2 * linux/drivers/char/tty_io.c
4 * Copyright (C) 1991, 1992 Linus Torvalds
8 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
9 * or rs-channels. It also implements echoing, cooked mode etc.
11 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
13 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
14 * tty_struct and tty_queue structures. Previously there was an array
15 * of 256 tty_struct's which was statically allocated, and the
16 * tty_queue structures were allocated at boot time. Both are now
17 * dynamically allocated only when the tty is open.
19 * Also restructured routines so that there is more of a separation
20 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
21 * the low-level tty routines (serial.c, pty.c, console.c). This
22 * makes for cleaner and more compact code. -TYT, 9/17/92
24 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
25 * which can be dynamically activated and de-activated by the line
26 * discipline handling modules (like SLIP).
28 * NOTE: pay no attention to the line discipline code (yet); its
29 * interface is still subject to change in this version...
32 * Added functionality to the OPOST tty handling. No delays, but all
33 * other bits should be there.
34 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
36 * Rewrote canonical mode and added more termios flags.
37 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
39 * Reorganized FASYNC support so mouse code can share it.
40 * -- ctm@ardi.com, 9Sep95
42 * New TIOCLINUX variants added.
43 * -- mj@k332.feld.cvut.cz, 19-Nov-95
45 * Restrict vt switching via ioctl()
46 * -- grif@cs.ucr.edu, 5-Dec-95
48 * Move console and virtual terminal code to more appropriate files,
49 * implement CONFIG_VT and generalize console device interface.
50 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
52 * Rewrote init_dev and release_dev to eliminate races.
53 * -- Bill Hawes <whawes@star.net>, June 97
55 * Added devfs support.
56 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
58 * Added support for a Unix98-style ptmx device.
59 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
61 * Reduced memory usage for older ARM systems
62 * -- Russell King <rmk@arm.linux.org.uk>
64 * Move do_SAK() into process context. Less stack use in devfs functions.
65 * alloc_tty_struct() always uses kmalloc()
66 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
69 #include <linux/types.h>
70 #include <linux/major.h>
71 #include <linux/errno.h>
72 #include <linux/signal.h>
73 #include <linux/fcntl.h>
74 #include <linux/sched.h>
75 #include <linux/interrupt.h>
76 #include <linux/tty.h>
77 #include <linux/tty_driver.h>
78 #include <linux/tty_flip.h>
79 #include <linux/devpts_fs.h>
80 #include <linux/file.h>
81 #include <linux/fdtable.h>
82 #include <linux/console.h>
83 #include <linux/timer.h>
84 #include <linux/ctype.h>
87 #include <linux/string.h>
88 #include <linux/slab.h>
89 #include <linux/poll.h>
90 #include <linux/proc_fs.h>
91 #include <linux/init.h>
92 #include <linux/module.h>
93 #include <linux/smp_lock.h>
94 #include <linux/device.h>
95 #include <linux/wait.h>
96 #include <linux/bitops.h>
97 #include <linux/delay.h>
98 #include <linux/seq_file.h>
100 #include <linux/uaccess.h>
101 #include <asm/system.h>
103 #include <linux/kbd_kern.h>
104 #include <linux/vt_kern.h>
105 #include <linux/selection.h>
107 #include <linux/kmod.h>
108 #include <linux/nsproxy.h>
110 #undef TTY_DEBUG_HANGUP
112 #define TTY_PARANOIA_CHECK 1
113 #define CHECK_TTY_COUNT 1
115 struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
116 .c_iflag = ICRNL | IXON,
117 .c_oflag = OPOST | ONLCR,
118 .c_cflag = B38400 | CS8 | CREAD | HUPCL,
119 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
120 ECHOCTL | ECHOKE | IEXTEN,
126 EXPORT_SYMBOL(tty_std_termios);
128 /* This list gets poked at by procfs and various bits of boot up code. This
129 could do with some rationalisation such as pulling the tty proc function
132 LIST_HEAD(tty_drivers); /* linked list of tty drivers */
134 /* Mutex to protect creating and releasing a tty. This is shared with
135 vt.c for deeply disgusting hack reasons */
136 DEFINE_MUTEX(tty_mutex);
137 EXPORT_SYMBOL(tty_mutex);
139 #ifdef CONFIG_UNIX98_PTYS
140 extern struct tty_driver *ptm_driver; /* Unix98 pty masters; for /dev/ptmx */
141 static int ptmx_open(struct inode *, struct file *);
144 static void initialize_tty_struct(struct tty_struct *tty);
146 static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
147 static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
148 ssize_t redirected_tty_write(struct file *, const char __user *,
150 static unsigned int tty_poll(struct file *, poll_table *);
151 static int tty_open(struct inode *, struct file *);
152 static int tty_release(struct inode *, struct file *);
153 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
155 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
158 #define tty_compat_ioctl NULL
160 static int tty_fasync(int fd, struct file *filp, int on);
161 static void release_tty(struct tty_struct *tty, int idx);
162 static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
163 static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
166 * alloc_tty_struct - allocate a tty object
168 * Return a new empty tty structure. The data fields have not
169 * been initialized in any way but has been zeroed
174 static struct tty_struct *alloc_tty_struct(void)
176 return kzalloc(sizeof(struct tty_struct), GFP_KERNEL);
179 static void tty_buffer_free_all(struct tty_struct *);
182 * free_tty_struct - free a disused tty
183 * @tty: tty struct to free
185 * Free the write buffers, tty queue and tty memory itself.
187 * Locking: none. Must be called after tty is definitely unused
190 static inline void free_tty_struct(struct tty_struct *tty)
192 kfree(tty->write_buf);
193 tty_buffer_free_all(tty);
197 #define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
200 * tty_name - return tty naming
201 * @tty: tty structure
202 * @buf: buffer for output
204 * Convert a tty structure into a name. The name reflects the kernel
205 * naming policy and if udev is in use may not reflect user space
210 char *tty_name(struct tty_struct *tty, char *buf)
212 if (!tty) /* Hmm. NULL pointer. That's fun. */
213 strcpy(buf, "NULL tty");
215 strcpy(buf, tty->name);
219 EXPORT_SYMBOL(tty_name);
221 int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
224 #ifdef TTY_PARANOIA_CHECK
227 "null TTY for (%d:%d) in %s\n",
228 imajor(inode), iminor(inode), routine);
231 if (tty->magic != TTY_MAGIC) {
233 "bad magic number for tty struct (%d:%d) in %s\n",
234 imajor(inode), iminor(inode), routine);
241 static int check_tty_count(struct tty_struct *tty, const char *routine)
243 #ifdef CHECK_TTY_COUNT
248 list_for_each(p, &tty->tty_files) {
252 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
253 tty->driver->subtype == PTY_TYPE_SLAVE &&
254 tty->link && tty->link->count)
256 if (tty->count != count) {
257 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
258 "!= #fd's(%d) in %s\n",
259 tty->name, tty->count, count, routine);
267 * Tty buffer allocation management
271 * tty_buffer_free_all - free buffers used by a tty
272 * @tty: tty to free from
274 * Remove all the buffers pending on a tty whether queued with data
275 * or in the free ring. Must be called when the tty is no longer in use
280 static void tty_buffer_free_all(struct tty_struct *tty)
282 struct tty_buffer *thead;
283 while ((thead = tty->buf.head) != NULL) {
284 tty->buf.head = thead->next;
287 while ((thead = tty->buf.free) != NULL) {
288 tty->buf.free = thead->next;
291 tty->buf.tail = NULL;
292 tty->buf.memory_used = 0;
296 * tty_buffer_init - prepare a tty buffer structure
297 * @tty: tty to initialise
299 * Set up the initial state of the buffer management for a tty device.
300 * Must be called before the other tty buffer functions are used.
305 static void tty_buffer_init(struct tty_struct *tty)
307 spin_lock_init(&tty->buf.lock);
308 tty->buf.head = NULL;
309 tty->buf.tail = NULL;
310 tty->buf.free = NULL;
311 tty->buf.memory_used = 0;
315 * tty_buffer_alloc - allocate a tty buffer
317 * @size: desired size (characters)
319 * Allocate a new tty buffer to hold the desired number of characters.
320 * Return NULL if out of memory or the allocation would exceed the
323 * Locking: Caller must hold tty->buf.lock
326 static struct tty_buffer *tty_buffer_alloc(struct tty_struct *tty, size_t size)
328 struct tty_buffer *p;
330 if (tty->buf.memory_used + size > 65536)
332 p = kmalloc(sizeof(struct tty_buffer) + 2 * size, GFP_ATOMIC);
340 p->char_buf_ptr = (char *)(p->data);
341 p->flag_buf_ptr = (unsigned char *)p->char_buf_ptr + size;
342 tty->buf.memory_used += size;
347 * tty_buffer_free - free a tty buffer
348 * @tty: tty owning the buffer
349 * @b: the buffer to free
351 * Free a tty buffer, or add it to the free list according to our
354 * Locking: Caller must hold tty->buf.lock
357 static void tty_buffer_free(struct tty_struct *tty, struct tty_buffer *b)
359 /* Dumb strategy for now - should keep some stats */
360 tty->buf.memory_used -= b->size;
361 WARN_ON(tty->buf.memory_used < 0);
366 b->next = tty->buf.free;
372 * __tty_buffer_flush - flush full tty buffers
375 * flush all the buffers containing receive data. Caller must
376 * hold the buffer lock and must have ensured no parallel flush to
379 * Locking: Caller must hold tty->buf.lock
382 static void __tty_buffer_flush(struct tty_struct *tty)
384 struct tty_buffer *thead;
386 while ((thead = tty->buf.head) != NULL) {
387 tty->buf.head = thead->next;
388 tty_buffer_free(tty, thead);
390 tty->buf.tail = NULL;
394 * tty_buffer_flush - flush full tty buffers
397 * flush all the buffers containing receive data. If the buffer is
398 * being processed by flush_to_ldisc then we defer the processing
404 static void tty_buffer_flush(struct tty_struct *tty)
407 spin_lock_irqsave(&tty->buf.lock, flags);
409 /* If the data is being pushed to the tty layer then we can't
410 process it here. Instead set a flag and the flush_to_ldisc
411 path will process the flush request before it exits */
412 if (test_bit(TTY_FLUSHING, &tty->flags)) {
413 set_bit(TTY_FLUSHPENDING, &tty->flags);
414 spin_unlock_irqrestore(&tty->buf.lock, flags);
415 wait_event(tty->read_wait,
416 test_bit(TTY_FLUSHPENDING, &tty->flags) == 0);
419 __tty_buffer_flush(tty);
420 spin_unlock_irqrestore(&tty->buf.lock, flags);
424 * tty_buffer_find - find a free tty buffer
425 * @tty: tty owning the buffer
426 * @size: characters wanted
428 * Locate an existing suitable tty buffer or if we are lacking one then
429 * allocate a new one. We round our buffers off in 256 character chunks
430 * to get better allocation behaviour.
432 * Locking: Caller must hold tty->buf.lock
435 static struct tty_buffer *tty_buffer_find(struct tty_struct *tty, size_t size)
437 struct tty_buffer **tbh = &tty->buf.free;
438 while ((*tbh) != NULL) {
439 struct tty_buffer *t = *tbh;
440 if (t->size >= size) {
446 tty->buf.memory_used += t->size;
449 tbh = &((*tbh)->next);
451 /* Round the buffer size out */
452 size = (size + 0xFF) & ~0xFF;
453 return tty_buffer_alloc(tty, size);
454 /* Should possibly check if this fails for the largest buffer we
455 have queued and recycle that ? */
459 * tty_buffer_request_room - grow tty buffer if needed
460 * @tty: tty structure
461 * @size: size desired
463 * Make at least size bytes of linear space available for the tty
464 * buffer. If we fail return the size we managed to find.
466 * Locking: Takes tty->buf.lock
468 int tty_buffer_request_room(struct tty_struct *tty, size_t size)
470 struct tty_buffer *b, *n;
474 spin_lock_irqsave(&tty->buf.lock, flags);
476 /* OPTIMISATION: We could keep a per tty "zero" sized buffer to
477 remove this conditional if its worth it. This would be invisible
479 if ((b = tty->buf.tail) != NULL)
480 left = b->size - b->used;
485 /* This is the slow path - looking for new buffers to use */
486 if ((n = tty_buffer_find(tty, size)) != NULL) {
497 spin_unlock_irqrestore(&tty->buf.lock, flags);
500 EXPORT_SYMBOL_GPL(tty_buffer_request_room);
503 * tty_insert_flip_string - Add characters to the tty buffer
504 * @tty: tty structure
508 * Queue a series of bytes to the tty buffering. All the characters
509 * passed are marked as without error. Returns the number added.
511 * Locking: Called functions may take tty->buf.lock
514 int tty_insert_flip_string(struct tty_struct *tty, const unsigned char *chars,
519 int space = tty_buffer_request_room(tty, size - copied);
520 struct tty_buffer *tb = tty->buf.tail;
521 /* If there is no space then tb may be NULL */
522 if (unlikely(space == 0))
524 memcpy(tb->char_buf_ptr + tb->used, chars, space);
525 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
529 /* There is a small chance that we need to split the data over
530 several buffers. If this is the case we must loop */
531 } while (unlikely(size > copied));
534 EXPORT_SYMBOL(tty_insert_flip_string);
537 * tty_insert_flip_string_flags - Add characters to the tty buffer
538 * @tty: tty structure
543 * Queue a series of bytes to the tty buffering. For each character
544 * the flags array indicates the status of the character. Returns the
547 * Locking: Called functions may take tty->buf.lock
550 int tty_insert_flip_string_flags(struct tty_struct *tty,
551 const unsigned char *chars, const char *flags, size_t size)
555 int space = tty_buffer_request_room(tty, size - copied);
556 struct tty_buffer *tb = tty->buf.tail;
557 /* If there is no space then tb may be NULL */
558 if (unlikely(space == 0))
560 memcpy(tb->char_buf_ptr + tb->used, chars, space);
561 memcpy(tb->flag_buf_ptr + tb->used, flags, space);
566 /* There is a small chance that we need to split the data over
567 several buffers. If this is the case we must loop */
568 } while (unlikely(size > copied));
571 EXPORT_SYMBOL(tty_insert_flip_string_flags);
574 * tty_schedule_flip - push characters to ldisc
575 * @tty: tty to push from
577 * Takes any pending buffers and transfers their ownership to the
578 * ldisc side of the queue. It then schedules those characters for
579 * processing by the line discipline.
581 * Locking: Takes tty->buf.lock
584 void tty_schedule_flip(struct tty_struct *tty)
587 spin_lock_irqsave(&tty->buf.lock, flags);
588 if (tty->buf.tail != NULL)
589 tty->buf.tail->commit = tty->buf.tail->used;
590 spin_unlock_irqrestore(&tty->buf.lock, flags);
591 schedule_delayed_work(&tty->buf.work, 1);
593 EXPORT_SYMBOL(tty_schedule_flip);
596 * tty_prepare_flip_string - make room for characters
598 * @chars: return pointer for character write area
599 * @size: desired size
601 * Prepare a block of space in the buffer for data. Returns the length
602 * available and buffer pointer to the space which is now allocated and
603 * accounted for as ready for normal characters. This is used for drivers
604 * that need their own block copy routines into the buffer. There is no
605 * guarantee the buffer is a DMA target!
607 * Locking: May call functions taking tty->buf.lock
610 int tty_prepare_flip_string(struct tty_struct *tty, unsigned char **chars,
613 int space = tty_buffer_request_room(tty, size);
615 struct tty_buffer *tb = tty->buf.tail;
616 *chars = tb->char_buf_ptr + tb->used;
617 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
623 EXPORT_SYMBOL_GPL(tty_prepare_flip_string);
626 * tty_prepare_flip_string_flags - make room for characters
628 * @chars: return pointer for character write area
629 * @flags: return pointer for status flag write area
630 * @size: desired size
632 * Prepare a block of space in the buffer for data. Returns the length
633 * available and buffer pointer to the space which is now allocated and
634 * accounted for as ready for characters. This is used for drivers
635 * that need their own block copy routines into the buffer. There is no
636 * guarantee the buffer is a DMA target!
638 * Locking: May call functions taking tty->buf.lock
641 int tty_prepare_flip_string_flags(struct tty_struct *tty,
642 unsigned char **chars, char **flags, size_t size)
644 int space = tty_buffer_request_room(tty, size);
646 struct tty_buffer *tb = tty->buf.tail;
647 *chars = tb->char_buf_ptr + tb->used;
648 *flags = tb->flag_buf_ptr + tb->used;
654 EXPORT_SYMBOL_GPL(tty_prepare_flip_string_flags);
659 * get_tty_driver - find device of a tty
660 * @dev_t: device identifier
661 * @index: returns the index of the tty
663 * This routine returns a tty driver structure, given a device number
664 * and also passes back the index number.
666 * Locking: caller must hold tty_mutex
669 static struct tty_driver *get_tty_driver(dev_t device, int *index)
671 struct tty_driver *p;
673 list_for_each_entry(p, &tty_drivers, tty_drivers) {
674 dev_t base = MKDEV(p->major, p->minor_start);
675 if (device < base || device >= base + p->num)
677 *index = device - base;
683 #ifdef CONFIG_CONSOLE_POLL
686 * tty_find_polling_driver - find device of a polled tty
687 * @name: name string to match
688 * @line: pointer to resulting tty line nr
690 * This routine returns a tty driver structure, given a name
691 * and the condition that the tty driver is capable of polled
694 struct tty_driver *tty_find_polling_driver(char *name, int *line)
696 struct tty_driver *p, *res = NULL;
700 mutex_lock(&tty_mutex);
701 /* Search through the tty devices to look for a match */
702 list_for_each_entry(p, &tty_drivers, tty_drivers) {
703 str = name + strlen(p->name);
704 tty_line = simple_strtoul(str, &str, 10);
710 if (tty_line >= 0 && tty_line <= p->num && p->ops &&
711 p->ops->poll_init && !p->ops->poll_init(p, tty_line, str)) {
717 mutex_unlock(&tty_mutex);
721 EXPORT_SYMBOL_GPL(tty_find_polling_driver);
725 * tty_check_change - check for POSIX terminal changes
728 * If we try to write to, or set the state of, a terminal and we're
729 * not in the foreground, send a SIGTTOU. If the signal is blocked or
730 * ignored, go ahead and perform the operation. (POSIX 7.2)
735 int tty_check_change(struct tty_struct *tty)
740 if (current->signal->tty != tty)
743 spin_lock_irqsave(&tty->ctrl_lock, flags);
746 printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n");
749 if (task_pgrp(current) == tty->pgrp)
751 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
752 if (is_ignored(SIGTTOU))
754 if (is_current_pgrp_orphaned()) {
758 kill_pgrp(task_pgrp(current), SIGTTOU, 1);
759 set_thread_flag(TIF_SIGPENDING);
764 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
768 EXPORT_SYMBOL(tty_check_change);
770 static ssize_t hung_up_tty_read(struct file *file, char __user *buf,
771 size_t count, loff_t *ppos)
776 static ssize_t hung_up_tty_write(struct file *file, const char __user *buf,
777 size_t count, loff_t *ppos)
782 /* No kernel lock held - none needed ;) */
783 static unsigned int hung_up_tty_poll(struct file *filp, poll_table *wait)
785 return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
788 static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
791 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
794 static long hung_up_tty_compat_ioctl(struct file *file,
795 unsigned int cmd, unsigned long arg)
797 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
800 static const struct file_operations tty_fops = {
805 .unlocked_ioctl = tty_ioctl,
806 .compat_ioctl = tty_compat_ioctl,
808 .release = tty_release,
809 .fasync = tty_fasync,
812 #ifdef CONFIG_UNIX98_PTYS
813 static const struct file_operations ptmx_fops = {
818 .unlocked_ioctl = tty_ioctl,
819 .compat_ioctl = tty_compat_ioctl,
821 .release = tty_release,
822 .fasync = tty_fasync,
826 static const struct file_operations console_fops = {
829 .write = redirected_tty_write,
831 .unlocked_ioctl = tty_ioctl,
832 .compat_ioctl = tty_compat_ioctl,
834 .release = tty_release,
835 .fasync = tty_fasync,
838 static const struct file_operations hung_up_tty_fops = {
840 .read = hung_up_tty_read,
841 .write = hung_up_tty_write,
842 .poll = hung_up_tty_poll,
843 .unlocked_ioctl = hung_up_tty_ioctl,
844 .compat_ioctl = hung_up_tty_compat_ioctl,
845 .release = tty_release,
848 static DEFINE_SPINLOCK(redirect_lock);
849 static struct file *redirect;
852 * tty_wakeup - request more data
855 * Internal and external helper for wakeups of tty. This function
856 * informs the line discipline if present that the driver is ready
857 * to receive more output data.
860 void tty_wakeup(struct tty_struct *tty)
862 struct tty_ldisc *ld;
864 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
865 ld = tty_ldisc_ref(tty);
867 if (ld->ops->write_wakeup)
868 ld->ops->write_wakeup(tty);
872 wake_up_interruptible(&tty->write_wait);
875 EXPORT_SYMBOL_GPL(tty_wakeup);
878 * tty_ldisc_flush - flush line discipline queue
881 * Flush the line discipline queue (if any) for this tty. If there
882 * is no line discipline active this is a no-op.
885 void tty_ldisc_flush(struct tty_struct *tty)
887 struct tty_ldisc *ld = tty_ldisc_ref(tty);
889 if (ld->ops->flush_buffer)
890 ld->ops->flush_buffer(tty);
893 tty_buffer_flush(tty);
896 EXPORT_SYMBOL_GPL(tty_ldisc_flush);
899 * tty_reset_termios - reset terminal state
902 * Restore a terminal to the driver default state
905 static void tty_reset_termios(struct tty_struct *tty)
907 mutex_lock(&tty->termios_mutex);
908 *tty->termios = tty->driver->init_termios;
909 tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
910 tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
911 mutex_unlock(&tty->termios_mutex);
915 * do_tty_hangup - actual handler for hangup events
918 k * This can be called by the "eventd" kernel thread. That is process
919 * synchronous but doesn't hold any locks, so we need to make sure we
920 * have the appropriate locks for what we're doing.
922 * The hangup event clears any pending redirections onto the hung up
923 * device. It ensures future writes will error and it does the needed
924 * line discipline hangup and signal delivery. The tty object itself
929 * redirect lock for undoing redirection
930 * file list lock for manipulating list of ttys
931 * tty_ldisc_lock from called functions
932 * termios_mutex resetting termios data
933 * tasklist_lock to walk task list for hangup event
934 * ->siglock to protect ->signal/->sighand
936 static void do_tty_hangup(struct work_struct *work)
938 struct tty_struct *tty =
939 container_of(work, struct tty_struct, hangup_work);
940 struct file *cons_filp = NULL;
941 struct file *filp, *f = NULL;
942 struct task_struct *p;
943 struct tty_ldisc *ld;
944 int closecount = 0, n;
950 /* inuse_filps is protected by the single kernel lock */
953 spin_lock(&redirect_lock);
954 if (redirect && redirect->private_data == tty) {
958 spin_unlock(&redirect_lock);
960 check_tty_count(tty, "do_tty_hangup");
962 /* This breaks for file handles being sent over AF_UNIX sockets ? */
963 list_for_each_entry(filp, &tty->tty_files, f_u.fu_list) {
964 if (filp->f_op->write == redirected_tty_write)
966 if (filp->f_op->write != tty_write)
969 tty_fasync(-1, filp, 0); /* can't block */
970 filp->f_op = &hung_up_tty_fops;
974 * FIXME! What are the locking issues here? This may me overdoing
975 * things... This question is especially important now that we've
976 * removed the irqlock.
978 ld = tty_ldisc_ref(tty);
980 /* We may have no line discipline at this point */
981 if (ld->ops->flush_buffer)
982 ld->ops->flush_buffer(tty);
983 tty_driver_flush_buffer(tty);
984 if ((test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) &&
985 ld->ops->write_wakeup)
986 ld->ops->write_wakeup(tty);
988 ld->ops->hangup(tty);
991 * FIXME: Once we trust the LDISC code better we can wait here for
992 * ldisc completion and fix the driver call race
994 wake_up_interruptible(&tty->write_wait);
995 wake_up_interruptible(&tty->read_wait);
997 * Shutdown the current line discipline, and reset it to
1000 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1001 tty_reset_termios(tty);
1002 /* Defer ldisc switch */
1003 /* tty_deferred_ldisc_switch(N_TTY);
1005 This should get done automatically when the port closes and
1006 tty_release is called */
1008 read_lock(&tasklist_lock);
1010 do_each_pid_task(tty->session, PIDTYPE_SID, p) {
1011 spin_lock_irq(&p->sighand->siglock);
1012 if (p->signal->tty == tty)
1013 p->signal->tty = NULL;
1014 if (!p->signal->leader) {
1015 spin_unlock_irq(&p->sighand->siglock);
1018 __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
1019 __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
1020 put_pid(p->signal->tty_old_pgrp); /* A noop */
1021 spin_lock_irqsave(&tty->ctrl_lock, flags);
1023 p->signal->tty_old_pgrp = get_pid(tty->pgrp);
1024 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1025 spin_unlock_irq(&p->sighand->siglock);
1026 } while_each_pid_task(tty->session, PIDTYPE_SID, p);
1028 read_unlock(&tasklist_lock);
1030 spin_lock_irqsave(&tty->ctrl_lock, flags);
1032 put_pid(tty->session);
1034 tty->session = NULL;
1036 tty->ctrl_status = 0;
1037 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1040 * If one of the devices matches a console pointer, we
1041 * cannot just call hangup() because that will cause
1042 * tty->count and state->count to go out of sync.
1043 * So we just call close() the right number of times.
1046 if (tty->ops->close)
1047 for (n = 0; n < closecount; n++)
1048 tty->ops->close(tty, cons_filp);
1049 } else if (tty->ops->hangup)
1050 (tty->ops->hangup)(tty);
1052 * We don't want to have driver/ldisc interactions beyond
1053 * the ones we did here. The driver layer expects no
1054 * calls after ->hangup() from the ldisc side. However we
1055 * can't yet guarantee all that.
1057 set_bit(TTY_HUPPED, &tty->flags);
1059 tty_ldisc_enable(tty);
1060 tty_ldisc_deref(ld);
1068 * tty_hangup - trigger a hangup event
1069 * @tty: tty to hangup
1071 * A carrier loss (virtual or otherwise) has occurred on this like
1072 * schedule a hangup sequence to run after this event.
1075 void tty_hangup(struct tty_struct *tty)
1077 #ifdef TTY_DEBUG_HANGUP
1079 printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
1081 schedule_work(&tty->hangup_work);
1084 EXPORT_SYMBOL(tty_hangup);
1087 * tty_vhangup - process vhangup
1088 * @tty: tty to hangup
1090 * The user has asked via system call for the terminal to be hung up.
1091 * We do this synchronously so that when the syscall returns the process
1092 * is complete. That guarantee is necessary for security reasons.
1095 void tty_vhangup(struct tty_struct *tty)
1097 #ifdef TTY_DEBUG_HANGUP
1100 printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
1102 do_tty_hangup(&tty->hangup_work);
1105 EXPORT_SYMBOL(tty_vhangup);
1108 * tty_hung_up_p - was tty hung up
1109 * @filp: file pointer of tty
1111 * Return true if the tty has been subject to a vhangup or a carrier
1115 int tty_hung_up_p(struct file *filp)
1117 return (filp->f_op == &hung_up_tty_fops);
1120 EXPORT_SYMBOL(tty_hung_up_p);
1123 * is_tty - checker whether file is a TTY
1124 * @filp: file handle that may be a tty
1126 * Check if the file handle is a tty handle.
1129 int is_tty(struct file *filp)
1131 return filp->f_op->read == tty_read
1132 || filp->f_op->read == hung_up_tty_read;
1135 static void session_clear_tty(struct pid *session)
1137 struct task_struct *p;
1138 do_each_pid_task(session, PIDTYPE_SID, p) {
1140 } while_each_pid_task(session, PIDTYPE_SID, p);
1144 * disassociate_ctty - disconnect controlling tty
1145 * @on_exit: true if exiting so need to "hang up" the session
1147 * This function is typically called only by the session leader, when
1148 * it wants to disassociate itself from its controlling tty.
1150 * It performs the following functions:
1151 * (1) Sends a SIGHUP and SIGCONT to the foreground process group
1152 * (2) Clears the tty from being controlling the session
1153 * (3) Clears the controlling tty for all processes in the
1156 * The argument on_exit is set to 1 if called when a process is
1157 * exiting; it is 0 if called by the ioctl TIOCNOTTY.
1160 * BKL is taken for hysterical raisins
1161 * tty_mutex is taken to protect tty
1162 * ->siglock is taken to protect ->signal/->sighand
1163 * tasklist_lock is taken to walk process list for sessions
1164 * ->siglock is taken to protect ->signal/->sighand
1167 void disassociate_ctty(int on_exit)
1169 struct tty_struct *tty;
1170 struct pid *tty_pgrp = NULL;
1173 mutex_lock(&tty_mutex);
1174 tty = get_current_tty();
1176 tty_pgrp = get_pid(tty->pgrp);
1177 mutex_unlock(&tty_mutex);
1179 /* XXX: here we race, there is nothing protecting tty */
1180 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY)
1183 } else if (on_exit) {
1184 struct pid *old_pgrp;
1185 spin_lock_irq(¤t->sighand->siglock);
1186 old_pgrp = current->signal->tty_old_pgrp;
1187 current->signal->tty_old_pgrp = NULL;
1188 spin_unlock_irq(¤t->sighand->siglock);
1190 kill_pgrp(old_pgrp, SIGHUP, on_exit);
1191 kill_pgrp(old_pgrp, SIGCONT, on_exit);
1194 mutex_unlock(&tty_mutex);
1198 kill_pgrp(tty_pgrp, SIGHUP, on_exit);
1200 kill_pgrp(tty_pgrp, SIGCONT, on_exit);
1204 spin_lock_irq(¤t->sighand->siglock);
1205 put_pid(current->signal->tty_old_pgrp);
1206 current->signal->tty_old_pgrp = NULL;
1207 spin_unlock_irq(¤t->sighand->siglock);
1209 mutex_lock(&tty_mutex);
1210 /* It is possible that do_tty_hangup has free'd this tty */
1211 tty = get_current_tty();
1213 unsigned long flags;
1214 spin_lock_irqsave(&tty->ctrl_lock, flags);
1215 put_pid(tty->session);
1217 tty->session = NULL;
1219 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1221 #ifdef TTY_DEBUG_HANGUP
1222 printk(KERN_DEBUG "error attempted to write to tty [0x%p]"
1226 mutex_unlock(&tty_mutex);
1228 /* Now clear signal->tty under the lock */
1229 read_lock(&tasklist_lock);
1230 session_clear_tty(task_session(current));
1231 read_unlock(&tasklist_lock);
1236 * no_tty - Ensure the current process does not have a controlling tty
1240 struct task_struct *tsk = current;
1242 if (tsk->signal->leader)
1243 disassociate_ctty(0);
1245 proc_clear_tty(tsk);
1250 * stop_tty - propagate flow control
1253 * Perform flow control to the driver. For PTY/TTY pairs we
1254 * must also propagate the TIOCKPKT status. May be called
1255 * on an already stopped device and will not re-call the driver
1258 * This functionality is used by both the line disciplines for
1259 * halting incoming flow and by the driver. It may therefore be
1260 * called from any context, may be under the tty atomic_write_lock
1264 * Uses the tty control lock internally
1267 void stop_tty(struct tty_struct *tty)
1269 unsigned long flags;
1270 spin_lock_irqsave(&tty->ctrl_lock, flags);
1272 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1276 if (tty->link && tty->link->packet) {
1277 tty->ctrl_status &= ~TIOCPKT_START;
1278 tty->ctrl_status |= TIOCPKT_STOP;
1279 wake_up_interruptible(&tty->link->read_wait);
1281 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1283 (tty->ops->stop)(tty);
1286 EXPORT_SYMBOL(stop_tty);
1289 * start_tty - propagate flow control
1290 * @tty: tty to start
1292 * Start a tty that has been stopped if at all possible. Perform
1293 * any necessary wakeups and propagate the TIOCPKT status. If this
1294 * is the tty was previous stopped and is being started then the
1295 * driver start method is invoked and the line discipline woken.
1301 void start_tty(struct tty_struct *tty)
1303 unsigned long flags;
1304 spin_lock_irqsave(&tty->ctrl_lock, flags);
1305 if (!tty->stopped || tty->flow_stopped) {
1306 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1310 if (tty->link && tty->link->packet) {
1311 tty->ctrl_status &= ~TIOCPKT_STOP;
1312 tty->ctrl_status |= TIOCPKT_START;
1313 wake_up_interruptible(&tty->link->read_wait);
1315 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1316 if (tty->ops->start)
1317 (tty->ops->start)(tty);
1318 /* If we have a running line discipline it may need kicking */
1322 EXPORT_SYMBOL(start_tty);
1325 * tty_read - read method for tty device files
1326 * @file: pointer to tty file
1328 * @count: size of user buffer
1331 * Perform the read system call function on this terminal device. Checks
1332 * for hung up devices before calling the line discipline method.
1335 * Locks the line discipline internally while needed. Multiple
1336 * read calls may be outstanding in parallel.
1339 static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
1343 struct tty_struct *tty;
1344 struct inode *inode;
1345 struct tty_ldisc *ld;
1347 tty = (struct tty_struct *)file->private_data;
1348 inode = file->f_path.dentry->d_inode;
1349 if (tty_paranoia_check(tty, inode, "tty_read"))
1351 if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
1354 /* We want to wait for the line discipline to sort out in this
1356 ld = tty_ldisc_ref_wait(tty);
1358 i = (ld->ops->read)(tty, file, buf, count);
1361 tty_ldisc_deref(ld);
1363 inode->i_atime = current_fs_time(inode->i_sb);
1367 void tty_write_unlock(struct tty_struct *tty)
1369 mutex_unlock(&tty->atomic_write_lock);
1370 wake_up_interruptible(&tty->write_wait);
1373 int tty_write_lock(struct tty_struct *tty, int ndelay)
1375 if (!mutex_trylock(&tty->atomic_write_lock)) {
1378 if (mutex_lock_interruptible(&tty->atomic_write_lock))
1379 return -ERESTARTSYS;
1385 * Split writes up in sane blocksizes to avoid
1386 * denial-of-service type attacks
1388 static inline ssize_t do_tty_write(
1389 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1390 struct tty_struct *tty,
1392 const char __user *buf,
1395 ssize_t ret, written = 0;
1398 ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
1403 * We chunk up writes into a temporary buffer. This
1404 * simplifies low-level drivers immensely, since they
1405 * don't have locking issues and user mode accesses.
1407 * But if TTY_NO_WRITE_SPLIT is set, we should use a
1410 * The default chunk-size is 2kB, because the NTTY
1411 * layer has problems with bigger chunks. It will
1412 * claim to be able to handle more characters than
1415 * FIXME: This can probably go away now except that 64K chunks
1416 * are too likely to fail unless switched to vmalloc...
1419 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1424 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1425 if (tty->write_cnt < chunk) {
1431 buf = kmalloc(chunk, GFP_KERNEL);
1436 kfree(tty->write_buf);
1437 tty->write_cnt = chunk;
1438 tty->write_buf = buf;
1441 /* Do the write .. */
1443 size_t size = count;
1447 if (copy_from_user(tty->write_buf, buf, size))
1449 ret = write(tty, file, tty->write_buf, size);
1458 if (signal_pending(current))
1463 struct inode *inode = file->f_path.dentry->d_inode;
1464 inode->i_mtime = current_fs_time(inode->i_sb);
1468 tty_write_unlock(tty);
1474 * tty_write - write method for tty device file
1475 * @file: tty file pointer
1476 * @buf: user data to write
1477 * @count: bytes to write
1480 * Write data to a tty device via the line discipline.
1483 * Locks the line discipline as required
1484 * Writes to the tty driver are serialized by the atomic_write_lock
1485 * and are then processed in chunks to the device. The line discipline
1486 * write method will not be involked in parallel for each device
1487 * The line discipline write method is called under the big
1488 * kernel lock for historical reasons. New code should not rely on this.
1491 static ssize_t tty_write(struct file *file, const char __user *buf,
1492 size_t count, loff_t *ppos)
1494 struct tty_struct *tty;
1495 struct inode *inode = file->f_path.dentry->d_inode;
1497 struct tty_ldisc *ld;
1499 tty = (struct tty_struct *)file->private_data;
1500 if (tty_paranoia_check(tty, inode, "tty_write"))
1502 if (!tty || !tty->ops->write ||
1503 (test_bit(TTY_IO_ERROR, &tty->flags)))
1505 /* Short term debug to catch buggy drivers */
1506 if (tty->ops->write_room == NULL)
1507 printk(KERN_ERR "tty driver %s lacks a write_room method.\n",
1509 ld = tty_ldisc_ref_wait(tty);
1510 if (!ld->ops->write)
1513 ret = do_tty_write(ld->ops->write, tty, file, buf, count);
1514 tty_ldisc_deref(ld);
1518 ssize_t redirected_tty_write(struct file *file, const char __user *buf,
1519 size_t count, loff_t *ppos)
1521 struct file *p = NULL;
1523 spin_lock(&redirect_lock);
1528 spin_unlock(&redirect_lock);
1532 res = vfs_write(p, buf, count, &p->f_pos);
1536 return tty_write(file, buf, count, ppos);
1539 void tty_port_init(struct tty_port *port)
1541 memset(port, 0, sizeof(*port));
1542 init_waitqueue_head(&port->open_wait);
1543 init_waitqueue_head(&port->close_wait);
1544 mutex_init(&port->mutex);
1545 port->close_delay = (50 * HZ) / 100;
1546 port->closing_wait = (3000 * HZ) / 100;
1548 EXPORT_SYMBOL(tty_port_init);
1550 int tty_port_alloc_xmit_buf(struct tty_port *port)
1552 /* We may sleep in get_zeroed_page() */
1553 mutex_lock(&port->mutex);
1554 if (port->xmit_buf == NULL)
1555 port->xmit_buf = (unsigned char *)get_zeroed_page(GFP_KERNEL);
1556 mutex_unlock(&port->mutex);
1557 if (port->xmit_buf == NULL)
1561 EXPORT_SYMBOL(tty_port_alloc_xmit_buf);
1563 void tty_port_free_xmit_buf(struct tty_port *port)
1565 mutex_lock(&port->mutex);
1566 if (port->xmit_buf != NULL) {
1567 free_page((unsigned long)port->xmit_buf);
1568 port->xmit_buf = NULL;
1570 mutex_unlock(&port->mutex);
1572 EXPORT_SYMBOL(tty_port_free_xmit_buf);
1575 static char ptychar[] = "pqrstuvwxyzabcde";
1578 * pty_line_name - generate name for a pty
1579 * @driver: the tty driver in use
1580 * @index: the minor number
1581 * @p: output buffer of at least 6 bytes
1583 * Generate a name from a driver reference and write it to the output
1588 static void pty_line_name(struct tty_driver *driver, int index, char *p)
1590 int i = index + driver->name_base;
1591 /* ->name is initialized to "ttyp", but "tty" is expected */
1592 sprintf(p, "%s%c%x",
1593 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1594 ptychar[i >> 4 & 0xf], i & 0xf);
1598 * pty_line_name - generate name for a tty
1599 * @driver: the tty driver in use
1600 * @index: the minor number
1601 * @p: output buffer of at least 7 bytes
1603 * Generate a name from a driver reference and write it to the output
1608 static void tty_line_name(struct tty_driver *driver, int index, char *p)
1610 sprintf(p, "%s%d", driver->name, index + driver->name_base);
1614 * init_dev - initialise a tty device
1615 * @driver: tty driver we are opening a device on
1616 * @idx: device index
1617 * @tty: returned tty structure
1619 * Prepare a tty device. This may not be a "new" clean device but
1620 * could also be an active device. The pty drivers require special
1621 * handling because of this.
1624 * The function is called under the tty_mutex, which
1625 * protects us from the tty struct or driver itself going away.
1627 * On exit the tty device has the line discipline attached and
1628 * a reference count of 1. If a pair was created for pty/tty use
1629 * and the other was a pty master then it too has a reference count of 1.
1631 * WSH 06/09/97: Rewritten to remove races and properly clean up after a
1632 * failed open. The new code protects the open with a mutex, so it's
1633 * really quite straightforward. The mutex locking can probably be
1634 * relaxed for the (most common) case of reopening a tty.
1637 static int init_dev(struct tty_driver *driver, int idx,
1638 struct tty_struct **ret_tty)
1640 struct tty_struct *tty, *o_tty;
1641 struct ktermios *tp, **tp_loc, *o_tp, **o_tp_loc;
1642 struct ktermios *ltp, **ltp_loc, *o_ltp, **o_ltp_loc;
1645 /* check whether we're reopening an existing tty */
1646 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1647 tty = devpts_get_tty(idx);
1649 * If we don't have a tty here on a slave open, it's because
1650 * the master already started the close process and there's
1651 * no relation between devpts file and tty anymore.
1653 if (!tty && driver->subtype == PTY_TYPE_SLAVE) {
1658 * It's safe from now on because init_dev() is called with
1659 * tty_mutex held and release_dev() won't change tty->count
1660 * or tty->flags without having to grab tty_mutex
1662 if (tty && driver->subtype == PTY_TYPE_MASTER)
1665 tty = driver->ttys[idx];
1667 if (tty) goto fast_track;
1670 * First time open is complex, especially for PTY devices.
1671 * This code guarantees that either everything succeeds and the
1672 * TTY is ready for operation, or else the table slots are vacated
1673 * and the allocated memory released. (Except that the termios
1674 * and locked termios may be retained.)
1677 if (!try_module_get(driver->owner)) {
1686 tty = alloc_tty_struct();
1689 initialize_tty_struct(tty);
1690 tty->driver = driver;
1691 tty->ops = driver->ops;
1693 tty_line_name(driver, idx, tty->name);
1695 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1696 tp_loc = &tty->termios;
1697 ltp_loc = &tty->termios_locked;
1699 tp_loc = &driver->termios[idx];
1700 ltp_loc = &driver->termios_locked[idx];
1704 tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
1707 *tp = driver->init_termios;
1711 ltp = kzalloc(sizeof(struct ktermios), GFP_KERNEL);
1716 if (driver->type == TTY_DRIVER_TYPE_PTY) {
1717 o_tty = alloc_tty_struct();
1720 initialize_tty_struct(o_tty);
1721 o_tty->driver = driver->other;
1722 o_tty->ops = driver->ops;
1724 tty_line_name(driver->other, idx, o_tty->name);
1726 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1727 o_tp_loc = &o_tty->termios;
1728 o_ltp_loc = &o_tty->termios_locked;
1730 o_tp_loc = &driver->other->termios[idx];
1731 o_ltp_loc = &driver->other->termios_locked[idx];
1735 o_tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
1738 *o_tp = driver->other->init_termios;
1742 o_ltp = kzalloc(sizeof(struct ktermios), GFP_KERNEL);
1748 * Everything allocated ... set up the o_tty structure.
1750 if (!(driver->other->flags & TTY_DRIVER_DEVPTS_MEM))
1751 driver->other->ttys[idx] = o_tty;
1756 o_tty->termios = *o_tp_loc;
1757 o_tty->termios_locked = *o_ltp_loc;
1758 driver->other->refcount++;
1759 if (driver->subtype == PTY_TYPE_MASTER)
1762 /* Establish the links in both directions */
1768 * All structures have been allocated, so now we install them.
1769 * Failures after this point use release_tty to clean up, so
1770 * there's no need to null out the local pointers.
1772 if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM))
1773 driver->ttys[idx] = tty;
1779 tty->termios = *tp_loc;
1780 tty->termios_locked = *ltp_loc;
1781 /* Compatibility until drivers always set this */
1782 tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
1783 tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
1788 * Structures all installed ... call the ldisc open routines.
1789 * If we fail here just call release_tty to clean up. No need
1790 * to decrement the use counts, as release_tty doesn't care.
1793 retval = tty_ldisc_setup(tty, o_tty);
1796 goto release_mem_out;
1800 * This fast open can be used if the tty is already open.
1801 * No memory is allocated, and the only failures are from
1802 * attempting to open a closing tty or attempting multiple
1803 * opens on a pty master.
1806 if (test_bit(TTY_CLOSING, &tty->flags)) {
1810 if (driver->type == TTY_DRIVER_TYPE_PTY &&
1811 driver->subtype == PTY_TYPE_MASTER) {
1813 * special case for PTY masters: only one open permitted,
1814 * and the slave side open count is incremented as well.
1823 tty->driver = driver; /* N.B. why do this every time?? */
1826 if (!test_bit(TTY_LDISC, &tty->flags))
1827 printk(KERN_ERR "init_dev but no ldisc\n");
1831 /* All paths come through here to release the mutex */
1835 /* Release locally allocated memory ... nothing placed in slots */
1839 free_tty_struct(o_tty);
1842 free_tty_struct(tty);
1845 module_put(driver->owner);
1849 /* call the tty release_tty routine to clean out this slot */
1851 if (printk_ratelimit())
1852 printk(KERN_INFO "init_dev: ldisc open failed, "
1853 "clearing slot %d\n", idx);
1854 release_tty(tty, idx);
1859 * release_one_tty - release tty structure memory
1861 * Releases memory associated with a tty structure, and clears out the
1862 * driver table slots. This function is called when a device is no longer
1863 * in use. It also gets called when setup of a device fails.
1866 * tty_mutex - sometimes only
1867 * takes the file list lock internally when working on the list
1868 * of ttys that the driver keeps.
1869 * FIXME: should we require tty_mutex is held here ??
1871 static void release_one_tty(struct tty_struct *tty, int idx)
1873 int devpts = tty->driver->flags & TTY_DRIVER_DEVPTS_MEM;
1874 struct ktermios *tp;
1877 tty->driver->ttys[idx] = NULL;
1879 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
1882 tty->driver->termios[idx] = NULL;
1885 tp = tty->termios_locked;
1887 tty->driver->termios_locked[idx] = NULL;
1893 tty->driver->refcount--;
1896 list_del_init(&tty->tty_files);
1899 free_tty_struct(tty);
1903 * release_tty - release tty structure memory
1905 * Release both @tty and a possible linked partner (think pty pair),
1906 * and decrement the refcount of the backing module.
1909 * tty_mutex - sometimes only
1910 * takes the file list lock internally when working on the list
1911 * of ttys that the driver keeps.
1912 * FIXME: should we require tty_mutex is held here ??
1914 static void release_tty(struct tty_struct *tty, int idx)
1916 struct tty_driver *driver = tty->driver;
1919 release_one_tty(tty->link, idx);
1920 release_one_tty(tty, idx);
1921 module_put(driver->owner);
1925 * Even releasing the tty structures is a tricky business.. We have
1926 * to be very careful that the structures are all released at the
1927 * same time, as interrupts might otherwise get the wrong pointers.
1929 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1930 * lead to double frees or releasing memory still in use.
1932 static void release_dev(struct file *filp)
1934 struct tty_struct *tty, *o_tty;
1935 int pty_master, tty_closing, o_tty_closing, do_sleep;
1940 tty = (struct tty_struct *)filp->private_data;
1941 if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode,
1945 check_tty_count(tty, "release_dev");
1947 tty_fasync(-1, filp, 0);
1950 pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1951 tty->driver->subtype == PTY_TYPE_MASTER);
1952 devpts = (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) != 0;
1955 #ifdef TTY_PARANOIA_CHECK
1956 if (idx < 0 || idx >= tty->driver->num) {
1957 printk(KERN_DEBUG "release_dev: bad idx when trying to "
1958 "free (%s)\n", tty->name);
1961 if (!(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
1962 if (tty != tty->driver->ttys[idx]) {
1963 printk(KERN_DEBUG "release_dev: driver.table[%d] not tty "
1964 "for (%s)\n", idx, tty->name);
1967 if (tty->termios != tty->driver->termios[idx]) {
1968 printk(KERN_DEBUG "release_dev: driver.termios[%d] not termios "
1973 if (tty->termios_locked != tty->driver->termios_locked[idx]) {
1974 printk(KERN_DEBUG "release_dev: driver.termios_locked[%d] not "
1975 "termios_locked for (%s)\n",
1982 #ifdef TTY_DEBUG_HANGUP
1983 printk(KERN_DEBUG "release_dev of %s (tty count=%d)...",
1984 tty_name(tty, buf), tty->count);
1987 #ifdef TTY_PARANOIA_CHECK
1988 if (tty->driver->other &&
1989 !(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
1990 if (o_tty != tty->driver->other->ttys[idx]) {
1991 printk(KERN_DEBUG "release_dev: other->table[%d] "
1992 "not o_tty for (%s)\n",
1996 if (o_tty->termios != tty->driver->other->termios[idx]) {
1997 printk(KERN_DEBUG "release_dev: other->termios[%d] "
1998 "not o_termios for (%s)\n",
2002 if (o_tty->termios_locked !=
2003 tty->driver->other->termios_locked[idx]) {
2004 printk(KERN_DEBUG "release_dev: other->termios_locked["
2005 "%d] not o_termios_locked for (%s)\n",
2009 if (o_tty->link != tty) {
2010 printk(KERN_DEBUG "release_dev: bad pty pointers\n");
2015 if (tty->ops->close)
2016 tty->ops->close(tty, filp);
2019 * Sanity check: if tty->count is going to zero, there shouldn't be
2020 * any waiters on tty->read_wait or tty->write_wait. We test the
2021 * wait queues and kick everyone out _before_ actually starting to
2022 * close. This ensures that we won't block while releasing the tty
2025 * The test for the o_tty closing is necessary, since the master and
2026 * slave sides may close in any order. If the slave side closes out
2027 * first, its count will be one, since the master side holds an open.
2028 * Thus this test wouldn't be triggered at the time the slave closes,
2031 * Note that it's possible for the tty to be opened again while we're
2032 * flushing out waiters. By recalculating the closing flags before
2033 * each iteration we avoid any problems.
2036 /* Guard against races with tty->count changes elsewhere and
2037 opens on /dev/tty */
2039 mutex_lock(&tty_mutex);
2040 tty_closing = tty->count <= 1;
2041 o_tty_closing = o_tty &&
2042 (o_tty->count <= (pty_master ? 1 : 0));
2046 if (waitqueue_active(&tty->read_wait)) {
2047 wake_up(&tty->read_wait);
2050 if (waitqueue_active(&tty->write_wait)) {
2051 wake_up(&tty->write_wait);
2055 if (o_tty_closing) {
2056 if (waitqueue_active(&o_tty->read_wait)) {
2057 wake_up(&o_tty->read_wait);
2060 if (waitqueue_active(&o_tty->write_wait)) {
2061 wake_up(&o_tty->write_wait);
2068 printk(KERN_WARNING "release_dev: %s: read/write wait queue "
2069 "active!\n", tty_name(tty, buf));
2070 mutex_unlock(&tty_mutex);
2075 * The closing flags are now consistent with the open counts on
2076 * both sides, and we've completed the last operation that could
2077 * block, so it's safe to proceed with closing.
2080 if (--o_tty->count < 0) {
2081 printk(KERN_WARNING "release_dev: bad pty slave count "
2083 o_tty->count, tty_name(o_tty, buf));
2087 if (--tty->count < 0) {
2088 printk(KERN_WARNING "release_dev: bad tty->count (%d) for %s\n",
2089 tty->count, tty_name(tty, buf));
2094 * We've decremented tty->count, so we need to remove this file
2095 * descriptor off the tty->tty_files list; this serves two
2097 * - check_tty_count sees the correct number of file descriptors
2098 * associated with this tty.
2099 * - do_tty_hangup no longer sees this file descriptor as
2100 * something that needs to be handled for hangups.
2103 filp->private_data = NULL;
2106 * Perform some housekeeping before deciding whether to return.
2108 * Set the TTY_CLOSING flag if this was the last open. In the
2109 * case of a pty we may have to wait around for the other side
2110 * to close, and TTY_CLOSING makes sure we can't be reopened.
2113 set_bit(TTY_CLOSING, &tty->flags);
2115 set_bit(TTY_CLOSING, &o_tty->flags);
2118 * If _either_ side is closing, make sure there aren't any
2119 * processes that still think tty or o_tty is their controlling
2122 if (tty_closing || o_tty_closing) {
2123 read_lock(&tasklist_lock);
2124 session_clear_tty(tty->session);
2126 session_clear_tty(o_tty->session);
2127 read_unlock(&tasklist_lock);
2130 mutex_unlock(&tty_mutex);
2132 /* check whether both sides are closing ... */
2133 if (!tty_closing || (o_tty && !o_tty_closing))
2136 #ifdef TTY_DEBUG_HANGUP
2137 printk(KERN_DEBUG "freeing tty structure...");
2140 * Ask the line discipline code to release its structures
2142 tty_ldisc_release(tty, o_tty);
2144 * The release_tty function takes care of the details of clearing
2145 * the slots and preserving the termios structure.
2147 release_tty(tty, idx);
2149 /* Make this pty number available for reallocation */
2151 devpts_kill_index(idx);
2155 * tty_open - open a tty device
2156 * @inode: inode of device file
2157 * @filp: file pointer to tty
2159 * tty_open and tty_release keep up the tty count that contains the
2160 * number of opens done on a tty. We cannot use the inode-count, as
2161 * different inodes might point to the same tty.
2163 * Open-counting is needed for pty masters, as well as for keeping
2164 * track of serial lines: DTR is dropped when the last close happens.
2165 * (This is not done solely through tty->count, now. - Ted 1/27/92)
2167 * The termios state of a pty is reset on first open so that
2168 * settings don't persist across reuse.
2170 * Locking: tty_mutex protects tty, get_tty_driver and init_dev work.
2171 * tty->count should protect the rest.
2172 * ->siglock protects ->signal/->sighand
2175 static int __tty_open(struct inode *inode, struct file *filp)
2177 struct tty_struct *tty;
2179 struct tty_driver *driver;
2181 dev_t device = inode->i_rdev;
2182 unsigned short saved_flags = filp->f_flags;
2184 nonseekable_open(inode, filp);
2187 noctty = filp->f_flags & O_NOCTTY;
2191 mutex_lock(&tty_mutex);
2193 if (device == MKDEV(TTYAUX_MAJOR, 0)) {
2194 tty = get_current_tty();
2196 mutex_unlock(&tty_mutex);
2199 driver = tty->driver;
2201 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
2206 if (device == MKDEV(TTY_MAJOR, 0)) {
2207 extern struct tty_driver *console_driver;
2208 driver = console_driver;
2214 if (device == MKDEV(TTYAUX_MAJOR, 1)) {
2215 driver = console_device(&index);
2217 /* Don't let /dev/console block */
2218 filp->f_flags |= O_NONBLOCK;
2222 mutex_unlock(&tty_mutex);
2226 driver = get_tty_driver(device, &index);
2228 mutex_unlock(&tty_mutex);
2232 retval = init_dev(driver, index, &tty);
2233 mutex_unlock(&tty_mutex);
2237 filp->private_data = tty;
2238 file_move(filp, &tty->tty_files);
2239 check_tty_count(tty, "tty_open");
2240 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2241 tty->driver->subtype == PTY_TYPE_MASTER)
2243 #ifdef TTY_DEBUG_HANGUP
2244 printk(KERN_DEBUG "opening %s...", tty->name);
2248 retval = tty->ops->open(tty, filp);
2252 filp->f_flags = saved_flags;
2254 if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) &&
2255 !capable(CAP_SYS_ADMIN))
2259 #ifdef TTY_DEBUG_HANGUP
2260 printk(KERN_DEBUG "error %d in opening %s...", retval,
2264 if (retval != -ERESTARTSYS)
2266 if (signal_pending(current))
2270 * Need to reset f_op in case a hangup happened.
2272 if (filp->f_op == &hung_up_tty_fops)
2273 filp->f_op = &tty_fops;
2277 mutex_lock(&tty_mutex);
2278 spin_lock_irq(¤t->sighand->siglock);
2280 current->signal->leader &&
2281 !current->signal->tty &&
2282 tty->session == NULL)
2283 __proc_set_tty(current, tty);
2284 spin_unlock_irq(¤t->sighand->siglock);
2285 mutex_unlock(&tty_mutex);
2289 /* BKL pushdown: scary code avoidance wrapper */
2290 static int tty_open(struct inode *inode, struct file *filp)
2295 ret = __tty_open(inode, filp);
2302 #ifdef CONFIG_UNIX98_PTYS
2304 * ptmx_open - open a unix 98 pty master
2305 * @inode: inode of device file
2306 * @filp: file pointer to tty
2308 * Allocate a unix98 pty master device from the ptmx driver.
2310 * Locking: tty_mutex protects theinit_dev work. tty->count should
2312 * allocated_ptys_lock handles the list of free pty numbers
2315 static int __ptmx_open(struct inode *inode, struct file *filp)
2317 struct tty_struct *tty;
2321 nonseekable_open(inode, filp);
2323 /* find a device that is not in use. */
2324 index = devpts_new_index();
2328 mutex_lock(&tty_mutex);
2329 retval = init_dev(ptm_driver, index, &tty);
2330 mutex_unlock(&tty_mutex);
2335 set_bit(TTY_PTY_LOCK, &tty->flags); /* LOCK THE SLAVE */
2336 filp->private_data = tty;
2337 file_move(filp, &tty->tty_files);
2339 retval = devpts_pty_new(tty->link);
2343 check_tty_count(tty, "ptmx_open");
2344 retval = ptm_driver->ops->open(tty, filp);
2351 devpts_kill_index(index);
2355 static int ptmx_open(struct inode *inode, struct file *filp)
2360 ret = __ptmx_open(inode, filp);
2367 * tty_release - vfs callback for close
2368 * @inode: inode of tty
2369 * @filp: file pointer for handle to tty
2371 * Called the last time each file handle is closed that references
2372 * this tty. There may however be several such references.
2375 * Takes bkl. See release_dev
2378 static int tty_release(struct inode *inode, struct file *filp)
2387 * tty_poll - check tty status
2388 * @filp: file being polled
2389 * @wait: poll wait structures to update
2391 * Call the line discipline polling method to obtain the poll
2392 * status of the device.
2394 * Locking: locks called line discipline but ldisc poll method
2395 * may be re-entered freely by other callers.
2398 static unsigned int tty_poll(struct file *filp, poll_table *wait)
2400 struct tty_struct *tty;
2401 struct tty_ldisc *ld;
2404 tty = (struct tty_struct *)filp->private_data;
2405 if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_poll"))
2408 ld = tty_ldisc_ref_wait(tty);
2410 ret = (ld->ops->poll)(tty, filp, wait);
2411 tty_ldisc_deref(ld);
2415 static int tty_fasync(int fd, struct file *filp, int on)
2417 struct tty_struct *tty;
2418 unsigned long flags;
2422 tty = (struct tty_struct *)filp->private_data;
2423 if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_fasync"))
2426 retval = fasync_helper(fd, filp, on, &tty->fasync);
2433 if (!waitqueue_active(&tty->read_wait))
2434 tty->minimum_to_wake = 1;
2435 spin_lock_irqsave(&tty->ctrl_lock, flags);
2438 type = PIDTYPE_PGID;
2440 pid = task_pid(current);
2443 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2444 retval = __f_setown(filp, pid, type, 0);
2448 if (!tty->fasync && !waitqueue_active(&tty->read_wait))
2449 tty->minimum_to_wake = N_TTY_BUF_SIZE;
2458 * tiocsti - fake input character
2459 * @tty: tty to fake input into
2460 * @p: pointer to character
2462 * Fake input to a tty device. Does the necessary locking and
2465 * FIXME: does not honour flow control ??
2468 * Called functions take tty_ldisc_lock
2469 * current->signal->tty check is safe without locks
2471 * FIXME: may race normal receive processing
2474 static int tiocsti(struct tty_struct *tty, char __user *p)
2477 struct tty_ldisc *ld;
2479 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2481 if (get_user(ch, p))
2483 ld = tty_ldisc_ref_wait(tty);
2484 ld->ops->receive_buf(tty, &ch, &mbz, 1);
2485 tty_ldisc_deref(ld);
2490 * tiocgwinsz - implement window query ioctl
2492 * @arg: user buffer for result
2494 * Copies the kernel idea of the window size into the user buffer.
2496 * Locking: tty->termios_mutex is taken to ensure the winsize data
2500 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2504 mutex_lock(&tty->termios_mutex);
2505 err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2506 mutex_unlock(&tty->termios_mutex);
2508 return err ? -EFAULT: 0;
2512 * tiocswinsz - implement window size set ioctl
2514 * @arg: user buffer for result
2516 * Copies the user idea of the window size to the kernel. Traditionally
2517 * this is just advisory information but for the Linux console it
2518 * actually has driver level meaning and triggers a VC resize.
2521 * Called function use the console_sem is used to ensure we do
2522 * not try and resize the console twice at once.
2523 * The tty->termios_mutex is used to ensure we don't double
2524 * resize and get confused. Lock order - tty->termios_mutex before
2528 static int tiocswinsz(struct tty_struct *tty, struct tty_struct *real_tty,
2529 struct winsize __user *arg)
2531 struct winsize tmp_ws;
2532 struct pid *pgrp, *rpgrp;
2533 unsigned long flags;
2535 if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2538 mutex_lock(&tty->termios_mutex);
2539 if (!memcmp(&tmp_ws, &tty->winsize, sizeof(*arg)))
2543 if (tty->driver->type == TTY_DRIVER_TYPE_CONSOLE) {
2544 if (vc_lock_resize(tty->driver_data, tmp_ws.ws_col,
2546 mutex_unlock(&tty->termios_mutex);
2551 /* Get the PID values and reference them so we can
2552 avoid holding the tty ctrl lock while sending signals */
2553 spin_lock_irqsave(&tty->ctrl_lock, flags);
2554 pgrp = get_pid(tty->pgrp);
2555 rpgrp = get_pid(real_tty->pgrp);
2556 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2559 kill_pgrp(pgrp, SIGWINCH, 1);
2560 if (rpgrp != pgrp && rpgrp)
2561 kill_pgrp(rpgrp, SIGWINCH, 1);
2566 tty->winsize = tmp_ws;
2567 real_tty->winsize = tmp_ws;
2569 mutex_unlock(&tty->termios_mutex);
2574 * tioccons - allow admin to move logical console
2575 * @file: the file to become console
2577 * Allow the adminstrator to move the redirected console device
2579 * Locking: uses redirect_lock to guard the redirect information
2582 static int tioccons(struct file *file)
2584 if (!capable(CAP_SYS_ADMIN))
2586 if (file->f_op->write == redirected_tty_write) {
2588 spin_lock(&redirect_lock);
2591 spin_unlock(&redirect_lock);
2596 spin_lock(&redirect_lock);
2598 spin_unlock(&redirect_lock);
2603 spin_unlock(&redirect_lock);
2608 * fionbio - non blocking ioctl
2609 * @file: file to set blocking value
2610 * @p: user parameter
2612 * Historical tty interfaces had a blocking control ioctl before
2613 * the generic functionality existed. This piece of history is preserved
2614 * in the expected tty API of posix OS's.
2616 * Locking: none, the open fle handle ensures it won't go away.
2619 static int fionbio(struct file *file, int __user *p)
2623 if (get_user(nonblock, p))
2626 /* file->f_flags is still BKL protected in the fs layer - vomit */
2629 file->f_flags |= O_NONBLOCK;
2631 file->f_flags &= ~O_NONBLOCK;
2637 * tiocsctty - set controlling tty
2638 * @tty: tty structure
2639 * @arg: user argument
2641 * This ioctl is used to manage job control. It permits a session
2642 * leader to set this tty as the controlling tty for the session.
2645 * Takes tty_mutex() to protect tty instance
2646 * Takes tasklist_lock internally to walk sessions
2647 * Takes ->siglock() when updating signal->tty
2650 static int tiocsctty(struct tty_struct *tty, int arg)
2653 if (current->signal->leader && (task_session(current) == tty->session))
2656 mutex_lock(&tty_mutex);
2658 * The process must be a session leader and
2659 * not have a controlling tty already.
2661 if (!current->signal->leader || current->signal->tty) {
2668 * This tty is already the controlling
2669 * tty for another session group!
2671 if (arg == 1 && capable(CAP_SYS_ADMIN)) {
2675 read_lock(&tasklist_lock);
2676 session_clear_tty(tty->session);
2677 read_unlock(&tasklist_lock);
2683 proc_set_tty(current, tty);
2685 mutex_unlock(&tty_mutex);
2690 * tty_get_pgrp - return a ref counted pgrp pid
2693 * Returns a refcounted instance of the pid struct for the process
2694 * group controlling the tty.
2697 struct pid *tty_get_pgrp(struct tty_struct *tty)
2699 unsigned long flags;
2702 spin_lock_irqsave(&tty->ctrl_lock, flags);
2703 pgrp = get_pid(tty->pgrp);
2704 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2708 EXPORT_SYMBOL_GPL(tty_get_pgrp);
2711 * tiocgpgrp - get process group
2712 * @tty: tty passed by user
2713 * @real_tty: tty side of the tty pased by the user if a pty else the tty
2716 * Obtain the process group of the tty. If there is no process group
2719 * Locking: none. Reference to current->signal->tty is safe.
2722 static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2727 * (tty == real_tty) is a cheap way of
2728 * testing if the tty is NOT a master pty.
2730 if (tty == real_tty && current->signal->tty != real_tty)
2732 pid = tty_get_pgrp(real_tty);
2733 ret = put_user(pid_vnr(pid), p);
2739 * tiocspgrp - attempt to set process group
2740 * @tty: tty passed by user
2741 * @real_tty: tty side device matching tty passed by user
2744 * Set the process group of the tty to the session passed. Only
2745 * permitted where the tty session is our session.
2747 * Locking: RCU, ctrl lock
2750 static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2754 int retval = tty_check_change(real_tty);
2755 unsigned long flags;
2761 if (!current->signal->tty ||
2762 (current->signal->tty != real_tty) ||
2763 (real_tty->session != task_session(current)))
2765 if (get_user(pgrp_nr, p))
2770 pgrp = find_vpid(pgrp_nr);
2775 if (session_of_pgrp(pgrp) != task_session(current))
2778 spin_lock_irqsave(&tty->ctrl_lock, flags);
2779 put_pid(real_tty->pgrp);
2780 real_tty->pgrp = get_pid(pgrp);
2781 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2788 * tiocgsid - get session id
2789 * @tty: tty passed by user
2790 * @real_tty: tty side of the tty pased by the user if a pty else the tty
2791 * @p: pointer to returned session id
2793 * Obtain the session id of the tty. If there is no session
2796 * Locking: none. Reference to current->signal->tty is safe.
2799 static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2802 * (tty == real_tty) is a cheap way of
2803 * testing if the tty is NOT a master pty.
2805 if (tty == real_tty && current->signal->tty != real_tty)
2807 if (!real_tty->session)
2809 return put_user(pid_vnr(real_tty->session), p);
2813 * tiocsetd - set line discipline
2815 * @p: pointer to user data
2817 * Set the line discipline according to user request.
2819 * Locking: see tty_set_ldisc, this function is just a helper
2822 static int tiocsetd(struct tty_struct *tty, int __user *p)
2827 if (get_user(ldisc, p))
2831 ret = tty_set_ldisc(tty, ldisc);
2838 * send_break - performed time break
2839 * @tty: device to break on
2840 * @duration: timeout in mS
2842 * Perform a timed break on hardware that lacks its own driver level
2843 * timed break functionality.
2846 * atomic_write_lock serializes
2850 static int send_break(struct tty_struct *tty, unsigned int duration)
2854 if (tty->ops->break_ctl == NULL)
2857 if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
2858 retval = tty->ops->break_ctl(tty, duration);
2860 /* Do the work ourselves */
2861 if (tty_write_lock(tty, 0) < 0)
2863 retval = tty->ops->break_ctl(tty, -1);
2866 if (!signal_pending(current))
2867 msleep_interruptible(duration);
2868 retval = tty->ops->break_ctl(tty, 0);
2870 tty_write_unlock(tty);
2871 if (signal_pending(current))
2878 * tty_tiocmget - get modem status
2880 * @file: user file pointer
2881 * @p: pointer to result
2883 * Obtain the modem status bits from the tty driver if the feature
2884 * is supported. Return -EINVAL if it is not available.
2886 * Locking: none (up to the driver)
2889 static int tty_tiocmget(struct tty_struct *tty, struct file *file, int __user *p)
2891 int retval = -EINVAL;
2893 if (tty->ops->tiocmget) {
2894 retval = tty->ops->tiocmget(tty, file);
2897 retval = put_user(retval, p);
2903 * tty_tiocmset - set modem status
2905 * @file: user file pointer
2906 * @cmd: command - clear bits, set bits or set all
2907 * @p: pointer to desired bits
2909 * Set the modem status bits from the tty driver if the feature
2910 * is supported. Return -EINVAL if it is not available.
2912 * Locking: none (up to the driver)
2915 static int tty_tiocmset(struct tty_struct *tty, struct file *file, unsigned int cmd,
2919 unsigned int set, clear, val;
2921 if (tty->ops->tiocmset == NULL)
2924 retval = get_user(val, p);
2940 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2941 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2942 return tty->ops->tiocmset(tty, file, set, clear);
2946 * Split this up, as gcc can choke on it otherwise..
2948 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2950 struct tty_struct *tty, *real_tty;
2951 void __user *p = (void __user *)arg;
2953 struct tty_ldisc *ld;
2954 struct inode *inode = file->f_dentry->d_inode;
2956 tty = (struct tty_struct *)file->private_data;
2957 if (tty_paranoia_check(tty, inode, "tty_ioctl"))
2961 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2962 tty->driver->subtype == PTY_TYPE_MASTER)
2963 real_tty = tty->link;
2967 * Factor out some common prep work
2975 retval = tty_check_change(tty);
2978 if (cmd != TIOCCBRK) {
2979 tty_wait_until_sent(tty, 0);
2980 if (signal_pending(current))
2991 return tiocsti(tty, p);
2993 return tiocgwinsz(tty, p);
2995 return tiocswinsz(tty, real_tty, p);
2997 return real_tty != tty ? -EINVAL : tioccons(file);
2999 return fionbio(file, p);
3001 set_bit(TTY_EXCLUSIVE, &tty->flags);
3004 clear_bit(TTY_EXCLUSIVE, &tty->flags);
3007 if (current->signal->tty != tty)
3012 return tiocsctty(tty, arg);
3014 return tiocgpgrp(tty, real_tty, p);
3016 return tiocspgrp(tty, real_tty, p);
3018 return tiocgsid(tty, real_tty, p);
3020 return put_user(tty->ldisc.ops->num, (int __user *)p);
3022 return tiocsetd(tty, p);
3025 return tioclinux(tty, arg);
3030 case TIOCSBRK: /* Turn break on, unconditionally */
3031 if (tty->ops->break_ctl)
3032 return tty->ops->break_ctl(tty, -1);
3034 case TIOCCBRK: /* Turn break off, unconditionally */
3035 if (tty->ops->break_ctl)
3036 return tty->ops->break_ctl(tty, 0);
3038 case TCSBRK: /* SVID version: non-zero arg --> no break */
3039 /* non-zero arg means wait for all output data
3040 * to be sent (performed above) but don't send break.
3041 * This is used by the tcdrain() termios function.
3044 return send_break(tty, 250);
3046 case TCSBRKP: /* support for POSIX tcsendbreak() */
3047 return send_break(tty, arg ? arg*100 : 250);
3050 return tty_tiocmget(tty, file, p);
3054 return tty_tiocmset(tty, file, cmd, p);
3059 /* flush tty buffer and allow ldisc to process ioctl */
3060 tty_buffer_flush(tty);
3065 if (tty->ops->ioctl) {
3066 retval = (tty->ops->ioctl)(tty, file, cmd, arg);
3067 if (retval != -ENOIOCTLCMD)
3070 ld = tty_ldisc_ref_wait(tty);
3072 if (ld->ops->ioctl) {
3073 retval = ld->ops->ioctl(tty, file, cmd, arg);
3074 if (retval == -ENOIOCTLCMD)
3077 tty_ldisc_deref(ld);
3081 #ifdef CONFIG_COMPAT
3082 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
3085 struct inode *inode = file->f_dentry->d_inode;
3086 struct tty_struct *tty = file->private_data;
3087 struct tty_ldisc *ld;
3088 int retval = -ENOIOCTLCMD;
3090 if (tty_paranoia_check(tty, inode, "tty_ioctl"))
3093 if (tty->ops->compat_ioctl) {
3094 retval = (tty->ops->compat_ioctl)(tty, file, cmd, arg);
3095 if (retval != -ENOIOCTLCMD)
3099 ld = tty_ldisc_ref_wait(tty);
3100 if (ld->ops->compat_ioctl)
3101 retval = ld->ops->compat_ioctl(tty, file, cmd, arg);
3102 tty_ldisc_deref(ld);
3109 * This implements the "Secure Attention Key" --- the idea is to
3110 * prevent trojan horses by killing all processes associated with this
3111 * tty when the user hits the "Secure Attention Key". Required for
3112 * super-paranoid applications --- see the Orange Book for more details.
3114 * This code could be nicer; ideally it should send a HUP, wait a few
3115 * seconds, then send a INT, and then a KILL signal. But you then
3116 * have to coordinate with the init process, since all processes associated
3117 * with the current tty must be dead before the new getty is allowed
3120 * Now, if it would be correct ;-/ The current code has a nasty hole -
3121 * it doesn't catch files in flight. We may send the descriptor to ourselves
3122 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
3124 * Nasty bug: do_SAK is being called in interrupt context. This can
3125 * deadlock. We punt it up to process context. AKPM - 16Mar2001
3127 void __do_SAK(struct tty_struct *tty)
3132 struct task_struct *g, *p;
3133 struct pid *session;
3136 struct fdtable *fdt;
3140 session = tty->session;
3142 tty_ldisc_flush(tty);
3144 tty_driver_flush_buffer(tty);
3146 read_lock(&tasklist_lock);
3147 /* Kill the entire session */
3148 do_each_pid_task(session, PIDTYPE_SID, p) {
3149 printk(KERN_NOTICE "SAK: killed process %d"
3150 " (%s): task_session_nr(p)==tty->session\n",
3151 task_pid_nr(p), p->comm);
3152 send_sig(SIGKILL, p, 1);
3153 } while_each_pid_task(session, PIDTYPE_SID, p);
3154 /* Now kill any processes that happen to have the
3157 do_each_thread(g, p) {
3158 if (p->signal->tty == tty) {
3159 printk(KERN_NOTICE "SAK: killed process %d"
3160 " (%s): task_session_nr(p)==tty->session\n",
3161 task_pid_nr(p), p->comm);
3162 send_sig(SIGKILL, p, 1);
3168 * We don't take a ref to the file, so we must
3169 * hold ->file_lock instead.
3171 spin_lock(&p->files->file_lock);
3172 fdt = files_fdtable(p->files);
3173 for (i = 0; i < fdt->max_fds; i++) {
3174 filp = fcheck_files(p->files, i);
3177 if (filp->f_op->read == tty_read &&
3178 filp->private_data == tty) {
3179 printk(KERN_NOTICE "SAK: killed process %d"
3180 " (%s): fd#%d opened to the tty\n",
3181 task_pid_nr(p), p->comm, i);
3182 force_sig(SIGKILL, p);
3186 spin_unlock(&p->files->file_lock);
3189 } while_each_thread(g, p);
3190 read_unlock(&tasklist_lock);
3194 static void do_SAK_work(struct work_struct *work)
3196 struct tty_struct *tty =
3197 container_of(work, struct tty_struct, SAK_work);
3202 * The tq handling here is a little racy - tty->SAK_work may already be queued.
3203 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3204 * the values which we write to it will be identical to the values which it
3205 * already has. --akpm
3207 void do_SAK(struct tty_struct *tty)
3211 schedule_work(&tty->SAK_work);
3214 EXPORT_SYMBOL(do_SAK);
3218 * @work: tty structure passed from work queue.
3220 * This routine is called out of the software interrupt to flush data
3221 * from the buffer chain to the line discipline.
3223 * Locking: holds tty->buf.lock to guard buffer list. Drops the lock
3224 * while invoking the line discipline receive_buf method. The
3225 * receive_buf method is single threaded for each tty instance.
3228 static void flush_to_ldisc(struct work_struct *work)
3230 struct tty_struct *tty =
3231 container_of(work, struct tty_struct, buf.work.work);
3232 unsigned long flags;
3233 struct tty_ldisc *disc;
3234 struct tty_buffer *tbuf, *head;
3236 unsigned char *flag_buf;
3238 disc = tty_ldisc_ref(tty);
3239 if (disc == NULL) /* !TTY_LDISC */
3242 spin_lock_irqsave(&tty->buf.lock, flags);
3243 /* So we know a flush is running */
3244 set_bit(TTY_FLUSHING, &tty->flags);
3245 head = tty->buf.head;
3247 tty->buf.head = NULL;
3249 int count = head->commit - head->read;
3251 if (head->next == NULL)
3255 tty_buffer_free(tty, tbuf);
3258 /* Ldisc or user is trying to flush the buffers
3259 we are feeding to the ldisc, stop feeding the
3260 line discipline as we want to empty the queue */
3261 if (test_bit(TTY_FLUSHPENDING, &tty->flags))
3263 if (!tty->receive_room) {
3264 schedule_delayed_work(&tty->buf.work, 1);
3267 if (count > tty->receive_room)
3268 count = tty->receive_room;
3269 char_buf = head->char_buf_ptr + head->read;
3270 flag_buf = head->flag_buf_ptr + head->read;
3271 head->read += count;
3272 spin_unlock_irqrestore(&tty->buf.lock, flags);
3273 disc->ops->receive_buf(tty, char_buf,
3275 spin_lock_irqsave(&tty->buf.lock, flags);
3277 /* Restore the queue head */
3278 tty->buf.head = head;
3280 /* We may have a deferred request to flush the input buffer,
3281 if so pull the chain under the lock and empty the queue */
3282 if (test_bit(TTY_FLUSHPENDING, &tty->flags)) {
3283 __tty_buffer_flush(tty);
3284 clear_bit(TTY_FLUSHPENDING, &tty->flags);
3285 wake_up(&tty->read_wait);
3287 clear_bit(TTY_FLUSHING, &tty->flags);
3288 spin_unlock_irqrestore(&tty->buf.lock, flags);
3290 tty_ldisc_deref(disc);
3294 * tty_flip_buffer_push - terminal
3297 * Queue a push of the terminal flip buffers to the line discipline. This
3298 * function must not be called from IRQ context if tty->low_latency is set.
3300 * In the event of the queue being busy for flipping the work will be
3301 * held off and retried later.
3303 * Locking: tty buffer lock. Driver locks in low latency mode.
3306 void tty_flip_buffer_push(struct tty_struct *tty)
3308 unsigned long flags;
3309 spin_lock_irqsave(&tty->buf.lock, flags);
3310 if (tty->buf.tail != NULL)
3311 tty->buf.tail->commit = tty->buf.tail->used;
3312 spin_unlock_irqrestore(&tty->buf.lock, flags);
3314 if (tty->low_latency)
3315 flush_to_ldisc(&tty->buf.work.work);
3317 schedule_delayed_work(&tty->buf.work, 1);
3320 EXPORT_SYMBOL(tty_flip_buffer_push);
3324 * initialize_tty_struct
3325 * @tty: tty to initialize
3327 * This subroutine initializes a tty structure that has been newly
3330 * Locking: none - tty in question must not be exposed at this point
3333 static void initialize_tty_struct(struct tty_struct *tty)
3335 memset(tty, 0, sizeof(struct tty_struct));
3336 tty->magic = TTY_MAGIC;
3337 tty_ldisc_init(tty);
3338 tty->session = NULL;
3340 tty->overrun_time = jiffies;
3341 tty->buf.head = tty->buf.tail = NULL;
3342 tty_buffer_init(tty);
3343 INIT_DELAYED_WORK(&tty->buf.work, flush_to_ldisc);
3344 mutex_init(&tty->termios_mutex);
3345 init_waitqueue_head(&tty->write_wait);
3346 init_waitqueue_head(&tty->read_wait);
3347 INIT_WORK(&tty->hangup_work, do_tty_hangup);
3348 mutex_init(&tty->atomic_read_lock);
3349 mutex_init(&tty->atomic_write_lock);
3350 spin_lock_init(&tty->read_lock);
3351 spin_lock_init(&tty->ctrl_lock);
3352 INIT_LIST_HEAD(&tty->tty_files);
3353 INIT_WORK(&tty->SAK_work, do_SAK_work);
3357 * tty_put_char - write one character to a tty
3361 * Write one byte to the tty using the provided put_char method
3362 * if present. Returns the number of characters successfully output.
3364 * Note: the specific put_char operation in the driver layer may go
3365 * away soon. Don't call it directly, use this method
3368 int tty_put_char(struct tty_struct *tty, unsigned char ch)
3370 if (tty->ops->put_char)
3371 return tty->ops->put_char(tty, ch);
3372 return tty->ops->write(tty, &ch, 1);
3375 EXPORT_SYMBOL_GPL(tty_put_char);
3377 static struct class *tty_class;
3380 * tty_register_device - register a tty device
3381 * @driver: the tty driver that describes the tty device
3382 * @index: the index in the tty driver for this tty device
3383 * @device: a struct device that is associated with this tty device.
3384 * This field is optional, if there is no known struct device
3385 * for this tty device it can be set to NULL safely.
3387 * Returns a pointer to the struct device for this tty device
3388 * (or ERR_PTR(-EFOO) on error).
3390 * This call is required to be made to register an individual tty device
3391 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3392 * that bit is not set, this function should not be called by a tty
3398 struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3399 struct device *device)
3402 dev_t dev = MKDEV(driver->major, driver->minor_start) + index;
3404 if (index >= driver->num) {
3405 printk(KERN_ERR "Attempt to register invalid tty line number "
3407 return ERR_PTR(-EINVAL);
3410 if (driver->type == TTY_DRIVER_TYPE_PTY)
3411 pty_line_name(driver, index, name);
3413 tty_line_name(driver, index, name);
3415 return device_create_drvdata(tty_class, device, dev, NULL, name);
3419 * tty_unregister_device - unregister a tty device
3420 * @driver: the tty driver that describes the tty device
3421 * @index: the index in the tty driver for this tty device
3423 * If a tty device is registered with a call to tty_register_device() then
3424 * this function must be called when the tty device is gone.
3429 void tty_unregister_device(struct tty_driver *driver, unsigned index)
3431 device_destroy(tty_class,
3432 MKDEV(driver->major, driver->minor_start) + index);
3435 EXPORT_SYMBOL(tty_register_device);
3436 EXPORT_SYMBOL(tty_unregister_device);
3438 struct tty_driver *alloc_tty_driver(int lines)
3440 struct tty_driver *driver;
3442 driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL);
3444 driver->magic = TTY_DRIVER_MAGIC;
3445 driver->num = lines;
3446 /* later we'll move allocation of tables here */
3451 void put_tty_driver(struct tty_driver *driver)
3456 void tty_set_operations(struct tty_driver *driver,
3457 const struct tty_operations *op)
3462 EXPORT_SYMBOL(alloc_tty_driver);
3463 EXPORT_SYMBOL(put_tty_driver);
3464 EXPORT_SYMBOL(tty_set_operations);
3467 * Called by a tty driver to register itself.
3469 int tty_register_driver(struct tty_driver *driver)
3476 if (driver->flags & TTY_DRIVER_INSTALLED)
3479 if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM) && driver->num) {
3480 p = kzalloc(driver->num * 3 * sizeof(void *), GFP_KERNEL);
3485 if (!driver->major) {
3486 error = alloc_chrdev_region(&dev, driver->minor_start,
3487 driver->num, driver->name);
3489 driver->major = MAJOR(dev);
3490 driver->minor_start = MINOR(dev);
3493 dev = MKDEV(driver->major, driver->minor_start);
3494 error = register_chrdev_region(dev, driver->num, driver->name);
3502 driver->ttys = (struct tty_struct **)p;
3503 driver->termios = (struct ktermios **)(p + driver->num);
3504 driver->termios_locked = (struct ktermios **)
3505 (p + driver->num * 2);
3507 driver->ttys = NULL;
3508 driver->termios = NULL;
3509 driver->termios_locked = NULL;
3512 cdev_init(&driver->cdev, &tty_fops);
3513 driver->cdev.owner = driver->owner;
3514 error = cdev_add(&driver->cdev, dev, driver->num);
3516 unregister_chrdev_region(dev, driver->num);
3517 driver->ttys = NULL;
3518 driver->termios = driver->termios_locked = NULL;
3523 mutex_lock(&tty_mutex);
3524 list_add(&driver->tty_drivers, &tty_drivers);
3525 mutex_unlock(&tty_mutex);
3527 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
3528 for (i = 0; i < driver->num; i++)
3529 tty_register_device(driver, i, NULL);
3531 proc_tty_register_driver(driver);
3535 EXPORT_SYMBOL(tty_register_driver);
3538 * Called by a tty driver to unregister itself.
3540 int tty_unregister_driver(struct tty_driver *driver)
3543 struct ktermios *tp;
3546 if (driver->refcount)
3549 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3551 mutex_lock(&tty_mutex);
3552 list_del(&driver->tty_drivers);
3553 mutex_unlock(&tty_mutex);
3556 * Free the termios and termios_locked structures because
3557 * we don't want to get memory leaks when modular tty
3558 * drivers are removed from the kernel.
3560 for (i = 0; i < driver->num; i++) {
3561 tp = driver->termios[i];
3563 driver->termios[i] = NULL;
3566 tp = driver->termios_locked[i];
3568 driver->termios_locked[i] = NULL;
3571 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3572 tty_unregister_device(driver, i);
3575 proc_tty_unregister_driver(driver);
3576 driver->ttys = NULL;
3577 driver->termios = driver->termios_locked = NULL;
3579 cdev_del(&driver->cdev);
3582 EXPORT_SYMBOL(tty_unregister_driver);
3584 dev_t tty_devnum(struct tty_struct *tty)
3586 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3588 EXPORT_SYMBOL(tty_devnum);
3590 void proc_clear_tty(struct task_struct *p)
3592 spin_lock_irq(&p->sighand->siglock);
3593 p->signal->tty = NULL;
3594 spin_unlock_irq(&p->sighand->siglock);
3596 EXPORT_SYMBOL(proc_clear_tty);
3598 /* Called under the sighand lock */
3600 static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
3603 unsigned long flags;
3604 /* We should not have a session or pgrp to put here but.... */
3605 spin_lock_irqsave(&tty->ctrl_lock, flags);
3606 put_pid(tty->session);
3608 tty->pgrp = get_pid(task_pgrp(tsk));
3609 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
3610 tty->session = get_pid(task_session(tsk));
3612 put_pid(tsk->signal->tty_old_pgrp);
3613 tsk->signal->tty = tty;
3614 tsk->signal->tty_old_pgrp = NULL;
3617 static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
3619 spin_lock_irq(&tsk->sighand->siglock);
3620 __proc_set_tty(tsk, tty);
3621 spin_unlock_irq(&tsk->sighand->siglock);
3624 struct tty_struct *get_current_tty(void)
3626 struct tty_struct *tty;
3627 WARN_ON_ONCE(!mutex_is_locked(&tty_mutex));
3628 tty = current->signal->tty;
3630 * session->tty can be changed/cleared from under us, make sure we
3631 * issue the load. The obtained pointer, when not NULL, is valid as
3632 * long as we hold tty_mutex.
3637 EXPORT_SYMBOL_GPL(get_current_tty);
3640 * Initialize the console device. This is called *early*, so
3641 * we can't necessarily depend on lots of kernel help here.
3642 * Just do some early initializations, and do the complex setup
3645 void __init console_init(void)
3649 /* Setup the default TTY line discipline. */
3653 * set up the console device so that later boot sequences can
3654 * inform about problems etc..
3656 call = __con_initcall_start;
3657 while (call < __con_initcall_end) {
3663 static int __init tty_class_init(void)
3665 tty_class = class_create(THIS_MODULE, "tty");
3666 if (IS_ERR(tty_class))
3667 return PTR_ERR(tty_class);
3671 postcore_initcall(tty_class_init);
3673 /* 3/2004 jmc: why do these devices exist? */
3675 static struct cdev tty_cdev, console_cdev;
3676 #ifdef CONFIG_UNIX98_PTYS
3677 static struct cdev ptmx_cdev;
3680 static struct cdev vc0_cdev;
3684 * Ok, now we can initialize the rest of the tty devices and can count
3685 * on memory allocations, interrupts etc..
3687 static int __init tty_init(void)
3689 cdev_init(&tty_cdev, &tty_fops);
3690 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3691 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3692 panic("Couldn't register /dev/tty driver\n");
3693 device_create_drvdata(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL,
3696 cdev_init(&console_cdev, &console_fops);
3697 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3698 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3699 panic("Couldn't register /dev/console driver\n");
3700 device_create_drvdata(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), NULL,
3703 #ifdef CONFIG_UNIX98_PTYS
3704 cdev_init(&ptmx_cdev, &ptmx_fops);
3705 if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) ||
3706 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 2), 1, "/dev/ptmx") < 0)
3707 panic("Couldn't register /dev/ptmx driver\n");
3708 device_create_drvdata(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 2), NULL, "ptmx");
3712 cdev_init(&vc0_cdev, &console_fops);
3713 if (cdev_add(&vc0_cdev, MKDEV(TTY_MAJOR, 0), 1) ||
3714 register_chrdev_region(MKDEV(TTY_MAJOR, 0), 1, "/dev/vc/0") < 0)
3715 panic("Couldn't register /dev/tty0 driver\n");
3716 device_create_drvdata(tty_class, NULL, MKDEV(TTY_MAJOR, 0), NULL, "tty0");
3722 module_init(tty_init);
projects / linux-2.6 / blob