = NULL;
3823         tty_buffer_init(tty);
3824         INIT_DELAYED_WORK(&tty->buf.work, flush_to_ldisc);
3825         mutex_init(&tty->termios_mutex);
3826         init_waitqueue_head(&tty->write_wait);
3827         init_waitqueue_head(&tty->read_wait);
3828         INIT_WORK(&tty->hangup_work, do_tty_hangup);
3829         mutex_init(&tty->atomic_read_lock);
3830         mutex_init(&tty->atomic_write_lock);
3831         spin_lock_init(&tty->read_lock);
3832         spin_lock_init(&tty->ctrl_lock);
3833         INIT_LIST_HEAD(&tty->tty_files);
3834         INIT_WORK(&tty->SAK_work, do_SAK_work);
3835 }
3836
3837 /**
3838  *      tty_put_char    -       write one character to a tty
3839  *      @tty: tty
3840  *      @ch: character
3841  *
3842  *      Write one byte to the tty using the provided put_char method
3843  *      if present. Returns the number of characters successfully output.
3844  *
3845  *      Note: the specific put_char operation in the driver layer may go
3846  *      away soon. Don't call it directly, use this method
3847  */
3848
3849 int tty_put_char(struct tty_struct *tty, unsigned char ch)
3850 {
3851         if (tty->ops->put_char)
3852                 return tty->ops->put_char(tty, ch);
3853         return tty->ops->write(tty, &ch, 1);
3854 }
3855
3856 EXPORT_SYMBOL_GPL(tty_put_char);
3857
3858 static struct class *tty_class;
3859
3860 /**
3861  *      tty_register_device - register a tty device
3862  *      @driver: the tty driver that describes the tty device
3863  *      @index: the index in the tty driver for this tty device
3864  *      @device: a struct device that is associated with this tty device.
3865  *              This field is optional, if there is no known struct device
3866  *              for this tty device it can be set to NULL safely.
3867  *
3868  *      Returns a pointer to the struct device for this tty device
3869  *      (or ERR_PTR(-EFOO) on error).
3870  *
3871  *      This call is required to be made to register an individual tty device
3872  *      if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set.  If
3873  *      that bit is not set, this function should not be called by a tty
3874  *      driver.
3875  *
3876  *      Locking: ??
3877  */
3878
3879 struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3880                                    struct device *device)
3881 {
3882         char name[64];
3883         dev_t dev = MKDEV(driver->major, driver->minor_start) + index;
3884
3885         if (index >= driver->num) {
3886                 printk(KERN_ERR "Attempt to register invalid tty line number "
3887                        " (%d).\n", index);
3888                 return ERR_PTR(-EINVAL);
3889         }
3890
3891         if (driver->type == TTY_DRIVER_TYPE_PTY)
3892                 pty_line_name(driver, index, name);
3893         else
3894                 tty_line_name(driver, index, name);
3895
3896         return device_create(tty_class, device, dev, name);
3897 }
3898
3899 /**
3900  *      tty_unregister_device - unregister a tty device
3901  *      @driver: the tty driver that describes the tty device
3902  *      @index: the index in the tty driver for this tty device
3903  *
3904  *      If a tty device is registered with a call to tty_register_device() then
3905  *      this function must be called when the tty device is gone.
3906  *
3907  *      Locking: ??
3908  */
3909
3910 void tty_unregister_device(struct tty_driver *driver, unsigned index)
3911 {
3912         device_destroy(tty_class,
3913                 MKDEV(driver->major, driver->minor_start) + index);
3914 }
3915
3916 EXPORT_SYMBOL(tty_register_device);
3917 EXPORT_SYMBOL(tty_unregister_device);
3918
3919 struct tty_driver *alloc_tty_driver(int lines)
3920 {
3921         struct tty_driver *driver;
3922
3923         driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL);
3924         if (driver) {
3925                 driver->magic = TTY_DRIVER_MAGIC;
3926                 driver->num = lines;
3927                 /* later we'll move allocation of tables here */
3928         }
3929         return driver;
3930 }
3931
3932 void put_tty_driver(struct tty_driver *driver)
3933 {
3934         kfree(driver);
3935 }
3936
3937 void tty_set_operations(struct tty_driver *driver,
3938                         const struct tty_operations *op)
3939 {
3940         driver->ops = op;
3941 };
3942
3943 EXPORT_SYMBOL(alloc_tty_driver);
3944 EXPORT_SYMBOL(put_tty_driver);
3945 EXPORT_SYMBOL(tty_set_operations);
3946
3947 /*
3948  * Called by a tty driver to register itself.
3949  */
3950 int tty_register_driver(struct tty_driver *driver)
3951 {
3952         int error;
3953         int i;
3954         dev_t dev;
3955         void **p = NULL;
3956
3957         if (driver->flags & TTY_DRIVER_INSTALLED)
3958                 return 0;
3959
3960         if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM) && driver->num) {
3961                 p = kzalloc(driver->num * 3 * sizeof(void *), GFP_KERNEL);
3962                 if (!p)
3963                         return -ENOMEM;
3964         }
3965
3966         if (!driver->major) {
3967                 error = alloc_chrdev_region(&dev, driver->minor_start,
3968                                                 driver->num, driver->name);
3969                 if (!error) {
3970                         driver->major = MAJOR(dev);
3971                         driver->minor_start = MINOR(dev);
3972                 }
3973         } else {
3974                 dev = MKDEV(driver->major, driver->minor_start);
3975                 error = register_chrdev_region(dev, driver->num, driver->name);
3976         }
3977         if (error < 0) {
3978                 kfree(p);
3979                 return error;
3980         }
3981
3982         if (p) {
3983                 driver->ttys = (struct tty_struct **)p;
3984                 driver->termios = (struct ktermios **)(p + driver->num);
3985                 driver->termios_locked = (struct ktermios **)
3986                                                         (p + driver->num * 2);
3987         } else {
3988                 driver->ttys = NULL;
3989                 driver->termios = NULL;
3990                 driver->termios_locked = NULL;
3991         }
3992
3993         cdev_init(&driver->cdev, &tty_fops);
3994         driver->cdev.owner = driver->owner;
3995         error = cdev_add(&driver->cdev, dev, driver->num);
3996         if (error) {
3997                 unregister_chrdev_region(dev, driver->num);
3998                 driver->ttys = NULL;
3999                 driver->termios = driver->termios_locked = NULL;
4000                 kfree(p);
4001                 return error;
4002         }
4003
4004         mutex_lock(&tty_mutex);
4005         list_add(&driver->tty_drivers, &tty_drivers);
4006         mutex_unlock(&tty_mutex);
4007
4008         if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
4009                 for (i = 0; i < driver->num; i++)
4010                     tty_register_device(driver, i, NULL);
4011         }
4012         proc_tty_register_driver(driver);
4013         return 0;
4014 }
4015
4016 EXPORT_SYMBOL(tty_register_driver);
4017
4018 /*
4019  * Called by a tty driver to unregister itself.
4020  */
4021 int tty_unregister_driver(struct tty_driver *driver)
4022 {
4023         int i;
4024         struct ktermios *tp;
4025         void *p;
4026
4027         if (driver->refcount)
4028                 return -EBUSY;
4029
4030         unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
4031                                 driver->num);
4032         mutex_lock(&tty_mutex);
4033         list_del(&driver->tty_drivers);
4034         mutex_unlock(&tty_mutex);
4035
4036         /*
4037          * Free the termios and termios_locked structures because
4038          * we don't want to get memory leaks when modular tty
4039          * drivers are removed from the kernel.
4040          */
4041         for (i = 0; i < driver->num; i++) {
4042                 tp = driver->termios[i];
4043                 if (tp) {
4044                         driver->termios[i] = NULL;
4045                         kfree(tp);
4046                 }
4047                 tp = driver->termios_locked[i];
4048                 if (tp) {
4049                         driver->termios_locked[i] = NULL;
4050                         kfree(tp);
4051                 }
4052                 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
4053                         tty_unregister_device(driver, i);
4054         }
4055         p = driver->ttys;
4056         proc_tty_unregister_driver(driver);
4057         driver->ttys = NULL;
4058         driver->termios = driver->termios_locked = NULL;
4059         kfree(p);
4060         cdev_del(&driver->cdev);
4061         return 0;
4062 }
4063 EXPORT_SYMBOL(tty_unregister_driver);
4064
4065 dev_t tty_devnum(struct tty_struct *tty)
4066 {
4067         return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
4068 }
4069 EXPORT_SYMBOL(tty_devnum);
4070
4071 void proc_clear_tty(struct task_struct *p)
4072 {
4073         spin_lock_irq(&p->sighand->siglock);
4074         p->signal->tty = NULL;
4075         spin_unlock_irq(&p->sighand->siglock);
4076 }
4077 EXPORT_SYMBOL(proc_clear_tty);
4078
4079 /* Called under the sighand lock */
4080
4081 static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
4082 {
4083         if (tty) {
4084                 unsigned long flags;
4085                 /* We should not have a session or pgrp to put here but.... */
4086                 spin_lock_irqsave(&tty->ctrl_lock, flags);
4087                 put_pid(tty->session);
4088                 put_pid(tty->pgrp);
4089                 tty->pgrp = get_pid(task_pgrp(tsk));
4090                 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
4091                 tty->session = get_pid(task_session(tsk));
4092         }
4093         put_pid(tsk->signal->tty_old_pgrp);
4094         tsk->signal->tty = tty;
4095         tsk->signal->tty_old_pgrp = NULL;
4096 }
4097
4098 static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
4099 {
4100         spin_lock_irq(&tsk->sighand->siglock);
4101         __proc_set_tty(tsk, tty);
4102         spin_unlock_irq(&tsk->sighand->siglock);
4103 }
4104
4105 struct tty_struct *get_current_tty(void)
4106 {
4107         struct tty_struct *tty;
4108         WARN_ON_ONCE(!mutex_is_locked(&tty_mutex));
4109         tty = current->signal->tty;
4110         /*
4111          * session->tty can be changed/cleared from under us, make sure we
4112          * issue the load. The obtained pointer, when not NULL, is valid as
4113          * long as we hold tty_mutex.
4114          */
4115         barrier();
4116         return tty;
4117 }
4118 EXPORT_SYMBOL_GPL(get_current_tty);
4119
4120 /*
4121  * Initialize the console device. This is called *early*, so
4122  * we can't necessarily depend on lots of kernel help here.
4123  * Just do some early initializations, and do the complex setup
4124  * later.
4125  */
4126 void __init console_init(void)
4127 {
4128         initcall_t *call;
4129
4130         /* Setup the default TTY line discipline. */
4131         (void) tty_register_ldisc(N_TTY, &tty_ldisc_N_TTY);
4132
4133         /*
4134          * set up the console device so that later boot sequences can
4135          * inform about problems etc..
4136          */
4137         call = __con_initcall_start;
4138         while (call < __con_initcall_end) {
4139                 (*call)();
4140                 call++;
4141         }
4142 }
4143
4144 static int __init tty_class_init(void)
4145 {
4146         tty_class = class_create(THIS_MODULE, "tty");
4147         if (IS_ERR(tty_class))
4148                 return PTR_ERR(tty_class);
4149         return 0;
4150 }
4151
4152 postcore_initcall(tty_class_init);
4153
4154 /* 3/2004 jmc: why do these devices exist? */
4155
4156 static struct cdev tty_cdev, console_cdev;
4157 #ifdef CONFIG_UNIX98_PTYS
4158 static struct cdev ptmx_cdev;
4159 #endif
4160 #ifdef CONFIG_VT
4161 static struct cdev vc0_cdev;
4162 #endif
4163
4164 /*
4165  * Ok, now we can initialize the rest of the tty devices and can count
4166  * on memory allocations, interrupts etc..
4167  */
4168 static int __init tty_init(void)
4169 {
4170         cdev_init(&tty_cdev, &tty_fops);
4171         if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
4172             register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
4173                 panic("Couldn't register /dev/tty driver\n");
4174         device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), "tty");
4175
4176         cdev_init(&console_cdev, &console_fops);
4177         if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
4178             register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
4179                 panic("Couldn't register /dev/console driver\n");
4180         device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), "console");
4181
4182 #ifdef CONFIG_UNIX98_PTYS
4183         cdev_init(&ptmx_cdev, &ptmx_fops);
4184         if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) ||
4185             register_chrdev_region(MKDEV(TTYAUX_MAJOR, 2), 1, "/dev/ptmx") < 0)
4186                 panic("Couldn't register /dev/ptmx driver\n");
4187         device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 2), "ptmx");
4188 #endif
4189
4190 #ifdef CONFIG_VT
4191         cdev_init(&vc0_cdev, &console_fops);
4192         if (cdev_add(&vc0_cdev, MKDEV(TTY_MAJOR, 0), 1) ||
4193             register_chrdev_region(MKDEV(TTY_MAJOR, 0), 1, "/dev/vc/0") < 0)
4194                 panic("Couldn't register /dev/tty0 driver\n");
4195         device_create(tty_class, NULL, MKDEV(TTY_MAJOR, 0), "tty0");
4196
4197         vty_init();
4198 #endif
4199         return 0;
4200 }
4201 module_init(tty_init);