[PATCH] i386: fix singlestep through an int80 syscall
[linux-2.6] / drivers / char / tty_io.c
1 /*
2  *  linux/drivers/char/tty_io.c
3  *
4  *  Copyright (C) 1991, 1992  Linus Torvalds
5  */
6
7 /*
8  * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
9  * or rs-channels. It also implements echoing, cooked mode etc.
10  *
11  * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
12  *
13  * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
14  * tty_struct and tty_queue structures.  Previously there was an array
15  * of 256 tty_struct's which was statically allocated, and the
16  * tty_queue structures were allocated at boot time.  Both are now
17  * dynamically allocated only when the tty is open.
18  *
19  * Also restructured routines so that there is more of a separation
20  * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
21  * the low-level tty routines (serial.c, pty.c, console.c).  This
22  * makes for cleaner and more compact code.  -TYT, 9/17/92 
23  *
24  * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
25  * which can be dynamically activated and de-activated by the line
26  * discipline handling modules (like SLIP).
27  *
28  * NOTE: pay no attention to the line discipline code (yet); its
29  * interface is still subject to change in this version...
30  * -- TYT, 1/31/92
31  *
32  * Added functionality to the OPOST tty handling.  No delays, but all
33  * other bits should be there.
34  *      -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
35  *
36  * Rewrote canonical mode and added more termios flags.
37  *      -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
38  *
39  * Reorganized FASYNC support so mouse code can share it.
40  *      -- ctm@ardi.com, 9Sep95
41  *
42  * New TIOCLINUX variants added.
43  *      -- mj@k332.feld.cvut.cz, 19-Nov-95
44  * 
45  * Restrict vt switching via ioctl()
46  *      -- grif@cs.ucr.edu, 5-Dec-95
47  *
48  * Move console and virtual terminal code to more appropriate files,
49  * implement CONFIG_VT and generalize console device interface.
50  *      -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
51  *
52  * Rewrote init_dev and release_dev to eliminate races.
53  *      -- Bill Hawes <whawes@star.net>, June 97
54  *
55  * Added devfs support.
56  *      -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
57  *
58  * Added support for a Unix98-style ptmx device.
59  *      -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
60  *
61  * Reduced memory usage for older ARM systems
62  *      -- Russell King <rmk@arm.linux.org.uk>
63  *
64  * Move do_SAK() into process context.  Less stack use in devfs functions.
65  * alloc_tty_struct() always uses kmalloc() -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
66  */
67
68 #include <linux/config.h>
69 #include <linux/types.h>
70 #include <linux/major.h>
71 #include <linux/errno.h>
72 #include <linux/signal.h>
73 #include <linux/fcntl.h>
74 #include <linux/sched.h>
75 #include <linux/interrupt.h>
76 #include <linux/tty.h>
77 #include <linux/tty_driver.h>
78 #include <linux/tty_flip.h>
79 #include <linux/devpts_fs.h>
80 #include <linux/file.h>
81 #include <linux/console.h>
82 #include <linux/timer.h>
83 #include <linux/ctype.h>
84 #include <linux/kd.h>
85 #include <linux/mm.h>
86 #include <linux/string.h>
87 #include <linux/slab.h>
88 #include <linux/poll.h>
89 #include <linux/proc_fs.h>
90 #include <linux/init.h>
91 #include <linux/module.h>
92 #include <linux/smp_lock.h>
93 #include <linux/device.h>
94 #include <linux/idr.h>
95 #include <linux/wait.h>
96 #include <linux/bitops.h>
97 #include <linux/delay.h>
98
99 #include <asm/uaccess.h>
100 #include <asm/system.h>
101
102 #include <linux/kbd_kern.h>
103 #include <linux/vt_kern.h>
104 #include <linux/selection.h>
105 #include <linux/devfs_fs_kernel.h>
106
107 #include <linux/kmod.h>
108
109 #undef TTY_DEBUG_HANGUP
110
111 #define TTY_PARANOIA_CHECK 1
112 #define CHECK_TTY_COUNT 1
113
114 struct termios tty_std_termios = {      /* for the benefit of tty drivers  */
115         .c_iflag = ICRNL | IXON,
116         .c_oflag = OPOST | ONLCR,
117         .c_cflag = B38400 | CS8 | CREAD | HUPCL,
118         .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
119                    ECHOCTL | ECHOKE | IEXTEN,
120         .c_cc = INIT_C_CC
121 };
122
123 EXPORT_SYMBOL(tty_std_termios);
124
125 /* This list gets poked at by procfs and various bits of boot up code. This
126    could do with some rationalisation such as pulling the tty proc function
127    into this file */
128    
129 LIST_HEAD(tty_drivers);                 /* linked list of tty drivers */
130
131 /* Semaphore to protect creating and releasing a tty. This is shared with
132    vt.c for deeply disgusting hack reasons */
133 DECLARE_MUTEX(tty_sem);
134
135 #ifdef CONFIG_UNIX98_PTYS
136 extern struct tty_driver *ptm_driver;   /* Unix98 pty masters; for /dev/ptmx */
137 extern int pty_limit;           /* Config limit on Unix98 ptys */
138 static DEFINE_IDR(allocated_ptys);
139 static DECLARE_MUTEX(allocated_ptys_lock);
140 static int ptmx_open(struct inode *, struct file *);
141 #endif
142
143 extern void disable_early_printk(void);
144
145 static void initialize_tty_struct(struct tty_struct *tty);
146
147 static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
148 static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
149 ssize_t redirected_tty_write(struct file *, const char __user *, size_t, loff_t *);
150 static unsigned int tty_poll(struct file *, poll_table *);
151 static int tty_open(struct inode *, struct file *);
152 static int tty_release(struct inode *, struct file *);
153 int tty_ioctl(struct inode * inode, struct file * file,
154               unsigned int cmd, unsigned long arg);
155 static int tty_fasync(int fd, struct file * filp, int on);
156 static void release_mem(struct tty_struct *tty, int idx);
157
158
159 static struct tty_struct *alloc_tty_struct(void)
160 {
161         struct tty_struct *tty;
162
163         tty = kmalloc(sizeof(struct tty_struct), GFP_KERNEL);
164         if (tty)
165                 memset(tty, 0, sizeof(struct tty_struct));
166         return tty;
167 }
168
169 static void tty_buffer_free_all(struct tty_struct *);
170
171 static inline void free_tty_struct(struct tty_struct *tty)
172 {
173         kfree(tty->write_buf);
174         tty_buffer_free_all(tty);
175         kfree(tty);
176 }
177
178 #define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
179
180 char *tty_name(struct tty_struct *tty, char *buf)
181 {
182         if (!tty) /* Hmm.  NULL pointer.  That's fun. */
183                 strcpy(buf, "NULL tty");
184         else
185                 strcpy(buf, tty->name);
186         return buf;
187 }
188
189 EXPORT_SYMBOL(tty_name);
190
191 int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
192                               const char *routine)
193 {
194 #ifdef TTY_PARANOIA_CHECK
195         if (!tty) {
196                 printk(KERN_WARNING
197                         "null TTY for (%d:%d) in %s\n",
198                         imajor(inode), iminor(inode), routine);
199                 return 1;
200         }
201         if (tty->magic != TTY_MAGIC) {
202                 printk(KERN_WARNING
203                         "bad magic number for tty struct (%d:%d) in %s\n",
204                         imajor(inode), iminor(inode), routine);
205                 return 1;
206         }
207 #endif
208         return 0;
209 }
210
211 static int check_tty_count(struct tty_struct *tty, const char *routine)
212 {
213 #ifdef CHECK_TTY_COUNT
214         struct list_head *p;
215         int count = 0;
216         
217         file_list_lock();
218         list_for_each(p, &tty->tty_files) {
219                 count++;
220         }
221         file_list_unlock();
222         if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
223             tty->driver->subtype == PTY_TYPE_SLAVE &&
224             tty->link && tty->link->count)
225                 count++;
226         if (tty->count != count) {
227                 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
228                                     "!= #fd's(%d) in %s\n",
229                        tty->name, tty->count, count, routine);
230                 return count;
231        }        
232 #endif
233         return 0;
234 }
235
236 /*
237  * Tty buffer allocation management
238  */
239
240 static void tty_buffer_free_all(struct tty_struct *tty)
241 {
242         struct tty_buffer *thead;
243         while((thead = tty->buf.head) != NULL) {
244                 tty->buf.head = thead->next;
245                 kfree(thead);
246         }
247         while((thead = tty->buf.free) != NULL) {
248                 tty->buf.free = thead->next;
249                 kfree(thead);
250         }
251         tty->buf.tail = NULL;
252 }
253
254 static void tty_buffer_init(struct tty_struct *tty)
255 {
256         spin_lock_init(&tty->buf.lock);
257         tty->buf.head = NULL;
258         tty->buf.tail = NULL;
259         tty->buf.free = NULL;
260 }
261
262 static struct tty_buffer *tty_buffer_alloc(size_t size)
263 {
264         struct tty_buffer *p = kmalloc(sizeof(struct tty_buffer) + 2 * size, GFP_ATOMIC);
265         if(p == NULL)
266                 return NULL;
267         p->used = 0;
268         p->size = size;
269         p->next = NULL;
270         p->active = 0;
271         p->commit = 0;
272         p->read = 0;
273         p->char_buf_ptr = (char *)(p->data);
274         p->flag_buf_ptr = (unsigned char *)p->char_buf_ptr + size;
275 /*      printk("Flip create %p\n", p); */
276         return p;
277 }
278
279 /* Must be called with the tty_read lock held. This needs to acquire strategy
280    code to decide if we should kfree or relink a given expired buffer */
281
282 static void tty_buffer_free(struct tty_struct *tty, struct tty_buffer *b)
283 {
284         /* Dumb strategy for now - should keep some stats */
285 /*      printk("Flip dispose %p\n", b); */
286         if(b->size >= 512)
287                 kfree(b);
288         else {
289                 b->next = tty->buf.free;
290                 tty->buf.free = b;
291         }
292 }
293
294 static struct tty_buffer *tty_buffer_find(struct tty_struct *tty, size_t size)
295 {
296         struct tty_buffer **tbh = &tty->buf.free;
297         while((*tbh) != NULL) {
298                 struct tty_buffer *t = *tbh;
299                 if(t->size >= size) {
300                         *tbh = t->next;
301                         t->next = NULL;
302                         t->used = 0;
303                         t->commit = 0;
304                         t->read = 0;
305                         /* DEBUG ONLY */
306 /*                      memset(t->data, '*', size); */
307 /*                      printk("Flip recycle %p\n", t); */
308                         return t;
309                 }
310                 tbh = &((*tbh)->next);
311         }
312         /* Round the buffer size out */
313         size = (size + 0xFF) & ~ 0xFF;
314         return tty_buffer_alloc(size);
315         /* Should possibly check if this fails for the largest buffer we
316            have queued and recycle that ? */
317 }
318
319 int tty_buffer_request_room(struct tty_struct *tty, size_t size)
320 {
321         struct tty_buffer *b, *n;
322         int left;
323         unsigned long flags;
324
325         spin_lock_irqsave(&tty->buf.lock, flags);
326
327         /* OPTIMISATION: We could keep a per tty "zero" sized buffer to
328            remove this conditional if its worth it. This would be invisible
329            to the callers */
330         if ((b = tty->buf.tail) != NULL) {
331                 left = b->size - b->used;
332                 b->active = 1;
333         } else
334                 left = 0;
335
336         if (left < size) {
337                 /* This is the slow path - looking for new buffers to use */
338                 if ((n = tty_buffer_find(tty, size)) != NULL) {
339                         if (b != NULL) {
340                                 b->next = n;
341                                 b->active = 0;
342                                 b->commit = b->used;
343                         } else
344                                 tty->buf.head = n;
345                         tty->buf.tail = n;
346                         n->active = 1;
347                 } else
348                         size = left;
349         }
350
351         spin_unlock_irqrestore(&tty->buf.lock, flags);
352         return size;
353 }
354
355 EXPORT_SYMBOL_GPL(tty_buffer_request_room);
356
357 int tty_insert_flip_string(struct tty_struct *tty, unsigned char *chars, size_t size)
358 {
359         int copied = 0;
360         do {
361                 int space = tty_buffer_request_room(tty, size - copied);
362                 struct tty_buffer *tb = tty->buf.tail;
363                 /* If there is no space then tb may be NULL */
364                 if(unlikely(space == 0))
365                         break;
366                 memcpy(tb->char_buf_ptr + tb->used, chars, space);
367                 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
368                 tb->used += space;
369                 copied += space;
370                 chars += space;
371 /*              printk("Flip insert %d.\n", space); */
372         }
373         /* There is a small chance that we need to split the data over
374            several buffers. If this is the case we must loop */
375         while (unlikely(size > copied));
376         return copied;
377 }
378
379 EXPORT_SYMBOL_GPL(tty_insert_flip_string);
380
381 int tty_insert_flip_string_flags(struct tty_struct *tty, unsigned char *chars, char *flags, size_t size)
382 {
383         int copied = 0;
384         do {
385                 int space = tty_buffer_request_room(tty, size - copied);
386                 struct tty_buffer *tb = tty->buf.tail;
387                 /* If there is no space then tb may be NULL */
388                 if(unlikely(space == 0))
389                         break;
390                 memcpy(tb->char_buf_ptr + tb->used, chars, space);
391                 memcpy(tb->flag_buf_ptr + tb->used, flags, space);
392                 tb->used += space;
393                 copied += space;
394                 chars += space;
395                 flags += space;
396         }
397         /* There is a small chance that we need to split the data over
398            several buffers. If this is the case we must loop */
399         while (unlikely(size > copied));
400         return copied;
401 }
402
403 EXPORT_SYMBOL_GPL(tty_insert_flip_string_flags);
404
405
406 /*
407  *      Prepare a block of space in the buffer for data. Returns the length
408  *      available and buffer pointer to the space which is now allocated and
409  *      accounted for as ready for normal characters. This is used for drivers
410  *      that need their own block copy routines into the buffer. There is no
411  *      guarantee the buffer is a DMA target!
412  */
413
414 int tty_prepare_flip_string(struct tty_struct *tty, unsigned char **chars, size_t size)
415 {
416         int space = tty_buffer_request_room(tty, size);
417         if (likely(space)) {
418                 struct tty_buffer *tb = tty->buf.tail;
419                 *chars = tb->char_buf_ptr + tb->used;
420                 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
421                 tb->used += space;
422         }
423         return space;
424 }
425
426 EXPORT_SYMBOL_GPL(tty_prepare_flip_string);
427
428 /*
429  *      Prepare a block of space in the buffer for data. Returns the length
430  *      available and buffer pointer to the space which is now allocated and
431  *      accounted for as ready for characters. This is used for drivers
432  *      that need their own block copy routines into the buffer. There is no
433  *      guarantee the buffer is a DMA target!
434  */
435
436 int tty_prepare_flip_string_flags(struct tty_struct *tty, unsigned char **chars, char **flags, size_t size)
437 {
438         int space = tty_buffer_request_room(tty, size);
439         if (likely(space)) {
440                 struct tty_buffer *tb = tty->buf.tail;
441                 *chars = tb->char_buf_ptr + tb->used;
442                 *flags = tb->flag_buf_ptr + tb->used;
443                 tb->used += space;
444         }
445         return space;
446 }
447
448 EXPORT_SYMBOL_GPL(tty_prepare_flip_string_flags);
449
450
451
452 /*
453  *      This is probably overkill for real world processors but
454  *      they are not on hot paths so a little discipline won't do 
455  *      any harm.
456  */
457  
458 static void tty_set_termios_ldisc(struct tty_struct *tty, int num)
459 {
460         down(&tty->termios_sem);
461         tty->termios->c_line = num;
462         up(&tty->termios_sem);
463 }
464
465 /*
466  *      This guards the refcounted line discipline lists. The lock
467  *      must be taken with irqs off because there are hangup path
468  *      callers who will do ldisc lookups and cannot sleep.
469  */
470  
471 static DEFINE_SPINLOCK(tty_ldisc_lock);
472 static DECLARE_WAIT_QUEUE_HEAD(tty_ldisc_wait);
473 static struct tty_ldisc tty_ldiscs[NR_LDISCS];  /* line disc dispatch table */
474
475 int tty_register_ldisc(int disc, struct tty_ldisc *new_ldisc)
476 {
477         unsigned long flags;
478         int ret = 0;
479         
480         if (disc < N_TTY || disc >= NR_LDISCS)
481                 return -EINVAL;
482         
483         spin_lock_irqsave(&tty_ldisc_lock, flags);
484         tty_ldiscs[disc] = *new_ldisc;
485         tty_ldiscs[disc].num = disc;
486         tty_ldiscs[disc].flags |= LDISC_FLAG_DEFINED;
487         tty_ldiscs[disc].refcount = 0;
488         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
489         
490         return ret;
491 }
492 EXPORT_SYMBOL(tty_register_ldisc);
493
494 int tty_unregister_ldisc(int disc)
495 {
496         unsigned long flags;
497         int ret = 0;
498
499         if (disc < N_TTY || disc >= NR_LDISCS)
500                 return -EINVAL;
501
502         spin_lock_irqsave(&tty_ldisc_lock, flags);
503         if (tty_ldiscs[disc].refcount)
504                 ret = -EBUSY;
505         else
506                 tty_ldiscs[disc].flags &= ~LDISC_FLAG_DEFINED;
507         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
508
509         return ret;
510 }
511 EXPORT_SYMBOL(tty_unregister_ldisc);
512
513 struct tty_ldisc *tty_ldisc_get(int disc)
514 {
515         unsigned long flags;
516         struct tty_ldisc *ld;
517
518         if (disc < N_TTY || disc >= NR_LDISCS)
519                 return NULL;
520         
521         spin_lock_irqsave(&tty_ldisc_lock, flags);
522
523         ld = &tty_ldiscs[disc];
524         /* Check the entry is defined */
525         if(ld->flags & LDISC_FLAG_DEFINED)
526         {
527                 /* If the module is being unloaded we can't use it */
528                 if (!try_module_get(ld->owner))
529                         ld = NULL;
530                 else /* lock it */
531                         ld->refcount++;
532         }
533         else
534                 ld = NULL;
535         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
536         return ld;
537 }
538
539 EXPORT_SYMBOL_GPL(tty_ldisc_get);
540
541 void tty_ldisc_put(int disc)
542 {
543         struct tty_ldisc *ld;
544         unsigned long flags;
545         
546         if (disc < N_TTY || disc >= NR_LDISCS)
547                 BUG();
548                 
549         spin_lock_irqsave(&tty_ldisc_lock, flags);
550         ld = &tty_ldiscs[disc];
551         if(ld->refcount == 0)
552                 BUG();
553         ld->refcount --;
554         module_put(ld->owner);
555         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
556 }
557         
558 EXPORT_SYMBOL_GPL(tty_ldisc_put);
559
560 static void tty_ldisc_assign(struct tty_struct *tty, struct tty_ldisc *ld)
561 {
562         tty->ldisc = *ld;
563         tty->ldisc.refcount = 0;
564 }
565
566 /**
567  *      tty_ldisc_try           -       internal helper
568  *      @tty: the tty
569  *
570  *      Make a single attempt to grab and bump the refcount on
571  *      the tty ldisc. Return 0 on failure or 1 on success. This is
572  *      used to implement both the waiting and non waiting versions
573  *      of tty_ldisc_ref
574  */
575
576 static int tty_ldisc_try(struct tty_struct *tty)
577 {
578         unsigned long flags;
579         struct tty_ldisc *ld;
580         int ret = 0;
581         
582         spin_lock_irqsave(&tty_ldisc_lock, flags);
583         ld = &tty->ldisc;
584         if(test_bit(TTY_LDISC, &tty->flags))
585         {
586                 ld->refcount++;
587                 ret = 1;
588         }
589         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
590         return ret;
591 }
592
593 /**
594  *      tty_ldisc_ref_wait      -       wait for the tty ldisc
595  *      @tty: tty device
596  *
597  *      Dereference the line discipline for the terminal and take a 
598  *      reference to it. If the line discipline is in flux then 
599  *      wait patiently until it changes.
600  *
601  *      Note: Must not be called from an IRQ/timer context. The caller
602  *      must also be careful not to hold other locks that will deadlock
603  *      against a discipline change, such as an existing ldisc reference
604  *      (which we check for)
605  */
606  
607 struct tty_ldisc *tty_ldisc_ref_wait(struct tty_struct *tty)
608 {
609         /* wait_event is a macro */
610         wait_event(tty_ldisc_wait, tty_ldisc_try(tty));
611         if(tty->ldisc.refcount == 0)
612                 printk(KERN_ERR "tty_ldisc_ref_wait\n");
613         return &tty->ldisc;
614 }
615
616 EXPORT_SYMBOL_GPL(tty_ldisc_ref_wait);
617
618 /**
619  *      tty_ldisc_ref           -       get the tty ldisc
620  *      @tty: tty device
621  *
622  *      Dereference the line discipline for the terminal and take a 
623  *      reference to it. If the line discipline is in flux then 
624  *      return NULL. Can be called from IRQ and timer functions.
625  */
626  
627 struct tty_ldisc *tty_ldisc_ref(struct tty_struct *tty)
628 {
629         if(tty_ldisc_try(tty))
630                 return &tty->ldisc;
631         return NULL;
632 }
633
634 EXPORT_SYMBOL_GPL(tty_ldisc_ref);
635
636 /**
637  *      tty_ldisc_deref         -       free a tty ldisc reference
638  *      @ld: reference to free up
639  *
640  *      Undoes the effect of tty_ldisc_ref or tty_ldisc_ref_wait. May
641  *      be called in IRQ context.
642  */
643  
644 void tty_ldisc_deref(struct tty_ldisc *ld)
645 {
646         unsigned long flags;
647
648         if(ld == NULL)
649                 BUG();
650                 
651         spin_lock_irqsave(&tty_ldisc_lock, flags);
652         if(ld->refcount == 0)
653                 printk(KERN_ERR "tty_ldisc_deref: no references.\n");
654         else
655                 ld->refcount--;
656         if(ld->refcount == 0)
657                 wake_up(&tty_ldisc_wait);
658         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
659 }
660
661 EXPORT_SYMBOL_GPL(tty_ldisc_deref);
662
663 /**
664  *      tty_ldisc_enable        -       allow ldisc use
665  *      @tty: terminal to activate ldisc on
666  *
667  *      Set the TTY_LDISC flag when the line discipline can be called
668  *      again. Do neccessary wakeups for existing sleepers.
669  *
670  *      Note: nobody should set this bit except via this function. Clearing
671  *      directly is allowed.
672  */
673
674 static void tty_ldisc_enable(struct tty_struct *tty)
675 {
676         set_bit(TTY_LDISC, &tty->flags);
677         wake_up(&tty_ldisc_wait);
678 }
679         
680 /**
681  *      tty_set_ldisc           -       set line discipline
682  *      @tty: the terminal to set
683  *      @ldisc: the line discipline
684  *
685  *      Set the discipline of a tty line. Must be called from a process
686  *      context.
687  */
688  
689 static int tty_set_ldisc(struct tty_struct *tty, int ldisc)
690 {
691         int retval = 0;
692         struct tty_ldisc o_ldisc;
693         char buf[64];
694         int work;
695         unsigned long flags;
696         struct tty_ldisc *ld;
697         struct tty_struct *o_tty;
698
699         if ((ldisc < N_TTY) || (ldisc >= NR_LDISCS))
700                 return -EINVAL;
701
702 restart:
703
704         ld = tty_ldisc_get(ldisc);
705         /* Eduardo Blanco <ejbs@cs.cs.com.uy> */
706         /* Cyrus Durgin <cider@speakeasy.org> */
707         if (ld == NULL) {
708                 request_module("tty-ldisc-%d", ldisc);
709                 ld = tty_ldisc_get(ldisc);
710         }
711         if (ld == NULL)
712                 return -EINVAL;
713
714         /*
715          *      No more input please, we are switching. The new ldisc
716          *      will update this value in the ldisc open function
717          */
718
719         tty->receive_room = 0;
720
721         /*
722          *      Problem: What do we do if this blocks ?
723          */
724
725         tty_wait_until_sent(tty, 0);
726
727         if (tty->ldisc.num == ldisc) {
728                 tty_ldisc_put(ldisc);
729                 return 0;
730         }
731
732         o_ldisc = tty->ldisc;
733         o_tty = tty->link;
734
735         /*
736          *      Make sure we don't change while someone holds a
737          *      reference to the line discipline. The TTY_LDISC bit
738          *      prevents anyone taking a reference once it is clear.
739          *      We need the lock to avoid racing reference takers.
740          */
741
742         spin_lock_irqsave(&tty_ldisc_lock, flags);
743         if (tty->ldisc.refcount || (o_tty && o_tty->ldisc.refcount)) {
744                 if(tty->ldisc.refcount) {
745                         /* Free the new ldisc we grabbed. Must drop the lock
746                            first. */
747                         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
748                         tty_ldisc_put(ldisc);
749                         /*
750                          * There are several reasons we may be busy, including
751                          * random momentary I/O traffic. We must therefore
752                          * retry. We could distinguish between blocking ops
753                          * and retries if we made tty_ldisc_wait() smarter. That
754                          * is up for discussion.
755                          */
756                         if (wait_event_interruptible(tty_ldisc_wait, tty->ldisc.refcount == 0) < 0)
757                                 return -ERESTARTSYS;
758                         goto restart;
759                 }
760                 if(o_tty && o_tty->ldisc.refcount) {
761                         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
762                         tty_ldisc_put(ldisc);
763                         if (wait_event_interruptible(tty_ldisc_wait, o_tty->ldisc.refcount == 0) < 0)
764                                 return -ERESTARTSYS;
765                         goto restart;
766                 }
767         }
768
769         /* if the TTY_LDISC bit is set, then we are racing against another ldisc change */
770
771         if (!test_bit(TTY_LDISC, &tty->flags)) {
772                 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
773                 tty_ldisc_put(ldisc);
774                 ld = tty_ldisc_ref_wait(tty);
775                 tty_ldisc_deref(ld);
776                 goto restart;
777         }
778
779         clear_bit(TTY_LDISC, &tty->flags);
780         clear_bit(TTY_DONT_FLIP, &tty->flags);
781         if (o_tty) {
782                 clear_bit(TTY_LDISC, &o_tty->flags);
783                 clear_bit(TTY_DONT_FLIP, &o_tty->flags);
784         }
785         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
786
787         /*
788          *      From this point on we know nobody has an ldisc
789          *      usage reference, nor can they obtain one until
790          *      we say so later on.
791          */
792
793         work = cancel_delayed_work(&tty->buf.work);
794         /*
795          * Wait for ->hangup_work and ->buf.work handlers to terminate
796          */
797          
798         flush_scheduled_work();
799         /* Shutdown the current discipline. */
800         if (tty->ldisc.close)
801                 (tty->ldisc.close)(tty);
802
803         /* Now set up the new line discipline. */
804         tty_ldisc_assign(tty, ld);
805         tty_set_termios_ldisc(tty, ldisc);
806         if (tty->ldisc.open)
807                 retval = (tty->ldisc.open)(tty);
808         if (retval < 0) {
809                 tty_ldisc_put(ldisc);
810                 /* There is an outstanding reference here so this is safe */
811                 tty_ldisc_assign(tty, tty_ldisc_get(o_ldisc.num));
812                 tty_set_termios_ldisc(tty, tty->ldisc.num);
813                 if (tty->ldisc.open && (tty->ldisc.open(tty) < 0)) {
814                         tty_ldisc_put(o_ldisc.num);
815                         /* This driver is always present */
816                         tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
817                         tty_set_termios_ldisc(tty, N_TTY);
818                         if (tty->ldisc.open) {
819                                 int r = tty->ldisc.open(tty);
820
821                                 if (r < 0)
822                                         panic("Couldn't open N_TTY ldisc for "
823                                               "%s --- error %d.",
824                                               tty_name(tty, buf), r);
825                         }
826                 }
827         }
828         /* At this point we hold a reference to the new ldisc and a
829            a reference to the old ldisc. If we ended up flipping back
830            to the existing ldisc we have two references to it */
831         
832         if (tty->ldisc.num != o_ldisc.num && tty->driver->set_ldisc)
833                 tty->driver->set_ldisc(tty);
834                 
835         tty_ldisc_put(o_ldisc.num);
836         
837         /*
838          *      Allow ldisc referencing to occur as soon as the driver
839          *      ldisc callback completes.
840          */
841          
842         tty_ldisc_enable(tty);
843         if (o_tty)
844                 tty_ldisc_enable(o_tty);
845         
846         /* Restart it in case no characters kick it off. Safe if
847            already running */
848         if (work)
849                 schedule_delayed_work(&tty->buf.work, 1);
850         return retval;
851 }
852
853 /*
854  * This routine returns a tty driver structure, given a device number
855  */
856 static struct tty_driver *get_tty_driver(dev_t device, int *index)
857 {
858         struct tty_driver *p;
859
860         list_for_each_entry(p, &tty_drivers, tty_drivers) {
861                 dev_t base = MKDEV(p->major, p->minor_start);
862                 if (device < base || device >= base + p->num)
863                         continue;
864                 *index = device - base;
865                 return p;
866         }
867         return NULL;
868 }
869
870 /*
871  * If we try to write to, or set the state of, a terminal and we're
872  * not in the foreground, send a SIGTTOU.  If the signal is blocked or
873  * ignored, go ahead and perform the operation.  (POSIX 7.2)
874  */
875 int tty_check_change(struct tty_struct * tty)
876 {
877         if (current->signal->tty != tty)
878                 return 0;
879         if (tty->pgrp <= 0) {
880                 printk(KERN_WARNING "tty_check_change: tty->pgrp <= 0!\n");
881                 return 0;
882         }
883         if (process_group(current) == tty->pgrp)
884                 return 0;
885         if (is_ignored(SIGTTOU))
886                 return 0;
887         if (is_orphaned_pgrp(process_group(current)))
888                 return -EIO;
889         (void) kill_pg(process_group(current), SIGTTOU, 1);
890         return -ERESTARTSYS;
891 }
892
893 EXPORT_SYMBOL(tty_check_change);
894
895 static ssize_t hung_up_tty_read(struct file * file, char __user * buf,
896                                 size_t count, loff_t *ppos)
897 {
898         return 0;
899 }
900
901 static ssize_t hung_up_tty_write(struct file * file, const char __user * buf,
902                                  size_t count, loff_t *ppos)
903 {
904         return -EIO;
905 }
906
907 /* No kernel lock held - none needed ;) */
908 static unsigned int hung_up_tty_poll(struct file * filp, poll_table * wait)
909 {
910         return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
911 }
912
913 static int hung_up_tty_ioctl(struct inode * inode, struct file * file,
914                              unsigned int cmd, unsigned long arg)
915 {
916         return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
917 }
918
919 static struct file_operations tty_fops = {
920         .llseek         = no_llseek,
921         .read           = tty_read,
922         .write          = tty_write,
923         .poll           = tty_poll,
924         .ioctl          = tty_ioctl,
925         .open           = tty_open,
926         .release        = tty_release,
927         .fasync         = tty_fasync,
928 };
929
930 #ifdef CONFIG_UNIX98_PTYS
931 static struct file_operations ptmx_fops = {
932         .llseek         = no_llseek,
933         .read           = tty_read,
934         .write          = tty_write,
935         .poll           = tty_poll,
936         .ioctl          = tty_ioctl,
937         .open           = ptmx_open,
938         .release        = tty_release,
939         .fasync         = tty_fasync,
940 };
941 #endif
942
943 static struct file_operations console_fops = {
944         .llseek         = no_llseek,
945         .read           = tty_read,
946         .write          = redirected_tty_write,
947         .poll           = tty_poll,
948         .ioctl          = tty_ioctl,
949         .open           = tty_open,
950         .release        = tty_release,
951         .fasync         = tty_fasync,
952 };
953
954 static struct file_operations hung_up_tty_fops = {
955         .llseek         = no_llseek,
956         .read           = hung_up_tty_read,
957         .write          = hung_up_tty_write,
958         .poll           = hung_up_tty_poll,
959         .ioctl          = hung_up_tty_ioctl,
960         .release        = tty_release,
961 };
962
963 static DEFINE_SPINLOCK(redirect_lock);
964 static struct file *redirect;
965
966 /**
967  *      tty_wakeup      -       request more data
968  *      @tty: terminal
969  *
970  *      Internal and external helper for wakeups of tty. This function
971  *      informs the line discipline if present that the driver is ready
972  *      to receive more output data.
973  */
974  
975 void tty_wakeup(struct tty_struct *tty)
976 {
977         struct tty_ldisc *ld;
978         
979         if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
980                 ld = tty_ldisc_ref(tty);
981                 if(ld) {
982                         if(ld->write_wakeup)
983                                 ld->write_wakeup(tty);
984                         tty_ldisc_deref(ld);
985                 }
986         }
987         wake_up_interruptible(&tty->write_wait);
988 }
989
990 EXPORT_SYMBOL_GPL(tty_wakeup);
991
992 /**
993  *      tty_ldisc_flush -       flush line discipline queue
994  *      @tty: tty
995  *
996  *      Flush the line discipline queue (if any) for this tty. If there
997  *      is no line discipline active this is a no-op.
998  */
999  
1000 void tty_ldisc_flush(struct tty_struct *tty)
1001 {
1002         struct tty_ldisc *ld = tty_ldisc_ref(tty);
1003         if(ld) {
1004                 if(ld->flush_buffer)
1005                         ld->flush_buffer(tty);
1006                 tty_ldisc_deref(ld);
1007         }
1008 }
1009
1010 EXPORT_SYMBOL_GPL(tty_ldisc_flush);
1011         
1012 /*
1013  * This can be called by the "eventd" kernel thread.  That is process synchronous,
1014  * but doesn't hold any locks, so we need to make sure we have the appropriate
1015  * locks for what we're doing..
1016  */
1017 static void do_tty_hangup(void *data)
1018 {
1019         struct tty_struct *tty = (struct tty_struct *) data;
1020         struct file * cons_filp = NULL;
1021         struct file *filp, *f = NULL;
1022         struct task_struct *p;
1023         struct tty_ldisc *ld;
1024         int    closecount = 0, n;
1025
1026         if (!tty)
1027                 return;
1028
1029         /* inuse_filps is protected by the single kernel lock */
1030         lock_kernel();
1031
1032         spin_lock(&redirect_lock);
1033         if (redirect && redirect->private_data == tty) {
1034                 f = redirect;
1035                 redirect = NULL;
1036         }
1037         spin_unlock(&redirect_lock);
1038         
1039         check_tty_count(tty, "do_tty_hangup");
1040         file_list_lock();
1041         /* This breaks for file handles being sent over AF_UNIX sockets ? */
1042         list_for_each_entry(filp, &tty->tty_files, f_u.fu_list) {
1043                 if (filp->f_op->write == redirected_tty_write)
1044                         cons_filp = filp;
1045                 if (filp->f_op->write != tty_write)
1046                         continue;
1047                 closecount++;
1048                 tty_fasync(-1, filp, 0);        /* can't block */
1049                 filp->f_op = &hung_up_tty_fops;
1050         }
1051         file_list_unlock();
1052         
1053         /* FIXME! What are the locking issues here? This may me overdoing things..
1054          * this question is especially important now that we've removed the irqlock. */
1055
1056         ld = tty_ldisc_ref(tty);
1057         if(ld != NULL)  /* We may have no line discipline at this point */
1058         {
1059                 if (ld->flush_buffer)
1060                         ld->flush_buffer(tty);
1061                 if (tty->driver->flush_buffer)
1062                         tty->driver->flush_buffer(tty);
1063                 if ((test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) &&
1064                     ld->write_wakeup)
1065                         ld->write_wakeup(tty);
1066                 if (ld->hangup)
1067                         ld->hangup(tty);
1068         }
1069
1070         /* FIXME: Once we trust the LDISC code better we can wait here for
1071            ldisc completion and fix the driver call race */
1072            
1073         wake_up_interruptible(&tty->write_wait);
1074         wake_up_interruptible(&tty->read_wait);
1075
1076         /*
1077          * Shutdown the current line discipline, and reset it to
1078          * N_TTY.
1079          */
1080         if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1081         {
1082                 down(&tty->termios_sem);
1083                 *tty->termios = tty->driver->init_termios;
1084                 up(&tty->termios_sem);
1085         }
1086         
1087         /* Defer ldisc switch */
1088         /* tty_deferred_ldisc_switch(N_TTY);
1089         
1090           This should get done automatically when the port closes and
1091           tty_release is called */
1092         
1093         read_lock(&tasklist_lock);
1094         if (tty->session > 0) {
1095                 do_each_task_pid(tty->session, PIDTYPE_SID, p) {
1096                         if (p->signal->tty == tty)
1097                                 p->signal->tty = NULL;
1098                         if (!p->signal->leader)
1099                                 continue;
1100                         send_group_sig_info(SIGHUP, SEND_SIG_PRIV, p);
1101                         send_group_sig_info(SIGCONT, SEND_SIG_PRIV, p);
1102                         if (tty->pgrp > 0)
1103                                 p->signal->tty_old_pgrp = tty->pgrp;
1104                 } while_each_task_pid(tty->session, PIDTYPE_SID, p);
1105         }
1106         read_unlock(&tasklist_lock);
1107
1108         tty->flags = 0;
1109         tty->session = 0;
1110         tty->pgrp = -1;
1111         tty->ctrl_status = 0;
1112         /*
1113          *      If one of the devices matches a console pointer, we
1114          *      cannot just call hangup() because that will cause
1115          *      tty->count and state->count to go out of sync.
1116          *      So we just call close() the right number of times.
1117          */
1118         if (cons_filp) {
1119                 if (tty->driver->close)
1120                         for (n = 0; n < closecount; n++)
1121                                 tty->driver->close(tty, cons_filp);
1122         } else if (tty->driver->hangup)
1123                 (tty->driver->hangup)(tty);
1124                 
1125         /* We don't want to have driver/ldisc interactions beyond
1126            the ones we did here. The driver layer expects no
1127            calls after ->hangup() from the ldisc side. However we
1128            can't yet guarantee all that */
1129
1130         set_bit(TTY_HUPPED, &tty->flags);
1131         if (ld) {
1132                 tty_ldisc_enable(tty);
1133                 tty_ldisc_deref(ld);
1134         }
1135         unlock_kernel();
1136         if (f)
1137                 fput(f);
1138 }
1139
1140 void tty_hangup(struct tty_struct * tty)
1141 {
1142 #ifdef TTY_DEBUG_HANGUP
1143         char    buf[64];
1144         
1145         printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
1146 #endif
1147         schedule_work(&tty->hangup_work);
1148 }
1149
1150 EXPORT_SYMBOL(tty_hangup);
1151
1152 void tty_vhangup(struct tty_struct * tty)
1153 {
1154 #ifdef TTY_DEBUG_HANGUP
1155         char    buf[64];
1156
1157         printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
1158 #endif
1159         do_tty_hangup((void *) tty);
1160 }
1161 EXPORT_SYMBOL(tty_vhangup);
1162
1163 int tty_hung_up_p(struct file * filp)
1164 {
1165         return (filp->f_op == &hung_up_tty_fops);
1166 }
1167
1168 EXPORT_SYMBOL(tty_hung_up_p);
1169
1170 /*
1171  * This function is typically called only by the session leader, when
1172  * it wants to disassociate itself from its controlling tty.
1173  *
1174  * It performs the following functions:
1175  *      (1)  Sends a SIGHUP and SIGCONT to the foreground process group
1176  *      (2)  Clears the tty from being controlling the session
1177  *      (3)  Clears the controlling tty for all processes in the
1178  *              session group.
1179  *
1180  * The argument on_exit is set to 1 if called when a process is
1181  * exiting; it is 0 if called by the ioctl TIOCNOTTY.
1182  */
1183 void disassociate_ctty(int on_exit)
1184 {
1185         struct tty_struct *tty;
1186         struct task_struct *p;
1187         int tty_pgrp = -1;
1188
1189         lock_kernel();
1190
1191         down(&tty_sem);
1192         tty = current->signal->tty;
1193         if (tty) {
1194                 tty_pgrp = tty->pgrp;
1195                 up(&tty_sem);
1196                 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY)
1197                         tty_vhangup(tty);
1198         } else {
1199                 if (current->signal->tty_old_pgrp) {
1200                         kill_pg(current->signal->tty_old_pgrp, SIGHUP, on_exit);
1201                         kill_pg(current->signal->tty_old_pgrp, SIGCONT, on_exit);
1202                 }
1203                 up(&tty_sem);
1204                 unlock_kernel();        
1205                 return;
1206         }
1207         if (tty_pgrp > 0) {
1208                 kill_pg(tty_pgrp, SIGHUP, on_exit);
1209                 if (!on_exit)
1210                         kill_pg(tty_pgrp, SIGCONT, on_exit);
1211         }
1212
1213         /* Must lock changes to tty_old_pgrp */
1214         down(&tty_sem);
1215         current->signal->tty_old_pgrp = 0;
1216         tty->session = 0;
1217         tty->pgrp = -1;
1218
1219         /* Now clear signal->tty under the lock */
1220         read_lock(&tasklist_lock);
1221         do_each_task_pid(current->signal->session, PIDTYPE_SID, p) {
1222                 p->signal->tty = NULL;
1223         } while_each_task_pid(current->signal->session, PIDTYPE_SID, p);
1224         read_unlock(&tasklist_lock);
1225         up(&tty_sem);
1226         unlock_kernel();
1227 }
1228
1229 void stop_tty(struct tty_struct *tty)
1230 {
1231         if (tty->stopped)
1232                 return;
1233         tty->stopped = 1;
1234         if (tty->link && tty->link->packet) {
1235                 tty->ctrl_status &= ~TIOCPKT_START;
1236                 tty->ctrl_status |= TIOCPKT_STOP;
1237                 wake_up_interruptible(&tty->link->read_wait);
1238         }
1239         if (tty->driver->stop)
1240                 (tty->driver->stop)(tty);
1241 }
1242
1243 EXPORT_SYMBOL(stop_tty);
1244
1245 void start_tty(struct tty_struct *tty)
1246 {
1247         if (!tty->stopped || tty->flow_stopped)
1248                 return;
1249         tty->stopped = 0;
1250         if (tty->link && tty->link->packet) {
1251                 tty->ctrl_status &= ~TIOCPKT_STOP;
1252                 tty->ctrl_status |= TIOCPKT_START;
1253                 wake_up_interruptible(&tty->link->read_wait);
1254         }
1255         if (tty->driver->start)
1256                 (tty->driver->start)(tty);
1257
1258         /* If we have a running line discipline it may need kicking */
1259         tty_wakeup(tty);
1260         wake_up_interruptible(&tty->write_wait);
1261 }
1262
1263 EXPORT_SYMBOL(start_tty);
1264
1265 static ssize_t tty_read(struct file * file, char __user * buf, size_t count, 
1266                         loff_t *ppos)
1267 {
1268         int i;
1269         struct tty_struct * tty;
1270         struct inode *inode;
1271         struct tty_ldisc *ld;
1272
1273         tty = (struct tty_struct *)file->private_data;
1274         inode = file->f_dentry->d_inode;
1275         if (tty_paranoia_check(tty, inode, "tty_read"))
1276                 return -EIO;
1277         if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
1278                 return -EIO;
1279
1280         /* We want to wait for the line discipline to sort out in this
1281            situation */
1282         ld = tty_ldisc_ref_wait(tty);
1283         lock_kernel();
1284         if (ld->read)
1285                 i = (ld->read)(tty,file,buf,count);
1286         else
1287                 i = -EIO;
1288         tty_ldisc_deref(ld);
1289         unlock_kernel();
1290         if (i > 0)
1291                 inode->i_atime = current_fs_time(inode->i_sb);
1292         return i;
1293 }
1294
1295 /*
1296  * Split writes up in sane blocksizes to avoid
1297  * denial-of-service type attacks
1298  */
1299 static inline ssize_t do_tty_write(
1300         ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1301         struct tty_struct *tty,
1302         struct file *file,
1303         const char __user *buf,
1304         size_t count)
1305 {
1306         ssize_t ret = 0, written = 0;
1307         unsigned int chunk;
1308         
1309         if (down_interruptible(&tty->atomic_write)) {
1310                 return -ERESTARTSYS;
1311         }
1312
1313         /*
1314          * We chunk up writes into a temporary buffer. This
1315          * simplifies low-level drivers immensely, since they
1316          * don't have locking issues and user mode accesses.
1317          *
1318          * But if TTY_NO_WRITE_SPLIT is set, we should use a
1319          * big chunk-size..
1320          *
1321          * The default chunk-size is 2kB, because the NTTY
1322          * layer has problems with bigger chunks. It will
1323          * claim to be able to handle more characters than
1324          * it actually does.
1325          */
1326         chunk = 2048;
1327         if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1328                 chunk = 65536;
1329         if (count < chunk)
1330                 chunk = count;
1331
1332         /* write_buf/write_cnt is protected by the atomic_write semaphore */
1333         if (tty->write_cnt < chunk) {
1334                 unsigned char *buf;
1335
1336                 if (chunk < 1024)
1337                         chunk = 1024;
1338
1339                 buf = kmalloc(chunk, GFP_KERNEL);
1340                 if (!buf) {
1341                         up(&tty->atomic_write);
1342                         return -ENOMEM;
1343                 }
1344                 kfree(tty->write_buf);
1345                 tty->write_cnt = chunk;
1346                 tty->write_buf = buf;
1347         }
1348
1349         /* Do the write .. */
1350         for (;;) {
1351                 size_t size = count;
1352                 if (size > chunk)
1353                         size = chunk;
1354                 ret = -EFAULT;
1355                 if (copy_from_user(tty->write_buf, buf, size))
1356                         break;
1357                 lock_kernel();
1358                 ret = write(tty, file, tty->write_buf, size);
1359                 unlock_kernel();
1360                 if (ret <= 0)
1361                         break;
1362                 written += ret;
1363                 buf += ret;
1364                 count -= ret;
1365                 if (!count)
1366                         break;
1367                 ret = -ERESTARTSYS;
1368                 if (signal_pending(current))
1369                         break;
1370                 cond_resched();
1371         }
1372         if (written) {
1373                 struct inode *inode = file->f_dentry->d_inode;
1374                 inode->i_mtime = current_fs_time(inode->i_sb);
1375                 ret = written;
1376         }
1377         up(&tty->atomic_write);
1378         return ret;
1379 }
1380
1381
1382 static ssize_t tty_write(struct file * file, const char __user * buf, size_t count,
1383                          loff_t *ppos)
1384 {
1385         struct tty_struct * tty;
1386         struct inode *inode = file->f_dentry->d_inode;
1387         ssize_t ret;
1388         struct tty_ldisc *ld;
1389         
1390         tty = (struct tty_struct *)file->private_data;
1391         if (tty_paranoia_check(tty, inode, "tty_write"))
1392                 return -EIO;
1393         if (!tty || !tty->driver->write || (test_bit(TTY_IO_ERROR, &tty->flags)))
1394                 return -EIO;
1395
1396         ld = tty_ldisc_ref_wait(tty);           
1397         if (!ld->write)
1398                 ret = -EIO;
1399         else
1400                 ret = do_tty_write(ld->write, tty, file, buf, count);
1401         tty_ldisc_deref(ld);
1402         return ret;
1403 }
1404
1405 ssize_t redirected_tty_write(struct file * file, const char __user * buf, size_t count,
1406                          loff_t *ppos)
1407 {
1408         struct file *p = NULL;
1409
1410         spin_lock(&redirect_lock);
1411         if (redirect) {
1412                 get_file(redirect);
1413                 p = redirect;
1414         }
1415         spin_unlock(&redirect_lock);
1416
1417         if (p) {
1418                 ssize_t res;
1419                 res = vfs_write(p, buf, count, &p->f_pos);
1420                 fput(p);
1421                 return res;
1422         }
1423
1424         return tty_write(file, buf, count, ppos);
1425 }
1426
1427 static char ptychar[] = "pqrstuvwxyzabcde";
1428
1429 static inline void pty_line_name(struct tty_driver *driver, int index, char *p)
1430 {
1431         int i = index + driver->name_base;
1432         /* ->name is initialized to "ttyp", but "tty" is expected */
1433         sprintf(p, "%s%c%x",
1434                         driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1435                         ptychar[i >> 4 & 0xf], i & 0xf);
1436 }
1437
1438 static inline void tty_line_name(struct tty_driver *driver, int index, char *p)
1439 {
1440         sprintf(p, "%s%d", driver->name, index + driver->name_base);
1441 }
1442
1443 /*
1444  * WSH 06/09/97: Rewritten to remove races and properly clean up after a
1445  * failed open.  The new code protects the open with a semaphore, so it's
1446  * really quite straightforward.  The semaphore locking can probably be
1447  * relaxed for the (most common) case of reopening a tty.
1448  */
1449 static int init_dev(struct tty_driver *driver, int idx,
1450         struct tty_struct **ret_tty)
1451 {
1452         struct tty_struct *tty, *o_tty;
1453         struct termios *tp, **tp_loc, *o_tp, **o_tp_loc;
1454         struct termios *ltp, **ltp_loc, *o_ltp, **o_ltp_loc;
1455         int retval=0;
1456
1457         /* check whether we're reopening an existing tty */
1458         if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1459                 tty = devpts_get_tty(idx);
1460                 if (tty && driver->subtype == PTY_TYPE_MASTER)
1461                         tty = tty->link;
1462         } else {
1463                 tty = driver->ttys[idx];
1464         }
1465         if (tty) goto fast_track;
1466
1467         /*
1468          * First time open is complex, especially for PTY devices.
1469          * This code guarantees that either everything succeeds and the
1470          * TTY is ready for operation, or else the table slots are vacated
1471          * and the allocated memory released.  (Except that the termios 
1472          * and locked termios may be retained.)
1473          */
1474
1475         if (!try_module_get(driver->owner)) {
1476                 retval = -ENODEV;
1477                 goto end_init;
1478         }
1479
1480         o_tty = NULL;
1481         tp = o_tp = NULL;
1482         ltp = o_ltp = NULL;
1483
1484         tty = alloc_tty_struct();
1485         if(!tty)
1486                 goto fail_no_mem;
1487         initialize_tty_struct(tty);
1488         tty->driver = driver;
1489         tty->index = idx;
1490         tty_line_name(driver, idx, tty->name);
1491
1492         if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1493                 tp_loc = &tty->termios;
1494                 ltp_loc = &tty->termios_locked;
1495         } else {
1496                 tp_loc = &driver->termios[idx];
1497                 ltp_loc = &driver->termios_locked[idx];
1498         }
1499
1500         if (!*tp_loc) {
1501                 tp = (struct termios *) kmalloc(sizeof(struct termios),
1502                                                 GFP_KERNEL);
1503                 if (!tp)
1504                         goto free_mem_out;
1505                 *tp = driver->init_termios;
1506         }
1507
1508         if (!*ltp_loc) {
1509                 ltp = (struct termios *) kmalloc(sizeof(struct termios),
1510                                                  GFP_KERNEL);
1511                 if (!ltp)
1512                         goto free_mem_out;
1513                 memset(ltp, 0, sizeof(struct termios));
1514         }
1515
1516         if (driver->type == TTY_DRIVER_TYPE_PTY) {
1517                 o_tty = alloc_tty_struct();
1518                 if (!o_tty)
1519                         goto free_mem_out;
1520                 initialize_tty_struct(o_tty);
1521                 o_tty->driver = driver->other;
1522                 o_tty->index = idx;
1523                 tty_line_name(driver->other, idx, o_tty->name);
1524
1525                 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1526                         o_tp_loc = &o_tty->termios;
1527                         o_ltp_loc = &o_tty->termios_locked;
1528                 } else {
1529                         o_tp_loc = &driver->other->termios[idx];
1530                         o_ltp_loc = &driver->other->termios_locked[idx];
1531                 }
1532
1533                 if (!*o_tp_loc) {
1534                         o_tp = (struct termios *)
1535                                 kmalloc(sizeof(struct termios), GFP_KERNEL);
1536                         if (!o_tp)
1537                                 goto free_mem_out;
1538                         *o_tp = driver->other->init_termios;
1539                 }
1540
1541                 if (!*o_ltp_loc) {
1542                         o_ltp = (struct termios *)
1543                                 kmalloc(sizeof(struct termios), GFP_KERNEL);
1544                         if (!o_ltp)
1545                                 goto free_mem_out;
1546                         memset(o_ltp, 0, sizeof(struct termios));
1547                 }
1548
1549                 /*
1550                  * Everything allocated ... set up the o_tty structure.
1551                  */
1552                 if (!(driver->other->flags & TTY_DRIVER_DEVPTS_MEM)) {
1553                         driver->other->ttys[idx] = o_tty;
1554                 }
1555                 if (!*o_tp_loc)
1556                         *o_tp_loc = o_tp;
1557                 if (!*o_ltp_loc)
1558                         *o_ltp_loc = o_ltp;
1559                 o_tty->termios = *o_tp_loc;
1560                 o_tty->termios_locked = *o_ltp_loc;
1561                 driver->other->refcount++;
1562                 if (driver->subtype == PTY_TYPE_MASTER)
1563                         o_tty->count++;
1564
1565                 /* Establish the links in both directions */
1566                 tty->link   = o_tty;
1567                 o_tty->link = tty;
1568         }
1569
1570         /* 
1571          * All structures have been allocated, so now we install them.
1572          * Failures after this point use release_mem to clean up, so 
1573          * there's no need to null out the local pointers.
1574          */
1575         if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
1576                 driver->ttys[idx] = tty;
1577         }
1578         
1579         if (!*tp_loc)
1580                 *tp_loc = tp;
1581         if (!*ltp_loc)
1582                 *ltp_loc = ltp;
1583         tty->termios = *tp_loc;
1584         tty->termios_locked = *ltp_loc;
1585         driver->refcount++;
1586         tty->count++;
1587
1588         /* 
1589          * Structures all installed ... call the ldisc open routines.
1590          * If we fail here just call release_mem to clean up.  No need
1591          * to decrement the use counts, as release_mem doesn't care.
1592          */
1593
1594         if (tty->ldisc.open) {
1595                 retval = (tty->ldisc.open)(tty);
1596                 if (retval)
1597                         goto release_mem_out;
1598         }
1599         if (o_tty && o_tty->ldisc.open) {
1600                 retval = (o_tty->ldisc.open)(o_tty);
1601                 if (retval) {
1602                         if (tty->ldisc.close)
1603                                 (tty->ldisc.close)(tty);
1604                         goto release_mem_out;
1605                 }
1606                 tty_ldisc_enable(o_tty);
1607         }
1608         tty_ldisc_enable(tty);
1609         goto success;
1610
1611         /*
1612          * This fast open can be used if the tty is already open.
1613          * No memory is allocated, and the only failures are from
1614          * attempting to open a closing tty or attempting multiple
1615          * opens on a pty master.
1616          */
1617 fast_track:
1618         if (test_bit(TTY_CLOSING, &tty->flags)) {
1619                 retval = -EIO;
1620                 goto end_init;
1621         }
1622         if (driver->type == TTY_DRIVER_TYPE_PTY &&
1623             driver->subtype == PTY_TYPE_MASTER) {
1624                 /*
1625                  * special case for PTY masters: only one open permitted, 
1626                  * and the slave side open count is incremented as well.
1627                  */
1628                 if (tty->count) {
1629                         retval = -EIO;
1630                         goto end_init;
1631                 }
1632                 tty->link->count++;
1633         }
1634         tty->count++;
1635         tty->driver = driver; /* N.B. why do this every time?? */
1636
1637         /* FIXME */
1638         if(!test_bit(TTY_LDISC, &tty->flags))
1639                 printk(KERN_ERR "init_dev but no ldisc\n");
1640 success:
1641         *ret_tty = tty;
1642         
1643         /* All paths come through here to release the semaphore */
1644 end_init:
1645         return retval;
1646
1647         /* Release locally allocated memory ... nothing placed in slots */
1648 free_mem_out:
1649         kfree(o_tp);
1650         if (o_tty)
1651                 free_tty_struct(o_tty);
1652         kfree(ltp);
1653         kfree(tp);
1654         free_tty_struct(tty);
1655
1656 fail_no_mem:
1657         module_put(driver->owner);
1658         retval = -ENOMEM;
1659         goto end_init;
1660
1661         /* call the tty release_mem routine to clean out this slot */
1662 release_mem_out:
1663         printk(KERN_INFO "init_dev: ldisc open failed, "
1664                          "clearing slot %d\n", idx);
1665         release_mem(tty, idx);
1666         goto end_init;
1667 }
1668
1669 /*
1670  * Releases memory associated with a tty structure, and clears out the
1671  * driver table slots.
1672  */
1673 static void release_mem(struct tty_struct *tty, int idx)
1674 {
1675         struct tty_struct *o_tty;
1676         struct termios *tp;
1677         int devpts = tty->driver->flags & TTY_DRIVER_DEVPTS_MEM;
1678
1679         if ((o_tty = tty->link) != NULL) {
1680                 if (!devpts)
1681                         o_tty->driver->ttys[idx] = NULL;
1682                 if (o_tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
1683                         tp = o_tty->termios;
1684                         if (!devpts)
1685                                 o_tty->driver->termios[idx] = NULL;
1686                         kfree(tp);
1687
1688                         tp = o_tty->termios_locked;
1689                         if (!devpts)
1690                                 o_tty->driver->termios_locked[idx] = NULL;
1691                         kfree(tp);
1692                 }
1693                 o_tty->magic = 0;
1694                 o_tty->driver->refcount--;
1695                 file_list_lock();
1696                 list_del_init(&o_tty->tty_files);
1697                 file_list_unlock();
1698                 free_tty_struct(o_tty);
1699         }
1700
1701         if (!devpts)
1702                 tty->driver->ttys[idx] = NULL;
1703         if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
1704                 tp = tty->termios;
1705                 if (!devpts)
1706                         tty->driver->termios[idx] = NULL;
1707                 kfree(tp);
1708
1709                 tp = tty->termios_locked;
1710                 if (!devpts)
1711                         tty->driver->termios_locked[idx] = NULL;
1712                 kfree(tp);
1713         }
1714
1715         tty->magic = 0;
1716         tty->driver->refcount--;
1717         file_list_lock();
1718         list_del_init(&tty->tty_files);
1719         file_list_unlock();
1720         module_put(tty->driver->owner);
1721         free_tty_struct(tty);
1722 }
1723
1724 /*
1725  * Even releasing the tty structures is a tricky business.. We have
1726  * to be very careful that the structures are all released at the
1727  * same time, as interrupts might otherwise get the wrong pointers.
1728  *
1729  * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1730  * lead to double frees or releasing memory still in use.
1731  */
1732 static void release_dev(struct file * filp)
1733 {
1734         struct tty_struct *tty, *o_tty;
1735         int     pty_master, tty_closing, o_tty_closing, do_sleep;
1736         int     devpts_master, devpts;
1737         int     idx;
1738         char    buf[64];
1739         unsigned long flags;
1740         
1741         tty = (struct tty_struct *)filp->private_data;
1742         if (tty_paranoia_check(tty, filp->f_dentry->d_inode, "release_dev"))
1743                 return;
1744
1745         check_tty_count(tty, "release_dev");
1746
1747         tty_fasync(-1, filp, 0);
1748
1749         idx = tty->index;
1750         pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1751                       tty->driver->subtype == PTY_TYPE_MASTER);
1752         devpts = (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) != 0;
1753         devpts_master = pty_master && devpts;
1754         o_tty = tty->link;
1755
1756 #ifdef TTY_PARANOIA_CHECK
1757         if (idx < 0 || idx >= tty->driver->num) {
1758                 printk(KERN_DEBUG "release_dev: bad idx when trying to "
1759                                   "free (%s)\n", tty->name);
1760                 return;
1761         }
1762         if (!(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
1763                 if (tty != tty->driver->ttys[idx]) {
1764                         printk(KERN_DEBUG "release_dev: driver.table[%d] not tty "
1765                                "for (%s)\n", idx, tty->name);
1766                         return;
1767                 }
1768                 if (tty->termios != tty->driver->termios[idx]) {
1769                         printk(KERN_DEBUG "release_dev: driver.termios[%d] not termios "
1770                                "for (%s)\n",
1771                                idx, tty->name);
1772                         return;
1773                 }
1774                 if (tty->termios_locked != tty->driver->termios_locked[idx]) {
1775                         printk(KERN_DEBUG "release_dev: driver.termios_locked[%d] not "
1776                                "termios_locked for (%s)\n",
1777                                idx, tty->name);
1778                         return;
1779                 }
1780         }
1781 #endif
1782
1783 #ifdef TTY_DEBUG_HANGUP
1784         printk(KERN_DEBUG "release_dev of %s (tty count=%d)...",
1785                tty_name(tty, buf), tty->count);
1786 #endif
1787
1788 #ifdef TTY_PARANOIA_CHECK
1789         if (tty->driver->other &&
1790              !(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
1791                 if (o_tty != tty->driver->other->ttys[idx]) {
1792                         printk(KERN_DEBUG "release_dev: other->table[%d] "
1793                                           "not o_tty for (%s)\n",
1794                                idx, tty->name);
1795                         return;
1796                 }
1797                 if (o_tty->termios != tty->driver->other->termios[idx]) {
1798                         printk(KERN_DEBUG "release_dev: other->termios[%d] "
1799                                           "not o_termios for (%s)\n",
1800                                idx, tty->name);
1801                         return;
1802                 }
1803                 if (o_tty->termios_locked != 
1804                       tty->driver->other->termios_locked[idx]) {
1805                         printk(KERN_DEBUG "release_dev: other->termios_locked["
1806                                           "%d] not o_termios_locked for (%s)\n",
1807                                idx, tty->name);
1808                         return;
1809                 }
1810                 if (o_tty->link != tty) {
1811                         printk(KERN_DEBUG "release_dev: bad pty pointers\n");
1812                         return;
1813                 }
1814         }
1815 #endif
1816         if (tty->driver->close)
1817                 tty->driver->close(tty, filp);
1818
1819         /*
1820          * Sanity check: if tty->count is going to zero, there shouldn't be
1821          * any waiters on tty->read_wait or tty->write_wait.  We test the
1822          * wait queues and kick everyone out _before_ actually starting to
1823          * close.  This ensures that we won't block while releasing the tty
1824          * structure.
1825          *
1826          * The test for the o_tty closing is necessary, since the master and
1827          * slave sides may close in any order.  If the slave side closes out
1828          * first, its count will be one, since the master side holds an open.
1829          * Thus this test wouldn't be triggered at the time the slave closes,
1830          * so we do it now.
1831          *
1832          * Note that it's possible for the tty to be opened again while we're
1833          * flushing out waiters.  By recalculating the closing flags before
1834          * each iteration we avoid any problems.
1835          */
1836         while (1) {
1837                 /* Guard against races with tty->count changes elsewhere and
1838                    opens on /dev/tty */
1839                    
1840                 down(&tty_sem);
1841                 tty_closing = tty->count <= 1;
1842                 o_tty_closing = o_tty &&
1843                         (o_tty->count <= (pty_master ? 1 : 0));
1844                 do_sleep = 0;
1845
1846                 if (tty_closing) {
1847                         if (waitqueue_active(&tty->read_wait)) {
1848                                 wake_up(&tty->read_wait);
1849                                 do_sleep++;
1850                         }
1851                         if (waitqueue_active(&tty->write_wait)) {
1852                                 wake_up(&tty->write_wait);
1853                                 do_sleep++;
1854                         }
1855                 }
1856                 if (o_tty_closing) {
1857                         if (waitqueue_active(&o_tty->read_wait)) {
1858                                 wake_up(&o_tty->read_wait);
1859                                 do_sleep++;
1860                         }
1861                         if (waitqueue_active(&o_tty->write_wait)) {
1862                                 wake_up(&o_tty->write_wait);
1863                                 do_sleep++;
1864                         }
1865                 }
1866                 if (!do_sleep)
1867                         break;
1868
1869                 printk(KERN_WARNING "release_dev: %s: read/write wait queue "
1870                                     "active!\n", tty_name(tty, buf));
1871                 up(&tty_sem);
1872                 schedule();
1873         }       
1874
1875         /*
1876          * The closing flags are now consistent with the open counts on 
1877          * both sides, and we've completed the last operation that could 
1878          * block, so it's safe to proceed with closing.
1879          */
1880         if (pty_master) {
1881                 if (--o_tty->count < 0) {
1882                         printk(KERN_WARNING "release_dev: bad pty slave count "
1883                                             "(%d) for %s\n",
1884                                o_tty->count, tty_name(o_tty, buf));
1885                         o_tty->count = 0;
1886                 }
1887         }
1888         if (--tty->count < 0) {
1889                 printk(KERN_WARNING "release_dev: bad tty->count (%d) for %s\n",
1890                        tty->count, tty_name(tty, buf));
1891                 tty->count = 0;
1892         }
1893         
1894         /*
1895          * We've decremented tty->count, so we need to remove this file
1896          * descriptor off the tty->tty_files list; this serves two
1897          * purposes:
1898          *  - check_tty_count sees the correct number of file descriptors
1899          *    associated with this tty.
1900          *  - do_tty_hangup no longer sees this file descriptor as
1901          *    something that needs to be handled for hangups.
1902          */
1903         file_kill(filp);
1904         filp->private_data = NULL;
1905
1906         /*
1907          * Perform some housekeeping before deciding whether to return.
1908          *
1909          * Set the TTY_CLOSING flag if this was the last open.  In the
1910          * case of a pty we may have to wait around for the other side
1911          * to close, and TTY_CLOSING makes sure we can't be reopened.
1912          */
1913         if(tty_closing)
1914                 set_bit(TTY_CLOSING, &tty->flags);
1915         if(o_tty_closing)
1916                 set_bit(TTY_CLOSING, &o_tty->flags);
1917
1918         /*
1919          * If _either_ side is closing, make sure there aren't any
1920          * processes that still think tty or o_tty is their controlling
1921          * tty.
1922          */
1923         if (tty_closing || o_tty_closing) {
1924                 struct task_struct *p;
1925
1926                 read_lock(&tasklist_lock);
1927                 do_each_task_pid(tty->session, PIDTYPE_SID, p) {
1928                         p->signal->tty = NULL;
1929                 } while_each_task_pid(tty->session, PIDTYPE_SID, p);
1930                 if (o_tty)
1931                         do_each_task_pid(o_tty->session, PIDTYPE_SID, p) {
1932                                 p->signal->tty = NULL;
1933                         } while_each_task_pid(o_tty->session, PIDTYPE_SID, p);
1934                 read_unlock(&tasklist_lock);
1935         }
1936
1937         up(&tty_sem);
1938
1939         /* check whether both sides are closing ... */
1940         if (!tty_closing || (o_tty && !o_tty_closing))
1941                 return;
1942         
1943 #ifdef TTY_DEBUG_HANGUP
1944         printk(KERN_DEBUG "freeing tty structure...");
1945 #endif
1946         /*
1947          * Prevent flush_to_ldisc() from rescheduling the work for later.  Then
1948          * kill any delayed work. As this is the final close it does not
1949          * race with the set_ldisc code path.
1950          */
1951         clear_bit(TTY_LDISC, &tty->flags);
1952         clear_bit(TTY_DONT_FLIP, &tty->flags);
1953         cancel_delayed_work(&tty->buf.work);
1954
1955         /*
1956          * Wait for ->hangup_work and ->buf.work handlers to terminate
1957          */
1958          
1959         flush_scheduled_work();
1960         
1961         /*
1962          * Wait for any short term users (we know they are just driver
1963          * side waiters as the file is closing so user count on the file
1964          * side is zero.
1965          */
1966         spin_lock_irqsave(&tty_ldisc_lock, flags);
1967         while(tty->ldisc.refcount)
1968         {
1969                 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1970                 wait_event(tty_ldisc_wait, tty->ldisc.refcount == 0);
1971                 spin_lock_irqsave(&tty_ldisc_lock, flags);
1972         }
1973         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1974         /*
1975          * Shutdown the current line discipline, and reset it to N_TTY.
1976          * N.B. why reset ldisc when we're releasing the memory??
1977          *
1978          * FIXME: this MUST get fixed for the new reflocking
1979          */
1980         if (tty->ldisc.close)
1981                 (tty->ldisc.close)(tty);
1982         tty_ldisc_put(tty->ldisc.num);
1983         
1984         /*
1985          *      Switch the line discipline back
1986          */
1987         tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
1988         tty_set_termios_ldisc(tty,N_TTY); 
1989         if (o_tty) {
1990                 /* FIXME: could o_tty be in setldisc here ? */
1991                 clear_bit(TTY_LDISC, &o_tty->flags);
1992                 if (o_tty->ldisc.close)
1993                         (o_tty->ldisc.close)(o_tty);
1994                 tty_ldisc_put(o_tty->ldisc.num);
1995                 tty_ldisc_assign(o_tty, tty_ldisc_get(N_TTY));
1996                 tty_set_termios_ldisc(o_tty,N_TTY); 
1997         }
1998         /*
1999          * The release_mem function takes care of the details of clearing
2000          * the slots and preserving the termios structure.
2001          */
2002         release_mem(tty, idx);
2003
2004 #ifdef CONFIG_UNIX98_PTYS
2005         /* Make this pty number available for reallocation */
2006         if (devpts) {
2007                 down(&allocated_ptys_lock);
2008                 idr_remove(&allocated_ptys, idx);
2009                 up(&allocated_ptys_lock);
2010         }
2011 #endif
2012
2013 }
2014
2015 /*
2016  * tty_open and tty_release keep up the tty count that contains the
2017  * number of opens done on a tty. We cannot use the inode-count, as
2018  * different inodes might point to the same tty.
2019  *
2020  * Open-counting is needed for pty masters, as well as for keeping
2021  * track of serial lines: DTR is dropped when the last close happens.
2022  * (This is not done solely through tty->count, now.  - Ted 1/27/92)
2023  *
2024  * The termios state of a pty is reset on first open so that
2025  * settings don't persist across reuse.
2026  */
2027 static int tty_open(struct inode * inode, struct file * filp)
2028 {
2029         struct tty_struct *tty;
2030         int noctty, retval;
2031         struct tty_driver *driver;
2032         int index;
2033         dev_t device = inode->i_rdev;
2034         unsigned short saved_flags = filp->f_flags;
2035
2036         nonseekable_open(inode, filp);
2037         
2038 retry_open:
2039         noctty = filp->f_flags & O_NOCTTY;
2040         index  = -1;
2041         retval = 0;
2042         
2043         down(&tty_sem);
2044
2045         if (device == MKDEV(TTYAUX_MAJOR,0)) {
2046                 if (!current->signal->tty) {
2047                         up(&tty_sem);
2048                         return -ENXIO;
2049                 }
2050                 driver = current->signal->tty->driver;
2051                 index = current->signal->tty->index;
2052                 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
2053                 /* noctty = 1; */
2054                 goto got_driver;
2055         }
2056 #ifdef CONFIG_VT
2057         if (device == MKDEV(TTY_MAJOR,0)) {
2058                 extern struct tty_driver *console_driver;
2059                 driver = console_driver;
2060                 index = fg_console;
2061                 noctty = 1;
2062                 goto got_driver;
2063         }
2064 #endif
2065         if (device == MKDEV(TTYAUX_MAJOR,1)) {
2066                 driver = console_device(&index);
2067                 if (driver) {
2068                         /* Don't let /dev/console block */
2069                         filp->f_flags |= O_NONBLOCK;
2070                         noctty = 1;
2071                         goto got_driver;
2072                 }
2073                 up(&tty_sem);
2074                 return -ENODEV;
2075         }
2076
2077         driver = get_tty_driver(device, &index);
2078         if (!driver) {
2079                 up(&tty_sem);
2080                 return -ENODEV;
2081         }
2082 got_driver:
2083         retval = init_dev(driver, index, &tty);
2084         up(&tty_sem);
2085         if (retval)
2086                 return retval;
2087
2088         filp->private_data = tty;
2089         file_move(filp, &tty->tty_files);
2090         check_tty_count(tty, "tty_open");
2091         if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2092             tty->driver->subtype == PTY_TYPE_MASTER)
2093                 noctty = 1;
2094 #ifdef TTY_DEBUG_HANGUP
2095         printk(KERN_DEBUG "opening %s...", tty->name);
2096 #endif
2097         if (!retval) {
2098                 if (tty->driver->open)
2099                         retval = tty->driver->open(tty, filp);
2100                 else
2101                         retval = -ENODEV;
2102         }
2103         filp->f_flags = saved_flags;
2104
2105         if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN))
2106                 retval = -EBUSY;
2107
2108         if (retval) {
2109 #ifdef TTY_DEBUG_HANGUP
2110                 printk(KERN_DEBUG "error %d in opening %s...", retval,
2111                        tty->name);
2112 #endif
2113                 release_dev(filp);
2114                 if (retval != -ERESTARTSYS)
2115                         return retval;
2116                 if (signal_pending(current))
2117                         return retval;
2118                 schedule();
2119                 /*
2120                  * Need to reset f_op in case a hangup happened.
2121                  */
2122                 if (filp->f_op == &hung_up_tty_fops)
2123                         filp->f_op = &tty_fops;
2124                 goto retry_open;
2125         }
2126         if (!noctty &&
2127             current->signal->leader &&
2128             !current->signal->tty &&
2129             tty->session == 0) {
2130                 task_lock(current);
2131                 current->signal->tty = tty;
2132                 task_unlock(current);
2133                 current->signal->tty_old_pgrp = 0;
2134                 tty->session = current->signal->session;
2135                 tty->pgrp = process_group(current);
2136         }
2137         return 0;
2138 }
2139
2140 #ifdef CONFIG_UNIX98_PTYS
2141 static int ptmx_open(struct inode * inode, struct file * filp)
2142 {
2143         struct tty_struct *tty;
2144         int retval;
2145         int index;
2146         int idr_ret;
2147
2148         nonseekable_open(inode, filp);
2149
2150         /* find a device that is not in use. */
2151         down(&allocated_ptys_lock);
2152         if (!idr_pre_get(&allocated_ptys, GFP_KERNEL)) {
2153                 up(&allocated_ptys_lock);
2154                 return -ENOMEM;
2155         }
2156         idr_ret = idr_get_new(&allocated_ptys, NULL, &index);
2157         if (idr_ret < 0) {
2158                 up(&allocated_ptys_lock);
2159                 if (idr_ret == -EAGAIN)
2160                         return -ENOMEM;
2161                 return -EIO;
2162         }
2163         if (index >= pty_limit) {
2164                 idr_remove(&allocated_ptys, index);
2165                 up(&allocated_ptys_lock);
2166                 return -EIO;
2167         }
2168         up(&allocated_ptys_lock);
2169
2170         down(&tty_sem);
2171         retval = init_dev(ptm_driver, index, &tty);
2172         up(&tty_sem);
2173         
2174         if (retval)
2175                 goto out;
2176
2177         set_bit(TTY_PTY_LOCK, &tty->flags); /* LOCK THE SLAVE */
2178         filp->private_data = tty;
2179         file_move(filp, &tty->tty_files);
2180
2181         retval = -ENOMEM;
2182         if (devpts_pty_new(tty->link))
2183                 goto out1;
2184
2185         check_tty_count(tty, "tty_open");
2186         retval = ptm_driver->open(tty, filp);
2187         if (!retval)
2188                 return 0;
2189 out1:
2190         release_dev(filp);
2191 out:
2192         down(&allocated_ptys_lock);
2193         idr_remove(&allocated_ptys, index);
2194         up(&allocated_ptys_lock);
2195         return retval;
2196 }
2197 #endif
2198
2199 static int tty_release(struct inode * inode, struct file * filp)
2200 {
2201         lock_kernel();
2202         release_dev(filp);
2203         unlock_kernel();
2204         return 0;
2205 }
2206
2207 /* No kernel lock held - fine */
2208 static unsigned int tty_poll(struct file * filp, poll_table * wait)
2209 {
2210         struct tty_struct * tty;
2211         struct tty_ldisc *ld;
2212         int ret = 0;
2213
2214         tty = (struct tty_struct *)filp->private_data;
2215         if (tty_paranoia_check(tty, filp->f_dentry->d_inode, "tty_poll"))
2216                 return 0;
2217                 
2218         ld = tty_ldisc_ref_wait(tty);
2219         if (ld->poll)
2220                 ret = (ld->poll)(tty, filp, wait);
2221         tty_ldisc_deref(ld);
2222         return ret;
2223 }
2224
2225 static int tty_fasync(int fd, struct file * filp, int on)
2226 {
2227         struct tty_struct * tty;
2228         int retval;
2229
2230         tty = (struct tty_struct *)filp->private_data;
2231         if (tty_paranoia_check(tty, filp->f_dentry->d_inode, "tty_fasync"))
2232                 return 0;
2233         
2234         retval = fasync_helper(fd, filp, on, &tty->fasync);
2235         if (retval <= 0)
2236                 return retval;
2237
2238         if (on) {
2239                 if (!waitqueue_active(&tty->read_wait))
2240                         tty->minimum_to_wake = 1;
2241                 retval = f_setown(filp, (-tty->pgrp) ? : current->pid, 0);
2242                 if (retval)
2243                         return retval;
2244         } else {
2245                 if (!tty->fasync && !waitqueue_active(&tty->read_wait))
2246                         tty->minimum_to_wake = N_TTY_BUF_SIZE;
2247         }
2248         return 0;
2249 }
2250
2251 static int tiocsti(struct tty_struct *tty, char __user *p)
2252 {
2253         char ch, mbz = 0;
2254         struct tty_ldisc *ld;
2255         
2256         if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2257                 return -EPERM;
2258         if (get_user(ch, p))
2259                 return -EFAULT;
2260         ld = tty_ldisc_ref_wait(tty);
2261         ld->receive_buf(tty, &ch, &mbz, 1);
2262         tty_ldisc_deref(ld);
2263         return 0;
2264 }
2265
2266 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user * arg)
2267 {
2268         if (copy_to_user(arg, &tty->winsize, sizeof(*arg)))
2269                 return -EFAULT;
2270         return 0;
2271 }
2272
2273 static int tiocswinsz(struct tty_struct *tty, struct tty_struct *real_tty,
2274         struct winsize __user * arg)
2275 {
2276         struct winsize tmp_ws;
2277
2278         if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2279                 return -EFAULT;
2280         if (!memcmp(&tmp_ws, &tty->winsize, sizeof(*arg)))
2281                 return 0;
2282 #ifdef CONFIG_VT
2283         if (tty->driver->type == TTY_DRIVER_TYPE_CONSOLE) {
2284                 int rc;
2285
2286                 acquire_console_sem();
2287                 rc = vc_resize(tty->driver_data, tmp_ws.ws_col, tmp_ws.ws_row);
2288                 release_console_sem();
2289                 if (rc)
2290                         return -ENXIO;
2291         }
2292 #endif
2293         if (tty->pgrp > 0)
2294                 kill_pg(tty->pgrp, SIGWINCH, 1);
2295         if ((real_tty->pgrp != tty->pgrp) && (real_tty->pgrp > 0))
2296                 kill_pg(real_tty->pgrp, SIGWINCH, 1);
2297         tty->winsize = tmp_ws;
2298         real_tty->winsize = tmp_ws;
2299         return 0;
2300 }
2301
2302 static int tioccons(struct file *file)
2303 {
2304         if (!capable(CAP_SYS_ADMIN))
2305                 return -EPERM;
2306         if (file->f_op->write == redirected_tty_write) {
2307                 struct file *f;
2308                 spin_lock(&redirect_lock);
2309                 f = redirect;
2310                 redirect = NULL;
2311                 spin_unlock(&redirect_lock);
2312                 if (f)
2313                         fput(f);
2314                 return 0;
2315         }
2316         spin_lock(&redirect_lock);
2317         if (redirect) {
2318                 spin_unlock(&redirect_lock);
2319                 return -EBUSY;
2320         }
2321         get_file(file);
2322         redirect = file;
2323         spin_unlock(&redirect_lock);
2324         return 0;
2325 }
2326
2327
2328 static int fionbio(struct file *file, int __user *p)
2329 {
2330         int nonblock;
2331
2332         if (get_user(nonblock, p))
2333                 return -EFAULT;
2334
2335         if (nonblock)
2336                 file->f_flags |= O_NONBLOCK;
2337         else
2338                 file->f_flags &= ~O_NONBLOCK;
2339         return 0;
2340 }
2341
2342 static int tiocsctty(struct tty_struct *tty, int arg)
2343 {
2344         task_t *p;
2345
2346         if (current->signal->leader &&
2347             (current->signal->session == tty->session))
2348                 return 0;
2349         /*
2350          * The process must be a session leader and
2351          * not have a controlling tty already.
2352          */
2353         if (!current->signal->leader || current->signal->tty)
2354                 return -EPERM;
2355         if (tty->session > 0) {
2356                 /*
2357                  * This tty is already the controlling
2358                  * tty for another session group!
2359                  */
2360                 if ((arg == 1) && capable(CAP_SYS_ADMIN)) {
2361                         /*
2362                          * Steal it away
2363                          */
2364
2365                         read_lock(&tasklist_lock);
2366                         do_each_task_pid(tty->session, PIDTYPE_SID, p) {
2367                                 p->signal->tty = NULL;
2368                         } while_each_task_pid(tty->session, PIDTYPE_SID, p);
2369                         read_unlock(&tasklist_lock);
2370                 } else
2371                         return -EPERM;
2372         }
2373         task_lock(current);
2374         current->signal->tty = tty;
2375         task_unlock(current);
2376         current->signal->tty_old_pgrp = 0;
2377         tty->session = current->signal->session;
2378         tty->pgrp = process_group(current);
2379         return 0;
2380 }
2381
2382 static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2383 {
2384         /*
2385          * (tty == real_tty) is a cheap way of
2386          * testing if the tty is NOT a master pty.
2387          */
2388         if (tty == real_tty && current->signal->tty != real_tty)
2389                 return -ENOTTY;
2390         return put_user(real_tty->pgrp, p);
2391 }
2392
2393 static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2394 {
2395         pid_t pgrp;
2396         int retval = tty_check_change(real_tty);
2397
2398         if (retval == -EIO)
2399                 return -ENOTTY;
2400         if (retval)
2401                 return retval;
2402         if (!current->signal->tty ||
2403             (current->signal->tty != real_tty) ||
2404             (real_tty->session != current->signal->session))
2405                 return -ENOTTY;
2406         if (get_user(pgrp, p))
2407                 return -EFAULT;
2408         if (pgrp < 0)
2409                 return -EINVAL;
2410         if (session_of_pgrp(pgrp) != current->signal->session)
2411                 return -EPERM;
2412         real_tty->pgrp = pgrp;
2413         return 0;
2414 }
2415
2416 static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2417 {
2418         /*
2419          * (tty == real_tty) is a cheap way of
2420          * testing if the tty is NOT a master pty.
2421         */
2422         if (tty == real_tty && current->signal->tty != real_tty)
2423                 return -ENOTTY;
2424         if (real_tty->session <= 0)
2425                 return -ENOTTY;
2426         return put_user(real_tty->session, p);
2427 }
2428
2429 static int tiocsetd(struct tty_struct *tty, int __user *p)
2430 {
2431         int ldisc;
2432
2433         if (get_user(ldisc, p))
2434                 return -EFAULT;
2435         return tty_set_ldisc(tty, ldisc);
2436 }
2437
2438 static int send_break(struct tty_struct *tty, unsigned int duration)
2439 {
2440         tty->driver->break_ctl(tty, -1);
2441         if (!signal_pending(current)) {
2442                 msleep_interruptible(duration);
2443         }
2444         tty->driver->break_ctl(tty, 0);
2445         if (signal_pending(current))
2446                 return -EINTR;
2447         return 0;
2448 }
2449
2450 static int
2451 tty_tiocmget(struct tty_struct *tty, struct file *file, int __user *p)
2452 {
2453         int retval = -EINVAL;
2454
2455         if (tty->driver->tiocmget) {
2456                 retval = tty->driver->tiocmget(tty, file);
2457
2458                 if (retval >= 0)
2459                         retval = put_user(retval, p);
2460         }
2461         return retval;
2462 }
2463
2464 static int
2465 tty_tiocmset(struct tty_struct *tty, struct file *file, unsigned int cmd,
2466              unsigned __user *p)
2467 {
2468         int retval = -EINVAL;
2469
2470         if (tty->driver->tiocmset) {
2471                 unsigned int set, clear, val;
2472
2473                 retval = get_user(val, p);
2474                 if (retval)
2475                         return retval;
2476
2477                 set = clear = 0;
2478                 switch (cmd) {
2479                 case TIOCMBIS:
2480                         set = val;
2481                         break;
2482                 case TIOCMBIC:
2483                         clear = val;
2484                         break;
2485                 case TIOCMSET:
2486                         set = val;
2487                         clear = ~val;
2488                         break;
2489                 }
2490
2491                 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2492                 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2493
2494                 retval = tty->driver->tiocmset(tty, file, set, clear);
2495         }
2496         return retval;
2497 }
2498
2499 /*
2500  * Split this up, as gcc can choke on it otherwise..
2501  */
2502 int tty_ioctl(struct inode * inode, struct file * file,
2503               unsigned int cmd, unsigned long arg)
2504 {
2505         struct tty_struct *tty, *real_tty;
2506         void __user *p = (void __user *)arg;
2507         int retval;
2508         struct tty_ldisc *ld;
2509         
2510         tty = (struct tty_struct *)file->private_data;
2511         if (tty_paranoia_check(tty, inode, "tty_ioctl"))
2512                 return -EINVAL;
2513
2514         real_tty = tty;
2515         if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2516             tty->driver->subtype == PTY_TYPE_MASTER)
2517                 real_tty = tty->link;
2518
2519         /*
2520          * Break handling by driver
2521          */
2522         if (!tty->driver->break_ctl) {
2523                 switch(cmd) {
2524                 case TIOCSBRK:
2525                 case TIOCCBRK:
2526                         if (tty->driver->ioctl)
2527                                 return tty->driver->ioctl(tty, file, cmd, arg);
2528                         return -EINVAL;
2529                         
2530                 /* These two ioctl's always return success; even if */
2531                 /* the driver doesn't support them. */
2532                 case TCSBRK:
2533                 case TCSBRKP:
2534                         if (!tty->driver->ioctl)
2535                                 return 0;
2536                         retval = tty->driver->ioctl(tty, file, cmd, arg);
2537                         if (retval == -ENOIOCTLCMD)
2538                                 retval = 0;
2539                         return retval;
2540                 }
2541         }
2542
2543         /*
2544          * Factor out some common prep work
2545          */
2546         switch (cmd) {
2547         case TIOCSETD:
2548         case TIOCSBRK:
2549         case TIOCCBRK:
2550         case TCSBRK:
2551         case TCSBRKP:                   
2552                 retval = tty_check_change(tty);
2553                 if (retval)
2554                         return retval;
2555                 if (cmd != TIOCCBRK) {
2556                         tty_wait_until_sent(tty, 0);
2557                         if (signal_pending(current))
2558                                 return -EINTR;
2559                 }
2560                 break;
2561         }
2562
2563         switch (cmd) {
2564                 case TIOCSTI:
2565                         return tiocsti(tty, p);
2566                 case TIOCGWINSZ:
2567                         return tiocgwinsz(tty, p);
2568                 case TIOCSWINSZ:
2569                         return tiocswinsz(tty, real_tty, p);
2570                 case TIOCCONS:
2571                         return real_tty!=tty ? -EINVAL : tioccons(file);
2572                 case FIONBIO:
2573                         return fionbio(file, p);
2574                 case TIOCEXCL:
2575                         set_bit(TTY_EXCLUSIVE, &tty->flags);
2576                         return 0;
2577                 case TIOCNXCL:
2578                         clear_bit(TTY_EXCLUSIVE, &tty->flags);
2579                         return 0;
2580                 case TIOCNOTTY:
2581                         if (current->signal->tty != tty)
2582                                 return -ENOTTY;
2583                         if (current->signal->leader)
2584                                 disassociate_ctty(0);
2585                         task_lock(current);
2586                         current->signal->tty = NULL;
2587                         task_unlock(current);
2588                         return 0;
2589                 case TIOCSCTTY:
2590                         return tiocsctty(tty, arg);
2591                 case TIOCGPGRP:
2592                         return tiocgpgrp(tty, real_tty, p);
2593                 case TIOCSPGRP:
2594                         return tiocspgrp(tty, real_tty, p);
2595                 case TIOCGSID:
2596                         return tiocgsid(tty, real_tty, p);
2597                 case TIOCGETD:
2598                         /* FIXME: check this is ok */
2599                         return put_user(tty->ldisc.num, (int __user *)p);
2600                 case TIOCSETD:
2601                         return tiocsetd(tty, p);
2602 #ifdef CONFIG_VT
2603                 case TIOCLINUX:
2604                         return tioclinux(tty, arg);
2605 #endif
2606                 /*
2607                  * Break handling
2608                  */
2609                 case TIOCSBRK:  /* Turn break on, unconditionally */
2610                         tty->driver->break_ctl(tty, -1);
2611                         return 0;
2612                         
2613                 case TIOCCBRK:  /* Turn break off, unconditionally */
2614                         tty->driver->break_ctl(tty, 0);
2615                         return 0;
2616                 case TCSBRK:   /* SVID version: non-zero arg --> no break */
2617                         /*
2618                          * XXX is the above comment correct, or the
2619                          * code below correct?  Is this ioctl used at
2620                          * all by anyone?
2621                          */
2622                         if (!arg)
2623                                 return send_break(tty, 250);
2624                         return 0;
2625                 case TCSBRKP:   /* support for POSIX tcsendbreak() */   
2626                         return send_break(tty, arg ? arg*100 : 250);
2627
2628                 case TIOCMGET:
2629                         return tty_tiocmget(tty, file, p);
2630
2631                 case TIOCMSET:
2632                 case TIOCMBIC:
2633                 case TIOCMBIS:
2634                         return tty_tiocmset(tty, file, cmd, p);
2635         }
2636         if (tty->driver->ioctl) {
2637                 retval = (tty->driver->ioctl)(tty, file, cmd, arg);
2638                 if (retval != -ENOIOCTLCMD)
2639                         return retval;
2640         }
2641         ld = tty_ldisc_ref_wait(tty);
2642         retval = -EINVAL;
2643         if (ld->ioctl) {
2644                 retval = ld->ioctl(tty, file, cmd, arg);
2645                 if (retval == -ENOIOCTLCMD)
2646                         retval = -EINVAL;
2647         }
2648         tty_ldisc_deref(ld);
2649         return retval;
2650 }
2651
2652
2653 /*
2654  * This implements the "Secure Attention Key" ---  the idea is to
2655  * prevent trojan horses by killing all processes associated with this
2656  * tty when the user hits the "Secure Attention Key".  Required for
2657  * super-paranoid applications --- see the Orange Book for more details.
2658  * 
2659  * This code could be nicer; ideally it should send a HUP, wait a few
2660  * seconds, then send a INT, and then a KILL signal.  But you then
2661  * have to coordinate with the init process, since all processes associated
2662  * with the current tty must be dead before the new getty is allowed
2663  * to spawn.
2664  *
2665  * Now, if it would be correct ;-/ The current code has a nasty hole -
2666  * it doesn't catch files in flight. We may send the descriptor to ourselves
2667  * via AF_UNIX socket, close it and later fetch from socket. FIXME.
2668  *
2669  * Nasty bug: do_SAK is being called in interrupt context.  This can
2670  * deadlock.  We punt it up to process context.  AKPM - 16Mar2001
2671  */
2672 static void __do_SAK(void *arg)
2673 {
2674 #ifdef TTY_SOFT_SAK
2675         tty_hangup(tty);
2676 #else
2677         struct tty_struct *tty = arg;
2678         struct task_struct *p;
2679         int session;
2680         int             i;
2681         struct file     *filp;
2682         struct tty_ldisc *disc;
2683         struct fdtable *fdt;
2684         
2685         if (!tty)
2686                 return;
2687         session  = tty->session;
2688         
2689         /* We don't want an ldisc switch during this */
2690         disc = tty_ldisc_ref(tty);
2691         if (disc && disc->flush_buffer)
2692                 disc->flush_buffer(tty);
2693         tty_ldisc_deref(disc);
2694
2695         if (tty->driver->flush_buffer)
2696                 tty->driver->flush_buffer(tty);
2697         
2698         read_lock(&tasklist_lock);
2699         do_each_task_pid(session, PIDTYPE_SID, p) {
2700                 if (p->signal->tty == tty || session > 0) {
2701                         printk(KERN_NOTICE "SAK: killed process %d"
2702                             " (%s): p->signal->session==tty->session\n",
2703                             p->pid, p->comm);
2704                         send_sig(SIGKILL, p, 1);
2705                         continue;
2706                 }
2707                 task_lock(p);
2708                 if (p->files) {
2709                         rcu_read_lock();
2710                         fdt = files_fdtable(p->files);
2711                         for (i=0; i < fdt->max_fds; i++) {
2712                                 filp = fcheck_files(p->files, i);
2713                                 if (!filp)
2714                                         continue;
2715                                 if (filp->f_op->read == tty_read &&
2716                                     filp->private_data == tty) {
2717                                         printk(KERN_NOTICE "SAK: killed process %d"
2718                                             " (%s): fd#%d opened to the tty\n",
2719                                             p->pid, p->comm, i);
2720                                         send_sig(SIGKILL, p, 1);
2721                                         break;
2722                                 }
2723                         }
2724                         rcu_read_unlock();
2725                 }
2726                 task_unlock(p);
2727         } while_each_task_pid(session, PIDTYPE_SID, p);
2728         read_unlock(&tasklist_lock);
2729 #endif
2730 }
2731
2732 /*
2733  * The tq handling here is a little racy - tty->SAK_work may already be queued.
2734  * Fortunately we don't need to worry, because if ->SAK_work is already queued,
2735  * the values which we write to it will be identical to the values which it
2736  * already has. --akpm
2737  */
2738 void do_SAK(struct tty_struct *tty)
2739 {
2740         if (!tty)
2741                 return;
2742         PREPARE_WORK(&tty->SAK_work, __do_SAK, tty);
2743         schedule_work(&tty->SAK_work);
2744 }
2745
2746 EXPORT_SYMBOL(do_SAK);
2747
2748 /*
2749  * This routine is called out of the software interrupt to flush data
2750  * from the buffer chain to the line discipline.
2751  */
2752  
2753 static void flush_to_ldisc(void *private_)
2754 {
2755         struct tty_struct *tty = (struct tty_struct *) private_;
2756         unsigned long   flags;
2757         struct tty_ldisc *disc;
2758         struct tty_buffer *tbuf;
2759         int count;
2760         char *char_buf;
2761         unsigned char *flag_buf;
2762
2763         disc = tty_ldisc_ref(tty);
2764         if (disc == NULL)       /*  !TTY_LDISC */
2765                 return;
2766
2767         if (test_bit(TTY_DONT_FLIP, &tty->flags)) {
2768                 /*
2769                  * Do it after the next timer tick:
2770                  */
2771                 schedule_delayed_work(&tty->buf.work, 1);
2772                 goto out;
2773         }
2774         spin_lock_irqsave(&tty->buf.lock, flags);
2775         while((tbuf = tty->buf.head) != NULL) {
2776                 while ((count = tbuf->commit - tbuf->read) != 0) {
2777                         char_buf = tbuf->char_buf_ptr + tbuf->read;
2778                         flag_buf = tbuf->flag_buf_ptr + tbuf->read;
2779                         tbuf->read += count;
2780                         spin_unlock_irqrestore(&tty->buf.lock, flags);
2781                         disc->receive_buf(tty, char_buf, flag_buf, count);
2782                         spin_lock_irqsave(&tty->buf.lock, flags);
2783                 }
2784                 if (tbuf->active)
2785                         break;
2786                 tty->buf.head = tbuf->next;
2787                 if (tty->buf.head == NULL)
2788                         tty->buf.tail = NULL;
2789                 tty_buffer_free(tty, tbuf);
2790         }
2791         spin_unlock_irqrestore(&tty->buf.lock, flags);
2792 out:
2793         tty_ldisc_deref(disc);
2794 }
2795
2796 /*
2797  * Routine which returns the baud rate of the tty
2798  *
2799  * Note that the baud_table needs to be kept in sync with the
2800  * include/asm/termbits.h file.
2801  */
2802 static int baud_table[] = {
2803         0, 50, 75, 110, 134, 150, 200, 300, 600, 1200, 1800, 2400, 4800,
2804         9600, 19200, 38400, 57600, 115200, 230400, 460800,
2805 #ifdef __sparc__
2806         76800, 153600, 307200, 614400, 921600
2807 #else
2808         500000, 576000, 921600, 1000000, 1152000, 1500000, 2000000,
2809         2500000, 3000000, 3500000, 4000000
2810 #endif
2811 };
2812
2813 static int n_baud_table = ARRAY_SIZE(baud_table);
2814
2815 /**
2816  *      tty_termios_baud_rate
2817  *      @termios: termios structure
2818  *
2819  *      Convert termios baud rate data into a speed. This should be called
2820  *      with the termios lock held if this termios is a terminal termios
2821  *      structure. May change the termios data.
2822  */
2823  
2824 int tty_termios_baud_rate(struct termios *termios)
2825 {
2826         unsigned int cbaud;
2827         
2828         cbaud = termios->c_cflag & CBAUD;
2829
2830         if (cbaud & CBAUDEX) {
2831                 cbaud &= ~CBAUDEX;
2832
2833                 if (cbaud < 1 || cbaud + 15 > n_baud_table)
2834                         termios->c_cflag &= ~CBAUDEX;
2835                 else
2836                         cbaud += 15;
2837         }
2838         return baud_table[cbaud];
2839 }
2840
2841 EXPORT_SYMBOL(tty_termios_baud_rate);
2842
2843 /**
2844  *      tty_get_baud_rate       -       get tty bit rates
2845  *      @tty: tty to query
2846  *
2847  *      Returns the baud rate as an integer for this terminal. The
2848  *      termios lock must be held by the caller and the terminal bit
2849  *      flags may be updated.
2850  */
2851  
2852 int tty_get_baud_rate(struct tty_struct *tty)
2853 {
2854         int baud = tty_termios_baud_rate(tty->termios);
2855
2856         if (baud == 38400 && tty->alt_speed) {
2857                 if (!tty->warned) {
2858                         printk(KERN_WARNING "Use of setserial/setrocket to "
2859                                             "set SPD_* flags is deprecated\n");
2860                         tty->warned = 1;
2861                 }
2862                 baud = tty->alt_speed;
2863         }
2864         
2865         return baud;
2866 }
2867
2868 EXPORT_SYMBOL(tty_get_baud_rate);
2869
2870 /**
2871  *      tty_flip_buffer_push    -       terminal
2872  *      @tty: tty to push
2873  *
2874  *      Queue a push of the terminal flip buffers to the line discipline. This
2875  *      function must not be called from IRQ context if tty->low_latency is set.
2876  *
2877  *      In the event of the queue being busy for flipping the work will be
2878  *      held off and retried later.
2879  */
2880
2881 void tty_flip_buffer_push(struct tty_struct *tty)
2882 {
2883         unsigned long flags;
2884         spin_lock_irqsave(&tty->buf.lock, flags);
2885         if (tty->buf.tail != NULL) {
2886                 tty->buf.tail->active = 0;
2887                 tty->buf.tail->commit = tty->buf.tail->used;
2888         }
2889         spin_unlock_irqrestore(&tty->buf.lock, flags);
2890
2891         if (tty->low_latency)
2892                 flush_to_ldisc((void *) tty);
2893         else
2894                 schedule_delayed_work(&tty->buf.work, 1);
2895 }
2896
2897 EXPORT_SYMBOL(tty_flip_buffer_push);
2898
2899
2900 /*
2901  * This subroutine initializes a tty structure.
2902  */
2903 static void initialize_tty_struct(struct tty_struct *tty)
2904 {
2905         memset(tty, 0, sizeof(struct tty_struct));
2906         tty->magic = TTY_MAGIC;
2907         tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
2908         tty->pgrp = -1;
2909         tty->overrun_time = jiffies;
2910         tty->buf.head = tty->buf.tail = NULL;
2911         tty_buffer_init(tty);
2912         INIT_WORK(&tty->buf.work, flush_to_ldisc, tty);
2913         init_MUTEX(&tty->buf.pty_sem);
2914         init_MUTEX(&tty->termios_sem);
2915         init_waitqueue_head(&tty->write_wait);
2916         init_waitqueue_head(&tty->read_wait);
2917         INIT_WORK(&tty->hangup_work, do_tty_hangup, tty);
2918         sema_init(&tty->atomic_read, 1);
2919         sema_init(&tty->atomic_write, 1);
2920         spin_lock_init(&tty->read_lock);
2921         INIT_LIST_HEAD(&tty->tty_files);
2922         INIT_WORK(&tty->SAK_work, NULL, NULL);
2923 }
2924
2925 /*
2926  * The default put_char routine if the driver did not define one.
2927  */
2928 static void tty_default_put_char(struct tty_struct *tty, unsigned char ch)
2929 {
2930         tty->driver->write(tty, &ch, 1);
2931 }
2932
2933 static struct class *tty_class;
2934
2935 /**
2936  * tty_register_device - register a tty device
2937  * @driver: the tty driver that describes the tty device
2938  * @index: the index in the tty driver for this tty device
2939  * @device: a struct device that is associated with this tty device.
2940  *      This field is optional, if there is no known struct device for this
2941  *      tty device it can be set to NULL safely.
2942  *
2943  * This call is required to be made to register an individual tty device if
2944  * the tty driver's flags have the TTY_DRIVER_NO_DEVFS bit set.  If that
2945  * bit is not set, this function should not be called.
2946  */
2947 void tty_register_device(struct tty_driver *driver, unsigned index,
2948                          struct device *device)
2949 {
2950         char name[64];
2951         dev_t dev = MKDEV(driver->major, driver->minor_start) + index;
2952
2953         if (index >= driver->num) {
2954                 printk(KERN_ERR "Attempt to register invalid tty line number "
2955                        " (%d).\n", index);
2956                 return;
2957         }
2958
2959         devfs_mk_cdev(dev, S_IFCHR | S_IRUSR | S_IWUSR,
2960                         "%s%d", driver->devfs_name, index + driver->name_base);
2961
2962         if (driver->type == TTY_DRIVER_TYPE_PTY)
2963                 pty_line_name(driver, index, name);
2964         else
2965                 tty_line_name(driver, index, name);
2966         class_device_create(tty_class, NULL, dev, device, "%s", name);
2967 }
2968
2969 /**
2970  * tty_unregister_device - unregister a tty device
2971  * @driver: the tty driver that describes the tty device
2972  * @index: the index in the tty driver for this tty device
2973  *
2974  * If a tty device is registered with a call to tty_register_device() then
2975  * this function must be made when the tty device is gone.
2976  */
2977 void tty_unregister_device(struct tty_driver *driver, unsigned index)
2978 {
2979         devfs_remove("%s%d", driver->devfs_name, index + driver->name_base);
2980         class_device_destroy(tty_class, MKDEV(driver->major, driver->minor_start) + index);
2981 }
2982
2983 EXPORT_SYMBOL(tty_register_device);
2984 EXPORT_SYMBOL(tty_unregister_device);
2985
2986 struct tty_driver *alloc_tty_driver(int lines)
2987 {
2988         struct tty_driver *driver;
2989
2990         driver = kmalloc(sizeof(struct tty_driver), GFP_KERNEL);
2991         if (driver) {
2992                 memset(driver, 0, sizeof(struct tty_driver));
2993                 driver->magic = TTY_DRIVER_MAGIC;
2994                 driver->num = lines;
2995                 /* later we'll move allocation of tables here */
2996         }
2997         return driver;
2998 }
2999
3000 void put_tty_driver(struct tty_driver *driver)
3001 {
3002         kfree(driver);
3003 }
3004
3005 void tty_set_operations(struct tty_driver *driver, struct tty_operations *op)
3006 {
3007         driver->open = op->open;
3008         driver->close = op->close;
3009         driver->write = op->write;
3010         driver->put_char = op->put_char;
3011         driver->flush_chars = op->flush_chars;
3012         driver->write_room = op->write_room;
3013         driver->chars_in_buffer = op->chars_in_buffer;
3014         driver->ioctl = op->ioctl;
3015         driver->set_termios = op->set_termios;
3016         driver->throttle = op->throttle;
3017         driver->unthrottle = op->unthrottle;
3018         driver->stop = op->stop;
3019         driver->start = op->start;
3020         driver->hangup = op->hangup;
3021         driver->break_ctl = op->break_ctl;
3022         driver->flush_buffer = op->flush_buffer;
3023         driver->set_ldisc = op->set_ldisc;
3024         driver->wait_until_sent = op->wait_until_sent;
3025         driver->send_xchar = op->send_xchar;
3026         driver->read_proc = op->read_proc;
3027         driver->write_proc = op->write_proc;
3028         driver->tiocmget = op->tiocmget;
3029         driver->tiocmset = op->tiocmset;
3030 }
3031
3032
3033 EXPORT_SYMBOL(alloc_tty_driver);
3034 EXPORT_SYMBOL(put_tty_driver);
3035 EXPORT_SYMBOL(tty_set_operations);
3036
3037 /*
3038  * Called by a tty driver to register itself.
3039  */
3040 int tty_register_driver(struct tty_driver *driver)
3041 {
3042         int error;
3043         int i;
3044         dev_t dev;
3045         void **p = NULL;
3046
3047         if (driver->flags & TTY_DRIVER_INSTALLED)
3048                 return 0;
3049
3050         if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
3051                 p = kmalloc(driver->num * 3 * sizeof(void *), GFP_KERNEL);
3052                 if (!p)
3053                         return -ENOMEM;
3054                 memset(p, 0, driver->num * 3 * sizeof(void *));
3055         }
3056
3057         if (!driver->major) {
3058                 error = alloc_chrdev_region(&dev, driver->minor_start, driver->num,
3059                                                 (char*)driver->name);
3060                 if (!error) {
3061                         driver->major = MAJOR(dev);
3062                         driver->minor_start = MINOR(dev);
3063                 }
3064         } else {
3065                 dev = MKDEV(driver->major, driver->minor_start);
3066                 error = register_chrdev_region(dev, driver->num,
3067                                                 (char*)driver->name);
3068         }
3069         if (error < 0) {
3070                 kfree(p);
3071                 return error;
3072         }
3073
3074         if (p) {
3075                 driver->ttys = (struct tty_struct **)p;
3076                 driver->termios = (struct termios **)(p + driver->num);
3077                 driver->termios_locked = (struct termios **)(p + driver->num * 2);
3078         } else {
3079                 driver->ttys = NULL;
3080                 driver->termios = NULL;
3081                 driver->termios_locked = NULL;
3082         }
3083
3084         cdev_init(&driver->cdev, &tty_fops);
3085         driver->cdev.owner = driver->owner;
3086         error = cdev_add(&driver->cdev, dev, driver->num);
3087         if (error) {
3088                 cdev_del(&driver->cdev);
3089                 unregister_chrdev_region(dev, driver->num);
3090                 driver->ttys = NULL;
3091                 driver->termios = driver->termios_locked = NULL;
3092                 kfree(p);
3093                 return error;
3094         }
3095
3096         if (!driver->put_char)
3097                 driver->put_char = tty_default_put_char;
3098         
3099         list_add(&driver->tty_drivers, &tty_drivers);
3100         
3101         if ( !(driver->flags & TTY_DRIVER_NO_DEVFS) ) {
3102                 for(i = 0; i < driver->num; i++)
3103                     tty_register_device(driver, i, NULL);
3104         }
3105         proc_tty_register_driver(driver);
3106         return 0;
3107 }
3108
3109 EXPORT_SYMBOL(tty_register_driver);
3110
3111 /*
3112  * Called by a tty driver to unregister itself.
3113  */
3114 int tty_unregister_driver(struct tty_driver *driver)
3115 {
3116         int i;
3117         struct termios *tp;
3118         void *p;
3119
3120         if (driver->refcount)
3121                 return -EBUSY;
3122
3123         unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3124                                 driver->num);
3125
3126         list_del(&driver->tty_drivers);
3127
3128         /*
3129          * Free the termios and termios_locked structures because
3130          * we don't want to get memory leaks when modular tty
3131          * drivers are removed from the kernel.
3132          */
3133         for (i = 0; i < driver->num; i++) {
3134                 tp = driver->termios[i];
3135                 if (tp) {
3136                         driver->termios[i] = NULL;
3137                         kfree(tp);
3138                 }
3139                 tp = driver->termios_locked[i];
3140                 if (tp) {
3141                         driver->termios_locked[i] = NULL;
3142                         kfree(tp);
3143                 }
3144                 if (!(driver->flags & TTY_DRIVER_NO_DEVFS))
3145                         tty_unregister_device(driver, i);
3146         }
3147         p = driver->ttys;
3148         proc_tty_unregister_driver(driver);
3149         driver->ttys = NULL;
3150         driver->termios = driver->termios_locked = NULL;
3151         kfree(p);
3152         cdev_del(&driver->cdev);
3153         return 0;
3154 }
3155
3156 EXPORT_SYMBOL(tty_unregister_driver);
3157
3158
3159 /*
3160  * Initialize the console device. This is called *early*, so
3161  * we can't necessarily depend on lots of kernel help here.
3162  * Just do some early initializations, and do the complex setup
3163  * later.
3164  */
3165 void __init console_init(void)
3166 {
3167         initcall_t *call;
3168
3169         /* Setup the default TTY line discipline. */
3170         (void) tty_register_ldisc(N_TTY, &tty_ldisc_N_TTY);
3171
3172         /*
3173          * set up the console device so that later boot sequences can 
3174          * inform about problems etc..
3175          */
3176 #ifdef CONFIG_EARLY_PRINTK
3177         disable_early_printk();
3178 #endif
3179         call = __con_initcall_start;
3180         while (call < __con_initcall_end) {
3181                 (*call)();
3182                 call++;
3183         }
3184 }
3185
3186 #ifdef CONFIG_VT
3187 extern int vty_init(void);
3188 #endif
3189
3190 static int __init tty_class_init(void)
3191 {
3192         tty_class = class_create(THIS_MODULE, "tty");
3193         if (IS_ERR(tty_class))
3194                 return PTR_ERR(tty_class);
3195         return 0;
3196 }
3197
3198 postcore_initcall(tty_class_init);
3199
3200 /* 3/2004 jmc: why do these devices exist? */
3201
3202 static struct cdev tty_cdev, console_cdev;
3203 #ifdef CONFIG_UNIX98_PTYS
3204 static struct cdev ptmx_cdev;
3205 #endif
3206 #ifdef CONFIG_VT
3207 static struct cdev vc0_cdev;
3208 #endif
3209
3210 /*
3211  * Ok, now we can initialize the rest of the tty devices and can count
3212  * on memory allocations, interrupts etc..
3213  */
3214 static int __init tty_init(void)
3215 {
3216         cdev_init(&tty_cdev, &tty_fops);
3217         if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3218             register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3219                 panic("Couldn't register /dev/tty driver\n");
3220         devfs_mk_cdev(MKDEV(TTYAUX_MAJOR, 0), S_IFCHR|S_IRUGO|S_IWUGO, "tty");
3221         class_device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty");
3222
3223         cdev_init(&console_cdev, &console_fops);
3224         if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3225             register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3226                 panic("Couldn't register /dev/console driver\n");
3227         devfs_mk_cdev(MKDEV(TTYAUX_MAJOR, 1), S_IFCHR|S_IRUSR|S_IWUSR, "console");
3228         class_device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), NULL, "console");
3229
3230 #ifdef CONFIG_UNIX98_PTYS
3231         cdev_init(&ptmx_cdev, &ptmx_fops);
3232         if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) ||
3233             register_chrdev_region(MKDEV(TTYAUX_MAJOR, 2), 1, "/dev/ptmx") < 0)
3234                 panic("Couldn't register /dev/ptmx driver\n");
3235         devfs_mk_cdev(MKDEV(TTYAUX_MAJOR, 2), S_IFCHR|S_IRUGO|S_IWUGO, "ptmx");
3236         class_device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 2), NULL, "ptmx");
3237 #endif
3238
3239 #ifdef CONFIG_VT
3240         cdev_init(&vc0_cdev, &console_fops);
3241         if (cdev_add(&vc0_cdev, MKDEV(TTY_MAJOR, 0), 1) ||
3242             register_chrdev_region(MKDEV(TTY_MAJOR, 0), 1, "/dev/vc/0") < 0)
3243                 panic("Couldn't register /dev/tty0 driver\n");
3244         devfs_mk_cdev(MKDEV(TTY_MAJOR, 0), S_IFCHR|S_IRUSR|S_IWUSR, "vc/0");
3245         class_device_create(tty_class, NULL, MKDEV(TTY_MAJOR, 0), NULL, "tty0");
3246
3247         vty_init();
3248 #endif
3249         return 0;
3250 }
3251 module_init(tty_init);