tty: kref the tty driver object
[linux-2.6] / drivers / char / tty_io.c
1 /*
2  *  linux/drivers/char/tty_io.c
3  *
4  *  Copyright (C) 1991, 1992  Linus Torvalds
5  */
6
7 /*
8  * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
9  * or rs-channels. It also implements echoing, cooked mode etc.
10  *
11  * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
12  *
13  * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
14  * tty_struct and tty_queue structures.  Previously there was an array
15  * of 256 tty_struct's which was statically allocated, and the
16  * tty_queue structures were allocated at boot time.  Both are now
17  * dynamically allocated only when the tty is open.
18  *
19  * Also restructured routines so that there is more of a separation
20  * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
21  * the low-level tty routines (serial.c, pty.c, console.c).  This
22  * makes for cleaner and more compact code.  -TYT, 9/17/92
23  *
24  * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
25  * which can be dynamically activated and de-activated by the line
26  * discipline handling modules (like SLIP).
27  *
28  * NOTE: pay no attention to the line discipline code (yet); its
29  * interface is still subject to change in this version...
30  * -- TYT, 1/31/92
31  *
32  * Added functionality to the OPOST tty handling.  No delays, but all
33  * other bits should be there.
34  *      -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
35  *
36  * Rewrote canonical mode and added more termios flags.
37  *      -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
38  *
39  * Reorganized FASYNC support so mouse code can share it.
40  *      -- ctm@ardi.com, 9Sep95
41  *
42  * New TIOCLINUX variants added.
43  *      -- mj@k332.feld.cvut.cz, 19-Nov-95
44  *
45  * Restrict vt switching via ioctl()
46  *      -- grif@cs.ucr.edu, 5-Dec-95
47  *
48  * Move console and virtual terminal code to more appropriate files,
49  * implement CONFIG_VT and generalize console device interface.
50  *      -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
51  *
52  * Rewrote tty_init_dev and tty_release_dev to eliminate races.
53  *      -- Bill Hawes <whawes@star.net>, June 97
54  *
55  * Added devfs support.
56  *      -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
57  *
58  * Added support for a Unix98-style ptmx device.
59  *      -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
60  *
61  * Reduced memory usage for older ARM systems
62  *      -- Russell King <rmk@arm.linux.org.uk>
63  *
64  * Move do_SAK() into process context.  Less stack use in devfs functions.
65  * alloc_tty_struct() always uses kmalloc()
66  *                       -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
67  */
68
69 #include <linux/types.h>
70 #include <linux/major.h>
71 #include <linux/errno.h>
72 #include <linux/signal.h>
73 #include <linux/fcntl.h>
74 #include <linux/sched.h>
75 #include <linux/interrupt.h>
76 #include <linux/tty.h>
77 #include <linux/tty_driver.h>
78 #include <linux/tty_flip.h>
79 #include <linux/devpts_fs.h>
80 #include <linux/file.h>
81 #include <linux/fdtable.h>
82 #include <linux/console.h>
83 #include <linux/timer.h>
84 #include <linux/ctype.h>
85 #include <linux/kd.h>
86 #include <linux/mm.h>
87 #include <linux/string.h>
88 #include <linux/slab.h>
89 #include <linux/poll.h>
90 #include <linux/proc_fs.h>
91 #include <linux/init.h>
92 #include <linux/module.h>
93 #include <linux/smp_lock.h>
94 #include <linux/device.h>
95 #include <linux/wait.h>
96 #include <linux/bitops.h>
97 #include <linux/delay.h>
98 #include <linux/seq_file.h>
99
100 #include <linux/uaccess.h>
101 #include <asm/system.h>
102
103 #include <linux/kbd_kern.h>
104 #include <linux/vt_kern.h>
105 #include <linux/selection.h>
106
107 #include <linux/kmod.h>
108 #include <linux/nsproxy.h>
109
110 #undef TTY_DEBUG_HANGUP
111
112 #define TTY_PARANOIA_CHECK 1
113 #define CHECK_TTY_COUNT 1
114
115 struct ktermios tty_std_termios = {     /* for the benefit of tty drivers  */
116         .c_iflag = ICRNL | IXON,
117         .c_oflag = OPOST | ONLCR,
118         .c_cflag = B38400 | CS8 | CREAD | HUPCL,
119         .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
120                    ECHOCTL | ECHOKE | IEXTEN,
121         .c_cc = INIT_C_CC,
122         .c_ispeed = 38400,
123         .c_ospeed = 38400
124 };
125
126 EXPORT_SYMBOL(tty_std_termios);
127
128 /* This list gets poked at by procfs and various bits of boot up code. This
129    could do with some rationalisation such as pulling the tty proc function
130    into this file */
131
132 LIST_HEAD(tty_drivers);                 /* linked list of tty drivers */
133
134 /* Mutex to protect creating and releasing a tty. This is shared with
135    vt.c for deeply disgusting hack reasons */
136 DEFINE_MUTEX(tty_mutex);
137 EXPORT_SYMBOL(tty_mutex);
138
139 static void initialize_tty_struct(struct tty_struct *tty);
140
141 static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
142 static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
143 ssize_t redirected_tty_write(struct file *, const char __user *,
144                                                         size_t, loff_t *);
145 static unsigned int tty_poll(struct file *, poll_table *);
146 static int tty_open(struct inode *, struct file *);
147 static int tty_release(struct inode *, struct file *);
148 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
149 #ifdef CONFIG_COMPAT
150 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
151                                 unsigned long arg);
152 #else
153 #define tty_compat_ioctl NULL
154 #endif
155 static int tty_fasync(int fd, struct file *filp, int on);
156 static void release_tty(struct tty_struct *tty, int idx);
157 static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
158 static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
159
160 /**
161  *      alloc_tty_struct        -       allocate a tty object
162  *
163  *      Return a new empty tty structure. The data fields have not
164  *      been initialized in any way but has been zeroed
165  *
166  *      Locking: none
167  */
168
169 static struct tty_struct *alloc_tty_struct(void)
170 {
171         return kzalloc(sizeof(struct tty_struct), GFP_KERNEL);
172 }
173
174 /**
175  *      free_tty_struct         -       free a disused tty
176  *      @tty: tty struct to free
177  *
178  *      Free the write buffers, tty queue and tty memory itself.
179  *
180  *      Locking: none. Must be called after tty is definitely unused
181  */
182
183 static inline void free_tty_struct(struct tty_struct *tty)
184 {
185         kfree(tty->write_buf);
186         tty_buffer_free_all(tty);
187         kfree(tty);
188 }
189
190 #define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
191
192 /**
193  *      tty_name        -       return tty naming
194  *      @tty: tty structure
195  *      @buf: buffer for output
196  *
197  *      Convert a tty structure into a name. The name reflects the kernel
198  *      naming policy and if udev is in use may not reflect user space
199  *
200  *      Locking: none
201  */
202
203 char *tty_name(struct tty_struct *tty, char *buf)
204 {
205         if (!tty) /* Hmm.  NULL pointer.  That's fun. */
206                 strcpy(buf, "NULL tty");
207         else
208                 strcpy(buf, tty->name);
209         return buf;
210 }
211
212 EXPORT_SYMBOL(tty_name);
213
214 int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
215                               const char *routine)
216 {
217 #ifdef TTY_PARANOIA_CHECK
218         if (!tty) {
219                 printk(KERN_WARNING
220                         "null TTY for (%d:%d) in %s\n",
221                         imajor(inode), iminor(inode), routine);
222                 return 1;
223         }
224         if (tty->magic != TTY_MAGIC) {
225                 printk(KERN_WARNING
226                         "bad magic number for tty struct (%d:%d) in %s\n",
227                         imajor(inode), iminor(inode), routine);
228                 return 1;
229         }
230 #endif
231         return 0;
232 }
233
234 static int check_tty_count(struct tty_struct *tty, const char *routine)
235 {
236 #ifdef CHECK_TTY_COUNT
237         struct list_head *p;
238         int count = 0;
239
240         file_list_lock();
241         list_for_each(p, &tty->tty_files) {
242                 count++;
243         }
244         file_list_unlock();
245         if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
246             tty->driver->subtype == PTY_TYPE_SLAVE &&
247             tty->link && tty->link->count)
248                 count++;
249         if (tty->count != count) {
250                 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
251                                     "!= #fd's(%d) in %s\n",
252                        tty->name, tty->count, count, routine);
253                 return count;
254         }
255 #endif
256         return 0;
257 }
258
259 /**
260  *      get_tty_driver          -       find device of a tty
261  *      @dev_t: device identifier
262  *      @index: returns the index of the tty
263  *
264  *      This routine returns a tty driver structure, given a device number
265  *      and also passes back the index number.
266  *
267  *      Locking: caller must hold tty_mutex
268  */
269
270 static struct tty_driver *get_tty_driver(dev_t device, int *index)
271 {
272         struct tty_driver *p;
273
274         list_for_each_entry(p, &tty_drivers, tty_drivers) {
275                 dev_t base = MKDEV(p->major, p->minor_start);
276                 if (device < base || device >= base + p->num)
277                         continue;
278                 *index = device - base;
279                 return tty_driver_kref_get(p);
280         }
281         return NULL;
282 }
283
284 #ifdef CONFIG_CONSOLE_POLL
285
286 /**
287  *      tty_find_polling_driver -       find device of a polled tty
288  *      @name: name string to match
289  *      @line: pointer to resulting tty line nr
290  *
291  *      This routine returns a tty driver structure, given a name
292  *      and the condition that the tty driver is capable of polled
293  *      operation.
294  */
295 struct tty_driver *tty_find_polling_driver(char *name, int *line)
296 {
297         struct tty_driver *p, *res = NULL;
298         int tty_line = 0;
299         int len;
300         char *str;
301
302         for (str = name; *str; str++)
303                 if ((*str >= '0' && *str <= '9') || *str == ',')
304                         break;
305         if (!*str)
306                 return NULL;
307
308         len = str - name;
309         tty_line = simple_strtoul(str, &str, 10);
310
311         mutex_lock(&tty_mutex);
312         /* Search through the tty devices to look for a match */
313         list_for_each_entry(p, &tty_drivers, tty_drivers) {
314                 if (strncmp(name, p->name, len) != 0)
315                         continue;
316                 if (*str == ',')
317                         str++;
318                 if (*str == '\0')
319                         str = NULL;
320
321                 if (tty_line >= 0 && tty_line <= p->num && p->ops &&
322                     p->ops->poll_init && !p->ops->poll_init(p, tty_line, str)) {
323                         res = tty_driver_kref_get(p);
324                         *line = tty_line;
325                         break;
326                 }
327         }
328         mutex_unlock(&tty_mutex);
329
330         return res;
331 }
332 EXPORT_SYMBOL_GPL(tty_find_polling_driver);
333 #endif
334
335 /**
336  *      tty_check_change        -       check for POSIX terminal changes
337  *      @tty: tty to check
338  *
339  *      If we try to write to, or set the state of, a terminal and we're
340  *      not in the foreground, send a SIGTTOU.  If the signal is blocked or
341  *      ignored, go ahead and perform the operation.  (POSIX 7.2)
342  *
343  *      Locking: ctrl_lock
344  */
345
346 int tty_check_change(struct tty_struct *tty)
347 {
348         unsigned long flags;
349         int ret = 0;
350
351         if (current->signal->tty != tty)
352                 return 0;
353
354         spin_lock_irqsave(&tty->ctrl_lock, flags);
355
356         if (!tty->pgrp) {
357                 printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n");
358                 goto out_unlock;
359         }
360         if (task_pgrp(current) == tty->pgrp)
361                 goto out_unlock;
362         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
363         if (is_ignored(SIGTTOU))
364                 goto out;
365         if (is_current_pgrp_orphaned()) {
366                 ret = -EIO;
367                 goto out;
368         }
369         kill_pgrp(task_pgrp(current), SIGTTOU, 1);
370         set_thread_flag(TIF_SIGPENDING);
371         ret = -ERESTARTSYS;
372 out:
373         return ret;
374 out_unlock:
375         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
376         return ret;
377 }
378
379 EXPORT_SYMBOL(tty_check_change);
380
381 static ssize_t hung_up_tty_read(struct file *file, char __user *buf,
382                                 size_t count, loff_t *ppos)
383 {
384         return 0;
385 }
386
387 static ssize_t hung_up_tty_write(struct file *file, const char __user *buf,
388                                  size_t count, loff_t *ppos)
389 {
390         return -EIO;
391 }
392
393 /* No kernel lock held - none needed ;) */
394 static unsigned int hung_up_tty_poll(struct file *filp, poll_table *wait)
395 {
396         return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
397 }
398
399 static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
400                 unsigned long arg)
401 {
402         return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
403 }
404
405 static long hung_up_tty_compat_ioctl(struct file *file,
406                                      unsigned int cmd, unsigned long arg)
407 {
408         return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
409 }
410
411 static const struct file_operations tty_fops = {
412         .llseek         = no_llseek,
413         .read           = tty_read,
414         .write          = tty_write,
415         .poll           = tty_poll,
416         .unlocked_ioctl = tty_ioctl,
417         .compat_ioctl   = tty_compat_ioctl,
418         .open           = tty_open,
419         .release        = tty_release,
420         .fasync         = tty_fasync,
421 };
422
423 static const struct file_operations console_fops = {
424         .llseek         = no_llseek,
425         .read           = tty_read,
426         .write          = redirected_tty_write,
427         .poll           = tty_poll,
428         .unlocked_ioctl = tty_ioctl,
429         .compat_ioctl   = tty_compat_ioctl,
430         .open           = tty_open,
431         .release        = tty_release,
432         .fasync         = tty_fasync,
433 };
434
435 static const struct file_operations hung_up_tty_fops = {
436         .llseek         = no_llseek,
437         .read           = hung_up_tty_read,
438         .write          = hung_up_tty_write,
439         .poll           = hung_up_tty_poll,
440         .unlocked_ioctl = hung_up_tty_ioctl,
441         .compat_ioctl   = hung_up_tty_compat_ioctl,
442         .release        = tty_release,
443 };
444
445 static DEFINE_SPINLOCK(redirect_lock);
446 static struct file *redirect;
447
448 /**
449  *      tty_wakeup      -       request more data
450  *      @tty: terminal
451  *
452  *      Internal and external helper for wakeups of tty. This function
453  *      informs the line discipline if present that the driver is ready
454  *      to receive more output data.
455  */
456
457 void tty_wakeup(struct tty_struct *tty)
458 {
459         struct tty_ldisc *ld;
460
461         if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
462                 ld = tty_ldisc_ref(tty);
463                 if (ld) {
464                         if (ld->ops->write_wakeup)
465                                 ld->ops->write_wakeup(tty);
466                         tty_ldisc_deref(ld);
467                 }
468         }
469         wake_up_interruptible(&tty->write_wait);
470 }
471
472 EXPORT_SYMBOL_GPL(tty_wakeup);
473
474 /**
475  *      tty_ldisc_flush -       flush line discipline queue
476  *      @tty: tty
477  *
478  *      Flush the line discipline queue (if any) for this tty. If there
479  *      is no line discipline active this is a no-op.
480  */
481
482 void tty_ldisc_flush(struct tty_struct *tty)
483 {
484         struct tty_ldisc *ld = tty_ldisc_ref(tty);
485         if (ld) {
486                 if (ld->ops->flush_buffer)
487                         ld->ops->flush_buffer(tty);
488                 tty_ldisc_deref(ld);
489         }
490         tty_buffer_flush(tty);
491 }
492
493 EXPORT_SYMBOL_GPL(tty_ldisc_flush);
494
495 /**
496  *      tty_reset_termios       -       reset terminal state
497  *      @tty: tty to reset
498  *
499  *      Restore a terminal to the driver default state
500  */
501
502 static void tty_reset_termios(struct tty_struct *tty)
503 {
504         mutex_lock(&tty->termios_mutex);
505         *tty->termios = tty->driver->init_termios;
506         tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
507         tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
508         mutex_unlock(&tty->termios_mutex);
509 }
510
511 /**
512  *      do_tty_hangup           -       actual handler for hangup events
513  *      @work: tty device
514  *
515  *      This can be called by the "eventd" kernel thread.  That is process
516  *      synchronous but doesn't hold any locks, so we need to make sure we
517  *      have the appropriate locks for what we're doing.
518  *
519  *      The hangup event clears any pending redirections onto the hung up
520  *      device. It ensures future writes will error and it does the needed
521  *      line discipline hangup and signal delivery. The tty object itself
522  *      remains intact.
523  *
524  *      Locking:
525  *              BKL
526  *                redirect lock for undoing redirection
527  *                file list lock for manipulating list of ttys
528  *                tty_ldisc_lock from called functions
529  *                termios_mutex resetting termios data
530  *                tasklist_lock to walk task list for hangup event
531  *                  ->siglock to protect ->signal/->sighand
532  */
533 static void do_tty_hangup(struct work_struct *work)
534 {
535         struct tty_struct *tty =
536                 container_of(work, struct tty_struct, hangup_work);
537         struct file *cons_filp = NULL;
538         struct file *filp, *f = NULL;
539         struct task_struct *p;
540         struct tty_ldisc *ld;
541         int    closecount = 0, n;
542         unsigned long flags;
543         int refs = 0;
544
545         if (!tty)
546                 return;
547
548         /* inuse_filps is protected by the single kernel lock */
549         lock_kernel();
550
551         spin_lock(&redirect_lock);
552         if (redirect && redirect->private_data == tty) {
553                 f = redirect;
554                 redirect = NULL;
555         }
556         spin_unlock(&redirect_lock);
557
558         check_tty_count(tty, "do_tty_hangup");
559         file_list_lock();
560         /* This breaks for file handles being sent over AF_UNIX sockets ? */
561         list_for_each_entry(filp, &tty->tty_files, f_u.fu_list) {
562                 if (filp->f_op->write == redirected_tty_write)
563                         cons_filp = filp;
564                 if (filp->f_op->write != tty_write)
565                         continue;
566                 closecount++;
567                 tty_fasync(-1, filp, 0);        /* can't block */
568                 filp->f_op = &hung_up_tty_fops;
569         }
570         file_list_unlock();
571         /*
572          * FIXME! What are the locking issues here? This may me overdoing
573          * things... This question is especially important now that we've
574          * removed the irqlock.
575          */
576         ld = tty_ldisc_ref(tty);
577         if (ld != NULL) {
578                 /* We may have no line discipline at this point */
579                 if (ld->ops->flush_buffer)
580                         ld->ops->flush_buffer(tty);
581                 tty_driver_flush_buffer(tty);
582                 if ((test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) &&
583                     ld->ops->write_wakeup)
584                         ld->ops->write_wakeup(tty);
585                 if (ld->ops->hangup)
586                         ld->ops->hangup(tty);
587         }
588         /*
589          * FIXME: Once we trust the LDISC code better we can wait here for
590          * ldisc completion and fix the driver call race
591          */
592         wake_up_interruptible(&tty->write_wait);
593         wake_up_interruptible(&tty->read_wait);
594         /*
595          * Shutdown the current line discipline, and reset it to
596          * N_TTY.
597          */
598         if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
599                 tty_reset_termios(tty);
600         /* Defer ldisc switch */
601         /* tty_deferred_ldisc_switch(N_TTY);
602
603           This should get done automatically when the port closes and
604           tty_release is called */
605
606         read_lock(&tasklist_lock);
607         if (tty->session) {
608                 do_each_pid_task(tty->session, PIDTYPE_SID, p) {
609                         spin_lock_irq(&p->sighand->siglock);
610                         if (p->signal->tty == tty) {
611                                 p->signal->tty = NULL;
612                                 /* We defer the dereferences outside fo
613                                    the tasklist lock */
614                                 refs++;
615                         }
616                         if (!p->signal->leader) {
617                                 spin_unlock_irq(&p->sighand->siglock);
618                                 continue;
619                         }
620                         __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
621                         __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
622                         put_pid(p->signal->tty_old_pgrp);  /* A noop */
623                         spin_lock_irqsave(&tty->ctrl_lock, flags);
624                         if (tty->pgrp)
625                                 p->signal->tty_old_pgrp = get_pid(tty->pgrp);
626                         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
627                         spin_unlock_irq(&p->sighand->siglock);
628                 } while_each_pid_task(tty->session, PIDTYPE_SID, p);
629         }
630         read_unlock(&tasklist_lock);
631
632         spin_lock_irqsave(&tty->ctrl_lock, flags);
633         tty->flags = 0;
634         put_pid(tty->session);
635         put_pid(tty->pgrp);
636         tty->session = NULL;
637         tty->pgrp = NULL;
638         tty->ctrl_status = 0;
639         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
640
641         /* Account for the p->signal references we killed */
642         while (refs--)
643                 tty_kref_put(tty);
644
645         /*
646          * If one of the devices matches a console pointer, we
647          * cannot just call hangup() because that will cause
648          * tty->count and state->count to go out of sync.
649          * So we just call close() the right number of times.
650          */
651         if (cons_filp) {
652                 if (tty->ops->close)
653                         for (n = 0; n < closecount; n++)
654                                 tty->ops->close(tty, cons_filp);
655         } else if (tty->ops->hangup)
656                 (tty->ops->hangup)(tty);
657         /*
658          * We don't want to have driver/ldisc interactions beyond
659          * the ones we did here. The driver layer expects no
660          * calls after ->hangup() from the ldisc side. However we
661          * can't yet guarantee all that.
662          */
663         set_bit(TTY_HUPPED, &tty->flags);
664         if (ld) {
665                 tty_ldisc_enable(tty);
666                 tty_ldisc_deref(ld);
667         }
668         unlock_kernel();
669         if (f)
670                 fput(f);
671 }
672
673 /**
674  *      tty_hangup              -       trigger a hangup event
675  *      @tty: tty to hangup
676  *
677  *      A carrier loss (virtual or otherwise) has occurred on this like
678  *      schedule a hangup sequence to run after this event.
679  */
680
681 void tty_hangup(struct tty_struct *tty)
682 {
683 #ifdef TTY_DEBUG_HANGUP
684         char    buf[64];
685         printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
686 #endif
687         schedule_work(&tty->hangup_work);
688 }
689
690 EXPORT_SYMBOL(tty_hangup);
691
692 /**
693  *      tty_vhangup             -       process vhangup
694  *      @tty: tty to hangup
695  *
696  *      The user has asked via system call for the terminal to be hung up.
697  *      We do this synchronously so that when the syscall returns the process
698  *      is complete. That guarantee is necessary for security reasons.
699  */
700
701 void tty_vhangup(struct tty_struct *tty)
702 {
703 #ifdef TTY_DEBUG_HANGUP
704         char    buf[64];
705
706         printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
707 #endif
708         do_tty_hangup(&tty->hangup_work);
709 }
710
711 EXPORT_SYMBOL(tty_vhangup);
712
713 /**
714  *      tty_vhangup_self        -       process vhangup for own ctty
715  *
716  *      Perform a vhangup on the current controlling tty
717  */
718
719 void tty_vhangup_self(void)
720 {
721         struct tty_struct *tty;
722
723         tty = get_current_tty();
724         if (tty) {
725                 tty_vhangup(tty);
726                 tty_kref_put(tty);
727         }
728 }
729
730 /**
731  *      tty_hung_up_p           -       was tty hung up
732  *      @filp: file pointer of tty
733  *
734  *      Return true if the tty has been subject to a vhangup or a carrier
735  *      loss
736  */
737
738 int tty_hung_up_p(struct file *filp)
739 {
740         return (filp->f_op == &hung_up_tty_fops);
741 }
742
743 EXPORT_SYMBOL(tty_hung_up_p);
744
745 static void session_clear_tty(struct pid *session)
746 {
747         struct task_struct *p;
748         do_each_pid_task(session, PIDTYPE_SID, p) {
749                 proc_clear_tty(p);
750         } while_each_pid_task(session, PIDTYPE_SID, p);
751 }
752
753 /**
754  *      disassociate_ctty       -       disconnect controlling tty
755  *      @on_exit: true if exiting so need to "hang up" the session
756  *
757  *      This function is typically called only by the session leader, when
758  *      it wants to disassociate itself from its controlling tty.
759  *
760  *      It performs the following functions:
761  *      (1)  Sends a SIGHUP and SIGCONT to the foreground process group
762  *      (2)  Clears the tty from being controlling the session
763  *      (3)  Clears the controlling tty for all processes in the
764  *              session group.
765  *
766  *      The argument on_exit is set to 1 if called when a process is
767  *      exiting; it is 0 if called by the ioctl TIOCNOTTY.
768  *
769  *      Locking:
770  *              BKL is taken for hysterical raisins
771  *                tty_mutex is taken to protect tty
772  *                ->siglock is taken to protect ->signal/->sighand
773  *                tasklist_lock is taken to walk process list for sessions
774  *                  ->siglock is taken to protect ->signal/->sighand
775  */
776
777 void disassociate_ctty(int on_exit)
778 {
779         struct tty_struct *tty;
780         struct pid *tty_pgrp = NULL;
781
782
783         tty = get_current_tty();
784         if (tty) {
785                 tty_pgrp = get_pid(tty->pgrp);
786                 lock_kernel();
787                 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY)
788                         tty_vhangup(tty);
789                 unlock_kernel();
790                 tty_kref_put(tty);
791         } else if (on_exit) {
792                 struct pid *old_pgrp;
793                 spin_lock_irq(&current->sighand->siglock);
794                 old_pgrp = current->signal->tty_old_pgrp;
795                 current->signal->tty_old_pgrp = NULL;
796                 spin_unlock_irq(&current->sighand->siglock);
797                 if (old_pgrp) {
798                         kill_pgrp(old_pgrp, SIGHUP, on_exit);
799                         kill_pgrp(old_pgrp, SIGCONT, on_exit);
800                         put_pid(old_pgrp);
801                 }
802                 return;
803         }
804         if (tty_pgrp) {
805                 kill_pgrp(tty_pgrp, SIGHUP, on_exit);
806                 if (!on_exit)
807                         kill_pgrp(tty_pgrp, SIGCONT, on_exit);
808                 put_pid(tty_pgrp);
809         }
810
811         spin_lock_irq(&current->sighand->siglock);
812         put_pid(current->signal->tty_old_pgrp);
813         current->signal->tty_old_pgrp = NULL;
814         spin_unlock_irq(&current->sighand->siglock);
815
816         tty = get_current_tty();
817         if (tty) {
818                 unsigned long flags;
819                 spin_lock_irqsave(&tty->ctrl_lock, flags);
820                 put_pid(tty->session);
821                 put_pid(tty->pgrp);
822                 tty->session = NULL;
823                 tty->pgrp = NULL;
824                 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
825                 tty_kref_put(tty);
826         } else {
827 #ifdef TTY_DEBUG_HANGUP
828                 printk(KERN_DEBUG "error attempted to write to tty [0x%p]"
829                        " = NULL", tty);
830 #endif
831         }
832
833         /* Now clear signal->tty under the lock */
834         read_lock(&tasklist_lock);
835         session_clear_tty(task_session(current));
836         read_unlock(&tasklist_lock);
837 }
838
839 /**
840  *
841  *      no_tty  - Ensure the current process does not have a controlling tty
842  */
843 void no_tty(void)
844 {
845         struct task_struct *tsk = current;
846         lock_kernel();
847         if (tsk->signal->leader)
848                 disassociate_ctty(0);
849         unlock_kernel();
850         proc_clear_tty(tsk);
851 }
852
853
854 /**
855  *      stop_tty        -       propagate flow control
856  *      @tty: tty to stop
857  *
858  *      Perform flow control to the driver. For PTY/TTY pairs we
859  *      must also propagate the TIOCKPKT status. May be called
860  *      on an already stopped device and will not re-call the driver
861  *      method.
862  *
863  *      This functionality is used by both the line disciplines for
864  *      halting incoming flow and by the driver. It may therefore be
865  *      called from any context, may be under the tty atomic_write_lock
866  *      but not always.
867  *
868  *      Locking:
869  *              Uses the tty control lock internally
870  */
871
872 void stop_tty(struct tty_struct *tty)
873 {
874         unsigned long flags;
875         spin_lock_irqsave(&tty->ctrl_lock, flags);
876         if (tty->stopped) {
877                 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
878                 return;
879         }
880         tty->stopped = 1;
881         if (tty->link && tty->link->packet) {
882                 tty->ctrl_status &= ~TIOCPKT_START;
883                 tty->ctrl_status |= TIOCPKT_STOP;
884                 wake_up_interruptible(&tty->link->read_wait);
885         }
886         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
887         if (tty->ops->stop)
888                 (tty->ops->stop)(tty);
889 }
890
891 EXPORT_SYMBOL(stop_tty);
892
893 /**
894  *      start_tty       -       propagate flow control
895  *      @tty: tty to start
896  *
897  *      Start a tty that has been stopped if at all possible. Perform
898  *      any necessary wakeups and propagate the TIOCPKT status. If this
899  *      is the tty was previous stopped and is being started then the
900  *      driver start method is invoked and the line discipline woken.
901  *
902  *      Locking:
903  *              ctrl_lock
904  */
905
906 void start_tty(struct tty_struct *tty)
907 {
908         unsigned long flags;
909         spin_lock_irqsave(&tty->ctrl_lock, flags);
910         if (!tty->stopped || tty->flow_stopped) {
911                 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
912                 return;
913         }
914         tty->stopped = 0;
915         if (tty->link && tty->link->packet) {
916                 tty->ctrl_status &= ~TIOCPKT_STOP;
917                 tty->ctrl_status |= TIOCPKT_START;
918                 wake_up_interruptible(&tty->link->read_wait);
919         }
920         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
921         if (tty->ops->start)
922                 (tty->ops->start)(tty);
923         /* If we have a running line discipline it may need kicking */
924         tty_wakeup(tty);
925 }
926
927 EXPORT_SYMBOL(start_tty);
928
929 /**
930  *      tty_read        -       read method for tty device files
931  *      @file: pointer to tty file
932  *      @buf: user buffer
933  *      @count: size of user buffer
934  *      @ppos: unused
935  *
936  *      Perform the read system call function on this terminal device. Checks
937  *      for hung up devices before calling the line discipline method.
938  *
939  *      Locking:
940  *              Locks the line discipline internally while needed. Multiple
941  *      read calls may be outstanding in parallel.
942  */
943
944 static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
945                         loff_t *ppos)
946 {
947         int i;
948         struct tty_struct *tty;
949         struct inode *inode;
950         struct tty_ldisc *ld;
951
952         tty = (struct tty_struct *)file->private_data;
953         inode = file->f_path.dentry->d_inode;
954         if (tty_paranoia_check(tty, inode, "tty_read"))
955                 return -EIO;
956         if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
957                 return -EIO;
958
959         /* We want to wait for the line discipline to sort out in this
960            situation */
961         ld = tty_ldisc_ref_wait(tty);
962         if (ld->ops->read)
963                 i = (ld->ops->read)(tty, file, buf, count);
964         else
965                 i = -EIO;
966         tty_ldisc_deref(ld);
967         if (i > 0)
968                 inode->i_atime = current_fs_time(inode->i_sb);
969         return i;
970 }
971
972 void tty_write_unlock(struct tty_struct *tty)
973 {
974         mutex_unlock(&tty->atomic_write_lock);
975         wake_up_interruptible(&tty->write_wait);
976 }
977
978 int tty_write_lock(struct tty_struct *tty, int ndelay)
979 {
980         if (!mutex_trylock(&tty->atomic_write_lock)) {
981                 if (ndelay)
982                         return -EAGAIN;
983                 if (mutex_lock_interruptible(&tty->atomic_write_lock))
984                         return -ERESTARTSYS;
985         }
986         return 0;
987 }
988
989 /*
990  * Split writes up in sane blocksizes to avoid
991  * denial-of-service type attacks
992  */
993 static inline ssize_t do_tty_write(
994         ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
995         struct tty_struct *tty,
996         struct file *file,
997         const char __user *buf,
998         size_t count)
999 {
1000         ssize_t ret, written = 0;
1001         unsigned int chunk;
1002
1003         ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
1004         if (ret < 0)
1005                 return ret;
1006
1007         /*
1008          * We chunk up writes into a temporary buffer. This
1009          * simplifies low-level drivers immensely, since they
1010          * don't have locking issues and user mode accesses.
1011          *
1012          * But if TTY_NO_WRITE_SPLIT is set, we should use a
1013          * big chunk-size..
1014          *
1015          * The default chunk-size is 2kB, because the NTTY
1016          * layer has problems with bigger chunks. It will
1017          * claim to be able to handle more characters than
1018          * it actually does.
1019          *
1020          * FIXME: This can probably go away now except that 64K chunks
1021          * are too likely to fail unless switched to vmalloc...
1022          */
1023         chunk = 2048;
1024         if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1025                 chunk = 65536;
1026         if (count < chunk)
1027                 chunk = count;
1028
1029         /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1030         if (tty->write_cnt < chunk) {
1031                 unsigned char *buf;
1032
1033                 if (chunk < 1024)
1034                         chunk = 1024;
1035
1036                 buf = kmalloc(chunk, GFP_KERNEL);
1037                 if (!buf) {
1038                         ret = -ENOMEM;
1039                         goto out;
1040                 }
1041                 kfree(tty->write_buf);
1042                 tty->write_cnt = chunk;
1043                 tty->write_buf = buf;
1044         }
1045
1046         /* Do the write .. */
1047         for (;;) {
1048                 size_t size = count;
1049                 if (size > chunk)
1050                         size = chunk;
1051                 ret = -EFAULT;
1052                 if (copy_from_user(tty->write_buf, buf, size))
1053                         break;
1054                 ret = write(tty, file, tty->write_buf, size);
1055                 if (ret <= 0)
1056                         break;
1057                 written += ret;
1058                 buf += ret;
1059                 count -= ret;
1060                 if (!count)
1061                         break;
1062                 ret = -ERESTARTSYS;
1063                 if (signal_pending(current))
1064                         break;
1065                 cond_resched();
1066         }
1067         if (written) {
1068                 struct inode *inode = file->f_path.dentry->d_inode;
1069                 inode->i_mtime = current_fs_time(inode->i_sb);
1070                 ret = written;
1071         }
1072 out:
1073         tty_write_unlock(tty);
1074         return ret;
1075 }
1076
1077 /**
1078  * tty_write_message - write a message to a certain tty, not just the console.
1079  * @tty: the destination tty_struct
1080  * @msg: the message to write
1081  *
1082  * This is used for messages that need to be redirected to a specific tty.
1083  * We don't put it into the syslog queue right now maybe in the future if
1084  * really needed.
1085  *
1086  * We must still hold the BKL and test the CLOSING flag for the moment.
1087  */
1088
1089 void tty_write_message(struct tty_struct *tty, char *msg)
1090 {
1091         lock_kernel();
1092         if (tty) {
1093                 mutex_lock(&tty->atomic_write_lock);
1094                 if (tty->ops->write && !test_bit(TTY_CLOSING, &tty->flags))
1095                         tty->ops->write(tty, msg, strlen(msg));
1096                 tty_write_unlock(tty);
1097         }
1098         unlock_kernel();
1099         return;
1100 }
1101
1102
1103 /**
1104  *      tty_write               -       write method for tty device file
1105  *      @file: tty file pointer
1106  *      @buf: user data to write
1107  *      @count: bytes to write
1108  *      @ppos: unused
1109  *
1110  *      Write data to a tty device via the line discipline.
1111  *
1112  *      Locking:
1113  *              Locks the line discipline as required
1114  *              Writes to the tty driver are serialized by the atomic_write_lock
1115  *      and are then processed in chunks to the device. The line discipline
1116  *      write method will not be involked in parallel for each device
1117  *              The line discipline write method is called under the big
1118  *      kernel lock for historical reasons. New code should not rely on this.
1119  */
1120
1121 static ssize_t tty_write(struct file *file, const char __user *buf,
1122                                                 size_t count, loff_t *ppos)
1123 {
1124         struct tty_struct *tty;
1125         struct inode *inode = file->f_path.dentry->d_inode;
1126         ssize_t ret;
1127         struct tty_ldisc *ld;
1128
1129         tty = (struct tty_struct *)file->private_data;
1130         if (tty_paranoia_check(tty, inode, "tty_write"))
1131                 return -EIO;
1132         if (!tty || !tty->ops->write ||
1133                 (test_bit(TTY_IO_ERROR, &tty->flags)))
1134                         return -EIO;
1135         /* Short term debug to catch buggy drivers */
1136         if (tty->ops->write_room == NULL)
1137                 printk(KERN_ERR "tty driver %s lacks a write_room method.\n",
1138                         tty->driver->name);
1139         ld = tty_ldisc_ref_wait(tty);
1140         if (!ld->ops->write)
1141                 ret = -EIO;
1142         else
1143                 ret = do_tty_write(ld->ops->write, tty, file, buf, count);
1144         tty_ldisc_deref(ld);
1145         return ret;
1146 }
1147
1148 ssize_t redirected_tty_write(struct file *file, const char __user *buf,
1149                                                 size_t count, loff_t *ppos)
1150 {
1151         struct file *p = NULL;
1152
1153         spin_lock(&redirect_lock);
1154         if (redirect) {
1155                 get_file(redirect);
1156                 p = redirect;
1157         }
1158         spin_unlock(&redirect_lock);
1159
1160         if (p) {
1161                 ssize_t res;
1162                 res = vfs_write(p, buf, count, &p->f_pos);
1163                 fput(p);
1164                 return res;
1165         }
1166         return tty_write(file, buf, count, ppos);
1167 }
1168
1169 static char ptychar[] = "pqrstuvwxyzabcde";
1170
1171 /**
1172  *      pty_line_name   -       generate name for a pty
1173  *      @driver: the tty driver in use
1174  *      @index: the minor number
1175  *      @p: output buffer of at least 6 bytes
1176  *
1177  *      Generate a name from a driver reference and write it to the output
1178  *      buffer.
1179  *
1180  *      Locking: None
1181  */
1182 static void pty_line_name(struct tty_driver *driver, int index, char *p)
1183 {
1184         int i = index + driver->name_base;
1185         /* ->name is initialized to "ttyp", but "tty" is expected */
1186         sprintf(p, "%s%c%x",
1187                 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1188                 ptychar[i >> 4 & 0xf], i & 0xf);
1189 }
1190
1191 /**
1192  *      pty_line_name   -       generate name for a tty
1193  *      @driver: the tty driver in use
1194  *      @index: the minor number
1195  *      @p: output buffer of at least 7 bytes
1196  *
1197  *      Generate a name from a driver reference and write it to the output
1198  *      buffer.
1199  *
1200  *      Locking: None
1201  */
1202 static void tty_line_name(struct tty_driver *driver, int index, char *p)
1203 {
1204         sprintf(p, "%s%d", driver->name, index + driver->name_base);
1205 }
1206
1207 /**
1208  *      tty_driver_lookup_tty() - find an existing tty, if any
1209  *      @driver: the driver for the tty
1210  *      @idx:    the minor number
1211  *
1212  *      Return the tty, if found or ERR_PTR() otherwise.
1213  *
1214  *      Locking: tty_mutex must be held. If tty is found, the mutex must
1215  *      be held until the 'fast-open' is also done. Will change once we
1216  *      have refcounting in the driver and per driver locking
1217  */
1218 struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver, int idx)
1219 {
1220         struct tty_struct *tty;
1221
1222         if (driver->ops->lookup)
1223                 return driver->ops->lookup(driver, idx);
1224
1225                 tty = driver->ttys[idx];
1226         return tty;
1227 }
1228
1229 /**
1230  *      tty_reopen()    - fast re-open of an open tty
1231  *      @tty    - the tty to open
1232  *
1233  *      Return 0 on success, -errno on error.
1234  *
1235  *      Locking: tty_mutex must be held from the time the tty was found
1236  *               till this open completes.
1237  */
1238 static int tty_reopen(struct tty_struct *tty)
1239 {
1240         struct tty_driver *driver = tty->driver;
1241
1242         if (test_bit(TTY_CLOSING, &tty->flags))
1243                 return -EIO;
1244
1245         if (driver->type == TTY_DRIVER_TYPE_PTY &&
1246             driver->subtype == PTY_TYPE_MASTER) {
1247                 /*
1248                  * special case for PTY masters: only one open permitted,
1249                  * and the slave side open count is incremented as well.
1250                  */
1251                 if (tty->count)
1252                         return -EIO;
1253
1254                 tty->link->count++;
1255         }
1256         tty->count++;
1257         tty->driver = driver; /* N.B. why do this every time?? */
1258
1259         WARN_ON(!test_bit(TTY_LDISC, &tty->flags));
1260
1261         return 0;
1262 }
1263
1264 /**
1265  *      tty_init_dev            -       initialise a tty device
1266  *      @driver: tty driver we are opening a device on
1267  *      @idx: device index
1268  *      @ret_tty: returned tty structure
1269  *      @first_ok: ok to open a new device (used by ptmx)
1270  *
1271  *      Prepare a tty device. This may not be a "new" clean device but
1272  *      could also be an active device. The pty drivers require special
1273  *      handling because of this.
1274  *
1275  *      Locking:
1276  *              The function is called under the tty_mutex, which
1277  *      protects us from the tty struct or driver itself going away.
1278  *
1279  *      On exit the tty device has the line discipline attached and
1280  *      a reference count of 1. If a pair was created for pty/tty use
1281  *      and the other was a pty master then it too has a reference count of 1.
1282  *
1283  * WSH 06/09/97: Rewritten to remove races and properly clean up after a
1284  * failed open.  The new code protects the open with a mutex, so it's
1285  * really quite straightforward.  The mutex locking can probably be
1286  * relaxed for the (most common) case of reopening a tty.
1287  */
1288
1289 int tty_init_dev(struct tty_driver *driver, int idx,
1290         struct tty_struct **ret_tty, int first_ok)
1291 {
1292         struct tty_struct *tty, *o_tty;
1293         struct ktermios *tp, **tp_loc, *o_tp, **o_tp_loc;
1294         struct ktermios *ltp, **ltp_loc, *o_ltp, **o_ltp_loc;
1295         int retval = 0;
1296
1297         /* check whether we're reopening an existing tty */
1298         tty = tty_driver_lookup_tty(driver, idx);
1299         if (IS_ERR(tty)) {
1300                 retval = PTR_ERR(tty);
1301                 goto end_init;
1302         }
1303
1304         if (tty) {
1305                 retval = tty_reopen(tty);
1306                 if (retval)
1307                         return retval;
1308                 *ret_tty = tty;
1309                 return 0;
1310         }
1311
1312         /* Check if pty master is being opened multiple times */
1313         if (driver->subtype == PTY_TYPE_MASTER &&
1314                 (driver->flags & TTY_DRIVER_DEVPTS_MEM) && !first_ok) {
1315                 retval = -EIO;
1316                 goto end_init;
1317         }
1318         /*
1319          * First time open is complex, especially for PTY devices.
1320          * This code guarantees that either everything succeeds and the
1321          * TTY is ready for operation, or else the table slots are vacated
1322          * and the allocated memory released.  (Except that the termios
1323          * and locked termios may be retained.)
1324          */
1325
1326         if (!try_module_get(driver->owner)) {
1327                 retval = -ENODEV;
1328                 goto end_init;
1329         }
1330
1331         o_tty = NULL;
1332         tp = o_tp = NULL;
1333         ltp = o_ltp = NULL;
1334
1335         tty = alloc_tty_struct();
1336         if (!tty)
1337                 goto fail_no_mem;
1338         initialize_tty_struct(tty);
1339         tty->driver = driver;
1340         tty->ops = driver->ops;
1341         tty->index = idx;
1342         tty_line_name(driver, idx, tty->name);
1343
1344         if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1345                 tp_loc = &tty->termios;
1346                 ltp_loc = &tty->termios_locked;
1347         } else {
1348                 tp_loc = &driver->termios[idx];
1349                 ltp_loc = &driver->termios_locked[idx];
1350         }
1351
1352         if (!*tp_loc) {
1353                 tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
1354                 if (!tp)
1355                         goto free_mem_out;
1356                 *tp = driver->init_termios;
1357         }
1358
1359         if (!*ltp_loc) {
1360                 ltp = kzalloc(sizeof(struct ktermios), GFP_KERNEL);
1361                 if (!ltp)
1362                         goto free_mem_out;
1363         }
1364
1365         if (driver->type == TTY_DRIVER_TYPE_PTY) {
1366                 o_tty = alloc_tty_struct();
1367                 if (!o_tty)
1368                         goto free_mem_out;
1369                 if (!try_module_get(driver->other->owner)) {
1370                         /* This cannot in fact currently happen */
1371                         free_tty_struct(o_tty);
1372                         o_tty = NULL;
1373                         goto free_mem_out;
1374                 }
1375                 initialize_tty_struct(o_tty);
1376                 o_tty->driver = driver->other;
1377                 o_tty->ops = driver->ops;
1378                 o_tty->index = idx;
1379                 tty_line_name(driver->other, idx, o_tty->name);
1380
1381                 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1382                         o_tp_loc = &o_tty->termios;
1383                         o_ltp_loc = &o_tty->termios_locked;
1384                 } else {
1385                         o_tp_loc = &driver->other->termios[idx];
1386                         o_ltp_loc = &driver->other->termios_locked[idx];
1387                 }
1388
1389                 if (!*o_tp_loc) {
1390                         o_tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
1391                         if (!o_tp)
1392                                 goto free_mem_out;
1393                         *o_tp = driver->other->init_termios;
1394                 }
1395
1396                 if (!*o_ltp_loc) {
1397                         o_ltp = kzalloc(sizeof(struct ktermios), GFP_KERNEL);
1398                         if (!o_ltp)
1399                                 goto free_mem_out;
1400                 }
1401
1402                 /*
1403                  * Everything allocated ... set up the o_tty structure.
1404                  */
1405                 if (!(driver->other->flags & TTY_DRIVER_DEVPTS_MEM))
1406                         driver->other->ttys[idx] = o_tty;
1407                 if (!*o_tp_loc)
1408                         *o_tp_loc = o_tp;
1409                 if (!*o_ltp_loc)
1410                         *o_ltp_loc = o_ltp;
1411                 o_tty->termios = *o_tp_loc;
1412                 o_tty->termios_locked = *o_ltp_loc;
1413                 tty_driver_kref_get(driver->other);
1414                 if (driver->subtype == PTY_TYPE_MASTER)
1415                         o_tty->count++;
1416
1417                 /* Establish the links in both directions */
1418                 tty->link   = o_tty;
1419                 o_tty->link = tty;
1420         }
1421
1422         /*
1423          * All structures have been allocated, so now we install them.
1424          * Failures after this point use release_tty to clean up, so
1425          * there's no need to null out the local pointers.
1426          *
1427          * FIXME: We want a 'driver->install method ?
1428          */
1429         if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM))
1430                 driver->ttys[idx] = tty;
1431
1432         if (!*tp_loc)
1433                 *tp_loc = tp;
1434         if (!*ltp_loc)
1435                 *ltp_loc = ltp;
1436         tty->termios = *tp_loc;
1437         tty->termios_locked = *ltp_loc;
1438         /* Compatibility until drivers always set this */
1439         tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
1440         tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
1441         tty_driver_kref_get(driver);
1442         tty->count++;
1443
1444         /*
1445          * Structures all installed ... call the ldisc open routines.
1446          * If we fail here just call release_tty to clean up.  No need
1447          * to decrement the use counts, as release_tty doesn't care.
1448          */
1449
1450         retval = tty_ldisc_setup(tty, o_tty);
1451
1452         if (retval)
1453                 goto release_mem_out;
1454
1455         *ret_tty = tty;
1456         /* All paths come through here to release the mutex */
1457 end_init:
1458         return retval;
1459
1460         /* Release locally allocated memory ... nothing placed in slots */
1461 free_mem_out:
1462         kfree(o_tp);
1463         if (o_tty) {
1464                 module_put(o_tty->driver->owner);
1465                 free_tty_struct(o_tty);
1466         }
1467         kfree(ltp);
1468         kfree(tp);
1469         free_tty_struct(tty);
1470
1471 fail_no_mem:
1472         module_put(driver->owner);
1473         retval = -ENOMEM;
1474         goto end_init;
1475
1476         /* call the tty release_tty routine to clean out this slot */
1477 release_mem_out:
1478         if (printk_ratelimit())
1479                 printk(KERN_INFO "tty_init_dev: ldisc open failed, "
1480                                  "clearing slot %d\n", idx);
1481         release_tty(tty, idx);
1482         goto end_init;
1483 }
1484
1485 void tty_free_termios(struct tty_struct *tty)
1486 {
1487         struct ktermios *tp;
1488         int idx = tty->index;
1489         /* Kill this flag and push into drivers for locking etc */
1490         if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
1491                 /* FIXME: Locking on ->termios array */
1492                 tp = tty->termios;
1493                 tty->driver->termios[idx] = NULL;
1494                 kfree(tp);
1495
1496                 tp = tty->termios_locked;
1497                 tty->driver->termios_locked[idx] = NULL;
1498                 kfree(tp);
1499         }
1500 }
1501 EXPORT_SYMBOL(tty_free_termios);
1502
1503 void tty_shutdown(struct tty_struct *tty)
1504 {
1505         tty->driver->ttys[tty->index] = NULL;
1506         tty_free_termios(tty);
1507 }
1508 EXPORT_SYMBOL(tty_shutdown);
1509
1510 /**
1511  *      release_one_tty         -       release tty structure memory
1512  *      @kref: kref of tty we are obliterating
1513  *
1514  *      Releases memory associated with a tty structure, and clears out the
1515  *      driver table slots. This function is called when a device is no longer
1516  *      in use. It also gets called when setup of a device fails.
1517  *
1518  *      Locking:
1519  *              tty_mutex - sometimes only
1520  *              takes the file list lock internally when working on the list
1521  *      of ttys that the driver keeps.
1522  */
1523 static void release_one_tty(struct kref *kref)
1524 {
1525         struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
1526         struct tty_driver *driver = tty->driver;
1527
1528         if (tty->ops->shutdown)
1529                 tty->ops->shutdown(tty);
1530         else
1531                 tty_shutdown(tty);
1532         tty->magic = 0;
1533         tty_driver_kref_put(driver);
1534         module_put(driver->owner);
1535
1536         file_list_lock();
1537         list_del_init(&tty->tty_files);
1538         file_list_unlock();
1539
1540         free_tty_struct(tty);
1541 }
1542
1543 /**
1544  *      tty_kref_put            -       release a tty kref
1545  *      @tty: tty device
1546  *
1547  *      Release a reference to a tty device and if need be let the kref
1548  *      layer destruct the object for us
1549  */
1550
1551 void tty_kref_put(struct tty_struct *tty)
1552 {
1553         if (tty)
1554                 kref_put(&tty->kref, release_one_tty);
1555 }
1556 EXPORT_SYMBOL(tty_kref_put);
1557
1558 /**
1559  *      release_tty             -       release tty structure memory
1560  *
1561  *      Release both @tty and a possible linked partner (think pty pair),
1562  *      and decrement the refcount of the backing module.
1563  *
1564  *      Locking:
1565  *              tty_mutex - sometimes only
1566  *              takes the file list lock internally when working on the list
1567  *      of ttys that the driver keeps.
1568  *              FIXME: should we require tty_mutex is held here ??
1569  *
1570  */
1571 static void release_tty(struct tty_struct *tty, int idx)
1572 {
1573         /* This should always be true but check for the moment */
1574         WARN_ON(tty->index != idx);
1575
1576         if (tty->link)
1577                 tty_kref_put(tty->link);
1578         tty_kref_put(tty);
1579 }
1580
1581 /*
1582  * Even releasing the tty structures is a tricky business.. We have
1583  * to be very careful that the structures are all released at the
1584  * same time, as interrupts might otherwise get the wrong pointers.
1585  *
1586  * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1587  * lead to double frees or releasing memory still in use.
1588  */
1589 void tty_release_dev(struct file *filp)
1590 {
1591         struct tty_struct *tty, *o_tty;
1592         int     pty_master, tty_closing, o_tty_closing, do_sleep;
1593         int     devpts;
1594         int     idx;
1595         char    buf[64];
1596
1597         tty = (struct tty_struct *)filp->private_data;
1598         if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode,
1599                                                         "tty_release_dev"))
1600                 return;
1601
1602         check_tty_count(tty, "tty_release_dev");
1603
1604         tty_fasync(-1, filp, 0);
1605
1606         idx = tty->index;
1607         pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1608                       tty->driver->subtype == PTY_TYPE_MASTER);
1609         devpts = (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) != 0;
1610         o_tty = tty->link;
1611
1612 #ifdef TTY_PARANOIA_CHECK
1613         if (idx < 0 || idx >= tty->driver->num) {
1614                 printk(KERN_DEBUG "tty_release_dev: bad idx when trying to "
1615                                   "free (%s)\n", tty->name);
1616                 return;
1617         }
1618         if (!(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
1619                 if (tty != tty->driver->ttys[idx]) {
1620                         printk(KERN_DEBUG "tty_release_dev: driver.table[%d] not tty "
1621                                "for (%s)\n", idx, tty->name);
1622                         return;
1623                 }
1624                 if (tty->termios != tty->driver->termios[idx]) {
1625                         printk(KERN_DEBUG "tty_release_dev: driver.termios[%d] not termios "
1626                                "for (%s)\n",
1627                                idx, tty->name);
1628                         return;
1629                 }
1630                 if (tty->termios_locked != tty->driver->termios_locked[idx]) {
1631                         printk(KERN_DEBUG "tty_release_dev: driver.termios_locked[%d] not "
1632                                "termios_locked for (%s)\n",
1633                                idx, tty->name);
1634                         return;
1635                 }
1636         }
1637 #endif
1638
1639 #ifdef TTY_DEBUG_HANGUP
1640         printk(KERN_DEBUG "tty_release_dev of %s (tty count=%d)...",
1641                tty_name(tty, buf), tty->count);
1642 #endif
1643
1644 #ifdef TTY_PARANOIA_CHECK
1645         if (tty->driver->other &&
1646              !(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
1647                 if (o_tty != tty->driver->other->ttys[idx]) {
1648                         printk(KERN_DEBUG "tty_release_dev: other->table[%d] "
1649                                           "not o_tty for (%s)\n",
1650                                idx, tty->name);
1651                         return;
1652                 }
1653                 if (o_tty->termios != tty->driver->other->termios[idx]) {
1654                         printk(KERN_DEBUG "tty_release_dev: other->termios[%d] "
1655                                           "not o_termios for (%s)\n",
1656                                idx, tty->name);
1657                         return;
1658                 }
1659                 if (o_tty->termios_locked !=
1660                       tty->driver->other->termios_locked[idx]) {
1661                         printk(KERN_DEBUG "tty_release_dev: other->termios_locked["
1662                                           "%d] not o_termios_locked for (%s)\n",
1663                                idx, tty->name);
1664                         return;
1665                 }
1666                 if (o_tty->link != tty) {
1667                         printk(KERN_DEBUG "tty_release_dev: bad pty pointers\n");
1668                         return;
1669                 }
1670         }
1671 #endif
1672         if (tty->ops->close)
1673                 tty->ops->close(tty, filp);
1674
1675         /*
1676          * Sanity check: if tty->count is going to zero, there shouldn't be
1677          * any waiters on tty->read_wait or tty->write_wait.  We test the
1678          * wait queues and kick everyone out _before_ actually starting to
1679          * close.  This ensures that we won't block while releasing the tty
1680          * structure.
1681          *
1682          * The test for the o_tty closing is necessary, since the master and
1683          * slave sides may close in any order.  If the slave side closes out
1684          * first, its count will be one, since the master side holds an open.
1685          * Thus this test wouldn't be triggered at the time the slave closes,
1686          * so we do it now.
1687          *
1688          * Note that it's possible for the tty to be opened again while we're
1689          * flushing out waiters.  By recalculating the closing flags before
1690          * each iteration we avoid any problems.
1691          */
1692         while (1) {
1693                 /* Guard against races with tty->count changes elsewhere and
1694                    opens on /dev/tty */
1695
1696                 mutex_lock(&tty_mutex);
1697                 tty_closing = tty->count <= 1;
1698                 o_tty_closing = o_tty &&
1699                         (o_tty->count <= (pty_master ? 1 : 0));
1700                 do_sleep = 0;
1701
1702                 if (tty_closing) {
1703                         if (waitqueue_active(&tty->read_wait)) {
1704                                 wake_up(&tty->read_wait);
1705                                 do_sleep++;
1706                         }
1707                         if (waitqueue_active(&tty->write_wait)) {
1708                                 wake_up(&tty->write_wait);
1709                                 do_sleep++;
1710                         }
1711                 }
1712                 if (o_tty_closing) {
1713                         if (waitqueue_active(&o_tty->read_wait)) {
1714                                 wake_up(&o_tty->read_wait);
1715                                 do_sleep++;
1716                         }
1717                         if (waitqueue_active(&o_tty->write_wait)) {
1718                                 wake_up(&o_tty->write_wait);
1719                                 do_sleep++;
1720                         }
1721                 }
1722                 if (!do_sleep)
1723                         break;
1724
1725                 printk(KERN_WARNING "tty_release_dev: %s: read/write wait queue "
1726                                     "active!\n", tty_name(tty, buf));
1727                 mutex_unlock(&tty_mutex);
1728                 schedule();
1729         }
1730
1731         /*
1732          * The closing flags are now consistent with the open counts on
1733          * both sides, and we've completed the last operation that could
1734          * block, so it's safe to proceed with closing.
1735          */
1736         if (pty_master) {
1737                 if (--o_tty->count < 0) {
1738                         printk(KERN_WARNING "tty_release_dev: bad pty slave count "
1739                                             "(%d) for %s\n",
1740                                o_tty->count, tty_name(o_tty, buf));
1741                         o_tty->count = 0;
1742                 }
1743         }
1744         if (--tty->count < 0) {
1745                 printk(KERN_WARNING "tty_release_dev: bad tty->count (%d) for %s\n",
1746                        tty->count, tty_name(tty, buf));
1747                 tty->count = 0;
1748         }
1749
1750         /*
1751          * We've decremented tty->count, so we need to remove this file
1752          * descriptor off the tty->tty_files list; this serves two
1753          * purposes:
1754          *  - check_tty_count sees the correct number of file descriptors
1755          *    associated with this tty.
1756          *  - do_tty_hangup no longer sees this file descriptor as
1757          *    something that needs to be handled for hangups.
1758          */
1759         file_kill(filp);
1760         filp->private_data = NULL;
1761
1762         /*
1763          * Perform some housekeeping before deciding whether to return.
1764          *
1765          * Set the TTY_CLOSING flag if this was the last open.  In the
1766          * case of a pty we may have to wait around for the other side
1767          * to close, and TTY_CLOSING makes sure we can't be reopened.
1768          */
1769         if (tty_closing)
1770                 set_bit(TTY_CLOSING, &tty->flags);
1771         if (o_tty_closing)
1772                 set_bit(TTY_CLOSING, &o_tty->flags);
1773
1774         /*
1775          * If _either_ side is closing, make sure there aren't any
1776          * processes that still think tty or o_tty is their controlling
1777          * tty.
1778          */
1779         if (tty_closing || o_tty_closing) {
1780                 read_lock(&tasklist_lock);
1781                 session_clear_tty(tty->session);
1782                 if (o_tty)
1783                         session_clear_tty(o_tty->session);
1784                 read_unlock(&tasklist_lock);
1785         }
1786
1787         mutex_unlock(&tty_mutex);
1788
1789         /* check whether both sides are closing ... */
1790         if (!tty_closing || (o_tty && !o_tty_closing))
1791                 return;
1792
1793 #ifdef TTY_DEBUG_HANGUP
1794         printk(KERN_DEBUG "freeing tty structure...");
1795 #endif
1796         /*
1797          * Ask the line discipline code to release its structures
1798          */
1799         tty_ldisc_release(tty, o_tty);
1800         /*
1801          * The release_tty function takes care of the details of clearing
1802          * the slots and preserving the termios structure.
1803          */
1804         release_tty(tty, idx);
1805
1806         /* Make this pty number available for reallocation */
1807         if (devpts)
1808                 devpts_kill_index(idx);
1809 }
1810
1811 /**
1812  *      __tty_open              -       open a tty device
1813  *      @inode: inode of device file
1814  *      @filp: file pointer to tty
1815  *
1816  *      tty_open and tty_release keep up the tty count that contains the
1817  *      number of opens done on a tty. We cannot use the inode-count, as
1818  *      different inodes might point to the same tty.
1819  *
1820  *      Open-counting is needed for pty masters, as well as for keeping
1821  *      track of serial lines: DTR is dropped when the last close happens.
1822  *      (This is not done solely through tty->count, now.  - Ted 1/27/92)
1823  *
1824  *      The termios state of a pty is reset on first open so that
1825  *      settings don't persist across reuse.
1826  *
1827  *      Locking: tty_mutex protects tty, get_tty_driver and tty_init_dev work.
1828  *               tty->count should protect the rest.
1829  *               ->siglock protects ->signal/->sighand
1830  */
1831
1832 static int __tty_open(struct inode *inode, struct file *filp)
1833 {
1834         struct tty_struct *tty;
1835         int noctty, retval;
1836         struct tty_driver *driver;
1837         int index;
1838         dev_t device = inode->i_rdev;
1839         unsigned short saved_flags = filp->f_flags;
1840
1841         nonseekable_open(inode, filp);
1842
1843 retry_open:
1844         noctty = filp->f_flags & O_NOCTTY;
1845         index  = -1;
1846         retval = 0;
1847
1848         mutex_lock(&tty_mutex);
1849
1850         if (device == MKDEV(TTYAUX_MAJOR, 0)) {
1851                 tty = get_current_tty();
1852                 if (!tty) {
1853                         mutex_unlock(&tty_mutex);
1854                         return -ENXIO;
1855                 }
1856                 driver = tty_driver_kref_get(tty->driver);
1857                 index = tty->index;
1858                 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
1859                 /* noctty = 1; */
1860                 /* FIXME: Should we take a driver reference ? */
1861                 tty_kref_put(tty);
1862                 goto got_driver;
1863         }
1864 #ifdef CONFIG_VT
1865         if (device == MKDEV(TTY_MAJOR, 0)) {
1866                 extern struct tty_driver *console_driver;
1867                 driver = tty_driver_kref_get(console_driver);
1868                 index = fg_console;
1869                 noctty = 1;
1870                 goto got_driver;
1871         }
1872 #endif
1873         if (device == MKDEV(TTYAUX_MAJOR, 1)) {
1874                 driver = tty_driver_kref_get(console_device(&index));
1875                 if (driver) {
1876                         /* Don't let /dev/console block */
1877                         filp->f_flags |= O_NONBLOCK;
1878                         noctty = 1;
1879                         goto got_driver;
1880                 }
1881                 mutex_unlock(&tty_mutex);
1882                 return -ENODEV;
1883         }
1884
1885         driver = get_tty_driver(device, &index);
1886         if (!driver) {
1887                 mutex_unlock(&tty_mutex);
1888                 return -ENODEV;
1889         }
1890 got_driver:
1891         retval = tty_init_dev(driver, index, &tty, 0);
1892         mutex_unlock(&tty_mutex);
1893         tty_driver_kref_put(driver);
1894         if (retval)
1895                 return retval;
1896
1897         filp->private_data = tty;
1898         file_move(filp, &tty->tty_files);
1899         check_tty_count(tty, "tty_open");
1900         if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1901             tty->driver->subtype == PTY_TYPE_MASTER)
1902                 noctty = 1;
1903 #ifdef TTY_DEBUG_HANGUP
1904         printk(KERN_DEBUG "opening %s...", tty->name);
1905 #endif
1906         if (!retval) {
1907                 if (tty->ops->open)
1908                         retval = tty->ops->open(tty, filp);
1909                 else
1910                         retval = -ENODEV;
1911         }
1912         filp->f_flags = saved_flags;
1913
1914         if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) &&
1915                                                 !capable(CAP_SYS_ADMIN))
1916                 retval = -EBUSY;
1917
1918         if (retval) {
1919 #ifdef TTY_DEBUG_HANGUP
1920                 printk(KERN_DEBUG "error %d in opening %s...", retval,
1921                        tty->name);
1922 #endif
1923                 tty_release_dev(filp);
1924                 if (retval != -ERESTARTSYS)
1925                         return retval;
1926                 if (signal_pending(current))
1927                         return retval;
1928                 schedule();
1929                 /*
1930                  * Need to reset f_op in case a hangup happened.
1931                  */
1932                 if (filp->f_op == &hung_up_tty_fops)
1933                         filp->f_op = &tty_fops;
1934                 goto retry_open;
1935         }
1936
1937         mutex_lock(&tty_mutex);
1938         spin_lock_irq(&current->sighand->siglock);
1939         if (!noctty &&
1940             current->signal->leader &&
1941             !current->signal->tty &&
1942             tty->session == NULL)
1943                 __proc_set_tty(current, tty);
1944         spin_unlock_irq(&current->sighand->siglock);
1945         mutex_unlock(&tty_mutex);
1946         return 0;
1947 }
1948
1949 /* BKL pushdown: scary code avoidance wrapper */
1950 static int tty_open(struct inode *inode, struct file *filp)
1951 {
1952         int ret;
1953
1954         lock_kernel();
1955         ret = __tty_open(inode, filp);
1956         unlock_kernel();
1957         return ret;
1958 }
1959
1960
1961
1962
1963 /**
1964  *      tty_release             -       vfs callback for close
1965  *      @inode: inode of tty
1966  *      @filp: file pointer for handle to tty
1967  *
1968  *      Called the last time each file handle is closed that references
1969  *      this tty. There may however be several such references.
1970  *
1971  *      Locking:
1972  *              Takes bkl. See tty_release_dev
1973  */
1974
1975 static int tty_release(struct inode *inode, struct file *filp)
1976 {
1977         lock_kernel();
1978         tty_release_dev(filp);
1979         unlock_kernel();
1980         return 0;
1981 }
1982
1983 /**
1984  *      tty_poll        -       check tty status
1985  *      @filp: file being polled
1986  *      @wait: poll wait structures to update
1987  *
1988  *      Call the line discipline polling method to obtain the poll
1989  *      status of the device.
1990  *
1991  *      Locking: locks called line discipline but ldisc poll method
1992  *      may be re-entered freely by other callers.
1993  */
1994
1995 static unsigned int tty_poll(struct file *filp, poll_table *wait)
1996 {
1997         struct tty_struct *tty;
1998         struct tty_ldisc *ld;
1999         int ret = 0;
2000
2001         tty = (struct tty_struct *)filp->private_data;
2002         if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_poll"))
2003                 return 0;
2004
2005         ld = tty_ldisc_ref_wait(tty);
2006         if (ld->ops->poll)
2007                 ret = (ld->ops->poll)(tty, filp, wait);
2008         tty_ldisc_deref(ld);
2009         return ret;
2010 }
2011
2012 static int tty_fasync(int fd, struct file *filp, int on)
2013 {
2014         struct tty_struct *tty;
2015         unsigned long flags;
2016         int retval = 0;
2017
2018         lock_kernel();
2019         tty = (struct tty_struct *)filp->private_data;
2020         if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_fasync"))
2021                 goto out;
2022
2023         retval = fasync_helper(fd, filp, on, &tty->fasync);
2024         if (retval <= 0)
2025                 goto out;
2026
2027         if (on) {
2028                 enum pid_type type;
2029                 struct pid *pid;
2030                 if (!waitqueue_active(&tty->read_wait))
2031                         tty->minimum_to_wake = 1;
2032                 spin_lock_irqsave(&tty->ctrl_lock, flags);
2033                 if (tty->pgrp) {
2034                         pid = tty->pgrp;
2035                         type = PIDTYPE_PGID;
2036                 } else {
2037                         pid = task_pid(current);
2038                         type = PIDTYPE_PID;
2039                 }
2040                 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2041                 retval = __f_setown(filp, pid, type, 0);
2042                 if (retval)
2043                         goto out;
2044         } else {
2045                 if (!tty->fasync && !waitqueue_active(&tty->read_wait))
2046                         tty->minimum_to_wake = N_TTY_BUF_SIZE;
2047         }
2048         retval = 0;
2049 out:
2050         unlock_kernel();
2051         return retval;
2052 }
2053
2054 /**
2055  *      tiocsti                 -       fake input character
2056  *      @tty: tty to fake input into
2057  *      @p: pointer to character
2058  *
2059  *      Fake input to a tty device. Does the necessary locking and
2060  *      input management.
2061  *
2062  *      FIXME: does not honour flow control ??
2063  *
2064  *      Locking:
2065  *              Called functions take tty_ldisc_lock
2066  *              current->signal->tty check is safe without locks
2067  *
2068  *      FIXME: may race normal receive processing
2069  */
2070
2071 static int tiocsti(struct tty_struct *tty, char __user *p)
2072 {
2073         char ch, mbz = 0;
2074         struct tty_ldisc *ld;
2075
2076         if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2077                 return -EPERM;
2078         if (get_user(ch, p))
2079                 return -EFAULT;
2080         ld = tty_ldisc_ref_wait(tty);
2081         ld->ops->receive_buf(tty, &ch, &mbz, 1);
2082         tty_ldisc_deref(ld);
2083         return 0;
2084 }
2085
2086 /**
2087  *      tiocgwinsz              -       implement window query ioctl
2088  *      @tty; tty
2089  *      @arg: user buffer for result
2090  *
2091  *      Copies the kernel idea of the window size into the user buffer.
2092  *
2093  *      Locking: tty->termios_mutex is taken to ensure the winsize data
2094  *              is consistent.
2095  */
2096
2097 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2098 {
2099         int err;
2100
2101         mutex_lock(&tty->termios_mutex);
2102         err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2103         mutex_unlock(&tty->termios_mutex);
2104
2105         return err ? -EFAULT: 0;
2106 }
2107
2108 /**
2109  *      tty_do_resize           -       resize event
2110  *      @tty: tty being resized
2111  *      @real_tty: real tty (not the same as tty if using a pty/tty pair)
2112  *      @rows: rows (character)
2113  *      @cols: cols (character)
2114  *
2115  *      Update the termios variables and send the neccessary signals to
2116  *      peform a terminal resize correctly
2117  */
2118
2119 int tty_do_resize(struct tty_struct *tty, struct tty_struct *real_tty,
2120                                         struct winsize *ws)
2121 {
2122         struct pid *pgrp, *rpgrp;
2123         unsigned long flags;
2124
2125         /* For a PTY we need to lock the tty side */
2126         mutex_lock(&real_tty->termios_mutex);
2127         if (!memcmp(ws, &real_tty->winsize, sizeof(*ws)))
2128                 goto done;
2129         /* Get the PID values and reference them so we can
2130            avoid holding the tty ctrl lock while sending signals */
2131         spin_lock_irqsave(&tty->ctrl_lock, flags);
2132         pgrp = get_pid(tty->pgrp);
2133         rpgrp = get_pid(real_tty->pgrp);
2134         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2135
2136         if (pgrp)
2137                 kill_pgrp(pgrp, SIGWINCH, 1);
2138         if (rpgrp != pgrp && rpgrp)
2139                 kill_pgrp(rpgrp, SIGWINCH, 1);
2140
2141         put_pid(pgrp);
2142         put_pid(rpgrp);
2143
2144         tty->winsize = *ws;
2145         real_tty->winsize = *ws;
2146 done:
2147         mutex_unlock(&real_tty->termios_mutex);
2148         return 0;
2149 }
2150
2151 /**
2152  *      tiocswinsz              -       implement window size set ioctl
2153  *      @tty; tty
2154  *      @arg: user buffer for result
2155  *
2156  *      Copies the user idea of the window size to the kernel. Traditionally
2157  *      this is just advisory information but for the Linux console it
2158  *      actually has driver level meaning and triggers a VC resize.
2159  *
2160  *      Locking:
2161  *              Driver dependant. The default do_resize method takes the
2162  *      tty termios mutex and ctrl_lock. The console takes its own lock
2163  *      then calls into the default method.
2164  */
2165
2166 static int tiocswinsz(struct tty_struct *tty, struct tty_struct *real_tty,
2167         struct winsize __user *arg)
2168 {
2169         struct winsize tmp_ws;
2170         if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2171                 return -EFAULT;
2172
2173         if (tty->ops->resize)
2174                 return tty->ops->resize(tty, real_tty, &tmp_ws);
2175         else
2176                 return tty_do_resize(tty, real_tty, &tmp_ws);
2177 }
2178
2179 /**
2180  *      tioccons        -       allow admin to move logical console
2181  *      @file: the file to become console
2182  *
2183  *      Allow the adminstrator to move the redirected console device
2184  *
2185  *      Locking: uses redirect_lock to guard the redirect information
2186  */
2187
2188 static int tioccons(struct file *file)
2189 {
2190         if (!capable(CAP_SYS_ADMIN))
2191                 return -EPERM;
2192         if (file->f_op->write == redirected_tty_write) {
2193                 struct file *f;
2194                 spin_lock(&redirect_lock);
2195                 f = redirect;
2196                 redirect = NULL;
2197                 spin_unlock(&redirect_lock);
2198                 if (f)
2199                         fput(f);
2200                 return 0;
2201         }
2202         spin_lock(&redirect_lock);
2203         if (redirect) {
2204                 spin_unlock(&redirect_lock);
2205                 return -EBUSY;
2206         }
2207         get_file(file);
2208         redirect = file;
2209         spin_unlock(&redirect_lock);
2210         return 0;
2211 }
2212
2213 /**
2214  *      fionbio         -       non blocking ioctl
2215  *      @file: file to set blocking value
2216  *      @p: user parameter
2217  *
2218  *      Historical tty interfaces had a blocking control ioctl before
2219  *      the generic functionality existed. This piece of history is preserved
2220  *      in the expected tty API of posix OS's.
2221  *
2222  *      Locking: none, the open fle handle ensures it won't go away.
2223  */
2224
2225 static int fionbio(struct file *file, int __user *p)
2226 {
2227         int nonblock;
2228
2229         if (get_user(nonblock, p))
2230                 return -EFAULT;
2231
2232         /* file->f_flags is still BKL protected in the fs layer - vomit */
2233         lock_kernel();
2234         if (nonblock)
2235                 file->f_flags |= O_NONBLOCK;
2236         else
2237                 file->f_flags &= ~O_NONBLOCK;
2238         unlock_kernel();
2239         return 0;
2240 }
2241
2242 /**
2243  *      tiocsctty       -       set controlling tty
2244  *      @tty: tty structure
2245  *      @arg: user argument
2246  *
2247  *      This ioctl is used to manage job control. It permits a session
2248  *      leader to set this tty as the controlling tty for the session.
2249  *
2250  *      Locking:
2251  *              Takes tty_mutex() to protect tty instance
2252  *              Takes tasklist_lock internally to walk sessions
2253  *              Takes ->siglock() when updating signal->tty
2254  */
2255
2256 static int tiocsctty(struct tty_struct *tty, int arg)
2257 {
2258         int ret = 0;
2259         if (current->signal->leader && (task_session(current) == tty->session))
2260                 return ret;
2261
2262         mutex_lock(&tty_mutex);
2263         /*
2264          * The process must be a session leader and
2265          * not have a controlling tty already.
2266          */
2267         if (!current->signal->leader || current->signal->tty) {
2268                 ret = -EPERM;
2269                 goto unlock;
2270         }
2271
2272         if (tty->session) {
2273                 /*
2274                  * This tty is already the controlling
2275                  * tty for another session group!
2276                  */
2277                 if (arg == 1 && capable(CAP_SYS_ADMIN)) {
2278                         /*
2279                          * Steal it away
2280                          */
2281                         read_lock(&tasklist_lock);
2282                         session_clear_tty(tty->session);
2283                         read_unlock(&tasklist_lock);
2284                 } else {
2285                         ret = -EPERM;
2286                         goto unlock;
2287                 }
2288         }
2289         proc_set_tty(current, tty);
2290 unlock:
2291         mutex_unlock(&tty_mutex);
2292         return ret;
2293 }
2294
2295 /**
2296  *      tty_get_pgrp    -       return a ref counted pgrp pid
2297  *      @tty: tty to read
2298  *
2299  *      Returns a refcounted instance of the pid struct for the process
2300  *      group controlling the tty.
2301  */
2302
2303 struct pid *tty_get_pgrp(struct tty_struct *tty)
2304 {
2305         unsigned long flags;
2306         struct pid *pgrp;
2307
2308         spin_lock_irqsave(&tty->ctrl_lock, flags);
2309         pgrp = get_pid(tty->pgrp);
2310         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2311
2312         return pgrp;
2313 }
2314 EXPORT_SYMBOL_GPL(tty_get_pgrp);
2315
2316 /**
2317  *      tiocgpgrp               -       get process group
2318  *      @tty: tty passed by user
2319  *      @real_tty: tty side of the tty pased by the user if a pty else the tty
2320  *      @p: returned pid
2321  *
2322  *      Obtain the process group of the tty. If there is no process group
2323  *      return an error.
2324  *
2325  *      Locking: none. Reference to current->signal->tty is safe.
2326  */
2327
2328 static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2329 {
2330         struct pid *pid;
2331         int ret;
2332         /*
2333          * (tty == real_tty) is a cheap way of
2334          * testing if the tty is NOT a master pty.
2335          */
2336         if (tty == real_tty && current->signal->tty != real_tty)
2337                 return -ENOTTY;
2338         pid = tty_get_pgrp(real_tty);
2339         ret =  put_user(pid_vnr(pid), p);
2340         put_pid(pid);
2341         return ret;
2342 }
2343
2344 /**
2345  *      tiocspgrp               -       attempt to set process group
2346  *      @tty: tty passed by user
2347  *      @real_tty: tty side device matching tty passed by user
2348  *      @p: pid pointer
2349  *
2350  *      Set the process group of the tty to the session passed. Only
2351  *      permitted where the tty session is our session.
2352  *
2353  *      Locking: RCU, ctrl lock
2354  */
2355
2356 static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2357 {
2358         struct pid *pgrp;
2359         pid_t pgrp_nr;
2360         int retval = tty_check_change(real_tty);
2361         unsigned long flags;
2362
2363         if (retval == -EIO)
2364                 return -ENOTTY;
2365         if (retval)
2366                 return retval;
2367         if (!current->signal->tty ||
2368             (current->signal->tty != real_tty) ||
2369             (real_tty->session != task_session(current)))
2370                 return -ENOTTY;
2371         if (get_user(pgrp_nr, p))
2372                 return -EFAULT;
2373         if (pgrp_nr < 0)
2374                 return -EINVAL;
2375         rcu_read_lock();
2376         pgrp = find_vpid(pgrp_nr);
2377         retval = -ESRCH;
2378         if (!pgrp)
2379                 goto out_unlock;
2380         retval = -EPERM;
2381         if (session_of_pgrp(pgrp) != task_session(current))
2382                 goto out_unlock;
2383         retval = 0;
2384         spin_lock_irqsave(&tty->ctrl_lock, flags);
2385         put_pid(real_tty->pgrp);
2386         real_tty->pgrp = get_pid(pgrp);
2387         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2388 out_unlock:
2389         rcu_read_unlock();
2390         return retval;
2391 }
2392
2393 /**
2394  *      tiocgsid                -       get session id
2395  *      @tty: tty passed by user
2396  *      @real_tty: tty side of the tty pased by the user if a pty else the tty
2397  *      @p: pointer to returned session id
2398  *
2399  *      Obtain the session id of the tty. If there is no session
2400  *      return an error.
2401  *
2402  *      Locking: none. Reference to current->signal->tty is safe.
2403  */
2404
2405 static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2406 {
2407         /*
2408          * (tty == real_tty) is a cheap way of
2409          * testing if the tty is NOT a master pty.
2410         */
2411         if (tty == real_tty && current->signal->tty != real_tty)
2412                 return -ENOTTY;
2413         if (!real_tty->session)
2414                 return -ENOTTY;
2415         return put_user(pid_vnr(real_tty->session), p);
2416 }
2417
2418 /**
2419  *      tiocsetd        -       set line discipline
2420  *      @tty: tty device
2421  *      @p: pointer to user data
2422  *
2423  *      Set the line discipline according to user request.
2424  *
2425  *      Locking: see tty_set_ldisc, this function is just a helper
2426  */
2427
2428 static int tiocsetd(struct tty_struct *tty, int __user *p)
2429 {
2430         int ldisc;
2431         int ret;
2432
2433         if (get_user(ldisc, p))
2434                 return -EFAULT;
2435
2436         lock_kernel();
2437         ret = tty_set_ldisc(tty, ldisc);
2438         unlock_kernel();
2439
2440         return ret;
2441 }
2442
2443 /**
2444  *      send_break      -       performed time break
2445  *      @tty: device to break on
2446  *      @duration: timeout in mS
2447  *
2448  *      Perform a timed break on hardware that lacks its own driver level
2449  *      timed break functionality.
2450  *
2451  *      Locking:
2452  *              atomic_write_lock serializes
2453  *
2454  */
2455
2456 static int send_break(struct tty_struct *tty, unsigned int duration)
2457 {
2458         int retval;
2459
2460         if (tty->ops->break_ctl == NULL)
2461                 return 0;
2462
2463         if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
2464                 retval = tty->ops->break_ctl(tty, duration);
2465         else {
2466                 /* Do the work ourselves */
2467                 if (tty_write_lock(tty, 0) < 0)
2468                         return -EINTR;
2469                 retval = tty->ops->break_ctl(tty, -1);
2470                 if (retval)
2471                         goto out;
2472                 if (!signal_pending(current))
2473                         msleep_interruptible(duration);
2474                 retval = tty->ops->break_ctl(tty, 0);
2475 out:
2476                 tty_write_unlock(tty);
2477                 if (signal_pending(current))
2478                         retval = -EINTR;
2479         }
2480         return retval;
2481 }
2482
2483 /**
2484  *      tty_tiocmget            -       get modem status
2485  *      @tty: tty device
2486  *      @file: user file pointer
2487  *      @p: pointer to result
2488  *
2489  *      Obtain the modem status bits from the tty driver if the feature
2490  *      is supported. Return -EINVAL if it is not available.
2491  *
2492  *      Locking: none (up to the driver)
2493  */
2494
2495 static int tty_tiocmget(struct tty_struct *tty, struct file *file, int __user *p)
2496 {
2497         int retval = -EINVAL;
2498
2499         if (tty->ops->tiocmget) {
2500                 retval = tty->ops->tiocmget(tty, file);
2501
2502                 if (retval >= 0)
2503                         retval = put_user(retval, p);
2504         }
2505         return retval;
2506 }
2507
2508 /**
2509  *      tty_tiocmset            -       set modem status
2510  *      @tty: tty device
2511  *      @file: user file pointer
2512  *      @cmd: command - clear bits, set bits or set all
2513  *      @p: pointer to desired bits
2514  *
2515  *      Set the modem status bits from the tty driver if the feature
2516  *      is supported. Return -EINVAL if it is not available.
2517  *
2518  *      Locking: none (up to the driver)
2519  */
2520
2521 static int tty_tiocmset(struct tty_struct *tty, struct file *file, unsigned int cmd,
2522              unsigned __user *p)
2523 {
2524         int retval;
2525         unsigned int set, clear, val;
2526
2527         if (tty->ops->tiocmset == NULL)
2528                 return -EINVAL;
2529
2530         retval = get_user(val, p);
2531         if (retval)
2532                 return retval;
2533         set = clear = 0;
2534         switch (cmd) {
2535         case TIOCMBIS:
2536                 set = val;
2537                 break;
2538         case TIOCMBIC:
2539                 clear = val;
2540                 break;
2541         case TIOCMSET:
2542                 set = val;
2543                 clear = ~val;
2544                 break;
2545         }
2546         set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2547         clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2548         return tty->ops->tiocmset(tty, file, set, clear);
2549 }
2550
2551 /*
2552  * Split this up, as gcc can choke on it otherwise..
2553  */
2554 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2555 {
2556         struct tty_struct *tty, *real_tty;
2557         void __user *p = (void __user *)arg;
2558         int retval;
2559         struct tty_ldisc *ld;
2560         struct inode *inode = file->f_dentry->d_inode;
2561
2562         tty = (struct tty_struct *)file->private_data;
2563         if (tty_paranoia_check(tty, inode, "tty_ioctl"))
2564                 return -EINVAL;
2565
2566         real_tty = tty;
2567         if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2568             tty->driver->subtype == PTY_TYPE_MASTER)
2569                 real_tty = tty->link;
2570
2571
2572         /*
2573          * Factor out some common prep work
2574          */
2575         switch (cmd) {
2576         case TIOCSETD:
2577         case TIOCSBRK:
2578         case TIOCCBRK:
2579         case TCSBRK:
2580         case TCSBRKP:
2581                 retval = tty_check_change(tty);
2582                 if (retval)
2583                         return retval;
2584                 if (cmd != TIOCCBRK) {
2585                         tty_wait_until_sent(tty, 0);
2586                         if (signal_pending(current))
2587                                 return -EINTR;
2588                 }
2589                 break;
2590         }
2591
2592         /*
2593          *      Now do the stuff.
2594          */
2595         switch (cmd) {
2596         case TIOCSTI:
2597                 return tiocsti(tty, p);
2598         case TIOCGWINSZ:
2599                 return tiocgwinsz(real_tty, p);
2600         case TIOCSWINSZ:
2601                 return tiocswinsz(tty, real_tty, p);
2602         case TIOCCONS:
2603                 return real_tty != tty ? -EINVAL : tioccons(file);
2604         case FIONBIO:
2605                 return fionbio(file, p);
2606         case TIOCEXCL:
2607                 set_bit(TTY_EXCLUSIVE, &tty->flags);
2608                 return 0;
2609         case TIOCNXCL:
2610                 clear_bit(TTY_EXCLUSIVE, &tty->flags);
2611                 return 0;
2612         case TIOCNOTTY:
2613                 if (current->signal->tty != tty)
2614                         return -ENOTTY;
2615                 no_tty();
2616                 return 0;
2617         case TIOCSCTTY:
2618                 return tiocsctty(tty, arg);
2619         case TIOCGPGRP:
2620                 return tiocgpgrp(tty, real_tty, p);
2621         case TIOCSPGRP:
2622                 return tiocspgrp(tty, real_tty, p);
2623         case TIOCGSID:
2624                 return tiocgsid(tty, real_tty, p);
2625         case TIOCGETD:
2626                 return put_user(tty->ldisc.ops->num, (int __user *)p);
2627         case TIOCSETD:
2628                 return tiocsetd(tty, p);
2629         /*
2630          * Break handling
2631          */
2632         case TIOCSBRK:  /* Turn break on, unconditionally */
2633                 if (tty->ops->break_ctl)
2634                         return tty->ops->break_ctl(tty, -1);
2635                 return 0;
2636         case TIOCCBRK:  /* Turn break off, unconditionally */
2637                 if (tty->ops->break_ctl)
2638                         return tty->ops->break_ctl(tty, 0);
2639                 return 0;
2640         case TCSBRK:   /* SVID version: non-zero arg --> no break */
2641                 /* non-zero arg means wait for all output data
2642                  * to be sent (performed above) but don't send break.
2643                  * This is used by the tcdrain() termios function.
2644                  */
2645                 if (!arg)
2646                         return send_break(tty, 250);
2647                 return 0;
2648         case TCSBRKP:   /* support for POSIX tcsendbreak() */
2649                 return send_break(tty, arg ? arg*100 : 250);
2650
2651         case TIOCMGET:
2652                 return tty_tiocmget(tty, file, p);
2653         case TIOCMSET:
2654         case TIOCMBIC:
2655         case TIOCMBIS:
2656                 return tty_tiocmset(tty, file, cmd, p);
2657         case TCFLSH:
2658                 switch (arg) {
2659                 case TCIFLUSH:
2660                 case TCIOFLUSH:
2661                 /* flush tty buffer and allow ldisc to process ioctl */
2662                         tty_buffer_flush(tty);
2663                         break;
2664                 }
2665                 break;
2666         }
2667         if (tty->ops->ioctl) {
2668                 retval = (tty->ops->ioctl)(tty, file, cmd, arg);
2669                 if (retval != -ENOIOCTLCMD)
2670                         return retval;
2671         }
2672         ld = tty_ldisc_ref_wait(tty);
2673         retval = -EINVAL;
2674         if (ld->ops->ioctl) {
2675                 retval = ld->ops->ioctl(tty, file, cmd, arg);
2676                 if (retval == -ENOIOCTLCMD)
2677                         retval = -EINVAL;
2678         }
2679         tty_ldisc_deref(ld);
2680         return retval;
2681 }
2682
2683 #ifdef CONFIG_COMPAT
2684 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
2685                                 unsigned long arg)
2686 {
2687         struct inode *inode = file->f_dentry->d_inode;
2688         struct tty_struct *tty = file->private_data;
2689         struct tty_ldisc *ld;
2690         int retval = -ENOIOCTLCMD;
2691
2692         if (tty_paranoia_check(tty, inode, "tty_ioctl"))
2693                 return -EINVAL;
2694
2695         if (tty->ops->compat_ioctl) {
2696                 retval = (tty->ops->compat_ioctl)(tty, file, cmd, arg);
2697                 if (retval != -ENOIOCTLCMD)
2698                         return retval;
2699         }
2700
2701         ld = tty_ldisc_ref_wait(tty);
2702         if (ld->ops->compat_ioctl)
2703                 retval = ld->ops->compat_ioctl(tty, file, cmd, arg);
2704         tty_ldisc_deref(ld);
2705
2706         return retval;
2707 }
2708 #endif
2709
2710 /*
2711  * This implements the "Secure Attention Key" ---  the idea is to
2712  * prevent trojan horses by killing all processes associated with this
2713  * tty when the user hits the "Secure Attention Key".  Required for
2714  * super-paranoid applications --- see the Orange Book for more details.
2715  *
2716  * This code could be nicer; ideally it should send a HUP, wait a few
2717  * seconds, then send a INT, and then a KILL signal.  But you then
2718  * have to coordinate with the init process, since all processes associated
2719  * with the current tty must be dead before the new getty is allowed
2720  * to spawn.
2721  *
2722  * Now, if it would be correct ;-/ The current code has a nasty hole -
2723  * it doesn't catch files in flight. We may send the descriptor to ourselves
2724  * via AF_UNIX socket, close it and later fetch from socket. FIXME.
2725  *
2726  * Nasty bug: do_SAK is being called in interrupt context.  This can
2727  * deadlock.  We punt it up to process context.  AKPM - 16Mar2001
2728  */
2729 void __do_SAK(struct tty_struct *tty)
2730 {
2731 #ifdef TTY_SOFT_SAK
2732         tty_hangup(tty);
2733 #else
2734         struct task_struct *g, *p;
2735         struct pid *session;
2736         int             i;
2737         struct file     *filp;
2738         struct fdtable *fdt;
2739
2740         if (!tty)
2741                 return;
2742         session = tty->session;
2743
2744         tty_ldisc_flush(tty);
2745
2746         tty_driver_flush_buffer(tty);
2747
2748         read_lock(&tasklist_lock);
2749         /* Kill the entire session */
2750         do_each_pid_task(session, PIDTYPE_SID, p) {
2751                 printk(KERN_NOTICE "SAK: killed process %d"
2752                         " (%s): task_session_nr(p)==tty->session\n",
2753                         task_pid_nr(p), p->comm);
2754                 send_sig(SIGKILL, p, 1);
2755         } while_each_pid_task(session, PIDTYPE_SID, p);
2756         /* Now kill any processes that happen to have the
2757          * tty open.
2758          */
2759         do_each_thread(g, p) {
2760                 if (p->signal->tty == tty) {
2761                         printk(KERN_NOTICE "SAK: killed process %d"
2762                             " (%s): task_session_nr(p)==tty->session\n",
2763                             task_pid_nr(p), p->comm);
2764                         send_sig(SIGKILL, p, 1);
2765                         continue;
2766                 }
2767                 task_lock(p);
2768                 if (p->files) {
2769                         /*
2770                          * We don't take a ref to the file, so we must
2771                          * hold ->file_lock instead.
2772                          */
2773                         spin_lock(&p->files->file_lock);
2774                         fdt = files_fdtable(p->files);
2775                         for (i = 0; i < fdt->max_fds; i++) {
2776                                 filp = fcheck_files(p->files, i);
2777                                 if (!filp)
2778                                         continue;
2779                                 if (filp->f_op->read == tty_read &&
2780                                     filp->private_data == tty) {
2781                                         printk(KERN_NOTICE "SAK: killed process %d"
2782                                             " (%s): fd#%d opened to the tty\n",
2783                                             task_pid_nr(p), p->comm, i);
2784                                         force_sig(SIGKILL, p);
2785                                         break;
2786                                 }
2787                         }
2788                         spin_unlock(&p->files->file_lock);
2789                 }
2790                 task_unlock(p);
2791         } while_each_thread(g, p);
2792         read_unlock(&tasklist_lock);
2793 #endif
2794 }
2795
2796 static void do_SAK_work(struct work_struct *work)
2797 {
2798         struct tty_struct *tty =
2799                 container_of(work, struct tty_struct, SAK_work);
2800         __do_SAK(tty);
2801 }
2802
2803 /*
2804  * The tq handling here is a little racy - tty->SAK_work may already be queued.
2805  * Fortunately we don't need to worry, because if ->SAK_work is already queued,
2806  * the values which we write to it will be identical to the values which it
2807  * already has. --akpm
2808  */
2809 void do_SAK(struct tty_struct *tty)
2810 {
2811         if (!tty)
2812                 return;
2813         schedule_work(&tty->SAK_work);
2814 }
2815
2816 EXPORT_SYMBOL(do_SAK);
2817
2818 /**
2819  *      initialize_tty_struct
2820  *      @tty: tty to initialize
2821  *
2822  *      This subroutine initializes a tty structure that has been newly
2823  *      allocated.
2824  *
2825  *      Locking: none - tty in question must not be exposed at this point
2826  */
2827
2828 static void initialize_tty_struct(struct tty_struct *tty)
2829 {
2830         memset(tty, 0, sizeof(struct tty_struct));
2831         kref_init(&tty->kref);
2832         tty->magic = TTY_MAGIC;
2833         tty_ldisc_init(tty);
2834         tty->session = NULL;
2835         tty->pgrp = NULL;
2836         tty->overrun_time = jiffies;
2837         tty->buf.head = tty->buf.tail = NULL;
2838         tty_buffer_init(tty);
2839         mutex_init(&tty->termios_mutex);
2840         init_waitqueue_head(&tty->write_wait);
2841         init_waitqueue_head(&tty->read_wait);
2842         INIT_WORK(&tty->hangup_work, do_tty_hangup);
2843         mutex_init(&tty->atomic_read_lock);
2844         mutex_init(&tty->atomic_write_lock);
2845         spin_lock_init(&tty->read_lock);
2846         spin_lock_init(&tty->ctrl_lock);
2847         INIT_LIST_HEAD(&tty->tty_files);
2848         INIT_WORK(&tty->SAK_work, do_SAK_work);
2849 }
2850
2851 /**
2852  *      tty_put_char    -       write one character to a tty
2853  *      @tty: tty
2854  *      @ch: character
2855  *
2856  *      Write one byte to the tty using the provided put_char method
2857  *      if present. Returns the number of characters successfully output.
2858  *
2859  *      Note: the specific put_char operation in the driver layer may go
2860  *      away soon. Don't call it directly, use this method
2861  */
2862
2863 int tty_put_char(struct tty_struct *tty, unsigned char ch)
2864 {
2865         if (tty->ops->put_char)
2866                 return tty->ops->put_char(tty, ch);
2867         return tty->ops->write(tty, &ch, 1);
2868 }
2869 EXPORT_SYMBOL_GPL(tty_put_char);
2870
2871 struct class *tty_class;
2872
2873 /**
2874  *      tty_register_device - register a tty device
2875  *      @driver: the tty driver that describes the tty device
2876  *      @index: the index in the tty driver for this tty device
2877  *      @device: a struct device that is associated with this tty device.
2878  *              This field is optional, if there is no known struct device
2879  *              for this tty device it can be set to NULL safely.
2880  *
2881  *      Returns a pointer to the struct device for this tty device
2882  *      (or ERR_PTR(-EFOO) on error).
2883  *
2884  *      This call is required to be made to register an individual tty device
2885  *      if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set.  If
2886  *      that bit is not set, this function should not be called by a tty
2887  *      driver.
2888  *
2889  *      Locking: ??
2890  */
2891
2892 struct device *tty_register_device(struct tty_driver *driver, unsigned index,
2893                                    struct device *device)
2894 {
2895         char name[64];
2896         dev_t dev = MKDEV(driver->major, driver->minor_start) + index;
2897
2898         if (index >= driver->num) {
2899                 printk(KERN_ERR "Attempt to register invalid tty line number "
2900                        " (%d).\n", index);
2901                 return ERR_PTR(-EINVAL);
2902         }
2903
2904         if (driver->type == TTY_DRIVER_TYPE_PTY)
2905                 pty_line_name(driver, index, name);
2906         else
2907                 tty_line_name(driver, index, name);
2908
2909         return device_create_drvdata(tty_class, device, dev, NULL, name);
2910 }
2911 EXPORT_SYMBOL(tty_register_device);
2912
2913 /**
2914  *      tty_unregister_device - unregister a tty device
2915  *      @driver: the tty driver that describes the tty device
2916  *      @index: the index in the tty driver for this tty device
2917  *
2918  *      If a tty device is registered with a call to tty_register_device() then
2919  *      this function must be called when the tty device is gone.
2920  *
2921  *      Locking: ??
2922  */
2923
2924 void tty_unregister_device(struct tty_driver *driver, unsigned index)
2925 {
2926         device_destroy(tty_class,
2927                 MKDEV(driver->major, driver->minor_start) + index);
2928 }
2929 EXPORT_SYMBOL(tty_unregister_device);
2930
2931 struct tty_driver *alloc_tty_driver(int lines)
2932 {
2933         struct tty_driver *driver;
2934
2935         driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL);
2936         if (driver) {
2937                 kref_init(&driver->kref);
2938                 driver->magic = TTY_DRIVER_MAGIC;
2939                 driver->num = lines;
2940                 /* later we'll move allocation of tables here */
2941         }
2942         return driver;
2943 }
2944 EXPORT_SYMBOL(alloc_tty_driver);
2945
2946 static void destruct_tty_driver(struct kref *kref)
2947 {
2948         struct tty_driver *driver = container_of(kref, struct tty_driver, kref);
2949         int i;
2950         struct ktermios *tp;
2951         void *p;
2952
2953         if (driver->flags & TTY_DRIVER_INSTALLED) {
2954                 /*
2955                  * Free the termios and termios_locked structures because
2956                  * we don't want to get memory leaks when modular tty
2957                  * drivers are removed from the kernel.
2958                  */
2959                 for (i = 0; i < driver->num; i++) {
2960                         tp = driver->termios[i];
2961                         if (tp) {
2962                                 driver->termios[i] = NULL;
2963                                 kfree(tp);
2964                         }
2965                         tp = driver->termios_locked[i];
2966                         if (tp) {
2967                                 driver->termios_locked[i] = NULL;
2968                                 kfree(tp);
2969                         }
2970                         if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
2971                                 tty_unregister_device(driver, i);
2972                 }
2973                 p = driver->ttys;
2974                 proc_tty_unregister_driver(driver);
2975                 driver->ttys = NULL;
2976                 driver->termios = driver->termios_locked = NULL;
2977                 kfree(p);
2978                 cdev_del(&driver->cdev);
2979         }
2980         kfree(driver);
2981 }
2982
2983 void tty_driver_kref_put(struct tty_driver *driver)
2984 {
2985         kref_put(&driver->kref, destruct_tty_driver);
2986 }
2987 EXPORT_SYMBOL(tty_driver_kref_put);
2988
2989 void tty_set_operations(struct tty_driver *driver,
2990                         const struct tty_operations *op)
2991 {
2992         driver->ops = op;
2993 };
2994 EXPORT_SYMBOL(tty_set_operations);
2995
2996 void put_tty_driver(struct tty_driver *d)
2997 {
2998         tty_driver_kref_put(d);
2999 }
3000 EXPORT_SYMBOL(put_tty_driver);
3001
3002 /*
3003  * Called by a tty driver to register itself.
3004  */
3005 int tty_register_driver(struct tty_driver *driver)
3006 {
3007         int error;
3008         int i;
3009         dev_t dev;
3010         void **p = NULL;
3011
3012         if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM) && driver->num) {
3013                 p = kzalloc(driver->num * 3 * sizeof(void *), GFP_KERNEL);
3014                 if (!p)
3015                         return -ENOMEM;
3016         }
3017
3018         if (!driver->major) {
3019                 error = alloc_chrdev_region(&dev, driver->minor_start,
3020                                                 driver->num, driver->name);
3021                 if (!error) {
3022                         driver->major = MAJOR(dev);
3023                         driver->minor_start = MINOR(dev);
3024                 }
3025         } else {
3026                 dev = MKDEV(driver->major, driver->minor_start);
3027                 error = register_chrdev_region(dev, driver->num, driver->name);
3028         }
3029         if (error < 0) {
3030                 kfree(p);
3031                 return error;
3032         }
3033
3034         if (p) {
3035                 driver->ttys = (struct tty_struct **)p;
3036                 driver->termios = (struct ktermios **)(p + driver->num);
3037                 driver->termios_locked = (struct ktermios **)
3038                                                         (p + driver->num * 2);
3039         } else {
3040                 driver->ttys = NULL;
3041                 driver->termios = NULL;
3042                 driver->termios_locked = NULL;
3043         }
3044
3045         cdev_init(&driver->cdev, &tty_fops);
3046         driver->cdev.owner = driver->owner;
3047         error = cdev_add(&driver->cdev, dev, driver->num);
3048         if (error) {
3049                 unregister_chrdev_region(dev, driver->num);
3050                 driver->ttys = NULL;
3051                 driver->termios = driver->termios_locked = NULL;
3052                 kfree(p);
3053                 return error;
3054         }
3055
3056         mutex_lock(&tty_mutex);
3057         list_add(&driver->tty_drivers, &tty_drivers);
3058         mutex_unlock(&tty_mutex);
3059
3060         if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
3061                 for (i = 0; i < driver->num; i++)
3062                     tty_register_device(driver, i, NULL);
3063         }
3064         proc_tty_register_driver(driver);
3065         driver->flags |= TTY_DRIVER_INSTALLED;
3066         return 0;
3067 }
3068
3069 EXPORT_SYMBOL(tty_register_driver);
3070
3071 /*
3072  * Called by a tty driver to unregister itself.
3073  */
3074 int tty_unregister_driver(struct tty_driver *driver)
3075 {
3076 #if 0
3077         /* FIXME */
3078         if (driver->refcount)
3079                 return -EBUSY;
3080 #endif
3081         unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3082                                 driver->num);
3083         mutex_lock(&tty_mutex);
3084         list_del(&driver->tty_drivers);
3085         mutex_unlock(&tty_mutex);
3086         return 0;
3087 }
3088
3089 EXPORT_SYMBOL(tty_unregister_driver);
3090
3091 dev_t tty_devnum(struct tty_struct *tty)
3092 {
3093         return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3094 }
3095 EXPORT_SYMBOL(tty_devnum);
3096
3097 void proc_clear_tty(struct task_struct *p)
3098 {
3099         struct tty_struct *tty;
3100         spin_lock_irq(&p->sighand->siglock);
3101         tty = p->signal->tty;
3102         p->signal->tty = NULL;
3103         spin_unlock_irq(&p->sighand->siglock);
3104         tty_kref_put(tty);
3105 }
3106
3107 /* Called under the sighand lock */
3108
3109 static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
3110 {
3111         if (tty) {
3112                 unsigned long flags;
3113                 /* We should not have a session or pgrp to put here but.... */
3114                 spin_lock_irqsave(&tty->ctrl_lock, flags);
3115                 put_pid(tty->session);
3116                 put_pid(tty->pgrp);
3117                 tty->pgrp = get_pid(task_pgrp(tsk));
3118                 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
3119                 tty->session = get_pid(task_session(tsk));
3120                 if (tsk->signal->tty) {
3121                         printk(KERN_DEBUG "tty not NULL!!\n");
3122                         tty_kref_put(tsk->signal->tty);
3123                 }
3124         }
3125         put_pid(tsk->signal->tty_old_pgrp);
3126         tsk->signal->tty = tty_kref_get(tty);
3127         tsk->signal->tty_old_pgrp = NULL;
3128 }
3129
3130 static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
3131 {
3132         spin_lock_irq(&tsk->sighand->siglock);
3133         __proc_set_tty(tsk, tty);
3134         spin_unlock_irq(&tsk->sighand->siglock);
3135 }
3136
3137 struct tty_struct *get_current_tty(void)
3138 {
3139         struct tty_struct *tty;
3140         unsigned long flags;
3141
3142         spin_lock_irqsave(&current->sighand->siglock, flags);
3143         tty = tty_kref_get(current->signal->tty);
3144         spin_unlock_irqrestore(&current->sighand->siglock, flags);
3145         return tty;
3146 }
3147 EXPORT_SYMBOL_GPL(get_current_tty);
3148
3149 void tty_default_fops(struct file_operations *fops)
3150 {
3151         *fops = tty_fops;
3152 }
3153
3154 /*
3155  * Initialize the console device. This is called *early*, so
3156  * we can't necessarily depend on lots of kernel help here.
3157  * Just do some early initializations, and do the complex setup
3158  * later.
3159  */
3160 void __init console_init(void)
3161 {
3162         initcall_t *call;
3163
3164         /* Setup the default TTY line discipline. */
3165         tty_ldisc_begin();
3166
3167         /*
3168          * set up the console device so that later boot sequences can
3169          * inform about problems etc..
3170          */
3171         call = __con_initcall_start;
3172         while (call < __con_initcall_end) {
3173                 (*call)();
3174                 call++;
3175         }
3176 }
3177
3178 static int __init tty_class_init(void)
3179 {
3180         tty_class = class_create(THIS_MODULE, "tty");
3181         if (IS_ERR(tty_class))
3182                 return PTR_ERR(tty_class);
3183         return 0;
3184 }
3185
3186 postcore_initcall(tty_class_init);
3187
3188 /* 3/2004 jmc: why do these devices exist? */
3189
3190 static struct cdev tty_cdev, console_cdev;
3191
3192 /*
3193  * Ok, now we can initialize the rest of the tty devices and can count
3194  * on memory allocations, interrupts etc..
3195  */
3196 static int __init tty_init(void)
3197 {
3198         cdev_init(&tty_cdev, &tty_fops);
3199         if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3200             register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3201                 panic("Couldn't register /dev/tty driver\n");
3202         device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL,
3203                               "tty");
3204
3205         cdev_init(&console_cdev, &console_fops);
3206         if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3207             register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3208                 panic("Couldn't register /dev/console driver\n");
3209         device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), NULL,
3210                               "console");
3211
3212 #ifdef CONFIG_VT
3213         vty_init(&console_fops);
3214 #endif
3215         return 0;
3216 }
3217 module_init(tty_init);