[S390] more workqueue fixes.
[linux-2.6] / drivers / char / tty_io.c
1 /*
2  *  linux/drivers/char/tty_io.c
3  *
4  *  Copyright (C) 1991, 1992  Linus Torvalds
5  */
6
7 /*
8  * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
9  * or rs-channels. It also implements echoing, cooked mode etc.
10  *
11  * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
12  *
13  * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
14  * tty_struct and tty_queue structures.  Previously there was an array
15  * of 256 tty_struct's which was statically allocated, and the
16  * tty_queue structures were allocated at boot time.  Both are now
17  * dynamically allocated only when the tty is open.
18  *
19  * Also restructured routines so that there is more of a separation
20  * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
21  * the low-level tty routines (serial.c, pty.c, console.c).  This
22  * makes for cleaner and more compact code.  -TYT, 9/17/92 
23  *
24  * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
25  * which can be dynamically activated and de-activated by the line
26  * discipline handling modules (like SLIP).
27  *
28  * NOTE: pay no attention to the line discipline code (yet); its
29  * interface is still subject to change in this version...
30  * -- TYT, 1/31/92
31  *
32  * Added functionality to the OPOST tty handling.  No delays, but all
33  * other bits should be there.
34  *      -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
35  *
36  * Rewrote canonical mode and added more termios flags.
37  *      -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
38  *
39  * Reorganized FASYNC support so mouse code can share it.
40  *      -- ctm@ardi.com, 9Sep95
41  *
42  * New TIOCLINUX variants added.
43  *      -- mj@k332.feld.cvut.cz, 19-Nov-95
44  * 
45  * Restrict vt switching via ioctl()
46  *      -- grif@cs.ucr.edu, 5-Dec-95
47  *
48  * Move console and virtual terminal code to more appropriate files,
49  * implement CONFIG_VT and generalize console device interface.
50  *      -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
51  *
52  * Rewrote init_dev and release_dev to eliminate races.
53  *      -- Bill Hawes <whawes@star.net>, June 97
54  *
55  * Added devfs support.
56  *      -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
57  *
58  * Added support for a Unix98-style ptmx device.
59  *      -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
60  *
61  * Reduced memory usage for older ARM systems
62  *      -- Russell King <rmk@arm.linux.org.uk>
63  *
64  * Move do_SAK() into process context.  Less stack use in devfs functions.
65  * alloc_tty_struct() always uses kmalloc() -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
66  */
67
68 #include <linux/types.h>
69 #include <linux/major.h>
70 #include <linux/errno.h>
71 #include <linux/signal.h>
72 #include <linux/fcntl.h>
73 #include <linux/sched.h>
74 #include <linux/interrupt.h>
75 #include <linux/tty.h>
76 #include <linux/tty_driver.h>
77 #include <linux/tty_flip.h>
78 #include <linux/devpts_fs.h>
79 #include <linux/file.h>
80 #include <linux/console.h>
81 #include <linux/timer.h>
82 #include <linux/ctype.h>
83 #include <linux/kd.h>
84 #include <linux/mm.h>
85 #include <linux/string.h>
86 #include <linux/slab.h>
87 #include <linux/poll.h>
88 #include <linux/proc_fs.h>
89 #include <linux/init.h>
90 #include <linux/module.h>
91 #include <linux/smp_lock.h>
92 #include <linux/device.h>
93 #include <linux/idr.h>
94 #include <linux/wait.h>
95 #include <linux/bitops.h>
96 #include <linux/delay.h>
97
98 #include <asm/uaccess.h>
99 #include <asm/system.h>
100
101 #include <linux/kbd_kern.h>
102 #include <linux/vt_kern.h>
103 #include <linux/selection.h>
104
105 #include <linux/kmod.h>
106
107 #undef TTY_DEBUG_HANGUP
108
109 #define TTY_PARANOIA_CHECK 1
110 #define CHECK_TTY_COUNT 1
111
112 struct termios tty_std_termios = {      /* for the benefit of tty drivers  */
113         .c_iflag = ICRNL | IXON,
114         .c_oflag = OPOST | ONLCR,
115         .c_cflag = B38400 | CS8 | CREAD | HUPCL,
116         .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
117                    ECHOCTL | ECHOKE | IEXTEN,
118         .c_cc = INIT_C_CC
119 };
120
121 EXPORT_SYMBOL(tty_std_termios);
122
123 /* This list gets poked at by procfs and various bits of boot up code. This
124    could do with some rationalisation such as pulling the tty proc function
125    into this file */
126    
127 LIST_HEAD(tty_drivers);                 /* linked list of tty drivers */
128
129 /* Semaphore to protect creating and releasing a tty. This is shared with
130    vt.c for deeply disgusting hack reasons */
131 DEFINE_MUTEX(tty_mutex);
132 EXPORT_SYMBOL(tty_mutex);
133
134 #ifdef CONFIG_UNIX98_PTYS
135 extern struct tty_driver *ptm_driver;   /* Unix98 pty masters; for /dev/ptmx */
136 extern int pty_limit;           /* Config limit on Unix98 ptys */
137 static DEFINE_IDR(allocated_ptys);
138 static DECLARE_MUTEX(allocated_ptys_lock);
139 static int ptmx_open(struct inode *, struct file *);
140 #endif
141
142 extern void disable_early_printk(void);
143
144 static void initialize_tty_struct(struct tty_struct *tty);
145
146 static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
147 static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
148 ssize_t redirected_tty_write(struct file *, const char __user *, size_t, loff_t *);
149 static unsigned int tty_poll(struct file *, poll_table *);
150 static int tty_open(struct inode *, struct file *);
151 static int tty_release(struct inode *, struct file *);
152 int tty_ioctl(struct inode * inode, struct file * file,
153               unsigned int cmd, unsigned long arg);
154 static int tty_fasync(int fd, struct file * filp, int on);
155 static void release_mem(struct tty_struct *tty, int idx);
156
157 /**
158  *      alloc_tty_struct        -       allocate a tty object
159  *
160  *      Return a new empty tty structure. The data fields have not
161  *      been initialized in any way but has been zeroed
162  *
163  *      Locking: none
164  */
165
166 static struct tty_struct *alloc_tty_struct(void)
167 {
168         return kzalloc(sizeof(struct tty_struct), GFP_KERNEL);
169 }
170
171 static void tty_buffer_free_all(struct tty_struct *);
172
173 /**
174  *      free_tty_struct         -       free a disused tty
175  *      @tty: tty struct to free
176  *
177  *      Free the write buffers, tty queue and tty memory itself.
178  *
179  *      Locking: none. Must be called after tty is definitely unused
180  */
181
182 static inline void free_tty_struct(struct tty_struct *tty)
183 {
184         kfree(tty->write_buf);
185         tty_buffer_free_all(tty);
186         kfree(tty);
187 }
188
189 #define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
190
191 /**
192  *      tty_name        -       return tty naming
193  *      @tty: tty structure
194  *      @buf: buffer for output
195  *
196  *      Convert a tty structure into a name. The name reflects the kernel
197  *      naming policy and if udev is in use may not reflect user space
198  *
199  *      Locking: none
200  */
201
202 char *tty_name(struct tty_struct *tty, char *buf)
203 {
204         if (!tty) /* Hmm.  NULL pointer.  That's fun. */
205                 strcpy(buf, "NULL tty");
206         else
207                 strcpy(buf, tty->name);
208         return buf;
209 }
210
211 EXPORT_SYMBOL(tty_name);
212
213 int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
214                               const char *routine)
215 {
216 #ifdef TTY_PARANOIA_CHECK
217         if (!tty) {
218                 printk(KERN_WARNING
219                         "null TTY for (%d:%d) in %s\n",
220                         imajor(inode), iminor(inode), routine);
221                 return 1;
222         }
223         if (tty->magic != TTY_MAGIC) {
224                 printk(KERN_WARNING
225                         "bad magic number for tty struct (%d:%d) in %s\n",
226                         imajor(inode), iminor(inode), routine);
227                 return 1;
228         }
229 #endif
230         return 0;
231 }
232
233 static int check_tty_count(struct tty_struct *tty, const char *routine)
234 {
235 #ifdef CHECK_TTY_COUNT
236         struct list_head *p;
237         int count = 0;
238         
239         file_list_lock();
240         list_for_each(p, &tty->tty_files) {
241                 count++;
242         }
243         file_list_unlock();
244         if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
245             tty->driver->subtype == PTY_TYPE_SLAVE &&
246             tty->link && tty->link->count)
247                 count++;
248         if (tty->count != count) {
249                 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
250                                     "!= #fd's(%d) in %s\n",
251                        tty->name, tty->count, count, routine);
252                 return count;
253        }        
254 #endif
255         return 0;
256 }
257
258 /*
259  * Tty buffer allocation management
260  */
261
262
263 /**
264  *      tty_buffer_free_all             -       free buffers used by a tty
265  *      @tty: tty to free from
266  *
267  *      Remove all the buffers pending on a tty whether queued with data
268  *      or in the free ring. Must be called when the tty is no longer in use
269  *
270  *      Locking: none
271  */
272
273
274 /**
275  *      tty_buffer_free_all             -       free buffers used by a tty
276  *      @tty: tty to free from
277  *
278  *      Remove all the buffers pending on a tty whether queued with data
279  *      or in the free ring. Must be called when the tty is no longer in use
280  *
281  *      Locking: none
282  */
283
284 static void tty_buffer_free_all(struct tty_struct *tty)
285 {
286         struct tty_buffer *thead;
287         while((thead = tty->buf.head) != NULL) {
288                 tty->buf.head = thead->next;
289                 kfree(thead);
290         }
291         while((thead = tty->buf.free) != NULL) {
292                 tty->buf.free = thead->next;
293                 kfree(thead);
294         }
295         tty->buf.tail = NULL;
296         tty->buf.memory_used = 0;
297 }
298
299 /**
300  *      tty_buffer_init         -       prepare a tty buffer structure
301  *      @tty: tty to initialise
302  *
303  *      Set up the initial state of the buffer management for a tty device.
304  *      Must be called before the other tty buffer functions are used.
305  *
306  *      Locking: none
307  */
308
309 static void tty_buffer_init(struct tty_struct *tty)
310 {
311         spin_lock_init(&tty->buf.lock);
312         tty->buf.head = NULL;
313         tty->buf.tail = NULL;
314         tty->buf.free = NULL;
315         tty->buf.memory_used = 0;
316 }
317
318 /**
319  *      tty_buffer_alloc        -       allocate a tty buffer
320  *      @tty: tty device
321  *      @size: desired size (characters)
322  *
323  *      Allocate a new tty buffer to hold the desired number of characters.
324  *      Return NULL if out of memory or the allocation would exceed the
325  *      per device queue
326  *
327  *      Locking: Caller must hold tty->buf.lock
328  */
329
330 static struct tty_buffer *tty_buffer_alloc(struct tty_struct *tty, size_t size)
331 {
332         struct tty_buffer *p;
333
334         if (tty->buf.memory_used + size > 65536)
335                 return NULL;
336         p = kmalloc(sizeof(struct tty_buffer) + 2 * size, GFP_ATOMIC);
337         if(p == NULL)
338                 return NULL;
339         p->used = 0;
340         p->size = size;
341         p->next = NULL;
342         p->commit = 0;
343         p->read = 0;
344         p->char_buf_ptr = (char *)(p->data);
345         p->flag_buf_ptr = (unsigned char *)p->char_buf_ptr + size;
346         tty->buf.memory_used += size;
347         return p;
348 }
349
350 /**
351  *      tty_buffer_free         -       free a tty buffer
352  *      @tty: tty owning the buffer
353  *      @b: the buffer to free
354  *
355  *      Free a tty buffer, or add it to the free list according to our
356  *      internal strategy
357  *
358  *      Locking: Caller must hold tty->buf.lock
359  */
360
361 static void tty_buffer_free(struct tty_struct *tty, struct tty_buffer *b)
362 {
363         /* Dumb strategy for now - should keep some stats */
364         tty->buf.memory_used -= b->size;
365         WARN_ON(tty->buf.memory_used < 0);
366
367         if(b->size >= 512)
368                 kfree(b);
369         else {
370                 b->next = tty->buf.free;
371                 tty->buf.free = b;
372         }
373 }
374
375 /**
376  *      tty_buffer_find         -       find a free tty buffer
377  *      @tty: tty owning the buffer
378  *      @size: characters wanted
379  *
380  *      Locate an existing suitable tty buffer or if we are lacking one then
381  *      allocate a new one. We round our buffers off in 256 character chunks
382  *      to get better allocation behaviour.
383  *
384  *      Locking: Caller must hold tty->buf.lock
385  */
386
387 static struct tty_buffer *tty_buffer_find(struct tty_struct *tty, size_t size)
388 {
389         struct tty_buffer **tbh = &tty->buf.free;
390         while((*tbh) != NULL) {
391                 struct tty_buffer *t = *tbh;
392                 if(t->size >= size) {
393                         *tbh = t->next;
394                         t->next = NULL;
395                         t->used = 0;
396                         t->commit = 0;
397                         t->read = 0;
398                         tty->buf.memory_used += t->size;
399                         return t;
400                 }
401                 tbh = &((*tbh)->next);
402         }
403         /* Round the buffer size out */
404         size = (size + 0xFF) & ~ 0xFF;
405         return tty_buffer_alloc(tty, size);
406         /* Should possibly check if this fails for the largest buffer we
407            have queued and recycle that ? */
408 }
409
410 /**
411  *      tty_buffer_request_room         -       grow tty buffer if needed
412  *      @tty: tty structure
413  *      @size: size desired
414  *
415  *      Make at least size bytes of linear space available for the tty
416  *      buffer. If we fail return the size we managed to find.
417  *
418  *      Locking: Takes tty->buf.lock
419  */
420 int tty_buffer_request_room(struct tty_struct *tty, size_t size)
421 {
422         struct tty_buffer *b, *n;
423         int left;
424         unsigned long flags;
425
426         spin_lock_irqsave(&tty->buf.lock, flags);
427
428         /* OPTIMISATION: We could keep a per tty "zero" sized buffer to
429            remove this conditional if its worth it. This would be invisible
430            to the callers */
431         if ((b = tty->buf.tail) != NULL)
432                 left = b->size - b->used;
433         else
434                 left = 0;
435
436         if (left < size) {
437                 /* This is the slow path - looking for new buffers to use */
438                 if ((n = tty_buffer_find(tty, size)) != NULL) {
439                         if (b != NULL) {
440                                 b->next = n;
441                                 b->commit = b->used;
442                         } else
443                                 tty->buf.head = n;
444                         tty->buf.tail = n;
445                 } else
446                         size = left;
447         }
448
449         spin_unlock_irqrestore(&tty->buf.lock, flags);
450         return size;
451 }
452 EXPORT_SYMBOL_GPL(tty_buffer_request_room);
453
454 /**
455  *      tty_insert_flip_string  -       Add characters to the tty buffer
456  *      @tty: tty structure
457  *      @chars: characters
458  *      @size: size
459  *
460  *      Queue a series of bytes to the tty buffering. All the characters
461  *      passed are marked as without error. Returns the number added.
462  *
463  *      Locking: Called functions may take tty->buf.lock
464  */
465
466 int tty_insert_flip_string(struct tty_struct *tty, const unsigned char *chars,
467                                 size_t size)
468 {
469         int copied = 0;
470         do {
471                 int space = tty_buffer_request_room(tty, size - copied);
472                 struct tty_buffer *tb = tty->buf.tail;
473                 /* If there is no space then tb may be NULL */
474                 if(unlikely(space == 0))
475                         break;
476                 memcpy(tb->char_buf_ptr + tb->used, chars, space);
477                 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
478                 tb->used += space;
479                 copied += space;
480                 chars += space;
481                 /* There is a small chance that we need to split the data over
482                    several buffers. If this is the case we must loop */
483         } while (unlikely(size > copied));
484         return copied;
485 }
486 EXPORT_SYMBOL(tty_insert_flip_string);
487
488 /**
489  *      tty_insert_flip_string_flags    -       Add characters to the tty buffer
490  *      @tty: tty structure
491  *      @chars: characters
492  *      @flags: flag bytes
493  *      @size: size
494  *
495  *      Queue a series of bytes to the tty buffering. For each character
496  *      the flags array indicates the status of the character. Returns the
497  *      number added.
498  *
499  *      Locking: Called functions may take tty->buf.lock
500  */
501
502 int tty_insert_flip_string_flags(struct tty_struct *tty,
503                 const unsigned char *chars, const char *flags, size_t size)
504 {
505         int copied = 0;
506         do {
507                 int space = tty_buffer_request_room(tty, size - copied);
508                 struct tty_buffer *tb = tty->buf.tail;
509                 /* If there is no space then tb may be NULL */
510                 if(unlikely(space == 0))
511                         break;
512                 memcpy(tb->char_buf_ptr + tb->used, chars, space);
513                 memcpy(tb->flag_buf_ptr + tb->used, flags, space);
514                 tb->used += space;
515                 copied += space;
516                 chars += space;
517                 flags += space;
518                 /* There is a small chance that we need to split the data over
519                    several buffers. If this is the case we must loop */
520         } while (unlikely(size > copied));
521         return copied;
522 }
523 EXPORT_SYMBOL(tty_insert_flip_string_flags);
524
525 /**
526  *      tty_schedule_flip       -       push characters to ldisc
527  *      @tty: tty to push from
528  *
529  *      Takes any pending buffers and transfers their ownership to the
530  *      ldisc side of the queue. It then schedules those characters for
531  *      processing by the line discipline.
532  *
533  *      Locking: Takes tty->buf.lock
534  */
535
536 void tty_schedule_flip(struct tty_struct *tty)
537 {
538         unsigned long flags;
539         spin_lock_irqsave(&tty->buf.lock, flags);
540         if (tty->buf.tail != NULL)
541                 tty->buf.tail->commit = tty->buf.tail->used;
542         spin_unlock_irqrestore(&tty->buf.lock, flags);
543         schedule_delayed_work(&tty->buf.work, 1);
544 }
545 EXPORT_SYMBOL(tty_schedule_flip);
546
547 /**
548  *      tty_prepare_flip_string         -       make room for characters
549  *      @tty: tty
550  *      @chars: return pointer for character write area
551  *      @size: desired size
552  *
553  *      Prepare a block of space in the buffer for data. Returns the length
554  *      available and buffer pointer to the space which is now allocated and
555  *      accounted for as ready for normal characters. This is used for drivers
556  *      that need their own block copy routines into the buffer. There is no
557  *      guarantee the buffer is a DMA target!
558  *
559  *      Locking: May call functions taking tty->buf.lock
560  */
561
562 int tty_prepare_flip_string(struct tty_struct *tty, unsigned char **chars, size_t size)
563 {
564         int space = tty_buffer_request_room(tty, size);
565         if (likely(space)) {
566                 struct tty_buffer *tb = tty->buf.tail;
567                 *chars = tb->char_buf_ptr + tb->used;
568                 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
569                 tb->used += space;
570         }
571         return space;
572 }
573
574 EXPORT_SYMBOL_GPL(tty_prepare_flip_string);
575
576 /**
577  *      tty_prepare_flip_string_flags   -       make room for characters
578  *      @tty: tty
579  *      @chars: return pointer for character write area
580  *      @flags: return pointer for status flag write area
581  *      @size: desired size
582  *
583  *      Prepare a block of space in the buffer for data. Returns the length
584  *      available and buffer pointer to the space which is now allocated and
585  *      accounted for as ready for characters. This is used for drivers
586  *      that need their own block copy routines into the buffer. There is no
587  *      guarantee the buffer is a DMA target!
588  *
589  *      Locking: May call functions taking tty->buf.lock
590  */
591
592 int tty_prepare_flip_string_flags(struct tty_struct *tty, unsigned char **chars, char **flags, size_t size)
593 {
594         int space = tty_buffer_request_room(tty, size);
595         if (likely(space)) {
596                 struct tty_buffer *tb = tty->buf.tail;
597                 *chars = tb->char_buf_ptr + tb->used;
598                 *flags = tb->flag_buf_ptr + tb->used;
599                 tb->used += space;
600         }
601         return space;
602 }
603
604 EXPORT_SYMBOL_GPL(tty_prepare_flip_string_flags);
605
606
607
608 /**
609  *      tty_set_termios_ldisc           -       set ldisc field
610  *      @tty: tty structure
611  *      @num: line discipline number
612  *
613  *      This is probably overkill for real world processors but
614  *      they are not on hot paths so a little discipline won't do 
615  *      any harm.
616  *
617  *      Locking: takes termios_sem
618  */
619  
620 static void tty_set_termios_ldisc(struct tty_struct *tty, int num)
621 {
622         mutex_lock(&tty->termios_mutex);
623         tty->termios->c_line = num;
624         mutex_unlock(&tty->termios_mutex);
625 }
626
627 /*
628  *      This guards the refcounted line discipline lists. The lock
629  *      must be taken with irqs off because there are hangup path
630  *      callers who will do ldisc lookups and cannot sleep.
631  */
632  
633 static DEFINE_SPINLOCK(tty_ldisc_lock);
634 static DECLARE_WAIT_QUEUE_HEAD(tty_ldisc_wait);
635 static struct tty_ldisc tty_ldiscs[NR_LDISCS];  /* line disc dispatch table */
636
637 /**
638  *      tty_register_ldisc      -       install a line discipline
639  *      @disc: ldisc number
640  *      @new_ldisc: pointer to the ldisc object
641  *
642  *      Installs a new line discipline into the kernel. The discipline
643  *      is set up as unreferenced and then made available to the kernel
644  *      from this point onwards.
645  *
646  *      Locking:
647  *              takes tty_ldisc_lock to guard against ldisc races
648  */
649
650 int tty_register_ldisc(int disc, struct tty_ldisc *new_ldisc)
651 {
652         unsigned long flags;
653         int ret = 0;
654         
655         if (disc < N_TTY || disc >= NR_LDISCS)
656                 return -EINVAL;
657         
658         spin_lock_irqsave(&tty_ldisc_lock, flags);
659         tty_ldiscs[disc] = *new_ldisc;
660         tty_ldiscs[disc].num = disc;
661         tty_ldiscs[disc].flags |= LDISC_FLAG_DEFINED;
662         tty_ldiscs[disc].refcount = 0;
663         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
664         
665         return ret;
666 }
667 EXPORT_SYMBOL(tty_register_ldisc);
668
669 /**
670  *      tty_unregister_ldisc    -       unload a line discipline
671  *      @disc: ldisc number
672  *      @new_ldisc: pointer to the ldisc object
673  *
674  *      Remove a line discipline from the kernel providing it is not
675  *      currently in use.
676  *
677  *      Locking:
678  *              takes tty_ldisc_lock to guard against ldisc races
679  */
680
681 int tty_unregister_ldisc(int disc)
682 {
683         unsigned long flags;
684         int ret = 0;
685
686         if (disc < N_TTY || disc >= NR_LDISCS)
687                 return -EINVAL;
688
689         spin_lock_irqsave(&tty_ldisc_lock, flags);
690         if (tty_ldiscs[disc].refcount)
691                 ret = -EBUSY;
692         else
693                 tty_ldiscs[disc].flags &= ~LDISC_FLAG_DEFINED;
694         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
695
696         return ret;
697 }
698 EXPORT_SYMBOL(tty_unregister_ldisc);
699
700 /**
701  *      tty_ldisc_get           -       take a reference to an ldisc
702  *      @disc: ldisc number
703  *
704  *      Takes a reference to a line discipline. Deals with refcounts and
705  *      module locking counts. Returns NULL if the discipline is not available.
706  *      Returns a pointer to the discipline and bumps the ref count if it is
707  *      available
708  *
709  *      Locking:
710  *              takes tty_ldisc_lock to guard against ldisc races
711  */
712
713 struct tty_ldisc *tty_ldisc_get(int disc)
714 {
715         unsigned long flags;
716         struct tty_ldisc *ld;
717
718         if (disc < N_TTY || disc >= NR_LDISCS)
719                 return NULL;
720         
721         spin_lock_irqsave(&tty_ldisc_lock, flags);
722
723         ld = &tty_ldiscs[disc];
724         /* Check the entry is defined */
725         if(ld->flags & LDISC_FLAG_DEFINED)
726         {
727                 /* If the module is being unloaded we can't use it */
728                 if (!try_module_get(ld->owner))
729                         ld = NULL;
730                 else /* lock it */
731                         ld->refcount++;
732         }
733         else
734                 ld = NULL;
735         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
736         return ld;
737 }
738
739 EXPORT_SYMBOL_GPL(tty_ldisc_get);
740
741 /**
742  *      tty_ldisc_put           -       drop ldisc reference
743  *      @disc: ldisc number
744  *
745  *      Drop a reference to a line discipline. Manage refcounts and
746  *      module usage counts
747  *
748  *      Locking:
749  *              takes tty_ldisc_lock to guard against ldisc races
750  */
751
752 void tty_ldisc_put(int disc)
753 {
754         struct tty_ldisc *ld;
755         unsigned long flags;
756         
757         BUG_ON(disc < N_TTY || disc >= NR_LDISCS);
758                 
759         spin_lock_irqsave(&tty_ldisc_lock, flags);
760         ld = &tty_ldiscs[disc];
761         BUG_ON(ld->refcount == 0);
762         ld->refcount--;
763         module_put(ld->owner);
764         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
765 }
766         
767 EXPORT_SYMBOL_GPL(tty_ldisc_put);
768
769 /**
770  *      tty_ldisc_assign        -       set ldisc on a tty
771  *      @tty: tty to assign
772  *      @ld: line discipline
773  *
774  *      Install an instance of a line discipline into a tty structure. The
775  *      ldisc must have a reference count above zero to ensure it remains/
776  *      The tty instance refcount starts at zero.
777  *
778  *      Locking:
779  *              Caller must hold references
780  */
781
782 static void tty_ldisc_assign(struct tty_struct *tty, struct tty_ldisc *ld)
783 {
784         tty->ldisc = *ld;
785         tty->ldisc.refcount = 0;
786 }
787
788 /**
789  *      tty_ldisc_try           -       internal helper
790  *      @tty: the tty
791  *
792  *      Make a single attempt to grab and bump the refcount on
793  *      the tty ldisc. Return 0 on failure or 1 on success. This is
794  *      used to implement both the waiting and non waiting versions
795  *      of tty_ldisc_ref
796  *
797  *      Locking: takes tty_ldisc_lock
798  */
799
800 static int tty_ldisc_try(struct tty_struct *tty)
801 {
802         unsigned long flags;
803         struct tty_ldisc *ld;
804         int ret = 0;
805         
806         spin_lock_irqsave(&tty_ldisc_lock, flags);
807         ld = &tty->ldisc;
808         if(test_bit(TTY_LDISC, &tty->flags))
809         {
810                 ld->refcount++;
811                 ret = 1;
812         }
813         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
814         return ret;
815 }
816
817 /**
818  *      tty_ldisc_ref_wait      -       wait for the tty ldisc
819  *      @tty: tty device
820  *
821  *      Dereference the line discipline for the terminal and take a 
822  *      reference to it. If the line discipline is in flux then 
823  *      wait patiently until it changes.
824  *
825  *      Note: Must not be called from an IRQ/timer context. The caller
826  *      must also be careful not to hold other locks that will deadlock
827  *      against a discipline change, such as an existing ldisc reference
828  *      (which we check for)
829  *
830  *      Locking: call functions take tty_ldisc_lock
831  */
832  
833 struct tty_ldisc *tty_ldisc_ref_wait(struct tty_struct *tty)
834 {
835         /* wait_event is a macro */
836         wait_event(tty_ldisc_wait, tty_ldisc_try(tty));
837         if(tty->ldisc.refcount == 0)
838                 printk(KERN_ERR "tty_ldisc_ref_wait\n");
839         return &tty->ldisc;
840 }
841
842 EXPORT_SYMBOL_GPL(tty_ldisc_ref_wait);
843
844 /**
845  *      tty_ldisc_ref           -       get the tty ldisc
846  *      @tty: tty device
847  *
848  *      Dereference the line discipline for the terminal and take a 
849  *      reference to it. If the line discipline is in flux then 
850  *      return NULL. Can be called from IRQ and timer functions.
851  *
852  *      Locking: called functions take tty_ldisc_lock
853  */
854  
855 struct tty_ldisc *tty_ldisc_ref(struct tty_struct *tty)
856 {
857         if(tty_ldisc_try(tty))
858                 return &tty->ldisc;
859         return NULL;
860 }
861
862 EXPORT_SYMBOL_GPL(tty_ldisc_ref);
863
864 /**
865  *      tty_ldisc_deref         -       free a tty ldisc reference
866  *      @ld: reference to free up
867  *
868  *      Undoes the effect of tty_ldisc_ref or tty_ldisc_ref_wait. May
869  *      be called in IRQ context.
870  *
871  *      Locking: takes tty_ldisc_lock
872  */
873  
874 void tty_ldisc_deref(struct tty_ldisc *ld)
875 {
876         unsigned long flags;
877
878         BUG_ON(ld == NULL);
879                 
880         spin_lock_irqsave(&tty_ldisc_lock, flags);
881         if(ld->refcount == 0)
882                 printk(KERN_ERR "tty_ldisc_deref: no references.\n");
883         else
884                 ld->refcount--;
885         if(ld->refcount == 0)
886                 wake_up(&tty_ldisc_wait);
887         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
888 }
889
890 EXPORT_SYMBOL_GPL(tty_ldisc_deref);
891
892 /**
893  *      tty_ldisc_enable        -       allow ldisc use
894  *      @tty: terminal to activate ldisc on
895  *
896  *      Set the TTY_LDISC flag when the line discipline can be called
897  *      again. Do neccessary wakeups for existing sleepers.
898  *
899  *      Note: nobody should set this bit except via this function. Clearing
900  *      directly is allowed.
901  */
902
903 static void tty_ldisc_enable(struct tty_struct *tty)
904 {
905         set_bit(TTY_LDISC, &tty->flags);
906         wake_up(&tty_ldisc_wait);
907 }
908         
909 /**
910  *      tty_set_ldisc           -       set line discipline
911  *      @tty: the terminal to set
912  *      @ldisc: the line discipline
913  *
914  *      Set the discipline of a tty line. Must be called from a process
915  *      context.
916  *
917  *      Locking: takes tty_ldisc_lock.
918  *              called functions take termios_sem
919  */
920  
921 static int tty_set_ldisc(struct tty_struct *tty, int ldisc)
922 {
923         int retval = 0;
924         struct tty_ldisc o_ldisc;
925         char buf[64];
926         int work;
927         unsigned long flags;
928         struct tty_ldisc *ld;
929         struct tty_struct *o_tty;
930
931         if ((ldisc < N_TTY) || (ldisc >= NR_LDISCS))
932                 return -EINVAL;
933
934 restart:
935
936         ld = tty_ldisc_get(ldisc);
937         /* Eduardo Blanco <ejbs@cs.cs.com.uy> */
938         /* Cyrus Durgin <cider@speakeasy.org> */
939         if (ld == NULL) {
940                 request_module("tty-ldisc-%d", ldisc);
941                 ld = tty_ldisc_get(ldisc);
942         }
943         if (ld == NULL)
944                 return -EINVAL;
945
946         /*
947          *      No more input please, we are switching. The new ldisc
948          *      will update this value in the ldisc open function
949          */
950
951         tty->receive_room = 0;
952
953         /*
954          *      Problem: What do we do if this blocks ?
955          */
956
957         tty_wait_until_sent(tty, 0);
958
959         if (tty->ldisc.num == ldisc) {
960                 tty_ldisc_put(ldisc);
961                 return 0;
962         }
963
964         o_ldisc = tty->ldisc;
965         o_tty = tty->link;
966
967         /*
968          *      Make sure we don't change while someone holds a
969          *      reference to the line discipline. The TTY_LDISC bit
970          *      prevents anyone taking a reference once it is clear.
971          *      We need the lock to avoid racing reference takers.
972          */
973
974         spin_lock_irqsave(&tty_ldisc_lock, flags);
975         if (tty->ldisc.refcount || (o_tty && o_tty->ldisc.refcount)) {
976                 if(tty->ldisc.refcount) {
977                         /* Free the new ldisc we grabbed. Must drop the lock
978                            first. */
979                         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
980                         tty_ldisc_put(ldisc);
981                         /*
982                          * There are several reasons we may be busy, including
983                          * random momentary I/O traffic. We must therefore
984                          * retry. We could distinguish between blocking ops
985                          * and retries if we made tty_ldisc_wait() smarter. That
986                          * is up for discussion.
987                          */
988                         if (wait_event_interruptible(tty_ldisc_wait, tty->ldisc.refcount == 0) < 0)
989                                 return -ERESTARTSYS;
990                         goto restart;
991                 }
992                 if(o_tty && o_tty->ldisc.refcount) {
993                         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
994                         tty_ldisc_put(ldisc);
995                         if (wait_event_interruptible(tty_ldisc_wait, o_tty->ldisc.refcount == 0) < 0)
996                                 return -ERESTARTSYS;
997                         goto restart;
998                 }
999         }
1000
1001         /* if the TTY_LDISC bit is set, then we are racing against another ldisc change */
1002
1003         if (!test_bit(TTY_LDISC, &tty->flags)) {
1004                 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1005                 tty_ldisc_put(ldisc);
1006                 ld = tty_ldisc_ref_wait(tty);
1007                 tty_ldisc_deref(ld);
1008                 goto restart;
1009         }
1010
1011         clear_bit(TTY_LDISC, &tty->flags);
1012         if (o_tty)
1013                 clear_bit(TTY_LDISC, &o_tty->flags);
1014         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1015
1016         /*
1017          *      From this point on we know nobody has an ldisc
1018          *      usage reference, nor can they obtain one until
1019          *      we say so later on.
1020          */
1021
1022         work = cancel_delayed_work(&tty->buf.work);
1023         /*
1024          * Wait for ->hangup_work and ->buf.work handlers to terminate
1025          */
1026          
1027         flush_scheduled_work();
1028         /* Shutdown the current discipline. */
1029         if (tty->ldisc.close)
1030                 (tty->ldisc.close)(tty);
1031
1032         /* Now set up the new line discipline. */
1033         tty_ldisc_assign(tty, ld);
1034         tty_set_termios_ldisc(tty, ldisc);
1035         if (tty->ldisc.open)
1036                 retval = (tty->ldisc.open)(tty);
1037         if (retval < 0) {
1038                 tty_ldisc_put(ldisc);
1039                 /* There is an outstanding reference here so this is safe */
1040                 tty_ldisc_assign(tty, tty_ldisc_get(o_ldisc.num));
1041                 tty_set_termios_ldisc(tty, tty->ldisc.num);
1042                 if (tty->ldisc.open && (tty->ldisc.open(tty) < 0)) {
1043                         tty_ldisc_put(o_ldisc.num);
1044                         /* This driver is always present */
1045                         tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
1046                         tty_set_termios_ldisc(tty, N_TTY);
1047                         if (tty->ldisc.open) {
1048                                 int r = tty->ldisc.open(tty);
1049
1050                                 if (r < 0)
1051                                         panic("Couldn't open N_TTY ldisc for "
1052                                               "%s --- error %d.",
1053                                               tty_name(tty, buf), r);
1054                         }
1055                 }
1056         }
1057         /* At this point we hold a reference to the new ldisc and a
1058            a reference to the old ldisc. If we ended up flipping back
1059            to the existing ldisc we have two references to it */
1060         
1061         if (tty->ldisc.num != o_ldisc.num && tty->driver->set_ldisc)
1062                 tty->driver->set_ldisc(tty);
1063                 
1064         tty_ldisc_put(o_ldisc.num);
1065         
1066         /*
1067          *      Allow ldisc referencing to occur as soon as the driver
1068          *      ldisc callback completes.
1069          */
1070          
1071         tty_ldisc_enable(tty);
1072         if (o_tty)
1073                 tty_ldisc_enable(o_tty);
1074         
1075         /* Restart it in case no characters kick it off. Safe if
1076            already running */
1077         if (work)
1078                 schedule_delayed_work(&tty->buf.work, 1);
1079         return retval;
1080 }
1081
1082 /**
1083  *      get_tty_driver          -       find device of a tty
1084  *      @dev_t: device identifier
1085  *      @index: returns the index of the tty
1086  *
1087  *      This routine returns a tty driver structure, given a device number
1088  *      and also passes back the index number.
1089  *
1090  *      Locking: caller must hold tty_mutex
1091  */
1092
1093 static struct tty_driver *get_tty_driver(dev_t device, int *index)
1094 {
1095         struct tty_driver *p;
1096
1097         list_for_each_entry(p, &tty_drivers, tty_drivers) {
1098                 dev_t base = MKDEV(p->major, p->minor_start);
1099                 if (device < base || device >= base + p->num)
1100                         continue;
1101                 *index = device - base;
1102                 return p;
1103         }
1104         return NULL;
1105 }
1106
1107 /**
1108  *      tty_check_change        -       check for POSIX terminal changes
1109  *      @tty: tty to check
1110  *
1111  *      If we try to write to, or set the state of, a terminal and we're
1112  *      not in the foreground, send a SIGTTOU.  If the signal is blocked or
1113  *      ignored, go ahead and perform the operation.  (POSIX 7.2)
1114  *
1115  *      Locking: none
1116  */
1117
1118 int tty_check_change(struct tty_struct * tty)
1119 {
1120         if (current->signal->tty != tty)
1121                 return 0;
1122         if (tty->pgrp <= 0) {
1123                 printk(KERN_WARNING "tty_check_change: tty->pgrp <= 0!\n");
1124                 return 0;
1125         }
1126         if (process_group(current) == tty->pgrp)
1127                 return 0;
1128         if (is_ignored(SIGTTOU))
1129                 return 0;
1130         if (is_orphaned_pgrp(process_group(current)))
1131                 return -EIO;
1132         (void) kill_pg(process_group(current), SIGTTOU, 1);
1133         return -ERESTARTSYS;
1134 }
1135
1136 EXPORT_SYMBOL(tty_check_change);
1137
1138 static ssize_t hung_up_tty_read(struct file * file, char __user * buf,
1139                                 size_t count, loff_t *ppos)
1140 {
1141         return 0;
1142 }
1143
1144 static ssize_t hung_up_tty_write(struct file * file, const char __user * buf,
1145                                  size_t count, loff_t *ppos)
1146 {
1147         return -EIO;
1148 }
1149
1150 /* No kernel lock held - none needed ;) */
1151 static unsigned int hung_up_tty_poll(struct file * filp, poll_table * wait)
1152 {
1153         return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
1154 }
1155
1156 static int hung_up_tty_ioctl(struct inode * inode, struct file * file,
1157                              unsigned int cmd, unsigned long arg)
1158 {
1159         return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
1160 }
1161
1162 static const struct file_operations tty_fops = {
1163         .llseek         = no_llseek,
1164         .read           = tty_read,
1165         .write          = tty_write,
1166         .poll           = tty_poll,
1167         .ioctl          = tty_ioctl,
1168         .open           = tty_open,
1169         .release        = tty_release,
1170         .fasync         = tty_fasync,
1171 };
1172
1173 #ifdef CONFIG_UNIX98_PTYS
1174 static const struct file_operations ptmx_fops = {
1175         .llseek         = no_llseek,
1176         .read           = tty_read,
1177         .write          = tty_write,
1178         .poll           = tty_poll,
1179         .ioctl          = tty_ioctl,
1180         .open           = ptmx_open,
1181         .release        = tty_release,
1182         .fasync         = tty_fasync,
1183 };
1184 #endif
1185
1186 static const struct file_operations console_fops = {
1187         .llseek         = no_llseek,
1188         .read           = tty_read,
1189         .write          = redirected_tty_write,
1190         .poll           = tty_poll,
1191         .ioctl          = tty_ioctl,
1192         .open           = tty_open,
1193         .release        = tty_release,
1194         .fasync         = tty_fasync,
1195 };
1196
1197 static const struct file_operations hung_up_tty_fops = {
1198         .llseek         = no_llseek,
1199         .read           = hung_up_tty_read,
1200         .write          = hung_up_tty_write,
1201         .poll           = hung_up_tty_poll,
1202         .ioctl          = hung_up_tty_ioctl,
1203         .release        = tty_release,
1204 };
1205
1206 static DEFINE_SPINLOCK(redirect_lock);
1207 static struct file *redirect;
1208
1209 /**
1210  *      tty_wakeup      -       request more data
1211  *      @tty: terminal
1212  *
1213  *      Internal and external helper for wakeups of tty. This function
1214  *      informs the line discipline if present that the driver is ready
1215  *      to receive more output data.
1216  */
1217  
1218 void tty_wakeup(struct tty_struct *tty)
1219 {
1220         struct tty_ldisc *ld;
1221         
1222         if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
1223                 ld = tty_ldisc_ref(tty);
1224                 if(ld) {
1225                         if(ld->write_wakeup)
1226                                 ld->write_wakeup(tty);
1227                         tty_ldisc_deref(ld);
1228                 }
1229         }
1230         wake_up_interruptible(&tty->write_wait);
1231 }
1232
1233 EXPORT_SYMBOL_GPL(tty_wakeup);
1234
1235 /**
1236  *      tty_ldisc_flush -       flush line discipline queue
1237  *      @tty: tty
1238  *
1239  *      Flush the line discipline queue (if any) for this tty. If there
1240  *      is no line discipline active this is a no-op.
1241  */
1242  
1243 void tty_ldisc_flush(struct tty_struct *tty)
1244 {
1245         struct tty_ldisc *ld = tty_ldisc_ref(tty);
1246         if(ld) {
1247                 if(ld->flush_buffer)
1248                         ld->flush_buffer(tty);
1249                 tty_ldisc_deref(ld);
1250         }
1251 }
1252
1253 EXPORT_SYMBOL_GPL(tty_ldisc_flush);
1254         
1255 /**
1256  *      do_tty_hangup           -       actual handler for hangup events
1257  *      @work: tty device
1258  *
1259  *      This can be called by the "eventd" kernel thread.  That is process
1260  *      synchronous but doesn't hold any locks, so we need to make sure we
1261  *      have the appropriate locks for what we're doing.
1262  *
1263  *      The hangup event clears any pending redirections onto the hung up
1264  *      device. It ensures future writes will error and it does the needed
1265  *      line discipline hangup and signal delivery. The tty object itself
1266  *      remains intact.
1267  *
1268  *      Locking:
1269  *              BKL
1270  *              redirect lock for undoing redirection
1271  *              file list lock for manipulating list of ttys
1272  *              tty_ldisc_lock from called functions
1273  *              termios_sem resetting termios data
1274  *              tasklist_lock to walk task list for hangup event
1275  *
1276  */
1277 static void do_tty_hangup(struct work_struct *work)
1278 {
1279         struct tty_struct *tty =
1280                 container_of(work, struct tty_struct, hangup_work);
1281         struct file * cons_filp = NULL;
1282         struct file *filp, *f = NULL;
1283         struct task_struct *p;
1284         struct tty_ldisc *ld;
1285         int    closecount = 0, n;
1286
1287         if (!tty)
1288                 return;
1289
1290         /* inuse_filps is protected by the single kernel lock */
1291         lock_kernel();
1292
1293         spin_lock(&redirect_lock);
1294         if (redirect && redirect->private_data == tty) {
1295                 f = redirect;
1296                 redirect = NULL;
1297         }
1298         spin_unlock(&redirect_lock);
1299         
1300         check_tty_count(tty, "do_tty_hangup");
1301         file_list_lock();
1302         /* This breaks for file handles being sent over AF_UNIX sockets ? */
1303         list_for_each_entry(filp, &tty->tty_files, f_u.fu_list) {
1304                 if (filp->f_op->write == redirected_tty_write)
1305                         cons_filp = filp;
1306                 if (filp->f_op->write != tty_write)
1307                         continue;
1308                 closecount++;
1309                 tty_fasync(-1, filp, 0);        /* can't block */
1310                 filp->f_op = &hung_up_tty_fops;
1311         }
1312         file_list_unlock();
1313         
1314         /* FIXME! What are the locking issues here? This may me overdoing things..
1315          * this question is especially important now that we've removed the irqlock. */
1316
1317         ld = tty_ldisc_ref(tty);
1318         if(ld != NULL)  /* We may have no line discipline at this point */
1319         {
1320                 if (ld->flush_buffer)
1321                         ld->flush_buffer(tty);
1322                 if (tty->driver->flush_buffer)
1323                         tty->driver->flush_buffer(tty);
1324                 if ((test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) &&
1325                     ld->write_wakeup)
1326                         ld->write_wakeup(tty);
1327                 if (ld->hangup)
1328                         ld->hangup(tty);
1329         }
1330
1331         /* FIXME: Once we trust the LDISC code better we can wait here for
1332            ldisc completion and fix the driver call race */
1333            
1334         wake_up_interruptible(&tty->write_wait);
1335         wake_up_interruptible(&tty->read_wait);
1336
1337         /*
1338          * Shutdown the current line discipline, and reset it to
1339          * N_TTY.
1340          */
1341         if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1342         {
1343                 mutex_lock(&tty->termios_mutex);
1344                 *tty->termios = tty->driver->init_termios;
1345                 mutex_unlock(&tty->termios_mutex);
1346         }
1347         
1348         /* Defer ldisc switch */
1349         /* tty_deferred_ldisc_switch(N_TTY);
1350         
1351           This should get done automatically when the port closes and
1352           tty_release is called */
1353         
1354         read_lock(&tasklist_lock);
1355         if (tty->session > 0) {
1356                 do_each_task_pid(tty->session, PIDTYPE_SID, p) {
1357                         if (p->signal->tty == tty)
1358                                 p->signal->tty = NULL;
1359                         if (!p->signal->leader)
1360                                 continue;
1361                         group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
1362                         group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
1363                         if (tty->pgrp > 0)
1364                                 p->signal->tty_old_pgrp = tty->pgrp;
1365                 } while_each_task_pid(tty->session, PIDTYPE_SID, p);
1366         }
1367         read_unlock(&tasklist_lock);
1368
1369         tty->flags = 0;
1370         tty->session = 0;
1371         tty->pgrp = -1;
1372         tty->ctrl_status = 0;
1373         /*
1374          *      If one of the devices matches a console pointer, we
1375          *      cannot just call hangup() because that will cause
1376          *      tty->count and state->count to go out of sync.
1377          *      So we just call close() the right number of times.
1378          */
1379         if (cons_filp) {
1380                 if (tty->driver->close)
1381                         for (n = 0; n < closecount; n++)
1382                                 tty->driver->close(tty, cons_filp);
1383         } else if (tty->driver->hangup)
1384                 (tty->driver->hangup)(tty);
1385                 
1386         /* We don't want to have driver/ldisc interactions beyond
1387            the ones we did here. The driver layer expects no
1388            calls after ->hangup() from the ldisc side. However we
1389            can't yet guarantee all that */
1390
1391         set_bit(TTY_HUPPED, &tty->flags);
1392         if (ld) {
1393                 tty_ldisc_enable(tty);
1394                 tty_ldisc_deref(ld);
1395         }
1396         unlock_kernel();
1397         if (f)
1398                 fput(f);
1399 }
1400
1401 /**
1402  *      tty_hangup              -       trigger a hangup event
1403  *      @tty: tty to hangup
1404  *
1405  *      A carrier loss (virtual or otherwise) has occurred on this like
1406  *      schedule a hangup sequence to run after this event.
1407  */
1408
1409 void tty_hangup(struct tty_struct * tty)
1410 {
1411 #ifdef TTY_DEBUG_HANGUP
1412         char    buf[64];
1413         
1414         printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
1415 #endif
1416         schedule_work(&tty->hangup_work);
1417 }
1418
1419 EXPORT_SYMBOL(tty_hangup);
1420
1421 /**
1422  *      tty_vhangup             -       process vhangup
1423  *      @tty: tty to hangup
1424  *
1425  *      The user has asked via system call for the terminal to be hung up.
1426  *      We do this synchronously so that when the syscall returns the process
1427  *      is complete. That guarantee is neccessary for security reasons.
1428  */
1429
1430 void tty_vhangup(struct tty_struct * tty)
1431 {
1432 #ifdef TTY_DEBUG_HANGUP
1433         char    buf[64];
1434
1435         printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
1436 #endif
1437         do_tty_hangup(&tty->hangup_work);
1438 }
1439 EXPORT_SYMBOL(tty_vhangup);
1440
1441 /**
1442  *      tty_hung_up_p           -       was tty hung up
1443  *      @filp: file pointer of tty
1444  *
1445  *      Return true if the tty has been subject to a vhangup or a carrier
1446  *      loss
1447  */
1448
1449 int tty_hung_up_p(struct file * filp)
1450 {
1451         return (filp->f_op == &hung_up_tty_fops);
1452 }
1453
1454 EXPORT_SYMBOL(tty_hung_up_p);
1455
1456 /**
1457  *      disassociate_ctty       -       disconnect controlling tty
1458  *      @on_exit: true if exiting so need to "hang up" the session
1459  *
1460  *      This function is typically called only by the session leader, when
1461  *      it wants to disassociate itself from its controlling tty.
1462  *
1463  *      It performs the following functions:
1464  *      (1)  Sends a SIGHUP and SIGCONT to the foreground process group
1465  *      (2)  Clears the tty from being controlling the session
1466  *      (3)  Clears the controlling tty for all processes in the
1467  *              session group.
1468  *
1469  *      The argument on_exit is set to 1 if called when a process is
1470  *      exiting; it is 0 if called by the ioctl TIOCNOTTY.
1471  *
1472  *      Locking: tty_mutex is taken to protect current->signal->tty
1473  *              BKL is taken for hysterical raisins
1474  *              Tasklist lock is taken (under tty_mutex) to walk process
1475  *              lists for the session.
1476  */
1477
1478 void disassociate_ctty(int on_exit)
1479 {
1480         struct tty_struct *tty;
1481         struct task_struct *p;
1482         int tty_pgrp = -1;
1483
1484         lock_kernel();
1485
1486         mutex_lock(&tty_mutex);
1487         tty = current->signal->tty;
1488         if (tty) {
1489                 tty_pgrp = tty->pgrp;
1490                 mutex_unlock(&tty_mutex);
1491                 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY)
1492                         tty_vhangup(tty);
1493         } else {
1494                 if (current->signal->tty_old_pgrp) {
1495                         kill_pg(current->signal->tty_old_pgrp, SIGHUP, on_exit);
1496                         kill_pg(current->signal->tty_old_pgrp, SIGCONT, on_exit);
1497                 }
1498                 mutex_unlock(&tty_mutex);
1499                 unlock_kernel();        
1500                 return;
1501         }
1502         if (tty_pgrp > 0) {
1503                 kill_pg(tty_pgrp, SIGHUP, on_exit);
1504                 if (!on_exit)
1505                         kill_pg(tty_pgrp, SIGCONT, on_exit);
1506         }
1507
1508         /* Must lock changes to tty_old_pgrp */
1509         mutex_lock(&tty_mutex);
1510         current->signal->tty_old_pgrp = 0;
1511         tty->session = 0;
1512         tty->pgrp = -1;
1513
1514         /* Now clear signal->tty under the lock */
1515         read_lock(&tasklist_lock);
1516         do_each_task_pid(current->signal->session, PIDTYPE_SID, p) {
1517                 p->signal->tty = NULL;
1518         } while_each_task_pid(current->signal->session, PIDTYPE_SID, p);
1519         read_unlock(&tasklist_lock);
1520         mutex_unlock(&tty_mutex);
1521         unlock_kernel();
1522 }
1523
1524
1525 /**
1526  *      stop_tty        -       propogate flow control
1527  *      @tty: tty to stop
1528  *
1529  *      Perform flow control to the driver. For PTY/TTY pairs we
1530  *      must also propogate the TIOCKPKT status. May be called
1531  *      on an already stopped device and will not re-call the driver
1532  *      method.
1533  *
1534  *      This functionality is used by both the line disciplines for
1535  *      halting incoming flow and by the driver. It may therefore be
1536  *      called from any context, may be under the tty atomic_write_lock
1537  *      but not always.
1538  *
1539  *      Locking:
1540  *              Broken. Relies on BKL which is unsafe here.
1541  */
1542
1543 void stop_tty(struct tty_struct *tty)
1544 {
1545         if (tty->stopped)
1546                 return;
1547         tty->stopped = 1;
1548         if (tty->link && tty->link->packet) {
1549                 tty->ctrl_status &= ~TIOCPKT_START;
1550                 tty->ctrl_status |= TIOCPKT_STOP;
1551                 wake_up_interruptible(&tty->link->read_wait);
1552         }
1553         if (tty->driver->stop)
1554                 (tty->driver->stop)(tty);
1555 }
1556
1557 EXPORT_SYMBOL(stop_tty);
1558
1559 /**
1560  *      start_tty       -       propogate flow control
1561  *      @tty: tty to start
1562  *
1563  *      Start a tty that has been stopped if at all possible. Perform
1564  *      any neccessary wakeups and propogate the TIOCPKT status. If this
1565  *      is the tty was previous stopped and is being started then the
1566  *      driver start method is invoked and the line discipline woken.
1567  *
1568  *      Locking:
1569  *              Broken. Relies on BKL which is unsafe here.
1570  */
1571
1572 void start_tty(struct tty_struct *tty)
1573 {
1574         if (!tty->stopped || tty->flow_stopped)
1575                 return;
1576         tty->stopped = 0;
1577         if (tty->link && tty->link->packet) {
1578                 tty->ctrl_status &= ~TIOCPKT_STOP;
1579                 tty->ctrl_status |= TIOCPKT_START;
1580                 wake_up_interruptible(&tty->link->read_wait);
1581         }
1582         if (tty->driver->start)
1583                 (tty->driver->start)(tty);
1584
1585         /* If we have a running line discipline it may need kicking */
1586         tty_wakeup(tty);
1587         wake_up_interruptible(&tty->write_wait);
1588 }
1589
1590 EXPORT_SYMBOL(start_tty);
1591
1592 /**
1593  *      tty_read        -       read method for tty device files
1594  *      @file: pointer to tty file
1595  *      @buf: user buffer
1596  *      @count: size of user buffer
1597  *      @ppos: unused
1598  *
1599  *      Perform the read system call function on this terminal device. Checks
1600  *      for hung up devices before calling the line discipline method.
1601  *
1602  *      Locking:
1603  *              Locks the line discipline internally while needed
1604  *              For historical reasons the line discipline read method is
1605  *      invoked under the BKL. This will go away in time so do not rely on it
1606  *      in new code. Multiple read calls may be outstanding in parallel.
1607  */
1608
1609 static ssize_t tty_read(struct file * file, char __user * buf, size_t count, 
1610                         loff_t *ppos)
1611 {
1612         int i;
1613         struct tty_struct * tty;
1614         struct inode *inode;
1615         struct tty_ldisc *ld;
1616
1617         tty = (struct tty_struct *)file->private_data;
1618         inode = file->f_dentry->d_inode;
1619         if (tty_paranoia_check(tty, inode, "tty_read"))
1620                 return -EIO;
1621         if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
1622                 return -EIO;
1623
1624         /* We want to wait for the line discipline to sort out in this
1625            situation */
1626         ld = tty_ldisc_ref_wait(tty);
1627         lock_kernel();
1628         if (ld->read)
1629                 i = (ld->read)(tty,file,buf,count);
1630         else
1631                 i = -EIO;
1632         tty_ldisc_deref(ld);
1633         unlock_kernel();
1634         if (i > 0)
1635                 inode->i_atime = current_fs_time(inode->i_sb);
1636         return i;
1637 }
1638
1639 /*
1640  * Split writes up in sane blocksizes to avoid
1641  * denial-of-service type attacks
1642  */
1643 static inline ssize_t do_tty_write(
1644         ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1645         struct tty_struct *tty,
1646         struct file *file,
1647         const char __user *buf,
1648         size_t count)
1649 {
1650         ssize_t ret = 0, written = 0;
1651         unsigned int chunk;
1652         
1653         /* FIXME: O_NDELAY ... */
1654         if (mutex_lock_interruptible(&tty->atomic_write_lock)) {
1655                 return -ERESTARTSYS;
1656         }
1657
1658         /*
1659          * We chunk up writes into a temporary buffer. This
1660          * simplifies low-level drivers immensely, since they
1661          * don't have locking issues and user mode accesses.
1662          *
1663          * But if TTY_NO_WRITE_SPLIT is set, we should use a
1664          * big chunk-size..
1665          *
1666          * The default chunk-size is 2kB, because the NTTY
1667          * layer has problems with bigger chunks. It will
1668          * claim to be able to handle more characters than
1669          * it actually does.
1670          *
1671          * FIXME: This can probably go away now except that 64K chunks
1672          * are too likely to fail unless switched to vmalloc...
1673          */
1674         chunk = 2048;
1675         if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1676                 chunk = 65536;
1677         if (count < chunk)
1678                 chunk = count;
1679
1680         /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1681         if (tty->write_cnt < chunk) {
1682                 unsigned char *buf;
1683
1684                 if (chunk < 1024)
1685                         chunk = 1024;
1686
1687                 buf = kmalloc(chunk, GFP_KERNEL);
1688                 if (!buf) {
1689                         mutex_unlock(&tty->atomic_write_lock);
1690                         return -ENOMEM;
1691                 }
1692                 kfree(tty->write_buf);
1693                 tty->write_cnt = chunk;
1694                 tty->write_buf = buf;
1695         }
1696
1697         /* Do the write .. */
1698         for (;;) {
1699                 size_t size = count;
1700                 if (size > chunk)
1701                         size = chunk;
1702                 ret = -EFAULT;
1703                 if (copy_from_user(tty->write_buf, buf, size))
1704                         break;
1705                 lock_kernel();
1706                 ret = write(tty, file, tty->write_buf, size);
1707                 unlock_kernel();
1708                 if (ret <= 0)
1709                         break;
1710                 written += ret;
1711                 buf += ret;
1712                 count -= ret;
1713                 if (!count)
1714                         break;
1715                 ret = -ERESTARTSYS;
1716                 if (signal_pending(current))
1717                         break;
1718                 cond_resched();
1719         }
1720         if (written) {
1721                 struct inode *inode = file->f_dentry->d_inode;
1722                 inode->i_mtime = current_fs_time(inode->i_sb);
1723                 ret = written;
1724         }
1725         mutex_unlock(&tty->atomic_write_lock);
1726         return ret;
1727 }
1728
1729
1730 /**
1731  *      tty_write               -       write method for tty device file
1732  *      @file: tty file pointer
1733  *      @buf: user data to write
1734  *      @count: bytes to write
1735  *      @ppos: unused
1736  *
1737  *      Write data to a tty device via the line discipline.
1738  *
1739  *      Locking:
1740  *              Locks the line discipline as required
1741  *              Writes to the tty driver are serialized by the atomic_write_lock
1742  *      and are then processed in chunks to the device. The line discipline
1743  *      write method will not be involked in parallel for each device
1744  *              The line discipline write method is called under the big
1745  *      kernel lock for historical reasons. New code should not rely on this.
1746  */
1747
1748 static ssize_t tty_write(struct file * file, const char __user * buf, size_t count,
1749                          loff_t *ppos)
1750 {
1751         struct tty_struct * tty;
1752         struct inode *inode = file->f_dentry->d_inode;
1753         ssize_t ret;
1754         struct tty_ldisc *ld;
1755         
1756         tty = (struct tty_struct *)file->private_data;
1757         if (tty_paranoia_check(tty, inode, "tty_write"))
1758                 return -EIO;
1759         if (!tty || !tty->driver->write || (test_bit(TTY_IO_ERROR, &tty->flags)))
1760                 return -EIO;
1761
1762         ld = tty_ldisc_ref_wait(tty);           
1763         if (!ld->write)
1764                 ret = -EIO;
1765         else
1766                 ret = do_tty_write(ld->write, tty, file, buf, count);
1767         tty_ldisc_deref(ld);
1768         return ret;
1769 }
1770
1771 ssize_t redirected_tty_write(struct file * file, const char __user * buf, size_t count,
1772                          loff_t *ppos)
1773 {
1774         struct file *p = NULL;
1775
1776         spin_lock(&redirect_lock);
1777         if (redirect) {
1778                 get_file(redirect);
1779                 p = redirect;
1780         }
1781         spin_unlock(&redirect_lock);
1782
1783         if (p) {
1784                 ssize_t res;
1785                 res = vfs_write(p, buf, count, &p->f_pos);
1786                 fput(p);
1787                 return res;
1788         }
1789
1790         return tty_write(file, buf, count, ppos);
1791 }
1792
1793 static char ptychar[] = "pqrstuvwxyzabcde";
1794
1795 /**
1796  *      pty_line_name   -       generate name for a pty
1797  *      @driver: the tty driver in use
1798  *      @index: the minor number
1799  *      @p: output buffer of at least 6 bytes
1800  *
1801  *      Generate a name from a driver reference and write it to the output
1802  *      buffer.
1803  *
1804  *      Locking: None
1805  */
1806 static void pty_line_name(struct tty_driver *driver, int index, char *p)
1807 {
1808         int i = index + driver->name_base;
1809         /* ->name is initialized to "ttyp", but "tty" is expected */
1810         sprintf(p, "%s%c%x",
1811                         driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1812                         ptychar[i >> 4 & 0xf], i & 0xf);
1813 }
1814
1815 /**
1816  *      pty_line_name   -       generate name for a tty
1817  *      @driver: the tty driver in use
1818  *      @index: the minor number
1819  *      @p: output buffer of at least 7 bytes
1820  *
1821  *      Generate a name from a driver reference and write it to the output
1822  *      buffer.
1823  *
1824  *      Locking: None
1825  */
1826 static void tty_line_name(struct tty_driver *driver, int index, char *p)
1827 {
1828         sprintf(p, "%s%d", driver->name, index + driver->name_base);
1829 }
1830
1831 /**
1832  *      init_dev                -       initialise a tty device
1833  *      @driver: tty driver we are opening a device on
1834  *      @idx: device index
1835  *      @tty: returned tty structure
1836  *
1837  *      Prepare a tty device. This may not be a "new" clean device but
1838  *      could also be an active device. The pty drivers require special
1839  *      handling because of this.
1840  *
1841  *      Locking:
1842  *              The function is called under the tty_mutex, which
1843  *      protects us from the tty struct or driver itself going away.
1844  *
1845  *      On exit the tty device has the line discipline attached and
1846  *      a reference count of 1. If a pair was created for pty/tty use
1847  *      and the other was a pty master then it too has a reference count of 1.
1848  *
1849  * WSH 06/09/97: Rewritten to remove races and properly clean up after a
1850  * failed open.  The new code protects the open with a mutex, so it's
1851  * really quite straightforward.  The mutex locking can probably be
1852  * relaxed for the (most common) case of reopening a tty.
1853  */
1854
1855 static int init_dev(struct tty_driver *driver, int idx,
1856         struct tty_struct **ret_tty)
1857 {
1858         struct tty_struct *tty, *o_tty;
1859         struct termios *tp, **tp_loc, *o_tp, **o_tp_loc;
1860         struct termios *ltp, **ltp_loc, *o_ltp, **o_ltp_loc;
1861         int retval = 0;
1862
1863         /* check whether we're reopening an existing tty */
1864         if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1865                 tty = devpts_get_tty(idx);
1866                 if (tty && driver->subtype == PTY_TYPE_MASTER)
1867                         tty = tty->link;
1868         } else {
1869                 tty = driver->ttys[idx];
1870         }
1871         if (tty) goto fast_track;
1872
1873         /*
1874          * First time open is complex, especially for PTY devices.
1875          * This code guarantees that either everything succeeds and the
1876          * TTY is ready for operation, or else the table slots are vacated
1877          * and the allocated memory released.  (Except that the termios 
1878          * and locked termios may be retained.)
1879          */
1880
1881         if (!try_module_get(driver->owner)) {
1882                 retval = -ENODEV;
1883                 goto end_init;
1884         }
1885
1886         o_tty = NULL;
1887         tp = o_tp = NULL;
1888         ltp = o_ltp = NULL;
1889
1890         tty = alloc_tty_struct();
1891         if(!tty)
1892                 goto fail_no_mem;
1893         initialize_tty_struct(tty);
1894         tty->driver = driver;
1895         tty->index = idx;
1896         tty_line_name(driver, idx, tty->name);
1897
1898         if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1899                 tp_loc = &tty->termios;
1900                 ltp_loc = &tty->termios_locked;
1901         } else {
1902                 tp_loc = &driver->termios[idx];
1903                 ltp_loc = &driver->termios_locked[idx];
1904         }
1905
1906         if (!*tp_loc) {
1907                 tp = (struct termios *) kmalloc(sizeof(struct termios),
1908                                                 GFP_KERNEL);
1909                 if (!tp)
1910                         goto free_mem_out;
1911                 *tp = driver->init_termios;
1912         }
1913
1914         if (!*ltp_loc) {
1915                 ltp = (struct termios *) kmalloc(sizeof(struct termios),
1916                                                  GFP_KERNEL);
1917                 if (!ltp)
1918                         goto free_mem_out;
1919                 memset(ltp, 0, sizeof(struct termios));
1920         }
1921
1922         if (driver->type == TTY_DRIVER_TYPE_PTY) {
1923                 o_tty = alloc_tty_struct();
1924                 if (!o_tty)
1925                         goto free_mem_out;
1926                 initialize_tty_struct(o_tty);
1927                 o_tty->driver = driver->other;
1928                 o_tty->index = idx;
1929                 tty_line_name(driver->other, idx, o_tty->name);
1930
1931                 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1932                         o_tp_loc = &o_tty->termios;
1933                         o_ltp_loc = &o_tty->termios_locked;
1934                 } else {
1935                         o_tp_loc = &driver->other->termios[idx];
1936                         o_ltp_loc = &driver->other->termios_locked[idx];
1937                 }
1938
1939                 if (!*o_tp_loc) {
1940                         o_tp = (struct termios *)
1941                                 kmalloc(sizeof(struct termios), GFP_KERNEL);
1942                         if (!o_tp)
1943                                 goto free_mem_out;
1944                         *o_tp = driver->other->init_termios;
1945                 }
1946
1947                 if (!*o_ltp_loc) {
1948                         o_ltp = (struct termios *)
1949                                 kmalloc(sizeof(struct termios), GFP_KERNEL);
1950                         if (!o_ltp)
1951                                 goto free_mem_out;
1952                         memset(o_ltp, 0, sizeof(struct termios));
1953                 }
1954
1955                 /*
1956                  * Everything allocated ... set up the o_tty structure.
1957                  */
1958                 if (!(driver->other->flags & TTY_DRIVER_DEVPTS_MEM)) {
1959                         driver->other->ttys[idx] = o_tty;
1960                 }
1961                 if (!*o_tp_loc)
1962                         *o_tp_loc = o_tp;
1963                 if (!*o_ltp_loc)
1964                         *o_ltp_loc = o_ltp;
1965                 o_tty->termios = *o_tp_loc;
1966                 o_tty->termios_locked = *o_ltp_loc;
1967                 driver->other->refcount++;
1968                 if (driver->subtype == PTY_TYPE_MASTER)
1969                         o_tty->count++;
1970
1971                 /* Establish the links in both directions */
1972                 tty->link   = o_tty;
1973                 o_tty->link = tty;
1974         }
1975
1976         /* 
1977          * All structures have been allocated, so now we install them.
1978          * Failures after this point use release_mem to clean up, so 
1979          * there's no need to null out the local pointers.
1980          */
1981         if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
1982                 driver->ttys[idx] = tty;
1983         }
1984         
1985         if (!*tp_loc)
1986                 *tp_loc = tp;
1987         if (!*ltp_loc)
1988                 *ltp_loc = ltp;
1989         tty->termios = *tp_loc;
1990         tty->termios_locked = *ltp_loc;
1991         driver->refcount++;
1992         tty->count++;
1993
1994         /* 
1995          * Structures all installed ... call the ldisc open routines.
1996          * If we fail here just call release_mem to clean up.  No need
1997          * to decrement the use counts, as release_mem doesn't care.
1998          */
1999
2000         if (tty->ldisc.open) {
2001                 retval = (tty->ldisc.open)(tty);
2002                 if (retval)
2003                         goto release_mem_out;
2004         }
2005         if (o_tty && o_tty->ldisc.open) {
2006                 retval = (o_tty->ldisc.open)(o_tty);
2007                 if (retval) {
2008                         if (tty->ldisc.close)
2009                                 (tty->ldisc.close)(tty);
2010                         goto release_mem_out;
2011                 }
2012                 tty_ldisc_enable(o_tty);
2013         }
2014         tty_ldisc_enable(tty);
2015         goto success;
2016
2017         /*
2018          * This fast open can be used if the tty is already open.
2019          * No memory is allocated, and the only failures are from
2020          * attempting to open a closing tty or attempting multiple
2021          * opens on a pty master.
2022          */
2023 fast_track:
2024         if (test_bit(TTY_CLOSING, &tty->flags)) {
2025                 retval = -EIO;
2026                 goto end_init;
2027         }
2028         if (driver->type == TTY_DRIVER_TYPE_PTY &&
2029             driver->subtype == PTY_TYPE_MASTER) {
2030                 /*
2031                  * special case for PTY masters: only one open permitted, 
2032                  * and the slave side open count is incremented as well.
2033                  */
2034                 if (tty->count) {
2035                         retval = -EIO;
2036                         goto end_init;
2037                 }
2038                 tty->link->count++;
2039         }
2040         tty->count++;
2041         tty->driver = driver; /* N.B. why do this every time?? */
2042
2043         /* FIXME */
2044         if(!test_bit(TTY_LDISC, &tty->flags))
2045                 printk(KERN_ERR "init_dev but no ldisc\n");
2046 success:
2047         *ret_tty = tty;
2048         
2049         /* All paths come through here to release the mutex */
2050 end_init:
2051         return retval;
2052
2053         /* Release locally allocated memory ... nothing placed in slots */
2054 free_mem_out:
2055         kfree(o_tp);
2056         if (o_tty)
2057                 free_tty_struct(o_tty);
2058         kfree(ltp);
2059         kfree(tp);
2060         free_tty_struct(tty);
2061
2062 fail_no_mem:
2063         module_put(driver->owner);
2064         retval = -ENOMEM;
2065         goto end_init;
2066
2067         /* call the tty release_mem routine to clean out this slot */
2068 release_mem_out:
2069         if (printk_ratelimit())
2070                 printk(KERN_INFO "init_dev: ldisc open failed, "
2071                                  "clearing slot %d\n", idx);
2072         release_mem(tty, idx);
2073         goto end_init;
2074 }
2075
2076 /**
2077  *      release_mem             -       release tty structure memory
2078  *
2079  *      Releases memory associated with a tty structure, and clears out the
2080  *      driver table slots. This function is called when a device is no longer
2081  *      in use. It also gets called when setup of a device fails.
2082  *
2083  *      Locking:
2084  *              tty_mutex - sometimes only
2085  *              takes the file list lock internally when working on the list
2086  *      of ttys that the driver keeps.
2087  *              FIXME: should we require tty_mutex is held here ??
2088  */
2089
2090 static void release_mem(struct tty_struct *tty, int idx)
2091 {
2092         struct tty_struct *o_tty;
2093         struct termios *tp;
2094         int devpts = tty->driver->flags & TTY_DRIVER_DEVPTS_MEM;
2095
2096         if ((o_tty = tty->link) != NULL) {
2097                 if (!devpts)
2098                         o_tty->driver->ttys[idx] = NULL;
2099                 if (o_tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
2100                         tp = o_tty->termios;
2101                         if (!devpts)
2102                                 o_tty->driver->termios[idx] = NULL;
2103                         kfree(tp);
2104
2105                         tp = o_tty->termios_locked;
2106                         if (!devpts)
2107                                 o_tty->driver->termios_locked[idx] = NULL;
2108                         kfree(tp);
2109                 }
2110                 o_tty->magic = 0;
2111                 o_tty->driver->refcount--;
2112                 file_list_lock();
2113                 list_del_init(&o_tty->tty_files);
2114                 file_list_unlock();
2115                 free_tty_struct(o_tty);
2116         }
2117
2118         if (!devpts)
2119                 tty->driver->ttys[idx] = NULL;
2120         if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
2121                 tp = tty->termios;
2122                 if (!devpts)
2123                         tty->driver->termios[idx] = NULL;
2124                 kfree(tp);
2125
2126                 tp = tty->termios_locked;
2127                 if (!devpts)
2128                         tty->driver->termios_locked[idx] = NULL;
2129                 kfree(tp);
2130         }
2131
2132         tty->magic = 0;
2133         tty->driver->refcount--;
2134         file_list_lock();
2135         list_del_init(&tty->tty_files);
2136         file_list_unlock();
2137         module_put(tty->driver->owner);
2138         free_tty_struct(tty);
2139 }
2140
2141 /*
2142  * Even releasing the tty structures is a tricky business.. We have
2143  * to be very careful that the structures are all released at the
2144  * same time, as interrupts might otherwise get the wrong pointers.
2145  *
2146  * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
2147  * lead to double frees or releasing memory still in use.
2148  */
2149 static void release_dev(struct file * filp)
2150 {
2151         struct tty_struct *tty, *o_tty;
2152         int     pty_master, tty_closing, o_tty_closing, do_sleep;
2153         int     devpts;
2154         int     idx;
2155         char    buf[64];
2156         unsigned long flags;
2157         
2158         tty = (struct tty_struct *)filp->private_data;
2159         if (tty_paranoia_check(tty, filp->f_dentry->d_inode, "release_dev"))
2160                 return;
2161
2162         check_tty_count(tty, "release_dev");
2163
2164         tty_fasync(-1, filp, 0);
2165
2166         idx = tty->index;
2167         pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2168                       tty->driver->subtype == PTY_TYPE_MASTER);
2169         devpts = (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) != 0;
2170         o_tty = tty->link;
2171
2172 #ifdef TTY_PARANOIA_CHECK
2173         if (idx < 0 || idx >= tty->driver->num) {
2174                 printk(KERN_DEBUG "release_dev: bad idx when trying to "
2175                                   "free (%s)\n", tty->name);
2176                 return;
2177         }
2178         if (!(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2179                 if (tty != tty->driver->ttys[idx]) {
2180                         printk(KERN_DEBUG "release_dev: driver.table[%d] not tty "
2181                                "for (%s)\n", idx, tty->name);
2182                         return;
2183                 }
2184                 if (tty->termios != tty->driver->termios[idx]) {
2185                         printk(KERN_DEBUG "release_dev: driver.termios[%d] not termios "
2186                                "for (%s)\n",
2187                                idx, tty->name);
2188                         return;
2189                 }
2190                 if (tty->termios_locked != tty->driver->termios_locked[idx]) {
2191                         printk(KERN_DEBUG "release_dev: driver.termios_locked[%d] not "
2192                                "termios_locked for (%s)\n",
2193                                idx, tty->name);
2194                         return;
2195                 }
2196         }
2197 #endif
2198
2199 #ifdef TTY_DEBUG_HANGUP
2200         printk(KERN_DEBUG "release_dev of %s (tty count=%d)...",
2201                tty_name(tty, buf), tty->count);
2202 #endif
2203
2204 #ifdef TTY_PARANOIA_CHECK
2205         if (tty->driver->other &&
2206              !(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2207                 if (o_tty != tty->driver->other->ttys[idx]) {
2208                         printk(KERN_DEBUG "release_dev: other->table[%d] "
2209                                           "not o_tty for (%s)\n",
2210                                idx, tty->name);
2211                         return;
2212                 }
2213                 if (o_tty->termios != tty->driver->other->termios[idx]) {
2214                         printk(KERN_DEBUG "release_dev: other->termios[%d] "
2215                                           "not o_termios for (%s)\n",
2216                                idx, tty->name);
2217                         return;
2218                 }
2219                 if (o_tty->termios_locked != 
2220                       tty->driver->other->termios_locked[idx]) {
2221                         printk(KERN_DEBUG "release_dev: other->termios_locked["
2222                                           "%d] not o_termios_locked for (%s)\n",
2223                                idx, tty->name);
2224                         return;
2225                 }
2226                 if (o_tty->link != tty) {
2227                         printk(KERN_DEBUG "release_dev: bad pty pointers\n");
2228                         return;
2229                 }
2230         }
2231 #endif
2232         if (tty->driver->close)
2233                 tty->driver->close(tty, filp);
2234
2235         /*
2236          * Sanity check: if tty->count is going to zero, there shouldn't be
2237          * any waiters on tty->read_wait or tty->write_wait.  We test the
2238          * wait queues and kick everyone out _before_ actually starting to
2239          * close.  This ensures that we won't block while releasing the tty
2240          * structure.
2241          *
2242          * The test for the o_tty closing is necessary, since the master and
2243          * slave sides may close in any order.  If the slave side closes out
2244          * first, its count will be one, since the master side holds an open.
2245          * Thus this test wouldn't be triggered at the time the slave closes,
2246          * so we do it now.
2247          *
2248          * Note that it's possible for the tty to be opened again while we're
2249          * flushing out waiters.  By recalculating the closing flags before
2250          * each iteration we avoid any problems.
2251          */
2252         while (1) {
2253                 /* Guard against races with tty->count changes elsewhere and
2254                    opens on /dev/tty */
2255                    
2256                 mutex_lock(&tty_mutex);
2257                 tty_closing = tty->count <= 1;
2258                 o_tty_closing = o_tty &&
2259                         (o_tty->count <= (pty_master ? 1 : 0));
2260                 do_sleep = 0;
2261
2262                 if (tty_closing) {
2263                         if (waitqueue_active(&tty->read_wait)) {
2264                                 wake_up(&tty->read_wait);
2265                                 do_sleep++;
2266                         }
2267                         if (waitqueue_active(&tty->write_wait)) {
2268                                 wake_up(&tty->write_wait);
2269                                 do_sleep++;
2270                         }
2271                 }
2272                 if (o_tty_closing) {
2273                         if (waitqueue_active(&o_tty->read_wait)) {
2274                                 wake_up(&o_tty->read_wait);
2275                                 do_sleep++;
2276                         }
2277                         if (waitqueue_active(&o_tty->write_wait)) {
2278                                 wake_up(&o_tty->write_wait);
2279                                 do_sleep++;
2280                         }
2281                 }
2282                 if (!do_sleep)
2283                         break;
2284
2285                 printk(KERN_WARNING "release_dev: %s: read/write wait queue "
2286                                     "active!\n", tty_name(tty, buf));
2287                 mutex_unlock(&tty_mutex);
2288                 schedule();
2289         }       
2290
2291         /*
2292          * The closing flags are now consistent with the open counts on 
2293          * both sides, and we've completed the last operation that could 
2294          * block, so it's safe to proceed with closing.
2295          */
2296         if (pty_master) {
2297                 if (--o_tty->count < 0) {
2298                         printk(KERN_WARNING "release_dev: bad pty slave count "
2299                                             "(%d) for %s\n",
2300                                o_tty->count, tty_name(o_tty, buf));
2301                         o_tty->count = 0;
2302                 }
2303         }
2304         if (--tty->count < 0) {
2305                 printk(KERN_WARNING "release_dev: bad tty->count (%d) for %s\n",
2306                        tty->count, tty_name(tty, buf));
2307                 tty->count = 0;
2308         }
2309         
2310         /*
2311          * We've decremented tty->count, so we need to remove this file
2312          * descriptor off the tty->tty_files list; this serves two
2313          * purposes:
2314          *  - check_tty_count sees the correct number of file descriptors
2315          *    associated with this tty.
2316          *  - do_tty_hangup no longer sees this file descriptor as
2317          *    something that needs to be handled for hangups.
2318          */
2319         file_kill(filp);
2320         filp->private_data = NULL;
2321
2322         /*
2323          * Perform some housekeeping before deciding whether to return.
2324          *
2325          * Set the TTY_CLOSING flag if this was the last open.  In the
2326          * case of a pty we may have to wait around for the other side
2327          * to close, and TTY_CLOSING makes sure we can't be reopened.
2328          */
2329         if(tty_closing)
2330                 set_bit(TTY_CLOSING, &tty->flags);
2331         if(o_tty_closing)
2332                 set_bit(TTY_CLOSING, &o_tty->flags);
2333
2334         /*
2335          * If _either_ side is closing, make sure there aren't any
2336          * processes that still think tty or o_tty is their controlling
2337          * tty.
2338          */
2339         if (tty_closing || o_tty_closing) {
2340                 struct task_struct *p;
2341
2342                 read_lock(&tasklist_lock);
2343                 do_each_task_pid(tty->session, PIDTYPE_SID, p) {
2344                         p->signal->tty = NULL;
2345                 } while_each_task_pid(tty->session, PIDTYPE_SID, p);
2346                 if (o_tty)
2347                         do_each_task_pid(o_tty->session, PIDTYPE_SID, p) {
2348                                 p->signal->tty = NULL;
2349                         } while_each_task_pid(o_tty->session, PIDTYPE_SID, p);
2350                 read_unlock(&tasklist_lock);
2351         }
2352
2353         mutex_unlock(&tty_mutex);
2354
2355         /* check whether both sides are closing ... */
2356         if (!tty_closing || (o_tty && !o_tty_closing))
2357                 return;
2358         
2359 #ifdef TTY_DEBUG_HANGUP
2360         printk(KERN_DEBUG "freeing tty structure...");
2361 #endif
2362         /*
2363          * Prevent flush_to_ldisc() from rescheduling the work for later.  Then
2364          * kill any delayed work. As this is the final close it does not
2365          * race with the set_ldisc code path.
2366          */
2367         clear_bit(TTY_LDISC, &tty->flags);
2368         cancel_delayed_work(&tty->buf.work);
2369
2370         /*
2371          * Wait for ->hangup_work and ->buf.work handlers to terminate
2372          */
2373          
2374         flush_scheduled_work();
2375         
2376         /*
2377          * Wait for any short term users (we know they are just driver
2378          * side waiters as the file is closing so user count on the file
2379          * side is zero.
2380          */
2381         spin_lock_irqsave(&tty_ldisc_lock, flags);
2382         while(tty->ldisc.refcount)
2383         {
2384                 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
2385                 wait_event(tty_ldisc_wait, tty->ldisc.refcount == 0);
2386                 spin_lock_irqsave(&tty_ldisc_lock, flags);
2387         }
2388         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
2389         /*
2390          * Shutdown the current line discipline, and reset it to N_TTY.
2391          * N.B. why reset ldisc when we're releasing the memory??
2392          *
2393          * FIXME: this MUST get fixed for the new reflocking
2394          */
2395         if (tty->ldisc.close)
2396                 (tty->ldisc.close)(tty);
2397         tty_ldisc_put(tty->ldisc.num);
2398         
2399         /*
2400          *      Switch the line discipline back
2401          */
2402         tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
2403         tty_set_termios_ldisc(tty,N_TTY); 
2404         if (o_tty) {
2405                 /* FIXME: could o_tty be in setldisc here ? */
2406                 clear_bit(TTY_LDISC, &o_tty->flags);
2407                 if (o_tty->ldisc.close)
2408                         (o_tty->ldisc.close)(o_tty);
2409                 tty_ldisc_put(o_tty->ldisc.num);
2410                 tty_ldisc_assign(o_tty, tty_ldisc_get(N_TTY));
2411                 tty_set_termios_ldisc(o_tty,N_TTY); 
2412         }
2413         /*
2414          * The release_mem function takes care of the details of clearing
2415          * the slots and preserving the termios structure.
2416          */
2417         release_mem(tty, idx);
2418
2419 #ifdef CONFIG_UNIX98_PTYS
2420         /* Make this pty number available for reallocation */
2421         if (devpts) {
2422                 down(&allocated_ptys_lock);
2423                 idr_remove(&allocated_ptys, idx);
2424                 up(&allocated_ptys_lock);
2425         }
2426 #endif
2427
2428 }
2429
2430 /**
2431  *      tty_open                -       open a tty device
2432  *      @inode: inode of device file
2433  *      @filp: file pointer to tty
2434  *
2435  *      tty_open and tty_release keep up the tty count that contains the
2436  *      number of opens done on a tty. We cannot use the inode-count, as
2437  *      different inodes might point to the same tty.
2438  *
2439  *      Open-counting is needed for pty masters, as well as for keeping
2440  *      track of serial lines: DTR is dropped when the last close happens.
2441  *      (This is not done solely through tty->count, now.  - Ted 1/27/92)
2442  *
2443  *      The termios state of a pty is reset on first open so that
2444  *      settings don't persist across reuse.
2445  *
2446  *      Locking: tty_mutex protects current->signal->tty, get_tty_driver and
2447  *              init_dev work. tty->count should protect the rest.
2448  *              task_lock is held to update task details for sessions
2449  */
2450
2451 static int tty_open(struct inode * inode, struct file * filp)
2452 {
2453         struct tty_struct *tty;
2454         int noctty, retval;
2455         struct tty_driver *driver;
2456         int index;
2457         dev_t device = inode->i_rdev;
2458         unsigned short saved_flags = filp->f_flags;
2459
2460         nonseekable_open(inode, filp);
2461         
2462 retry_open:
2463         noctty = filp->f_flags & O_NOCTTY;
2464         index  = -1;
2465         retval = 0;
2466         
2467         mutex_lock(&tty_mutex);
2468
2469         if (device == MKDEV(TTYAUX_MAJOR,0)) {
2470                 if (!current->signal->tty) {
2471                         mutex_unlock(&tty_mutex);
2472                         return -ENXIO;
2473                 }
2474                 driver = current->signal->tty->driver;
2475                 index = current->signal->tty->index;
2476                 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
2477                 /* noctty = 1; */
2478                 goto got_driver;
2479         }
2480 #ifdef CONFIG_VT
2481         if (device == MKDEV(TTY_MAJOR,0)) {
2482                 extern struct tty_driver *console_driver;
2483                 driver = console_driver;
2484                 index = fg_console;
2485                 noctty = 1;
2486                 goto got_driver;
2487         }
2488 #endif
2489         if (device == MKDEV(TTYAUX_MAJOR,1)) {
2490                 driver = console_device(&index);
2491                 if (driver) {
2492                         /* Don't let /dev/console block */
2493                         filp->f_flags |= O_NONBLOCK;
2494                         noctty = 1;
2495                         goto got_driver;
2496                 }
2497                 mutex_unlock(&tty_mutex);
2498                 return -ENODEV;
2499         }
2500
2501         driver = get_tty_driver(device, &index);
2502         if (!driver) {
2503                 mutex_unlock(&tty_mutex);
2504                 return -ENODEV;
2505         }
2506 got_driver:
2507         retval = init_dev(driver, index, &tty);
2508         mutex_unlock(&tty_mutex);
2509         if (retval)
2510                 return retval;
2511
2512         filp->private_data = tty;
2513         file_move(filp, &tty->tty_files);
2514         check_tty_count(tty, "tty_open");
2515         if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2516             tty->driver->subtype == PTY_TYPE_MASTER)
2517                 noctty = 1;
2518 #ifdef TTY_DEBUG_HANGUP
2519         printk(KERN_DEBUG "opening %s...", tty->name);
2520 #endif
2521         if (!retval) {
2522                 if (tty->driver->open)
2523                         retval = tty->driver->open(tty, filp);
2524                 else
2525                         retval = -ENODEV;
2526         }
2527         filp->f_flags = saved_flags;
2528
2529         if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN))
2530                 retval = -EBUSY;
2531
2532         if (retval) {
2533 #ifdef TTY_DEBUG_HANGUP
2534                 printk(KERN_DEBUG "error %d in opening %s...", retval,
2535                        tty->name);
2536 #endif
2537                 release_dev(filp);
2538                 if (retval != -ERESTARTSYS)
2539                         return retval;
2540                 if (signal_pending(current))
2541                         return retval;
2542                 schedule();
2543                 /*
2544                  * Need to reset f_op in case a hangup happened.
2545                  */
2546                 if (filp->f_op == &hung_up_tty_fops)
2547                         filp->f_op = &tty_fops;
2548                 goto retry_open;
2549         }
2550         if (!noctty &&
2551             current->signal->leader &&
2552             !current->signal->tty &&
2553             tty->session == 0) {
2554                 task_lock(current);
2555                 current->signal->tty = tty;
2556                 task_unlock(current);
2557                 current->signal->tty_old_pgrp = 0;
2558                 tty->session = current->signal->session;
2559                 tty->pgrp = process_group(current);
2560         }
2561         return 0;
2562 }
2563
2564 #ifdef CONFIG_UNIX98_PTYS
2565 /**
2566  *      ptmx_open               -       open a unix 98 pty master
2567  *      @inode: inode of device file
2568  *      @filp: file pointer to tty
2569  *
2570  *      Allocate a unix98 pty master device from the ptmx driver.
2571  *
2572  *      Locking: tty_mutex protects theinit_dev work. tty->count should
2573                 protect the rest.
2574  *              allocated_ptys_lock handles the list of free pty numbers
2575  */
2576
2577 static int ptmx_open(struct inode * inode, struct file * filp)
2578 {
2579         struct tty_struct *tty;
2580         int retval;
2581         int index;
2582         int idr_ret;
2583
2584         nonseekable_open(inode, filp);
2585
2586         /* find a device that is not in use. */
2587         down(&allocated_ptys_lock);
2588         if (!idr_pre_get(&allocated_ptys, GFP_KERNEL)) {
2589                 up(&allocated_ptys_lock);
2590                 return -ENOMEM;
2591         }
2592         idr_ret = idr_get_new(&allocated_ptys, NULL, &index);
2593         if (idr_ret < 0) {
2594                 up(&allocated_ptys_lock);
2595                 if (idr_ret == -EAGAIN)
2596                         return -ENOMEM;
2597                 return -EIO;
2598         }
2599         if (index >= pty_limit) {
2600                 idr_remove(&allocated_ptys, index);
2601                 up(&allocated_ptys_lock);
2602                 return -EIO;
2603         }
2604         up(&allocated_ptys_lock);
2605
2606         mutex_lock(&tty_mutex);
2607         retval = init_dev(ptm_driver, index, &tty);
2608         mutex_unlock(&tty_mutex);
2609         
2610         if (retval)
2611                 goto out;
2612
2613         set_bit(TTY_PTY_LOCK, &tty->flags); /* LOCK THE SLAVE */
2614         filp->private_data = tty;
2615         file_move(filp, &tty->tty_files);
2616
2617         retval = -ENOMEM;
2618         if (devpts_pty_new(tty->link))
2619                 goto out1;
2620
2621         check_tty_count(tty, "tty_open");
2622         retval = ptm_driver->open(tty, filp);
2623         if (!retval)
2624                 return 0;
2625 out1:
2626         release_dev(filp);
2627         return retval;
2628 out:
2629         down(&allocated_ptys_lock);
2630         idr_remove(&allocated_ptys, index);
2631         up(&allocated_ptys_lock);
2632         return retval;
2633 }
2634 #endif
2635
2636 /**
2637  *      tty_release             -       vfs callback for close
2638  *      @inode: inode of tty
2639  *      @filp: file pointer for handle to tty
2640  *
2641  *      Called the last time each file handle is closed that references
2642  *      this tty. There may however be several such references.
2643  *
2644  *      Locking:
2645  *              Takes bkl. See release_dev
2646  */
2647
2648 static int tty_release(struct inode * inode, struct file * filp)
2649 {
2650         lock_kernel();
2651         release_dev(filp);
2652         unlock_kernel();
2653         return 0;
2654 }
2655
2656 /**
2657  *      tty_poll        -       check tty status
2658  *      @filp: file being polled
2659  *      @wait: poll wait structures to update
2660  *
2661  *      Call the line discipline polling method to obtain the poll
2662  *      status of the device.
2663  *
2664  *      Locking: locks called line discipline but ldisc poll method
2665  *      may be re-entered freely by other callers.
2666  */
2667
2668 static unsigned int tty_poll(struct file * filp, poll_table * wait)
2669 {
2670         struct tty_struct * tty;
2671         struct tty_ldisc *ld;
2672         int ret = 0;
2673
2674         tty = (struct tty_struct *)filp->private_data;
2675         if (tty_paranoia_check(tty, filp->f_dentry->d_inode, "tty_poll"))
2676                 return 0;
2677                 
2678         ld = tty_ldisc_ref_wait(tty);
2679         if (ld->poll)
2680                 ret = (ld->poll)(tty, filp, wait);
2681         tty_ldisc_deref(ld);
2682         return ret;
2683 }
2684
2685 static int tty_fasync(int fd, struct file * filp, int on)
2686 {
2687         struct tty_struct * tty;
2688         int retval;
2689
2690         tty = (struct tty_struct *)filp->private_data;
2691         if (tty_paranoia_check(tty, filp->f_dentry->d_inode, "tty_fasync"))
2692                 return 0;
2693         
2694         retval = fasync_helper(fd, filp, on, &tty->fasync);
2695         if (retval <= 0)
2696                 return retval;
2697
2698         if (on) {
2699                 if (!waitqueue_active(&tty->read_wait))
2700                         tty->minimum_to_wake = 1;
2701                 retval = f_setown(filp, (-tty->pgrp) ? : current->pid, 0);
2702                 if (retval)
2703                         return retval;
2704         } else {
2705                 if (!tty->fasync && !waitqueue_active(&tty->read_wait))
2706                         tty->minimum_to_wake = N_TTY_BUF_SIZE;
2707         }
2708         return 0;
2709 }
2710
2711 /**
2712  *      tiocsti                 -       fake input character
2713  *      @tty: tty to fake input into
2714  *      @p: pointer to character
2715  *
2716  *      Fake input to a tty device. Does the neccessary locking and
2717  *      input management.
2718  *
2719  *      FIXME: does not honour flow control ??
2720  *
2721  *      Locking:
2722  *              Called functions take tty_ldisc_lock
2723  *              current->signal->tty check is safe without locks
2724  *
2725  *      FIXME: may race normal receive processing
2726  */
2727
2728 static int tiocsti(struct tty_struct *tty, char __user *p)
2729 {
2730         char ch, mbz = 0;
2731         struct tty_ldisc *ld;
2732         
2733         if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2734                 return -EPERM;
2735         if (get_user(ch, p))
2736                 return -EFAULT;
2737         ld = tty_ldisc_ref_wait(tty);
2738         ld->receive_buf(tty, &ch, &mbz, 1);
2739         tty_ldisc_deref(ld);
2740         return 0;
2741 }
2742
2743 /**
2744  *      tiocgwinsz              -       implement window query ioctl
2745  *      @tty; tty
2746  *      @arg: user buffer for result
2747  *
2748  *      Copies the kernel idea of the window size into the user buffer.
2749  *
2750  *      Locking: tty->termios_sem is taken to ensure the winsize data
2751  *              is consistent.
2752  */
2753
2754 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user * arg)
2755 {
2756         int err;
2757
2758         mutex_lock(&tty->termios_mutex);
2759         err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2760         mutex_unlock(&tty->termios_mutex);
2761
2762         return err ? -EFAULT: 0;
2763 }
2764
2765 /**
2766  *      tiocswinsz              -       implement window size set ioctl
2767  *      @tty; tty
2768  *      @arg: user buffer for result
2769  *
2770  *      Copies the user idea of the window size to the kernel. Traditionally
2771  *      this is just advisory information but for the Linux console it
2772  *      actually has driver level meaning and triggers a VC resize.
2773  *
2774  *      Locking:
2775  *              Called function use the console_sem is used to ensure we do
2776  *      not try and resize the console twice at once.
2777  *              The tty->termios_sem is used to ensure we don't double
2778  *      resize and get confused. Lock order - tty->termios.sem before
2779  *      console sem
2780  */
2781
2782 static int tiocswinsz(struct tty_struct *tty, struct tty_struct *real_tty,
2783         struct winsize __user * arg)
2784 {
2785         struct winsize tmp_ws;
2786
2787         if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2788                 return -EFAULT;
2789
2790         mutex_lock(&tty->termios_mutex);
2791         if (!memcmp(&tmp_ws, &tty->winsize, sizeof(*arg)))
2792                 goto done;
2793
2794 #ifdef CONFIG_VT
2795         if (tty->driver->type == TTY_DRIVER_TYPE_CONSOLE) {
2796                 if (vc_lock_resize(tty->driver_data, tmp_ws.ws_col,
2797                                         tmp_ws.ws_row)) {
2798                         mutex_unlock(&tty->termios_mutex);
2799                         return -ENXIO;
2800                 }
2801         }
2802 #endif
2803         if (tty->pgrp > 0)
2804                 kill_pg(tty->pgrp, SIGWINCH, 1);
2805         if ((real_tty->pgrp != tty->pgrp) && (real_tty->pgrp > 0))
2806                 kill_pg(real_tty->pgrp, SIGWINCH, 1);
2807         tty->winsize = tmp_ws;
2808         real_tty->winsize = tmp_ws;
2809 done:
2810         mutex_unlock(&tty->termios_mutex);
2811         return 0;
2812 }
2813
2814 /**
2815  *      tioccons        -       allow admin to move logical console
2816  *      @file: the file to become console
2817  *
2818  *      Allow the adminstrator to move the redirected console device
2819  *
2820  *      Locking: uses redirect_lock to guard the redirect information
2821  */
2822
2823 static int tioccons(struct file *file)
2824 {
2825         if (!capable(CAP_SYS_ADMIN))
2826                 return -EPERM;
2827         if (file->f_op->write == redirected_tty_write) {
2828                 struct file *f;
2829                 spin_lock(&redirect_lock);
2830                 f = redirect;
2831                 redirect = NULL;
2832                 spin_unlock(&redirect_lock);
2833                 if (f)
2834                         fput(f);
2835                 return 0;
2836         }
2837         spin_lock(&redirect_lock);
2838         if (redirect) {
2839                 spin_unlock(&redirect_lock);
2840                 return -EBUSY;
2841         }
2842         get_file(file);
2843         redirect = file;
2844         spin_unlock(&redirect_lock);
2845         return 0;
2846 }
2847
2848 /**
2849  *      fionbio         -       non blocking ioctl
2850  *      @file: file to set blocking value
2851  *      @p: user parameter
2852  *
2853  *      Historical tty interfaces had a blocking control ioctl before
2854  *      the generic functionality existed. This piece of history is preserved
2855  *      in the expected tty API of posix OS's.
2856  *
2857  *      Locking: none, the open fle handle ensures it won't go away.
2858  */
2859
2860 static int fionbio(struct file *file, int __user *p)
2861 {
2862         int nonblock;
2863
2864         if (get_user(nonblock, p))
2865                 return -EFAULT;
2866
2867         if (nonblock)
2868                 file->f_flags |= O_NONBLOCK;
2869         else
2870                 file->f_flags &= ~O_NONBLOCK;
2871         return 0;
2872 }
2873
2874 /**
2875  *      tiocsctty       -       set controlling tty
2876  *      @tty: tty structure
2877  *      @arg: user argument
2878  *
2879  *      This ioctl is used to manage job control. It permits a session
2880  *      leader to set this tty as the controlling tty for the session.
2881  *
2882  *      Locking:
2883  *              Takes tasklist lock internally to walk sessions
2884  *              Takes task_lock() when updating signal->tty
2885  *              Takes tty_mutex() to protect tty instance
2886  *
2887  */
2888
2889 static int tiocsctty(struct tty_struct *tty, int arg)
2890 {
2891         struct task_struct *p;
2892
2893         if (current->signal->leader &&
2894             (current->signal->session == tty->session))
2895                 return 0;
2896         /*
2897          * The process must be a session leader and
2898          * not have a controlling tty already.
2899          */
2900         if (!current->signal->leader || current->signal->tty)
2901                 return -EPERM;
2902         if (tty->session > 0) {
2903                 /*
2904                  * This tty is already the controlling
2905                  * tty for another session group!
2906                  */
2907                 if ((arg == 1) && capable(CAP_SYS_ADMIN)) {
2908                         /*
2909                          * Steal it away
2910                          */
2911
2912                         read_lock(&tasklist_lock);
2913                         do_each_task_pid(tty->session, PIDTYPE_SID, p) {
2914                                 p->signal->tty = NULL;
2915                         } while_each_task_pid(tty->session, PIDTYPE_SID, p);
2916                         read_unlock(&tasklist_lock);
2917                 } else
2918                         return -EPERM;
2919         }
2920         mutex_lock(&tty_mutex);
2921         task_lock(current);
2922         current->signal->tty = tty;
2923         task_unlock(current);
2924         mutex_unlock(&tty_mutex);
2925         current->signal->tty_old_pgrp = 0;
2926         tty->session = current->signal->session;
2927         tty->pgrp = process_group(current);
2928         return 0;
2929 }
2930
2931 /**
2932  *      tiocgpgrp               -       get process group
2933  *      @tty: tty passed by user
2934  *      @real_tty: tty side of the tty pased by the user if a pty else the tty
2935  *      @p: returned pid
2936  *
2937  *      Obtain the process group of the tty. If there is no process group
2938  *      return an error.
2939  *
2940  *      Locking: none. Reference to ->signal->tty is safe.
2941  */
2942
2943 static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2944 {
2945         /*
2946          * (tty == real_tty) is a cheap way of
2947          * testing if the tty is NOT a master pty.
2948          */
2949         if (tty == real_tty && current->signal->tty != real_tty)
2950                 return -ENOTTY;
2951         return put_user(real_tty->pgrp, p);
2952 }
2953
2954 /**
2955  *      tiocspgrp               -       attempt to set process group
2956  *      @tty: tty passed by user
2957  *      @real_tty: tty side device matching tty passed by user
2958  *      @p: pid pointer
2959  *
2960  *      Set the process group of the tty to the session passed. Only
2961  *      permitted where the tty session is our session.
2962  *
2963  *      Locking: None
2964  */
2965
2966 static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2967 {
2968         pid_t pgrp;
2969         int retval = tty_check_change(real_tty);
2970
2971         if (retval == -EIO)
2972                 return -ENOTTY;
2973         if (retval)
2974                 return retval;
2975         if (!current->signal->tty ||
2976             (current->signal->tty != real_tty) ||
2977             (real_tty->session != current->signal->session))
2978                 return -ENOTTY;
2979         if (get_user(pgrp, p))
2980                 return -EFAULT;
2981         if (pgrp < 0)
2982                 return -EINVAL;
2983         if (session_of_pgrp(pgrp) != current->signal->session)
2984                 return -EPERM;
2985         real_tty->pgrp = pgrp;
2986         return 0;
2987 }
2988
2989 /**
2990  *      tiocgsid                -       get session id
2991  *      @tty: tty passed by user
2992  *      @real_tty: tty side of the tty pased by the user if a pty else the tty
2993  *      @p: pointer to returned session id
2994  *
2995  *      Obtain the session id of the tty. If there is no session
2996  *      return an error.
2997  *
2998  *      Locking: none. Reference to ->signal->tty is safe.
2999  */
3000
3001 static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3002 {
3003         /*
3004          * (tty == real_tty) is a cheap way of
3005          * testing if the tty is NOT a master pty.
3006         */
3007         if (tty == real_tty && current->signal->tty != real_tty)
3008                 return -ENOTTY;
3009         if (real_tty->session <= 0)
3010                 return -ENOTTY;
3011         return put_user(real_tty->session, p);
3012 }
3013
3014 /**
3015  *      tiocsetd        -       set line discipline
3016  *      @tty: tty device
3017  *      @p: pointer to user data
3018  *
3019  *      Set the line discipline according to user request.
3020  *
3021  *      Locking: see tty_set_ldisc, this function is just a helper
3022  */
3023
3024 static int tiocsetd(struct tty_struct *tty, int __user *p)
3025 {
3026         int ldisc;
3027
3028         if (get_user(ldisc, p))
3029                 return -EFAULT;
3030         return tty_set_ldisc(tty, ldisc);
3031 }
3032
3033 /**
3034  *      send_break      -       performed time break
3035  *      @tty: device to break on
3036  *      @duration: timeout in mS
3037  *
3038  *      Perform a timed break on hardware that lacks its own driver level
3039  *      timed break functionality.
3040  *
3041  *      Locking:
3042  *              atomic_write_lock serializes
3043  *
3044  */
3045
3046 static int send_break(struct tty_struct *tty, unsigned int duration)
3047 {
3048         if (mutex_lock_interruptible(&tty->atomic_write_lock))
3049                 return -EINTR;
3050         tty->driver->break_ctl(tty, -1);
3051         if (!signal_pending(current)) {
3052                 msleep_interruptible(duration);
3053         }
3054         tty->driver->break_ctl(tty, 0);
3055         mutex_unlock(&tty->atomic_write_lock);
3056         if (signal_pending(current))
3057                 return -EINTR;
3058         return 0;
3059 }
3060
3061 /**
3062  *      tiocmget                -       get modem status
3063  *      @tty: tty device
3064  *      @file: user file pointer
3065  *      @p: pointer to result
3066  *
3067  *      Obtain the modem status bits from the tty driver if the feature
3068  *      is supported. Return -EINVAL if it is not available.
3069  *
3070  *      Locking: none (up to the driver)
3071  */
3072
3073 static int tty_tiocmget(struct tty_struct *tty, struct file *file, int __user *p)
3074 {
3075         int retval = -EINVAL;
3076
3077         if (tty->driver->tiocmget) {
3078                 retval = tty->driver->tiocmget(tty, file);
3079
3080                 if (retval >= 0)
3081                         retval = put_user(retval, p);
3082         }
3083         return retval;
3084 }
3085
3086 /**
3087  *      tiocmset                -       set modem status
3088  *      @tty: tty device
3089  *      @file: user file pointer
3090  *      @cmd: command - clear bits, set bits or set all
3091  *      @p: pointer to desired bits
3092  *
3093  *      Set the modem status bits from the tty driver if the feature
3094  *      is supported. Return -EINVAL if it is not available.
3095  *
3096  *      Locking: none (up to the driver)
3097  */
3098
3099 static int tty_tiocmset(struct tty_struct *tty, struct file *file, unsigned int cmd,
3100              unsigned __user *p)
3101 {
3102         int retval = -EINVAL;
3103
3104         if (tty->driver->tiocmset) {
3105                 unsigned int set, clear, val;
3106
3107                 retval = get_user(val, p);
3108                 if (retval)
3109                         return retval;
3110
3111                 set = clear = 0;
3112                 switch (cmd) {
3113                 case TIOCMBIS:
3114                         set = val;
3115                         break;
3116                 case TIOCMBIC:
3117                         clear = val;
3118                         break;
3119                 case TIOCMSET:
3120                         set = val;
3121                         clear = ~val;
3122                         break;
3123                 }
3124
3125                 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
3126                 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
3127
3128                 retval = tty->driver->tiocmset(tty, file, set, clear);
3129         }
3130         return retval;
3131 }
3132
3133 /*
3134  * Split this up, as gcc can choke on it otherwise..
3135  */
3136 int tty_ioctl(struct inode * inode, struct file * file,
3137               unsigned int cmd, unsigned long arg)
3138 {
3139         struct tty_struct *tty, *real_tty;
3140         void __user *p = (void __user *)arg;
3141         int retval;
3142         struct tty_ldisc *ld;
3143         
3144         tty = (struct tty_struct *)file->private_data;
3145         if (tty_paranoia_check(tty, inode, "tty_ioctl"))
3146                 return -EINVAL;
3147
3148         /* CHECKME: is this safe as one end closes ? */
3149
3150         real_tty = tty;
3151         if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
3152             tty->driver->subtype == PTY_TYPE_MASTER)
3153                 real_tty = tty->link;
3154
3155         /*
3156          * Break handling by driver
3157          */
3158         if (!tty->driver->break_ctl) {
3159                 switch(cmd) {
3160                 case TIOCSBRK:
3161                 case TIOCCBRK:
3162                         if (tty->driver->ioctl)
3163                                 return tty->driver->ioctl(tty, file, cmd, arg);
3164                         return -EINVAL;
3165                         
3166                 /* These two ioctl's always return success; even if */
3167                 /* the driver doesn't support them. */
3168                 case TCSBRK:
3169                 case TCSBRKP:
3170                         if (!tty->driver->ioctl)
3171                                 return 0;
3172                         retval = tty->driver->ioctl(tty, file, cmd, arg);
3173                         if (retval == -ENOIOCTLCMD)
3174                                 retval = 0;
3175                         return retval;
3176                 }
3177         }
3178
3179         /*
3180          * Factor out some common prep work
3181          */
3182         switch (cmd) {
3183         case TIOCSETD:
3184         case TIOCSBRK:
3185         case TIOCCBRK:
3186         case TCSBRK:
3187         case TCSBRKP:                   
3188                 retval = tty_check_change(tty);
3189                 if (retval)
3190                         return retval;
3191                 if (cmd != TIOCCBRK) {
3192                         tty_wait_until_sent(tty, 0);
3193                         if (signal_pending(current))
3194                                 return -EINTR;
3195                 }
3196                 break;
3197         }
3198
3199         switch (cmd) {
3200                 case TIOCSTI:
3201                         return tiocsti(tty, p);
3202                 case TIOCGWINSZ:
3203                         return tiocgwinsz(tty, p);
3204                 case TIOCSWINSZ:
3205                         return tiocswinsz(tty, real_tty, p);
3206                 case TIOCCONS:
3207                         return real_tty!=tty ? -EINVAL : tioccons(file);
3208                 case FIONBIO:
3209                         return fionbio(file, p);
3210                 case TIOCEXCL:
3211                         set_bit(TTY_EXCLUSIVE, &tty->flags);
3212                         return 0;
3213                 case TIOCNXCL:
3214                         clear_bit(TTY_EXCLUSIVE, &tty->flags);
3215                         return 0;
3216                 case TIOCNOTTY:
3217                         /* FIXME: taks lock or tty_mutex ? */
3218                         if (current->signal->tty != tty)
3219                                 return -ENOTTY;
3220                         if (current->signal->leader)
3221                                 disassociate_ctty(0);
3222                         task_lock(current);
3223                         current->signal->tty = NULL;
3224                         task_unlock(current);
3225                         return 0;
3226                 case TIOCSCTTY:
3227                         return tiocsctty(tty, arg);
3228                 case TIOCGPGRP:
3229                         return tiocgpgrp(tty, real_tty, p);
3230                 case TIOCSPGRP:
3231                         return tiocspgrp(tty, real_tty, p);
3232                 case TIOCGSID:
3233                         return tiocgsid(tty, real_tty, p);
3234                 case TIOCGETD:
3235                         /* FIXME: check this is ok */
3236                         return put_user(tty->ldisc.num, (int __user *)p);
3237                 case TIOCSETD:
3238                         return tiocsetd(tty, p);
3239 #ifdef CONFIG_VT
3240                 case TIOCLINUX:
3241                         return tioclinux(tty, arg);
3242 #endif
3243                 /*
3244                  * Break handling
3245                  */
3246                 case TIOCSBRK:  /* Turn break on, unconditionally */
3247                         tty->driver->break_ctl(tty, -1);
3248                         return 0;
3249                         
3250                 case TIOCCBRK:  /* Turn break off, unconditionally */
3251                         tty->driver->break_ctl(tty, 0);
3252                         return 0;
3253                 case TCSBRK:   /* SVID version: non-zero arg --> no break */
3254                         /* non-zero arg means wait for all output data
3255                          * to be sent (performed above) but don't send break.
3256                          * This is used by the tcdrain() termios function.
3257                          */
3258                         if (!arg)
3259                                 return send_break(tty, 250);
3260                         return 0;
3261                 case TCSBRKP:   /* support for POSIX tcsendbreak() */   
3262                         return send_break(tty, arg ? arg*100 : 250);
3263
3264                 case TIOCMGET:
3265                         return tty_tiocmget(tty, file, p);
3266
3267                 case TIOCMSET:
3268                 case TIOCMBIC:
3269                 case TIOCMBIS:
3270                         return tty_tiocmset(tty, file, cmd, p);
3271         }
3272         if (tty->driver->ioctl) {
3273                 retval = (tty->driver->ioctl)(tty, file, cmd, arg);
3274                 if (retval != -ENOIOCTLCMD)
3275                         return retval;
3276         }
3277         ld = tty_ldisc_ref_wait(tty);
3278         retval = -EINVAL;
3279         if (ld->ioctl) {
3280                 retval = ld->ioctl(tty, file, cmd, arg);
3281                 if (retval == -ENOIOCTLCMD)
3282                         retval = -EINVAL;
3283         }
3284         tty_ldisc_deref(ld);
3285         return retval;
3286 }
3287
3288
3289 /*
3290  * This implements the "Secure Attention Key" ---  the idea is to
3291  * prevent trojan horses by killing all processes associated with this
3292  * tty when the user hits the "Secure Attention Key".  Required for
3293  * super-paranoid applications --- see the Orange Book for more details.
3294  * 
3295  * This code could be nicer; ideally it should send a HUP, wait a few
3296  * seconds, then send a INT, and then a KILL signal.  But you then
3297  * have to coordinate with the init process, since all processes associated
3298  * with the current tty must be dead before the new getty is allowed
3299  * to spawn.
3300  *
3301  * Now, if it would be correct ;-/ The current code has a nasty hole -
3302  * it doesn't catch files in flight. We may send the descriptor to ourselves
3303  * via AF_UNIX socket, close it and later fetch from socket. FIXME.
3304  *
3305  * Nasty bug: do_SAK is being called in interrupt context.  This can
3306  * deadlock.  We punt it up to process context.  AKPM - 16Mar2001
3307  */
3308 static void __do_SAK(struct work_struct *work)
3309 {
3310         struct tty_struct *tty =
3311                 container_of(work, struct tty_struct, SAK_work);
3312 #ifdef TTY_SOFT_SAK
3313         tty_hangup(tty);
3314 #else
3315         struct task_struct *g, *p;
3316         int session;
3317         int             i;
3318         struct file     *filp;
3319         struct tty_ldisc *disc;
3320         struct fdtable *fdt;
3321         
3322         if (!tty)
3323                 return;
3324         session  = tty->session;
3325         
3326         /* We don't want an ldisc switch during this */
3327         disc = tty_ldisc_ref(tty);
3328         if (disc && disc->flush_buffer)
3329                 disc->flush_buffer(tty);
3330         tty_ldisc_deref(disc);
3331
3332         if (tty->driver->flush_buffer)
3333                 tty->driver->flush_buffer(tty);
3334         
3335         read_lock(&tasklist_lock);
3336         /* Kill the entire session */
3337         do_each_task_pid(session, PIDTYPE_SID, p) {
3338                 printk(KERN_NOTICE "SAK: killed process %d"
3339                         " (%s): p->signal->session==tty->session\n",
3340                         p->pid, p->comm);
3341                 send_sig(SIGKILL, p, 1);
3342         } while_each_task_pid(session, PIDTYPE_SID, p);
3343         /* Now kill any processes that happen to have the
3344          * tty open.
3345          */
3346         do_each_thread(g, p) {
3347                 if (p->signal->tty == tty) {
3348                         printk(KERN_NOTICE "SAK: killed process %d"
3349                             " (%s): p->signal->session==tty->session\n",
3350                             p->pid, p->comm);
3351                         send_sig(SIGKILL, p, 1);
3352                         continue;
3353                 }
3354                 task_lock(p);
3355                 if (p->files) {
3356                         /*
3357                          * We don't take a ref to the file, so we must
3358                          * hold ->file_lock instead.
3359                          */
3360                         spin_lock(&p->files->file_lock);
3361                         fdt = files_fdtable(p->files);
3362                         for (i=0; i < fdt->max_fds; i++) {
3363                                 filp = fcheck_files(p->files, i);
3364                                 if (!filp)
3365                                         continue;
3366                                 if (filp->f_op->read == tty_read &&
3367                                     filp->private_data == tty) {
3368                                         printk(KERN_NOTICE "SAK: killed process %d"
3369                                             " (%s): fd#%d opened to the tty\n",
3370                                             p->pid, p->comm, i);
3371                                         force_sig(SIGKILL, p);
3372                                         break;
3373                                 }
3374                         }
3375                         spin_unlock(&p->files->file_lock);
3376                 }
3377                 task_unlock(p);
3378         } while_each_thread(g, p);
3379         read_unlock(&tasklist_lock);
3380 #endif
3381 }
3382
3383 /*
3384  * The tq handling here is a little racy - tty->SAK_work may already be queued.
3385  * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3386  * the values which we write to it will be identical to the values which it
3387  * already has. --akpm
3388  */
3389 void do_SAK(struct tty_struct *tty)
3390 {
3391         if (!tty)
3392                 return;
3393         PREPARE_WORK(&tty->SAK_work, __do_SAK);
3394         schedule_work(&tty->SAK_work);
3395 }
3396
3397 EXPORT_SYMBOL(do_SAK);
3398
3399 /**
3400  *      flush_to_ldisc
3401  *      @work: tty structure passed from work queue.
3402  *
3403  *      This routine is called out of the software interrupt to flush data
3404  *      from the buffer chain to the line discipline.
3405  *
3406  *      Locking: holds tty->buf.lock to guard buffer list. Drops the lock
3407  *      while invoking the line discipline receive_buf method. The
3408  *      receive_buf method is single threaded for each tty instance.
3409  */
3410  
3411 static void flush_to_ldisc(struct work_struct *work)
3412 {
3413         struct tty_struct *tty =
3414                 container_of(work, struct tty_struct, buf.work.work);
3415         unsigned long   flags;
3416         struct tty_ldisc *disc;
3417         struct tty_buffer *tbuf, *head;
3418         char *char_buf;
3419         unsigned char *flag_buf;
3420
3421         disc = tty_ldisc_ref(tty);
3422         if (disc == NULL)       /*  !TTY_LDISC */
3423                 return;
3424
3425         spin_lock_irqsave(&tty->buf.lock, flags);
3426         head = tty->buf.head;
3427         if (head != NULL) {
3428                 tty->buf.head = NULL;
3429                 for (;;) {
3430                         int count = head->commit - head->read;
3431                         if (!count) {
3432                                 if (head->next == NULL)
3433                                         break;
3434                                 tbuf = head;
3435                                 head = head->next;
3436                                 tty_buffer_free(tty, tbuf);
3437                                 continue;
3438                         }
3439                         if (!tty->receive_room) {
3440                                 schedule_delayed_work(&tty->buf.work, 1);
3441                                 break;
3442                         }
3443                         if (count > tty->receive_room)
3444                                 count = tty->receive_room;
3445                         char_buf = head->char_buf_ptr + head->read;
3446                         flag_buf = head->flag_buf_ptr + head->read;
3447                         head->read += count;
3448                         spin_unlock_irqrestore(&tty->buf.lock, flags);
3449                         disc->receive_buf(tty, char_buf, flag_buf, count);
3450                         spin_lock_irqsave(&tty->buf.lock, flags);
3451                 }
3452                 tty->buf.head = head;
3453         }
3454         spin_unlock_irqrestore(&tty->buf.lock, flags);
3455
3456         tty_ldisc_deref(disc);
3457 }
3458
3459 /*
3460  * Routine which returns the baud rate of the tty
3461  *
3462  * Note that the baud_table needs to be kept in sync with the
3463  * include/asm/termbits.h file.
3464  */
3465 static int baud_table[] = {
3466         0, 50, 75, 110, 134, 150, 200, 300, 600, 1200, 1800, 2400, 4800,
3467         9600, 19200, 38400, 57600, 115200, 230400, 460800,
3468 #ifdef __sparc__
3469         76800, 153600, 307200, 614400, 921600
3470 #else
3471         500000, 576000, 921600, 1000000, 1152000, 1500000, 2000000,
3472         2500000, 3000000, 3500000, 4000000
3473 #endif
3474 };
3475
3476 static int n_baud_table = ARRAY_SIZE(baud_table);
3477
3478 /**
3479  *      tty_termios_baud_rate
3480  *      @termios: termios structure
3481  *
3482  *      Convert termios baud rate data into a speed. This should be called
3483  *      with the termios lock held if this termios is a terminal termios
3484  *      structure. May change the termios data.
3485  *
3486  *      Locking: none
3487  */
3488  
3489 int tty_termios_baud_rate(struct termios *termios)
3490 {
3491         unsigned int cbaud;
3492         
3493         cbaud = termios->c_cflag & CBAUD;
3494
3495         if (cbaud & CBAUDEX) {
3496                 cbaud &= ~CBAUDEX;
3497
3498                 if (cbaud < 1 || cbaud + 15 > n_baud_table)
3499                         termios->c_cflag &= ~CBAUDEX;
3500                 else
3501                         cbaud += 15;
3502         }
3503         return baud_table[cbaud];
3504 }
3505
3506 EXPORT_SYMBOL(tty_termios_baud_rate);
3507
3508 /**
3509  *      tty_get_baud_rate       -       get tty bit rates
3510  *      @tty: tty to query
3511  *
3512  *      Returns the baud rate as an integer for this terminal. The
3513  *      termios lock must be held by the caller and the terminal bit
3514  *      flags may be updated.
3515  *
3516  *      Locking: none
3517  */
3518  
3519 int tty_get_baud_rate(struct tty_struct *tty)
3520 {
3521         int baud = tty_termios_baud_rate(tty->termios);
3522
3523         if (baud == 38400 && tty->alt_speed) {
3524                 if (!tty->warned) {
3525                         printk(KERN_WARNING "Use of setserial/setrocket to "
3526                                             "set SPD_* flags is deprecated\n");
3527                         tty->warned = 1;
3528                 }
3529                 baud = tty->alt_speed;
3530         }
3531         
3532         return baud;
3533 }
3534
3535 EXPORT_SYMBOL(tty_get_baud_rate);
3536
3537 /**
3538  *      tty_flip_buffer_push    -       terminal
3539  *      @tty: tty to push
3540  *
3541  *      Queue a push of the terminal flip buffers to the line discipline. This
3542  *      function must not be called from IRQ context if tty->low_latency is set.
3543  *
3544  *      In the event of the queue being busy for flipping the work will be
3545  *      held off and retried later.
3546  *
3547  *      Locking: tty buffer lock. Driver locks in low latency mode.
3548  */
3549
3550 void tty_flip_buffer_push(struct tty_struct *tty)
3551 {
3552         unsigned long flags;
3553         spin_lock_irqsave(&tty->buf.lock, flags);
3554         if (tty->buf.tail != NULL)
3555                 tty->buf.tail->commit = tty->buf.tail->used;
3556         spin_unlock_irqrestore(&tty->buf.lock, flags);
3557
3558         if (tty->low_latency)
3559                 flush_to_ldisc(&tty->buf.work.work);
3560         else
3561                 schedule_delayed_work(&tty->buf.work, 1);
3562 }
3563
3564 EXPORT_SYMBOL(tty_flip_buffer_push);
3565
3566
3567 /**
3568  *      initialize_tty_struct
3569  *      @tty: tty to initialize
3570  *
3571  *      This subroutine initializes a tty structure that has been newly
3572  *      allocated.
3573  *
3574  *      Locking: none - tty in question must not be exposed at this point
3575  */
3576
3577 static void initialize_tty_struct(struct tty_struct *tty)
3578 {
3579         memset(tty, 0, sizeof(struct tty_struct));
3580         tty->magic = TTY_MAGIC;
3581         tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
3582         tty->pgrp = -1;
3583         tty->overrun_time = jiffies;
3584         tty->buf.head = tty->buf.tail = NULL;
3585         tty_buffer_init(tty);
3586         INIT_DELAYED_WORK(&tty->buf.work, flush_to_ldisc);
3587         init_MUTEX(&tty->buf.pty_sem);
3588         mutex_init(&tty->termios_mutex);
3589         init_waitqueue_head(&tty->write_wait);
3590         init_waitqueue_head(&tty->read_wait);
3591         INIT_WORK(&tty->hangup_work, do_tty_hangup);
3592         mutex_init(&tty->atomic_read_lock);
3593         mutex_init(&tty->atomic_write_lock);
3594         spin_lock_init(&tty->read_lock);
3595         INIT_LIST_HEAD(&tty->tty_files);
3596         INIT_WORK(&tty->SAK_work, NULL);
3597 }
3598
3599 /*
3600  * The default put_char routine if the driver did not define one.
3601  */
3602
3603 static void tty_default_put_char(struct tty_struct *tty, unsigned char ch)
3604 {
3605         tty->driver->write(tty, &ch, 1);
3606 }
3607
3608 static struct class *tty_class;
3609
3610 /**
3611  *      tty_register_device - register a tty device
3612  *      @driver: the tty driver that describes the tty device
3613  *      @index: the index in the tty driver for this tty device
3614  *      @device: a struct device that is associated with this tty device.
3615  *              This field is optional, if there is no known struct device
3616  *              for this tty device it can be set to NULL safely.
3617  *
3618  *      Returns a pointer to the struct device for this tty device
3619  *      (or ERR_PTR(-EFOO) on error).
3620  *
3621  *      This call is required to be made to register an individual tty device
3622  *      if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set.  If
3623  *      that bit is not set, this function should not be called by a tty
3624  *      driver.
3625  *
3626  *      Locking: ??
3627  */
3628
3629 struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3630                                    struct device *device)
3631 {
3632         char name[64];
3633         dev_t dev = MKDEV(driver->major, driver->minor_start) + index;
3634
3635         if (index >= driver->num) {
3636                 printk(KERN_ERR "Attempt to register invalid tty line number "
3637                        " (%d).\n", index);
3638                 return ERR_PTR(-EINVAL);
3639         }
3640
3641         if (driver->type == TTY_DRIVER_TYPE_PTY)
3642                 pty_line_name(driver, index, name);
3643         else
3644                 tty_line_name(driver, index, name);
3645
3646         return device_create(tty_class, device, dev, name);
3647 }
3648
3649 /**
3650  *      tty_unregister_device - unregister a tty device
3651  *      @driver: the tty driver that describes the tty device
3652  *      @index: the index in the tty driver for this tty device
3653  *
3654  *      If a tty device is registered with a call to tty_register_device() then
3655  *      this function must be called when the tty device is gone.
3656  *
3657  *      Locking: ??
3658  */
3659
3660 void tty_unregister_device(struct tty_driver *driver, unsigned index)
3661 {
3662         device_destroy(tty_class, MKDEV(driver->major, driver->minor_start) + index);
3663 }
3664
3665 EXPORT_SYMBOL(tty_register_device);
3666 EXPORT_SYMBOL(tty_unregister_device);
3667
3668 struct tty_driver *alloc_tty_driver(int lines)
3669 {
3670         struct tty_driver *driver;
3671
3672         driver = kmalloc(sizeof(struct tty_driver), GFP_KERNEL);
3673         if (driver) {
3674                 memset(driver, 0, sizeof(struct tty_driver));
3675                 driver->magic = TTY_DRIVER_MAGIC;
3676                 driver->num = lines;
3677                 /* later we'll move allocation of tables here */
3678         }
3679         return driver;
3680 }
3681
3682 void put_tty_driver(struct tty_driver *driver)
3683 {
3684         kfree(driver);
3685 }
3686
3687 void tty_set_operations(struct tty_driver *driver,
3688                         const struct tty_operations *op)
3689 {
3690         driver->open = op->open;
3691         driver->close = op->close;
3692         driver->write = op->write;
3693         driver->put_char = op->put_char;
3694         driver->flush_chars = op->flush_chars;
3695         driver->write_room = op->write_room;
3696         driver->chars_in_buffer = op->chars_in_buffer;
3697         driver->ioctl = op->ioctl;
3698         driver->set_termios = op->set_termios;
3699         driver->throttle = op->throttle;
3700         driver->unthrottle = op->unthrottle;
3701         driver->stop = op->stop;
3702         driver->start = op->start;
3703         driver->hangup = op->hangup;
3704         driver->break_ctl = op->break_ctl;
3705         driver->flush_buffer = op->flush_buffer;
3706         driver->set_ldisc = op->set_ldisc;
3707         driver->wait_until_sent = op->wait_until_sent;
3708         driver->send_xchar = op->send_xchar;
3709         driver->read_proc = op->read_proc;
3710         driver->write_proc = op->write_proc;
3711         driver->tiocmget = op->tiocmget;
3712         driver->tiocmset = op->tiocmset;
3713 }
3714
3715
3716 EXPORT_SYMBOL(alloc_tty_driver);
3717 EXPORT_SYMBOL(put_tty_driver);
3718 EXPORT_SYMBOL(tty_set_operations);
3719
3720 /*
3721  * Called by a tty driver to register itself.
3722  */
3723 int tty_register_driver(struct tty_driver *driver)
3724 {
3725         int error;
3726         int i;
3727         dev_t dev;
3728         void **p = NULL;
3729
3730         if (driver->flags & TTY_DRIVER_INSTALLED)
3731                 return 0;
3732
3733         if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
3734                 p = kmalloc(driver->num * 3 * sizeof(void *), GFP_KERNEL);
3735                 if (!p)
3736                         return -ENOMEM;
3737                 memset(p, 0, driver->num * 3 * sizeof(void *));
3738         }
3739
3740         if (!driver->major) {
3741                 error = alloc_chrdev_region(&dev, driver->minor_start, driver->num,
3742                                                 (char*)driver->name);
3743                 if (!error) {
3744                         driver->major = MAJOR(dev);
3745                         driver->minor_start = MINOR(dev);
3746                 }
3747         } else {
3748                 dev = MKDEV(driver->major, driver->minor_start);
3749                 error = register_chrdev_region(dev, driver->num,
3750                                                 (char*)driver->name);
3751         }
3752         if (error < 0) {
3753                 kfree(p);
3754                 return error;
3755         }
3756
3757         if (p) {
3758                 driver->ttys = (struct tty_struct **)p;
3759                 driver->termios = (struct termios **)(p + driver->num);
3760                 driver->termios_locked = (struct termios **)(p + driver->num * 2);
3761         } else {
3762                 driver->ttys = NULL;
3763                 driver->termios = NULL;
3764                 driver->termios_locked = NULL;
3765         }
3766
3767         cdev_init(&driver->cdev, &tty_fops);
3768         driver->cdev.owner = driver->owner;
3769         error = cdev_add(&driver->cdev, dev, driver->num);
3770         if (error) {
3771                 unregister_chrdev_region(dev, driver->num);
3772                 driver->ttys = NULL;
3773                 driver->termios = driver->termios_locked = NULL;
3774                 kfree(p);
3775                 return error;
3776         }
3777
3778         if (!driver->put_char)
3779                 driver->put_char = tty_default_put_char;
3780         
3781         list_add(&driver->tty_drivers, &tty_drivers);
3782         
3783         if ( !(driver->flags & TTY_DRIVER_DYNAMIC_DEV) ) {
3784                 for(i = 0; i < driver->num; i++)
3785                     tty_register_device(driver, i, NULL);
3786         }
3787         proc_tty_register_driver(driver);
3788         return 0;
3789 }
3790
3791 EXPORT_SYMBOL(tty_register_driver);
3792
3793 /*
3794  * Called by a tty driver to unregister itself.
3795  */
3796 int tty_unregister_driver(struct tty_driver *driver)
3797 {
3798         int i;
3799         struct termios *tp;
3800         void *p;
3801
3802         if (driver->refcount)
3803                 return -EBUSY;
3804
3805         unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3806                                 driver->num);
3807
3808         list_del(&driver->tty_drivers);
3809
3810         /*
3811          * Free the termios and termios_locked structures because
3812          * we don't want to get memory leaks when modular tty
3813          * drivers are removed from the kernel.
3814          */
3815         for (i = 0; i < driver->num; i++) {
3816                 tp = driver->termios[i];
3817                 if (tp) {
3818                         driver->termios[i] = NULL;
3819                         kfree(tp);
3820                 }
3821                 tp = driver->termios_locked[i];
3822                 if (tp) {
3823                         driver->termios_locked[i] = NULL;
3824                         kfree(tp);
3825                 }
3826                 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3827                         tty_unregister_device(driver, i);
3828         }
3829         p = driver->ttys;
3830         proc_tty_unregister_driver(driver);
3831         driver->ttys = NULL;
3832         driver->termios = driver->termios_locked = NULL;
3833         kfree(p);
3834         cdev_del(&driver->cdev);
3835         return 0;
3836 }
3837
3838 EXPORT_SYMBOL(tty_unregister_driver);
3839
3840
3841 /*
3842  * Initialize the console device. This is called *early*, so
3843  * we can't necessarily depend on lots of kernel help here.
3844  * Just do some early initializations, and do the complex setup
3845  * later.
3846  */
3847 void __init console_init(void)
3848 {
3849         initcall_t *call;
3850
3851         /* Setup the default TTY line discipline. */
3852         (void) tty_register_ldisc(N_TTY, &tty_ldisc_N_TTY);
3853
3854         /*
3855          * set up the console device so that later boot sequences can 
3856          * inform about problems etc..
3857          */
3858 #ifdef CONFIG_EARLY_PRINTK
3859         disable_early_printk();
3860 #endif
3861         call = __con_initcall_start;
3862         while (call < __con_initcall_end) {
3863                 (*call)();
3864                 call++;
3865         }
3866 }
3867
3868 #ifdef CONFIG_VT
3869 extern int vty_init(void);
3870 #endif
3871
3872 static int __init tty_class_init(void)
3873 {
3874         tty_class = class_create(THIS_MODULE, "tty");
3875         if (IS_ERR(tty_class))
3876                 return PTR_ERR(tty_class);
3877         return 0;
3878 }
3879
3880 postcore_initcall(tty_class_init);
3881
3882 /* 3/2004 jmc: why do these devices exist? */
3883
3884 static struct cdev tty_cdev, console_cdev;
3885 #ifdef CONFIG_UNIX98_PTYS
3886 static struct cdev ptmx_cdev;
3887 #endif
3888 #ifdef CONFIG_VT
3889 static struct cdev vc0_cdev;
3890 #endif
3891
3892 /*
3893  * Ok, now we can initialize the rest of the tty devices and can count
3894  * on memory allocations, interrupts etc..
3895  */
3896 static int __init tty_init(void)
3897 {
3898         cdev_init(&tty_cdev, &tty_fops);
3899         if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3900             register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3901                 panic("Couldn't register /dev/tty driver\n");
3902         device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), "tty");
3903
3904         cdev_init(&console_cdev, &console_fops);
3905         if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3906             register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3907                 panic("Couldn't register /dev/console driver\n");
3908         device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), "console");
3909
3910 #ifdef CONFIG_UNIX98_PTYS
3911         cdev_init(&ptmx_cdev, &ptmx_fops);
3912         if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) ||
3913             register_chrdev_region(MKDEV(TTYAUX_MAJOR, 2), 1, "/dev/ptmx") < 0)
3914                 panic("Couldn't register /dev/ptmx driver\n");
3915         device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 2), "ptmx");
3916 #endif
3917
3918 #ifdef CONFIG_VT
3919         cdev_init(&vc0_cdev, &console_fops);
3920         if (cdev_add(&vc0_cdev, MKDEV(TTY_MAJOR, 0), 1) ||
3921             register_chrdev_region(MKDEV(TTY_MAJOR, 0), 1, "/dev/vc/0") < 0)
3922                 panic("Couldn't register /dev/tty0 driver\n");
3923         device_create(tty_class, NULL, MKDEV(TTY_MAJOR, 0), "tty0");
3924
3925         vty_init();
3926 #endif
3927         return 0;
3928 }
3929 module_init(tty_init);