rt2x00: Only strip preamble bit in rt2400pci
[linux-2.6] / drivers / char / tty_io.c
1 /*
2  *  linux/drivers/char/tty_io.c
3  *
4  *  Copyright (C) 1991, 1992  Linus Torvalds
5  */
6
7 /*
8  * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
9  * or rs-channels. It also implements echoing, cooked mode etc.
10  *
11  * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
12  *
13  * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
14  * tty_struct and tty_queue structures.  Previously there was an array
15  * of 256 tty_struct's which was statically allocated, and the
16  * tty_queue structures were allocated at boot time.  Both are now
17  * dynamically allocated only when the tty is open.
18  *
19  * Also restructured routines so that there is more of a separation
20  * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
21  * the low-level tty routines (serial.c, pty.c, console.c).  This
22  * makes for cleaner and more compact code.  -TYT, 9/17/92
23  *
24  * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
25  * which can be dynamically activated and de-activated by the line
26  * discipline handling modules (like SLIP).
27  *
28  * NOTE: pay no attention to the line discipline code (yet); its
29  * interface is still subject to change in this version...
30  * -- TYT, 1/31/92
31  *
32  * Added functionality to the OPOST tty handling.  No delays, but all
33  * other bits should be there.
34  *      -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
35  *
36  * Rewrote canonical mode and added more termios flags.
37  *      -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
38  *
39  * Reorganized FASYNC support so mouse code can share it.
40  *      -- ctm@ardi.com, 9Sep95
41  *
42  * New TIOCLINUX variants added.
43  *      -- mj@k332.feld.cvut.cz, 19-Nov-95
44  *
45  * Restrict vt switching via ioctl()
46  *      -- grif@cs.ucr.edu, 5-Dec-95
47  *
48  * Move console and virtual terminal code to more appropriate files,
49  * implement CONFIG_VT and generalize console device interface.
50  *      -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
51  *
52  * Rewrote init_dev and release_dev to eliminate races.
53  *      -- Bill Hawes <whawes@star.net>, June 97
54  *
55  * Added devfs support.
56  *      -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
57  *
58  * Added support for a Unix98-style ptmx device.
59  *      -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
60  *
61  * Reduced memory usage for older ARM systems
62  *      -- Russell King <rmk@arm.linux.org.uk>
63  *
64  * Move do_SAK() into process context.  Less stack use in devfs functions.
65  * alloc_tty_struct() always uses kmalloc()
66  *                       -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
67  */
68
69 #include <linux/types.h>
70 #include <linux/major.h>
71 #include <linux/errno.h>
72 #include <linux/signal.h>
73 #include <linux/fcntl.h>
74 #include <linux/sched.h>
75 #include <linux/interrupt.h>
76 #include <linux/tty.h>
77 #include <linux/tty_driver.h>
78 #include <linux/tty_flip.h>
79 #include <linux/devpts_fs.h>
80 #include <linux/file.h>
81 #include <linux/console.h>
82 #include <linux/timer.h>
83 #include <linux/ctype.h>
84 #include <linux/kd.h>
85 #include <linux/mm.h>
86 #include <linux/string.h>
87 #include <linux/slab.h>
88 #include <linux/poll.h>
89 #include <linux/proc_fs.h>
90 #include <linux/init.h>
91 #include <linux/module.h>
92 #include <linux/smp_lock.h>
93 #include <linux/device.h>
94 #include <linux/idr.h>
95 #include <linux/wait.h>
96 #include <linux/bitops.h>
97 #include <linux/delay.h>
98
99 #include <asm/uaccess.h>
100 #include <asm/system.h>
101
102 #include <linux/kbd_kern.h>
103 #include <linux/vt_kern.h>
104 #include <linux/selection.h>
105
106 #include <linux/kmod.h>
107 #include <linux/nsproxy.h>
108
109 #undef TTY_DEBUG_HANGUP
110
111 #define TTY_PARANOIA_CHECK 1
112 #define CHECK_TTY_COUNT 1
113
114 struct ktermios tty_std_termios = {     /* for the benefit of tty drivers  */
115         .c_iflag = ICRNL | IXON,
116         .c_oflag = OPOST | ONLCR,
117         .c_cflag = B38400 | CS8 | CREAD | HUPCL,
118         .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
119                    ECHOCTL | ECHOKE | IEXTEN,
120         .c_cc = INIT_C_CC,
121         .c_ispeed = 38400,
122         .c_ospeed = 38400
123 };
124
125 EXPORT_SYMBOL(tty_std_termios);
126
127 /* This list gets poked at by procfs and various bits of boot up code. This
128    could do with some rationalisation such as pulling the tty proc function
129    into this file */
130
131 LIST_HEAD(tty_drivers);                 /* linked list of tty drivers */
132
133 /* Mutex to protect creating and releasing a tty. This is shared with
134    vt.c for deeply disgusting hack reasons */
135 DEFINE_MUTEX(tty_mutex);
136 EXPORT_SYMBOL(tty_mutex);
137
138 #ifdef CONFIG_UNIX98_PTYS
139 extern struct tty_driver *ptm_driver;   /* Unix98 pty masters; for /dev/ptmx */
140 extern int pty_limit;                   /* Config limit on Unix98 ptys */
141 static DEFINE_IDR(allocated_ptys);
142 static DEFINE_MUTEX(allocated_ptys_lock);
143 static int ptmx_open(struct inode *, struct file *);
144 #endif
145
146 static void initialize_tty_struct(struct tty_struct *tty);
147
148 static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
149 static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
150 ssize_t redirected_tty_write(struct file *, const char __user *,
151                                                         size_t, loff_t *);
152 static unsigned int tty_poll(struct file *, poll_table *);
153 static int tty_open(struct inode *, struct file *);
154 static int tty_release(struct inode *, struct file *);
155 int tty_ioctl(struct inode *inode, struct file *file,
156               unsigned int cmd, unsigned long arg);
157 #ifdef CONFIG_COMPAT
158 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
159                                 unsigned long arg);
160 #else
161 #define tty_compat_ioctl NULL
162 #endif
163 static int tty_fasync(int fd, struct file *filp, int on);
164 static void release_tty(struct tty_struct *tty, int idx);
165 static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
166 static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
167
168 /**
169  *      alloc_tty_struct        -       allocate a tty object
170  *
171  *      Return a new empty tty structure. The data fields have not
172  *      been initialized in any way but has been zeroed
173  *
174  *      Locking: none
175  */
176
177 static struct tty_struct *alloc_tty_struct(void)
178 {
179         return kzalloc(sizeof(struct tty_struct), GFP_KERNEL);
180 }
181
182 static void tty_buffer_free_all(struct tty_struct *);
183
184 /**
185  *      free_tty_struct         -       free a disused tty
186  *      @tty: tty struct to free
187  *
188  *      Free the write buffers, tty queue and tty memory itself.
189  *
190  *      Locking: none. Must be called after tty is definitely unused
191  */
192
193 static inline void free_tty_struct(struct tty_struct *tty)
194 {
195         kfree(tty->write_buf);
196         tty_buffer_free_all(tty);
197         kfree(tty);
198 }
199
200 #define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
201
202 /**
203  *      tty_name        -       return tty naming
204  *      @tty: tty structure
205  *      @buf: buffer for output
206  *
207  *      Convert a tty structure into a name. The name reflects the kernel
208  *      naming policy and if udev is in use may not reflect user space
209  *
210  *      Locking: none
211  */
212
213 char *tty_name(struct tty_struct *tty, char *buf)
214 {
215         if (!tty) /* Hmm.  NULL pointer.  That's fun. */
216                 strcpy(buf, "NULL tty");
217         else
218                 strcpy(buf, tty->name);
219         return buf;
220 }
221
222 EXPORT_SYMBOL(tty_name);
223
224 int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
225                               const char *routine)
226 {
227 #ifdef TTY_PARANOIA_CHECK
228         if (!tty) {
229                 printk(KERN_WARNING
230                         "null TTY for (%d:%d) in %s\n",
231                         imajor(inode), iminor(inode), routine);
232                 return 1;
233         }
234         if (tty->magic != TTY_MAGIC) {
235                 printk(KERN_WARNING
236                         "bad magic number for tty struct (%d:%d) in %s\n",
237                         imajor(inode), iminor(inode), routine);
238                 return 1;
239         }
240 #endif
241         return 0;
242 }
243
244 static int check_tty_count(struct tty_struct *tty, const char *routine)
245 {
246 #ifdef CHECK_TTY_COUNT
247         struct list_head *p;
248         int count = 0;
249
250         file_list_lock();
251         list_for_each(p, &tty->tty_files) {
252                 count++;
253         }
254         file_list_unlock();
255         if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
256             tty->driver->subtype == PTY_TYPE_SLAVE &&
257             tty->link && tty->link->count)
258                 count++;
259         if (tty->count != count) {
260                 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
261                                     "!= #fd's(%d) in %s\n",
262                        tty->name, tty->count, count, routine);
263                 return count;
264         }
265 #endif
266         return 0;
267 }
268
269 /*
270  * Tty buffer allocation management
271  */
272
273 /**
274  *      tty_buffer_free_all             -       free buffers used by a tty
275  *      @tty: tty to free from
276  *
277  *      Remove all the buffers pending on a tty whether queued with data
278  *      or in the free ring. Must be called when the tty is no longer in use
279  *
280  *      Locking: none
281  */
282
283 static void tty_buffer_free_all(struct tty_struct *tty)
284 {
285         struct tty_buffer *thead;
286         while ((thead = tty->buf.head) != NULL) {
287                 tty->buf.head = thead->next;
288                 kfree(thead);
289         }
290         while ((thead = tty->buf.free) != NULL) {
291                 tty->buf.free = thead->next;
292                 kfree(thead);
293         }
294         tty->buf.tail = NULL;
295         tty->buf.memory_used = 0;
296 }
297
298 /**
299  *      tty_buffer_init         -       prepare a tty buffer structure
300  *      @tty: tty to initialise
301  *
302  *      Set up the initial state of the buffer management for a tty device.
303  *      Must be called before the other tty buffer functions are used.
304  *
305  *      Locking: none
306  */
307
308 static void tty_buffer_init(struct tty_struct *tty)
309 {
310         spin_lock_init(&tty->buf.lock);
311         tty->buf.head = NULL;
312         tty->buf.tail = NULL;
313         tty->buf.free = NULL;
314         tty->buf.memory_used = 0;
315 }
316
317 /**
318  *      tty_buffer_alloc        -       allocate a tty buffer
319  *      @tty: tty device
320  *      @size: desired size (characters)
321  *
322  *      Allocate a new tty buffer to hold the desired number of characters.
323  *      Return NULL if out of memory or the allocation would exceed the
324  *      per device queue
325  *
326  *      Locking: Caller must hold tty->buf.lock
327  */
328
329 static struct tty_buffer *tty_buffer_alloc(struct tty_struct *tty, size_t size)
330 {
331         struct tty_buffer *p;
332
333         if (tty->buf.memory_used + size > 65536)
334                 return NULL;
335         p = kmalloc(sizeof(struct tty_buffer) + 2 * size, GFP_ATOMIC);
336         if (p == NULL)
337                 return NULL;
338         p->used = 0;
339         p->size = size;
340         p->next = NULL;
341         p->commit = 0;
342         p->read = 0;
343         p->char_buf_ptr = (char *)(p->data);
344         p->flag_buf_ptr = (unsigned char *)p->char_buf_ptr + size;
345         tty->buf.memory_used += size;
346         return p;
347 }
348
349 /**
350  *      tty_buffer_free         -       free a tty buffer
351  *      @tty: tty owning the buffer
352  *      @b: the buffer to free
353  *
354  *      Free a tty buffer, or add it to the free list according to our
355  *      internal strategy
356  *
357  *      Locking: Caller must hold tty->buf.lock
358  */
359
360 static void tty_buffer_free(struct tty_struct *tty, struct tty_buffer *b)
361 {
362         /* Dumb strategy for now - should keep some stats */
363         tty->buf.memory_used -= b->size;
364         WARN_ON(tty->buf.memory_used < 0);
365
366         if (b->size >= 512)
367                 kfree(b);
368         else {
369                 b->next = tty->buf.free;
370                 tty->buf.free = b;
371         }
372 }
373
374 /**
375  *      __tty_buffer_flush              -       flush full tty buffers
376  *      @tty: tty to flush
377  *
378  *      flush all the buffers containing receive data. Caller must
379  *      hold the buffer lock and must have ensured no parallel flush to
380  *      ldisc is running.
381  *
382  *      Locking: Caller must hold tty->buf.lock
383  */
384
385 static void __tty_buffer_flush(struct tty_struct *tty)
386 {
387         struct tty_buffer *thead;
388
389         while ((thead = tty->buf.head) != NULL) {
390                 tty->buf.head = thead->next;
391                 tty_buffer_free(tty, thead);
392         }
393         tty->buf.tail = NULL;
394 }
395
396 /**
397  *      tty_buffer_flush                -       flush full tty buffers
398  *      @tty: tty to flush
399  *
400  *      flush all the buffers containing receive data. If the buffer is
401  *      being processed by flush_to_ldisc then we defer the processing
402  *      to that function
403  *
404  *      Locking: none
405  */
406
407 static void tty_buffer_flush(struct tty_struct *tty)
408 {
409         unsigned long flags;
410         spin_lock_irqsave(&tty->buf.lock, flags);
411
412         /* If the data is being pushed to the tty layer then we can't
413            process it here. Instead set a flag and the flush_to_ldisc
414            path will process the flush request before it exits */
415         if (test_bit(TTY_FLUSHING, &tty->flags)) {
416                 set_bit(TTY_FLUSHPENDING, &tty->flags);
417                 spin_unlock_irqrestore(&tty->buf.lock, flags);
418                 wait_event(tty->read_wait,
419                                 test_bit(TTY_FLUSHPENDING, &tty->flags) == 0);
420                 return;
421         } else
422                 __tty_buffer_flush(tty);
423         spin_unlock_irqrestore(&tty->buf.lock, flags);
424 }
425
426 /**
427  *      tty_buffer_find         -       find a free tty buffer
428  *      @tty: tty owning the buffer
429  *      @size: characters wanted
430  *
431  *      Locate an existing suitable tty buffer or if we are lacking one then
432  *      allocate a new one. We round our buffers off in 256 character chunks
433  *      to get better allocation behaviour.
434  *
435  *      Locking: Caller must hold tty->buf.lock
436  */
437
438 static struct tty_buffer *tty_buffer_find(struct tty_struct *tty, size_t size)
439 {
440         struct tty_buffer **tbh = &tty->buf.free;
441         while ((*tbh) != NULL) {
442                 struct tty_buffer *t = *tbh;
443                 if (t->size >= size) {
444                         *tbh = t->next;
445                         t->next = NULL;
446                         t->used = 0;
447                         t->commit = 0;
448                         t->read = 0;
449                         tty->buf.memory_used += t->size;
450                         return t;
451                 }
452                 tbh = &((*tbh)->next);
453         }
454         /* Round the buffer size out */
455         size = (size + 0xFF) & ~0xFF;
456         return tty_buffer_alloc(tty, size);
457         /* Should possibly check if this fails for the largest buffer we
458            have queued and recycle that ? */
459 }
460
461 /**
462  *      tty_buffer_request_room         -       grow tty buffer if needed
463  *      @tty: tty structure
464  *      @size: size desired
465  *
466  *      Make at least size bytes of linear space available for the tty
467  *      buffer. If we fail return the size we managed to find.
468  *
469  *      Locking: Takes tty->buf.lock
470  */
471 int tty_buffer_request_room(struct tty_struct *tty, size_t size)
472 {
473         struct tty_buffer *b, *n;
474         int left;
475         unsigned long flags;
476
477         spin_lock_irqsave(&tty->buf.lock, flags);
478
479         /* OPTIMISATION: We could keep a per tty "zero" sized buffer to
480            remove this conditional if its worth it. This would be invisible
481            to the callers */
482         if ((b = tty->buf.tail) != NULL)
483                 left = b->size - b->used;
484         else
485                 left = 0;
486
487         if (left < size) {
488                 /* This is the slow path - looking for new buffers to use */
489                 if ((n = tty_buffer_find(tty, size)) != NULL) {
490                         if (b != NULL) {
491                                 b->next = n;
492                                 b->commit = b->used;
493                         } else
494                                 tty->buf.head = n;
495                         tty->buf.tail = n;
496                 } else
497                         size = left;
498         }
499
500         spin_unlock_irqrestore(&tty->buf.lock, flags);
501         return size;
502 }
503 EXPORT_SYMBOL_GPL(tty_buffer_request_room);
504
505 /**
506  *      tty_insert_flip_string  -       Add characters to the tty buffer
507  *      @tty: tty structure
508  *      @chars: characters
509  *      @size: size
510  *
511  *      Queue a series of bytes to the tty buffering. All the characters
512  *      passed are marked as without error. Returns the number added.
513  *
514  *      Locking: Called functions may take tty->buf.lock
515  */
516
517 int tty_insert_flip_string(struct tty_struct *tty, const unsigned char *chars,
518                                 size_t size)
519 {
520         int copied = 0;
521         do {
522                 int space = tty_buffer_request_room(tty, size - copied);
523                 struct tty_buffer *tb = tty->buf.tail;
524                 /* If there is no space then tb may be NULL */
525                 if (unlikely(space == 0))
526                         break;
527                 memcpy(tb->char_buf_ptr + tb->used, chars, space);
528                 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
529                 tb->used += space;
530                 copied += space;
531                 chars += space;
532                 /* There is a small chance that we need to split the data over
533                    several buffers. If this is the case we must loop */
534         } while (unlikely(size > copied));
535         return copied;
536 }
537 EXPORT_SYMBOL(tty_insert_flip_string);
538
539 /**
540  *      tty_insert_flip_string_flags    -       Add characters to the tty buffer
541  *      @tty: tty structure
542  *      @chars: characters
543  *      @flags: flag bytes
544  *      @size: size
545  *
546  *      Queue a series of bytes to the tty buffering. For each character
547  *      the flags array indicates the status of the character. Returns the
548  *      number added.
549  *
550  *      Locking: Called functions may take tty->buf.lock
551  */
552
553 int tty_insert_flip_string_flags(struct tty_struct *tty,
554                 const unsigned char *chars, const char *flags, size_t size)
555 {
556         int copied = 0;
557         do {
558                 int space = tty_buffer_request_room(tty, size - copied);
559                 struct tty_buffer *tb = tty->buf.tail;
560                 /* If there is no space then tb may be NULL */
561                 if (unlikely(space == 0))
562                         break;
563                 memcpy(tb->char_buf_ptr + tb->used, chars, space);
564                 memcpy(tb->flag_buf_ptr + tb->used, flags, space);
565                 tb->used += space;
566                 copied += space;
567                 chars += space;
568                 flags += space;
569                 /* There is a small chance that we need to split the data over
570                    several buffers. If this is the case we must loop */
571         } while (unlikely(size > copied));
572         return copied;
573 }
574 EXPORT_SYMBOL(tty_insert_flip_string_flags);
575
576 /**
577  *      tty_schedule_flip       -       push characters to ldisc
578  *      @tty: tty to push from
579  *
580  *      Takes any pending buffers and transfers their ownership to the
581  *      ldisc side of the queue. It then schedules those characters for
582  *      processing by the line discipline.
583  *
584  *      Locking: Takes tty->buf.lock
585  */
586
587 void tty_schedule_flip(struct tty_struct *tty)
588 {
589         unsigned long flags;
590         spin_lock_irqsave(&tty->buf.lock, flags);
591         if (tty->buf.tail != NULL)
592                 tty->buf.tail->commit = tty->buf.tail->used;
593         spin_unlock_irqrestore(&tty->buf.lock, flags);
594         schedule_delayed_work(&tty->buf.work, 1);
595 }
596 EXPORT_SYMBOL(tty_schedule_flip);
597
598 /**
599  *      tty_prepare_flip_string         -       make room for characters
600  *      @tty: tty
601  *      @chars: return pointer for character write area
602  *      @size: desired size
603  *
604  *      Prepare a block of space in the buffer for data. Returns the length
605  *      available and buffer pointer to the space which is now allocated and
606  *      accounted for as ready for normal characters. This is used for drivers
607  *      that need their own block copy routines into the buffer. There is no
608  *      guarantee the buffer is a DMA target!
609  *
610  *      Locking: May call functions taking tty->buf.lock
611  */
612
613 int tty_prepare_flip_string(struct tty_struct *tty, unsigned char **chars,
614                                                                 size_t size)
615 {
616         int space = tty_buffer_request_room(tty, size);
617         if (likely(space)) {
618                 struct tty_buffer *tb = tty->buf.tail;
619                 *chars = tb->char_buf_ptr + tb->used;
620                 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
621                 tb->used += space;
622         }
623         return space;
624 }
625
626 EXPORT_SYMBOL_GPL(tty_prepare_flip_string);
627
628 /**
629  *      tty_prepare_flip_string_flags   -       make room for characters
630  *      @tty: tty
631  *      @chars: return pointer for character write area
632  *      @flags: return pointer for status flag write area
633  *      @size: desired size
634  *
635  *      Prepare a block of space in the buffer for data. Returns the length
636  *      available and buffer pointer to the space which is now allocated and
637  *      accounted for as ready for characters. This is used for drivers
638  *      that need their own block copy routines into the buffer. There is no
639  *      guarantee the buffer is a DMA target!
640  *
641  *      Locking: May call functions taking tty->buf.lock
642  */
643
644 int tty_prepare_flip_string_flags(struct tty_struct *tty,
645                         unsigned char **chars, char **flags, size_t size)
646 {
647         int space = tty_buffer_request_room(tty, size);
648         if (likely(space)) {
649                 struct tty_buffer *tb = tty->buf.tail;
650                 *chars = tb->char_buf_ptr + tb->used;
651                 *flags = tb->flag_buf_ptr + tb->used;
652                 tb->used += space;
653         }
654         return space;
655 }
656
657 EXPORT_SYMBOL_GPL(tty_prepare_flip_string_flags);
658
659
660
661 /**
662  *      tty_set_termios_ldisc           -       set ldisc field
663  *      @tty: tty structure
664  *      @num: line discipline number
665  *
666  *      This is probably overkill for real world processors but
667  *      they are not on hot paths so a little discipline won't do
668  *      any harm.
669  *
670  *      Locking: takes termios_mutex
671  */
672
673 static void tty_set_termios_ldisc(struct tty_struct *tty, int num)
674 {
675         mutex_lock(&tty->termios_mutex);
676         tty->termios->c_line = num;
677         mutex_unlock(&tty->termios_mutex);
678 }
679
680 /*
681  *      This guards the refcounted line discipline lists. The lock
682  *      must be taken with irqs off because there are hangup path
683  *      callers who will do ldisc lookups and cannot sleep.
684  */
685
686 static DEFINE_SPINLOCK(tty_ldisc_lock);
687 static DECLARE_WAIT_QUEUE_HEAD(tty_ldisc_wait);
688 /* Line disc dispatch table */
689 static struct tty_ldisc tty_ldiscs[NR_LDISCS];
690
691 /**
692  *      tty_register_ldisc      -       install a line discipline
693  *      @disc: ldisc number
694  *      @new_ldisc: pointer to the ldisc object
695  *
696  *      Installs a new line discipline into the kernel. The discipline
697  *      is set up as unreferenced and then made available to the kernel
698  *      from this point onwards.
699  *
700  *      Locking:
701  *              takes tty_ldisc_lock to guard against ldisc races
702  */
703
704 int tty_register_ldisc(int disc, struct tty_ldisc *new_ldisc)
705 {
706         unsigned long flags;
707         int ret = 0;
708
709         if (disc < N_TTY || disc >= NR_LDISCS)
710                 return -EINVAL;
711
712         spin_lock_irqsave(&tty_ldisc_lock, flags);
713         tty_ldiscs[disc] = *new_ldisc;
714         tty_ldiscs[disc].num = disc;
715         tty_ldiscs[disc].flags |= LDISC_FLAG_DEFINED;
716         tty_ldiscs[disc].refcount = 0;
717         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
718
719         return ret;
720 }
721 EXPORT_SYMBOL(tty_register_ldisc);
722
723 /**
724  *      tty_unregister_ldisc    -       unload a line discipline
725  *      @disc: ldisc number
726  *      @new_ldisc: pointer to the ldisc object
727  *
728  *      Remove a line discipline from the kernel providing it is not
729  *      currently in use.
730  *
731  *      Locking:
732  *              takes tty_ldisc_lock to guard against ldisc races
733  */
734
735 int tty_unregister_ldisc(int disc)
736 {
737         unsigned long flags;
738         int ret = 0;
739
740         if (disc < N_TTY || disc >= NR_LDISCS)
741                 return -EINVAL;
742
743         spin_lock_irqsave(&tty_ldisc_lock, flags);
744         if (tty_ldiscs[disc].refcount)
745                 ret = -EBUSY;
746         else
747                 tty_ldiscs[disc].flags &= ~LDISC_FLAG_DEFINED;
748         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
749
750         return ret;
751 }
752 EXPORT_SYMBOL(tty_unregister_ldisc);
753
754 /**
755  *      tty_ldisc_get           -       take a reference to an ldisc
756  *      @disc: ldisc number
757  *
758  *      Takes a reference to a line discipline. Deals with refcounts and
759  *      module locking counts. Returns NULL if the discipline is not available.
760  *      Returns a pointer to the discipline and bumps the ref count if it is
761  *      available
762  *
763  *      Locking:
764  *              takes tty_ldisc_lock to guard against ldisc races
765  */
766
767 struct tty_ldisc *tty_ldisc_get(int disc)
768 {
769         unsigned long flags;
770         struct tty_ldisc *ld;
771
772         if (disc < N_TTY || disc >= NR_LDISCS)
773                 return NULL;
774
775         spin_lock_irqsave(&tty_ldisc_lock, flags);
776
777         ld = &tty_ldiscs[disc];
778         /* Check the entry is defined */
779         if (ld->flags & LDISC_FLAG_DEFINED) {
780                 /* If the module is being unloaded we can't use it */
781                 if (!try_module_get(ld->owner))
782                         ld = NULL;
783                 else /* lock it */
784                         ld->refcount++;
785         } else
786                 ld = NULL;
787         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
788         return ld;
789 }
790
791 EXPORT_SYMBOL_GPL(tty_ldisc_get);
792
793 /**
794  *      tty_ldisc_put           -       drop ldisc reference
795  *      @disc: ldisc number
796  *
797  *      Drop a reference to a line discipline. Manage refcounts and
798  *      module usage counts
799  *
800  *      Locking:
801  *              takes tty_ldisc_lock to guard against ldisc races
802  */
803
804 void tty_ldisc_put(int disc)
805 {
806         struct tty_ldisc *ld;
807         unsigned long flags;
808
809         BUG_ON(disc < N_TTY || disc >= NR_LDISCS);
810
811         spin_lock_irqsave(&tty_ldisc_lock, flags);
812         ld = &tty_ldiscs[disc];
813         BUG_ON(ld->refcount == 0);
814         ld->refcount--;
815         module_put(ld->owner);
816         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
817 }
818
819 EXPORT_SYMBOL_GPL(tty_ldisc_put);
820
821 /**
822  *      tty_ldisc_assign        -       set ldisc on a tty
823  *      @tty: tty to assign
824  *      @ld: line discipline
825  *
826  *      Install an instance of a line discipline into a tty structure. The
827  *      ldisc must have a reference count above zero to ensure it remains/
828  *      The tty instance refcount starts at zero.
829  *
830  *      Locking:
831  *              Caller must hold references
832  */
833
834 static void tty_ldisc_assign(struct tty_struct *tty, struct tty_ldisc *ld)
835 {
836         tty->ldisc = *ld;
837         tty->ldisc.refcount = 0;
838 }
839
840 /**
841  *      tty_ldisc_try           -       internal helper
842  *      @tty: the tty
843  *
844  *      Make a single attempt to grab and bump the refcount on
845  *      the tty ldisc. Return 0 on failure or 1 on success. This is
846  *      used to implement both the waiting and non waiting versions
847  *      of tty_ldisc_ref
848  *
849  *      Locking: takes tty_ldisc_lock
850  */
851
852 static int tty_ldisc_try(struct tty_struct *tty)
853 {
854         unsigned long flags;
855         struct tty_ldisc *ld;
856         int ret = 0;
857
858         spin_lock_irqsave(&tty_ldisc_lock, flags);
859         ld = &tty->ldisc;
860         if (test_bit(TTY_LDISC, &tty->flags)) {
861                 ld->refcount++;
862                 ret = 1;
863         }
864         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
865         return ret;
866 }
867
868 /**
869  *      tty_ldisc_ref_wait      -       wait for the tty ldisc
870  *      @tty: tty device
871  *
872  *      Dereference the line discipline for the terminal and take a
873  *      reference to it. If the line discipline is in flux then
874  *      wait patiently until it changes.
875  *
876  *      Note: Must not be called from an IRQ/timer context. The caller
877  *      must also be careful not to hold other locks that will deadlock
878  *      against a discipline change, such as an existing ldisc reference
879  *      (which we check for)
880  *
881  *      Locking: call functions take tty_ldisc_lock
882  */
883
884 struct tty_ldisc *tty_ldisc_ref_wait(struct tty_struct *tty)
885 {
886         /* wait_event is a macro */
887         wait_event(tty_ldisc_wait, tty_ldisc_try(tty));
888         if (tty->ldisc.refcount == 0)
889                 printk(KERN_ERR "tty_ldisc_ref_wait\n");
890         return &tty->ldisc;
891 }
892
893 EXPORT_SYMBOL_GPL(tty_ldisc_ref_wait);
894
895 /**
896  *      tty_ldisc_ref           -       get the tty ldisc
897  *      @tty: tty device
898  *
899  *      Dereference the line discipline for the terminal and take a
900  *      reference to it. If the line discipline is in flux then
901  *      return NULL. Can be called from IRQ and timer functions.
902  *
903  *      Locking: called functions take tty_ldisc_lock
904  */
905
906 struct tty_ldisc *tty_ldisc_ref(struct tty_struct *tty)
907 {
908         if (tty_ldisc_try(tty))
909                 return &tty->ldisc;
910         return NULL;
911 }
912
913 EXPORT_SYMBOL_GPL(tty_ldisc_ref);
914
915 /**
916  *      tty_ldisc_deref         -       free a tty ldisc reference
917  *      @ld: reference to free up
918  *
919  *      Undoes the effect of tty_ldisc_ref or tty_ldisc_ref_wait. May
920  *      be called in IRQ context.
921  *
922  *      Locking: takes tty_ldisc_lock
923  */
924
925 void tty_ldisc_deref(struct tty_ldisc *ld)
926 {
927         unsigned long flags;
928
929         BUG_ON(ld == NULL);
930
931         spin_lock_irqsave(&tty_ldisc_lock, flags);
932         if (ld->refcount == 0)
933                 printk(KERN_ERR "tty_ldisc_deref: no references.\n");
934         else
935                 ld->refcount--;
936         if (ld->refcount == 0)
937                 wake_up(&tty_ldisc_wait);
938         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
939 }
940
941 EXPORT_SYMBOL_GPL(tty_ldisc_deref);
942
943 /**
944  *      tty_ldisc_enable        -       allow ldisc use
945  *      @tty: terminal to activate ldisc on
946  *
947  *      Set the TTY_LDISC flag when the line discipline can be called
948  *      again. Do necessary wakeups for existing sleepers.
949  *
950  *      Note: nobody should set this bit except via this function. Clearing
951  *      directly is allowed.
952  */
953
954 static void tty_ldisc_enable(struct tty_struct *tty)
955 {
956         set_bit(TTY_LDISC, &tty->flags);
957         wake_up(&tty_ldisc_wait);
958 }
959
960 /**
961  *      tty_set_ldisc           -       set line discipline
962  *      @tty: the terminal to set
963  *      @ldisc: the line discipline
964  *
965  *      Set the discipline of a tty line. Must be called from a process
966  *      context.
967  *
968  *      Locking: takes tty_ldisc_lock.
969  *               called functions take termios_mutex
970  */
971
972 static int tty_set_ldisc(struct tty_struct *tty, int ldisc)
973 {
974         int retval = 0;
975         struct tty_ldisc o_ldisc;
976         char buf[64];
977         int work;
978         unsigned long flags;
979         struct tty_ldisc *ld;
980         struct tty_struct *o_tty;
981
982         if ((ldisc < N_TTY) || (ldisc >= NR_LDISCS))
983                 return -EINVAL;
984
985 restart:
986
987         ld = tty_ldisc_get(ldisc);
988         /* Eduardo Blanco <ejbs@cs.cs.com.uy> */
989         /* Cyrus Durgin <cider@speakeasy.org> */
990         if (ld == NULL) {
991                 request_module("tty-ldisc-%d", ldisc);
992                 ld = tty_ldisc_get(ldisc);
993         }
994         if (ld == NULL)
995                 return -EINVAL;
996
997         /*
998          *      Problem: What do we do if this blocks ?
999          */
1000
1001         tty_wait_until_sent(tty, 0);
1002
1003         if (tty->ldisc.num == ldisc) {
1004                 tty_ldisc_put(ldisc);
1005                 return 0;
1006         }
1007
1008         /*
1009          *      No more input please, we are switching. The new ldisc
1010          *      will update this value in the ldisc open function
1011          */
1012
1013         tty->receive_room = 0;
1014
1015         o_ldisc = tty->ldisc;
1016         o_tty = tty->link;
1017
1018         /*
1019          *      Make sure we don't change while someone holds a
1020          *      reference to the line discipline. The TTY_LDISC bit
1021          *      prevents anyone taking a reference once it is clear.
1022          *      We need the lock to avoid racing reference takers.
1023          */
1024
1025         spin_lock_irqsave(&tty_ldisc_lock, flags);
1026         if (tty->ldisc.refcount || (o_tty && o_tty->ldisc.refcount)) {
1027                 if (tty->ldisc.refcount) {
1028                         /* Free the new ldisc we grabbed. Must drop the lock
1029                            first. */
1030                         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1031                         tty_ldisc_put(ldisc);
1032                         /*
1033                          * There are several reasons we may be busy, including
1034                          * random momentary I/O traffic. We must therefore
1035                          * retry. We could distinguish between blocking ops
1036                          * and retries if we made tty_ldisc_wait() smarter.
1037                          * That is up for discussion.
1038                          */
1039                         if (wait_event_interruptible(tty_ldisc_wait, tty->ldisc.refcount == 0) < 0)
1040                                 return -ERESTARTSYS;
1041                         goto restart;
1042                 }
1043                 if (o_tty && o_tty->ldisc.refcount) {
1044                         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1045                         tty_ldisc_put(ldisc);
1046                         if (wait_event_interruptible(tty_ldisc_wait, o_tty->ldisc.refcount == 0) < 0)
1047                                 return -ERESTARTSYS;
1048                         goto restart;
1049                 }
1050         }
1051         /*
1052          *      If the TTY_LDISC bit is set, then we are racing against
1053          *      another ldisc change
1054          */
1055         if (!test_bit(TTY_LDISC, &tty->flags)) {
1056                 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1057                 tty_ldisc_put(ldisc);
1058                 ld = tty_ldisc_ref_wait(tty);
1059                 tty_ldisc_deref(ld);
1060                 goto restart;
1061         }
1062
1063         clear_bit(TTY_LDISC, &tty->flags);
1064         if (o_tty)
1065                 clear_bit(TTY_LDISC, &o_tty->flags);
1066         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1067
1068         /*
1069          *      From this point on we know nobody has an ldisc
1070          *      usage reference, nor can they obtain one until
1071          *      we say so later on.
1072          */
1073
1074         work = cancel_delayed_work(&tty->buf.work);
1075         /*
1076          * Wait for ->hangup_work and ->buf.work handlers to terminate
1077          */
1078         flush_scheduled_work();
1079         /* Shutdown the current discipline. */
1080         if (tty->ldisc.close)
1081                 (tty->ldisc.close)(tty);
1082
1083         /* Now set up the new line discipline. */
1084         tty_ldisc_assign(tty, ld);
1085         tty_set_termios_ldisc(tty, ldisc);
1086         if (tty->ldisc.open)
1087                 retval = (tty->ldisc.open)(tty);
1088         if (retval < 0) {
1089                 tty_ldisc_put(ldisc);
1090                 /* There is an outstanding reference here so this is safe */
1091                 tty_ldisc_assign(tty, tty_ldisc_get(o_ldisc.num));
1092                 tty_set_termios_ldisc(tty, tty->ldisc.num);
1093                 if (tty->ldisc.open && (tty->ldisc.open(tty) < 0)) {
1094                         tty_ldisc_put(o_ldisc.num);
1095                         /* This driver is always present */
1096                         tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
1097                         tty_set_termios_ldisc(tty, N_TTY);
1098                         if (tty->ldisc.open) {
1099                                 int r = tty->ldisc.open(tty);
1100
1101                                 if (r < 0)
1102                                         panic("Couldn't open N_TTY ldisc for "
1103                                               "%s --- error %d.",
1104                                               tty_name(tty, buf), r);
1105                         }
1106                 }
1107         }
1108         /* At this point we hold a reference to the new ldisc and a
1109            a reference to the old ldisc. If we ended up flipping back
1110            to the existing ldisc we have two references to it */
1111
1112         if (tty->ldisc.num != o_ldisc.num && tty->driver->set_ldisc)
1113                 tty->driver->set_ldisc(tty);
1114
1115         tty_ldisc_put(o_ldisc.num);
1116
1117         /*
1118          *      Allow ldisc referencing to occur as soon as the driver
1119          *      ldisc callback completes.
1120          */
1121
1122         tty_ldisc_enable(tty);
1123         if (o_tty)
1124                 tty_ldisc_enable(o_tty);
1125
1126         /* Restart it in case no characters kick it off. Safe if
1127            already running */
1128         if (work)
1129                 schedule_delayed_work(&tty->buf.work, 1);
1130         return retval;
1131 }
1132
1133 /**
1134  *      get_tty_driver          -       find device of a tty
1135  *      @dev_t: device identifier
1136  *      @index: returns the index of the tty
1137  *
1138  *      This routine returns a tty driver structure, given a device number
1139  *      and also passes back the index number.
1140  *
1141  *      Locking: caller must hold tty_mutex
1142  */
1143
1144 static struct tty_driver *get_tty_driver(dev_t device, int *index)
1145 {
1146         struct tty_driver *p;
1147
1148         list_for_each_entry(p, &tty_drivers, tty_drivers) {
1149                 dev_t base = MKDEV(p->major, p->minor_start);
1150                 if (device < base || device >= base + p->num)
1151                         continue;
1152                 *index = device - base;
1153                 return p;
1154         }
1155         return NULL;
1156 }
1157
1158 /**
1159  *      tty_check_change        -       check for POSIX terminal changes
1160  *      @tty: tty to check
1161  *
1162  *      If we try to write to, or set the state of, a terminal and we're
1163  *      not in the foreground, send a SIGTTOU.  If the signal is blocked or
1164  *      ignored, go ahead and perform the operation.  (POSIX 7.2)
1165  *
1166  *      Locking: none
1167  */
1168
1169 int tty_check_change(struct tty_struct *tty)
1170 {
1171         if (current->signal->tty != tty)
1172                 return 0;
1173         if (!tty->pgrp) {
1174                 printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n");
1175                 return 0;
1176         }
1177         if (task_pgrp(current) == tty->pgrp)
1178                 return 0;
1179         if (is_ignored(SIGTTOU))
1180                 return 0;
1181         if (is_current_pgrp_orphaned())
1182                 return -EIO;
1183         kill_pgrp(task_pgrp(current), SIGTTOU, 1);
1184         set_thread_flag(TIF_SIGPENDING);
1185         return -ERESTARTSYS;
1186 }
1187
1188 EXPORT_SYMBOL(tty_check_change);
1189
1190 static ssize_t hung_up_tty_read(struct file *file, char __user *buf,
1191                                 size_t count, loff_t *ppos)
1192 {
1193         return 0;
1194 }
1195
1196 static ssize_t hung_up_tty_write(struct file *file, const char __user *buf,
1197                                  size_t count, loff_t *ppos)
1198 {
1199         return -EIO;
1200 }
1201
1202 /* No kernel lock held - none needed ;) */
1203 static unsigned int hung_up_tty_poll(struct file *filp, poll_table *wait)
1204 {
1205         return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
1206 }
1207
1208 static int hung_up_tty_ioctl(struct inode *inode, struct file *file,
1209                              unsigned int cmd, unsigned long arg)
1210 {
1211         return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
1212 }
1213
1214 static long hung_up_tty_compat_ioctl(struct file *file,
1215                                      unsigned int cmd, unsigned long arg)
1216 {
1217         return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
1218 }
1219
1220 static const struct file_operations tty_fops = {
1221         .llseek         = no_llseek,
1222         .read           = tty_read,
1223         .write          = tty_write,
1224         .poll           = tty_poll,
1225         .ioctl          = tty_ioctl,
1226         .compat_ioctl   = tty_compat_ioctl,
1227         .open           = tty_open,
1228         .release        = tty_release,
1229         .fasync         = tty_fasync,
1230 };
1231
1232 #ifdef CONFIG_UNIX98_PTYS
1233 static const struct file_operations ptmx_fops = {
1234         .llseek         = no_llseek,
1235         .read           = tty_read,
1236         .write          = tty_write,
1237         .poll           = tty_poll,
1238         .ioctl          = tty_ioctl,
1239         .compat_ioctl   = tty_compat_ioctl,
1240         .open           = ptmx_open,
1241         .release        = tty_release,
1242         .fasync         = tty_fasync,
1243 };
1244 #endif
1245
1246 static const struct file_operations console_fops = {
1247         .llseek         = no_llseek,
1248         .read           = tty_read,
1249         .write          = redirected_tty_write,
1250         .poll           = tty_poll,
1251         .ioctl          = tty_ioctl,
1252         .compat_ioctl   = tty_compat_ioctl,
1253         .open           = tty_open,
1254         .release        = tty_release,
1255         .fasync         = tty_fasync,
1256 };
1257
1258 static const struct file_operations hung_up_tty_fops = {
1259         .llseek         = no_llseek,
1260         .read           = hung_up_tty_read,
1261         .write          = hung_up_tty_write,
1262         .poll           = hung_up_tty_poll,
1263         .ioctl          = hung_up_tty_ioctl,
1264         .compat_ioctl   = hung_up_tty_compat_ioctl,
1265         .release        = tty_release,
1266 };
1267
1268 static DEFINE_SPINLOCK(redirect_lock);
1269 static struct file *redirect;
1270
1271 /**
1272  *      tty_wakeup      -       request more data
1273  *      @tty: terminal
1274  *
1275  *      Internal and external helper for wakeups of tty. This function
1276  *      informs the line discipline if present that the driver is ready
1277  *      to receive more output data.
1278  */
1279
1280 void tty_wakeup(struct tty_struct *tty)
1281 {
1282         struct tty_ldisc *ld;
1283
1284         if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
1285                 ld = tty_ldisc_ref(tty);
1286                 if (ld) {
1287                         if (ld->write_wakeup)
1288                                 ld->write_wakeup(tty);
1289                         tty_ldisc_deref(ld);
1290                 }
1291         }
1292         wake_up_interruptible(&tty->write_wait);
1293 }
1294
1295 EXPORT_SYMBOL_GPL(tty_wakeup);
1296
1297 /**
1298  *      tty_ldisc_flush -       flush line discipline queue
1299  *      @tty: tty
1300  *
1301  *      Flush the line discipline queue (if any) for this tty. If there
1302  *      is no line discipline active this is a no-op.
1303  */
1304
1305 void tty_ldisc_flush(struct tty_struct *tty)
1306 {
1307         struct tty_ldisc *ld = tty_ldisc_ref(tty);
1308         if (ld) {
1309                 if (ld->flush_buffer)
1310                         ld->flush_buffer(tty);
1311                 tty_ldisc_deref(ld);
1312         }
1313         tty_buffer_flush(tty);
1314 }
1315
1316 EXPORT_SYMBOL_GPL(tty_ldisc_flush);
1317
1318 /**
1319  *      tty_reset_termios       -       reset terminal state
1320  *      @tty: tty to reset
1321  *
1322  *      Restore a terminal to the driver default state
1323  */
1324
1325 static void tty_reset_termios(struct tty_struct *tty)
1326 {
1327         mutex_lock(&tty->termios_mutex);
1328         *tty->termios = tty->driver->init_termios;
1329         tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
1330         tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
1331         mutex_unlock(&tty->termios_mutex);
1332 }
1333
1334 /**
1335  *      do_tty_hangup           -       actual handler for hangup events
1336  *      @work: tty device
1337  *
1338  *      This can be called by the "eventd" kernel thread.  That is process
1339  *      synchronous but doesn't hold any locks, so we need to make sure we
1340  *      have the appropriate locks for what we're doing.
1341  *
1342  *      The hangup event clears any pending redirections onto the hung up
1343  *      device. It ensures future writes will error and it does the needed
1344  *      line discipline hangup and signal delivery. The tty object itself
1345  *      remains intact.
1346  *
1347  *      Locking:
1348  *              BKL
1349  *                redirect lock for undoing redirection
1350  *                file list lock for manipulating list of ttys
1351  *                tty_ldisc_lock from called functions
1352  *                termios_mutex resetting termios data
1353  *                tasklist_lock to walk task list for hangup event
1354  *                  ->siglock to protect ->signal/->sighand
1355  */
1356 static void do_tty_hangup(struct work_struct *work)
1357 {
1358         struct tty_struct *tty =
1359                 container_of(work, struct tty_struct, hangup_work);
1360         struct file *cons_filp = NULL;
1361         struct file *filp, *f = NULL;
1362         struct task_struct *p;
1363         struct tty_ldisc *ld;
1364         int    closecount = 0, n;
1365
1366         if (!tty)
1367                 return;
1368
1369         /* inuse_filps is protected by the single kernel lock */
1370         lock_kernel();
1371
1372         spin_lock(&redirect_lock);
1373         if (redirect && redirect->private_data == tty) {
1374                 f = redirect;
1375                 redirect = NULL;
1376         }
1377         spin_unlock(&redirect_lock);
1378
1379         check_tty_count(tty, "do_tty_hangup");
1380         file_list_lock();
1381         /* This breaks for file handles being sent over AF_UNIX sockets ? */
1382         list_for_each_entry(filp, &tty->tty_files, f_u.fu_list) {
1383                 if (filp->f_op->write == redirected_tty_write)
1384                         cons_filp = filp;
1385                 if (filp->f_op->write != tty_write)
1386                         continue;
1387                 closecount++;
1388                 tty_fasync(-1, filp, 0);        /* can't block */
1389                 filp->f_op = &hung_up_tty_fops;
1390         }
1391         file_list_unlock();
1392         /*
1393          * FIXME! What are the locking issues here? This may me overdoing
1394          * things... This question is especially important now that we've
1395          * removed the irqlock.
1396          */
1397         ld = tty_ldisc_ref(tty);
1398         if (ld != NULL) {
1399                 /* We may have no line discipline at this point */
1400                 if (ld->flush_buffer)
1401                         ld->flush_buffer(tty);
1402                 if (tty->driver->flush_buffer)
1403                         tty->driver->flush_buffer(tty);
1404                 if ((test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) &&
1405                     ld->write_wakeup)
1406                         ld->write_wakeup(tty);
1407                 if (ld->hangup)
1408                         ld->hangup(tty);
1409         }
1410         /*
1411          * FIXME: Once we trust the LDISC code better we can wait here for
1412          * ldisc completion and fix the driver call race
1413          */
1414         wake_up_interruptible(&tty->write_wait);
1415         wake_up_interruptible(&tty->read_wait);
1416         /*
1417          * Shutdown the current line discipline, and reset it to
1418          * N_TTY.
1419          */
1420         if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1421                 tty_reset_termios(tty);
1422         /* Defer ldisc switch */
1423         /* tty_deferred_ldisc_switch(N_TTY);
1424
1425           This should get done automatically when the port closes and
1426           tty_release is called */
1427
1428         read_lock(&tasklist_lock);
1429         if (tty->session) {
1430                 do_each_pid_task(tty->session, PIDTYPE_SID, p) {
1431                         spin_lock_irq(&p->sighand->siglock);
1432                         if (p->signal->tty == tty)
1433                                 p->signal->tty = NULL;
1434                         if (!p->signal->leader) {
1435                                 spin_unlock_irq(&p->sighand->siglock);
1436                                 continue;
1437                         }
1438                         __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
1439                         __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
1440                         put_pid(p->signal->tty_old_pgrp);  /* A noop */
1441                         if (tty->pgrp)
1442                                 p->signal->tty_old_pgrp = get_pid(tty->pgrp);
1443                         spin_unlock_irq(&p->sighand->siglock);
1444                 } while_each_pid_task(tty->session, PIDTYPE_SID, p);
1445         }
1446         read_unlock(&tasklist_lock);
1447
1448         tty->flags = 0;
1449         put_pid(tty->session);
1450         put_pid(tty->pgrp);
1451         tty->session = NULL;
1452         tty->pgrp = NULL;
1453         tty->ctrl_status = 0;
1454         /*
1455          * If one of the devices matches a console pointer, we
1456          * cannot just call hangup() because that will cause
1457          * tty->count and state->count to go out of sync.
1458          * So we just call close() the right number of times.
1459          */
1460         if (cons_filp) {
1461                 if (tty->driver->close)
1462                         for (n = 0; n < closecount; n++)
1463                                 tty->driver->close(tty, cons_filp);
1464         } else if (tty->driver->hangup)
1465                 (tty->driver->hangup)(tty);
1466         /*
1467          * We don't want to have driver/ldisc interactions beyond
1468          * the ones we did here. The driver layer expects no
1469          * calls after ->hangup() from the ldisc side. However we
1470          * can't yet guarantee all that.
1471          */
1472         set_bit(TTY_HUPPED, &tty->flags);
1473         if (ld) {
1474                 tty_ldisc_enable(tty);
1475                 tty_ldisc_deref(ld);
1476         }
1477         unlock_kernel();
1478         if (f)
1479                 fput(f);
1480 }
1481
1482 /**
1483  *      tty_hangup              -       trigger a hangup event
1484  *      @tty: tty to hangup
1485  *
1486  *      A carrier loss (virtual or otherwise) has occurred on this like
1487  *      schedule a hangup sequence to run after this event.
1488  */
1489
1490 void tty_hangup(struct tty_struct *tty)
1491 {
1492 #ifdef TTY_DEBUG_HANGUP
1493         char    buf[64];
1494         printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
1495 #endif
1496         schedule_work(&tty->hangup_work);
1497 }
1498
1499 EXPORT_SYMBOL(tty_hangup);
1500
1501 /**
1502  *      tty_vhangup             -       process vhangup
1503  *      @tty: tty to hangup
1504  *
1505  *      The user has asked via system call for the terminal to be hung up.
1506  *      We do this synchronously so that when the syscall returns the process
1507  *      is complete. That guarantee is necessary for security reasons.
1508  */
1509
1510 void tty_vhangup(struct tty_struct *tty)
1511 {
1512 #ifdef TTY_DEBUG_HANGUP
1513         char    buf[64];
1514
1515         printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
1516 #endif
1517         do_tty_hangup(&tty->hangup_work);
1518 }
1519
1520 EXPORT_SYMBOL(tty_vhangup);
1521
1522 /**
1523  *      tty_hung_up_p           -       was tty hung up
1524  *      @filp: file pointer of tty
1525  *
1526  *      Return true if the tty has been subject to a vhangup or a carrier
1527  *      loss
1528  */
1529
1530 int tty_hung_up_p(struct file *filp)
1531 {
1532         return (filp->f_op == &hung_up_tty_fops);
1533 }
1534
1535 EXPORT_SYMBOL(tty_hung_up_p);
1536
1537 /**
1538  *      is_tty  -       checker whether file is a TTY
1539  *      @filp:          file handle that may be a tty
1540  *
1541  *      Check if the file handle is a tty handle.
1542  */
1543
1544 int is_tty(struct file *filp)
1545 {
1546         return filp->f_op->read == tty_read
1547                 || filp->f_op->read == hung_up_tty_read;
1548 }
1549
1550 static void session_clear_tty(struct pid *session)
1551 {
1552         struct task_struct *p;
1553         do_each_pid_task(session, PIDTYPE_SID, p) {
1554                 proc_clear_tty(p);
1555         } while_each_pid_task(session, PIDTYPE_SID, p);
1556 }
1557
1558 /**
1559  *      disassociate_ctty       -       disconnect controlling tty
1560  *      @on_exit: true if exiting so need to "hang up" the session
1561  *
1562  *      This function is typically called only by the session leader, when
1563  *      it wants to disassociate itself from its controlling tty.
1564  *
1565  *      It performs the following functions:
1566  *      (1)  Sends a SIGHUP and SIGCONT to the foreground process group
1567  *      (2)  Clears the tty from being controlling the session
1568  *      (3)  Clears the controlling tty for all processes in the
1569  *              session group.
1570  *
1571  *      The argument on_exit is set to 1 if called when a process is
1572  *      exiting; it is 0 if called by the ioctl TIOCNOTTY.
1573  *
1574  *      Locking:
1575  *              BKL is taken for hysterical raisins
1576  *                tty_mutex is taken to protect tty
1577  *                ->siglock is taken to protect ->signal/->sighand
1578  *                tasklist_lock is taken to walk process list for sessions
1579  *                  ->siglock is taken to protect ->signal/->sighand
1580  */
1581
1582 void disassociate_ctty(int on_exit)
1583 {
1584         struct tty_struct *tty;
1585         struct pid *tty_pgrp = NULL;
1586
1587         lock_kernel();
1588
1589         mutex_lock(&tty_mutex);
1590         tty = get_current_tty();
1591         if (tty) {
1592                 tty_pgrp = get_pid(tty->pgrp);
1593                 mutex_unlock(&tty_mutex);
1594                 /* XXX: here we race, there is nothing protecting tty */
1595                 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY)
1596                         tty_vhangup(tty);
1597         } else if (on_exit) {
1598                 struct pid *old_pgrp;
1599                 spin_lock_irq(&current->sighand->siglock);
1600                 old_pgrp = current->signal->tty_old_pgrp;
1601                 current->signal->tty_old_pgrp = NULL;
1602                 spin_unlock_irq(&current->sighand->siglock);
1603                 if (old_pgrp) {
1604                         kill_pgrp(old_pgrp, SIGHUP, on_exit);
1605                         kill_pgrp(old_pgrp, SIGCONT, on_exit);
1606                         put_pid(old_pgrp);
1607                 }
1608                 mutex_unlock(&tty_mutex);
1609                 unlock_kernel();
1610                 return;
1611         }
1612         if (tty_pgrp) {
1613                 kill_pgrp(tty_pgrp, SIGHUP, on_exit);
1614                 if (!on_exit)
1615                         kill_pgrp(tty_pgrp, SIGCONT, on_exit);
1616                 put_pid(tty_pgrp);
1617         }
1618
1619         spin_lock_irq(&current->sighand->siglock);
1620         put_pid(current->signal->tty_old_pgrp);
1621         current->signal->tty_old_pgrp = NULL;
1622         spin_unlock_irq(&current->sighand->siglock);
1623
1624         mutex_lock(&tty_mutex);
1625         /* It is possible that do_tty_hangup has free'd this tty */
1626         tty = get_current_tty();
1627         if (tty) {
1628                 put_pid(tty->session);
1629                 put_pid(tty->pgrp);
1630                 tty->session = NULL;
1631                 tty->pgrp = NULL;
1632         } else {
1633 #ifdef TTY_DEBUG_HANGUP
1634                 printk(KERN_DEBUG "error attempted to write to tty [0x%p]"
1635                        " = NULL", tty);
1636 #endif
1637         }
1638         mutex_unlock(&tty_mutex);
1639
1640         /* Now clear signal->tty under the lock */
1641         read_lock(&tasklist_lock);
1642         session_clear_tty(task_session(current));
1643         read_unlock(&tasklist_lock);
1644         unlock_kernel();
1645 }
1646
1647 /**
1648  *
1649  *      no_tty  - Ensure the current process does not have a controlling tty
1650  */
1651 void no_tty(void)
1652 {
1653         struct task_struct *tsk = current;
1654         if (tsk->signal->leader)
1655                 disassociate_ctty(0);
1656         proc_clear_tty(tsk);
1657 }
1658
1659
1660 /**
1661  *      stop_tty        -       propagate flow control
1662  *      @tty: tty to stop
1663  *
1664  *      Perform flow control to the driver. For PTY/TTY pairs we
1665  *      must also propagate the TIOCKPKT status. May be called
1666  *      on an already stopped device and will not re-call the driver
1667  *      method.
1668  *
1669  *      This functionality is used by both the line disciplines for
1670  *      halting incoming flow and by the driver. It may therefore be
1671  *      called from any context, may be under the tty atomic_write_lock
1672  *      but not always.
1673  *
1674  *      Locking:
1675  *              Broken. Relies on BKL which is unsafe here.
1676  */
1677
1678 void stop_tty(struct tty_struct *tty)
1679 {
1680         if (tty->stopped)
1681                 return;
1682         tty->stopped = 1;
1683         if (tty->link && tty->link->packet) {
1684                 tty->ctrl_status &= ~TIOCPKT_START;
1685                 tty->ctrl_status |= TIOCPKT_STOP;
1686                 wake_up_interruptible(&tty->link->read_wait);
1687         }
1688         if (tty->driver->stop)
1689                 (tty->driver->stop)(tty);
1690 }
1691
1692 EXPORT_SYMBOL(stop_tty);
1693
1694 /**
1695  *      start_tty       -       propagate flow control
1696  *      @tty: tty to start
1697  *
1698  *      Start a tty that has been stopped if at all possible. Perform
1699  *      any necessary wakeups and propagate the TIOCPKT status. If this
1700  *      is the tty was previous stopped and is being started then the
1701  *      driver start method is invoked and the line discipline woken.
1702  *
1703  *      Locking:
1704  *              Broken. Relies on BKL which is unsafe here.
1705  */
1706
1707 void start_tty(struct tty_struct *tty)
1708 {
1709         if (!tty->stopped || tty->flow_stopped)
1710                 return;
1711         tty->stopped = 0;
1712         if (tty->link && tty->link->packet) {
1713                 tty->ctrl_status &= ~TIOCPKT_STOP;
1714                 tty->ctrl_status |= TIOCPKT_START;
1715                 wake_up_interruptible(&tty->link->read_wait);
1716         }
1717         if (tty->driver->start)
1718                 (tty->driver->start)(tty);
1719         /* If we have a running line discipline it may need kicking */
1720         tty_wakeup(tty);
1721 }
1722
1723 EXPORT_SYMBOL(start_tty);
1724
1725 /**
1726  *      tty_read        -       read method for tty device files
1727  *      @file: pointer to tty file
1728  *      @buf: user buffer
1729  *      @count: size of user buffer
1730  *      @ppos: unused
1731  *
1732  *      Perform the read system call function on this terminal device. Checks
1733  *      for hung up devices before calling the line discipline method.
1734  *
1735  *      Locking:
1736  *              Locks the line discipline internally while needed
1737  *              For historical reasons the line discipline read method is
1738  *      invoked under the BKL. This will go away in time so do not rely on it
1739  *      in new code. Multiple read calls may be outstanding in parallel.
1740  */
1741
1742 static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
1743                         loff_t *ppos)
1744 {
1745         int i;
1746         struct tty_struct *tty;
1747         struct inode *inode;
1748         struct tty_ldisc *ld;
1749
1750         tty = (struct tty_struct *)file->private_data;
1751         inode = file->f_path.dentry->d_inode;
1752         if (tty_paranoia_check(tty, inode, "tty_read"))
1753                 return -EIO;
1754         if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
1755                 return -EIO;
1756
1757         /* We want to wait for the line discipline to sort out in this
1758            situation */
1759         ld = tty_ldisc_ref_wait(tty);
1760         lock_kernel();
1761         if (ld->read)
1762                 i = (ld->read)(tty, file, buf, count);
1763         else
1764                 i = -EIO;
1765         tty_ldisc_deref(ld);
1766         unlock_kernel();
1767         if (i > 0)
1768                 inode->i_atime = current_fs_time(inode->i_sb);
1769         return i;
1770 }
1771
1772 void tty_write_unlock(struct tty_struct *tty)
1773 {
1774         mutex_unlock(&tty->atomic_write_lock);
1775         wake_up_interruptible(&tty->write_wait);
1776 }
1777
1778 int tty_write_lock(struct tty_struct *tty, int ndelay)
1779 {
1780         if (!mutex_trylock(&tty->atomic_write_lock)) {
1781                 if (ndelay)
1782                         return -EAGAIN;
1783                 if (mutex_lock_interruptible(&tty->atomic_write_lock))
1784                         return -ERESTARTSYS;
1785         }
1786         return 0;
1787 }
1788
1789 /*
1790  * Split writes up in sane blocksizes to avoid
1791  * denial-of-service type attacks
1792  */
1793 static inline ssize_t do_tty_write(
1794         ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1795         struct tty_struct *tty,
1796         struct file *file,
1797         const char __user *buf,
1798         size_t count)
1799 {
1800         ssize_t ret, written = 0;
1801         unsigned int chunk;
1802
1803         ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
1804         if (ret < 0)
1805                 return ret;
1806
1807         /*
1808          * We chunk up writes into a temporary buffer. This
1809          * simplifies low-level drivers immensely, since they
1810          * don't have locking issues and user mode accesses.
1811          *
1812          * But if TTY_NO_WRITE_SPLIT is set, we should use a
1813          * big chunk-size..
1814          *
1815          * The default chunk-size is 2kB, because the NTTY
1816          * layer has problems with bigger chunks. It will
1817          * claim to be able to handle more characters than
1818          * it actually does.
1819          *
1820          * FIXME: This can probably go away now except that 64K chunks
1821          * are too likely to fail unless switched to vmalloc...
1822          */
1823         chunk = 2048;
1824         if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1825                 chunk = 65536;
1826         if (count < chunk)
1827                 chunk = count;
1828
1829         /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1830         if (tty->write_cnt < chunk) {
1831                 unsigned char *buf;
1832
1833                 if (chunk < 1024)
1834                         chunk = 1024;
1835
1836                 buf = kmalloc(chunk, GFP_KERNEL);
1837                 if (!buf) {
1838                         ret = -ENOMEM;
1839                         goto out;
1840                 }
1841                 kfree(tty->write_buf);
1842                 tty->write_cnt = chunk;
1843                 tty->write_buf = buf;
1844         }
1845
1846         /* Do the write .. */
1847         for (;;) {
1848                 size_t size = count;
1849                 if (size > chunk)
1850                         size = chunk;
1851                 ret = -EFAULT;
1852                 if (copy_from_user(tty->write_buf, buf, size))
1853                         break;
1854                 lock_kernel();
1855                 ret = write(tty, file, tty->write_buf, size);
1856                 unlock_kernel();
1857                 if (ret <= 0)
1858                         break;
1859                 written += ret;
1860                 buf += ret;
1861                 count -= ret;
1862                 if (!count)
1863                         break;
1864                 ret = -ERESTARTSYS;
1865                 if (signal_pending(current))
1866                         break;
1867                 cond_resched();
1868         }
1869         if (written) {
1870                 struct inode *inode = file->f_path.dentry->d_inode;
1871                 inode->i_mtime = current_fs_time(inode->i_sb);
1872                 ret = written;
1873         }
1874 out:
1875         tty_write_unlock(tty);
1876         return ret;
1877 }
1878
1879
1880 /**
1881  *      tty_write               -       write method for tty device file
1882  *      @file: tty file pointer
1883  *      @buf: user data to write
1884  *      @count: bytes to write
1885  *      @ppos: unused
1886  *
1887  *      Write data to a tty device via the line discipline.
1888  *
1889  *      Locking:
1890  *              Locks the line discipline as required
1891  *              Writes to the tty driver are serialized by the atomic_write_lock
1892  *      and are then processed in chunks to the device. The line discipline
1893  *      write method will not be involked in parallel for each device
1894  *              The line discipline write method is called under the big
1895  *      kernel lock for historical reasons. New code should not rely on this.
1896  */
1897
1898 static ssize_t tty_write(struct file *file, const char __user *buf,
1899                                                 size_t count, loff_t *ppos)
1900 {
1901         struct tty_struct *tty;
1902         struct inode *inode = file->f_path.dentry->d_inode;
1903         ssize_t ret;
1904         struct tty_ldisc *ld;
1905
1906         tty = (struct tty_struct *)file->private_data;
1907         if (tty_paranoia_check(tty, inode, "tty_write"))
1908                 return -EIO;
1909         if (!tty || !tty->driver->write ||
1910                 (test_bit(TTY_IO_ERROR, &tty->flags)))
1911                         return -EIO;
1912
1913         ld = tty_ldisc_ref_wait(tty);
1914         if (!ld->write)
1915                 ret = -EIO;
1916         else
1917                 ret = do_tty_write(ld->write, tty, file, buf, count);
1918         tty_ldisc_deref(ld);
1919         return ret;
1920 }
1921
1922 ssize_t redirected_tty_write(struct file *file, const char __user *buf,
1923                                                 size_t count, loff_t *ppos)
1924 {
1925         struct file *p = NULL;
1926
1927         spin_lock(&redirect_lock);
1928         if (redirect) {
1929                 get_file(redirect);
1930                 p = redirect;
1931         }
1932         spin_unlock(&redirect_lock);
1933
1934         if (p) {
1935                 ssize_t res;
1936                 res = vfs_write(p, buf, count, &p->f_pos);
1937                 fput(p);
1938                 return res;
1939         }
1940         return tty_write(file, buf, count, ppos);
1941 }
1942
1943 static char ptychar[] = "pqrstuvwxyzabcde";
1944
1945 /**
1946  *      pty_line_name   -       generate name for a pty
1947  *      @driver: the tty driver in use
1948  *      @index: the minor number
1949  *      @p: output buffer of at least 6 bytes
1950  *
1951  *      Generate a name from a driver reference and write it to the output
1952  *      buffer.
1953  *
1954  *      Locking: None
1955  */
1956 static void pty_line_name(struct tty_driver *driver, int index, char *p)
1957 {
1958         int i = index + driver->name_base;
1959         /* ->name is initialized to "ttyp", but "tty" is expected */
1960         sprintf(p, "%s%c%x",
1961                 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1962                 ptychar[i >> 4 & 0xf], i & 0xf);
1963 }
1964
1965 /**
1966  *      pty_line_name   -       generate name for a tty
1967  *      @driver: the tty driver in use
1968  *      @index: the minor number
1969  *      @p: output buffer of at least 7 bytes
1970  *
1971  *      Generate a name from a driver reference and write it to the output
1972  *      buffer.
1973  *
1974  *      Locking: None
1975  */
1976 static void tty_line_name(struct tty_driver *driver, int index, char *p)
1977 {
1978         sprintf(p, "%s%d", driver->name, index + driver->name_base);
1979 }
1980
1981 /**
1982  *      init_dev                -       initialise a tty device
1983  *      @driver: tty driver we are opening a device on
1984  *      @idx: device index
1985  *      @tty: returned tty structure
1986  *
1987  *      Prepare a tty device. This may not be a "new" clean device but
1988  *      could also be an active device. The pty drivers require special
1989  *      handling because of this.
1990  *
1991  *      Locking:
1992  *              The function is called under the tty_mutex, which
1993  *      protects us from the tty struct or driver itself going away.
1994  *
1995  *      On exit the tty device has the line discipline attached and
1996  *      a reference count of 1. If a pair was created for pty/tty use
1997  *      and the other was a pty master then it too has a reference count of 1.
1998  *
1999  * WSH 06/09/97: Rewritten to remove races and properly clean up after a
2000  * failed open.  The new code protects the open with a mutex, so it's
2001  * really quite straightforward.  The mutex locking can probably be
2002  * relaxed for the (most common) case of reopening a tty.
2003  */
2004
2005 static int init_dev(struct tty_driver *driver, int idx,
2006         struct tty_struct **ret_tty)
2007 {
2008         struct tty_struct *tty, *o_tty;
2009         struct ktermios *tp, **tp_loc, *o_tp, **o_tp_loc;
2010         struct ktermios *ltp, **ltp_loc, *o_ltp, **o_ltp_loc;
2011         int retval = 0;
2012
2013         /* check whether we're reopening an existing tty */
2014         if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
2015                 tty = devpts_get_tty(idx);
2016                 /*
2017                  * If we don't have a tty here on a slave open, it's because
2018                  * the master already started the close process and there's
2019                  * no relation between devpts file and tty anymore.
2020                  */
2021                 if (!tty && driver->subtype == PTY_TYPE_SLAVE) {
2022                         retval = -EIO;
2023                         goto end_init;
2024                 }
2025                 /*
2026                  * It's safe from now on because init_dev() is called with
2027                  * tty_mutex held and release_dev() won't change tty->count
2028                  * or tty->flags without having to grab tty_mutex
2029                  */
2030                 if (tty && driver->subtype == PTY_TYPE_MASTER)
2031                         tty = tty->link;
2032         } else {
2033                 tty = driver->ttys[idx];
2034         }
2035         if (tty) goto fast_track;
2036
2037         /*
2038          * First time open is complex, especially for PTY devices.
2039          * This code guarantees that either everything succeeds and the
2040          * TTY is ready for operation, or else the table slots are vacated
2041          * and the allocated memory released.  (Except that the termios
2042          * and locked termios may be retained.)
2043          */
2044
2045         if (!try_module_get(driver->owner)) {
2046                 retval = -ENODEV;
2047                 goto end_init;
2048         }
2049
2050         o_tty = NULL;
2051         tp = o_tp = NULL;
2052         ltp = o_ltp = NULL;
2053
2054         tty = alloc_tty_struct();
2055         if (!tty)
2056                 goto fail_no_mem;
2057         initialize_tty_struct(tty);
2058         tty->driver = driver;
2059         tty->index = idx;
2060         tty_line_name(driver, idx, tty->name);
2061
2062         if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
2063                 tp_loc = &tty->termios;
2064                 ltp_loc = &tty->termios_locked;
2065         } else {
2066                 tp_loc = &driver->termios[idx];
2067                 ltp_loc = &driver->termios_locked[idx];
2068         }
2069
2070         if (!*tp_loc) {
2071                 tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
2072                 if (!tp)
2073                         goto free_mem_out;
2074                 *tp = driver->init_termios;
2075         }
2076
2077         if (!*ltp_loc) {
2078                 ltp = kzalloc(sizeof(struct ktermios), GFP_KERNEL);
2079                 if (!ltp)
2080                         goto free_mem_out;
2081         }
2082
2083         if (driver->type == TTY_DRIVER_TYPE_PTY) {
2084                 o_tty = alloc_tty_struct();
2085                 if (!o_tty)
2086                         goto free_mem_out;
2087                 initialize_tty_struct(o_tty);
2088                 o_tty->driver = driver->other;
2089                 o_tty->index = idx;
2090                 tty_line_name(driver->other, idx, o_tty->name);
2091
2092                 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
2093                         o_tp_loc = &o_tty->termios;
2094                         o_ltp_loc = &o_tty->termios_locked;
2095                 } else {
2096                         o_tp_loc = &driver->other->termios[idx];
2097                         o_ltp_loc = &driver->other->termios_locked[idx];
2098                 }
2099
2100                 if (!*o_tp_loc) {
2101                         o_tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
2102                         if (!o_tp)
2103                                 goto free_mem_out;
2104                         *o_tp = driver->other->init_termios;
2105                 }
2106
2107                 if (!*o_ltp_loc) {
2108                         o_ltp = kzalloc(sizeof(struct ktermios), GFP_KERNEL);
2109                         if (!o_ltp)
2110                                 goto free_mem_out;
2111                 }
2112
2113                 /*
2114                  * Everything allocated ... set up the o_tty structure.
2115                  */
2116                 if (!(driver->other->flags & TTY_DRIVER_DEVPTS_MEM))
2117                         driver->other->ttys[idx] = o_tty;
2118                 if (!*o_tp_loc)
2119                         *o_tp_loc = o_tp;
2120                 if (!*o_ltp_loc)
2121                         *o_ltp_loc = o_ltp;
2122                 o_tty->termios = *o_tp_loc;
2123                 o_tty->termios_locked = *o_ltp_loc;
2124                 driver->other->refcount++;
2125                 if (driver->subtype == PTY_TYPE_MASTER)
2126                         o_tty->count++;
2127
2128                 /* Establish the links in both directions */
2129                 tty->link   = o_tty;
2130                 o_tty->link = tty;
2131         }
2132
2133         /*
2134          * All structures have been allocated, so now we install them.
2135          * Failures after this point use release_tty to clean up, so
2136          * there's no need to null out the local pointers.
2137          */
2138         if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM))
2139                 driver->ttys[idx] = tty;
2140
2141         if (!*tp_loc)
2142                 *tp_loc = tp;
2143         if (!*ltp_loc)
2144                 *ltp_loc = ltp;
2145         tty->termios = *tp_loc;
2146         tty->termios_locked = *ltp_loc;
2147         /* Compatibility until drivers always set this */
2148         tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
2149         tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
2150         driver->refcount++;
2151         tty->count++;
2152
2153         /*
2154          * Structures all installed ... call the ldisc open routines.
2155          * If we fail here just call release_tty to clean up.  No need
2156          * to decrement the use counts, as release_tty doesn't care.
2157          */
2158
2159         if (tty->ldisc.open) {
2160                 retval = (tty->ldisc.open)(tty);
2161                 if (retval)
2162                         goto release_mem_out;
2163         }
2164         if (o_tty && o_tty->ldisc.open) {
2165                 retval = (o_tty->ldisc.open)(o_tty);
2166                 if (retval) {
2167                         if (tty->ldisc.close)
2168                                 (tty->ldisc.close)(tty);
2169                         goto release_mem_out;
2170                 }
2171                 tty_ldisc_enable(o_tty);
2172         }
2173         tty_ldisc_enable(tty);
2174         goto success;
2175
2176         /*
2177          * This fast open can be used if the tty is already open.
2178          * No memory is allocated, and the only failures are from
2179          * attempting to open a closing tty or attempting multiple
2180          * opens on a pty master.
2181          */
2182 fast_track:
2183         if (test_bit(TTY_CLOSING, &tty->flags)) {
2184                 retval = -EIO;
2185                 goto end_init;
2186         }
2187         if (driver->type == TTY_DRIVER_TYPE_PTY &&
2188             driver->subtype == PTY_TYPE_MASTER) {
2189                 /*
2190                  * special case for PTY masters: only one open permitted,
2191                  * and the slave side open count is incremented as well.
2192                  */
2193                 if (tty->count) {
2194                         retval = -EIO;
2195                         goto end_init;
2196                 }
2197                 tty->link->count++;
2198         }
2199         tty->count++;
2200         tty->driver = driver; /* N.B. why do this every time?? */
2201
2202         /* FIXME */
2203         if (!test_bit(TTY_LDISC, &tty->flags))
2204                 printk(KERN_ERR "init_dev but no ldisc\n");
2205 success:
2206         *ret_tty = tty;
2207
2208         /* All paths come through here to release the mutex */
2209 end_init:
2210         return retval;
2211
2212         /* Release locally allocated memory ... nothing placed in slots */
2213 free_mem_out:
2214         kfree(o_tp);
2215         if (o_tty)
2216                 free_tty_struct(o_tty);
2217         kfree(ltp);
2218         kfree(tp);
2219         free_tty_struct(tty);
2220
2221 fail_no_mem:
2222         module_put(driver->owner);
2223         retval = -ENOMEM;
2224         goto end_init;
2225
2226         /* call the tty release_tty routine to clean out this slot */
2227 release_mem_out:
2228         if (printk_ratelimit())
2229                 printk(KERN_INFO "init_dev: ldisc open failed, "
2230                                  "clearing slot %d\n", idx);
2231         release_tty(tty, idx);
2232         goto end_init;
2233 }
2234
2235 /**
2236  *      release_one_tty         -       release tty structure memory
2237  *
2238  *      Releases memory associated with a tty structure, and clears out the
2239  *      driver table slots. This function is called when a device is no longer
2240  *      in use. It also gets called when setup of a device fails.
2241  *
2242  *      Locking:
2243  *              tty_mutex - sometimes only
2244  *              takes the file list lock internally when working on the list
2245  *      of ttys that the driver keeps.
2246  *              FIXME: should we require tty_mutex is held here ??
2247  */
2248 static void release_one_tty(struct tty_struct *tty, int idx)
2249 {
2250         int devpts = tty->driver->flags & TTY_DRIVER_DEVPTS_MEM;
2251         struct ktermios *tp;
2252
2253         if (!devpts)
2254                 tty->driver->ttys[idx] = NULL;
2255
2256         if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
2257                 tp = tty->termios;
2258                 if (!devpts)
2259                         tty->driver->termios[idx] = NULL;
2260                 kfree(tp);
2261
2262                 tp = tty->termios_locked;
2263                 if (!devpts)
2264                         tty->driver->termios_locked[idx] = NULL;
2265                 kfree(tp);
2266         }
2267
2268
2269         tty->magic = 0;
2270         tty->driver->refcount--;
2271
2272         file_list_lock();
2273         list_del_init(&tty->tty_files);
2274         file_list_unlock();
2275
2276         free_tty_struct(tty);
2277 }
2278
2279 /**
2280  *      release_tty             -       release tty structure memory
2281  *
2282  *      Release both @tty and a possible linked partner (think pty pair),
2283  *      and decrement the refcount of the backing module.
2284  *
2285  *      Locking:
2286  *              tty_mutex - sometimes only
2287  *              takes the file list lock internally when working on the list
2288  *      of ttys that the driver keeps.
2289  *              FIXME: should we require tty_mutex is held here ??
2290  */
2291 static void release_tty(struct tty_struct *tty, int idx)
2292 {
2293         struct tty_driver *driver = tty->driver;
2294
2295         if (tty->link)
2296                 release_one_tty(tty->link, idx);
2297         release_one_tty(tty, idx);
2298         module_put(driver->owner);
2299 }
2300
2301 /*
2302  * Even releasing the tty structures is a tricky business.. We have
2303  * to be very careful that the structures are all released at the
2304  * same time, as interrupts might otherwise get the wrong pointers.
2305  *
2306  * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
2307  * lead to double frees or releasing memory still in use.
2308  */
2309 static void release_dev(struct file *filp)
2310 {
2311         struct tty_struct *tty, *o_tty;
2312         int     pty_master, tty_closing, o_tty_closing, do_sleep;
2313         int     devpts;
2314         int     idx;
2315         char    buf[64];
2316         unsigned long flags;
2317
2318         tty = (struct tty_struct *)filp->private_data;
2319         if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode,
2320                                                         "release_dev"))
2321                 return;
2322
2323         check_tty_count(tty, "release_dev");
2324
2325         tty_fasync(-1, filp, 0);
2326
2327         idx = tty->index;
2328         pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2329                       tty->driver->subtype == PTY_TYPE_MASTER);
2330         devpts = (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) != 0;
2331         o_tty = tty->link;
2332
2333 #ifdef TTY_PARANOIA_CHECK
2334         if (idx < 0 || idx >= tty->driver->num) {
2335                 printk(KERN_DEBUG "release_dev: bad idx when trying to "
2336                                   "free (%s)\n", tty->name);
2337                 return;
2338         }
2339         if (!(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2340                 if (tty != tty->driver->ttys[idx]) {
2341                         printk(KERN_DEBUG "release_dev: driver.table[%d] not tty "
2342                                "for (%s)\n", idx, tty->name);
2343                         return;
2344                 }
2345                 if (tty->termios != tty->driver->termios[idx]) {
2346                         printk(KERN_DEBUG "release_dev: driver.termios[%d] not termios "
2347                                "for (%s)\n",
2348                                idx, tty->name);
2349                         return;
2350                 }
2351                 if (tty->termios_locked != tty->driver->termios_locked[idx]) {
2352                         printk(KERN_DEBUG "release_dev: driver.termios_locked[%d] not "
2353                                "termios_locked for (%s)\n",
2354                                idx, tty->name);
2355                         return;
2356                 }
2357         }
2358 #endif
2359
2360 #ifdef TTY_DEBUG_HANGUP
2361         printk(KERN_DEBUG "release_dev of %s (tty count=%d)...",
2362                tty_name(tty, buf), tty->count);
2363 #endif
2364
2365 #ifdef TTY_PARANOIA_CHECK
2366         if (tty->driver->other &&
2367              !(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2368                 if (o_tty != tty->driver->other->ttys[idx]) {
2369                         printk(KERN_DEBUG "release_dev: other->table[%d] "
2370                                           "not o_tty for (%s)\n",
2371                                idx, tty->name);
2372                         return;
2373                 }
2374                 if (o_tty->termios != tty->driver->other->termios[idx]) {
2375                         printk(KERN_DEBUG "release_dev: other->termios[%d] "
2376                                           "not o_termios for (%s)\n",
2377                                idx, tty->name);
2378                         return;
2379                 }
2380                 if (o_tty->termios_locked !=
2381                       tty->driver->other->termios_locked[idx]) {
2382                         printk(KERN_DEBUG "release_dev: other->termios_locked["
2383                                           "%d] not o_termios_locked for (%s)\n",
2384                                idx, tty->name);
2385                         return;
2386                 }
2387                 if (o_tty->link != tty) {
2388                         printk(KERN_DEBUG "release_dev: bad pty pointers\n");
2389                         return;
2390                 }
2391         }
2392 #endif
2393         if (tty->driver->close)
2394                 tty->driver->close(tty, filp);
2395
2396         /*
2397          * Sanity check: if tty->count is going to zero, there shouldn't be
2398          * any waiters on tty->read_wait or tty->write_wait.  We test the
2399          * wait queues and kick everyone out _before_ actually starting to
2400          * close.  This ensures that we won't block while releasing the tty
2401          * structure.
2402          *
2403          * The test for the o_tty closing is necessary, since the master and
2404          * slave sides may close in any order.  If the slave side closes out
2405          * first, its count will be one, since the master side holds an open.
2406          * Thus this test wouldn't be triggered at the time the slave closes,
2407          * so we do it now.
2408          *
2409          * Note that it's possible for the tty to be opened again while we're
2410          * flushing out waiters.  By recalculating the closing flags before
2411          * each iteration we avoid any problems.
2412          */
2413         while (1) {
2414                 /* Guard against races with tty->count changes elsewhere and
2415                    opens on /dev/tty */
2416
2417                 mutex_lock(&tty_mutex);
2418                 tty_closing = tty->count <= 1;
2419                 o_tty_closing = o_tty &&
2420                         (o_tty->count <= (pty_master ? 1 : 0));
2421                 do_sleep = 0;
2422
2423                 if (tty_closing) {
2424                         if (waitqueue_active(&tty->read_wait)) {
2425                                 wake_up(&tty->read_wait);
2426                                 do_sleep++;
2427                         }
2428                         if (waitqueue_active(&tty->write_wait)) {
2429                                 wake_up(&tty->write_wait);
2430                                 do_sleep++;
2431                         }
2432                 }
2433                 if (o_tty_closing) {
2434                         if (waitqueue_active(&o_tty->read_wait)) {
2435                                 wake_up(&o_tty->read_wait);
2436                                 do_sleep++;
2437                         }
2438                         if (waitqueue_active(&o_tty->write_wait)) {
2439                                 wake_up(&o_tty->write_wait);
2440                                 do_sleep++;
2441                         }
2442                 }
2443                 if (!do_sleep)
2444                         break;
2445
2446                 printk(KERN_WARNING "release_dev: %s: read/write wait queue "
2447                                     "active!\n", tty_name(tty, buf));
2448                 mutex_unlock(&tty_mutex);
2449                 schedule();
2450         }
2451
2452         /*
2453          * The closing flags are now consistent with the open counts on
2454          * both sides, and we've completed the last operation that could
2455          * block, so it's safe to proceed with closing.
2456          */
2457         if (pty_master) {
2458                 if (--o_tty->count < 0) {
2459                         printk(KERN_WARNING "release_dev: bad pty slave count "
2460                                             "(%d) for %s\n",
2461                                o_tty->count, tty_name(o_tty, buf));
2462                         o_tty->count = 0;
2463                 }
2464         }
2465         if (--tty->count < 0) {
2466                 printk(KERN_WARNING "release_dev: bad tty->count (%d) for %s\n",
2467                        tty->count, tty_name(tty, buf));
2468                 tty->count = 0;
2469         }
2470
2471         /*
2472          * We've decremented tty->count, so we need to remove this file
2473          * descriptor off the tty->tty_files list; this serves two
2474          * purposes:
2475          *  - check_tty_count sees the correct number of file descriptors
2476          *    associated with this tty.
2477          *  - do_tty_hangup no longer sees this file descriptor as
2478          *    something that needs to be handled for hangups.
2479          */
2480         file_kill(filp);
2481         filp->private_data = NULL;
2482
2483         /*
2484          * Perform some housekeeping before deciding whether to return.
2485          *
2486          * Set the TTY_CLOSING flag if this was the last open.  In the
2487          * case of a pty we may have to wait around for the other side
2488          * to close, and TTY_CLOSING makes sure we can't be reopened.
2489          */
2490         if (tty_closing)
2491                 set_bit(TTY_CLOSING, &tty->flags);
2492         if (o_tty_closing)
2493                 set_bit(TTY_CLOSING, &o_tty->flags);
2494
2495         /*
2496          * If _either_ side is closing, make sure there aren't any
2497          * processes that still think tty or o_tty is their controlling
2498          * tty.
2499          */
2500         if (tty_closing || o_tty_closing) {
2501                 read_lock(&tasklist_lock);
2502                 session_clear_tty(tty->session);
2503                 if (o_tty)
2504                         session_clear_tty(o_tty->session);
2505                 read_unlock(&tasklist_lock);
2506         }
2507
2508         mutex_unlock(&tty_mutex);
2509
2510         /* check whether both sides are closing ... */
2511         if (!tty_closing || (o_tty && !o_tty_closing))
2512                 return;
2513
2514 #ifdef TTY_DEBUG_HANGUP
2515         printk(KERN_DEBUG "freeing tty structure...");
2516 #endif
2517         /*
2518          * Prevent flush_to_ldisc() from rescheduling the work for later.  Then
2519          * kill any delayed work. As this is the final close it does not
2520          * race with the set_ldisc code path.
2521          */
2522         clear_bit(TTY_LDISC, &tty->flags);
2523         cancel_delayed_work(&tty->buf.work);
2524
2525         /*
2526          * Wait for ->hangup_work and ->buf.work handlers to terminate
2527          */
2528
2529         flush_scheduled_work();
2530
2531         /*
2532          * Wait for any short term users (we know they are just driver
2533          * side waiters as the file is closing so user count on the file
2534          * side is zero.
2535          */
2536         spin_lock_irqsave(&tty_ldisc_lock, flags);
2537         while (tty->ldisc.refcount) {
2538                 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
2539                 wait_event(tty_ldisc_wait, tty->ldisc.refcount == 0);
2540                 spin_lock_irqsave(&tty_ldisc_lock, flags);
2541         }
2542         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
2543         /*
2544          * Shutdown the current line discipline, and reset it to N_TTY.
2545          * N.B. why reset ldisc when we're releasing the memory??
2546          *
2547          * FIXME: this MUST get fixed for the new reflocking
2548          */
2549         if (tty->ldisc.close)
2550                 (tty->ldisc.close)(tty);
2551         tty_ldisc_put(tty->ldisc.num);
2552
2553         /*
2554          *      Switch the line discipline back
2555          */
2556         tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
2557         tty_set_termios_ldisc(tty, N_TTY);
2558         if (o_tty) {
2559                 /* FIXME: could o_tty be in setldisc here ? */
2560                 clear_bit(TTY_LDISC, &o_tty->flags);
2561                 if (o_tty->ldisc.close)
2562                         (o_tty->ldisc.close)(o_tty);
2563                 tty_ldisc_put(o_tty->ldisc.num);
2564                 tty_ldisc_assign(o_tty, tty_ldisc_get(N_TTY));
2565                 tty_set_termios_ldisc(o_tty, N_TTY);
2566         }
2567         /*
2568          * The release_tty function takes care of the details of clearing
2569          * the slots and preserving the termios structure.
2570          */
2571         release_tty(tty, idx);
2572
2573 #ifdef CONFIG_UNIX98_PTYS
2574         /* Make this pty number available for reallocation */
2575         if (devpts) {
2576                 mutex_lock(&allocated_ptys_lock);
2577                 idr_remove(&allocated_ptys, idx);
2578                 mutex_unlock(&allocated_ptys_lock);
2579         }
2580 #endif
2581
2582 }
2583
2584 /**
2585  *      tty_open                -       open a tty device
2586  *      @inode: inode of device file
2587  *      @filp: file pointer to tty
2588  *
2589  *      tty_open and tty_release keep up the tty count that contains the
2590  *      number of opens done on a tty. We cannot use the inode-count, as
2591  *      different inodes might point to the same tty.
2592  *
2593  *      Open-counting is needed for pty masters, as well as for keeping
2594  *      track of serial lines: DTR is dropped when the last close happens.
2595  *      (This is not done solely through tty->count, now.  - Ted 1/27/92)
2596  *
2597  *      The termios state of a pty is reset on first open so that
2598  *      settings don't persist across reuse.
2599  *
2600  *      Locking: tty_mutex protects tty, get_tty_driver and init_dev work.
2601  *               tty->count should protect the rest.
2602  *               ->siglock protects ->signal/->sighand
2603  */
2604
2605 static int tty_open(struct inode *inode, struct file *filp)
2606 {
2607         struct tty_struct *tty;
2608         int noctty, retval;
2609         struct tty_driver *driver;
2610         int index;
2611         dev_t device = inode->i_rdev;
2612         unsigned short saved_flags = filp->f_flags;
2613
2614         nonseekable_open(inode, filp);
2615
2616 retry_open:
2617         noctty = filp->f_flags & O_NOCTTY;
2618         index  = -1;
2619         retval = 0;
2620
2621         mutex_lock(&tty_mutex);
2622
2623         if (device == MKDEV(TTYAUX_MAJOR, 0)) {
2624                 tty = get_current_tty();
2625                 if (!tty) {
2626                         mutex_unlock(&tty_mutex);
2627                         return -ENXIO;
2628                 }
2629                 driver = tty->driver;
2630                 index = tty->index;
2631                 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
2632                 /* noctty = 1; */
2633                 goto got_driver;
2634         }
2635 #ifdef CONFIG_VT
2636         if (device == MKDEV(TTY_MAJOR, 0)) {
2637                 extern struct tty_driver *console_driver;
2638                 driver = console_driver;
2639                 index = fg_console;
2640                 noctty = 1;
2641                 goto got_driver;
2642         }
2643 #endif
2644         if (device == MKDEV(TTYAUX_MAJOR, 1)) {
2645                 driver = console_device(&index);
2646                 if (driver) {
2647                         /* Don't let /dev/console block */
2648                         filp->f_flags |= O_NONBLOCK;
2649                         noctty = 1;
2650                         goto got_driver;
2651                 }
2652                 mutex_unlock(&tty_mutex);
2653                 return -ENODEV;
2654         }
2655
2656         driver = get_tty_driver(device, &index);
2657         if (!driver) {
2658                 mutex_unlock(&tty_mutex);
2659                 return -ENODEV;
2660         }
2661 got_driver:
2662         retval = init_dev(driver, index, &tty);
2663         mutex_unlock(&tty_mutex);
2664         if (retval)
2665                 return retval;
2666
2667         filp->private_data = tty;
2668         file_move(filp, &tty->tty_files);
2669         check_tty_count(tty, "tty_open");
2670         if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2671             tty->driver->subtype == PTY_TYPE_MASTER)
2672                 noctty = 1;
2673 #ifdef TTY_DEBUG_HANGUP
2674         printk(KERN_DEBUG "opening %s...", tty->name);
2675 #endif
2676         if (!retval) {
2677                 if (tty->driver->open)
2678                         retval = tty->driver->open(tty, filp);
2679                 else
2680                         retval = -ENODEV;
2681         }
2682         filp->f_flags = saved_flags;
2683
2684         if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) &&
2685                                                 !capable(CAP_SYS_ADMIN))
2686                 retval = -EBUSY;
2687
2688         if (retval) {
2689 #ifdef TTY_DEBUG_HANGUP
2690                 printk(KERN_DEBUG "error %d in opening %s...", retval,
2691                        tty->name);
2692 #endif
2693                 release_dev(filp);
2694                 if (retval != -ERESTARTSYS)
2695                         return retval;
2696                 if (signal_pending(current))
2697                         return retval;
2698                 schedule();
2699                 /*
2700                  * Need to reset f_op in case a hangup happened.
2701                  */
2702                 if (filp->f_op == &hung_up_tty_fops)
2703                         filp->f_op = &tty_fops;
2704                 goto retry_open;
2705         }
2706
2707         mutex_lock(&tty_mutex);
2708         spin_lock_irq(&current->sighand->siglock);
2709         if (!noctty &&
2710             current->signal->leader &&
2711             !current->signal->tty &&
2712             tty->session == NULL)
2713                 __proc_set_tty(current, tty);
2714         spin_unlock_irq(&current->sighand->siglock);
2715         mutex_unlock(&tty_mutex);
2716         tty_audit_opening();
2717         return 0;
2718 }
2719
2720 #ifdef CONFIG_UNIX98_PTYS
2721 /**
2722  *      ptmx_open               -       open a unix 98 pty master
2723  *      @inode: inode of device file
2724  *      @filp: file pointer to tty
2725  *
2726  *      Allocate a unix98 pty master device from the ptmx driver.
2727  *
2728  *      Locking: tty_mutex protects theinit_dev work. tty->count should
2729  *              protect the rest.
2730  *              allocated_ptys_lock handles the list of free pty numbers
2731  */
2732
2733 static int ptmx_open(struct inode *inode, struct file *filp)
2734 {
2735         struct tty_struct *tty;
2736         int retval;
2737         int index;
2738         int idr_ret;
2739
2740         nonseekable_open(inode, filp);
2741
2742         /* find a device that is not in use. */
2743         mutex_lock(&allocated_ptys_lock);
2744         if (!idr_pre_get(&allocated_ptys, GFP_KERNEL)) {
2745                 mutex_unlock(&allocated_ptys_lock);
2746                 return -ENOMEM;
2747         }
2748         idr_ret = idr_get_new(&allocated_ptys, NULL, &index);
2749         if (idr_ret < 0) {
2750                 mutex_unlock(&allocated_ptys_lock);
2751                 if (idr_ret == -EAGAIN)
2752                         return -ENOMEM;
2753                 return -EIO;
2754         }
2755         if (index >= pty_limit) {
2756                 idr_remove(&allocated_ptys, index);
2757                 mutex_unlock(&allocated_ptys_lock);
2758                 return -EIO;
2759         }
2760         mutex_unlock(&allocated_ptys_lock);
2761
2762         mutex_lock(&tty_mutex);
2763         retval = init_dev(ptm_driver, index, &tty);
2764         mutex_unlock(&tty_mutex);
2765
2766         if (retval)
2767                 goto out;
2768
2769         set_bit(TTY_PTY_LOCK, &tty->flags); /* LOCK THE SLAVE */
2770         filp->private_data = tty;
2771         file_move(filp, &tty->tty_files);
2772
2773         retval = -ENOMEM;
2774         if (devpts_pty_new(tty->link))
2775                 goto out1;
2776
2777         check_tty_count(tty, "tty_open");
2778         retval = ptm_driver->open(tty, filp);
2779         if (!retval) {
2780                 tty_audit_opening();
2781                 return 0;
2782         }
2783 out1:
2784         release_dev(filp);
2785         return retval;
2786 out:
2787         mutex_lock(&allocated_ptys_lock);
2788         idr_remove(&allocated_ptys, index);
2789         mutex_unlock(&allocated_ptys_lock);
2790         return retval;
2791 }
2792 #endif
2793
2794 /**
2795  *      tty_release             -       vfs callback for close
2796  *      @inode: inode of tty
2797  *      @filp: file pointer for handle to tty
2798  *
2799  *      Called the last time each file handle is closed that references
2800  *      this tty. There may however be several such references.
2801  *
2802  *      Locking:
2803  *              Takes bkl. See release_dev
2804  */
2805
2806 static int tty_release(struct inode *inode, struct file *filp)
2807 {
2808         lock_kernel();
2809         release_dev(filp);
2810         unlock_kernel();
2811         return 0;
2812 }
2813
2814 /**
2815  *      tty_poll        -       check tty status
2816  *      @filp: file being polled
2817  *      @wait: poll wait structures to update
2818  *
2819  *      Call the line discipline polling method to obtain the poll
2820  *      status of the device.
2821  *
2822  *      Locking: locks called line discipline but ldisc poll method
2823  *      may be re-entered freely by other callers.
2824  */
2825
2826 static unsigned int tty_poll(struct file *filp, poll_table *wait)
2827 {
2828         struct tty_struct *tty;
2829         struct tty_ldisc *ld;
2830         int ret = 0;
2831
2832         tty = (struct tty_struct *)filp->private_data;
2833         if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_poll"))
2834                 return 0;
2835
2836         ld = tty_ldisc_ref_wait(tty);
2837         if (ld->poll)
2838                 ret = (ld->poll)(tty, filp, wait);
2839         tty_ldisc_deref(ld);
2840         return ret;
2841 }
2842
2843 static int tty_fasync(int fd, struct file *filp, int on)
2844 {
2845         struct tty_struct *tty;
2846         int retval;
2847
2848         tty = (struct tty_struct *)filp->private_data;
2849         if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_fasync"))
2850                 return 0;
2851
2852         retval = fasync_helper(fd, filp, on, &tty->fasync);
2853         if (retval <= 0)
2854                 return retval;
2855
2856         if (on) {
2857                 enum pid_type type;
2858                 struct pid *pid;
2859                 if (!waitqueue_active(&tty->read_wait))
2860                         tty->minimum_to_wake = 1;
2861                 if (tty->pgrp) {
2862                         pid = tty->pgrp;
2863                         type = PIDTYPE_PGID;
2864                 } else {
2865                         pid = task_pid(current);
2866                         type = PIDTYPE_PID;
2867                 }
2868                 retval = __f_setown(filp, pid, type, 0);
2869                 if (retval)
2870                         return retval;
2871         } else {
2872                 if (!tty->fasync && !waitqueue_active(&tty->read_wait))
2873                         tty->minimum_to_wake = N_TTY_BUF_SIZE;
2874         }
2875         return 0;
2876 }
2877
2878 /**
2879  *      tiocsti                 -       fake input character
2880  *      @tty: tty to fake input into
2881  *      @p: pointer to character
2882  *
2883  *      Fake input to a tty device. Does the necessary locking and
2884  *      input management.
2885  *
2886  *      FIXME: does not honour flow control ??
2887  *
2888  *      Locking:
2889  *              Called functions take tty_ldisc_lock
2890  *              current->signal->tty check is safe without locks
2891  *
2892  *      FIXME: may race normal receive processing
2893  */
2894
2895 static int tiocsti(struct tty_struct *tty, char __user *p)
2896 {
2897         char ch, mbz = 0;
2898         struct tty_ldisc *ld;
2899
2900         if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2901                 return -EPERM;
2902         if (get_user(ch, p))
2903                 return -EFAULT;
2904         ld = tty_ldisc_ref_wait(tty);
2905         ld->receive_buf(tty, &ch, &mbz, 1);
2906         tty_ldisc_deref(ld);
2907         return 0;
2908 }
2909
2910 /**
2911  *      tiocgwinsz              -       implement window query ioctl
2912  *      @tty; tty
2913  *      @arg: user buffer for result
2914  *
2915  *      Copies the kernel idea of the window size into the user buffer.
2916  *
2917  *      Locking: tty->termios_mutex is taken to ensure the winsize data
2918  *              is consistent.
2919  */
2920
2921 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2922 {
2923         int err;
2924
2925         mutex_lock(&tty->termios_mutex);
2926         err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2927         mutex_unlock(&tty->termios_mutex);
2928
2929         return err ? -EFAULT: 0;
2930 }
2931
2932 /**
2933  *      tiocswinsz              -       implement window size set ioctl
2934  *      @tty; tty
2935  *      @arg: user buffer for result
2936  *
2937  *      Copies the user idea of the window size to the kernel. Traditionally
2938  *      this is just advisory information but for the Linux console it
2939  *      actually has driver level meaning and triggers a VC resize.
2940  *
2941  *      Locking:
2942  *              Called function use the console_sem is used to ensure we do
2943  *      not try and resize the console twice at once.
2944  *              The tty->termios_mutex is used to ensure we don't double
2945  *      resize and get confused. Lock order - tty->termios_mutex before
2946  *      console sem
2947  */
2948
2949 static int tiocswinsz(struct tty_struct *tty, struct tty_struct *real_tty,
2950         struct winsize __user *arg)
2951 {
2952         struct winsize tmp_ws;
2953
2954         if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2955                 return -EFAULT;
2956
2957         mutex_lock(&tty->termios_mutex);
2958         if (!memcmp(&tmp_ws, &tty->winsize, sizeof(*arg)))
2959                 goto done;
2960
2961 #ifdef CONFIG_VT
2962         if (tty->driver->type == TTY_DRIVER_TYPE_CONSOLE) {
2963                 if (vc_lock_resize(tty->driver_data, tmp_ws.ws_col,
2964                                         tmp_ws.ws_row)) {
2965                         mutex_unlock(&tty->termios_mutex);
2966                         return -ENXIO;
2967                 }
2968         }
2969 #endif
2970         if (tty->pgrp)
2971                 kill_pgrp(tty->pgrp, SIGWINCH, 1);
2972         if ((real_tty->pgrp != tty->pgrp) && real_tty->pgrp)
2973                 kill_pgrp(real_tty->pgrp, SIGWINCH, 1);
2974         tty->winsize = tmp_ws;
2975         real_tty->winsize = tmp_ws;
2976 done:
2977         mutex_unlock(&tty->termios_mutex);
2978         return 0;
2979 }
2980
2981 /**
2982  *      tioccons        -       allow admin to move logical console
2983  *      @file: the file to become console
2984  *
2985  *      Allow the adminstrator to move the redirected console device
2986  *
2987  *      Locking: uses redirect_lock to guard the redirect information
2988  */
2989
2990 static int tioccons(struct file *file)
2991 {
2992         if (!capable(CAP_SYS_ADMIN))
2993                 return -EPERM;
2994         if (file->f_op->write == redirected_tty_write) {
2995                 struct file *f;
2996                 spin_lock(&redirect_lock);
2997                 f = redirect;
2998                 redirect = NULL;
2999                 spin_unlock(&redirect_lock);
3000                 if (f)
3001                         fput(f);
3002                 return 0;
3003         }
3004         spin_lock(&redirect_lock);
3005         if (redirect) {
3006                 spin_unlock(&redirect_lock);
3007                 return -EBUSY;
3008         }
3009         get_file(file);
3010         redirect = file;
3011         spin_unlock(&redirect_lock);
3012         return 0;
3013 }
3014
3015 /**
3016  *      fionbio         -       non blocking ioctl
3017  *      @file: file to set blocking value
3018  *      @p: user parameter
3019  *
3020  *      Historical tty interfaces had a blocking control ioctl before
3021  *      the generic functionality existed. This piece of history is preserved
3022  *      in the expected tty API of posix OS's.
3023  *
3024  *      Locking: none, the open fle handle ensures it won't go away.
3025  */
3026
3027 static int fionbio(struct file *file, int __user *p)
3028 {
3029         int nonblock;
3030
3031         if (get_user(nonblock, p))
3032                 return -EFAULT;
3033
3034         if (nonblock)
3035                 file->f_flags |= O_NONBLOCK;
3036         else
3037                 file->f_flags &= ~O_NONBLOCK;
3038         return 0;
3039 }
3040
3041 /**
3042  *      tiocsctty       -       set controlling tty
3043  *      @tty: tty structure
3044  *      @arg: user argument
3045  *
3046  *      This ioctl is used to manage job control. It permits a session
3047  *      leader to set this tty as the controlling tty for the session.
3048  *
3049  *      Locking:
3050  *              Takes tty_mutex() to protect tty instance
3051  *              Takes tasklist_lock internally to walk sessions
3052  *              Takes ->siglock() when updating signal->tty
3053  */
3054
3055 static int tiocsctty(struct tty_struct *tty, int arg)
3056 {
3057         int ret = 0;
3058         if (current->signal->leader && (task_session(current) == tty->session))
3059                 return ret;
3060
3061         mutex_lock(&tty_mutex);
3062         /*
3063          * The process must be a session leader and
3064          * not have a controlling tty already.
3065          */
3066         if (!current->signal->leader || current->signal->tty) {
3067                 ret = -EPERM;
3068                 goto unlock;
3069         }
3070
3071         if (tty->session) {
3072                 /*
3073                  * This tty is already the controlling
3074                  * tty for another session group!
3075                  */
3076                 if (arg == 1 && capable(CAP_SYS_ADMIN)) {
3077                         /*
3078                          * Steal it away
3079                          */
3080                         read_lock(&tasklist_lock);
3081                         session_clear_tty(tty->session);
3082                         read_unlock(&tasklist_lock);
3083                 } else {
3084                         ret = -EPERM;
3085                         goto unlock;
3086                 }
3087         }
3088         proc_set_tty(current, tty);
3089 unlock:
3090         mutex_unlock(&tty_mutex);
3091         return ret;
3092 }
3093
3094 /**
3095  *      tiocgpgrp               -       get process group
3096  *      @tty: tty passed by user
3097  *      @real_tty: tty side of the tty pased by the user if a pty else the tty
3098  *      @p: returned pid
3099  *
3100  *      Obtain the process group of the tty. If there is no process group
3101  *      return an error.
3102  *
3103  *      Locking: none. Reference to current->signal->tty is safe.
3104  */
3105
3106 static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3107 {
3108         /*
3109          * (tty == real_tty) is a cheap way of
3110          * testing if the tty is NOT a master pty.
3111          */
3112         if (tty == real_tty && current->signal->tty != real_tty)
3113                 return -ENOTTY;
3114         return put_user(pid_vnr(real_tty->pgrp), p);
3115 }
3116
3117 /**
3118  *      tiocspgrp               -       attempt to set process group
3119  *      @tty: tty passed by user
3120  *      @real_tty: tty side device matching tty passed by user
3121  *      @p: pid pointer
3122  *
3123  *      Set the process group of the tty to the session passed. Only
3124  *      permitted where the tty session is our session.
3125  *
3126  *      Locking: None
3127  */
3128
3129 static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3130 {
3131         struct pid *pgrp;
3132         pid_t pgrp_nr;
3133         int retval = tty_check_change(real_tty);
3134
3135         if (retval == -EIO)
3136                 return -ENOTTY;
3137         if (retval)
3138                 return retval;
3139         if (!current->signal->tty ||
3140             (current->signal->tty != real_tty) ||
3141             (real_tty->session != task_session(current)))
3142                 return -ENOTTY;
3143         if (get_user(pgrp_nr, p))
3144                 return -EFAULT;
3145         if (pgrp_nr < 0)
3146                 return -EINVAL;
3147         rcu_read_lock();
3148         pgrp = find_vpid(pgrp_nr);
3149         retval = -ESRCH;
3150         if (!pgrp)
3151                 goto out_unlock;
3152         retval = -EPERM;
3153         if (session_of_pgrp(pgrp) != task_session(current))
3154                 goto out_unlock;
3155         retval = 0;
3156         put_pid(real_tty->pgrp);
3157         real_tty->pgrp = get_pid(pgrp);
3158 out_unlock:
3159         rcu_read_unlock();
3160         return retval;
3161 }
3162
3163 /**
3164  *      tiocgsid                -       get session id
3165  *      @tty: tty passed by user
3166  *      @real_tty: tty side of the tty pased by the user if a pty else the tty
3167  *      @p: pointer to returned session id
3168  *
3169  *      Obtain the session id of the tty. If there is no session
3170  *      return an error.
3171  *
3172  *      Locking: none. Reference to current->signal->tty is safe.
3173  */
3174
3175 static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3176 {
3177         /*
3178          * (tty == real_tty) is a cheap way of
3179          * testing if the tty is NOT a master pty.
3180         */
3181         if (tty == real_tty && current->signal->tty != real_tty)
3182                 return -ENOTTY;
3183         if (!real_tty->session)
3184                 return -ENOTTY;
3185         return put_user(pid_vnr(real_tty->session), p);
3186 }
3187
3188 /**
3189  *      tiocsetd        -       set line discipline
3190  *      @tty: tty device
3191  *      @p: pointer to user data
3192  *
3193  *      Set the line discipline according to user request.
3194  *
3195  *      Locking: see tty_set_ldisc, this function is just a helper
3196  */
3197
3198 static int tiocsetd(struct tty_struct *tty, int __user *p)
3199 {
3200         int ldisc;
3201
3202         if (get_user(ldisc, p))
3203                 return -EFAULT;
3204         return tty_set_ldisc(tty, ldisc);
3205 }
3206
3207 /**
3208  *      send_break      -       performed time break
3209  *      @tty: device to break on
3210  *      @duration: timeout in mS
3211  *
3212  *      Perform a timed break on hardware that lacks its own driver level
3213  *      timed break functionality.
3214  *
3215  *      Locking:
3216  *              atomic_write_lock serializes
3217  *
3218  */
3219
3220 static int send_break(struct tty_struct *tty, unsigned int duration)
3221 {
3222         if (tty_write_lock(tty, 0) < 0)
3223                 return -EINTR;
3224         tty->driver->break_ctl(tty, -1);
3225         if (!signal_pending(current))
3226                 msleep_interruptible(duration);
3227         tty->driver->break_ctl(tty, 0);
3228         tty_write_unlock(tty);
3229         if (signal_pending(current))
3230                 return -EINTR;
3231         return 0;
3232 }
3233
3234 /**
3235  *      tiocmget                -       get modem status
3236  *      @tty: tty device
3237  *      @file: user file pointer
3238  *      @p: pointer to result
3239  *
3240  *      Obtain the modem status bits from the tty driver if the feature
3241  *      is supported. Return -EINVAL if it is not available.
3242  *
3243  *      Locking: none (up to the driver)
3244  */
3245
3246 static int tty_tiocmget(struct tty_struct *tty, struct file *file, int __user *p)
3247 {
3248         int retval = -EINVAL;
3249
3250         if (tty->driver->tiocmget) {
3251                 retval = tty->driver->tiocmget(tty, file);
3252
3253                 if (retval >= 0)
3254                         retval = put_user(retval, p);
3255         }
3256         return retval;
3257 }
3258
3259 /**
3260  *      tiocmset                -       set modem status
3261  *      @tty: tty device
3262  *      @file: user file pointer
3263  *      @cmd: command - clear bits, set bits or set all
3264  *      @p: pointer to desired bits
3265  *
3266  *      Set the modem status bits from the tty driver if the feature
3267  *      is supported. Return -EINVAL if it is not available.
3268  *
3269  *      Locking: none (up to the driver)
3270  */
3271
3272 static int tty_tiocmset(struct tty_struct *tty, struct file *file, unsigned int cmd,
3273              unsigned __user *p)
3274 {
3275         int retval = -EINVAL;
3276
3277         if (tty->driver->tiocmset) {
3278                 unsigned int set, clear, val;
3279
3280                 retval = get_user(val, p);
3281                 if (retval)
3282                         return retval;
3283
3284                 set = clear = 0;
3285                 switch (cmd) {
3286                 case TIOCMBIS:
3287                         set = val;
3288                         break;
3289                 case TIOCMBIC:
3290                         clear = val;
3291                         break;
3292                 case TIOCMSET:
3293                         set = val;
3294                         clear = ~val;
3295                         break;
3296                 }
3297
3298                 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
3299                 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
3300
3301                 retval = tty->driver->tiocmset(tty, file, set, clear);
3302         }
3303         return retval;
3304 }
3305
3306 /*
3307  * Split this up, as gcc can choke on it otherwise..
3308  */
3309 int tty_ioctl(struct inode *inode, struct file *file,
3310               unsigned int cmd, unsigned long arg)
3311 {
3312         struct tty_struct *tty, *real_tty;
3313         void __user *p = (void __user *)arg;
3314         int retval;
3315         struct tty_ldisc *ld;
3316
3317         tty = (struct tty_struct *)file->private_data;
3318         if (tty_paranoia_check(tty, inode, "tty_ioctl"))
3319                 return -EINVAL;
3320
3321         /* CHECKME: is this safe as one end closes ? */
3322
3323         real_tty = tty;
3324         if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
3325             tty->driver->subtype == PTY_TYPE_MASTER)
3326                 real_tty = tty->link;
3327
3328         /*
3329          * Break handling by driver
3330          */
3331         if (!tty->driver->break_ctl) {
3332                 switch (cmd) {
3333                 case TIOCSBRK:
3334                 case TIOCCBRK:
3335                         if (tty->driver->ioctl)
3336                                 return tty->driver->ioctl(tty, file, cmd, arg);
3337                         return -EINVAL;
3338
3339                 /* These two ioctl's always return success; even if */
3340                 /* the driver doesn't support them. */
3341                 case TCSBRK:
3342                 case TCSBRKP:
3343                         if (!tty->driver->ioctl)
3344                                 return 0;
3345                         retval = tty->driver->ioctl(tty, file, cmd, arg);
3346                         if (retval == -ENOIOCTLCMD)
3347                                 retval = 0;
3348                         return retval;
3349                 }
3350         }
3351
3352         /*
3353          * Factor out some common prep work
3354          */
3355         switch (cmd) {
3356         case TIOCSETD:
3357         case TIOCSBRK:
3358         case TIOCCBRK:
3359         case TCSBRK:
3360         case TCSBRKP:
3361                 retval = tty_check_change(tty);
3362                 if (retval)
3363                         return retval;
3364                 if (cmd != TIOCCBRK) {
3365                         tty_wait_until_sent(tty, 0);
3366                         if (signal_pending(current))
3367                                 return -EINTR;
3368                 }
3369                 break;
3370         }
3371
3372         switch (cmd) {
3373         case TIOCSTI:
3374                 return tiocsti(tty, p);
3375         case TIOCGWINSZ:
3376                 return tiocgwinsz(tty, p);
3377         case TIOCSWINSZ:
3378                 return tiocswinsz(tty, real_tty, p);
3379         case TIOCCONS:
3380                 return real_tty != tty ? -EINVAL : tioccons(file);
3381         case FIONBIO:
3382                 return fionbio(file, p);
3383         case TIOCEXCL:
3384                 set_bit(TTY_EXCLUSIVE, &tty->flags);
3385                 return 0;
3386         case TIOCNXCL:
3387                 clear_bit(TTY_EXCLUSIVE, &tty->flags);
3388                 return 0;
3389         case TIOCNOTTY:
3390                 if (current->signal->tty != tty)
3391                         return -ENOTTY;
3392                 no_tty();
3393                 return 0;
3394         case TIOCSCTTY:
3395                 return tiocsctty(tty, arg);
3396         case TIOCGPGRP:
3397                 return tiocgpgrp(tty, real_tty, p);
3398         case TIOCSPGRP:
3399                 return tiocspgrp(tty, real_tty, p);
3400         case TIOCGSID:
3401                 return tiocgsid(tty, real_tty, p);
3402         case TIOCGETD:
3403                 /* FIXME: check this is ok */
3404                 return put_user(tty->ldisc.num, (int __user *)p);
3405         case TIOCSETD:
3406                 return tiocsetd(tty, p);
3407 #ifdef CONFIG_VT
3408         case TIOCLINUX:
3409                 return tioclinux(tty, arg);
3410 #endif
3411         /*
3412          * Break handling
3413          */
3414         case TIOCSBRK:  /* Turn break on, unconditionally */
3415                 tty->driver->break_ctl(tty, -1);
3416                 return 0;
3417
3418         case TIOCCBRK:  /* Turn break off, unconditionally */
3419                 tty->driver->break_ctl(tty, 0);
3420                 return 0;
3421         case TCSBRK:   /* SVID version: non-zero arg --> no break */
3422                 /* non-zero arg means wait for all output data
3423                  * to be sent (performed above) but don't send break.
3424                  * This is used by the tcdrain() termios function.
3425                  */
3426                 if (!arg)
3427                         return send_break(tty, 250);
3428                 return 0;
3429         case TCSBRKP:   /* support for POSIX tcsendbreak() */
3430                 return send_break(tty, arg ? arg*100 : 250);
3431
3432         case TIOCMGET:
3433                 return tty_tiocmget(tty, file, p);
3434         case TIOCMSET:
3435         case TIOCMBIC:
3436         case TIOCMBIS:
3437                 return tty_tiocmset(tty, file, cmd, p);
3438         case TCFLSH:
3439                 switch (arg) {
3440                 case TCIFLUSH:
3441                 case TCIOFLUSH:
3442                 /* flush tty buffer and allow ldisc to process ioctl */
3443                         tty_buffer_flush(tty);
3444                         break;
3445                 }
3446                 break;
3447         }
3448         if (tty->driver->ioctl) {
3449                 retval = (tty->driver->ioctl)(tty, file, cmd, arg);
3450                 if (retval != -ENOIOCTLCMD)
3451                         return retval;
3452         }
3453         ld = tty_ldisc_ref_wait(tty);
3454         retval = -EINVAL;
3455         if (ld->ioctl) {
3456                 retval = ld->ioctl(tty, file, cmd, arg);
3457                 if (retval == -ENOIOCTLCMD)
3458                         retval = -EINVAL;
3459         }
3460         tty_ldisc_deref(ld);
3461         return retval;
3462 }
3463
3464 #ifdef CONFIG_COMPAT
3465 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
3466                                 unsigned long arg)
3467 {
3468         struct inode *inode = file->f_dentry->d_inode;
3469         struct tty_struct *tty = file->private_data;
3470         struct tty_ldisc *ld;
3471         int retval = -ENOIOCTLCMD;
3472
3473         if (tty_paranoia_check(tty, inode, "tty_ioctl"))
3474                 return -EINVAL;
3475
3476         if (tty->driver->compat_ioctl) {
3477                 retval = (tty->driver->compat_ioctl)(tty, file, cmd, arg);
3478                 if (retval != -ENOIOCTLCMD)
3479                         return retval;
3480         }
3481
3482         ld = tty_ldisc_ref_wait(tty);
3483         if (ld->compat_ioctl)
3484                 retval = ld->compat_ioctl(tty, file, cmd, arg);
3485         tty_ldisc_deref(ld);
3486
3487         return retval;
3488 }
3489 #endif
3490
3491 /*
3492  * This implements the "Secure Attention Key" ---  the idea is to
3493  * prevent trojan horses by killing all processes associated with this
3494  * tty when the user hits the "Secure Attention Key".  Required for
3495  * super-paranoid applications --- see the Orange Book for more details.
3496  *
3497  * This code could be nicer; ideally it should send a HUP, wait a few
3498  * seconds, then send a INT, and then a KILL signal.  But you then
3499  * have to coordinate with the init process, since all processes associated
3500  * with the current tty must be dead before the new getty is allowed
3501  * to spawn.
3502  *
3503  * Now, if it would be correct ;-/ The current code has a nasty hole -
3504  * it doesn't catch files in flight. We may send the descriptor to ourselves
3505  * via AF_UNIX socket, close it and later fetch from socket. FIXME.
3506  *
3507  * Nasty bug: do_SAK is being called in interrupt context.  This can
3508  * deadlock.  We punt it up to process context.  AKPM - 16Mar2001
3509  */
3510 void __do_SAK(struct tty_struct *tty)
3511 {
3512 #ifdef TTY_SOFT_SAK
3513         tty_hangup(tty);
3514 #else
3515         struct task_struct *g, *p;
3516         struct pid *session;
3517         int             i;
3518         struct file     *filp;
3519         struct fdtable *fdt;
3520
3521         if (!tty)
3522                 return;
3523         session = tty->session;
3524
3525         tty_ldisc_flush(tty);
3526
3527         if (tty->driver->flush_buffer)
3528                 tty->driver->flush_buffer(tty);
3529
3530         read_lock(&tasklist_lock);
3531         /* Kill the entire session */
3532         do_each_pid_task(session, PIDTYPE_SID, p) {
3533                 printk(KERN_NOTICE "SAK: killed process %d"
3534                         " (%s): task_session_nr(p)==tty->session\n",
3535                         task_pid_nr(p), p->comm);
3536                 send_sig(SIGKILL, p, 1);
3537         } while_each_pid_task(session, PIDTYPE_SID, p);
3538         /* Now kill any processes that happen to have the
3539          * tty open.
3540          */
3541         do_each_thread(g, p) {
3542                 if (p->signal->tty == tty) {
3543                         printk(KERN_NOTICE "SAK: killed process %d"
3544                             " (%s): task_session_nr(p)==tty->session\n",
3545                             task_pid_nr(p), p->comm);
3546                         send_sig(SIGKILL, p, 1);
3547                         continue;
3548                 }
3549                 task_lock(p);
3550                 if (p->files) {
3551                         /*
3552                          * We don't take a ref to the file, so we must
3553                          * hold ->file_lock instead.
3554                          */
3555                         spin_lock(&p->files->file_lock);
3556                         fdt = files_fdtable(p->files);
3557                         for (i = 0; i < fdt->max_fds; i++) {
3558                                 filp = fcheck_files(p->files, i);
3559                                 if (!filp)
3560                                         continue;
3561                                 if (filp->f_op->read == tty_read &&
3562                                     filp->private_data == tty) {
3563                                         printk(KERN_NOTICE "SAK: killed process %d"
3564                                             " (%s): fd#%d opened to the tty\n",
3565                                             task_pid_nr(p), p->comm, i);
3566                                         force_sig(SIGKILL, p);
3567                                         break;
3568                                 }
3569                         }
3570                         spin_unlock(&p->files->file_lock);
3571                 }
3572                 task_unlock(p);
3573         } while_each_thread(g, p);
3574         read_unlock(&tasklist_lock);
3575 #endif
3576 }
3577
3578 static void do_SAK_work(struct work_struct *work)
3579 {
3580         struct tty_struct *tty =
3581                 container_of(work, struct tty_struct, SAK_work);
3582         __do_SAK(tty);
3583 }
3584
3585 /*
3586  * The tq handling here is a little racy - tty->SAK_work may already be queued.
3587  * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3588  * the values which we write to it will be identical to the values which it
3589  * already has. --akpm
3590  */
3591 void do_SAK(struct tty_struct *tty)
3592 {
3593         if (!tty)
3594                 return;
3595         schedule_work(&tty->SAK_work);
3596 }
3597
3598 EXPORT_SYMBOL(do_SAK);
3599
3600 /**
3601  *      flush_to_ldisc
3602  *      @work: tty structure passed from work queue.
3603  *
3604  *      This routine is called out of the software interrupt to flush data
3605  *      from the buffer chain to the line discipline.
3606  *
3607  *      Locking: holds tty->buf.lock to guard buffer list. Drops the lock
3608  *      while invoking the line discipline receive_buf method. The
3609  *      receive_buf method is single threaded for each tty instance.
3610  */
3611
3612 static void flush_to_ldisc(struct work_struct *work)
3613 {
3614         struct tty_struct *tty =
3615                 container_of(work, struct tty_struct, buf.work.work);
3616         unsigned long   flags;
3617         struct tty_ldisc *disc;
3618         struct tty_buffer *tbuf, *head;
3619         char *char_buf;
3620         unsigned char *flag_buf;
3621
3622         disc = tty_ldisc_ref(tty);
3623         if (disc == NULL)       /*  !TTY_LDISC */
3624                 return;
3625
3626         spin_lock_irqsave(&tty->buf.lock, flags);
3627         /* So we know a flush is running */
3628         set_bit(TTY_FLUSHING, &tty->flags);
3629         head = tty->buf.head;
3630         if (head != NULL) {
3631                 tty->buf.head = NULL;
3632                 for (;;) {
3633                         int count = head->commit - head->read;
3634                         if (!count) {
3635                                 if (head->next == NULL)
3636                                         break;
3637                                 tbuf = head;
3638                                 head = head->next;
3639                                 tty_buffer_free(tty, tbuf);
3640                                 continue;
3641                         }
3642                         /* Ldisc or user is trying to flush the buffers
3643                            we are feeding to the ldisc, stop feeding the
3644                            line discipline as we want to empty the queue */
3645                         if (test_bit(TTY_FLUSHPENDING, &tty->flags))
3646                                 break;
3647                         if (!tty->receive_room) {
3648                                 schedule_delayed_work(&tty->buf.work, 1);
3649                                 break;
3650                         }
3651                         if (count > tty->receive_room)
3652                                 count = tty->receive_room;
3653                         char_buf = head->char_buf_ptr + head->read;
3654                         flag_buf = head->flag_buf_ptr + head->read;
3655                         head->read += count;
3656                         spin_unlock_irqrestore(&tty->buf.lock, flags);
3657                         disc->receive_buf(tty, char_buf, flag_buf, count);
3658                         spin_lock_irqsave(&tty->buf.lock, flags);
3659                 }
3660                 /* Restore the queue head */
3661                 tty->buf.head = head;
3662         }
3663         /* We may have a deferred request to flush the input buffer,
3664            if so pull the chain under the lock and empty the queue */
3665         if (test_bit(TTY_FLUSHPENDING, &tty->flags)) {
3666                 __tty_buffer_flush(tty);
3667                 clear_bit(TTY_FLUSHPENDING, &tty->flags);
3668                 wake_up(&tty->read_wait);
3669         }
3670         clear_bit(TTY_FLUSHING, &tty->flags);
3671         spin_unlock_irqrestore(&tty->buf.lock, flags);
3672
3673         tty_ldisc_deref(disc);
3674 }
3675
3676 /**
3677  *      tty_flip_buffer_push    -       terminal
3678  *      @tty: tty to push
3679  *
3680  *      Queue a push of the terminal flip buffers to the line discipline. This
3681  *      function must not be called from IRQ context if tty->low_latency is set.
3682  *
3683  *      In the event of the queue being busy for flipping the work will be
3684  *      held off and retried later.
3685  *
3686  *      Locking: tty buffer lock. Driver locks in low latency mode.
3687  */
3688
3689 void tty_flip_buffer_push(struct tty_struct *tty)
3690 {
3691         unsigned long flags;
3692         spin_lock_irqsave(&tty->buf.lock, flags);
3693         if (tty->buf.tail != NULL)
3694                 tty->buf.tail->commit = tty->buf.tail->used;
3695         spin_unlock_irqrestore(&tty->buf.lock, flags);
3696
3697         if (tty->low_latency)
3698                 flush_to_ldisc(&tty->buf.work.work);
3699         else
3700                 schedule_delayed_work(&tty->buf.work, 1);
3701 }
3702
3703 EXPORT_SYMBOL(tty_flip_buffer_push);
3704
3705
3706 /**
3707  *      initialize_tty_struct
3708  *      @tty: tty to initialize
3709  *
3710  *      This subroutine initializes a tty structure that has been newly
3711  *      allocated.
3712  *
3713  *      Locking: none - tty in question must not be exposed at this point
3714  */
3715
3716 static void initialize_tty_struct(struct tty_struct *tty)
3717 {
3718         memset(tty, 0, sizeof(struct tty_struct));
3719         tty->magic = TTY_MAGIC;
3720         tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
3721         tty->session = NULL;
3722         tty->pgrp = NULL;
3723         tty->overrun_time = jiffies;
3724         tty->buf.head = tty->buf.tail = NULL;
3725         tty_buffer_init(tty);
3726         INIT_DELAYED_WORK(&tty->buf.work, flush_to_ldisc);
3727         mutex_init(&tty->termios_mutex);
3728         init_waitqueue_head(&tty->write_wait);
3729         init_waitqueue_head(&tty->read_wait);
3730         INIT_WORK(&tty->hangup_work, do_tty_hangup);
3731         mutex_init(&tty->atomic_read_lock);
3732         mutex_init(&tty->atomic_write_lock);
3733         spin_lock_init(&tty->read_lock);
3734         INIT_LIST_HEAD(&tty->tty_files);
3735         INIT_WORK(&tty->SAK_work, do_SAK_work);
3736 }
3737
3738 /*
3739  * The default put_char routine if the driver did not define one.
3740  */
3741
3742 static void tty_default_put_char(struct tty_struct *tty, unsigned char ch)
3743 {
3744         tty->driver->write(tty, &ch, 1);
3745 }
3746
3747 static struct class *tty_class;
3748
3749 /**
3750  *      tty_register_device - register a tty device
3751  *      @driver: the tty driver that describes the tty device
3752  *      @index: the index in the tty driver for this tty device
3753  *      @device: a struct device that is associated with this tty device.
3754  *              This field is optional, if there is no known struct device
3755  *              for this tty device it can be set to NULL safely.
3756  *
3757  *      Returns a pointer to the struct device for this tty device
3758  *      (or ERR_PTR(-EFOO) on error).
3759  *
3760  *      This call is required to be made to register an individual tty device
3761  *      if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set.  If
3762  *      that bit is not set, this function should not be called by a tty
3763  *      driver.
3764  *
3765  *      Locking: ??
3766  */
3767
3768 struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3769                                    struct device *device)
3770 {
3771         char name[64];
3772         dev_t dev = MKDEV(driver->major, driver->minor_start) + index;
3773
3774         if (index >= driver->num) {
3775                 printk(KERN_ERR "Attempt to register invalid tty line number "
3776                        " (%d).\n", index);
3777                 return ERR_PTR(-EINVAL);
3778         }
3779
3780         if (driver->type == TTY_DRIVER_TYPE_PTY)
3781                 pty_line_name(driver, index, name);
3782         else
3783                 tty_line_name(driver, index, name);
3784
3785         return device_create(tty_class, device, dev, name);
3786 }
3787
3788 /**
3789  *      tty_unregister_device - unregister a tty device
3790  *      @driver: the tty driver that describes the tty device
3791  *      @index: the index in the tty driver for this tty device
3792  *
3793  *      If a tty device is registered with a call to tty_register_device() then
3794  *      this function must be called when the tty device is gone.
3795  *
3796  *      Locking: ??
3797  */
3798
3799 void tty_unregister_device(struct tty_driver *driver, unsigned index)
3800 {
3801         device_destroy(tty_class,
3802                 MKDEV(driver->major, driver->minor_start) + index);
3803 }
3804
3805 EXPORT_SYMBOL(tty_register_device);
3806 EXPORT_SYMBOL(tty_unregister_device);
3807
3808 struct tty_driver *alloc_tty_driver(int lines)
3809 {
3810         struct tty_driver *driver;
3811
3812         driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL);
3813         if (driver) {
3814                 driver->magic = TTY_DRIVER_MAGIC;
3815                 driver->num = lines;
3816                 /* later we'll move allocation of tables here */
3817         }
3818         return driver;
3819 }
3820
3821 void put_tty_driver(struct tty_driver *driver)
3822 {
3823         kfree(driver);
3824 }
3825
3826 void tty_set_operations(struct tty_driver *driver,
3827                         const struct tty_operations *op)
3828 {
3829         driver->open = op->open;
3830         driver->close = op->close;
3831         driver->write = op->write;
3832         driver->put_char = op->put_char;
3833         driver->flush_chars = op->flush_chars;
3834         driver->write_room = op->write_room;
3835         driver->chars_in_buffer = op->chars_in_buffer;
3836         driver->ioctl = op->ioctl;
3837         driver->compat_ioctl = op->compat_ioctl;
3838         driver->set_termios = op->set_termios;
3839         driver->throttle = op->throttle;
3840         driver->unthrottle = op->unthrottle;
3841         driver->stop = op->stop;
3842         driver->start = op->start;
3843         driver->hangup = op->hangup;
3844         driver->break_ctl = op->break_ctl;
3845         driver->flush_buffer = op->flush_buffer;
3846         driver->set_ldisc = op->set_ldisc;
3847         driver->wait_until_sent = op->wait_until_sent;
3848         driver->send_xchar = op->send_xchar;
3849         driver->read_proc = op->read_proc;
3850         driver->write_proc = op->write_proc;
3851         driver->tiocmget = op->tiocmget;
3852         driver->tiocmset = op->tiocmset;
3853 }
3854
3855
3856 EXPORT_SYMBOL(alloc_tty_driver);
3857 EXPORT_SYMBOL(put_tty_driver);
3858 EXPORT_SYMBOL(tty_set_operations);
3859
3860 /*
3861  * Called by a tty driver to register itself.
3862  */
3863 int tty_register_driver(struct tty_driver *driver)
3864 {
3865         int error;
3866         int i;
3867         dev_t dev;
3868         void **p = NULL;
3869
3870         if (driver->flags & TTY_DRIVER_INSTALLED)
3871                 return 0;
3872
3873         if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM) && driver->num) {
3874                 p = kzalloc(driver->num * 3 * sizeof(void *), GFP_KERNEL);
3875                 if (!p)
3876                         return -ENOMEM;
3877         }
3878
3879         if (!driver->major) {
3880                 error = alloc_chrdev_region(&dev, driver->minor_start,
3881                                                 driver->num, driver->name);
3882                 if (!error) {
3883                         driver->major = MAJOR(dev);
3884                         driver->minor_start = MINOR(dev);
3885                 }
3886         } else {
3887                 dev = MKDEV(driver->major, driver->minor_start);
3888                 error = register_chrdev_region(dev, driver->num, driver->name);
3889         }
3890         if (error < 0) {
3891                 kfree(p);
3892                 return error;
3893         }
3894
3895         if (p) {
3896                 driver->ttys = (struct tty_struct **)p;
3897                 driver->termios = (struct ktermios **)(p + driver->num);
3898                 driver->termios_locked = (struct ktermios **)
3899                                                         (p + driver->num * 2);
3900         } else {
3901                 driver->ttys = NULL;
3902                 driver->termios = NULL;
3903                 driver->termios_locked = NULL;
3904         }
3905
3906         cdev_init(&driver->cdev, &tty_fops);
3907         driver->cdev.owner = driver->owner;
3908         error = cdev_add(&driver->cdev, dev, driver->num);
3909         if (error) {
3910                 unregister_chrdev_region(dev, driver->num);
3911                 driver->ttys = NULL;
3912                 driver->termios = driver->termios_locked = NULL;
3913                 kfree(p);
3914                 return error;
3915         }
3916
3917         if (!driver->put_char)
3918                 driver->put_char = tty_default_put_char;
3919
3920         mutex_lock(&tty_mutex);
3921         list_add(&driver->tty_drivers, &tty_drivers);
3922         mutex_unlock(&tty_mutex);
3923
3924         if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
3925                 for (i = 0; i < driver->num; i++)
3926                     tty_register_device(driver, i, NULL);
3927         }
3928         proc_tty_register_driver(driver);
3929         return 0;
3930 }
3931
3932 EXPORT_SYMBOL(tty_register_driver);
3933
3934 /*
3935  * Called by a tty driver to unregister itself.
3936  */
3937 int tty_unregister_driver(struct tty_driver *driver)
3938 {
3939         int i;
3940         struct ktermios *tp;
3941         void *p;
3942
3943         if (driver->refcount)
3944                 return -EBUSY;
3945
3946         unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3947                                 driver->num);
3948         mutex_lock(&tty_mutex);
3949         list_del(&driver->tty_drivers);
3950         mutex_unlock(&tty_mutex);
3951
3952         /*
3953          * Free the termios and termios_locked structures because
3954          * we don't want to get memory leaks when modular tty
3955          * drivers are removed from the kernel.
3956          */
3957         for (i = 0; i < driver->num; i++) {
3958                 tp = driver->termios[i];
3959                 if (tp) {
3960                         driver->termios[i] = NULL;
3961                         kfree(tp);
3962                 }
3963                 tp = driver->termios_locked[i];
3964                 if (tp) {
3965                         driver->termios_locked[i] = NULL;
3966                         kfree(tp);
3967                 }
3968                 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3969                         tty_unregister_device(driver, i);
3970         }
3971         p = driver->ttys;
3972         proc_tty_unregister_driver(driver);
3973         driver->ttys = NULL;
3974         driver->termios = driver->termios_locked = NULL;
3975         kfree(p);
3976         cdev_del(&driver->cdev);
3977         return 0;
3978 }
3979 EXPORT_SYMBOL(tty_unregister_driver);
3980
3981 dev_t tty_devnum(struct tty_struct *tty)
3982 {
3983         return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3984 }
3985 EXPORT_SYMBOL(tty_devnum);
3986
3987 void proc_clear_tty(struct task_struct *p)
3988 {
3989         spin_lock_irq(&p->sighand->siglock);
3990         p->signal->tty = NULL;
3991         spin_unlock_irq(&p->sighand->siglock);
3992 }
3993 EXPORT_SYMBOL(proc_clear_tty);
3994
3995 static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
3996 {
3997         if (tty) {
3998                 /* We should not have a session or pgrp to here but.... */
3999                 put_pid(tty->session);
4000                 put_pid(tty->pgrp);
4001                 tty->session = get_pid(task_session(tsk));
4002                 tty->pgrp = get_pid(task_pgrp(tsk));
4003         }
4004         put_pid(tsk->signal->tty_old_pgrp);
4005         tsk->signal->tty = tty;
4006         tsk->signal->tty_old_pgrp = NULL;
4007 }
4008
4009 static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
4010 {
4011         spin_lock_irq(&tsk->sighand->siglock);
4012         __proc_set_tty(tsk, tty);
4013         spin_unlock_irq(&tsk->sighand->siglock);
4014 }
4015
4016 struct tty_struct *get_current_tty(void)
4017 {
4018         struct tty_struct *tty;
4019         WARN_ON_ONCE(!mutex_is_locked(&tty_mutex));
4020         tty = current->signal->tty;
4021         /*
4022          * session->tty can be changed/cleared from under us, make sure we
4023          * issue the load. The obtained pointer, when not NULL, is valid as
4024          * long as we hold tty_mutex.
4025          */
4026         barrier();
4027         return tty;
4028 }
4029 EXPORT_SYMBOL_GPL(get_current_tty);
4030
4031 /*
4032  * Initialize the console device. This is called *early*, so
4033  * we can't necessarily depend on lots of kernel help here.
4034  * Just do some early initializations, and do the complex setup
4035  * later.
4036  */
4037 void __init console_init(void)
4038 {
4039         initcall_t *call;
4040
4041         /* Setup the default TTY line discipline. */
4042         (void) tty_register_ldisc(N_TTY, &tty_ldisc_N_TTY);
4043
4044         /*
4045          * set up the console device so that later boot sequences can
4046          * inform about problems etc..
4047          */
4048         call = __con_initcall_start;
4049         while (call < __con_initcall_end) {
4050                 (*call)();
4051                 call++;
4052         }
4053 }
4054
4055 static int __init tty_class_init(void)
4056 {
4057         tty_class = class_create(THIS_MODULE, "tty");
4058         if (IS_ERR(tty_class))
4059                 return PTR_ERR(tty_class);
4060         return 0;
4061 }
4062
4063 postcore_initcall(tty_class_init);
4064
4065 /* 3/2004 jmc: why do these devices exist? */
4066
4067 static struct cdev tty_cdev, console_cdev;
4068 #ifdef CONFIG_UNIX98_PTYS
4069 static struct cdev ptmx_cdev;
4070 #endif
4071 #ifdef CONFIG_VT
4072 static struct cdev vc0_cdev;
4073 #endif
4074
4075 /*
4076  * Ok, now we can initialize the rest of the tty devices and can count
4077  * on memory allocations, interrupts etc..
4078  */
4079 static int __init tty_init(void)
4080 {
4081         cdev_init(&tty_cdev, &tty_fops);
4082         if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
4083             register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
4084                 panic("Couldn't register /dev/tty driver\n");
4085         device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), "tty");
4086
4087         cdev_init(&console_cdev, &console_fops);
4088         if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
4089             register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
4090                 panic("Couldn't register /dev/console driver\n");
4091         device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), "console");
4092
4093 #ifdef CONFIG_UNIX98_PTYS
4094         cdev_init(&ptmx_cdev, &ptmx_fops);
4095         if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) ||
4096             register_chrdev_region(MKDEV(TTYAUX_MAJOR, 2), 1, "/dev/ptmx") < 0)
4097                 panic("Couldn't register /dev/ptmx driver\n");
4098         device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 2), "ptmx");
4099 #endif
4100
4101 #ifdef CONFIG_VT
4102         cdev_init(&vc0_cdev, &console_fops);
4103         if (cdev_add(&vc0_cdev, MKDEV(TTY_MAJOR, 0), 1) ||
4104             register_chrdev_region(MKDEV(TTY_MAJOR, 0), 1, "/dev/vc/0") < 0)
4105                 panic("Couldn't register /dev/tty0 driver\n");
4106         device_create(tty_class, NULL, MKDEV(TTY_MAJOR, 0), "tty0");
4107
4108         vty_init();
4109 #endif
4110         return 0;
4111 }
4112 module_init(tty_init);