tty: Remove more special casing and out of place code
[linux-2.6] / drivers / char / tty_io.c
1 /*
2  *  linux/drivers/char/tty_io.c
3  *
4  *  Copyright (C) 1991, 1992  Linus Torvalds
5  */
6
7 /*
8  * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
9  * or rs-channels. It also implements echoing, cooked mode etc.
10  *
11  * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
12  *
13  * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
14  * tty_struct and tty_queue structures.  Previously there was an array
15  * of 256 tty_struct's which was statically allocated, and the
16  * tty_queue structures were allocated at boot time.  Both are now
17  * dynamically allocated only when the tty is open.
18  *
19  * Also restructured routines so that there is more of a separation
20  * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
21  * the low-level tty routines (serial.c, pty.c, console.c).  This
22  * makes for cleaner and more compact code.  -TYT, 9/17/92
23  *
24  * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
25  * which can be dynamically activated and de-activated by the line
26  * discipline handling modules (like SLIP).
27  *
28  * NOTE: pay no attention to the line discipline code (yet); its
29  * interface is still subject to change in this version...
30  * -- TYT, 1/31/92
31  *
32  * Added functionality to the OPOST tty handling.  No delays, but all
33  * other bits should be there.
34  *      -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
35  *
36  * Rewrote canonical mode and added more termios flags.
37  *      -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
38  *
39  * Reorganized FASYNC support so mouse code can share it.
40  *      -- ctm@ardi.com, 9Sep95
41  *
42  * New TIOCLINUX variants added.
43  *      -- mj@k332.feld.cvut.cz, 19-Nov-95
44  *
45  * Restrict vt switching via ioctl()
46  *      -- grif@cs.ucr.edu, 5-Dec-95
47  *
48  * Move console and virtual terminal code to more appropriate files,
49  * implement CONFIG_VT and generalize console device interface.
50  *      -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
51  *
52  * Rewrote tty_init_dev and tty_release_dev to eliminate races.
53  *      -- Bill Hawes <whawes@star.net>, June 97
54  *
55  * Added devfs support.
56  *      -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
57  *
58  * Added support for a Unix98-style ptmx device.
59  *      -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
60  *
61  * Reduced memory usage for older ARM systems
62  *      -- Russell King <rmk@arm.linux.org.uk>
63  *
64  * Move do_SAK() into process context.  Less stack use in devfs functions.
65  * alloc_tty_struct() always uses kmalloc()
66  *                       -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
67  */
68
69 #include <linux/types.h>
70 #include <linux/major.h>
71 #include <linux/errno.h>
72 #include <linux/signal.h>
73 #include <linux/fcntl.h>
74 #include <linux/sched.h>
75 #include <linux/interrupt.h>
76 #include <linux/tty.h>
77 #include <linux/tty_driver.h>
78 #include <linux/tty_flip.h>
79 #include <linux/devpts_fs.h>
80 #include <linux/file.h>
81 #include <linux/fdtable.h>
82 #include <linux/console.h>
83 #include <linux/timer.h>
84 #include <linux/ctype.h>
85 #include <linux/kd.h>
86 #include <linux/mm.h>
87 #include <linux/string.h>
88 #include <linux/slab.h>
89 #include <linux/poll.h>
90 #include <linux/proc_fs.h>
91 #include <linux/init.h>
92 #include <linux/module.h>
93 #include <linux/smp_lock.h>
94 #include <linux/device.h>
95 #include <linux/wait.h>
96 #include <linux/bitops.h>
97 #include <linux/delay.h>
98 #include <linux/seq_file.h>
99
100 #include <linux/uaccess.h>
101 #include <asm/system.h>
102
103 #include <linux/kbd_kern.h>
104 #include <linux/vt_kern.h>
105 #include <linux/selection.h>
106
107 #include <linux/kmod.h>
108 #include <linux/nsproxy.h>
109
110 #undef TTY_DEBUG_HANGUP
111
112 #define TTY_PARANOIA_CHECK 1
113 #define CHECK_TTY_COUNT 1
114
115 struct ktermios tty_std_termios = {     /* for the benefit of tty drivers  */
116         .c_iflag = ICRNL | IXON,
117         .c_oflag = OPOST | ONLCR,
118         .c_cflag = B38400 | CS8 | CREAD | HUPCL,
119         .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
120                    ECHOCTL | ECHOKE | IEXTEN,
121         .c_cc = INIT_C_CC,
122         .c_ispeed = 38400,
123         .c_ospeed = 38400
124 };
125
126 EXPORT_SYMBOL(tty_std_termios);
127
128 /* This list gets poked at by procfs and various bits of boot up code. This
129    could do with some rationalisation such as pulling the tty proc function
130    into this file */
131
132 LIST_HEAD(tty_drivers);                 /* linked list of tty drivers */
133
134 /* Mutex to protect creating and releasing a tty. This is shared with
135    vt.c for deeply disgusting hack reasons */
136 DEFINE_MUTEX(tty_mutex);
137 EXPORT_SYMBOL(tty_mutex);
138
139 static void initialize_tty_struct(struct tty_struct *tty);
140
141 static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
142 static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
143 ssize_t redirected_tty_write(struct file *, const char __user *,
144                                                         size_t, loff_t *);
145 static unsigned int tty_poll(struct file *, poll_table *);
146 static int tty_open(struct inode *, struct file *);
147 static int tty_release(struct inode *, struct file *);
148 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
149 #ifdef CONFIG_COMPAT
150 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
151                                 unsigned long arg);
152 #else
153 #define tty_compat_ioctl NULL
154 #endif
155 static int tty_fasync(int fd, struct file *filp, int on);
156 static void release_tty(struct tty_struct *tty, int idx);
157 static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
158 static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
159
160 /**
161  *      alloc_tty_struct        -       allocate a tty object
162  *
163  *      Return a new empty tty structure. The data fields have not
164  *      been initialized in any way but has been zeroed
165  *
166  *      Locking: none
167  */
168
169 static struct tty_struct *alloc_tty_struct(void)
170 {
171         return kzalloc(sizeof(struct tty_struct), GFP_KERNEL);
172 }
173
174 /**
175  *      free_tty_struct         -       free a disused tty
176  *      @tty: tty struct to free
177  *
178  *      Free the write buffers, tty queue and tty memory itself.
179  *
180  *      Locking: none. Must be called after tty is definitely unused
181  */
182
183 static inline void free_tty_struct(struct tty_struct *tty)
184 {
185         kfree(tty->write_buf);
186         tty_buffer_free_all(tty);
187         kfree(tty);
188 }
189
190 #define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
191
192 /**
193  *      tty_name        -       return tty naming
194  *      @tty: tty structure
195  *      @buf: buffer for output
196  *
197  *      Convert a tty structure into a name. The name reflects the kernel
198  *      naming policy and if udev is in use may not reflect user space
199  *
200  *      Locking: none
201  */
202
203 char *tty_name(struct tty_struct *tty, char *buf)
204 {
205         if (!tty) /* Hmm.  NULL pointer.  That's fun. */
206                 strcpy(buf, "NULL tty");
207         else
208                 strcpy(buf, tty->name);
209         return buf;
210 }
211
212 EXPORT_SYMBOL(tty_name);
213
214 int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
215                               const char *routine)
216 {
217 #ifdef TTY_PARANOIA_CHECK
218         if (!tty) {
219                 printk(KERN_WARNING
220                         "null TTY for (%d:%d) in %s\n",
221                         imajor(inode), iminor(inode), routine);
222                 return 1;
223         }
224         if (tty->magic != TTY_MAGIC) {
225                 printk(KERN_WARNING
226                         "bad magic number for tty struct (%d:%d) in %s\n",
227                         imajor(inode), iminor(inode), routine);
228                 return 1;
229         }
230 #endif
231         return 0;
232 }
233
234 static int check_tty_count(struct tty_struct *tty, const char *routine)
235 {
236 #ifdef CHECK_TTY_COUNT
237         struct list_head *p;
238         int count = 0;
239
240         file_list_lock();
241         list_for_each(p, &tty->tty_files) {
242                 count++;
243         }
244         file_list_unlock();
245         if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
246             tty->driver->subtype == PTY_TYPE_SLAVE &&
247             tty->link && tty->link->count)
248                 count++;
249         if (tty->count != count) {
250                 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
251                                     "!= #fd's(%d) in %s\n",
252                        tty->name, tty->count, count, routine);
253                 return count;
254         }
255 #endif
256         return 0;
257 }
258
259 /**
260  *      get_tty_driver          -       find device of a tty
261  *      @dev_t: device identifier
262  *      @index: returns the index of the tty
263  *
264  *      This routine returns a tty driver structure, given a device number
265  *      and also passes back the index number.
266  *
267  *      Locking: caller must hold tty_mutex
268  */
269
270 static struct tty_driver *get_tty_driver(dev_t device, int *index)
271 {
272         struct tty_driver *p;
273
274         list_for_each_entry(p, &tty_drivers, tty_drivers) {
275                 dev_t base = MKDEV(p->major, p->minor_start);
276                 if (device < base || device >= base + p->num)
277                         continue;
278                 *index = device - base;
279                 return p;
280         }
281         return NULL;
282 }
283
284 #ifdef CONFIG_CONSOLE_POLL
285
286 /**
287  *      tty_find_polling_driver -       find device of a polled tty
288  *      @name: name string to match
289  *      @line: pointer to resulting tty line nr
290  *
291  *      This routine returns a tty driver structure, given a name
292  *      and the condition that the tty driver is capable of polled
293  *      operation.
294  */
295 struct tty_driver *tty_find_polling_driver(char *name, int *line)
296 {
297         struct tty_driver *p, *res = NULL;
298         int tty_line = 0;
299         int len;
300         char *str;
301
302         for (str = name; *str; str++)
303                 if ((*str >= '0' && *str <= '9') || *str == ',')
304                         break;
305         if (!*str)
306                 return NULL;
307
308         len = str - name;
309         tty_line = simple_strtoul(str, &str, 10);
310
311         mutex_lock(&tty_mutex);
312         /* Search through the tty devices to look for a match */
313         list_for_each_entry(p, &tty_drivers, tty_drivers) {
314                 if (strncmp(name, p->name, len) != 0)
315                         continue;
316                 if (*str == ',')
317                         str++;
318                 if (*str == '\0')
319                         str = NULL;
320
321                 if (tty_line >= 0 && tty_line <= p->num && p->ops &&
322                     p->ops->poll_init && !p->ops->poll_init(p, tty_line, str)) {
323                         res = p;
324                         *line = tty_line;
325                         break;
326                 }
327         }
328         mutex_unlock(&tty_mutex);
329
330         return res;
331 }
332 EXPORT_SYMBOL_GPL(tty_find_polling_driver);
333 #endif
334
335 /**
336  *      tty_check_change        -       check for POSIX terminal changes
337  *      @tty: tty to check
338  *
339  *      If we try to write to, or set the state of, a terminal and we're
340  *      not in the foreground, send a SIGTTOU.  If the signal is blocked or
341  *      ignored, go ahead and perform the operation.  (POSIX 7.2)
342  *
343  *      Locking: ctrl_lock
344  */
345
346 int tty_check_change(struct tty_struct *tty)
347 {
348         unsigned long flags;
349         int ret = 0;
350
351         if (current->signal->tty != tty)
352                 return 0;
353
354         spin_lock_irqsave(&tty->ctrl_lock, flags);
355
356         if (!tty->pgrp) {
357                 printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n");
358                 goto out_unlock;
359         }
360         if (task_pgrp(current) == tty->pgrp)
361                 goto out_unlock;
362         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
363         if (is_ignored(SIGTTOU))
364                 goto out;
365         if (is_current_pgrp_orphaned()) {
366                 ret = -EIO;
367                 goto out;
368         }
369         kill_pgrp(task_pgrp(current), SIGTTOU, 1);
370         set_thread_flag(TIF_SIGPENDING);
371         ret = -ERESTARTSYS;
372 out:
373         return ret;
374 out_unlock:
375         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
376         return ret;
377 }
378
379 EXPORT_SYMBOL(tty_check_change);
380
381 static ssize_t hung_up_tty_read(struct file *file, char __user *buf,
382                                 size_t count, loff_t *ppos)
383 {
384         return 0;
385 }
386
387 static ssize_t hung_up_tty_write(struct file *file, const char __user *buf,
388                                  size_t count, loff_t *ppos)
389 {
390         return -EIO;
391 }
392
393 /* No kernel lock held - none needed ;) */
394 static unsigned int hung_up_tty_poll(struct file *filp, poll_table *wait)
395 {
396         return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
397 }
398
399 static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
400                 unsigned long arg)
401 {
402         return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
403 }
404
405 static long hung_up_tty_compat_ioctl(struct file *file,
406                                      unsigned int cmd, unsigned long arg)
407 {
408         return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
409 }
410
411 static const struct file_operations tty_fops = {
412         .llseek         = no_llseek,
413         .read           = tty_read,
414         .write          = tty_write,
415         .poll           = tty_poll,
416         .unlocked_ioctl = tty_ioctl,
417         .compat_ioctl   = tty_compat_ioctl,
418         .open           = tty_open,
419         .release        = tty_release,
420         .fasync         = tty_fasync,
421 };
422
423 static const struct file_operations console_fops = {
424         .llseek         = no_llseek,
425         .read           = tty_read,
426         .write          = redirected_tty_write,
427         .poll           = tty_poll,
428         .unlocked_ioctl = tty_ioctl,
429         .compat_ioctl   = tty_compat_ioctl,
430         .open           = tty_open,
431         .release        = tty_release,
432         .fasync         = tty_fasync,
433 };
434
435 static const struct file_operations hung_up_tty_fops = {
436         .llseek         = no_llseek,
437         .read           = hung_up_tty_read,
438         .write          = hung_up_tty_write,
439         .poll           = hung_up_tty_poll,
440         .unlocked_ioctl = hung_up_tty_ioctl,
441         .compat_ioctl   = hung_up_tty_compat_ioctl,
442         .release        = tty_release,
443 };
444
445 static DEFINE_SPINLOCK(redirect_lock);
446 static struct file *redirect;
447
448 /**
449  *      tty_wakeup      -       request more data
450  *      @tty: terminal
451  *
452  *      Internal and external helper for wakeups of tty. This function
453  *      informs the line discipline if present that the driver is ready
454  *      to receive more output data.
455  */
456
457 void tty_wakeup(struct tty_struct *tty)
458 {
459         struct tty_ldisc *ld;
460
461         if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
462                 ld = tty_ldisc_ref(tty);
463                 if (ld) {
464                         if (ld->ops->write_wakeup)
465                                 ld->ops->write_wakeup(tty);
466                         tty_ldisc_deref(ld);
467                 }
468         }
469         wake_up_interruptible(&tty->write_wait);
470 }
471
472 EXPORT_SYMBOL_GPL(tty_wakeup);
473
474 /**
475  *      tty_ldisc_flush -       flush line discipline queue
476  *      @tty: tty
477  *
478  *      Flush the line discipline queue (if any) for this tty. If there
479  *      is no line discipline active this is a no-op.
480  */
481
482 void tty_ldisc_flush(struct tty_struct *tty)
483 {
484         struct tty_ldisc *ld = tty_ldisc_ref(tty);
485         if (ld) {
486                 if (ld->ops->flush_buffer)
487                         ld->ops->flush_buffer(tty);
488                 tty_ldisc_deref(ld);
489         }
490         tty_buffer_flush(tty);
491 }
492
493 EXPORT_SYMBOL_GPL(tty_ldisc_flush);
494
495 /**
496  *      tty_reset_termios       -       reset terminal state
497  *      @tty: tty to reset
498  *
499  *      Restore a terminal to the driver default state
500  */
501
502 static void tty_reset_termios(struct tty_struct *tty)
503 {
504         mutex_lock(&tty->termios_mutex);
505         *tty->termios = tty->driver->init_termios;
506         tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
507         tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
508         mutex_unlock(&tty->termios_mutex);
509 }
510
511 /**
512  *      do_tty_hangup           -       actual handler for hangup events
513  *      @work: tty device
514  *
515  *      This can be called by the "eventd" kernel thread.  That is process
516  *      synchronous but doesn't hold any locks, so we need to make sure we
517  *      have the appropriate locks for what we're doing.
518  *
519  *      The hangup event clears any pending redirections onto the hung up
520  *      device. It ensures future writes will error and it does the needed
521  *      line discipline hangup and signal delivery. The tty object itself
522  *      remains intact.
523  *
524  *      Locking:
525  *              BKL
526  *                redirect lock for undoing redirection
527  *                file list lock for manipulating list of ttys
528  *                tty_ldisc_lock from called functions
529  *                termios_mutex resetting termios data
530  *                tasklist_lock to walk task list for hangup event
531  *                  ->siglock to protect ->signal/->sighand
532  */
533 static void do_tty_hangup(struct work_struct *work)
534 {
535         struct tty_struct *tty =
536                 container_of(work, struct tty_struct, hangup_work);
537         struct file *cons_filp = NULL;
538         struct file *filp, *f = NULL;
539         struct task_struct *p;
540         struct tty_ldisc *ld;
541         int    closecount = 0, n;
542         unsigned long flags;
543         int refs = 0;
544
545         if (!tty)
546                 return;
547
548         /* inuse_filps is protected by the single kernel lock */
549         lock_kernel();
550
551         spin_lock(&redirect_lock);
552         if (redirect && redirect->private_data == tty) {
553                 f = redirect;
554                 redirect = NULL;
555         }
556         spin_unlock(&redirect_lock);
557
558         check_tty_count(tty, "do_tty_hangup");
559         file_list_lock();
560         /* This breaks for file handles being sent over AF_UNIX sockets ? */
561         list_for_each_entry(filp, &tty->tty_files, f_u.fu_list) {
562                 if (filp->f_op->write == redirected_tty_write)
563                         cons_filp = filp;
564                 if (filp->f_op->write != tty_write)
565                         continue;
566                 closecount++;
567                 tty_fasync(-1, filp, 0);        /* can't block */
568                 filp->f_op = &hung_up_tty_fops;
569         }
570         file_list_unlock();
571         /*
572          * FIXME! What are the locking issues here? This may me overdoing
573          * things... This question is especially important now that we've
574          * removed the irqlock.
575          */
576         ld = tty_ldisc_ref(tty);
577         if (ld != NULL) {
578                 /* We may have no line discipline at this point */
579                 if (ld->ops->flush_buffer)
580                         ld->ops->flush_buffer(tty);
581                 tty_driver_flush_buffer(tty);
582                 if ((test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) &&
583                     ld->ops->write_wakeup)
584                         ld->ops->write_wakeup(tty);
585                 if (ld->ops->hangup)
586                         ld->ops->hangup(tty);
587         }
588         /*
589          * FIXME: Once we trust the LDISC code better we can wait here for
590          * ldisc completion and fix the driver call race
591          */
592         wake_up_interruptible(&tty->write_wait);
593         wake_up_interruptible(&tty->read_wait);
594         /*
595          * Shutdown the current line discipline, and reset it to
596          * N_TTY.
597          */
598         if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
599                 tty_reset_termios(tty);
600         /* Defer ldisc switch */
601         /* tty_deferred_ldisc_switch(N_TTY);
602
603           This should get done automatically when the port closes and
604           tty_release is called */
605
606         read_lock(&tasklist_lock);
607         if (tty->session) {
608                 do_each_pid_task(tty->session, PIDTYPE_SID, p) {
609                         spin_lock_irq(&p->sighand->siglock);
610                         if (p->signal->tty == tty) {
611                                 p->signal->tty = NULL;
612                                 /* We defer the dereferences outside fo
613                                    the tasklist lock */
614                                 refs++;
615                         }
616                         if (!p->signal->leader) {
617                                 spin_unlock_irq(&p->sighand->siglock);
618                                 continue;
619                         }
620                         __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
621                         __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
622                         put_pid(p->signal->tty_old_pgrp);  /* A noop */
623                         spin_lock_irqsave(&tty->ctrl_lock, flags);
624                         if (tty->pgrp)
625                                 p->signal->tty_old_pgrp = get_pid(tty->pgrp);
626                         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
627                         spin_unlock_irq(&p->sighand->siglock);
628                 } while_each_pid_task(tty->session, PIDTYPE_SID, p);
629         }
630         read_unlock(&tasklist_lock);
631
632         spin_lock_irqsave(&tty->ctrl_lock, flags);
633         tty->flags = 0;
634         put_pid(tty->session);
635         put_pid(tty->pgrp);
636         tty->session = NULL;
637         tty->pgrp = NULL;
638         tty->ctrl_status = 0;
639         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
640
641         /* Account for the p->signal references we killed */
642         while (refs--)
643                 tty_kref_put(tty);
644
645         /*
646          * If one of the devices matches a console pointer, we
647          * cannot just call hangup() because that will cause
648          * tty->count and state->count to go out of sync.
649          * So we just call close() the right number of times.
650          */
651         if (cons_filp) {
652                 if (tty->ops->close)
653                         for (n = 0; n < closecount; n++)
654                                 tty->ops->close(tty, cons_filp);
655         } else if (tty->ops->hangup)
656                 (tty->ops->hangup)(tty);
657         /*
658          * We don't want to have driver/ldisc interactions beyond
659          * the ones we did here. The driver layer expects no
660          * calls after ->hangup() from the ldisc side. However we
661          * can't yet guarantee all that.
662          */
663         set_bit(TTY_HUPPED, &tty->flags);
664         if (ld) {
665                 tty_ldisc_enable(tty);
666                 tty_ldisc_deref(ld);
667         }
668         unlock_kernel();
669         if (f)
670                 fput(f);
671 }
672
673 /**
674  *      tty_hangup              -       trigger a hangup event
675  *      @tty: tty to hangup
676  *
677  *      A carrier loss (virtual or otherwise) has occurred on this like
678  *      schedule a hangup sequence to run after this event.
679  */
680
681 void tty_hangup(struct tty_struct *tty)
682 {
683 #ifdef TTY_DEBUG_HANGUP
684         char    buf[64];
685         printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
686 #endif
687         schedule_work(&tty->hangup_work);
688 }
689
690 EXPORT_SYMBOL(tty_hangup);
691
692 /**
693  *      tty_vhangup             -       process vhangup
694  *      @tty: tty to hangup
695  *
696  *      The user has asked via system call for the terminal to be hung up.
697  *      We do this synchronously so that when the syscall returns the process
698  *      is complete. That guarantee is necessary for security reasons.
699  */
700
701 void tty_vhangup(struct tty_struct *tty)
702 {
703 #ifdef TTY_DEBUG_HANGUP
704         char    buf[64];
705
706         printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
707 #endif
708         do_tty_hangup(&tty->hangup_work);
709 }
710
711 EXPORT_SYMBOL(tty_vhangup);
712
713 /**
714  *      tty_vhangup_self        -       process vhangup for own ctty
715  *
716  *      Perform a vhangup on the current controlling tty
717  */
718
719 void tty_vhangup_self(void)
720 {
721         struct tty_struct *tty;
722
723         tty = get_current_tty();
724         if (tty) {
725                 tty_vhangup(tty);
726                 tty_kref_put(tty);
727         }
728 }
729
730 /**
731  *      tty_hung_up_p           -       was tty hung up
732  *      @filp: file pointer of tty
733  *
734  *      Return true if the tty has been subject to a vhangup or a carrier
735  *      loss
736  */
737
738 int tty_hung_up_p(struct file *filp)
739 {
740         return (filp->f_op == &hung_up_tty_fops);
741 }
742
743 EXPORT_SYMBOL(tty_hung_up_p);
744
745 static void session_clear_tty(struct pid *session)
746 {
747         struct task_struct *p;
748         do_each_pid_task(session, PIDTYPE_SID, p) {
749                 proc_clear_tty(p);
750         } while_each_pid_task(session, PIDTYPE_SID, p);
751 }
752
753 /**
754  *      disassociate_ctty       -       disconnect controlling tty
755  *      @on_exit: true if exiting so need to "hang up" the session
756  *
757  *      This function is typically called only by the session leader, when
758  *      it wants to disassociate itself from its controlling tty.
759  *
760  *      It performs the following functions:
761  *      (1)  Sends a SIGHUP and SIGCONT to the foreground process group
762  *      (2)  Clears the tty from being controlling the session
763  *      (3)  Clears the controlling tty for all processes in the
764  *              session group.
765  *
766  *      The argument on_exit is set to 1 if called when a process is
767  *      exiting; it is 0 if called by the ioctl TIOCNOTTY.
768  *
769  *      Locking:
770  *              BKL is taken for hysterical raisins
771  *                tty_mutex is taken to protect tty
772  *                ->siglock is taken to protect ->signal/->sighand
773  *                tasklist_lock is taken to walk process list for sessions
774  *                  ->siglock is taken to protect ->signal/->sighand
775  */
776
777 void disassociate_ctty(int on_exit)
778 {
779         struct tty_struct *tty;
780         struct pid *tty_pgrp = NULL;
781
782
783         tty = get_current_tty();
784         if (tty) {
785                 tty_pgrp = get_pid(tty->pgrp);
786                 lock_kernel();
787                 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY)
788                         tty_vhangup(tty);
789                 unlock_kernel();
790                 tty_kref_put(tty);
791         } else if (on_exit) {
792                 struct pid *old_pgrp;
793                 spin_lock_irq(&current->sighand->siglock);
794                 old_pgrp = current->signal->tty_old_pgrp;
795                 current->signal->tty_old_pgrp = NULL;
796                 spin_unlock_irq(&current->sighand->siglock);
797                 if (old_pgrp) {
798                         kill_pgrp(old_pgrp, SIGHUP, on_exit);
799                         kill_pgrp(old_pgrp, SIGCONT, on_exit);
800                         put_pid(old_pgrp);
801                 }
802                 return;
803         }
804         if (tty_pgrp) {
805                 kill_pgrp(tty_pgrp, SIGHUP, on_exit);
806                 if (!on_exit)
807                         kill_pgrp(tty_pgrp, SIGCONT, on_exit);
808                 put_pid(tty_pgrp);
809         }
810
811         spin_lock_irq(&current->sighand->siglock);
812         put_pid(current->signal->tty_old_pgrp);
813         current->signal->tty_old_pgrp = NULL;
814         spin_unlock_irq(&current->sighand->siglock);
815
816         tty = get_current_tty();
817         if (tty) {
818                 unsigned long flags;
819                 spin_lock_irqsave(&tty->ctrl_lock, flags);
820                 put_pid(tty->session);
821                 put_pid(tty->pgrp);
822                 tty->session = NULL;
823                 tty->pgrp = NULL;
824                 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
825                 tty_kref_put(tty);
826         } else {
827 #ifdef TTY_DEBUG_HANGUP
828                 printk(KERN_DEBUG "error attempted to write to tty [0x%p]"
829                        " = NULL", tty);
830 #endif
831         }
832
833         /* Now clear signal->tty under the lock */
834         read_lock(&tasklist_lock);
835         session_clear_tty(task_session(current));
836         read_unlock(&tasklist_lock);
837 }
838
839 /**
840  *
841  *      no_tty  - Ensure the current process does not have a controlling tty
842  */
843 void no_tty(void)
844 {
845         struct task_struct *tsk = current;
846         lock_kernel();
847         if (tsk->signal->leader)
848                 disassociate_ctty(0);
849         unlock_kernel();
850         proc_clear_tty(tsk);
851 }
852
853
854 /**
855  *      stop_tty        -       propagate flow control
856  *      @tty: tty to stop
857  *
858  *      Perform flow control to the driver. For PTY/TTY pairs we
859  *      must also propagate the TIOCKPKT status. May be called
860  *      on an already stopped device and will not re-call the driver
861  *      method.
862  *
863  *      This functionality is used by both the line disciplines for
864  *      halting incoming flow and by the driver. It may therefore be
865  *      called from any context, may be under the tty atomic_write_lock
866  *      but not always.
867  *
868  *      Locking:
869  *              Uses the tty control lock internally
870  */
871
872 void stop_tty(struct tty_struct *tty)
873 {
874         unsigned long flags;
875         spin_lock_irqsave(&tty->ctrl_lock, flags);
876         if (tty->stopped) {
877                 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
878                 return;
879         }
880         tty->stopped = 1;
881         if (tty->link && tty->link->packet) {
882                 tty->ctrl_status &= ~TIOCPKT_START;
883                 tty->ctrl_status |= TIOCPKT_STOP;
884                 wake_up_interruptible(&tty->link->read_wait);
885         }
886         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
887         if (tty->ops->stop)
888                 (tty->ops->stop)(tty);
889 }
890
891 EXPORT_SYMBOL(stop_tty);
892
893 /**
894  *      start_tty       -       propagate flow control
895  *      @tty: tty to start
896  *
897  *      Start a tty that has been stopped if at all possible. Perform
898  *      any necessary wakeups and propagate the TIOCPKT status. If this
899  *      is the tty was previous stopped and is being started then the
900  *      driver start method is invoked and the line discipline woken.
901  *
902  *      Locking:
903  *              ctrl_lock
904  */
905
906 void start_tty(struct tty_struct *tty)
907 {
908         unsigned long flags;
909         spin_lock_irqsave(&tty->ctrl_lock, flags);
910         if (!tty->stopped || tty->flow_stopped) {
911                 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
912                 return;
913         }
914         tty->stopped = 0;
915         if (tty->link && tty->link->packet) {
916                 tty->ctrl_status &= ~TIOCPKT_STOP;
917                 tty->ctrl_status |= TIOCPKT_START;
918                 wake_up_interruptible(&tty->link->read_wait);
919         }
920         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
921         if (tty->ops->start)
922                 (tty->ops->start)(tty);
923         /* If we have a running line discipline it may need kicking */
924         tty_wakeup(tty);
925 }
926
927 EXPORT_SYMBOL(start_tty);
928
929 /**
930  *      tty_read        -       read method for tty device files
931  *      @file: pointer to tty file
932  *      @buf: user buffer
933  *      @count: size of user buffer
934  *      @ppos: unused
935  *
936  *      Perform the read system call function on this terminal device. Checks
937  *      for hung up devices before calling the line discipline method.
938  *
939  *      Locking:
940  *              Locks the line discipline internally while needed. Multiple
941  *      read calls may be outstanding in parallel.
942  */
943
944 static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
945                         loff_t *ppos)
946 {
947         int i;
948         struct tty_struct *tty;
949         struct inode *inode;
950         struct tty_ldisc *ld;
951
952         tty = (struct tty_struct *)file->private_data;
953         inode = file->f_path.dentry->d_inode;
954         if (tty_paranoia_check(tty, inode, "tty_read"))
955                 return -EIO;
956         if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
957                 return -EIO;
958
959         /* We want to wait for the line discipline to sort out in this
960            situation */
961         ld = tty_ldisc_ref_wait(tty);
962         if (ld->ops->read)
963                 i = (ld->ops->read)(tty, file, buf, count);
964         else
965                 i = -EIO;
966         tty_ldisc_deref(ld);
967         if (i > 0)
968                 inode->i_atime = current_fs_time(inode->i_sb);
969         return i;
970 }
971
972 void tty_write_unlock(struct tty_struct *tty)
973 {
974         mutex_unlock(&tty->atomic_write_lock);
975         wake_up_interruptible(&tty->write_wait);
976 }
977
978 int tty_write_lock(struct tty_struct *tty, int ndelay)
979 {
980         if (!mutex_trylock(&tty->atomic_write_lock)) {
981                 if (ndelay)
982                         return -EAGAIN;
983                 if (mutex_lock_interruptible(&tty->atomic_write_lock))
984                         return -ERESTARTSYS;
985         }
986         return 0;
987 }
988
989 /*
990  * Split writes up in sane blocksizes to avoid
991  * denial-of-service type attacks
992  */
993 static inline ssize_t do_tty_write(
994         ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
995         struct tty_struct *tty,
996         struct file *file,
997         const char __user *buf,
998         size_t count)
999 {
1000         ssize_t ret, written = 0;
1001         unsigned int chunk;
1002
1003         ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
1004         if (ret < 0)
1005                 return ret;
1006
1007         /*
1008          * We chunk up writes into a temporary buffer. This
1009          * simplifies low-level drivers immensely, since they
1010          * don't have locking issues and user mode accesses.
1011          *
1012          * But if TTY_NO_WRITE_SPLIT is set, we should use a
1013          * big chunk-size..
1014          *
1015          * The default chunk-size is 2kB, because the NTTY
1016          * layer has problems with bigger chunks. It will
1017          * claim to be able to handle more characters than
1018          * it actually does.
1019          *
1020          * FIXME: This can probably go away now except that 64K chunks
1021          * are too likely to fail unless switched to vmalloc...
1022          */
1023         chunk = 2048;
1024         if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1025                 chunk = 65536;
1026         if (count < chunk)
1027                 chunk = count;
1028
1029         /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1030         if (tty->write_cnt < chunk) {
1031                 unsigned char *buf;
1032
1033                 if (chunk < 1024)
1034                         chunk = 1024;
1035
1036                 buf = kmalloc(chunk, GFP_KERNEL);
1037                 if (!buf) {
1038                         ret = -ENOMEM;
1039                         goto out;
1040                 }
1041                 kfree(tty->write_buf);
1042                 tty->write_cnt = chunk;
1043                 tty->write_buf = buf;
1044         }
1045
1046         /* Do the write .. */
1047         for (;;) {
1048                 size_t size = count;
1049                 if (size > chunk)
1050                         size = chunk;
1051                 ret = -EFAULT;
1052                 if (copy_from_user(tty->write_buf, buf, size))
1053                         break;
1054                 ret = write(tty, file, tty->write_buf, size);
1055                 if (ret <= 0)
1056                         break;
1057                 written += ret;
1058                 buf += ret;
1059                 count -= ret;
1060                 if (!count)
1061                         break;
1062                 ret = -ERESTARTSYS;
1063                 if (signal_pending(current))
1064                         break;
1065                 cond_resched();
1066         }
1067         if (written) {
1068                 struct inode *inode = file->f_path.dentry->d_inode;
1069                 inode->i_mtime = current_fs_time(inode->i_sb);
1070                 ret = written;
1071         }
1072 out:
1073         tty_write_unlock(tty);
1074         return ret;
1075 }
1076
1077 /**
1078  * tty_write_message - write a message to a certain tty, not just the console.
1079  * @tty: the destination tty_struct
1080  * @msg: the message to write
1081  *
1082  * This is used for messages that need to be redirected to a specific tty.
1083  * We don't put it into the syslog queue right now maybe in the future if
1084  * really needed.
1085  *
1086  * We must still hold the BKL and test the CLOSING flag for the moment.
1087  */
1088
1089 void tty_write_message(struct tty_struct *tty, char *msg)
1090 {
1091         lock_kernel();
1092         if (tty) {
1093                 mutex_lock(&tty->atomic_write_lock);
1094                 if (tty->ops->write && !test_bit(TTY_CLOSING, &tty->flags))
1095                         tty->ops->write(tty, msg, strlen(msg));
1096                 tty_write_unlock(tty);
1097         }
1098         unlock_kernel();
1099         return;
1100 }
1101
1102
1103 /**
1104  *      tty_write               -       write method for tty device file
1105  *      @file: tty file pointer
1106  *      @buf: user data to write
1107  *      @count: bytes to write
1108  *      @ppos: unused
1109  *
1110  *      Write data to a tty device via the line discipline.
1111  *
1112  *      Locking:
1113  *              Locks the line discipline as required
1114  *              Writes to the tty driver are serialized by the atomic_write_lock
1115  *      and are then processed in chunks to the device. The line discipline
1116  *      write method will not be involked in parallel for each device
1117  *              The line discipline write method is called under the big
1118  *      kernel lock for historical reasons. New code should not rely on this.
1119  */
1120
1121 static ssize_t tty_write(struct file *file, const char __user *buf,
1122                                                 size_t count, loff_t *ppos)
1123 {
1124         struct tty_struct *tty;
1125         struct inode *inode = file->f_path.dentry->d_inode;
1126         ssize_t ret;
1127         struct tty_ldisc *ld;
1128
1129         tty = (struct tty_struct *)file->private_data;
1130         if (tty_paranoia_check(tty, inode, "tty_write"))
1131                 return -EIO;
1132         if (!tty || !tty->ops->write ||
1133                 (test_bit(TTY_IO_ERROR, &tty->flags)))
1134                         return -EIO;
1135         /* Short term debug to catch buggy drivers */
1136         if (tty->ops->write_room == NULL)
1137                 printk(KERN_ERR "tty driver %s lacks a write_room method.\n",
1138                         tty->driver->name);
1139         ld = tty_ldisc_ref_wait(tty);
1140         if (!ld->ops->write)
1141                 ret = -EIO;
1142         else
1143                 ret = do_tty_write(ld->ops->write, tty, file, buf, count);
1144         tty_ldisc_deref(ld);
1145         return ret;
1146 }
1147
1148 ssize_t redirected_tty_write(struct file *file, const char __user *buf,
1149                                                 size_t count, loff_t *ppos)
1150 {
1151         struct file *p = NULL;
1152
1153         spin_lock(&redirect_lock);
1154         if (redirect) {
1155                 get_file(redirect);
1156                 p = redirect;
1157         }
1158         spin_unlock(&redirect_lock);
1159
1160         if (p) {
1161                 ssize_t res;
1162                 res = vfs_write(p, buf, count, &p->f_pos);
1163                 fput(p);
1164                 return res;
1165         }
1166         return tty_write(file, buf, count, ppos);
1167 }
1168
1169 static char ptychar[] = "pqrstuvwxyzabcde";
1170
1171 /**
1172  *      pty_line_name   -       generate name for a pty
1173  *      @driver: the tty driver in use
1174  *      @index: the minor number
1175  *      @p: output buffer of at least 6 bytes
1176  *
1177  *      Generate a name from a driver reference and write it to the output
1178  *      buffer.
1179  *
1180  *      Locking: None
1181  */
1182 static void pty_line_name(struct tty_driver *driver, int index, char *p)
1183 {
1184         int i = index + driver->name_base;
1185         /* ->name is initialized to "ttyp", but "tty" is expected */
1186         sprintf(p, "%s%c%x",
1187                 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1188                 ptychar[i >> 4 & 0xf], i & 0xf);
1189 }
1190
1191 /**
1192  *      pty_line_name   -       generate name for a tty
1193  *      @driver: the tty driver in use
1194  *      @index: the minor number
1195  *      @p: output buffer of at least 7 bytes
1196  *
1197  *      Generate a name from a driver reference and write it to the output
1198  *      buffer.
1199  *
1200  *      Locking: None
1201  */
1202 static void tty_line_name(struct tty_driver *driver, int index, char *p)
1203 {
1204         sprintf(p, "%s%d", driver->name, index + driver->name_base);
1205 }
1206
1207 /**
1208  *      tty_init_dev            -       initialise a tty device
1209  *      @driver: tty driver we are opening a device on
1210  *      @idx: device index
1211  *      @ret_tty: returned tty structure
1212  *      @first_ok: ok to open a new device (used by ptmx)
1213  *
1214  *      Prepare a tty device. This may not be a "new" clean device but
1215  *      could also be an active device. The pty drivers require special
1216  *      handling because of this.
1217  *
1218  *      Locking:
1219  *              The function is called under the tty_mutex, which
1220  *      protects us from the tty struct or driver itself going away.
1221  *
1222  *      On exit the tty device has the line discipline attached and
1223  *      a reference count of 1. If a pair was created for pty/tty use
1224  *      and the other was a pty master then it too has a reference count of 1.
1225  *
1226  * WSH 06/09/97: Rewritten to remove races and properly clean up after a
1227  * failed open.  The new code protects the open with a mutex, so it's
1228  * really quite straightforward.  The mutex locking can probably be
1229  * relaxed for the (most common) case of reopening a tty.
1230  */
1231
1232 int tty_init_dev(struct tty_driver *driver, int idx,
1233         struct tty_struct **ret_tty, int first_ok)
1234 {
1235         struct tty_struct *tty, *o_tty;
1236         struct ktermios *tp, **tp_loc, *o_tp, **o_tp_loc;
1237         struct ktermios *ltp, **ltp_loc, *o_ltp, **o_ltp_loc;
1238         int retval = 0;
1239
1240         /* check whether we're reopening an existing tty */
1241         if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1242                 tty = devpts_get_tty(idx);
1243                 /*
1244                  * If we don't have a tty here on a slave open, it's because
1245                  * the master already started the close process and there's
1246                  * no relation between devpts file and tty anymore.
1247                  */
1248                 if (!tty && driver->subtype == PTY_TYPE_SLAVE) {
1249                         retval = -EIO;
1250                         goto end_init;
1251                 }
1252                 /*
1253                  * It's safe from now on because tty_init_dev() is called with
1254                  * tty_mutex held and tty_release_dev() won't change tty->count
1255                  * or tty->flags without having to grab tty_mutex
1256                  */
1257                 if (tty && driver->subtype == PTY_TYPE_MASTER)
1258                         tty = tty->link;
1259         } else {
1260                 tty = driver->ttys[idx];
1261         }
1262         if (tty) goto fast_track;
1263
1264         if (driver->subtype == PTY_TYPE_MASTER &&
1265                 (driver->flags & TTY_DRIVER_DEVPTS_MEM) && !first_ok) {
1266                 retval = -EIO;
1267                 goto end_init;
1268         }
1269         /*
1270          * First time open is complex, especially for PTY devices.
1271          * This code guarantees that either everything succeeds and the
1272          * TTY is ready for operation, or else the table slots are vacated
1273          * and the allocated memory released.  (Except that the termios
1274          * and locked termios may be retained.)
1275          */
1276
1277         if (!try_module_get(driver->owner)) {
1278                 retval = -ENODEV;
1279                 goto end_init;
1280         }
1281
1282         o_tty = NULL;
1283         tp = o_tp = NULL;
1284         ltp = o_ltp = NULL;
1285
1286         tty = alloc_tty_struct();
1287         if (!tty)
1288                 goto fail_no_mem;
1289         initialize_tty_struct(tty);
1290         tty->driver = driver;
1291         tty->ops = driver->ops;
1292         tty->index = idx;
1293         tty_line_name(driver, idx, tty->name);
1294
1295         if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1296                 tp_loc = &tty->termios;
1297                 ltp_loc = &tty->termios_locked;
1298         } else {
1299                 tp_loc = &driver->termios[idx];
1300                 ltp_loc = &driver->termios_locked[idx];
1301         }
1302
1303         if (!*tp_loc) {
1304                 tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
1305                 if (!tp)
1306                         goto free_mem_out;
1307                 *tp = driver->init_termios;
1308         }
1309
1310         if (!*ltp_loc) {
1311                 ltp = kzalloc(sizeof(struct ktermios), GFP_KERNEL);
1312                 if (!ltp)
1313                         goto free_mem_out;
1314         }
1315
1316         if (driver->type == TTY_DRIVER_TYPE_PTY) {
1317                 o_tty = alloc_tty_struct();
1318                 if (!o_tty)
1319                         goto free_mem_out;
1320                 if (!try_module_get(driver->other->owner)) {
1321                         /* This cannot in fact currently happen */
1322                         free_tty_struct(o_tty);
1323                         o_tty = NULL;
1324                         goto free_mem_out;
1325                 }
1326                 initialize_tty_struct(o_tty);
1327                 o_tty->driver = driver->other;
1328                 o_tty->ops = driver->ops;
1329                 o_tty->index = idx;
1330                 tty_line_name(driver->other, idx, o_tty->name);
1331
1332                 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1333                         o_tp_loc = &o_tty->termios;
1334                         o_ltp_loc = &o_tty->termios_locked;
1335                 } else {
1336                         o_tp_loc = &driver->other->termios[idx];
1337                         o_ltp_loc = &driver->other->termios_locked[idx];
1338                 }
1339
1340                 if (!*o_tp_loc) {
1341                         o_tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
1342                         if (!o_tp)
1343                                 goto free_mem_out;
1344                         *o_tp = driver->other->init_termios;
1345                 }
1346
1347                 if (!*o_ltp_loc) {
1348                         o_ltp = kzalloc(sizeof(struct ktermios), GFP_KERNEL);
1349                         if (!o_ltp)
1350                                 goto free_mem_out;
1351                 }
1352
1353                 /*
1354                  * Everything allocated ... set up the o_tty structure.
1355                  */
1356                 if (!(driver->other->flags & TTY_DRIVER_DEVPTS_MEM))
1357                         driver->other->ttys[idx] = o_tty;
1358                 if (!*o_tp_loc)
1359                         *o_tp_loc = o_tp;
1360                 if (!*o_ltp_loc)
1361                         *o_ltp_loc = o_ltp;
1362                 o_tty->termios = *o_tp_loc;
1363                 o_tty->termios_locked = *o_ltp_loc;
1364                 driver->other->refcount++;
1365                 if (driver->subtype == PTY_TYPE_MASTER)
1366                         o_tty->count++;
1367
1368                 /* Establish the links in both directions */
1369                 tty->link   = o_tty;
1370                 o_tty->link = tty;
1371         }
1372
1373         /*
1374          * All structures have been allocated, so now we install them.
1375          * Failures after this point use release_tty to clean up, so
1376          * there's no need to null out the local pointers.
1377          */
1378         if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM))
1379                 driver->ttys[idx] = tty;
1380
1381         if (!*tp_loc)
1382                 *tp_loc = tp;
1383         if (!*ltp_loc)
1384                 *ltp_loc = ltp;
1385         tty->termios = *tp_loc;
1386         tty->termios_locked = *ltp_loc;
1387         /* Compatibility until drivers always set this */
1388         tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
1389         tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
1390         driver->refcount++;
1391         tty->count++;
1392
1393         /*
1394          * Structures all installed ... call the ldisc open routines.
1395          * If we fail here just call release_tty to clean up.  No need
1396          * to decrement the use counts, as release_tty doesn't care.
1397          */
1398
1399         retval = tty_ldisc_setup(tty, o_tty);
1400
1401         if (retval)
1402                 goto release_mem_out;
1403         goto success;
1404
1405         /*
1406          * This fast open can be used if the tty is already open.
1407          * No memory is allocated, and the only failures are from
1408          * attempting to open a closing tty or attempting multiple
1409          * opens on a pty master.
1410          */
1411 fast_track:
1412         if (test_bit(TTY_CLOSING, &tty->flags)) {
1413                 retval = -EIO;
1414                 goto end_init;
1415         }
1416         if (driver->type == TTY_DRIVER_TYPE_PTY &&
1417             driver->subtype == PTY_TYPE_MASTER) {
1418                 /*
1419                  * special case for PTY masters: only one open permitted,
1420                  * and the slave side open count is incremented as well.
1421                  */
1422                 if (tty->count) {
1423                         retval = -EIO;
1424                         goto end_init;
1425                 }
1426                 tty->link->count++;
1427         }
1428         tty->count++;
1429         tty->driver = driver; /* N.B. why do this every time?? */
1430
1431         /* FIXME */
1432         if (!test_bit(TTY_LDISC, &tty->flags))
1433                 printk(KERN_ERR "tty_init_dev but no ldisc\n");
1434 success:
1435         *ret_tty = tty;
1436
1437         /* All paths come through here to release the mutex */
1438 end_init:
1439         return retval;
1440
1441         /* Release locally allocated memory ... nothing placed in slots */
1442 free_mem_out:
1443         kfree(o_tp);
1444         if (o_tty) {
1445                 module_put(o_tty->driver->owner);
1446                 free_tty_struct(o_tty);
1447         }
1448         kfree(ltp);
1449         kfree(tp);
1450         free_tty_struct(tty);
1451
1452 fail_no_mem:
1453         module_put(driver->owner);
1454         retval = -ENOMEM;
1455         goto end_init;
1456
1457         /* call the tty release_tty routine to clean out this slot */
1458 release_mem_out:
1459         if (printk_ratelimit())
1460                 printk(KERN_INFO "tty_init_dev: ldisc open failed, "
1461                                  "clearing slot %d\n", idx);
1462         release_tty(tty, idx);
1463         goto end_init;
1464 }
1465
1466 void tty_free_termios(struct tty_struct *tty)
1467 {
1468         struct ktermios *tp;
1469         int idx = tty->index;
1470         /* Kill this flag and push into drivers for locking etc */
1471         if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
1472                 /* FIXME: Locking on ->termios array */
1473                 tp = tty->termios;
1474                 tty->driver->termios[idx] = NULL;
1475                 kfree(tp);
1476
1477                 tp = tty->termios_locked;
1478                 tty->driver->termios_locked[idx] = NULL;
1479                 kfree(tp);
1480         }
1481 }
1482 EXPORT_SYMBOL(tty_free_termios);
1483
1484 void tty_shutdown(struct tty_struct *tty)
1485 {
1486         tty->driver->ttys[tty->index] = NULL;
1487         tty_free_termios(tty);
1488 }
1489 EXPORT_SYMBOL(tty_shutdown);
1490
1491 /**
1492  *      release_one_tty         -       release tty structure memory
1493  *      @kref: kref of tty we are obliterating
1494  *
1495  *      Releases memory associated with a tty structure, and clears out the
1496  *      driver table slots. This function is called when a device is no longer
1497  *      in use. It also gets called when setup of a device fails.
1498  *
1499  *      Locking:
1500  *              tty_mutex - sometimes only
1501  *              takes the file list lock internally when working on the list
1502  *      of ttys that the driver keeps.
1503  */
1504 static void release_one_tty(struct kref *kref)
1505 {
1506         struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
1507         struct tty_driver *driver = tty->driver;
1508
1509         if (tty->ops->shutdown)
1510                 tty->ops->shutdown(tty);
1511         else
1512                 tty_shutdown(tty);
1513         tty->magic = 0;
1514         /* FIXME: locking on tty->driver->refcount */
1515         tty->driver->refcount--;
1516         module_put(driver->owner);
1517
1518         file_list_lock();
1519         list_del_init(&tty->tty_files);
1520         file_list_unlock();
1521
1522         free_tty_struct(tty);
1523 }
1524
1525 /**
1526  *      tty_kref_put            -       release a tty kref
1527  *      @tty: tty device
1528  *
1529  *      Release a reference to a tty device and if need be let the kref
1530  *      layer destruct the object for us
1531  */
1532
1533 void tty_kref_put(struct tty_struct *tty)
1534 {
1535         if (tty)
1536                 kref_put(&tty->kref, release_one_tty);
1537 }
1538 EXPORT_SYMBOL(tty_kref_put);
1539
1540 /**
1541  *      release_tty             -       release tty structure memory
1542  *
1543  *      Release both @tty and a possible linked partner (think pty pair),
1544  *      and decrement the refcount of the backing module.
1545  *
1546  *      Locking:
1547  *              tty_mutex - sometimes only
1548  *              takes the file list lock internally when working on the list
1549  *      of ttys that the driver keeps.
1550  *              FIXME: should we require tty_mutex is held here ??
1551  *
1552  */
1553 static void release_tty(struct tty_struct *tty, int idx)
1554 {
1555         /* This should always be true but check for the moment */
1556         WARN_ON(tty->index != idx);
1557
1558         if (tty->link)
1559                 tty_kref_put(tty->link);
1560         tty_kref_put(tty);
1561 }
1562
1563 /*
1564  * Even releasing the tty structures is a tricky business.. We have
1565  * to be very careful that the structures are all released at the
1566  * same time, as interrupts might otherwise get the wrong pointers.
1567  *
1568  * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1569  * lead to double frees or releasing memory still in use.
1570  */
1571 void tty_release_dev(struct file *filp)
1572 {
1573         struct tty_struct *tty, *o_tty;
1574         int     pty_master, tty_closing, o_tty_closing, do_sleep;
1575         int     devpts;
1576         int     idx;
1577         char    buf[64];
1578
1579         tty = (struct tty_struct *)filp->private_data;
1580         if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode,
1581                                                         "tty_release_dev"))
1582                 return;
1583
1584         check_tty_count(tty, "tty_release_dev");
1585
1586         tty_fasync(-1, filp, 0);
1587
1588         idx = tty->index;
1589         pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1590                       tty->driver->subtype == PTY_TYPE_MASTER);
1591         devpts = (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) != 0;
1592         o_tty = tty->link;
1593
1594 #ifdef TTY_PARANOIA_CHECK
1595         if (idx < 0 || idx >= tty->driver->num) {
1596                 printk(KERN_DEBUG "tty_release_dev: bad idx when trying to "
1597                                   "free (%s)\n", tty->name);
1598                 return;
1599         }
1600         if (!(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
1601                 if (tty != tty->driver->ttys[idx]) {
1602                         printk(KERN_DEBUG "tty_release_dev: driver.table[%d] not tty "
1603                                "for (%s)\n", idx, tty->name);
1604                         return;
1605                 }
1606                 if (tty->termios != tty->driver->termios[idx]) {
1607                         printk(KERN_DEBUG "tty_release_dev: driver.termios[%d] not termios "
1608                                "for (%s)\n",
1609                                idx, tty->name);
1610                         return;
1611                 }
1612                 if (tty->termios_locked != tty->driver->termios_locked[idx]) {
1613                         printk(KERN_DEBUG "tty_release_dev: driver.termios_locked[%d] not "
1614                                "termios_locked for (%s)\n",
1615                                idx, tty->name);
1616                         return;
1617                 }
1618         }
1619 #endif
1620
1621 #ifdef TTY_DEBUG_HANGUP
1622         printk(KERN_DEBUG "tty_release_dev of %s (tty count=%d)...",
1623                tty_name(tty, buf), tty->count);
1624 #endif
1625
1626 #ifdef TTY_PARANOIA_CHECK
1627         if (tty->driver->other &&
1628              !(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
1629                 if (o_tty != tty->driver->other->ttys[idx]) {
1630                         printk(KERN_DEBUG "tty_release_dev: other->table[%d] "
1631                                           "not o_tty for (%s)\n",
1632                                idx, tty->name);
1633                         return;
1634                 }
1635                 if (o_tty->termios != tty->driver->other->termios[idx]) {
1636                         printk(KERN_DEBUG "tty_release_dev: other->termios[%d] "
1637                                           "not o_termios for (%s)\n",
1638                                idx, tty->name);
1639                         return;
1640                 }
1641                 if (o_tty->termios_locked !=
1642                       tty->driver->other->termios_locked[idx]) {
1643                         printk(KERN_DEBUG "tty_release_dev: other->termios_locked["
1644                                           "%d] not o_termios_locked for (%s)\n",
1645                                idx, tty->name);
1646                         return;
1647                 }
1648                 if (o_tty->link != tty) {
1649                         printk(KERN_DEBUG "tty_release_dev: bad pty pointers\n");
1650                         return;
1651                 }
1652         }
1653 #endif
1654         if (tty->ops->close)
1655                 tty->ops->close(tty, filp);
1656
1657         /*
1658          * Sanity check: if tty->count is going to zero, there shouldn't be
1659          * any waiters on tty->read_wait or tty->write_wait.  We test the
1660          * wait queues and kick everyone out _before_ actually starting to
1661          * close.  This ensures that we won't block while releasing the tty
1662          * structure.
1663          *
1664          * The test for the o_tty closing is necessary, since the master and
1665          * slave sides may close in any order.  If the slave side closes out
1666          * first, its count will be one, since the master side holds an open.
1667          * Thus this test wouldn't be triggered at the time the slave closes,
1668          * so we do it now.
1669          *
1670          * Note that it's possible for the tty to be opened again while we're
1671          * flushing out waiters.  By recalculating the closing flags before
1672          * each iteration we avoid any problems.
1673          */
1674         while (1) {
1675                 /* Guard against races with tty->count changes elsewhere and
1676                    opens on /dev/tty */
1677
1678                 mutex_lock(&tty_mutex);
1679                 tty_closing = tty->count <= 1;
1680                 o_tty_closing = o_tty &&
1681                         (o_tty->count <= (pty_master ? 1 : 0));
1682                 do_sleep = 0;
1683
1684                 if (tty_closing) {
1685                         if (waitqueue_active(&tty->read_wait)) {
1686                                 wake_up(&tty->read_wait);
1687                                 do_sleep++;
1688                         }
1689                         if (waitqueue_active(&tty->write_wait)) {
1690                                 wake_up(&tty->write_wait);
1691                                 do_sleep++;
1692                         }
1693                 }
1694                 if (o_tty_closing) {
1695                         if (waitqueue_active(&o_tty->read_wait)) {
1696                                 wake_up(&o_tty->read_wait);
1697                                 do_sleep++;
1698                         }
1699                         if (waitqueue_active(&o_tty->write_wait)) {
1700                                 wake_up(&o_tty->write_wait);
1701                                 do_sleep++;
1702                         }
1703                 }
1704                 if (!do_sleep)
1705                         break;
1706
1707                 printk(KERN_WARNING "tty_release_dev: %s: read/write wait queue "
1708                                     "active!\n", tty_name(tty, buf));
1709                 mutex_unlock(&tty_mutex);
1710                 schedule();
1711         }
1712
1713         /*
1714          * The closing flags are now consistent with the open counts on
1715          * both sides, and we've completed the last operation that could
1716          * block, so it's safe to proceed with closing.
1717          */
1718         if (pty_master) {
1719                 if (--o_tty->count < 0) {
1720                         printk(KERN_WARNING "tty_release_dev: bad pty slave count "
1721                                             "(%d) for %s\n",
1722                                o_tty->count, tty_name(o_tty, buf));
1723                         o_tty->count = 0;
1724                 }
1725         }
1726         if (--tty->count < 0) {
1727                 printk(KERN_WARNING "tty_release_dev: bad tty->count (%d) for %s\n",
1728                        tty->count, tty_name(tty, buf));
1729                 tty->count = 0;
1730         }
1731
1732         /*
1733          * We've decremented tty->count, so we need to remove this file
1734          * descriptor off the tty->tty_files list; this serves two
1735          * purposes:
1736          *  - check_tty_count sees the correct number of file descriptors
1737          *    associated with this tty.
1738          *  - do_tty_hangup no longer sees this file descriptor as
1739          *    something that needs to be handled for hangups.
1740          */
1741         file_kill(filp);
1742         filp->private_data = NULL;
1743
1744         /*
1745          * Perform some housekeeping before deciding whether to return.
1746          *
1747          * Set the TTY_CLOSING flag if this was the last open.  In the
1748          * case of a pty we may have to wait around for the other side
1749          * to close, and TTY_CLOSING makes sure we can't be reopened.
1750          */
1751         if (tty_closing)
1752                 set_bit(TTY_CLOSING, &tty->flags);
1753         if (o_tty_closing)
1754                 set_bit(TTY_CLOSING, &o_tty->flags);
1755
1756         /*
1757          * If _either_ side is closing, make sure there aren't any
1758          * processes that still think tty or o_tty is their controlling
1759          * tty.
1760          */
1761         if (tty_closing || o_tty_closing) {
1762                 read_lock(&tasklist_lock);
1763                 session_clear_tty(tty->session);
1764                 if (o_tty)
1765                         session_clear_tty(o_tty->session);
1766                 read_unlock(&tasklist_lock);
1767         }
1768
1769         mutex_unlock(&tty_mutex);
1770
1771         /* check whether both sides are closing ... */
1772         if (!tty_closing || (o_tty && !o_tty_closing))
1773                 return;
1774
1775 #ifdef TTY_DEBUG_HANGUP
1776         printk(KERN_DEBUG "freeing tty structure...");
1777 #endif
1778         /*
1779          * Ask the line discipline code to release its structures
1780          */
1781         tty_ldisc_release(tty, o_tty);
1782         /*
1783          * The release_tty function takes care of the details of clearing
1784          * the slots and preserving the termios structure.
1785          */
1786         release_tty(tty, idx);
1787
1788         /* Make this pty number available for reallocation */
1789         if (devpts)
1790                 devpts_kill_index(idx);
1791 }
1792
1793 /**
1794  *      __tty_open              -       open a tty device
1795  *      @inode: inode of device file
1796  *      @filp: file pointer to tty
1797  *
1798  *      tty_open and tty_release keep up the tty count that contains the
1799  *      number of opens done on a tty. We cannot use the inode-count, as
1800  *      different inodes might point to the same tty.
1801  *
1802  *      Open-counting is needed for pty masters, as well as for keeping
1803  *      track of serial lines: DTR is dropped when the last close happens.
1804  *      (This is not done solely through tty->count, now.  - Ted 1/27/92)
1805  *
1806  *      The termios state of a pty is reset on first open so that
1807  *      settings don't persist across reuse.
1808  *
1809  *      Locking: tty_mutex protects tty, get_tty_driver and tty_init_dev work.
1810  *               tty->count should protect the rest.
1811  *               ->siglock protects ->signal/->sighand
1812  */
1813
1814 static int __tty_open(struct inode *inode, struct file *filp)
1815 {
1816         struct tty_struct *tty;
1817         int noctty, retval;
1818         struct tty_driver *driver;
1819         int index;
1820         dev_t device = inode->i_rdev;
1821         unsigned short saved_flags = filp->f_flags;
1822
1823         nonseekable_open(inode, filp);
1824
1825 retry_open:
1826         noctty = filp->f_flags & O_NOCTTY;
1827         index  = -1;
1828         retval = 0;
1829
1830         mutex_lock(&tty_mutex);
1831
1832         if (device == MKDEV(TTYAUX_MAJOR, 0)) {
1833                 tty = get_current_tty();
1834                 if (!tty) {
1835                         mutex_unlock(&tty_mutex);
1836                         return -ENXIO;
1837                 }
1838                 driver = tty->driver;
1839                 index = tty->index;
1840                 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
1841                 /* noctty = 1; */
1842                 /* FIXME: Should we take a driver reference ? */
1843                 tty_kref_put(tty);
1844                 goto got_driver;
1845         }
1846 #ifdef CONFIG_VT
1847         if (device == MKDEV(TTY_MAJOR, 0)) {
1848                 extern struct tty_driver *console_driver;
1849                 driver = console_driver;
1850                 index = fg_console;
1851                 noctty = 1;
1852                 goto got_driver;
1853         }
1854 #endif
1855         if (device == MKDEV(TTYAUX_MAJOR, 1)) {
1856                 driver = console_device(&index);
1857                 if (driver) {
1858                         /* Don't let /dev/console block */
1859                         filp->f_flags |= O_NONBLOCK;
1860                         noctty = 1;
1861                         goto got_driver;
1862                 }
1863                 mutex_unlock(&tty_mutex);
1864                 return -ENODEV;
1865         }
1866
1867         driver = get_tty_driver(device, &index);
1868         if (!driver) {
1869                 mutex_unlock(&tty_mutex);
1870                 return -ENODEV;
1871         }
1872 got_driver:
1873         retval = tty_init_dev(driver, index, &tty, 0);
1874         mutex_unlock(&tty_mutex);
1875         if (retval)
1876                 return retval;
1877
1878         filp->private_data = tty;
1879         file_move(filp, &tty->tty_files);
1880         check_tty_count(tty, "tty_open");
1881         if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1882             tty->driver->subtype == PTY_TYPE_MASTER)
1883                 noctty = 1;
1884 #ifdef TTY_DEBUG_HANGUP
1885         printk(KERN_DEBUG "opening %s...", tty->name);
1886 #endif
1887         if (!retval) {
1888                 if (tty->ops->open)
1889                         retval = tty->ops->open(tty, filp);
1890                 else
1891                         retval = -ENODEV;
1892         }
1893         filp->f_flags = saved_flags;
1894
1895         if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) &&
1896                                                 !capable(CAP_SYS_ADMIN))
1897                 retval = -EBUSY;
1898
1899         if (retval) {
1900 #ifdef TTY_DEBUG_HANGUP
1901                 printk(KERN_DEBUG "error %d in opening %s...", retval,
1902                        tty->name);
1903 #endif
1904                 tty_release_dev(filp);
1905                 if (retval != -ERESTARTSYS)
1906                         return retval;
1907                 if (signal_pending(current))
1908                         return retval;
1909                 schedule();
1910                 /*
1911                  * Need to reset f_op in case a hangup happened.
1912                  */
1913                 if (filp->f_op == &hung_up_tty_fops)
1914                         filp->f_op = &tty_fops;
1915                 goto retry_open;
1916         }
1917
1918         mutex_lock(&tty_mutex);
1919         spin_lock_irq(&current->sighand->siglock);
1920         if (!noctty &&
1921             current->signal->leader &&
1922             !current->signal->tty &&
1923             tty->session == NULL)
1924                 __proc_set_tty(current, tty);
1925         spin_unlock_irq(&current->sighand->siglock);
1926         mutex_unlock(&tty_mutex);
1927         return 0;
1928 }
1929
1930 /* BKL pushdown: scary code avoidance wrapper */
1931 static int tty_open(struct inode *inode, struct file *filp)
1932 {
1933         int ret;
1934
1935         lock_kernel();
1936         ret = __tty_open(inode, filp);
1937         unlock_kernel();
1938         return ret;
1939 }
1940
1941
1942
1943
1944 /**
1945  *      tty_release             -       vfs callback for close
1946  *      @inode: inode of tty
1947  *      @filp: file pointer for handle to tty
1948  *
1949  *      Called the last time each file handle is closed that references
1950  *      this tty. There may however be several such references.
1951  *
1952  *      Locking:
1953  *              Takes bkl. See tty_release_dev
1954  */
1955
1956 static int tty_release(struct inode *inode, struct file *filp)
1957 {
1958         lock_kernel();
1959         tty_release_dev(filp);
1960         unlock_kernel();
1961         return 0;
1962 }
1963
1964 /**
1965  *      tty_poll        -       check tty status
1966  *      @filp: file being polled
1967  *      @wait: poll wait structures to update
1968  *
1969  *      Call the line discipline polling method to obtain the poll
1970  *      status of the device.
1971  *
1972  *      Locking: locks called line discipline but ldisc poll method
1973  *      may be re-entered freely by other callers.
1974  */
1975
1976 static unsigned int tty_poll(struct file *filp, poll_table *wait)
1977 {
1978         struct tty_struct *tty;
1979         struct tty_ldisc *ld;
1980         int ret = 0;
1981
1982         tty = (struct tty_struct *)filp->private_data;
1983         if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_poll"))
1984                 return 0;
1985
1986         ld = tty_ldisc_ref_wait(tty);
1987         if (ld->ops->poll)
1988                 ret = (ld->ops->poll)(tty, filp, wait);
1989         tty_ldisc_deref(ld);
1990         return ret;
1991 }
1992
1993 static int tty_fasync(int fd, struct file *filp, int on)
1994 {
1995         struct tty_struct *tty;
1996         unsigned long flags;
1997         int retval = 0;
1998
1999         lock_kernel();
2000         tty = (struct tty_struct *)filp->private_data;
2001         if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_fasync"))
2002                 goto out;
2003
2004         retval = fasync_helper(fd, filp, on, &tty->fasync);
2005         if (retval <= 0)
2006                 goto out;
2007
2008         if (on) {
2009                 enum pid_type type;
2010                 struct pid *pid;
2011                 if (!waitqueue_active(&tty->read_wait))
2012                         tty->minimum_to_wake = 1;
2013                 spin_lock_irqsave(&tty->ctrl_lock, flags);
2014                 if (tty->pgrp) {
2015                         pid = tty->pgrp;
2016                         type = PIDTYPE_PGID;
2017                 } else {
2018                         pid = task_pid(current);
2019                         type = PIDTYPE_PID;
2020                 }
2021                 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2022                 retval = __f_setown(filp, pid, type, 0);
2023                 if (retval)
2024                         goto out;
2025         } else {
2026                 if (!tty->fasync && !waitqueue_active(&tty->read_wait))
2027                         tty->minimum_to_wake = N_TTY_BUF_SIZE;
2028         }
2029         retval = 0;
2030 out:
2031         unlock_kernel();
2032         return retval;
2033 }
2034
2035 /**
2036  *      tiocsti                 -       fake input character
2037  *      @tty: tty to fake input into
2038  *      @p: pointer to character
2039  *
2040  *      Fake input to a tty device. Does the necessary locking and
2041  *      input management.
2042  *
2043  *      FIXME: does not honour flow control ??
2044  *
2045  *      Locking:
2046  *              Called functions take tty_ldisc_lock
2047  *              current->signal->tty check is safe without locks
2048  *
2049  *      FIXME: may race normal receive processing
2050  */
2051
2052 static int tiocsti(struct tty_struct *tty, char __user *p)
2053 {
2054         char ch, mbz = 0;
2055         struct tty_ldisc *ld;
2056
2057         if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2058                 return -EPERM;
2059         if (get_user(ch, p))
2060                 return -EFAULT;
2061         ld = tty_ldisc_ref_wait(tty);
2062         ld->ops->receive_buf(tty, &ch, &mbz, 1);
2063         tty_ldisc_deref(ld);
2064         return 0;
2065 }
2066
2067 /**
2068  *      tiocgwinsz              -       implement window query ioctl
2069  *      @tty; tty
2070  *      @arg: user buffer for result
2071  *
2072  *      Copies the kernel idea of the window size into the user buffer.
2073  *
2074  *      Locking: tty->termios_mutex is taken to ensure the winsize data
2075  *              is consistent.
2076  */
2077
2078 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2079 {
2080         int err;
2081
2082         mutex_lock(&tty->termios_mutex);
2083         err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2084         mutex_unlock(&tty->termios_mutex);
2085
2086         return err ? -EFAULT: 0;
2087 }
2088
2089 /**
2090  *      tty_do_resize           -       resize event
2091  *      @tty: tty being resized
2092  *      @real_tty: real tty (not the same as tty if using a pty/tty pair)
2093  *      @rows: rows (character)
2094  *      @cols: cols (character)
2095  *
2096  *      Update the termios variables and send the neccessary signals to
2097  *      peform a terminal resize correctly
2098  */
2099
2100 int tty_do_resize(struct tty_struct *tty, struct tty_struct *real_tty,
2101                                         struct winsize *ws)
2102 {
2103         struct pid *pgrp, *rpgrp;
2104         unsigned long flags;
2105
2106         /* For a PTY we need to lock the tty side */
2107         mutex_lock(&real_tty->termios_mutex);
2108         if (!memcmp(ws, &real_tty->winsize, sizeof(*ws)))
2109                 goto done;
2110         /* Get the PID values and reference them so we can
2111            avoid holding the tty ctrl lock while sending signals */
2112         spin_lock_irqsave(&tty->ctrl_lock, flags);
2113         pgrp = get_pid(tty->pgrp);
2114         rpgrp = get_pid(real_tty->pgrp);
2115         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2116
2117         if (pgrp)
2118                 kill_pgrp(pgrp, SIGWINCH, 1);
2119         if (rpgrp != pgrp && rpgrp)
2120                 kill_pgrp(rpgrp, SIGWINCH, 1);
2121
2122         put_pid(pgrp);
2123         put_pid(rpgrp);
2124
2125         tty->winsize = *ws;
2126         real_tty->winsize = *ws;
2127 done:
2128         mutex_unlock(&real_tty->termios_mutex);
2129         return 0;
2130 }
2131
2132 /**
2133  *      tiocswinsz              -       implement window size set ioctl
2134  *      @tty; tty
2135  *      @arg: user buffer for result
2136  *
2137  *      Copies the user idea of the window size to the kernel. Traditionally
2138  *      this is just advisory information but for the Linux console it
2139  *      actually has driver level meaning and triggers a VC resize.
2140  *
2141  *      Locking:
2142  *              Driver dependant. The default do_resize method takes the
2143  *      tty termios mutex and ctrl_lock. The console takes its own lock
2144  *      then calls into the default method.
2145  */
2146
2147 static int tiocswinsz(struct tty_struct *tty, struct tty_struct *real_tty,
2148         struct winsize __user *arg)
2149 {
2150         struct winsize tmp_ws;
2151         if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2152                 return -EFAULT;
2153
2154         if (tty->ops->resize)
2155                 return tty->ops->resize(tty, real_tty, &tmp_ws);
2156         else
2157                 return tty_do_resize(tty, real_tty, &tmp_ws);
2158 }
2159
2160 /**
2161  *      tioccons        -       allow admin to move logical console
2162  *      @file: the file to become console
2163  *
2164  *      Allow the adminstrator to move the redirected console device
2165  *
2166  *      Locking: uses redirect_lock to guard the redirect information
2167  */
2168
2169 static int tioccons(struct file *file)
2170 {
2171         if (!capable(CAP_SYS_ADMIN))
2172                 return -EPERM;
2173         if (file->f_op->write == redirected_tty_write) {
2174                 struct file *f;
2175                 spin_lock(&redirect_lock);
2176                 f = redirect;
2177                 redirect = NULL;
2178                 spin_unlock(&redirect_lock);
2179                 if (f)
2180                         fput(f);
2181                 return 0;
2182         }
2183         spin_lock(&redirect_lock);
2184         if (redirect) {
2185                 spin_unlock(&redirect_lock);
2186                 return -EBUSY;
2187         }
2188         get_file(file);
2189         redirect = file;
2190         spin_unlock(&redirect_lock);
2191         return 0;
2192 }
2193
2194 /**
2195  *      fionbio         -       non blocking ioctl
2196  *      @file: file to set blocking value
2197  *      @p: user parameter
2198  *
2199  *      Historical tty interfaces had a blocking control ioctl before
2200  *      the generic functionality existed. This piece of history is preserved
2201  *      in the expected tty API of posix OS's.
2202  *
2203  *      Locking: none, the open fle handle ensures it won't go away.
2204  */
2205
2206 static int fionbio(struct file *file, int __user *p)
2207 {
2208         int nonblock;
2209
2210         if (get_user(nonblock, p))
2211                 return -EFAULT;
2212
2213         /* file->f_flags is still BKL protected in the fs layer - vomit */
2214         lock_kernel();
2215         if (nonblock)
2216                 file->f_flags |= O_NONBLOCK;
2217         else
2218                 file->f_flags &= ~O_NONBLOCK;
2219         unlock_kernel();
2220         return 0;
2221 }
2222
2223 /**
2224  *      tiocsctty       -       set controlling tty
2225  *      @tty: tty structure
2226  *      @arg: user argument
2227  *
2228  *      This ioctl is used to manage job control. It permits a session
2229  *      leader to set this tty as the controlling tty for the session.
2230  *
2231  *      Locking:
2232  *              Takes tty_mutex() to protect tty instance
2233  *              Takes tasklist_lock internally to walk sessions
2234  *              Takes ->siglock() when updating signal->tty
2235  */
2236
2237 static int tiocsctty(struct tty_struct *tty, int arg)
2238 {
2239         int ret = 0;
2240         if (current->signal->leader && (task_session(current) == tty->session))
2241                 return ret;
2242
2243         mutex_lock(&tty_mutex);
2244         /*
2245          * The process must be a session leader and
2246          * not have a controlling tty already.
2247          */
2248         if (!current->signal->leader || current->signal->tty) {
2249                 ret = -EPERM;
2250                 goto unlock;
2251         }
2252
2253         if (tty->session) {
2254                 /*
2255                  * This tty is already the controlling
2256                  * tty for another session group!
2257                  */
2258                 if (arg == 1 && capable(CAP_SYS_ADMIN)) {
2259                         /*
2260                          * Steal it away
2261                          */
2262                         read_lock(&tasklist_lock);
2263                         session_clear_tty(tty->session);
2264                         read_unlock(&tasklist_lock);
2265                 } else {
2266                         ret = -EPERM;
2267                         goto unlock;
2268                 }
2269         }
2270         proc_set_tty(current, tty);
2271 unlock:
2272         mutex_unlock(&tty_mutex);
2273         return ret;
2274 }
2275
2276 /**
2277  *      tty_get_pgrp    -       return a ref counted pgrp pid
2278  *      @tty: tty to read
2279  *
2280  *      Returns a refcounted instance of the pid struct for the process
2281  *      group controlling the tty.
2282  */
2283
2284 struct pid *tty_get_pgrp(struct tty_struct *tty)
2285 {
2286         unsigned long flags;
2287         struct pid *pgrp;
2288
2289         spin_lock_irqsave(&tty->ctrl_lock, flags);
2290         pgrp = get_pid(tty->pgrp);
2291         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2292
2293         return pgrp;
2294 }
2295 EXPORT_SYMBOL_GPL(tty_get_pgrp);
2296
2297 /**
2298  *      tiocgpgrp               -       get process group
2299  *      @tty: tty passed by user
2300  *      @real_tty: tty side of the tty pased by the user if a pty else the tty
2301  *      @p: returned pid
2302  *
2303  *      Obtain the process group of the tty. If there is no process group
2304  *      return an error.
2305  *
2306  *      Locking: none. Reference to current->signal->tty is safe.
2307  */
2308
2309 static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2310 {
2311         struct pid *pid;
2312         int ret;
2313         /*
2314          * (tty == real_tty) is a cheap way of
2315          * testing if the tty is NOT a master pty.
2316          */
2317         if (tty == real_tty && current->signal->tty != real_tty)
2318                 return -ENOTTY;
2319         pid = tty_get_pgrp(real_tty);
2320         ret =  put_user(pid_vnr(pid), p);
2321         put_pid(pid);
2322         return ret;
2323 }
2324
2325 /**
2326  *      tiocspgrp               -       attempt to set process group
2327  *      @tty: tty passed by user
2328  *      @real_tty: tty side device matching tty passed by user
2329  *      @p: pid pointer
2330  *
2331  *      Set the process group of the tty to the session passed. Only
2332  *      permitted where the tty session is our session.
2333  *
2334  *      Locking: RCU, ctrl lock
2335  */
2336
2337 static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2338 {
2339         struct pid *pgrp;
2340         pid_t pgrp_nr;
2341         int retval = tty_check_change(real_tty);
2342         unsigned long flags;
2343
2344         if (retval == -EIO)
2345                 return -ENOTTY;
2346         if (retval)
2347                 return retval;
2348         if (!current->signal->tty ||
2349             (current->signal->tty != real_tty) ||
2350             (real_tty->session != task_session(current)))
2351                 return -ENOTTY;
2352         if (get_user(pgrp_nr, p))
2353                 return -EFAULT;
2354         if (pgrp_nr < 0)
2355                 return -EINVAL;
2356         rcu_read_lock();
2357         pgrp = find_vpid(pgrp_nr);
2358         retval = -ESRCH;
2359         if (!pgrp)
2360                 goto out_unlock;
2361         retval = -EPERM;
2362         if (session_of_pgrp(pgrp) != task_session(current))
2363                 goto out_unlock;
2364         retval = 0;
2365         spin_lock_irqsave(&tty->ctrl_lock, flags);
2366         put_pid(real_tty->pgrp);
2367         real_tty->pgrp = get_pid(pgrp);
2368         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2369 out_unlock:
2370         rcu_read_unlock();
2371         return retval;
2372 }
2373
2374 /**
2375  *      tiocgsid                -       get session id
2376  *      @tty: tty passed by user
2377  *      @real_tty: tty side of the tty pased by the user if a pty else the tty
2378  *      @p: pointer to returned session id
2379  *
2380  *      Obtain the session id of the tty. If there is no session
2381  *      return an error.
2382  *
2383  *      Locking: none. Reference to current->signal->tty is safe.
2384  */
2385
2386 static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2387 {
2388         /*
2389          * (tty == real_tty) is a cheap way of
2390          * testing if the tty is NOT a master pty.
2391         */
2392         if (tty == real_tty && current->signal->tty != real_tty)
2393                 return -ENOTTY;
2394         if (!real_tty->session)
2395                 return -ENOTTY;
2396         return put_user(pid_vnr(real_tty->session), p);
2397 }
2398
2399 /**
2400  *      tiocsetd        -       set line discipline
2401  *      @tty: tty device
2402  *      @p: pointer to user data
2403  *
2404  *      Set the line discipline according to user request.
2405  *
2406  *      Locking: see tty_set_ldisc, this function is just a helper
2407  */
2408
2409 static int tiocsetd(struct tty_struct *tty, int __user *p)
2410 {
2411         int ldisc;
2412         int ret;
2413
2414         if (get_user(ldisc, p))
2415                 return -EFAULT;
2416
2417         lock_kernel();
2418         ret = tty_set_ldisc(tty, ldisc);
2419         unlock_kernel();
2420
2421         return ret;
2422 }
2423
2424 /**
2425  *      send_break      -       performed time break
2426  *      @tty: device to break on
2427  *      @duration: timeout in mS
2428  *
2429  *      Perform a timed break on hardware that lacks its own driver level
2430  *      timed break functionality.
2431  *
2432  *      Locking:
2433  *              atomic_write_lock serializes
2434  *
2435  */
2436
2437 static int send_break(struct tty_struct *tty, unsigned int duration)
2438 {
2439         int retval;
2440
2441         if (tty->ops->break_ctl == NULL)
2442                 return 0;
2443
2444         if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
2445                 retval = tty->ops->break_ctl(tty, duration);
2446         else {
2447                 /* Do the work ourselves */
2448                 if (tty_write_lock(tty, 0) < 0)
2449                         return -EINTR;
2450                 retval = tty->ops->break_ctl(tty, -1);
2451                 if (retval)
2452                         goto out;
2453                 if (!signal_pending(current))
2454                         msleep_interruptible(duration);
2455                 retval = tty->ops->break_ctl(tty, 0);
2456 out:
2457                 tty_write_unlock(tty);
2458                 if (signal_pending(current))
2459                         retval = -EINTR;
2460         }
2461         return retval;
2462 }
2463
2464 /**
2465  *      tty_tiocmget            -       get modem status
2466  *      @tty: tty device
2467  *      @file: user file pointer
2468  *      @p: pointer to result
2469  *
2470  *      Obtain the modem status bits from the tty driver if the feature
2471  *      is supported. Return -EINVAL if it is not available.
2472  *
2473  *      Locking: none (up to the driver)
2474  */
2475
2476 static int tty_tiocmget(struct tty_struct *tty, struct file *file, int __user *p)
2477 {
2478         int retval = -EINVAL;
2479
2480         if (tty->ops->tiocmget) {
2481                 retval = tty->ops->tiocmget(tty, file);
2482
2483                 if (retval >= 0)
2484                         retval = put_user(retval, p);
2485         }
2486         return retval;
2487 }
2488
2489 /**
2490  *      tty_tiocmset            -       set modem status
2491  *      @tty: tty device
2492  *      @file: user file pointer
2493  *      @cmd: command - clear bits, set bits or set all
2494  *      @p: pointer to desired bits
2495  *
2496  *      Set the modem status bits from the tty driver if the feature
2497  *      is supported. Return -EINVAL if it is not available.
2498  *
2499  *      Locking: none (up to the driver)
2500  */
2501
2502 static int tty_tiocmset(struct tty_struct *tty, struct file *file, unsigned int cmd,
2503              unsigned __user *p)
2504 {
2505         int retval;
2506         unsigned int set, clear, val;
2507
2508         if (tty->ops->tiocmset == NULL)
2509                 return -EINVAL;
2510
2511         retval = get_user(val, p);
2512         if (retval)
2513                 return retval;
2514         set = clear = 0;
2515         switch (cmd) {
2516         case TIOCMBIS:
2517                 set = val;
2518                 break;
2519         case TIOCMBIC:
2520                 clear = val;
2521                 break;
2522         case TIOCMSET:
2523                 set = val;
2524                 clear = ~val;
2525                 break;
2526         }
2527         set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2528         clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2529         return tty->ops->tiocmset(tty, file, set, clear);
2530 }
2531
2532 /*
2533  * Split this up, as gcc can choke on it otherwise..
2534  */
2535 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2536 {
2537         struct tty_struct *tty, *real_tty;
2538         void __user *p = (void __user *)arg;
2539         int retval;
2540         struct tty_ldisc *ld;
2541         struct inode *inode = file->f_dentry->d_inode;
2542
2543         tty = (struct tty_struct *)file->private_data;
2544         if (tty_paranoia_check(tty, inode, "tty_ioctl"))
2545                 return -EINVAL;
2546
2547         real_tty = tty;
2548         if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2549             tty->driver->subtype == PTY_TYPE_MASTER)
2550                 real_tty = tty->link;
2551
2552
2553         /*
2554          * Factor out some common prep work
2555          */
2556         switch (cmd) {
2557         case TIOCSETD:
2558         case TIOCSBRK:
2559         case TIOCCBRK:
2560         case TCSBRK:
2561         case TCSBRKP:
2562                 retval = tty_check_change(tty);
2563                 if (retval)
2564                         return retval;
2565                 if (cmd != TIOCCBRK) {
2566                         tty_wait_until_sent(tty, 0);
2567                         if (signal_pending(current))
2568                                 return -EINTR;
2569                 }
2570                 break;
2571         }
2572
2573         /*
2574          *      Now do the stuff.
2575          */
2576         switch (cmd) {
2577         case TIOCSTI:
2578                 return tiocsti(tty, p);
2579         case TIOCGWINSZ:
2580                 return tiocgwinsz(real_tty, p);
2581         case TIOCSWINSZ:
2582                 return tiocswinsz(tty, real_tty, p);
2583         case TIOCCONS:
2584                 return real_tty != tty ? -EINVAL : tioccons(file);
2585         case FIONBIO:
2586                 return fionbio(file, p);
2587         case TIOCEXCL:
2588                 set_bit(TTY_EXCLUSIVE, &tty->flags);
2589                 return 0;
2590         case TIOCNXCL:
2591                 clear_bit(TTY_EXCLUSIVE, &tty->flags);
2592                 return 0;
2593         case TIOCNOTTY:
2594                 if (current->signal->tty != tty)
2595                         return -ENOTTY;
2596                 no_tty();
2597                 return 0;
2598         case TIOCSCTTY:
2599                 return tiocsctty(tty, arg);
2600         case TIOCGPGRP:
2601                 return tiocgpgrp(tty, real_tty, p);
2602         case TIOCSPGRP:
2603                 return tiocspgrp(tty, real_tty, p);
2604         case TIOCGSID:
2605                 return tiocgsid(tty, real_tty, p);
2606         case TIOCGETD:
2607                 return put_user(tty->ldisc.ops->num, (int __user *)p);
2608         case TIOCSETD:
2609                 return tiocsetd(tty, p);
2610         /*
2611          * Break handling
2612          */
2613         case TIOCSBRK:  /* Turn break on, unconditionally */
2614                 if (tty->ops->break_ctl)
2615                         return tty->ops->break_ctl(tty, -1);
2616                 return 0;
2617         case TIOCCBRK:  /* Turn break off, unconditionally */
2618                 if (tty->ops->break_ctl)
2619                         return tty->ops->break_ctl(tty, 0);
2620                 return 0;
2621         case TCSBRK:   /* SVID version: non-zero arg --> no break */
2622                 /* non-zero arg means wait for all output data
2623                  * to be sent (performed above) but don't send break.
2624                  * This is used by the tcdrain() termios function.
2625                  */
2626                 if (!arg)
2627                         return send_break(tty, 250);
2628                 return 0;
2629         case TCSBRKP:   /* support for POSIX tcsendbreak() */
2630                 return send_break(tty, arg ? arg*100 : 250);
2631
2632         case TIOCMGET:
2633                 return tty_tiocmget(tty, file, p);
2634         case TIOCMSET:
2635         case TIOCMBIC:
2636         case TIOCMBIS:
2637                 return tty_tiocmset(tty, file, cmd, p);
2638         case TCFLSH:
2639                 switch (arg) {
2640                 case TCIFLUSH:
2641                 case TCIOFLUSH:
2642                 /* flush tty buffer and allow ldisc to process ioctl */
2643                         tty_buffer_flush(tty);
2644                         break;
2645                 }
2646                 break;
2647         }
2648         if (tty->ops->ioctl) {
2649                 retval = (tty->ops->ioctl)(tty, file, cmd, arg);
2650                 if (retval != -ENOIOCTLCMD)
2651                         return retval;
2652         }
2653         ld = tty_ldisc_ref_wait(tty);
2654         retval = -EINVAL;
2655         if (ld->ops->ioctl) {
2656                 retval = ld->ops->ioctl(tty, file, cmd, arg);
2657                 if (retval == -ENOIOCTLCMD)
2658                         retval = -EINVAL;
2659         }
2660         tty_ldisc_deref(ld);
2661         return retval;
2662 }
2663
2664 #ifdef CONFIG_COMPAT
2665 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
2666                                 unsigned long arg)
2667 {
2668         struct inode *inode = file->f_dentry->d_inode;
2669         struct tty_struct *tty = file->private_data;
2670         struct tty_ldisc *ld;
2671         int retval = -ENOIOCTLCMD;
2672
2673         if (tty_paranoia_check(tty, inode, "tty_ioctl"))
2674                 return -EINVAL;
2675
2676         if (tty->ops->compat_ioctl) {
2677                 retval = (tty->ops->compat_ioctl)(tty, file, cmd, arg);
2678                 if (retval != -ENOIOCTLCMD)
2679                         return retval;
2680         }
2681
2682         ld = tty_ldisc_ref_wait(tty);
2683         if (ld->ops->compat_ioctl)
2684                 retval = ld->ops->compat_ioctl(tty, file, cmd, arg);
2685         tty_ldisc_deref(ld);
2686
2687         return retval;
2688 }
2689 #endif
2690
2691 /*
2692  * This implements the "Secure Attention Key" ---  the idea is to
2693  * prevent trojan horses by killing all processes associated with this
2694  * tty when the user hits the "Secure Attention Key".  Required for
2695  * super-paranoid applications --- see the Orange Book for more details.
2696  *
2697  * This code could be nicer; ideally it should send a HUP, wait a few
2698  * seconds, then send a INT, and then a KILL signal.  But you then
2699  * have to coordinate with the init process, since all processes associated
2700  * with the current tty must be dead before the new getty is allowed
2701  * to spawn.
2702  *
2703  * Now, if it would be correct ;-/ The current code has a nasty hole -
2704  * it doesn't catch files in flight. We may send the descriptor to ourselves
2705  * via AF_UNIX socket, close it and later fetch from socket. FIXME.
2706  *
2707  * Nasty bug: do_SAK is being called in interrupt context.  This can
2708  * deadlock.  We punt it up to process context.  AKPM - 16Mar2001
2709  */
2710 void __do_SAK(struct tty_struct *tty)
2711 {
2712 #ifdef TTY_SOFT_SAK
2713         tty_hangup(tty);
2714 #else
2715         struct task_struct *g, *p;
2716         struct pid *session;
2717         int             i;
2718         struct file     *filp;
2719         struct fdtable *fdt;
2720
2721         if (!tty)
2722                 return;
2723         session = tty->session;
2724
2725         tty_ldisc_flush(tty);
2726
2727         tty_driver_flush_buffer(tty);
2728
2729         read_lock(&tasklist_lock);
2730         /* Kill the entire session */
2731         do_each_pid_task(session, PIDTYPE_SID, p) {
2732                 printk(KERN_NOTICE "SAK: killed process %d"
2733                         " (%s): task_session_nr(p)==tty->session\n",
2734                         task_pid_nr(p), p->comm);
2735                 send_sig(SIGKILL, p, 1);
2736         } while_each_pid_task(session, PIDTYPE_SID, p);
2737         /* Now kill any processes that happen to have the
2738          * tty open.
2739          */
2740         do_each_thread(g, p) {
2741                 if (p->signal->tty == tty) {
2742                         printk(KERN_NOTICE "SAK: killed process %d"
2743                             " (%s): task_session_nr(p)==tty->session\n",
2744                             task_pid_nr(p), p->comm);
2745                         send_sig(SIGKILL, p, 1);
2746                         continue;
2747                 }
2748                 task_lock(p);
2749                 if (p->files) {
2750                         /*
2751                          * We don't take a ref to the file, so we must
2752                          * hold ->file_lock instead.
2753                          */
2754                         spin_lock(&p->files->file_lock);
2755                         fdt = files_fdtable(p->files);
2756                         for (i = 0; i < fdt->max_fds; i++) {
2757                                 filp = fcheck_files(p->files, i);
2758                                 if (!filp)
2759                                         continue;
2760                                 if (filp->f_op->read == tty_read &&
2761                                     filp->private_data == tty) {
2762                                         printk(KERN_NOTICE "SAK: killed process %d"
2763                                             " (%s): fd#%d opened to the tty\n",
2764                                             task_pid_nr(p), p->comm, i);
2765                                         force_sig(SIGKILL, p);
2766                                         break;
2767                                 }
2768                         }
2769                         spin_unlock(&p->files->file_lock);
2770                 }
2771                 task_unlock(p);
2772         } while_each_thread(g, p);
2773         read_unlock(&tasklist_lock);
2774 #endif
2775 }
2776
2777 static void do_SAK_work(struct work_struct *work)
2778 {
2779         struct tty_struct *tty =
2780                 container_of(work, struct tty_struct, SAK_work);
2781         __do_SAK(tty);
2782 }
2783
2784 /*
2785  * The tq handling here is a little racy - tty->SAK_work may already be queued.
2786  * Fortunately we don't need to worry, because if ->SAK_work is already queued,
2787  * the values which we write to it will be identical to the values which it
2788  * already has. --akpm
2789  */
2790 void do_SAK(struct tty_struct *tty)
2791 {
2792         if (!tty)
2793                 return;
2794         schedule_work(&tty->SAK_work);
2795 }
2796
2797 EXPORT_SYMBOL(do_SAK);
2798
2799 /**
2800  *      initialize_tty_struct
2801  *      @tty: tty to initialize
2802  *
2803  *      This subroutine initializes a tty structure that has been newly
2804  *      allocated.
2805  *
2806  *      Locking: none - tty in question must not be exposed at this point
2807  */
2808
2809 static void initialize_tty_struct(struct tty_struct *tty)
2810 {
2811         memset(tty, 0, sizeof(struct tty_struct));
2812         kref_init(&tty->kref);
2813         tty->magic = TTY_MAGIC;
2814         tty_ldisc_init(tty);
2815         tty->session = NULL;
2816         tty->pgrp = NULL;
2817         tty->overrun_time = jiffies;
2818         tty->buf.head = tty->buf.tail = NULL;
2819         tty_buffer_init(tty);
2820         mutex_init(&tty->termios_mutex);
2821         init_waitqueue_head(&tty->write_wait);
2822         init_waitqueue_head(&tty->read_wait);
2823         INIT_WORK(&tty->hangup_work, do_tty_hangup);
2824         mutex_init(&tty->atomic_read_lock);
2825         mutex_init(&tty->atomic_write_lock);
2826         spin_lock_init(&tty->read_lock);
2827         spin_lock_init(&tty->ctrl_lock);
2828         INIT_LIST_HEAD(&tty->tty_files);
2829         INIT_WORK(&tty->SAK_work, do_SAK_work);
2830 }
2831
2832 /**
2833  *      tty_put_char    -       write one character to a tty
2834  *      @tty: tty
2835  *      @ch: character
2836  *
2837  *      Write one byte to the tty using the provided put_char method
2838  *      if present. Returns the number of characters successfully output.
2839  *
2840  *      Note: the specific put_char operation in the driver layer may go
2841  *      away soon. Don't call it directly, use this method
2842  */
2843
2844 int tty_put_char(struct tty_struct *tty, unsigned char ch)
2845 {
2846         if (tty->ops->put_char)
2847                 return tty->ops->put_char(tty, ch);
2848         return tty->ops->write(tty, &ch, 1);
2849 }
2850
2851 EXPORT_SYMBOL_GPL(tty_put_char);
2852
2853 struct class *tty_class;
2854
2855 /**
2856  *      tty_register_device - register a tty device
2857  *      @driver: the tty driver that describes the tty device
2858  *      @index: the index in the tty driver for this tty device
2859  *      @device: a struct device that is associated with this tty device.
2860  *              This field is optional, if there is no known struct device
2861  *              for this tty device it can be set to NULL safely.
2862  *
2863  *      Returns a pointer to the struct device for this tty device
2864  *      (or ERR_PTR(-EFOO) on error).
2865  *
2866  *      This call is required to be made to register an individual tty device
2867  *      if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set.  If
2868  *      that bit is not set, this function should not be called by a tty
2869  *      driver.
2870  *
2871  *      Locking: ??
2872  */
2873
2874 struct device *tty_register_device(struct tty_driver *driver, unsigned index,
2875                                    struct device *device)
2876 {
2877         char name[64];
2878         dev_t dev = MKDEV(driver->major, driver->minor_start) + index;
2879
2880         if (index >= driver->num) {
2881                 printk(KERN_ERR "Attempt to register invalid tty line number "
2882                        " (%d).\n", index);
2883                 return ERR_PTR(-EINVAL);
2884         }
2885
2886         if (driver->type == TTY_DRIVER_TYPE_PTY)
2887                 pty_line_name(driver, index, name);
2888         else
2889                 tty_line_name(driver, index, name);
2890
2891         return device_create_drvdata(tty_class, device, dev, NULL, name);
2892 }
2893
2894 /**
2895  *      tty_unregister_device - unregister a tty device
2896  *      @driver: the tty driver that describes the tty device
2897  *      @index: the index in the tty driver for this tty device
2898  *
2899  *      If a tty device is registered with a call to tty_register_device() then
2900  *      this function must be called when the tty device is gone.
2901  *
2902  *      Locking: ??
2903  */
2904
2905 void tty_unregister_device(struct tty_driver *driver, unsigned index)
2906 {
2907         device_destroy(tty_class,
2908                 MKDEV(driver->major, driver->minor_start) + index);
2909 }
2910
2911 EXPORT_SYMBOL(tty_register_device);
2912 EXPORT_SYMBOL(tty_unregister_device);
2913
2914 struct tty_driver *alloc_tty_driver(int lines)
2915 {
2916         struct tty_driver *driver;
2917
2918         driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL);
2919         if (driver) {
2920                 driver->magic = TTY_DRIVER_MAGIC;
2921                 driver->num = lines;
2922                 /* later we'll move allocation of tables here */
2923         }
2924         return driver;
2925 }
2926
2927 void put_tty_driver(struct tty_driver *driver)
2928 {
2929         kfree(driver);
2930 }
2931
2932 void tty_set_operations(struct tty_driver *driver,
2933                         const struct tty_operations *op)
2934 {
2935         driver->ops = op;
2936 };
2937
2938 EXPORT_SYMBOL(alloc_tty_driver);
2939 EXPORT_SYMBOL(put_tty_driver);
2940 EXPORT_SYMBOL(tty_set_operations);
2941
2942 /*
2943  * Called by a tty driver to register itself.
2944  */
2945 int tty_register_driver(struct tty_driver *driver)
2946 {
2947         int error;
2948         int i;
2949         dev_t dev;
2950         void **p = NULL;
2951
2952         if (driver->flags & TTY_DRIVER_INSTALLED)
2953                 return 0;
2954
2955         if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM) && driver->num) {
2956                 p = kzalloc(driver->num * 3 * sizeof(void *), GFP_KERNEL);
2957                 if (!p)
2958                         return -ENOMEM;
2959         }
2960
2961         if (!driver->major) {
2962                 error = alloc_chrdev_region(&dev, driver->minor_start,
2963                                                 driver->num, driver->name);
2964                 if (!error) {
2965                         driver->major = MAJOR(dev);
2966                         driver->minor_start = MINOR(dev);
2967                 }
2968         } else {
2969                 dev = MKDEV(driver->major, driver->minor_start);
2970                 error = register_chrdev_region(dev, driver->num, driver->name);
2971         }
2972         if (error < 0) {
2973                 kfree(p);
2974                 return error;
2975         }
2976
2977         if (p) {
2978                 driver->ttys = (struct tty_struct **)p;
2979                 driver->termios = (struct ktermios **)(p + driver->num);
2980                 driver->termios_locked = (struct ktermios **)
2981                                                         (p + driver->num * 2);
2982         } else {
2983                 driver->ttys = NULL;
2984                 driver->termios = NULL;
2985                 driver->termios_locked = NULL;
2986         }
2987
2988         cdev_init(&driver->cdev, &tty_fops);
2989         driver->cdev.owner = driver->owner;
2990         error = cdev_add(&driver->cdev, dev, driver->num);
2991         if (error) {
2992                 unregister_chrdev_region(dev, driver->num);
2993                 driver->ttys = NULL;
2994                 driver->termios = driver->termios_locked = NULL;
2995                 kfree(p);
2996                 return error;
2997         }
2998
2999         mutex_lock(&tty_mutex);
3000         list_add(&driver->tty_drivers, &tty_drivers);
3001         mutex_unlock(&tty_mutex);
3002
3003         if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
3004                 for (i = 0; i < driver->num; i++)
3005                     tty_register_device(driver, i, NULL);
3006         }
3007         proc_tty_register_driver(driver);
3008         return 0;
3009 }
3010
3011 EXPORT_SYMBOL(tty_register_driver);
3012
3013 /*
3014  * Called by a tty driver to unregister itself.
3015  */
3016 int tty_unregister_driver(struct tty_driver *driver)
3017 {
3018         int i;
3019         struct ktermios *tp;
3020         void *p;
3021
3022         if (driver->refcount)
3023                 return -EBUSY;
3024
3025         unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3026                                 driver->num);
3027         mutex_lock(&tty_mutex);
3028         list_del(&driver->tty_drivers);
3029         mutex_unlock(&tty_mutex);
3030
3031         /*
3032          * Free the termios and termios_locked structures because
3033          * we don't want to get memory leaks when modular tty
3034          * drivers are removed from the kernel.
3035          */
3036         for (i = 0; i < driver->num; i++) {
3037                 tp = driver->termios[i];
3038                 if (tp) {
3039                         driver->termios[i] = NULL;
3040                         kfree(tp);
3041                 }
3042                 tp = driver->termios_locked[i];
3043                 if (tp) {
3044                         driver->termios_locked[i] = NULL;
3045                         kfree(tp);
3046                 }
3047                 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3048                         tty_unregister_device(driver, i);
3049         }
3050         p = driver->ttys;
3051         proc_tty_unregister_driver(driver);
3052         driver->ttys = NULL;
3053         driver->termios = driver->termios_locked = NULL;
3054         kfree(p);
3055         cdev_del(&driver->cdev);
3056         return 0;
3057 }
3058 EXPORT_SYMBOL(tty_unregister_driver);
3059
3060 dev_t tty_devnum(struct tty_struct *tty)
3061 {
3062         return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3063 }
3064 EXPORT_SYMBOL(tty_devnum);
3065
3066 void proc_clear_tty(struct task_struct *p)
3067 {
3068         struct tty_struct *tty;
3069         spin_lock_irq(&p->sighand->siglock);
3070         tty = p->signal->tty;
3071         p->signal->tty = NULL;
3072         spin_unlock_irq(&p->sighand->siglock);
3073         tty_kref_put(tty);
3074 }
3075
3076 /* Called under the sighand lock */
3077
3078 static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
3079 {
3080         if (tty) {
3081                 unsigned long flags;
3082                 /* We should not have a session or pgrp to put here but.... */
3083                 spin_lock_irqsave(&tty->ctrl_lock, flags);
3084                 put_pid(tty->session);
3085                 put_pid(tty->pgrp);
3086                 tty->pgrp = get_pid(task_pgrp(tsk));
3087                 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
3088                 tty->session = get_pid(task_session(tsk));
3089                 if (tsk->signal->tty) {
3090                         printk(KERN_DEBUG "tty not NULL!!\n");
3091                         tty_kref_put(tsk->signal->tty);
3092                 }
3093         }
3094         put_pid(tsk->signal->tty_old_pgrp);
3095         tsk->signal->tty = tty_kref_get(tty);
3096         tsk->signal->tty_old_pgrp = NULL;
3097 }
3098
3099 static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
3100 {
3101         spin_lock_irq(&tsk->sighand->siglock);
3102         __proc_set_tty(tsk, tty);
3103         spin_unlock_irq(&tsk->sighand->siglock);
3104 }
3105
3106 struct tty_struct *get_current_tty(void)
3107 {
3108         struct tty_struct *tty;
3109         unsigned long flags;
3110
3111         spin_lock_irqsave(&current->sighand->siglock, flags);
3112         tty = tty_kref_get(current->signal->tty);
3113         spin_unlock_irqrestore(&current->sighand->siglock, flags);
3114         return tty;
3115 }
3116 EXPORT_SYMBOL_GPL(get_current_tty);
3117
3118 void tty_default_fops(struct file_operations *fops)
3119 {
3120         *fops = tty_fops;
3121 }
3122
3123 /*
3124  * Initialize the console device. This is called *early*, so
3125  * we can't necessarily depend on lots of kernel help here.
3126  * Just do some early initializations, and do the complex setup
3127  * later.
3128  */
3129 void __init console_init(void)
3130 {
3131         initcall_t *call;
3132
3133         /* Setup the default TTY line discipline. */
3134         tty_ldisc_begin();
3135
3136         /*
3137          * set up the console device so that later boot sequences can
3138          * inform about problems etc..
3139          */
3140         call = __con_initcall_start;
3141         while (call < __con_initcall_end) {
3142                 (*call)();
3143                 call++;
3144         }
3145 }
3146
3147 static int __init tty_class_init(void)
3148 {
3149         tty_class = class_create(THIS_MODULE, "tty");
3150         if (IS_ERR(tty_class))
3151                 return PTR_ERR(tty_class);
3152         return 0;
3153 }
3154
3155 postcore_initcall(tty_class_init);
3156
3157 /* 3/2004 jmc: why do these devices exist? */
3158
3159 static struct cdev tty_cdev, console_cdev;
3160
3161 /*
3162  * Ok, now we can initialize the rest of the tty devices and can count
3163  * on memory allocations, interrupts etc..
3164  */
3165 static int __init tty_init(void)
3166 {
3167         cdev_init(&tty_cdev, &tty_fops);
3168         if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3169             register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3170                 panic("Couldn't register /dev/tty driver\n");
3171         device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL,
3172                               "tty");
3173
3174         cdev_init(&console_cdev, &console_fops);
3175         if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3176             register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3177                 panic("Couldn't register /dev/console driver\n");
3178         device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), NULL,
3179                               "console");
3180
3181 #ifdef CONFIG_VT
3182         vty_init(&console_fops);
3183 #endif
3184         return 0;
3185 }
3186 module_init(tty_init);