[PATCH] kvm: Fix gva_to_gpa()
[linux-2.6] / drivers / char / tty_io.c
1 /*
2  *  linux/drivers/char/tty_io.c
3  *
4  *  Copyright (C) 1991, 1992  Linus Torvalds
5  */
6
7 /*
8  * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
9  * or rs-channels. It also implements echoing, cooked mode etc.
10  *
11  * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
12  *
13  * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
14  * tty_struct and tty_queue structures.  Previously there was an array
15  * of 256 tty_struct's which was statically allocated, and the
16  * tty_queue structures were allocated at boot time.  Both are now
17  * dynamically allocated only when the tty is open.
18  *
19  * Also restructured routines so that there is more of a separation
20  * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
21  * the low-level tty routines (serial.c, pty.c, console.c).  This
22  * makes for cleaner and more compact code.  -TYT, 9/17/92 
23  *
24  * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
25  * which can be dynamically activated and de-activated by the line
26  * discipline handling modules (like SLIP).
27  *
28  * NOTE: pay no attention to the line discipline code (yet); its
29  * interface is still subject to change in this version...
30  * -- TYT, 1/31/92
31  *
32  * Added functionality to the OPOST tty handling.  No delays, but all
33  * other bits should be there.
34  *      -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
35  *
36  * Rewrote canonical mode and added more termios flags.
37  *      -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
38  *
39  * Reorganized FASYNC support so mouse code can share it.
40  *      -- ctm@ardi.com, 9Sep95
41  *
42  * New TIOCLINUX variants added.
43  *      -- mj@k332.feld.cvut.cz, 19-Nov-95
44  * 
45  * Restrict vt switching via ioctl()
46  *      -- grif@cs.ucr.edu, 5-Dec-95
47  *
48  * Move console and virtual terminal code to more appropriate files,
49  * implement CONFIG_VT and generalize console device interface.
50  *      -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
51  *
52  * Rewrote init_dev and release_dev to eliminate races.
53  *      -- Bill Hawes <whawes@star.net>, June 97
54  *
55  * Added devfs support.
56  *      -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
57  *
58  * Added support for a Unix98-style ptmx device.
59  *      -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
60  *
61  * Reduced memory usage for older ARM systems
62  *      -- Russell King <rmk@arm.linux.org.uk>
63  *
64  * Move do_SAK() into process context.  Less stack use in devfs functions.
65  * alloc_tty_struct() always uses kmalloc() -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
66  */
67
68 #include <linux/types.h>
69 #include <linux/major.h>
70 #include <linux/errno.h>
71 #include <linux/signal.h>
72 #include <linux/fcntl.h>
73 #include <linux/sched.h>
74 #include <linux/interrupt.h>
75 #include <linux/tty.h>
76 #include <linux/tty_driver.h>
77 #include <linux/tty_flip.h>
78 #include <linux/devpts_fs.h>
79 #include <linux/file.h>
80 #include <linux/console.h>
81 #include <linux/timer.h>
82 #include <linux/ctype.h>
83 #include <linux/kd.h>
84 #include <linux/mm.h>
85 #include <linux/string.h>
86 #include <linux/slab.h>
87 #include <linux/poll.h>
88 #include <linux/proc_fs.h>
89 #include <linux/init.h>
90 #include <linux/module.h>
91 #include <linux/smp_lock.h>
92 #include <linux/device.h>
93 #include <linux/idr.h>
94 #include <linux/wait.h>
95 #include <linux/bitops.h>
96 #include <linux/delay.h>
97
98 #include <asm/uaccess.h>
99 #include <asm/system.h>
100
101 #include <linux/kbd_kern.h>
102 #include <linux/vt_kern.h>
103 #include <linux/selection.h>
104
105 #include <linux/kmod.h>
106
107 #undef TTY_DEBUG_HANGUP
108
109 #define TTY_PARANOIA_CHECK 1
110 #define CHECK_TTY_COUNT 1
111
112 struct ktermios tty_std_termios = {     /* for the benefit of tty drivers  */
113         .c_iflag = ICRNL | IXON,
114         .c_oflag = OPOST | ONLCR,
115         .c_cflag = B38400 | CS8 | CREAD | HUPCL,
116         .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
117                    ECHOCTL | ECHOKE | IEXTEN,
118         .c_cc = INIT_C_CC,
119         .c_ispeed = 38400,
120         .c_ospeed = 38400
121 };
122
123 EXPORT_SYMBOL(tty_std_termios);
124
125 /* This list gets poked at by procfs and various bits of boot up code. This
126    could do with some rationalisation such as pulling the tty proc function
127    into this file */
128    
129 LIST_HEAD(tty_drivers);                 /* linked list of tty drivers */
130
131 /* Mutex to protect creating and releasing a tty. This is shared with
132    vt.c for deeply disgusting hack reasons */
133 DEFINE_MUTEX(tty_mutex);
134 EXPORT_SYMBOL(tty_mutex);
135
136 #ifdef CONFIG_UNIX98_PTYS
137 extern struct tty_driver *ptm_driver;   /* Unix98 pty masters; for /dev/ptmx */
138 extern int pty_limit;           /* Config limit on Unix98 ptys */
139 static DEFINE_IDR(allocated_ptys);
140 static DECLARE_MUTEX(allocated_ptys_lock);
141 static int ptmx_open(struct inode *, struct file *);
142 #endif
143
144 extern void disable_early_printk(void);
145
146 static void initialize_tty_struct(struct tty_struct *tty);
147
148 static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
149 static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
150 ssize_t redirected_tty_write(struct file *, const char __user *, size_t, loff_t *);
151 static unsigned int tty_poll(struct file *, poll_table *);
152 static int tty_open(struct inode *, struct file *);
153 static int tty_release(struct inode *, struct file *);
154 int tty_ioctl(struct inode * inode, struct file * file,
155               unsigned int cmd, unsigned long arg);
156 static int tty_fasync(int fd, struct file * filp, int on);
157 static void release_tty(struct tty_struct *tty, int idx);
158 static struct pid *__proc_set_tty(struct task_struct *tsk,
159                                 struct tty_struct *tty);
160
161 /**
162  *      alloc_tty_struct        -       allocate a tty object
163  *
164  *      Return a new empty tty structure. The data fields have not
165  *      been initialized in any way but has been zeroed
166  *
167  *      Locking: none
168  */
169
170 static struct tty_struct *alloc_tty_struct(void)
171 {
172         return kzalloc(sizeof(struct tty_struct), GFP_KERNEL);
173 }
174
175 static void tty_buffer_free_all(struct tty_struct *);
176
177 /**
178  *      free_tty_struct         -       free a disused tty
179  *      @tty: tty struct to free
180  *
181  *      Free the write buffers, tty queue and tty memory itself.
182  *
183  *      Locking: none. Must be called after tty is definitely unused
184  */
185
186 static inline void free_tty_struct(struct tty_struct *tty)
187 {
188         kfree(tty->write_buf);
189         tty_buffer_free_all(tty);
190         kfree(tty);
191 }
192
193 #define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
194
195 /**
196  *      tty_name        -       return tty naming
197  *      @tty: tty structure
198  *      @buf: buffer for output
199  *
200  *      Convert a tty structure into a name. The name reflects the kernel
201  *      naming policy and if udev is in use may not reflect user space
202  *
203  *      Locking: none
204  */
205
206 char *tty_name(struct tty_struct *tty, char *buf)
207 {
208         if (!tty) /* Hmm.  NULL pointer.  That's fun. */
209                 strcpy(buf, "NULL tty");
210         else
211                 strcpy(buf, tty->name);
212         return buf;
213 }
214
215 EXPORT_SYMBOL(tty_name);
216
217 int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
218                               const char *routine)
219 {
220 #ifdef TTY_PARANOIA_CHECK
221         if (!tty) {
222                 printk(KERN_WARNING
223                         "null TTY for (%d:%d) in %s\n",
224                         imajor(inode), iminor(inode), routine);
225                 return 1;
226         }
227         if (tty->magic != TTY_MAGIC) {
228                 printk(KERN_WARNING
229                         "bad magic number for tty struct (%d:%d) in %s\n",
230                         imajor(inode), iminor(inode), routine);
231                 return 1;
232         }
233 #endif
234         return 0;
235 }
236
237 static int check_tty_count(struct tty_struct *tty, const char *routine)
238 {
239 #ifdef CHECK_TTY_COUNT
240         struct list_head *p;
241         int count = 0;
242         
243         file_list_lock();
244         list_for_each(p, &tty->tty_files) {
245                 count++;
246         }
247         file_list_unlock();
248         if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
249             tty->driver->subtype == PTY_TYPE_SLAVE &&
250             tty->link && tty->link->count)
251                 count++;
252         if (tty->count != count) {
253                 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
254                                     "!= #fd's(%d) in %s\n",
255                        tty->name, tty->count, count, routine);
256                 return count;
257         }
258 #endif
259         return 0;
260 }
261
262 /*
263  * Tty buffer allocation management
264  */
265
266 /**
267  *      tty_buffer_free_all             -       free buffers used by a tty
268  *      @tty: tty to free from
269  *
270  *      Remove all the buffers pending on a tty whether queued with data
271  *      or in the free ring. Must be called when the tty is no longer in use
272  *
273  *      Locking: none
274  */
275
276 static void tty_buffer_free_all(struct tty_struct *tty)
277 {
278         struct tty_buffer *thead;
279         while((thead = tty->buf.head) != NULL) {
280                 tty->buf.head = thead->next;
281                 kfree(thead);
282         }
283         while((thead = tty->buf.free) != NULL) {
284                 tty->buf.free = thead->next;
285                 kfree(thead);
286         }
287         tty->buf.tail = NULL;
288         tty->buf.memory_used = 0;
289 }
290
291 /**
292  *      tty_buffer_init         -       prepare a tty buffer structure
293  *      @tty: tty to initialise
294  *
295  *      Set up the initial state of the buffer management for a tty device.
296  *      Must be called before the other tty buffer functions are used.
297  *
298  *      Locking: none
299  */
300
301 static void tty_buffer_init(struct tty_struct *tty)
302 {
303         spin_lock_init(&tty->buf.lock);
304         tty->buf.head = NULL;
305         tty->buf.tail = NULL;
306         tty->buf.free = NULL;
307         tty->buf.memory_used = 0;
308 }
309
310 /**
311  *      tty_buffer_alloc        -       allocate a tty buffer
312  *      @tty: tty device
313  *      @size: desired size (characters)
314  *
315  *      Allocate a new tty buffer to hold the desired number of characters.
316  *      Return NULL if out of memory or the allocation would exceed the
317  *      per device queue
318  *
319  *      Locking: Caller must hold tty->buf.lock
320  */
321
322 static struct tty_buffer *tty_buffer_alloc(struct tty_struct *tty, size_t size)
323 {
324         struct tty_buffer *p;
325
326         if (tty->buf.memory_used + size > 65536)
327                 return NULL;
328         p = kmalloc(sizeof(struct tty_buffer) + 2 * size, GFP_ATOMIC);
329         if(p == NULL)
330                 return NULL;
331         p->used = 0;
332         p->size = size;
333         p->next = NULL;
334         p->commit = 0;
335         p->read = 0;
336         p->char_buf_ptr = (char *)(p->data);
337         p->flag_buf_ptr = (unsigned char *)p->char_buf_ptr + size;
338         tty->buf.memory_used += size;
339         return p;
340 }
341
342 /**
343  *      tty_buffer_free         -       free a tty buffer
344  *      @tty: tty owning the buffer
345  *      @b: the buffer to free
346  *
347  *      Free a tty buffer, or add it to the free list according to our
348  *      internal strategy
349  *
350  *      Locking: Caller must hold tty->buf.lock
351  */
352
353 static void tty_buffer_free(struct tty_struct *tty, struct tty_buffer *b)
354 {
355         /* Dumb strategy for now - should keep some stats */
356         tty->buf.memory_used -= b->size;
357         WARN_ON(tty->buf.memory_used < 0);
358
359         if(b->size >= 512)
360                 kfree(b);
361         else {
362                 b->next = tty->buf.free;
363                 tty->buf.free = b;
364         }
365 }
366
367 /**
368  *      tty_buffer_find         -       find a free tty buffer
369  *      @tty: tty owning the buffer
370  *      @size: characters wanted
371  *
372  *      Locate an existing suitable tty buffer or if we are lacking one then
373  *      allocate a new one. We round our buffers off in 256 character chunks
374  *      to get better allocation behaviour.
375  *
376  *      Locking: Caller must hold tty->buf.lock
377  */
378
379 static struct tty_buffer *tty_buffer_find(struct tty_struct *tty, size_t size)
380 {
381         struct tty_buffer **tbh = &tty->buf.free;
382         while((*tbh) != NULL) {
383                 struct tty_buffer *t = *tbh;
384                 if(t->size >= size) {
385                         *tbh = t->next;
386                         t->next = NULL;
387                         t->used = 0;
388                         t->commit = 0;
389                         t->read = 0;
390                         tty->buf.memory_used += t->size;
391                         return t;
392                 }
393                 tbh = &((*tbh)->next);
394         }
395         /* Round the buffer size out */
396         size = (size + 0xFF) & ~ 0xFF;
397         return tty_buffer_alloc(tty, size);
398         /* Should possibly check if this fails for the largest buffer we
399            have queued and recycle that ? */
400 }
401
402 /**
403  *      tty_buffer_request_room         -       grow tty buffer if needed
404  *      @tty: tty structure
405  *      @size: size desired
406  *
407  *      Make at least size bytes of linear space available for the tty
408  *      buffer. If we fail return the size we managed to find.
409  *
410  *      Locking: Takes tty->buf.lock
411  */
412 int tty_buffer_request_room(struct tty_struct *tty, size_t size)
413 {
414         struct tty_buffer *b, *n;
415         int left;
416         unsigned long flags;
417
418         spin_lock_irqsave(&tty->buf.lock, flags);
419
420         /* OPTIMISATION: We could keep a per tty "zero" sized buffer to
421            remove this conditional if its worth it. This would be invisible
422            to the callers */
423         if ((b = tty->buf.tail) != NULL)
424                 left = b->size - b->used;
425         else
426                 left = 0;
427
428         if (left < size) {
429                 /* This is the slow path - looking for new buffers to use */
430                 if ((n = tty_buffer_find(tty, size)) != NULL) {
431                         if (b != NULL) {
432                                 b->next = n;
433                                 b->commit = b->used;
434                         } else
435                                 tty->buf.head = n;
436                         tty->buf.tail = n;
437                 } else
438                         size = left;
439         }
440
441         spin_unlock_irqrestore(&tty->buf.lock, flags);
442         return size;
443 }
444 EXPORT_SYMBOL_GPL(tty_buffer_request_room);
445
446 /**
447  *      tty_insert_flip_string  -       Add characters to the tty buffer
448  *      @tty: tty structure
449  *      @chars: characters
450  *      @size: size
451  *
452  *      Queue a series of bytes to the tty buffering. All the characters
453  *      passed are marked as without error. Returns the number added.
454  *
455  *      Locking: Called functions may take tty->buf.lock
456  */
457
458 int tty_insert_flip_string(struct tty_struct *tty, const unsigned char *chars,
459                                 size_t size)
460 {
461         int copied = 0;
462         do {
463                 int space = tty_buffer_request_room(tty, size - copied);
464                 struct tty_buffer *tb = tty->buf.tail;
465                 /* If there is no space then tb may be NULL */
466                 if(unlikely(space == 0))
467                         break;
468                 memcpy(tb->char_buf_ptr + tb->used, chars, space);
469                 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
470                 tb->used += space;
471                 copied += space;
472                 chars += space;
473                 /* There is a small chance that we need to split the data over
474                    several buffers. If this is the case we must loop */
475         } while (unlikely(size > copied));
476         return copied;
477 }
478 EXPORT_SYMBOL(tty_insert_flip_string);
479
480 /**
481  *      tty_insert_flip_string_flags    -       Add characters to the tty buffer
482  *      @tty: tty structure
483  *      @chars: characters
484  *      @flags: flag bytes
485  *      @size: size
486  *
487  *      Queue a series of bytes to the tty buffering. For each character
488  *      the flags array indicates the status of the character. Returns the
489  *      number added.
490  *
491  *      Locking: Called functions may take tty->buf.lock
492  */
493
494 int tty_insert_flip_string_flags(struct tty_struct *tty,
495                 const unsigned char *chars, const char *flags, size_t size)
496 {
497         int copied = 0;
498         do {
499                 int space = tty_buffer_request_room(tty, size - copied);
500                 struct tty_buffer *tb = tty->buf.tail;
501                 /* If there is no space then tb may be NULL */
502                 if(unlikely(space == 0))
503                         break;
504                 memcpy(tb->char_buf_ptr + tb->used, chars, space);
505                 memcpy(tb->flag_buf_ptr + tb->used, flags, space);
506                 tb->used += space;
507                 copied += space;
508                 chars += space;
509                 flags += space;
510                 /* There is a small chance that we need to split the data over
511                    several buffers. If this is the case we must loop */
512         } while (unlikely(size > copied));
513         return copied;
514 }
515 EXPORT_SYMBOL(tty_insert_flip_string_flags);
516
517 /**
518  *      tty_schedule_flip       -       push characters to ldisc
519  *      @tty: tty to push from
520  *
521  *      Takes any pending buffers and transfers their ownership to the
522  *      ldisc side of the queue. It then schedules those characters for
523  *      processing by the line discipline.
524  *
525  *      Locking: Takes tty->buf.lock
526  */
527
528 void tty_schedule_flip(struct tty_struct *tty)
529 {
530         unsigned long flags;
531         spin_lock_irqsave(&tty->buf.lock, flags);
532         if (tty->buf.tail != NULL)
533                 tty->buf.tail->commit = tty->buf.tail->used;
534         spin_unlock_irqrestore(&tty->buf.lock, flags);
535         schedule_delayed_work(&tty->buf.work, 1);
536 }
537 EXPORT_SYMBOL(tty_schedule_flip);
538
539 /**
540  *      tty_prepare_flip_string         -       make room for characters
541  *      @tty: tty
542  *      @chars: return pointer for character write area
543  *      @size: desired size
544  *
545  *      Prepare a block of space in the buffer for data. Returns the length
546  *      available and buffer pointer to the space which is now allocated and
547  *      accounted for as ready for normal characters. This is used for drivers
548  *      that need their own block copy routines into the buffer. There is no
549  *      guarantee the buffer is a DMA target!
550  *
551  *      Locking: May call functions taking tty->buf.lock
552  */
553
554 int tty_prepare_flip_string(struct tty_struct *tty, unsigned char **chars, size_t size)
555 {
556         int space = tty_buffer_request_room(tty, size);
557         if (likely(space)) {
558                 struct tty_buffer *tb = tty->buf.tail;
559                 *chars = tb->char_buf_ptr + tb->used;
560                 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
561                 tb->used += space;
562         }
563         return space;
564 }
565
566 EXPORT_SYMBOL_GPL(tty_prepare_flip_string);
567
568 /**
569  *      tty_prepare_flip_string_flags   -       make room for characters
570  *      @tty: tty
571  *      @chars: return pointer for character write area
572  *      @flags: return pointer for status flag write area
573  *      @size: desired size
574  *
575  *      Prepare a block of space in the buffer for data. Returns the length
576  *      available and buffer pointer to the space which is now allocated and
577  *      accounted for as ready for characters. This is used for drivers
578  *      that need their own block copy routines into the buffer. There is no
579  *      guarantee the buffer is a DMA target!
580  *
581  *      Locking: May call functions taking tty->buf.lock
582  */
583
584 int tty_prepare_flip_string_flags(struct tty_struct *tty, unsigned char **chars, char **flags, size_t size)
585 {
586         int space = tty_buffer_request_room(tty, size);
587         if (likely(space)) {
588                 struct tty_buffer *tb = tty->buf.tail;
589                 *chars = tb->char_buf_ptr + tb->used;
590                 *flags = tb->flag_buf_ptr + tb->used;
591                 tb->used += space;
592         }
593         return space;
594 }
595
596 EXPORT_SYMBOL_GPL(tty_prepare_flip_string_flags);
597
598
599
600 /**
601  *      tty_set_termios_ldisc           -       set ldisc field
602  *      @tty: tty structure
603  *      @num: line discipline number
604  *
605  *      This is probably overkill for real world processors but
606  *      they are not on hot paths so a little discipline won't do 
607  *      any harm.
608  *
609  *      Locking: takes termios_mutex
610  */
611  
612 static void tty_set_termios_ldisc(struct tty_struct *tty, int num)
613 {
614         mutex_lock(&tty->termios_mutex);
615         tty->termios->c_line = num;
616         mutex_unlock(&tty->termios_mutex);
617 }
618
619 /*
620  *      This guards the refcounted line discipline lists. The lock
621  *      must be taken with irqs off because there are hangup path
622  *      callers who will do ldisc lookups and cannot sleep.
623  */
624  
625 static DEFINE_SPINLOCK(tty_ldisc_lock);
626 static DECLARE_WAIT_QUEUE_HEAD(tty_ldisc_wait);
627 static struct tty_ldisc tty_ldiscs[NR_LDISCS];  /* line disc dispatch table */
628
629 /**
630  *      tty_register_ldisc      -       install a line discipline
631  *      @disc: ldisc number
632  *      @new_ldisc: pointer to the ldisc object
633  *
634  *      Installs a new line discipline into the kernel. The discipline
635  *      is set up as unreferenced and then made available to the kernel
636  *      from this point onwards.
637  *
638  *      Locking:
639  *              takes tty_ldisc_lock to guard against ldisc races
640  */
641
642 int tty_register_ldisc(int disc, struct tty_ldisc *new_ldisc)
643 {
644         unsigned long flags;
645         int ret = 0;
646         
647         if (disc < N_TTY || disc >= NR_LDISCS)
648                 return -EINVAL;
649         
650         spin_lock_irqsave(&tty_ldisc_lock, flags);
651         tty_ldiscs[disc] = *new_ldisc;
652         tty_ldiscs[disc].num = disc;
653         tty_ldiscs[disc].flags |= LDISC_FLAG_DEFINED;
654         tty_ldiscs[disc].refcount = 0;
655         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
656         
657         return ret;
658 }
659 EXPORT_SYMBOL(tty_register_ldisc);
660
661 /**
662  *      tty_unregister_ldisc    -       unload a line discipline
663  *      @disc: ldisc number
664  *      @new_ldisc: pointer to the ldisc object
665  *
666  *      Remove a line discipline from the kernel providing it is not
667  *      currently in use.
668  *
669  *      Locking:
670  *              takes tty_ldisc_lock to guard against ldisc races
671  */
672
673 int tty_unregister_ldisc(int disc)
674 {
675         unsigned long flags;
676         int ret = 0;
677
678         if (disc < N_TTY || disc >= NR_LDISCS)
679                 return -EINVAL;
680
681         spin_lock_irqsave(&tty_ldisc_lock, flags);
682         if (tty_ldiscs[disc].refcount)
683                 ret = -EBUSY;
684         else
685                 tty_ldiscs[disc].flags &= ~LDISC_FLAG_DEFINED;
686         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
687
688         return ret;
689 }
690 EXPORT_SYMBOL(tty_unregister_ldisc);
691
692 /**
693  *      tty_ldisc_get           -       take a reference to an ldisc
694  *      @disc: ldisc number
695  *
696  *      Takes a reference to a line discipline. Deals with refcounts and
697  *      module locking counts. Returns NULL if the discipline is not available.
698  *      Returns a pointer to the discipline and bumps the ref count if it is
699  *      available
700  *
701  *      Locking:
702  *              takes tty_ldisc_lock to guard against ldisc races
703  */
704
705 struct tty_ldisc *tty_ldisc_get(int disc)
706 {
707         unsigned long flags;
708         struct tty_ldisc *ld;
709
710         if (disc < N_TTY || disc >= NR_LDISCS)
711                 return NULL;
712         
713         spin_lock_irqsave(&tty_ldisc_lock, flags);
714
715         ld = &tty_ldiscs[disc];
716         /* Check the entry is defined */
717         if(ld->flags & LDISC_FLAG_DEFINED)
718         {
719                 /* If the module is being unloaded we can't use it */
720                 if (!try_module_get(ld->owner))
721                         ld = NULL;
722                 else /* lock it */
723                         ld->refcount++;
724         }
725         else
726                 ld = NULL;
727         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
728         return ld;
729 }
730
731 EXPORT_SYMBOL_GPL(tty_ldisc_get);
732
733 /**
734  *      tty_ldisc_put           -       drop ldisc reference
735  *      @disc: ldisc number
736  *
737  *      Drop a reference to a line discipline. Manage refcounts and
738  *      module usage counts
739  *
740  *      Locking:
741  *              takes tty_ldisc_lock to guard against ldisc races
742  */
743
744 void tty_ldisc_put(int disc)
745 {
746         struct tty_ldisc *ld;
747         unsigned long flags;
748         
749         BUG_ON(disc < N_TTY || disc >= NR_LDISCS);
750                 
751         spin_lock_irqsave(&tty_ldisc_lock, flags);
752         ld = &tty_ldiscs[disc];
753         BUG_ON(ld->refcount == 0);
754         ld->refcount--;
755         module_put(ld->owner);
756         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
757 }
758         
759 EXPORT_SYMBOL_GPL(tty_ldisc_put);
760
761 /**
762  *      tty_ldisc_assign        -       set ldisc on a tty
763  *      @tty: tty to assign
764  *      @ld: line discipline
765  *
766  *      Install an instance of a line discipline into a tty structure. The
767  *      ldisc must have a reference count above zero to ensure it remains/
768  *      The tty instance refcount starts at zero.
769  *
770  *      Locking:
771  *              Caller must hold references
772  */
773
774 static void tty_ldisc_assign(struct tty_struct *tty, struct tty_ldisc *ld)
775 {
776         tty->ldisc = *ld;
777         tty->ldisc.refcount = 0;
778 }
779
780 /**
781  *      tty_ldisc_try           -       internal helper
782  *      @tty: the tty
783  *
784  *      Make a single attempt to grab and bump the refcount on
785  *      the tty ldisc. Return 0 on failure or 1 on success. This is
786  *      used to implement both the waiting and non waiting versions
787  *      of tty_ldisc_ref
788  *
789  *      Locking: takes tty_ldisc_lock
790  */
791
792 static int tty_ldisc_try(struct tty_struct *tty)
793 {
794         unsigned long flags;
795         struct tty_ldisc *ld;
796         int ret = 0;
797         
798         spin_lock_irqsave(&tty_ldisc_lock, flags);
799         ld = &tty->ldisc;
800         if(test_bit(TTY_LDISC, &tty->flags))
801         {
802                 ld->refcount++;
803                 ret = 1;
804         }
805         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
806         return ret;
807 }
808
809 /**
810  *      tty_ldisc_ref_wait      -       wait for the tty ldisc
811  *      @tty: tty device
812  *
813  *      Dereference the line discipline for the terminal and take a 
814  *      reference to it. If the line discipline is in flux then 
815  *      wait patiently until it changes.
816  *
817  *      Note: Must not be called from an IRQ/timer context. The caller
818  *      must also be careful not to hold other locks that will deadlock
819  *      against a discipline change, such as an existing ldisc reference
820  *      (which we check for)
821  *
822  *      Locking: call functions take tty_ldisc_lock
823  */
824  
825 struct tty_ldisc *tty_ldisc_ref_wait(struct tty_struct *tty)
826 {
827         /* wait_event is a macro */
828         wait_event(tty_ldisc_wait, tty_ldisc_try(tty));
829         if(tty->ldisc.refcount == 0)
830                 printk(KERN_ERR "tty_ldisc_ref_wait\n");
831         return &tty->ldisc;
832 }
833
834 EXPORT_SYMBOL_GPL(tty_ldisc_ref_wait);
835
836 /**
837  *      tty_ldisc_ref           -       get the tty ldisc
838  *      @tty: tty device
839  *
840  *      Dereference the line discipline for the terminal and take a 
841  *      reference to it. If the line discipline is in flux then 
842  *      return NULL. Can be called from IRQ and timer functions.
843  *
844  *      Locking: called functions take tty_ldisc_lock
845  */
846  
847 struct tty_ldisc *tty_ldisc_ref(struct tty_struct *tty)
848 {
849         if(tty_ldisc_try(tty))
850                 return &tty->ldisc;
851         return NULL;
852 }
853
854 EXPORT_SYMBOL_GPL(tty_ldisc_ref);
855
856 /**
857  *      tty_ldisc_deref         -       free a tty ldisc reference
858  *      @ld: reference to free up
859  *
860  *      Undoes the effect of tty_ldisc_ref or tty_ldisc_ref_wait. May
861  *      be called in IRQ context.
862  *
863  *      Locking: takes tty_ldisc_lock
864  */
865  
866 void tty_ldisc_deref(struct tty_ldisc *ld)
867 {
868         unsigned long flags;
869
870         BUG_ON(ld == NULL);
871                 
872         spin_lock_irqsave(&tty_ldisc_lock, flags);
873         if(ld->refcount == 0)
874                 printk(KERN_ERR "tty_ldisc_deref: no references.\n");
875         else
876                 ld->refcount--;
877         if(ld->refcount == 0)
878                 wake_up(&tty_ldisc_wait);
879         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
880 }
881
882 EXPORT_SYMBOL_GPL(tty_ldisc_deref);
883
884 /**
885  *      tty_ldisc_enable        -       allow ldisc use
886  *      @tty: terminal to activate ldisc on
887  *
888  *      Set the TTY_LDISC flag when the line discipline can be called
889  *      again. Do neccessary wakeups for existing sleepers.
890  *
891  *      Note: nobody should set this bit except via this function. Clearing
892  *      directly is allowed.
893  */
894
895 static void tty_ldisc_enable(struct tty_struct *tty)
896 {
897         set_bit(TTY_LDISC, &tty->flags);
898         wake_up(&tty_ldisc_wait);
899 }
900         
901 /**
902  *      tty_set_ldisc           -       set line discipline
903  *      @tty: the terminal to set
904  *      @ldisc: the line discipline
905  *
906  *      Set the discipline of a tty line. Must be called from a process
907  *      context.
908  *
909  *      Locking: takes tty_ldisc_lock.
910  *               called functions take termios_mutex
911  */
912  
913 static int tty_set_ldisc(struct tty_struct *tty, int ldisc)
914 {
915         int retval = 0;
916         struct tty_ldisc o_ldisc;
917         char buf[64];
918         int work;
919         unsigned long flags;
920         struct tty_ldisc *ld;
921         struct tty_struct *o_tty;
922
923         if ((ldisc < N_TTY) || (ldisc >= NR_LDISCS))
924                 return -EINVAL;
925
926 restart:
927
928         ld = tty_ldisc_get(ldisc);
929         /* Eduardo Blanco <ejbs@cs.cs.com.uy> */
930         /* Cyrus Durgin <cider@speakeasy.org> */
931         if (ld == NULL) {
932                 request_module("tty-ldisc-%d", ldisc);
933                 ld = tty_ldisc_get(ldisc);
934         }
935         if (ld == NULL)
936                 return -EINVAL;
937
938         /*
939          *      No more input please, we are switching. The new ldisc
940          *      will update this value in the ldisc open function
941          */
942
943         tty->receive_room = 0;
944
945         /*
946          *      Problem: What do we do if this blocks ?
947          */
948
949         tty_wait_until_sent(tty, 0);
950
951         if (tty->ldisc.num == ldisc) {
952                 tty_ldisc_put(ldisc);
953                 return 0;
954         }
955
956         o_ldisc = tty->ldisc;
957         o_tty = tty->link;
958
959         /*
960          *      Make sure we don't change while someone holds a
961          *      reference to the line discipline. The TTY_LDISC bit
962          *      prevents anyone taking a reference once it is clear.
963          *      We need the lock to avoid racing reference takers.
964          */
965
966         spin_lock_irqsave(&tty_ldisc_lock, flags);
967         if (tty->ldisc.refcount || (o_tty && o_tty->ldisc.refcount)) {
968                 if(tty->ldisc.refcount) {
969                         /* Free the new ldisc we grabbed. Must drop the lock
970                            first. */
971                         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
972                         tty_ldisc_put(ldisc);
973                         /*
974                          * There are several reasons we may be busy, including
975                          * random momentary I/O traffic. We must therefore
976                          * retry. We could distinguish between blocking ops
977                          * and retries if we made tty_ldisc_wait() smarter. That
978                          * is up for discussion.
979                          */
980                         if (wait_event_interruptible(tty_ldisc_wait, tty->ldisc.refcount == 0) < 0)
981                                 return -ERESTARTSYS;
982                         goto restart;
983                 }
984                 if(o_tty && o_tty->ldisc.refcount) {
985                         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
986                         tty_ldisc_put(ldisc);
987                         if (wait_event_interruptible(tty_ldisc_wait, o_tty->ldisc.refcount == 0) < 0)
988                                 return -ERESTARTSYS;
989                         goto restart;
990                 }
991         }
992
993         /* if the TTY_LDISC bit is set, then we are racing against another ldisc change */
994
995         if (!test_bit(TTY_LDISC, &tty->flags)) {
996                 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
997                 tty_ldisc_put(ldisc);
998                 ld = tty_ldisc_ref_wait(tty);
999                 tty_ldisc_deref(ld);
1000                 goto restart;
1001         }
1002
1003         clear_bit(TTY_LDISC, &tty->flags);
1004         if (o_tty)
1005                 clear_bit(TTY_LDISC, &o_tty->flags);
1006         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1007
1008         /*
1009          *      From this point on we know nobody has an ldisc
1010          *      usage reference, nor can they obtain one until
1011          *      we say so later on.
1012          */
1013
1014         work = cancel_delayed_work(&tty->buf.work);
1015         /*
1016          * Wait for ->hangup_work and ->buf.work handlers to terminate
1017          */
1018          
1019         flush_scheduled_work();
1020         /* Shutdown the current discipline. */
1021         if (tty->ldisc.close)
1022                 (tty->ldisc.close)(tty);
1023
1024         /* Now set up the new line discipline. */
1025         tty_ldisc_assign(tty, ld);
1026         tty_set_termios_ldisc(tty, ldisc);
1027         if (tty->ldisc.open)
1028                 retval = (tty->ldisc.open)(tty);
1029         if (retval < 0) {
1030                 tty_ldisc_put(ldisc);
1031                 /* There is an outstanding reference here so this is safe */
1032                 tty_ldisc_assign(tty, tty_ldisc_get(o_ldisc.num));
1033                 tty_set_termios_ldisc(tty, tty->ldisc.num);
1034                 if (tty->ldisc.open && (tty->ldisc.open(tty) < 0)) {
1035                         tty_ldisc_put(o_ldisc.num);
1036                         /* This driver is always present */
1037                         tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
1038                         tty_set_termios_ldisc(tty, N_TTY);
1039                         if (tty->ldisc.open) {
1040                                 int r = tty->ldisc.open(tty);
1041
1042                                 if (r < 0)
1043                                         panic("Couldn't open N_TTY ldisc for "
1044                                               "%s --- error %d.",
1045                                               tty_name(tty, buf), r);
1046                         }
1047                 }
1048         }
1049         /* At this point we hold a reference to the new ldisc and a
1050            a reference to the old ldisc. If we ended up flipping back
1051            to the existing ldisc we have two references to it */
1052         
1053         if (tty->ldisc.num != o_ldisc.num && tty->driver->set_ldisc)
1054                 tty->driver->set_ldisc(tty);
1055                 
1056         tty_ldisc_put(o_ldisc.num);
1057         
1058         /*
1059          *      Allow ldisc referencing to occur as soon as the driver
1060          *      ldisc callback completes.
1061          */
1062          
1063         tty_ldisc_enable(tty);
1064         if (o_tty)
1065                 tty_ldisc_enable(o_tty);
1066         
1067         /* Restart it in case no characters kick it off. Safe if
1068            already running */
1069         if (work)
1070                 schedule_delayed_work(&tty->buf.work, 1);
1071         return retval;
1072 }
1073
1074 /**
1075  *      get_tty_driver          -       find device of a tty
1076  *      @dev_t: device identifier
1077  *      @index: returns the index of the tty
1078  *
1079  *      This routine returns a tty driver structure, given a device number
1080  *      and also passes back the index number.
1081  *
1082  *      Locking: caller must hold tty_mutex
1083  */
1084
1085 static struct tty_driver *get_tty_driver(dev_t device, int *index)
1086 {
1087         struct tty_driver *p;
1088
1089         list_for_each_entry(p, &tty_drivers, tty_drivers) {
1090                 dev_t base = MKDEV(p->major, p->minor_start);
1091                 if (device < base || device >= base + p->num)
1092                         continue;
1093                 *index = device - base;
1094                 return p;
1095         }
1096         return NULL;
1097 }
1098
1099 /**
1100  *      tty_check_change        -       check for POSIX terminal changes
1101  *      @tty: tty to check
1102  *
1103  *      If we try to write to, or set the state of, a terminal and we're
1104  *      not in the foreground, send a SIGTTOU.  If the signal is blocked or
1105  *      ignored, go ahead and perform the operation.  (POSIX 7.2)
1106  *
1107  *      Locking: none
1108  */
1109
1110 int tty_check_change(struct tty_struct * tty)
1111 {
1112         if (current->signal->tty != tty)
1113                 return 0;
1114         if (!tty->pgrp) {
1115                 printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n");
1116                 return 0;
1117         }
1118         if (task_pgrp(current) == tty->pgrp)
1119                 return 0;
1120         if (is_ignored(SIGTTOU))
1121                 return 0;
1122         if (is_current_pgrp_orphaned())
1123                 return -EIO;
1124         (void) kill_pgrp(task_pgrp(current), SIGTTOU, 1);
1125         return -ERESTARTSYS;
1126 }
1127
1128 EXPORT_SYMBOL(tty_check_change);
1129
1130 static ssize_t hung_up_tty_read(struct file * file, char __user * buf,
1131                                 size_t count, loff_t *ppos)
1132 {
1133         return 0;
1134 }
1135
1136 static ssize_t hung_up_tty_write(struct file * file, const char __user * buf,
1137                                  size_t count, loff_t *ppos)
1138 {
1139         return -EIO;
1140 }
1141
1142 /* No kernel lock held - none needed ;) */
1143 static unsigned int hung_up_tty_poll(struct file * filp, poll_table * wait)
1144 {
1145         return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
1146 }
1147
1148 static int hung_up_tty_ioctl(struct inode * inode, struct file * file,
1149                              unsigned int cmd, unsigned long arg)
1150 {
1151         return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
1152 }
1153
1154 static const struct file_operations tty_fops = {
1155         .llseek         = no_llseek,
1156         .read           = tty_read,
1157         .write          = tty_write,
1158         .poll           = tty_poll,
1159         .ioctl          = tty_ioctl,
1160         .open           = tty_open,
1161         .release        = tty_release,
1162         .fasync         = tty_fasync,
1163 };
1164
1165 #ifdef CONFIG_UNIX98_PTYS
1166 static const struct file_operations ptmx_fops = {
1167         .llseek         = no_llseek,
1168         .read           = tty_read,
1169         .write          = tty_write,
1170         .poll           = tty_poll,
1171         .ioctl          = tty_ioctl,
1172         .open           = ptmx_open,
1173         .release        = tty_release,
1174         .fasync         = tty_fasync,
1175 };
1176 #endif
1177
1178 static const struct file_operations console_fops = {
1179         .llseek         = no_llseek,
1180         .read           = tty_read,
1181         .write          = redirected_tty_write,
1182         .poll           = tty_poll,
1183         .ioctl          = tty_ioctl,
1184         .open           = tty_open,
1185         .release        = tty_release,
1186         .fasync         = tty_fasync,
1187 };
1188
1189 static const struct file_operations hung_up_tty_fops = {
1190         .llseek         = no_llseek,
1191         .read           = hung_up_tty_read,
1192         .write          = hung_up_tty_write,
1193         .poll           = hung_up_tty_poll,
1194         .ioctl          = hung_up_tty_ioctl,
1195         .release        = tty_release,
1196 };
1197
1198 static DEFINE_SPINLOCK(redirect_lock);
1199 static struct file *redirect;
1200
1201 /**
1202  *      tty_wakeup      -       request more data
1203  *      @tty: terminal
1204  *
1205  *      Internal and external helper for wakeups of tty. This function
1206  *      informs the line discipline if present that the driver is ready
1207  *      to receive more output data.
1208  */
1209  
1210 void tty_wakeup(struct tty_struct *tty)
1211 {
1212         struct tty_ldisc *ld;
1213         
1214         if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
1215                 ld = tty_ldisc_ref(tty);
1216                 if(ld) {
1217                         if(ld->write_wakeup)
1218                                 ld->write_wakeup(tty);
1219                         tty_ldisc_deref(ld);
1220                 }
1221         }
1222         wake_up_interruptible(&tty->write_wait);
1223 }
1224
1225 EXPORT_SYMBOL_GPL(tty_wakeup);
1226
1227 /**
1228  *      tty_ldisc_flush -       flush line discipline queue
1229  *      @tty: tty
1230  *
1231  *      Flush the line discipline queue (if any) for this tty. If there
1232  *      is no line discipline active this is a no-op.
1233  */
1234  
1235 void tty_ldisc_flush(struct tty_struct *tty)
1236 {
1237         struct tty_ldisc *ld = tty_ldisc_ref(tty);
1238         if(ld) {
1239                 if(ld->flush_buffer)
1240                         ld->flush_buffer(tty);
1241                 tty_ldisc_deref(ld);
1242         }
1243 }
1244
1245 EXPORT_SYMBOL_GPL(tty_ldisc_flush);
1246
1247 /**
1248  *      tty_reset_termios       -       reset terminal state
1249  *      @tty: tty to reset
1250  *
1251  *      Restore a terminal to the driver default state
1252  */
1253
1254 static void tty_reset_termios(struct tty_struct *tty)
1255 {
1256         mutex_lock(&tty->termios_mutex);
1257         *tty->termios = tty->driver->init_termios;
1258         tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
1259         tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
1260         mutex_unlock(&tty->termios_mutex);
1261 }
1262         
1263 /**
1264  *      do_tty_hangup           -       actual handler for hangup events
1265  *      @work: tty device
1266  *
1267  *      This can be called by the "eventd" kernel thread.  That is process
1268  *      synchronous but doesn't hold any locks, so we need to make sure we
1269  *      have the appropriate locks for what we're doing.
1270  *
1271  *      The hangup event clears any pending redirections onto the hung up
1272  *      device. It ensures future writes will error and it does the needed
1273  *      line discipline hangup and signal delivery. The tty object itself
1274  *      remains intact.
1275  *
1276  *      Locking:
1277  *              BKL
1278  *                redirect lock for undoing redirection
1279  *                file list lock for manipulating list of ttys
1280  *                tty_ldisc_lock from called functions
1281  *                termios_mutex resetting termios data
1282  *                tasklist_lock to walk task list for hangup event
1283  *                  ->siglock to protect ->signal/->sighand
1284  */
1285 static void do_tty_hangup(struct work_struct *work)
1286 {
1287         struct tty_struct *tty =
1288                 container_of(work, struct tty_struct, hangup_work);
1289         struct file * cons_filp = NULL;
1290         struct file *filp, *f = NULL;
1291         struct task_struct *p;
1292         struct tty_ldisc *ld;
1293         int    closecount = 0, n;
1294
1295         if (!tty)
1296                 return;
1297
1298         /* inuse_filps is protected by the single kernel lock */
1299         lock_kernel();
1300
1301         spin_lock(&redirect_lock);
1302         if (redirect && redirect->private_data == tty) {
1303                 f = redirect;
1304                 redirect = NULL;
1305         }
1306         spin_unlock(&redirect_lock);
1307         
1308         check_tty_count(tty, "do_tty_hangup");
1309         file_list_lock();
1310         /* This breaks for file handles being sent over AF_UNIX sockets ? */
1311         list_for_each_entry(filp, &tty->tty_files, f_u.fu_list) {
1312                 if (filp->f_op->write == redirected_tty_write)
1313                         cons_filp = filp;
1314                 if (filp->f_op->write != tty_write)
1315                         continue;
1316                 closecount++;
1317                 tty_fasync(-1, filp, 0);        /* can't block */
1318                 filp->f_op = &hung_up_tty_fops;
1319         }
1320         file_list_unlock();
1321         
1322         /* FIXME! What are the locking issues here? This may me overdoing things..
1323          * this question is especially important now that we've removed the irqlock. */
1324
1325         ld = tty_ldisc_ref(tty);
1326         if(ld != NULL)  /* We may have no line discipline at this point */
1327         {
1328                 if (ld->flush_buffer)
1329                         ld->flush_buffer(tty);
1330                 if (tty->driver->flush_buffer)
1331                         tty->driver->flush_buffer(tty);
1332                 if ((test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) &&
1333                     ld->write_wakeup)
1334                         ld->write_wakeup(tty);
1335                 if (ld->hangup)
1336                         ld->hangup(tty);
1337         }
1338
1339         /* FIXME: Once we trust the LDISC code better we can wait here for
1340            ldisc completion and fix the driver call race */
1341            
1342         wake_up_interruptible(&tty->write_wait);
1343         wake_up_interruptible(&tty->read_wait);
1344
1345         /*
1346          * Shutdown the current line discipline, and reset it to
1347          * N_TTY.
1348          */
1349         if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1350                 tty_reset_termios(tty);
1351         
1352         /* Defer ldisc switch */
1353         /* tty_deferred_ldisc_switch(N_TTY);
1354         
1355           This should get done automatically when the port closes and
1356           tty_release is called */
1357         
1358         read_lock(&tasklist_lock);
1359         if (tty->session) {
1360                 do_each_pid_task(tty->session, PIDTYPE_SID, p) {
1361                         spin_lock_irq(&p->sighand->siglock);
1362                         if (p->signal->tty == tty)
1363                                 p->signal->tty = NULL;
1364                         if (!p->signal->leader) {
1365                                 spin_unlock_irq(&p->sighand->siglock);
1366                                 continue;
1367                         }
1368                         __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
1369                         __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
1370                         put_pid(p->signal->tty_old_pgrp);  /* A noop */
1371                         if (tty->pgrp)
1372                                 p->signal->tty_old_pgrp = get_pid(tty->pgrp);
1373                         spin_unlock_irq(&p->sighand->siglock);
1374                 } while_each_pid_task(tty->session, PIDTYPE_SID, p);
1375         }
1376         read_unlock(&tasklist_lock);
1377
1378         tty->flags = 0;
1379         tty->session = NULL;
1380         tty->pgrp = NULL;
1381         tty->ctrl_status = 0;
1382         /*
1383          *      If one of the devices matches a console pointer, we
1384          *      cannot just call hangup() because that will cause
1385          *      tty->count and state->count to go out of sync.
1386          *      So we just call close() the right number of times.
1387          */
1388         if (cons_filp) {
1389                 if (tty->driver->close)
1390                         for (n = 0; n < closecount; n++)
1391                                 tty->driver->close(tty, cons_filp);
1392         } else if (tty->driver->hangup)
1393                 (tty->driver->hangup)(tty);
1394                 
1395         /* We don't want to have driver/ldisc interactions beyond
1396            the ones we did here. The driver layer expects no
1397            calls after ->hangup() from the ldisc side. However we
1398            can't yet guarantee all that */
1399
1400         set_bit(TTY_HUPPED, &tty->flags);
1401         if (ld) {
1402                 tty_ldisc_enable(tty);
1403                 tty_ldisc_deref(ld);
1404         }
1405         unlock_kernel();
1406         if (f)
1407                 fput(f);
1408 }
1409
1410 /**
1411  *      tty_hangup              -       trigger a hangup event
1412  *      @tty: tty to hangup
1413  *
1414  *      A carrier loss (virtual or otherwise) has occurred on this like
1415  *      schedule a hangup sequence to run after this event.
1416  */
1417
1418 void tty_hangup(struct tty_struct * tty)
1419 {
1420 #ifdef TTY_DEBUG_HANGUP
1421         char    buf[64];
1422         
1423         printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
1424 #endif
1425         schedule_work(&tty->hangup_work);
1426 }
1427
1428 EXPORT_SYMBOL(tty_hangup);
1429
1430 /**
1431  *      tty_vhangup             -       process vhangup
1432  *      @tty: tty to hangup
1433  *
1434  *      The user has asked via system call for the terminal to be hung up.
1435  *      We do this synchronously so that when the syscall returns the process
1436  *      is complete. That guarantee is neccessary for security reasons.
1437  */
1438
1439 void tty_vhangup(struct tty_struct * tty)
1440 {
1441 #ifdef TTY_DEBUG_HANGUP
1442         char    buf[64];
1443
1444         printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
1445 #endif
1446         do_tty_hangup(&tty->hangup_work);
1447 }
1448 EXPORT_SYMBOL(tty_vhangup);
1449
1450 /**
1451  *      tty_hung_up_p           -       was tty hung up
1452  *      @filp: file pointer of tty
1453  *
1454  *      Return true if the tty has been subject to a vhangup or a carrier
1455  *      loss
1456  */
1457
1458 int tty_hung_up_p(struct file * filp)
1459 {
1460         return (filp->f_op == &hung_up_tty_fops);
1461 }
1462
1463 EXPORT_SYMBOL(tty_hung_up_p);
1464
1465 static void session_clear_tty(struct pid *session)
1466 {
1467         struct task_struct *p;
1468         do_each_pid_task(session, PIDTYPE_SID, p) {
1469                 proc_clear_tty(p);
1470         } while_each_pid_task(session, PIDTYPE_SID, p);
1471 }
1472
1473 /**
1474  *      disassociate_ctty       -       disconnect controlling tty
1475  *      @on_exit: true if exiting so need to "hang up" the session
1476  *
1477  *      This function is typically called only by the session leader, when
1478  *      it wants to disassociate itself from its controlling tty.
1479  *
1480  *      It performs the following functions:
1481  *      (1)  Sends a SIGHUP and SIGCONT to the foreground process group
1482  *      (2)  Clears the tty from being controlling the session
1483  *      (3)  Clears the controlling tty for all processes in the
1484  *              session group.
1485  *
1486  *      The argument on_exit is set to 1 if called when a process is
1487  *      exiting; it is 0 if called by the ioctl TIOCNOTTY.
1488  *
1489  *      Locking:
1490  *              BKL is taken for hysterical raisins
1491  *                tty_mutex is taken to protect tty
1492  *                ->siglock is taken to protect ->signal/->sighand
1493  *                tasklist_lock is taken to walk process list for sessions
1494  *                  ->siglock is taken to protect ->signal/->sighand
1495  */
1496
1497 void disassociate_ctty(int on_exit)
1498 {
1499         struct tty_struct *tty;
1500         struct pid *tty_pgrp = NULL;
1501
1502         lock_kernel();
1503
1504         mutex_lock(&tty_mutex);
1505         tty = get_current_tty();
1506         if (tty) {
1507                 tty_pgrp = get_pid(tty->pgrp);
1508                 mutex_unlock(&tty_mutex);
1509                 /* XXX: here we race, there is nothing protecting tty */
1510                 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY)
1511                         tty_vhangup(tty);
1512         } else if (on_exit) {
1513                 struct pid *old_pgrp;
1514                 spin_lock_irq(&current->sighand->siglock);
1515                 old_pgrp = current->signal->tty_old_pgrp;
1516                 current->signal->tty_old_pgrp = NULL;
1517                 spin_unlock_irq(&current->sighand->siglock);
1518                 if (old_pgrp) {
1519                         kill_pgrp(old_pgrp, SIGHUP, on_exit);
1520                         kill_pgrp(old_pgrp, SIGCONT, on_exit);
1521                         put_pid(old_pgrp);
1522                 }
1523                 mutex_unlock(&tty_mutex);
1524                 unlock_kernel();        
1525                 return;
1526         }
1527         if (tty_pgrp) {
1528                 kill_pgrp(tty_pgrp, SIGHUP, on_exit);
1529                 if (!on_exit)
1530                         kill_pgrp(tty_pgrp, SIGCONT, on_exit);
1531                 put_pid(tty_pgrp);
1532         }
1533
1534         spin_lock_irq(&current->sighand->siglock);
1535         tty_pgrp = current->signal->tty_old_pgrp;
1536         current->signal->tty_old_pgrp = 0;
1537         spin_unlock_irq(&current->sighand->siglock);
1538         put_pid(tty_pgrp);
1539
1540         mutex_lock(&tty_mutex);
1541         /* It is possible that do_tty_hangup has free'd this tty */
1542         tty = get_current_tty();
1543         if (tty) {
1544                 put_pid(tty->session);
1545                 put_pid(tty->pgrp);
1546                 tty->session = NULL;
1547                 tty->pgrp = NULL;
1548         } else {
1549 #ifdef TTY_DEBUG_HANGUP
1550                 printk(KERN_DEBUG "error attempted to write to tty [0x%p]"
1551                        " = NULL", tty);
1552 #endif
1553         }
1554         mutex_unlock(&tty_mutex);
1555
1556         /* Now clear signal->tty under the lock */
1557         read_lock(&tasklist_lock);
1558         session_clear_tty(task_session(current));
1559         read_unlock(&tasklist_lock);
1560         unlock_kernel();
1561 }
1562
1563
1564 /**
1565  *      stop_tty        -       propogate flow control
1566  *      @tty: tty to stop
1567  *
1568  *      Perform flow control to the driver. For PTY/TTY pairs we
1569  *      must also propogate the TIOCKPKT status. May be called
1570  *      on an already stopped device and will not re-call the driver
1571  *      method.
1572  *
1573  *      This functionality is used by both the line disciplines for
1574  *      halting incoming flow and by the driver. It may therefore be
1575  *      called from any context, may be under the tty atomic_write_lock
1576  *      but not always.
1577  *
1578  *      Locking:
1579  *              Broken. Relies on BKL which is unsafe here.
1580  */
1581
1582 void stop_tty(struct tty_struct *tty)
1583 {
1584         if (tty->stopped)
1585                 return;
1586         tty->stopped = 1;
1587         if (tty->link && tty->link->packet) {
1588                 tty->ctrl_status &= ~TIOCPKT_START;
1589                 tty->ctrl_status |= TIOCPKT_STOP;
1590                 wake_up_interruptible(&tty->link->read_wait);
1591         }
1592         if (tty->driver->stop)
1593                 (tty->driver->stop)(tty);
1594 }
1595
1596 EXPORT_SYMBOL(stop_tty);
1597
1598 /**
1599  *      start_tty       -       propogate flow control
1600  *      @tty: tty to start
1601  *
1602  *      Start a tty that has been stopped if at all possible. Perform
1603  *      any neccessary wakeups and propogate the TIOCPKT status. If this
1604  *      is the tty was previous stopped and is being started then the
1605  *      driver start method is invoked and the line discipline woken.
1606  *
1607  *      Locking:
1608  *              Broken. Relies on BKL which is unsafe here.
1609  */
1610
1611 void start_tty(struct tty_struct *tty)
1612 {
1613         if (!tty->stopped || tty->flow_stopped)
1614                 return;
1615         tty->stopped = 0;
1616         if (tty->link && tty->link->packet) {
1617                 tty->ctrl_status &= ~TIOCPKT_STOP;
1618                 tty->ctrl_status |= TIOCPKT_START;
1619                 wake_up_interruptible(&tty->link->read_wait);
1620         }
1621         if (tty->driver->start)
1622                 (tty->driver->start)(tty);
1623
1624         /* If we have a running line discipline it may need kicking */
1625         tty_wakeup(tty);
1626 }
1627
1628 EXPORT_SYMBOL(start_tty);
1629
1630 /**
1631  *      tty_read        -       read method for tty device files
1632  *      @file: pointer to tty file
1633  *      @buf: user buffer
1634  *      @count: size of user buffer
1635  *      @ppos: unused
1636  *
1637  *      Perform the read system call function on this terminal device. Checks
1638  *      for hung up devices before calling the line discipline method.
1639  *
1640  *      Locking:
1641  *              Locks the line discipline internally while needed
1642  *              For historical reasons the line discipline read method is
1643  *      invoked under the BKL. This will go away in time so do not rely on it
1644  *      in new code. Multiple read calls may be outstanding in parallel.
1645  */
1646
1647 static ssize_t tty_read(struct file * file, char __user * buf, size_t count, 
1648                         loff_t *ppos)
1649 {
1650         int i;
1651         struct tty_struct * tty;
1652         struct inode *inode;
1653         struct tty_ldisc *ld;
1654
1655         tty = (struct tty_struct *)file->private_data;
1656         inode = file->f_path.dentry->d_inode;
1657         if (tty_paranoia_check(tty, inode, "tty_read"))
1658                 return -EIO;
1659         if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
1660                 return -EIO;
1661
1662         /* We want to wait for the line discipline to sort out in this
1663            situation */
1664         ld = tty_ldisc_ref_wait(tty);
1665         lock_kernel();
1666         if (ld->read)
1667                 i = (ld->read)(tty,file,buf,count);
1668         else
1669                 i = -EIO;
1670         tty_ldisc_deref(ld);
1671         unlock_kernel();
1672         if (i > 0)
1673                 inode->i_atime = current_fs_time(inode->i_sb);
1674         return i;
1675 }
1676
1677 /*
1678  * Split writes up in sane blocksizes to avoid
1679  * denial-of-service type attacks
1680  */
1681 static inline ssize_t do_tty_write(
1682         ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1683         struct tty_struct *tty,
1684         struct file *file,
1685         const char __user *buf,
1686         size_t count)
1687 {
1688         ssize_t ret = 0, written = 0;
1689         unsigned int chunk;
1690         
1691         /* FIXME: O_NDELAY ... */
1692         if (mutex_lock_interruptible(&tty->atomic_write_lock)) {
1693                 return -ERESTARTSYS;
1694         }
1695
1696         /*
1697          * We chunk up writes into a temporary buffer. This
1698          * simplifies low-level drivers immensely, since they
1699          * don't have locking issues and user mode accesses.
1700          *
1701          * But if TTY_NO_WRITE_SPLIT is set, we should use a
1702          * big chunk-size..
1703          *
1704          * The default chunk-size is 2kB, because the NTTY
1705          * layer has problems with bigger chunks. It will
1706          * claim to be able to handle more characters than
1707          * it actually does.
1708          *
1709          * FIXME: This can probably go away now except that 64K chunks
1710          * are too likely to fail unless switched to vmalloc...
1711          */
1712         chunk = 2048;
1713         if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1714                 chunk = 65536;
1715         if (count < chunk)
1716                 chunk = count;
1717
1718         /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1719         if (tty->write_cnt < chunk) {
1720                 unsigned char *buf;
1721
1722                 if (chunk < 1024)
1723                         chunk = 1024;
1724
1725                 buf = kmalloc(chunk, GFP_KERNEL);
1726                 if (!buf) {
1727                         mutex_unlock(&tty->atomic_write_lock);
1728                         return -ENOMEM;
1729                 }
1730                 kfree(tty->write_buf);
1731                 tty->write_cnt = chunk;
1732                 tty->write_buf = buf;
1733         }
1734
1735         /* Do the write .. */
1736         for (;;) {
1737                 size_t size = count;
1738                 if (size > chunk)
1739                         size = chunk;
1740                 ret = -EFAULT;
1741                 if (copy_from_user(tty->write_buf, buf, size))
1742                         break;
1743                 lock_kernel();
1744                 ret = write(tty, file, tty->write_buf, size);
1745                 unlock_kernel();
1746                 if (ret <= 0)
1747                         break;
1748                 written += ret;
1749                 buf += ret;
1750                 count -= ret;
1751                 if (!count)
1752                         break;
1753                 ret = -ERESTARTSYS;
1754                 if (signal_pending(current))
1755                         break;
1756                 cond_resched();
1757         }
1758         if (written) {
1759                 struct inode *inode = file->f_path.dentry->d_inode;
1760                 inode->i_mtime = current_fs_time(inode->i_sb);
1761                 ret = written;
1762         }
1763         mutex_unlock(&tty->atomic_write_lock);
1764         return ret;
1765 }
1766
1767
1768 /**
1769  *      tty_write               -       write method for tty device file
1770  *      @file: tty file pointer
1771  *      @buf: user data to write
1772  *      @count: bytes to write
1773  *      @ppos: unused
1774  *
1775  *      Write data to a tty device via the line discipline.
1776  *
1777  *      Locking:
1778  *              Locks the line discipline as required
1779  *              Writes to the tty driver are serialized by the atomic_write_lock
1780  *      and are then processed in chunks to the device. The line discipline
1781  *      write method will not be involked in parallel for each device
1782  *              The line discipline write method is called under the big
1783  *      kernel lock for historical reasons. New code should not rely on this.
1784  */
1785
1786 static ssize_t tty_write(struct file * file, const char __user * buf, size_t count,
1787                          loff_t *ppos)
1788 {
1789         struct tty_struct * tty;
1790         struct inode *inode = file->f_path.dentry->d_inode;
1791         ssize_t ret;
1792         struct tty_ldisc *ld;
1793         
1794         tty = (struct tty_struct *)file->private_data;
1795         if (tty_paranoia_check(tty, inode, "tty_write"))
1796                 return -EIO;
1797         if (!tty || !tty->driver->write || (test_bit(TTY_IO_ERROR, &tty->flags)))
1798                 return -EIO;
1799
1800         ld = tty_ldisc_ref_wait(tty);           
1801         if (!ld->write)
1802                 ret = -EIO;
1803         else
1804                 ret = do_tty_write(ld->write, tty, file, buf, count);
1805         tty_ldisc_deref(ld);
1806         return ret;
1807 }
1808
1809 ssize_t redirected_tty_write(struct file * file, const char __user * buf, size_t count,
1810                          loff_t *ppos)
1811 {
1812         struct file *p = NULL;
1813
1814         spin_lock(&redirect_lock);
1815         if (redirect) {
1816                 get_file(redirect);
1817                 p = redirect;
1818         }
1819         spin_unlock(&redirect_lock);
1820
1821         if (p) {
1822                 ssize_t res;
1823                 res = vfs_write(p, buf, count, &p->f_pos);
1824                 fput(p);
1825                 return res;
1826         }
1827
1828         return tty_write(file, buf, count, ppos);
1829 }
1830
1831 static char ptychar[] = "pqrstuvwxyzabcde";
1832
1833 /**
1834  *      pty_line_name   -       generate name for a pty
1835  *      @driver: the tty driver in use
1836  *      @index: the minor number
1837  *      @p: output buffer of at least 6 bytes
1838  *
1839  *      Generate a name from a driver reference and write it to the output
1840  *      buffer.
1841  *
1842  *      Locking: None
1843  */
1844 static void pty_line_name(struct tty_driver *driver, int index, char *p)
1845 {
1846         int i = index + driver->name_base;
1847         /* ->name is initialized to "ttyp", but "tty" is expected */
1848         sprintf(p, "%s%c%x",
1849                         driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1850                         ptychar[i >> 4 & 0xf], i & 0xf);
1851 }
1852
1853 /**
1854  *      pty_line_name   -       generate name for a tty
1855  *      @driver: the tty driver in use
1856  *      @index: the minor number
1857  *      @p: output buffer of at least 7 bytes
1858  *
1859  *      Generate a name from a driver reference and write it to the output
1860  *      buffer.
1861  *
1862  *      Locking: None
1863  */
1864 static void tty_line_name(struct tty_driver *driver, int index, char *p)
1865 {
1866         sprintf(p, "%s%d", driver->name, index + driver->name_base);
1867 }
1868
1869 /**
1870  *      init_dev                -       initialise a tty device
1871  *      @driver: tty driver we are opening a device on
1872  *      @idx: device index
1873  *      @tty: returned tty structure
1874  *
1875  *      Prepare a tty device. This may not be a "new" clean device but
1876  *      could also be an active device. The pty drivers require special
1877  *      handling because of this.
1878  *
1879  *      Locking:
1880  *              The function is called under the tty_mutex, which
1881  *      protects us from the tty struct or driver itself going away.
1882  *
1883  *      On exit the tty device has the line discipline attached and
1884  *      a reference count of 1. If a pair was created for pty/tty use
1885  *      and the other was a pty master then it too has a reference count of 1.
1886  *
1887  * WSH 06/09/97: Rewritten to remove races and properly clean up after a
1888  * failed open.  The new code protects the open with a mutex, so it's
1889  * really quite straightforward.  The mutex locking can probably be
1890  * relaxed for the (most common) case of reopening a tty.
1891  */
1892
1893 static int init_dev(struct tty_driver *driver, int idx,
1894         struct tty_struct **ret_tty)
1895 {
1896         struct tty_struct *tty, *o_tty;
1897         struct ktermios *tp, **tp_loc, *o_tp, **o_tp_loc;
1898         struct ktermios *ltp, **ltp_loc, *o_ltp, **o_ltp_loc;
1899         int retval = 0;
1900
1901         /* check whether we're reopening an existing tty */
1902         if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1903                 tty = devpts_get_tty(idx);
1904                 if (tty && driver->subtype == PTY_TYPE_MASTER)
1905                         tty = tty->link;
1906         } else {
1907                 tty = driver->ttys[idx];
1908         }
1909         if (tty) goto fast_track;
1910
1911         /*
1912          * First time open is complex, especially for PTY devices.
1913          * This code guarantees that either everything succeeds and the
1914          * TTY is ready for operation, or else the table slots are vacated
1915          * and the allocated memory released.  (Except that the termios 
1916          * and locked termios may be retained.)
1917          */
1918
1919         if (!try_module_get(driver->owner)) {
1920                 retval = -ENODEV;
1921                 goto end_init;
1922         }
1923
1924         o_tty = NULL;
1925         tp = o_tp = NULL;
1926         ltp = o_ltp = NULL;
1927
1928         tty = alloc_tty_struct();
1929         if(!tty)
1930                 goto fail_no_mem;
1931         initialize_tty_struct(tty);
1932         tty->driver = driver;
1933         tty->index = idx;
1934         tty_line_name(driver, idx, tty->name);
1935
1936         if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1937                 tp_loc = &tty->termios;
1938                 ltp_loc = &tty->termios_locked;
1939         } else {
1940                 tp_loc = &driver->termios[idx];
1941                 ltp_loc = &driver->termios_locked[idx];
1942         }
1943
1944         if (!*tp_loc) {
1945                 tp = (struct ktermios *) kmalloc(sizeof(struct ktermios),
1946                                                 GFP_KERNEL);
1947                 if (!tp)
1948                         goto free_mem_out;
1949                 *tp = driver->init_termios;
1950         }
1951
1952         if (!*ltp_loc) {
1953                 ltp = (struct ktermios *) kmalloc(sizeof(struct ktermios),
1954                                                  GFP_KERNEL);
1955                 if (!ltp)
1956                         goto free_mem_out;
1957                 memset(ltp, 0, sizeof(struct ktermios));
1958         }
1959
1960         if (driver->type == TTY_DRIVER_TYPE_PTY) {
1961                 o_tty = alloc_tty_struct();
1962                 if (!o_tty)
1963                         goto free_mem_out;
1964                 initialize_tty_struct(o_tty);
1965                 o_tty->driver = driver->other;
1966                 o_tty->index = idx;
1967                 tty_line_name(driver->other, idx, o_tty->name);
1968
1969                 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1970                         o_tp_loc = &o_tty->termios;
1971                         o_ltp_loc = &o_tty->termios_locked;
1972                 } else {
1973                         o_tp_loc = &driver->other->termios[idx];
1974                         o_ltp_loc = &driver->other->termios_locked[idx];
1975                 }
1976
1977                 if (!*o_tp_loc) {
1978                         o_tp = (struct ktermios *)
1979                                 kmalloc(sizeof(struct ktermios), GFP_KERNEL);
1980                         if (!o_tp)
1981                                 goto free_mem_out;
1982                         *o_tp = driver->other->init_termios;
1983                 }
1984
1985                 if (!*o_ltp_loc) {
1986                         o_ltp = (struct ktermios *)
1987                                 kmalloc(sizeof(struct ktermios), GFP_KERNEL);
1988                         if (!o_ltp)
1989                                 goto free_mem_out;
1990                         memset(o_ltp, 0, sizeof(struct ktermios));
1991                 }
1992
1993                 /*
1994                  * Everything allocated ... set up the o_tty structure.
1995                  */
1996                 if (!(driver->other->flags & TTY_DRIVER_DEVPTS_MEM)) {
1997                         driver->other->ttys[idx] = o_tty;
1998                 }
1999                 if (!*o_tp_loc)
2000                         *o_tp_loc = o_tp;
2001                 if (!*o_ltp_loc)
2002                         *o_ltp_loc = o_ltp;
2003                 o_tty->termios = *o_tp_loc;
2004                 o_tty->termios_locked = *o_ltp_loc;
2005                 driver->other->refcount++;
2006                 if (driver->subtype == PTY_TYPE_MASTER)
2007                         o_tty->count++;
2008
2009                 /* Establish the links in both directions */
2010                 tty->link   = o_tty;
2011                 o_tty->link = tty;
2012         }
2013
2014         /* 
2015          * All structures have been allocated, so now we install them.
2016          * Failures after this point use release_tty to clean up, so
2017          * there's no need to null out the local pointers.
2018          */
2019         if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2020                 driver->ttys[idx] = tty;
2021         }
2022         
2023         if (!*tp_loc)
2024                 *tp_loc = tp;
2025         if (!*ltp_loc)
2026                 *ltp_loc = ltp;
2027         tty->termios = *tp_loc;
2028         tty->termios_locked = *ltp_loc;
2029         /* Compatibility until drivers always set this */
2030         tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
2031         tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
2032         driver->refcount++;
2033         tty->count++;
2034
2035         /* 
2036          * Structures all installed ... call the ldisc open routines.
2037          * If we fail here just call release_tty to clean up.  No need
2038          * to decrement the use counts, as release_tty doesn't care.
2039          */
2040
2041         if (tty->ldisc.open) {
2042                 retval = (tty->ldisc.open)(tty);
2043                 if (retval)
2044                         goto release_mem_out;
2045         }
2046         if (o_tty && o_tty->ldisc.open) {
2047                 retval = (o_tty->ldisc.open)(o_tty);
2048                 if (retval) {
2049                         if (tty->ldisc.close)
2050                                 (tty->ldisc.close)(tty);
2051                         goto release_mem_out;
2052                 }
2053                 tty_ldisc_enable(o_tty);
2054         }
2055         tty_ldisc_enable(tty);
2056         goto success;
2057
2058         /*
2059          * This fast open can be used if the tty is already open.
2060          * No memory is allocated, and the only failures are from
2061          * attempting to open a closing tty or attempting multiple
2062          * opens on a pty master.
2063          */
2064 fast_track:
2065         if (test_bit(TTY_CLOSING, &tty->flags)) {
2066                 retval = -EIO;
2067                 goto end_init;
2068         }
2069         if (driver->type == TTY_DRIVER_TYPE_PTY &&
2070             driver->subtype == PTY_TYPE_MASTER) {
2071                 /*
2072                  * special case for PTY masters: only one open permitted, 
2073                  * and the slave side open count is incremented as well.
2074                  */
2075                 if (tty->count) {
2076                         retval = -EIO;
2077                         goto end_init;
2078                 }
2079                 tty->link->count++;
2080         }
2081         tty->count++;
2082         tty->driver = driver; /* N.B. why do this every time?? */
2083
2084         /* FIXME */
2085         if(!test_bit(TTY_LDISC, &tty->flags))
2086                 printk(KERN_ERR "init_dev but no ldisc\n");
2087 success:
2088         *ret_tty = tty;
2089         
2090         /* All paths come through here to release the mutex */
2091 end_init:
2092         return retval;
2093
2094         /* Release locally allocated memory ... nothing placed in slots */
2095 free_mem_out:
2096         kfree(o_tp);
2097         if (o_tty)
2098                 free_tty_struct(o_tty);
2099         kfree(ltp);
2100         kfree(tp);
2101         free_tty_struct(tty);
2102
2103 fail_no_mem:
2104         module_put(driver->owner);
2105         retval = -ENOMEM;
2106         goto end_init;
2107
2108         /* call the tty release_tty routine to clean out this slot */
2109 release_mem_out:
2110         if (printk_ratelimit())
2111                 printk(KERN_INFO "init_dev: ldisc open failed, "
2112                                  "clearing slot %d\n", idx);
2113         release_tty(tty, idx);
2114         goto end_init;
2115 }
2116
2117 /**
2118  *      release_one_tty         -       release tty structure memory
2119  *
2120  *      Releases memory associated with a tty structure, and clears out the
2121  *      driver table slots. This function is called when a device is no longer
2122  *      in use. It also gets called when setup of a device fails.
2123  *
2124  *      Locking:
2125  *              tty_mutex - sometimes only
2126  *              takes the file list lock internally when working on the list
2127  *      of ttys that the driver keeps.
2128  *              FIXME: should we require tty_mutex is held here ??
2129  */
2130 static void release_one_tty(struct tty_struct *tty, int idx)
2131 {
2132         int devpts = tty->driver->flags & TTY_DRIVER_DEVPTS_MEM;
2133         struct ktermios *tp;
2134
2135         if (!devpts)
2136                 tty->driver->ttys[idx] = NULL;
2137
2138         if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
2139                 tp = tty->termios;
2140                 if (!devpts)
2141                         tty->driver->termios[idx] = NULL;
2142                 kfree(tp);
2143
2144                 tp = tty->termios_locked;
2145                 if (!devpts)
2146                         tty->driver->termios_locked[idx] = NULL;
2147                 kfree(tp);
2148         }
2149
2150
2151         tty->magic = 0;
2152         tty->driver->refcount--;
2153
2154         file_list_lock();
2155         list_del_init(&tty->tty_files);
2156         file_list_unlock();
2157
2158         free_tty_struct(tty);
2159 }
2160
2161 /**
2162  *      release_tty             -       release tty structure memory
2163  *
2164  *      Release both @tty and a possible linked partner (think pty pair),
2165  *      and decrement the refcount of the backing module.
2166  *
2167  *      Locking:
2168  *              tty_mutex - sometimes only
2169  *              takes the file list lock internally when working on the list
2170  *      of ttys that the driver keeps.
2171  *              FIXME: should we require tty_mutex is held here ??
2172  */
2173 static void release_tty(struct tty_struct *tty, int idx)
2174 {
2175         struct tty_driver *driver = tty->driver;
2176
2177         if (tty->link)
2178                 release_one_tty(tty->link, idx);
2179         release_one_tty(tty, idx);
2180         module_put(driver->owner);
2181 }
2182
2183 /*
2184  * Even releasing the tty structures is a tricky business.. We have
2185  * to be very careful that the structures are all released at the
2186  * same time, as interrupts might otherwise get the wrong pointers.
2187  *
2188  * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
2189  * lead to double frees or releasing memory still in use.
2190  */
2191 static void release_dev(struct file * filp)
2192 {
2193         struct tty_struct *tty, *o_tty;
2194         int     pty_master, tty_closing, o_tty_closing, do_sleep;
2195         int     devpts;
2196         int     idx;
2197         char    buf[64];
2198         unsigned long flags;
2199         
2200         tty = (struct tty_struct *)filp->private_data;
2201         if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "release_dev"))
2202                 return;
2203
2204         check_tty_count(tty, "release_dev");
2205
2206         tty_fasync(-1, filp, 0);
2207
2208         idx = tty->index;
2209         pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2210                       tty->driver->subtype == PTY_TYPE_MASTER);
2211         devpts = (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) != 0;
2212         o_tty = tty->link;
2213
2214 #ifdef TTY_PARANOIA_CHECK
2215         if (idx < 0 || idx >= tty->driver->num) {
2216                 printk(KERN_DEBUG "release_dev: bad idx when trying to "
2217                                   "free (%s)\n", tty->name);
2218                 return;
2219         }
2220         if (!(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2221                 if (tty != tty->driver->ttys[idx]) {
2222                         printk(KERN_DEBUG "release_dev: driver.table[%d] not tty "
2223                                "for (%s)\n", idx, tty->name);
2224                         return;
2225                 }
2226                 if (tty->termios != tty->driver->termios[idx]) {
2227                         printk(KERN_DEBUG "release_dev: driver.termios[%d] not termios "
2228                                "for (%s)\n",
2229                                idx, tty->name);
2230                         return;
2231                 }
2232                 if (tty->termios_locked != tty->driver->termios_locked[idx]) {
2233                         printk(KERN_DEBUG "release_dev: driver.termios_locked[%d] not "
2234                                "termios_locked for (%s)\n",
2235                                idx, tty->name);
2236                         return;
2237                 }
2238         }
2239 #endif
2240
2241 #ifdef TTY_DEBUG_HANGUP
2242         printk(KERN_DEBUG "release_dev of %s (tty count=%d)...",
2243                tty_name(tty, buf), tty->count);
2244 #endif
2245
2246 #ifdef TTY_PARANOIA_CHECK
2247         if (tty->driver->other &&
2248              !(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2249                 if (o_tty != tty->driver->other->ttys[idx]) {
2250                         printk(KERN_DEBUG "release_dev: other->table[%d] "
2251                                           "not o_tty for (%s)\n",
2252                                idx, tty->name);
2253                         return;
2254                 }
2255                 if (o_tty->termios != tty->driver->other->termios[idx]) {
2256                         printk(KERN_DEBUG "release_dev: other->termios[%d] "
2257                                           "not o_termios for (%s)\n",
2258                                idx, tty->name);
2259                         return;
2260                 }
2261                 if (o_tty->termios_locked != 
2262                       tty->driver->other->termios_locked[idx]) {
2263                         printk(KERN_DEBUG "release_dev: other->termios_locked["
2264                                           "%d] not o_termios_locked for (%s)\n",
2265                                idx, tty->name);
2266                         return;
2267                 }
2268                 if (o_tty->link != tty) {
2269                         printk(KERN_DEBUG "release_dev: bad pty pointers\n");
2270                         return;
2271                 }
2272         }
2273 #endif
2274         if (tty->driver->close)
2275                 tty->driver->close(tty, filp);
2276
2277         /*
2278          * Sanity check: if tty->count is going to zero, there shouldn't be
2279          * any waiters on tty->read_wait or tty->write_wait.  We test the
2280          * wait queues and kick everyone out _before_ actually starting to
2281          * close.  This ensures that we won't block while releasing the tty
2282          * structure.
2283          *
2284          * The test for the o_tty closing is necessary, since the master and
2285          * slave sides may close in any order.  If the slave side closes out
2286          * first, its count will be one, since the master side holds an open.
2287          * Thus this test wouldn't be triggered at the time the slave closes,
2288          * so we do it now.
2289          *
2290          * Note that it's possible for the tty to be opened again while we're
2291          * flushing out waiters.  By recalculating the closing flags before
2292          * each iteration we avoid any problems.
2293          */
2294         while (1) {
2295                 /* Guard against races with tty->count changes elsewhere and
2296                    opens on /dev/tty */
2297                    
2298                 mutex_lock(&tty_mutex);
2299                 tty_closing = tty->count <= 1;
2300                 o_tty_closing = o_tty &&
2301                         (o_tty->count <= (pty_master ? 1 : 0));
2302                 do_sleep = 0;
2303
2304                 if (tty_closing) {
2305                         if (waitqueue_active(&tty->read_wait)) {
2306                                 wake_up(&tty->read_wait);
2307                                 do_sleep++;
2308                         }
2309                         if (waitqueue_active(&tty->write_wait)) {
2310                                 wake_up(&tty->write_wait);
2311                                 do_sleep++;
2312                         }
2313                 }
2314                 if (o_tty_closing) {
2315                         if (waitqueue_active(&o_tty->read_wait)) {
2316                                 wake_up(&o_tty->read_wait);
2317                                 do_sleep++;
2318                         }
2319                         if (waitqueue_active(&o_tty->write_wait)) {
2320                                 wake_up(&o_tty->write_wait);
2321                                 do_sleep++;
2322                         }
2323                 }
2324                 if (!do_sleep)
2325                         break;
2326
2327                 printk(KERN_WARNING "release_dev: %s: read/write wait queue "
2328                                     "active!\n", tty_name(tty, buf));
2329                 mutex_unlock(&tty_mutex);
2330                 schedule();
2331         }       
2332
2333         /*
2334          * The closing flags are now consistent with the open counts on 
2335          * both sides, and we've completed the last operation that could 
2336          * block, so it's safe to proceed with closing.
2337          */
2338         if (pty_master) {
2339                 if (--o_tty->count < 0) {
2340                         printk(KERN_WARNING "release_dev: bad pty slave count "
2341                                             "(%d) for %s\n",
2342                                o_tty->count, tty_name(o_tty, buf));
2343                         o_tty->count = 0;
2344                 }
2345         }
2346         if (--tty->count < 0) {
2347                 printk(KERN_WARNING "release_dev: bad tty->count (%d) for %s\n",
2348                        tty->count, tty_name(tty, buf));
2349                 tty->count = 0;
2350         }
2351         
2352         /*
2353          * We've decremented tty->count, so we need to remove this file
2354          * descriptor off the tty->tty_files list; this serves two
2355          * purposes:
2356          *  - check_tty_count sees the correct number of file descriptors
2357          *    associated with this tty.
2358          *  - do_tty_hangup no longer sees this file descriptor as
2359          *    something that needs to be handled for hangups.
2360          */
2361         file_kill(filp);
2362         filp->private_data = NULL;
2363
2364         /*
2365          * Perform some housekeeping before deciding whether to return.
2366          *
2367          * Set the TTY_CLOSING flag if this was the last open.  In the
2368          * case of a pty we may have to wait around for the other side
2369          * to close, and TTY_CLOSING makes sure we can't be reopened.
2370          */
2371         if(tty_closing)
2372                 set_bit(TTY_CLOSING, &tty->flags);
2373         if(o_tty_closing)
2374                 set_bit(TTY_CLOSING, &o_tty->flags);
2375
2376         /*
2377          * If _either_ side is closing, make sure there aren't any
2378          * processes that still think tty or o_tty is their controlling
2379          * tty.
2380          */
2381         if (tty_closing || o_tty_closing) {
2382                 read_lock(&tasklist_lock);
2383                 session_clear_tty(tty->session);
2384                 if (o_tty)
2385                         session_clear_tty(o_tty->session);
2386                 read_unlock(&tasklist_lock);
2387         }
2388
2389         mutex_unlock(&tty_mutex);
2390
2391         /* check whether both sides are closing ... */
2392         if (!tty_closing || (o_tty && !o_tty_closing))
2393                 return;
2394         
2395 #ifdef TTY_DEBUG_HANGUP
2396         printk(KERN_DEBUG "freeing tty structure...");
2397 #endif
2398         /*
2399          * Prevent flush_to_ldisc() from rescheduling the work for later.  Then
2400          * kill any delayed work. As this is the final close it does not
2401          * race with the set_ldisc code path.
2402          */
2403         clear_bit(TTY_LDISC, &tty->flags);
2404         cancel_delayed_work(&tty->buf.work);
2405
2406         /*
2407          * Wait for ->hangup_work and ->buf.work handlers to terminate
2408          */
2409          
2410         flush_scheduled_work();
2411         
2412         /*
2413          * Wait for any short term users (we know they are just driver
2414          * side waiters as the file is closing so user count on the file
2415          * side is zero.
2416          */
2417         spin_lock_irqsave(&tty_ldisc_lock, flags);
2418         while(tty->ldisc.refcount)
2419         {
2420                 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
2421                 wait_event(tty_ldisc_wait, tty->ldisc.refcount == 0);
2422                 spin_lock_irqsave(&tty_ldisc_lock, flags);
2423         }
2424         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
2425         /*
2426          * Shutdown the current line discipline, and reset it to N_TTY.
2427          * N.B. why reset ldisc when we're releasing the memory??
2428          *
2429          * FIXME: this MUST get fixed for the new reflocking
2430          */
2431         if (tty->ldisc.close)
2432                 (tty->ldisc.close)(tty);
2433         tty_ldisc_put(tty->ldisc.num);
2434         
2435         /*
2436          *      Switch the line discipline back
2437          */
2438         tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
2439         tty_set_termios_ldisc(tty,N_TTY); 
2440         if (o_tty) {
2441                 /* FIXME: could o_tty be in setldisc here ? */
2442                 clear_bit(TTY_LDISC, &o_tty->flags);
2443                 if (o_tty->ldisc.close)
2444                         (o_tty->ldisc.close)(o_tty);
2445                 tty_ldisc_put(o_tty->ldisc.num);
2446                 tty_ldisc_assign(o_tty, tty_ldisc_get(N_TTY));
2447                 tty_set_termios_ldisc(o_tty,N_TTY); 
2448         }
2449         /*
2450          * The release_tty function takes care of the details of clearing
2451          * the slots and preserving the termios structure.
2452          */
2453         release_tty(tty, idx);
2454
2455 #ifdef CONFIG_UNIX98_PTYS
2456         /* Make this pty number available for reallocation */
2457         if (devpts) {
2458                 down(&allocated_ptys_lock);
2459                 idr_remove(&allocated_ptys, idx);
2460                 up(&allocated_ptys_lock);
2461         }
2462 #endif
2463
2464 }
2465
2466 /**
2467  *      tty_open                -       open a tty device
2468  *      @inode: inode of device file
2469  *      @filp: file pointer to tty
2470  *
2471  *      tty_open and tty_release keep up the tty count that contains the
2472  *      number of opens done on a tty. We cannot use the inode-count, as
2473  *      different inodes might point to the same tty.
2474  *
2475  *      Open-counting is needed for pty masters, as well as for keeping
2476  *      track of serial lines: DTR is dropped when the last close happens.
2477  *      (This is not done solely through tty->count, now.  - Ted 1/27/92)
2478  *
2479  *      The termios state of a pty is reset on first open so that
2480  *      settings don't persist across reuse.
2481  *
2482  *      Locking: tty_mutex protects tty, get_tty_driver and init_dev work.
2483  *               tty->count should protect the rest.
2484  *               ->siglock protects ->signal/->sighand
2485  */
2486
2487 static int tty_open(struct inode * inode, struct file * filp)
2488 {
2489         struct tty_struct *tty;
2490         int noctty, retval;
2491         struct tty_driver *driver;
2492         int index;
2493         dev_t device = inode->i_rdev;
2494         unsigned short saved_flags = filp->f_flags;
2495         struct pid *old_pgrp;
2496
2497         nonseekable_open(inode, filp);
2498         
2499 retry_open:
2500         noctty = filp->f_flags & O_NOCTTY;
2501         index  = -1;
2502         retval = 0;
2503         
2504         mutex_lock(&tty_mutex);
2505
2506         if (device == MKDEV(TTYAUX_MAJOR,0)) {
2507                 tty = get_current_tty();
2508                 if (!tty) {
2509                         mutex_unlock(&tty_mutex);
2510                         return -ENXIO;
2511                 }
2512                 driver = tty->driver;
2513                 index = tty->index;
2514                 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
2515                 /* noctty = 1; */
2516                 goto got_driver;
2517         }
2518 #ifdef CONFIG_VT
2519         if (device == MKDEV(TTY_MAJOR,0)) {
2520                 extern struct tty_driver *console_driver;
2521                 driver = console_driver;
2522                 index = fg_console;
2523                 noctty = 1;
2524                 goto got_driver;
2525         }
2526 #endif
2527         if (device == MKDEV(TTYAUX_MAJOR,1)) {
2528                 driver = console_device(&index);
2529                 if (driver) {
2530                         /* Don't let /dev/console block */
2531                         filp->f_flags |= O_NONBLOCK;
2532                         noctty = 1;
2533                         goto got_driver;
2534                 }
2535                 mutex_unlock(&tty_mutex);
2536                 return -ENODEV;
2537         }
2538
2539         driver = get_tty_driver(device, &index);
2540         if (!driver) {
2541                 mutex_unlock(&tty_mutex);
2542                 return -ENODEV;
2543         }
2544 got_driver:
2545         retval = init_dev(driver, index, &tty);
2546         mutex_unlock(&tty_mutex);
2547         if (retval)
2548                 return retval;
2549
2550         filp->private_data = tty;
2551         file_move(filp, &tty->tty_files);
2552         check_tty_count(tty, "tty_open");
2553         if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2554             tty->driver->subtype == PTY_TYPE_MASTER)
2555                 noctty = 1;
2556 #ifdef TTY_DEBUG_HANGUP
2557         printk(KERN_DEBUG "opening %s...", tty->name);
2558 #endif
2559         if (!retval) {
2560                 if (tty->driver->open)
2561                         retval = tty->driver->open(tty, filp);
2562                 else
2563                         retval = -ENODEV;
2564         }
2565         filp->f_flags = saved_flags;
2566
2567         if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN))
2568                 retval = -EBUSY;
2569
2570         if (retval) {
2571 #ifdef TTY_DEBUG_HANGUP
2572                 printk(KERN_DEBUG "error %d in opening %s...", retval,
2573                        tty->name);
2574 #endif
2575                 release_dev(filp);
2576                 if (retval != -ERESTARTSYS)
2577                         return retval;
2578                 if (signal_pending(current))
2579                         return retval;
2580                 schedule();
2581                 /*
2582                  * Need to reset f_op in case a hangup happened.
2583                  */
2584                 if (filp->f_op == &hung_up_tty_fops)
2585                         filp->f_op = &tty_fops;
2586                 goto retry_open;
2587         }
2588
2589         old_pgrp = NULL;
2590         mutex_lock(&tty_mutex);
2591         spin_lock_irq(&current->sighand->siglock);
2592         if (!noctty &&
2593             current->signal->leader &&
2594             !current->signal->tty &&
2595             tty->session == NULL)
2596                 old_pgrp = __proc_set_tty(current, tty);
2597         spin_unlock_irq(&current->sighand->siglock);
2598         mutex_unlock(&tty_mutex);
2599         put_pid(old_pgrp);
2600         return 0;
2601 }
2602
2603 #ifdef CONFIG_UNIX98_PTYS
2604 /**
2605  *      ptmx_open               -       open a unix 98 pty master
2606  *      @inode: inode of device file
2607  *      @filp: file pointer to tty
2608  *
2609  *      Allocate a unix98 pty master device from the ptmx driver.
2610  *
2611  *      Locking: tty_mutex protects theinit_dev work. tty->count should
2612                 protect the rest.
2613  *              allocated_ptys_lock handles the list of free pty numbers
2614  */
2615
2616 static int ptmx_open(struct inode * inode, struct file * filp)
2617 {
2618         struct tty_struct *tty;
2619         int retval;
2620         int index;
2621         int idr_ret;
2622
2623         nonseekable_open(inode, filp);
2624
2625         /* find a device that is not in use. */
2626         down(&allocated_ptys_lock);
2627         if (!idr_pre_get(&allocated_ptys, GFP_KERNEL)) {
2628                 up(&allocated_ptys_lock);
2629                 return -ENOMEM;
2630         }
2631         idr_ret = idr_get_new(&allocated_ptys, NULL, &index);
2632         if (idr_ret < 0) {
2633                 up(&allocated_ptys_lock);
2634                 if (idr_ret == -EAGAIN)
2635                         return -ENOMEM;
2636                 return -EIO;
2637         }
2638         if (index >= pty_limit) {
2639                 idr_remove(&allocated_ptys, index);
2640                 up(&allocated_ptys_lock);
2641                 return -EIO;
2642         }
2643         up(&allocated_ptys_lock);
2644
2645         mutex_lock(&tty_mutex);
2646         retval = init_dev(ptm_driver, index, &tty);
2647         mutex_unlock(&tty_mutex);
2648         
2649         if (retval)
2650                 goto out;
2651
2652         set_bit(TTY_PTY_LOCK, &tty->flags); /* LOCK THE SLAVE */
2653         filp->private_data = tty;
2654         file_move(filp, &tty->tty_files);
2655
2656         retval = -ENOMEM;
2657         if (devpts_pty_new(tty->link))
2658                 goto out1;
2659
2660         check_tty_count(tty, "tty_open");
2661         retval = ptm_driver->open(tty, filp);
2662         if (!retval)
2663                 return 0;
2664 out1:
2665         release_dev(filp);
2666         return retval;
2667 out:
2668         down(&allocated_ptys_lock);
2669         idr_remove(&allocated_ptys, index);
2670         up(&allocated_ptys_lock);
2671         return retval;
2672 }
2673 #endif
2674
2675 /**
2676  *      tty_release             -       vfs callback for close
2677  *      @inode: inode of tty
2678  *      @filp: file pointer for handle to tty
2679  *
2680  *      Called the last time each file handle is closed that references
2681  *      this tty. There may however be several such references.
2682  *
2683  *      Locking:
2684  *              Takes bkl. See release_dev
2685  */
2686
2687 static int tty_release(struct inode * inode, struct file * filp)
2688 {
2689         lock_kernel();
2690         release_dev(filp);
2691         unlock_kernel();
2692         return 0;
2693 }
2694
2695 /**
2696  *      tty_poll        -       check tty status
2697  *      @filp: file being polled
2698  *      @wait: poll wait structures to update
2699  *
2700  *      Call the line discipline polling method to obtain the poll
2701  *      status of the device.
2702  *
2703  *      Locking: locks called line discipline but ldisc poll method
2704  *      may be re-entered freely by other callers.
2705  */
2706
2707 static unsigned int tty_poll(struct file * filp, poll_table * wait)
2708 {
2709         struct tty_struct * tty;
2710         struct tty_ldisc *ld;
2711         int ret = 0;
2712
2713         tty = (struct tty_struct *)filp->private_data;
2714         if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_poll"))
2715                 return 0;
2716                 
2717         ld = tty_ldisc_ref_wait(tty);
2718         if (ld->poll)
2719                 ret = (ld->poll)(tty, filp, wait);
2720         tty_ldisc_deref(ld);
2721         return ret;
2722 }
2723
2724 static int tty_fasync(int fd, struct file * filp, int on)
2725 {
2726         struct tty_struct * tty;
2727         int retval;
2728
2729         tty = (struct tty_struct *)filp->private_data;
2730         if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_fasync"))
2731                 return 0;
2732         
2733         retval = fasync_helper(fd, filp, on, &tty->fasync);
2734         if (retval <= 0)
2735                 return retval;
2736
2737         if (on) {
2738                 enum pid_type type;
2739                 struct pid *pid;
2740                 if (!waitqueue_active(&tty->read_wait))
2741                         tty->minimum_to_wake = 1;
2742                 if (tty->pgrp) {
2743                         pid = tty->pgrp;
2744                         type = PIDTYPE_PGID;
2745                 } else {
2746                         pid = task_pid(current);
2747                         type = PIDTYPE_PID;
2748                 }
2749                 retval = __f_setown(filp, pid, type, 0);
2750                 if (retval)
2751                         return retval;
2752         } else {
2753                 if (!tty->fasync && !waitqueue_active(&tty->read_wait))
2754                         tty->minimum_to_wake = N_TTY_BUF_SIZE;
2755         }
2756         return 0;
2757 }
2758
2759 /**
2760  *      tiocsti                 -       fake input character
2761  *      @tty: tty to fake input into
2762  *      @p: pointer to character
2763  *
2764  *      Fake input to a tty device. Does the neccessary locking and
2765  *      input management.
2766  *
2767  *      FIXME: does not honour flow control ??
2768  *
2769  *      Locking:
2770  *              Called functions take tty_ldisc_lock
2771  *              current->signal->tty check is safe without locks
2772  *
2773  *      FIXME: may race normal receive processing
2774  */
2775
2776 static int tiocsti(struct tty_struct *tty, char __user *p)
2777 {
2778         char ch, mbz = 0;
2779         struct tty_ldisc *ld;
2780         
2781         if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2782                 return -EPERM;
2783         if (get_user(ch, p))
2784                 return -EFAULT;
2785         ld = tty_ldisc_ref_wait(tty);
2786         ld->receive_buf(tty, &ch, &mbz, 1);
2787         tty_ldisc_deref(ld);
2788         return 0;
2789 }
2790
2791 /**
2792  *      tiocgwinsz              -       implement window query ioctl
2793  *      @tty; tty
2794  *      @arg: user buffer for result
2795  *
2796  *      Copies the kernel idea of the window size into the user buffer.
2797  *
2798  *      Locking: tty->termios_mutex is taken to ensure the winsize data
2799  *              is consistent.
2800  */
2801
2802 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user * arg)
2803 {
2804         int err;
2805
2806         mutex_lock(&tty->termios_mutex);
2807         err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2808         mutex_unlock(&tty->termios_mutex);
2809
2810         return err ? -EFAULT: 0;
2811 }
2812
2813 /**
2814  *      tiocswinsz              -       implement window size set ioctl
2815  *      @tty; tty
2816  *      @arg: user buffer for result
2817  *
2818  *      Copies the user idea of the window size to the kernel. Traditionally
2819  *      this is just advisory information but for the Linux console it
2820  *      actually has driver level meaning and triggers a VC resize.
2821  *
2822  *      Locking:
2823  *              Called function use the console_sem is used to ensure we do
2824  *      not try and resize the console twice at once.
2825  *              The tty->termios_mutex is used to ensure we don't double
2826  *      resize and get confused. Lock order - tty->termios_mutex before
2827  *      console sem
2828  */
2829
2830 static int tiocswinsz(struct tty_struct *tty, struct tty_struct *real_tty,
2831         struct winsize __user * arg)
2832 {
2833         struct winsize tmp_ws;
2834
2835         if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2836                 return -EFAULT;
2837
2838         mutex_lock(&tty->termios_mutex);
2839         if (!memcmp(&tmp_ws, &tty->winsize, sizeof(*arg)))
2840                 goto done;
2841
2842 #ifdef CONFIG_VT
2843         if (tty->driver->type == TTY_DRIVER_TYPE_CONSOLE) {
2844                 if (vc_lock_resize(tty->driver_data, tmp_ws.ws_col,
2845                                         tmp_ws.ws_row)) {
2846                         mutex_unlock(&tty->termios_mutex);
2847                         return -ENXIO;
2848                 }
2849         }
2850 #endif
2851         if (tty->pgrp)
2852                 kill_pgrp(tty->pgrp, SIGWINCH, 1);
2853         if ((real_tty->pgrp != tty->pgrp) && real_tty->pgrp)
2854                 kill_pgrp(real_tty->pgrp, SIGWINCH, 1);
2855         tty->winsize = tmp_ws;
2856         real_tty->winsize = tmp_ws;
2857 done:
2858         mutex_unlock(&tty->termios_mutex);
2859         return 0;
2860 }
2861
2862 /**
2863  *      tioccons        -       allow admin to move logical console
2864  *      @file: the file to become console
2865  *
2866  *      Allow the adminstrator to move the redirected console device
2867  *
2868  *      Locking: uses redirect_lock to guard the redirect information
2869  */
2870
2871 static int tioccons(struct file *file)
2872 {
2873         if (!capable(CAP_SYS_ADMIN))
2874                 return -EPERM;
2875         if (file->f_op->write == redirected_tty_write) {
2876                 struct file *f;
2877                 spin_lock(&redirect_lock);
2878                 f = redirect;
2879                 redirect = NULL;
2880                 spin_unlock(&redirect_lock);
2881                 if (f)
2882                         fput(f);
2883                 return 0;
2884         }
2885         spin_lock(&redirect_lock);
2886         if (redirect) {
2887                 spin_unlock(&redirect_lock);
2888                 return -EBUSY;
2889         }
2890         get_file(file);
2891         redirect = file;
2892         spin_unlock(&redirect_lock);
2893         return 0;
2894 }
2895
2896 /**
2897  *      fionbio         -       non blocking ioctl
2898  *      @file: file to set blocking value
2899  *      @p: user parameter
2900  *
2901  *      Historical tty interfaces had a blocking control ioctl before
2902  *      the generic functionality existed. This piece of history is preserved
2903  *      in the expected tty API of posix OS's.
2904  *
2905  *      Locking: none, the open fle handle ensures it won't go away.
2906  */
2907
2908 static int fionbio(struct file *file, int __user *p)
2909 {
2910         int nonblock;
2911
2912         if (get_user(nonblock, p))
2913                 return -EFAULT;
2914
2915         if (nonblock)
2916                 file->f_flags |= O_NONBLOCK;
2917         else
2918                 file->f_flags &= ~O_NONBLOCK;
2919         return 0;
2920 }
2921
2922 /**
2923  *      tiocsctty       -       set controlling tty
2924  *      @tty: tty structure
2925  *      @arg: user argument
2926  *
2927  *      This ioctl is used to manage job control. It permits a session
2928  *      leader to set this tty as the controlling tty for the session.
2929  *
2930  *      Locking:
2931  *              Takes tty_mutex() to protect tty instance
2932  *              Takes tasklist_lock internally to walk sessions
2933  *              Takes ->siglock() when updating signal->tty
2934  */
2935
2936 static int tiocsctty(struct tty_struct *tty, int arg)
2937 {
2938         int ret = 0;
2939         if (current->signal->leader && (task_session(current) == tty->session))
2940                 return ret;
2941
2942         mutex_lock(&tty_mutex);
2943         /*
2944          * The process must be a session leader and
2945          * not have a controlling tty already.
2946          */
2947         if (!current->signal->leader || current->signal->tty) {
2948                 ret = -EPERM;
2949                 goto unlock;
2950         }
2951
2952         if (tty->session) {
2953                 /*
2954                  * This tty is already the controlling
2955                  * tty for another session group!
2956                  */
2957                 if ((arg == 1) && capable(CAP_SYS_ADMIN)) {
2958                         /*
2959                          * Steal it away
2960                          */
2961                         read_lock(&tasklist_lock);
2962                         session_clear_tty(tty->session);
2963                         read_unlock(&tasklist_lock);
2964                 } else {
2965                         ret = -EPERM;
2966                         goto unlock;
2967                 }
2968         }
2969         proc_set_tty(current, tty);
2970 unlock:
2971         mutex_unlock(&tty_mutex);
2972         return ret;
2973 }
2974
2975 /**
2976  *      tiocgpgrp               -       get process group
2977  *      @tty: tty passed by user
2978  *      @real_tty: tty side of the tty pased by the user if a pty else the tty
2979  *      @p: returned pid
2980  *
2981  *      Obtain the process group of the tty. If there is no process group
2982  *      return an error.
2983  *
2984  *      Locking: none. Reference to current->signal->tty is safe.
2985  */
2986
2987 static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2988 {
2989         /*
2990          * (tty == real_tty) is a cheap way of
2991          * testing if the tty is NOT a master pty.
2992          */
2993         if (tty == real_tty && current->signal->tty != real_tty)
2994                 return -ENOTTY;
2995         return put_user(pid_nr(real_tty->pgrp), p);
2996 }
2997
2998 /**
2999  *      tiocspgrp               -       attempt to set process group
3000  *      @tty: tty passed by user
3001  *      @real_tty: tty side device matching tty passed by user
3002  *      @p: pid pointer
3003  *
3004  *      Set the process group of the tty to the session passed. Only
3005  *      permitted where the tty session is our session.
3006  *
3007  *      Locking: None
3008  */
3009
3010 static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3011 {
3012         struct pid *pgrp;
3013         pid_t pgrp_nr;
3014         int retval = tty_check_change(real_tty);
3015
3016         if (retval == -EIO)
3017                 return -ENOTTY;
3018         if (retval)
3019                 return retval;
3020         if (!current->signal->tty ||
3021             (current->signal->tty != real_tty) ||
3022             (real_tty->session != task_session(current)))
3023                 return -ENOTTY;
3024         if (get_user(pgrp_nr, p))
3025                 return -EFAULT;
3026         if (pgrp_nr < 0)
3027                 return -EINVAL;
3028         rcu_read_lock();
3029         pgrp = find_pid(pgrp_nr);
3030         retval = -ESRCH;
3031         if (!pgrp)
3032                 goto out_unlock;
3033         retval = -EPERM;
3034         if (session_of_pgrp(pgrp) != task_session(current))
3035                 goto out_unlock;
3036         retval = 0;
3037         put_pid(real_tty->pgrp);
3038         real_tty->pgrp = get_pid(pgrp);
3039 out_unlock:
3040         rcu_read_unlock();
3041         return retval;
3042 }
3043
3044 /**
3045  *      tiocgsid                -       get session id
3046  *      @tty: tty passed by user
3047  *      @real_tty: tty side of the tty pased by the user if a pty else the tty
3048  *      @p: pointer to returned session id
3049  *
3050  *      Obtain the session id of the tty. If there is no session
3051  *      return an error.
3052  *
3053  *      Locking: none. Reference to current->signal->tty is safe.
3054  */
3055
3056 static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3057 {
3058         /*
3059          * (tty == real_tty) is a cheap way of
3060          * testing if the tty is NOT a master pty.
3061         */
3062         if (tty == real_tty && current->signal->tty != real_tty)
3063                 return -ENOTTY;
3064         if (!real_tty->session)
3065                 return -ENOTTY;
3066         return put_user(pid_nr(real_tty->session), p);
3067 }
3068
3069 /**
3070  *      tiocsetd        -       set line discipline
3071  *      @tty: tty device
3072  *      @p: pointer to user data
3073  *
3074  *      Set the line discipline according to user request.
3075  *
3076  *      Locking: see tty_set_ldisc, this function is just a helper
3077  */
3078
3079 static int tiocsetd(struct tty_struct *tty, int __user *p)
3080 {
3081         int ldisc;
3082
3083         if (get_user(ldisc, p))
3084                 return -EFAULT;
3085         return tty_set_ldisc(tty, ldisc);
3086 }
3087
3088 /**
3089  *      send_break      -       performed time break
3090  *      @tty: device to break on
3091  *      @duration: timeout in mS
3092  *
3093  *      Perform a timed break on hardware that lacks its own driver level
3094  *      timed break functionality.
3095  *
3096  *      Locking:
3097  *              atomic_write_lock serializes
3098  *
3099  */
3100
3101 static int send_break(struct tty_struct *tty, unsigned int duration)
3102 {
3103         if (mutex_lock_interruptible(&tty->atomic_write_lock))
3104                 return -EINTR;
3105         tty->driver->break_ctl(tty, -1);
3106         if (!signal_pending(current)) {
3107                 msleep_interruptible(duration);
3108         }
3109         tty->driver->break_ctl(tty, 0);
3110         mutex_unlock(&tty->atomic_write_lock);
3111         if (signal_pending(current))
3112                 return -EINTR;
3113         return 0;
3114 }
3115
3116 /**
3117  *      tiocmget                -       get modem status
3118  *      @tty: tty device
3119  *      @file: user file pointer
3120  *      @p: pointer to result
3121  *
3122  *      Obtain the modem status bits from the tty driver if the feature
3123  *      is supported. Return -EINVAL if it is not available.
3124  *
3125  *      Locking: none (up to the driver)
3126  */
3127
3128 static int tty_tiocmget(struct tty_struct *tty, struct file *file, int __user *p)
3129 {
3130         int retval = -EINVAL;
3131
3132         if (tty->driver->tiocmget) {
3133                 retval = tty->driver->tiocmget(tty, file);
3134
3135                 if (retval >= 0)
3136                         retval = put_user(retval, p);
3137         }
3138         return retval;
3139 }
3140
3141 /**
3142  *      tiocmset                -       set modem status
3143  *      @tty: tty device
3144  *      @file: user file pointer
3145  *      @cmd: command - clear bits, set bits or set all
3146  *      @p: pointer to desired bits
3147  *
3148  *      Set the modem status bits from the tty driver if the feature
3149  *      is supported. Return -EINVAL if it is not available.
3150  *
3151  *      Locking: none (up to the driver)
3152  */
3153
3154 static int tty_tiocmset(struct tty_struct *tty, struct file *file, unsigned int cmd,
3155              unsigned __user *p)
3156 {
3157         int retval = -EINVAL;
3158
3159         if (tty->driver->tiocmset) {
3160                 unsigned int set, clear, val;
3161
3162                 retval = get_user(val, p);
3163                 if (retval)
3164                         return retval;
3165
3166                 set = clear = 0;
3167                 switch (cmd) {
3168                 case TIOCMBIS:
3169                         set = val;
3170                         break;
3171                 case TIOCMBIC:
3172                         clear = val;
3173                         break;
3174                 case TIOCMSET:
3175                         set = val;
3176                         clear = ~val;
3177                         break;
3178                 }
3179
3180                 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
3181                 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
3182
3183                 retval = tty->driver->tiocmset(tty, file, set, clear);
3184         }
3185         return retval;
3186 }
3187
3188 /*
3189  * Split this up, as gcc can choke on it otherwise..
3190  */
3191 int tty_ioctl(struct inode * inode, struct file * file,
3192               unsigned int cmd, unsigned long arg)
3193 {
3194         struct tty_struct *tty, *real_tty;
3195         void __user *p = (void __user *)arg;
3196         int retval;
3197         struct tty_ldisc *ld;
3198         
3199         tty = (struct tty_struct *)file->private_data;
3200         if (tty_paranoia_check(tty, inode, "tty_ioctl"))
3201                 return -EINVAL;
3202
3203         /* CHECKME: is this safe as one end closes ? */
3204
3205         real_tty = tty;
3206         if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
3207             tty->driver->subtype == PTY_TYPE_MASTER)
3208                 real_tty = tty->link;
3209
3210         /*
3211          * Break handling by driver
3212          */
3213         if (!tty->driver->break_ctl) {
3214                 switch(cmd) {
3215                 case TIOCSBRK:
3216                 case TIOCCBRK:
3217                         if (tty->driver->ioctl)
3218                                 return tty->driver->ioctl(tty, file, cmd, arg);
3219                         return -EINVAL;
3220                         
3221                 /* These two ioctl's always return success; even if */
3222                 /* the driver doesn't support them. */
3223                 case TCSBRK:
3224                 case TCSBRKP:
3225                         if (!tty->driver->ioctl)
3226                                 return 0;
3227                         retval = tty->driver->ioctl(tty, file, cmd, arg);
3228                         if (retval == -ENOIOCTLCMD)
3229                                 retval = 0;
3230                         return retval;
3231                 }
3232         }
3233
3234         /*
3235          * Factor out some common prep work
3236          */
3237         switch (cmd) {
3238         case TIOCSETD:
3239         case TIOCSBRK:
3240         case TIOCCBRK:
3241         case TCSBRK:
3242         case TCSBRKP:                   
3243                 retval = tty_check_change(tty);
3244                 if (retval)
3245                         return retval;
3246                 if (cmd != TIOCCBRK) {
3247                         tty_wait_until_sent(tty, 0);
3248                         if (signal_pending(current))
3249                                 return -EINTR;
3250                 }
3251                 break;
3252         }
3253
3254         switch (cmd) {
3255                 case TIOCSTI:
3256                         return tiocsti(tty, p);
3257                 case TIOCGWINSZ:
3258                         return tiocgwinsz(tty, p);
3259                 case TIOCSWINSZ:
3260                         return tiocswinsz(tty, real_tty, p);
3261                 case TIOCCONS:
3262                         return real_tty!=tty ? -EINVAL : tioccons(file);
3263                 case FIONBIO:
3264                         return fionbio(file, p);
3265                 case TIOCEXCL:
3266                         set_bit(TTY_EXCLUSIVE, &tty->flags);
3267                         return 0;
3268                 case TIOCNXCL:
3269                         clear_bit(TTY_EXCLUSIVE, &tty->flags);
3270                         return 0;
3271                 case TIOCNOTTY:
3272                         if (current->signal->tty != tty)
3273                                 return -ENOTTY;
3274                         if (current->signal->leader)
3275                                 disassociate_ctty(0);
3276                         proc_clear_tty(current);
3277                         return 0;
3278                 case TIOCSCTTY:
3279                         return tiocsctty(tty, arg);
3280                 case TIOCGPGRP:
3281                         return tiocgpgrp(tty, real_tty, p);
3282                 case TIOCSPGRP:
3283                         return tiocspgrp(tty, real_tty, p);
3284                 case TIOCGSID:
3285                         return tiocgsid(tty, real_tty, p);
3286                 case TIOCGETD:
3287                         /* FIXME: check this is ok */
3288                         return put_user(tty->ldisc.num, (int __user *)p);
3289                 case TIOCSETD:
3290                         return tiocsetd(tty, p);
3291 #ifdef CONFIG_VT
3292                 case TIOCLINUX:
3293                         return tioclinux(tty, arg);
3294 #endif
3295                 /*
3296                  * Break handling
3297                  */
3298                 case TIOCSBRK:  /* Turn break on, unconditionally */
3299                         tty->driver->break_ctl(tty, -1);
3300                         return 0;
3301                         
3302                 case TIOCCBRK:  /* Turn break off, unconditionally */
3303                         tty->driver->break_ctl(tty, 0);
3304                         return 0;
3305                 case TCSBRK:   /* SVID version: non-zero arg --> no break */
3306                         /* non-zero arg means wait for all output data
3307                          * to be sent (performed above) but don't send break.
3308                          * This is used by the tcdrain() termios function.
3309                          */
3310                         if (!arg)
3311                                 return send_break(tty, 250);
3312                         return 0;
3313                 case TCSBRKP:   /* support for POSIX tcsendbreak() */   
3314                         return send_break(tty, arg ? arg*100 : 250);
3315
3316                 case TIOCMGET:
3317                         return tty_tiocmget(tty, file, p);
3318
3319                 case TIOCMSET:
3320                 case TIOCMBIC:
3321                 case TIOCMBIS:
3322                         return tty_tiocmset(tty, file, cmd, p);
3323         }
3324         if (tty->driver->ioctl) {
3325                 retval = (tty->driver->ioctl)(tty, file, cmd, arg);
3326                 if (retval != -ENOIOCTLCMD)
3327                         return retval;
3328         }
3329         ld = tty_ldisc_ref_wait(tty);
3330         retval = -EINVAL;
3331         if (ld->ioctl) {
3332                 retval = ld->ioctl(tty, file, cmd, arg);
3333                 if (retval == -ENOIOCTLCMD)
3334                         retval = -EINVAL;
3335         }
3336         tty_ldisc_deref(ld);
3337         return retval;
3338 }
3339
3340
3341 /*
3342  * This implements the "Secure Attention Key" ---  the idea is to
3343  * prevent trojan horses by killing all processes associated with this
3344  * tty when the user hits the "Secure Attention Key".  Required for
3345  * super-paranoid applications --- see the Orange Book for more details.
3346  * 
3347  * This code could be nicer; ideally it should send a HUP, wait a few
3348  * seconds, then send a INT, and then a KILL signal.  But you then
3349  * have to coordinate with the init process, since all processes associated
3350  * with the current tty must be dead before the new getty is allowed
3351  * to spawn.
3352  *
3353  * Now, if it would be correct ;-/ The current code has a nasty hole -
3354  * it doesn't catch files in flight. We may send the descriptor to ourselves
3355  * via AF_UNIX socket, close it and later fetch from socket. FIXME.
3356  *
3357  * Nasty bug: do_SAK is being called in interrupt context.  This can
3358  * deadlock.  We punt it up to process context.  AKPM - 16Mar2001
3359  */
3360 void __do_SAK(struct tty_struct *tty)
3361 {
3362 #ifdef TTY_SOFT_SAK
3363         tty_hangup(tty);
3364 #else
3365         struct task_struct *g, *p;
3366         struct pid *session;
3367         int             i;
3368         struct file     *filp;
3369         struct fdtable *fdt;
3370         
3371         if (!tty)
3372                 return;
3373         session = tty->session;
3374         
3375         tty_ldisc_flush(tty);
3376
3377         if (tty->driver->flush_buffer)
3378                 tty->driver->flush_buffer(tty);
3379         
3380         read_lock(&tasklist_lock);
3381         /* Kill the entire session */
3382         do_each_pid_task(session, PIDTYPE_SID, p) {
3383                 printk(KERN_NOTICE "SAK: killed process %d"
3384                         " (%s): process_session(p)==tty->session\n",
3385                         p->pid, p->comm);
3386                 send_sig(SIGKILL, p, 1);
3387         } while_each_pid_task(session, PIDTYPE_SID, p);
3388         /* Now kill any processes that happen to have the
3389          * tty open.
3390          */
3391         do_each_thread(g, p) {
3392                 if (p->signal->tty == tty) {
3393                         printk(KERN_NOTICE "SAK: killed process %d"
3394                             " (%s): process_session(p)==tty->session\n",
3395                             p->pid, p->comm);
3396                         send_sig(SIGKILL, p, 1);
3397                         continue;
3398                 }
3399                 task_lock(p);
3400                 if (p->files) {
3401                         /*
3402                          * We don't take a ref to the file, so we must
3403                          * hold ->file_lock instead.
3404                          */
3405                         spin_lock(&p->files->file_lock);
3406                         fdt = files_fdtable(p->files);
3407                         for (i=0; i < fdt->max_fds; i++) {
3408                                 filp = fcheck_files(p->files, i);
3409                                 if (!filp)
3410                                         continue;
3411                                 if (filp->f_op->read == tty_read &&
3412                                     filp->private_data == tty) {
3413                                         printk(KERN_NOTICE "SAK: killed process %d"
3414                                             " (%s): fd#%d opened to the tty\n",
3415                                             p->pid, p->comm, i);
3416                                         force_sig(SIGKILL, p);
3417                                         break;
3418                                 }
3419                         }
3420                         spin_unlock(&p->files->file_lock);
3421                 }
3422                 task_unlock(p);
3423         } while_each_thread(g, p);
3424         read_unlock(&tasklist_lock);
3425 #endif
3426 }
3427
3428 static void do_SAK_work(struct work_struct *work)
3429 {
3430         struct tty_struct *tty =
3431                 container_of(work, struct tty_struct, SAK_work);
3432         __do_SAK(tty);
3433 }
3434
3435 /*
3436  * The tq handling here is a little racy - tty->SAK_work may already be queued.
3437  * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3438  * the values which we write to it will be identical to the values which it
3439  * already has. --akpm
3440  */
3441 void do_SAK(struct tty_struct *tty)
3442 {
3443         if (!tty)
3444                 return;
3445         PREPARE_WORK(&tty->SAK_work, do_SAK_work);
3446         schedule_work(&tty->SAK_work);
3447 }
3448
3449 EXPORT_SYMBOL(do_SAK);
3450
3451 /**
3452  *      flush_to_ldisc
3453  *      @work: tty structure passed from work queue.
3454  *
3455  *      This routine is called out of the software interrupt to flush data
3456  *      from the buffer chain to the line discipline.
3457  *
3458  *      Locking: holds tty->buf.lock to guard buffer list. Drops the lock
3459  *      while invoking the line discipline receive_buf method. The
3460  *      receive_buf method is single threaded for each tty instance.
3461  */
3462  
3463 static void flush_to_ldisc(struct work_struct *work)
3464 {
3465         struct tty_struct *tty =
3466                 container_of(work, struct tty_struct, buf.work.work);
3467         unsigned long   flags;
3468         struct tty_ldisc *disc;
3469         struct tty_buffer *tbuf, *head;
3470         char *char_buf;
3471         unsigned char *flag_buf;
3472
3473         disc = tty_ldisc_ref(tty);
3474         if (disc == NULL)       /*  !TTY_LDISC */
3475                 return;
3476
3477         spin_lock_irqsave(&tty->buf.lock, flags);
3478         head = tty->buf.head;
3479         if (head != NULL) {
3480                 tty->buf.head = NULL;
3481                 for (;;) {
3482                         int count = head->commit - head->read;
3483                         if (!count) {
3484                                 if (head->next == NULL)
3485                                         break;
3486                                 tbuf = head;
3487                                 head = head->next;
3488                                 tty_buffer_free(tty, tbuf);
3489                                 continue;
3490                         }
3491                         if (!tty->receive_room) {
3492                                 schedule_delayed_work(&tty->buf.work, 1);
3493                                 break;
3494                         }
3495                         if (count > tty->receive_room)
3496                                 count = tty->receive_room;
3497                         char_buf = head->char_buf_ptr + head->read;
3498                         flag_buf = head->flag_buf_ptr + head->read;
3499                         head->read += count;
3500                         spin_unlock_irqrestore(&tty->buf.lock, flags);
3501                         disc->receive_buf(tty, char_buf, flag_buf, count);
3502                         spin_lock_irqsave(&tty->buf.lock, flags);
3503                 }
3504                 tty->buf.head = head;
3505         }
3506         spin_unlock_irqrestore(&tty->buf.lock, flags);
3507
3508         tty_ldisc_deref(disc);
3509 }
3510
3511 /**
3512  *      tty_flip_buffer_push    -       terminal
3513  *      @tty: tty to push
3514  *
3515  *      Queue a push of the terminal flip buffers to the line discipline. This
3516  *      function must not be called from IRQ context if tty->low_latency is set.
3517  *
3518  *      In the event of the queue being busy for flipping the work will be
3519  *      held off and retried later.
3520  *
3521  *      Locking: tty buffer lock. Driver locks in low latency mode.
3522  */
3523
3524 void tty_flip_buffer_push(struct tty_struct *tty)
3525 {
3526         unsigned long flags;
3527         spin_lock_irqsave(&tty->buf.lock, flags);
3528         if (tty->buf.tail != NULL)
3529                 tty->buf.tail->commit = tty->buf.tail->used;
3530         spin_unlock_irqrestore(&tty->buf.lock, flags);
3531
3532         if (tty->low_latency)
3533                 flush_to_ldisc(&tty->buf.work.work);
3534         else
3535                 schedule_delayed_work(&tty->buf.work, 1);
3536 }
3537
3538 EXPORT_SYMBOL(tty_flip_buffer_push);
3539
3540
3541 /**
3542  *      initialize_tty_struct
3543  *      @tty: tty to initialize
3544  *
3545  *      This subroutine initializes a tty structure that has been newly
3546  *      allocated.
3547  *
3548  *      Locking: none - tty in question must not be exposed at this point
3549  */
3550
3551 static void initialize_tty_struct(struct tty_struct *tty)
3552 {
3553         memset(tty, 0, sizeof(struct tty_struct));
3554         tty->magic = TTY_MAGIC;
3555         tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
3556         tty->session = NULL;
3557         tty->pgrp = NULL;
3558         tty->overrun_time = jiffies;
3559         tty->buf.head = tty->buf.tail = NULL;
3560         tty_buffer_init(tty);
3561         INIT_DELAYED_WORK(&tty->buf.work, flush_to_ldisc);
3562         init_MUTEX(&tty->buf.pty_sem);
3563         mutex_init(&tty->termios_mutex);
3564         init_waitqueue_head(&tty->write_wait);
3565         init_waitqueue_head(&tty->read_wait);
3566         INIT_WORK(&tty->hangup_work, do_tty_hangup);
3567         mutex_init(&tty->atomic_read_lock);
3568         mutex_init(&tty->atomic_write_lock);
3569         spin_lock_init(&tty->read_lock);
3570         INIT_LIST_HEAD(&tty->tty_files);
3571         INIT_WORK(&tty->SAK_work, NULL);
3572 }
3573
3574 /*
3575  * The default put_char routine if the driver did not define one.
3576  */
3577
3578 static void tty_default_put_char(struct tty_struct *tty, unsigned char ch)
3579 {
3580         tty->driver->write(tty, &ch, 1);
3581 }
3582
3583 static struct class *tty_class;
3584
3585 /**
3586  *      tty_register_device - register a tty device
3587  *      @driver: the tty driver that describes the tty device
3588  *      @index: the index in the tty driver for this tty device
3589  *      @device: a struct device that is associated with this tty device.
3590  *              This field is optional, if there is no known struct device
3591  *              for this tty device it can be set to NULL safely.
3592  *
3593  *      Returns a pointer to the struct device for this tty device
3594  *      (or ERR_PTR(-EFOO) on error).
3595  *
3596  *      This call is required to be made to register an individual tty device
3597  *      if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set.  If
3598  *      that bit is not set, this function should not be called by a tty
3599  *      driver.
3600  *
3601  *      Locking: ??
3602  */
3603
3604 struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3605                                    struct device *device)
3606 {
3607         char name[64];
3608         dev_t dev = MKDEV(driver->major, driver->minor_start) + index;
3609
3610         if (index >= driver->num) {
3611                 printk(KERN_ERR "Attempt to register invalid tty line number "
3612                        " (%d).\n", index);
3613                 return ERR_PTR(-EINVAL);
3614         }
3615
3616         if (driver->type == TTY_DRIVER_TYPE_PTY)
3617                 pty_line_name(driver, index, name);
3618         else
3619                 tty_line_name(driver, index, name);
3620
3621         return device_create(tty_class, device, dev, name);
3622 }
3623
3624 /**
3625  *      tty_unregister_device - unregister a tty device
3626  *      @driver: the tty driver that describes the tty device
3627  *      @index: the index in the tty driver for this tty device
3628  *
3629  *      If a tty device is registered with a call to tty_register_device() then
3630  *      this function must be called when the tty device is gone.
3631  *
3632  *      Locking: ??
3633  */
3634
3635 void tty_unregister_device(struct tty_driver *driver, unsigned index)
3636 {
3637         device_destroy(tty_class, MKDEV(driver->major, driver->minor_start) + index);
3638 }
3639
3640 EXPORT_SYMBOL(tty_register_device);
3641 EXPORT_SYMBOL(tty_unregister_device);
3642
3643 struct tty_driver *alloc_tty_driver(int lines)
3644 {
3645         struct tty_driver *driver;
3646
3647         driver = kmalloc(sizeof(struct tty_driver), GFP_KERNEL);
3648         if (driver) {
3649                 memset(driver, 0, sizeof(struct tty_driver));
3650                 driver->magic = TTY_DRIVER_MAGIC;
3651                 driver->num = lines;
3652                 /* later we'll move allocation of tables here */
3653         }
3654         return driver;
3655 }
3656
3657 void put_tty_driver(struct tty_driver *driver)
3658 {
3659         kfree(driver);
3660 }
3661
3662 void tty_set_operations(struct tty_driver *driver,
3663                         const struct tty_operations *op)
3664 {
3665         driver->open = op->open;
3666         driver->close = op->close;
3667         driver->write = op->write;
3668         driver->put_char = op->put_char;
3669         driver->flush_chars = op->flush_chars;
3670         driver->write_room = op->write_room;
3671         driver->chars_in_buffer = op->chars_in_buffer;
3672         driver->ioctl = op->ioctl;
3673         driver->set_termios = op->set_termios;
3674         driver->throttle = op->throttle;
3675         driver->unthrottle = op->unthrottle;
3676         driver->stop = op->stop;
3677         driver->start = op->start;
3678         driver->hangup = op->hangup;
3679         driver->break_ctl = op->break_ctl;
3680         driver->flush_buffer = op->flush_buffer;
3681         driver->set_ldisc = op->set_ldisc;
3682         driver->wait_until_sent = op->wait_until_sent;
3683         driver->send_xchar = op->send_xchar;
3684         driver->read_proc = op->read_proc;
3685         driver->write_proc = op->write_proc;
3686         driver->tiocmget = op->tiocmget;
3687         driver->tiocmset = op->tiocmset;
3688 }
3689
3690
3691 EXPORT_SYMBOL(alloc_tty_driver);
3692 EXPORT_SYMBOL(put_tty_driver);
3693 EXPORT_SYMBOL(tty_set_operations);
3694
3695 /*
3696  * Called by a tty driver to register itself.
3697  */
3698 int tty_register_driver(struct tty_driver *driver)
3699 {
3700         int error;
3701         int i;
3702         dev_t dev;
3703         void **p = NULL;
3704
3705         if (driver->flags & TTY_DRIVER_INSTALLED)
3706                 return 0;
3707
3708         if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
3709                 p = kmalloc(driver->num * 3 * sizeof(void *), GFP_KERNEL);
3710                 if (!p)
3711                         return -ENOMEM;
3712                 memset(p, 0, driver->num * 3 * sizeof(void *));
3713         }
3714
3715         if (!driver->major) {
3716                 error = alloc_chrdev_region(&dev, driver->minor_start, driver->num,
3717                                                 (char*)driver->name);
3718                 if (!error) {
3719                         driver->major = MAJOR(dev);
3720                         driver->minor_start = MINOR(dev);
3721                 }
3722         } else {
3723                 dev = MKDEV(driver->major, driver->minor_start);
3724                 error = register_chrdev_region(dev, driver->num,
3725                                                 (char*)driver->name);
3726         }
3727         if (error < 0) {
3728                 kfree(p);
3729                 return error;
3730         }
3731
3732         if (p) {
3733                 driver->ttys = (struct tty_struct **)p;
3734                 driver->termios = (struct ktermios **)(p + driver->num);
3735                 driver->termios_locked = (struct ktermios **)(p + driver->num * 2);
3736         } else {
3737                 driver->ttys = NULL;
3738                 driver->termios = NULL;
3739                 driver->termios_locked = NULL;
3740         }
3741
3742         cdev_init(&driver->cdev, &tty_fops);
3743         driver->cdev.owner = driver->owner;
3744         error = cdev_add(&driver->cdev, dev, driver->num);
3745         if (error) {
3746                 unregister_chrdev_region(dev, driver->num);
3747                 driver->ttys = NULL;
3748                 driver->termios = driver->termios_locked = NULL;
3749                 kfree(p);
3750                 return error;
3751         }
3752
3753         if (!driver->put_char)
3754                 driver->put_char = tty_default_put_char;
3755         
3756         list_add(&driver->tty_drivers, &tty_drivers);
3757         
3758         if ( !(driver->flags & TTY_DRIVER_DYNAMIC_DEV) ) {
3759                 for(i = 0; i < driver->num; i++)
3760                     tty_register_device(driver, i, NULL);
3761         }
3762         proc_tty_register_driver(driver);
3763         return 0;
3764 }
3765
3766 EXPORT_SYMBOL(tty_register_driver);
3767
3768 /*
3769  * Called by a tty driver to unregister itself.
3770  */
3771 int tty_unregister_driver(struct tty_driver *driver)
3772 {
3773         int i;
3774         struct ktermios *tp;
3775         void *p;
3776
3777         if (driver->refcount)
3778                 return -EBUSY;
3779
3780         unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3781                                 driver->num);
3782
3783         list_del(&driver->tty_drivers);
3784
3785         /*
3786          * Free the termios and termios_locked structures because
3787          * we don't want to get memory leaks when modular tty
3788          * drivers are removed from the kernel.
3789          */
3790         for (i = 0; i < driver->num; i++) {
3791                 tp = driver->termios[i];
3792                 if (tp) {
3793                         driver->termios[i] = NULL;
3794                         kfree(tp);
3795                 }
3796                 tp = driver->termios_locked[i];
3797                 if (tp) {
3798                         driver->termios_locked[i] = NULL;
3799                         kfree(tp);
3800                 }
3801                 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3802                         tty_unregister_device(driver, i);
3803         }
3804         p = driver->ttys;
3805         proc_tty_unregister_driver(driver);
3806         driver->ttys = NULL;
3807         driver->termios = driver->termios_locked = NULL;
3808         kfree(p);
3809         cdev_del(&driver->cdev);
3810         return 0;
3811 }
3812 EXPORT_SYMBOL(tty_unregister_driver);
3813
3814 dev_t tty_devnum(struct tty_struct *tty)
3815 {
3816         return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3817 }
3818 EXPORT_SYMBOL(tty_devnum);
3819
3820 void proc_clear_tty(struct task_struct *p)
3821 {
3822         spin_lock_irq(&p->sighand->siglock);
3823         p->signal->tty = NULL;
3824         spin_unlock_irq(&p->sighand->siglock);
3825 }
3826 EXPORT_SYMBOL(proc_clear_tty);
3827
3828 static struct pid *__proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
3829 {
3830         struct pid *old_pgrp;
3831         if (tty) {
3832                 tty->session = get_pid(task_session(tsk));
3833                 tty->pgrp = get_pid(task_pgrp(tsk));
3834         }
3835         old_pgrp = tsk->signal->tty_old_pgrp;
3836         tsk->signal->tty = tty;
3837         tsk->signal->tty_old_pgrp = NULL;
3838         return old_pgrp;
3839 }
3840
3841 void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
3842 {
3843         struct pid *old_pgrp;
3844
3845         spin_lock_irq(&tsk->sighand->siglock);
3846         old_pgrp = __proc_set_tty(tsk, tty);
3847         spin_unlock_irq(&tsk->sighand->siglock);
3848
3849         put_pid(old_pgrp);
3850 }
3851
3852 struct tty_struct *get_current_tty(void)
3853 {
3854         struct tty_struct *tty;
3855         WARN_ON_ONCE(!mutex_is_locked(&tty_mutex));
3856         tty = current->signal->tty;
3857         /*
3858          * session->tty can be changed/cleared from under us, make sure we
3859          * issue the load. The obtained pointer, when not NULL, is valid as
3860          * long as we hold tty_mutex.
3861          */
3862         barrier();
3863         return tty;
3864 }
3865 EXPORT_SYMBOL_GPL(get_current_tty);
3866
3867 /*
3868  * Initialize the console device. This is called *early*, so
3869  * we can't necessarily depend on lots of kernel help here.
3870  * Just do some early initializations, and do the complex setup
3871  * later.
3872  */
3873 void __init console_init(void)
3874 {
3875         initcall_t *call;
3876
3877         /* Setup the default TTY line discipline. */
3878         (void) tty_register_ldisc(N_TTY, &tty_ldisc_N_TTY);
3879
3880         /*
3881          * set up the console device so that later boot sequences can 
3882          * inform about problems etc..
3883          */
3884 #ifdef CONFIG_EARLY_PRINTK
3885         disable_early_printk();
3886 #endif
3887         call = __con_initcall_start;
3888         while (call < __con_initcall_end) {
3889                 (*call)();
3890                 call++;
3891         }
3892 }
3893
3894 #ifdef CONFIG_VT
3895 extern int vty_init(void);
3896 #endif
3897
3898 static int __init tty_class_init(void)
3899 {
3900         tty_class = class_create(THIS_MODULE, "tty");
3901         if (IS_ERR(tty_class))
3902                 return PTR_ERR(tty_class);
3903         return 0;
3904 }
3905
3906 postcore_initcall(tty_class_init);
3907
3908 /* 3/2004 jmc: why do these devices exist? */
3909
3910 static struct cdev tty_cdev, console_cdev;
3911 #ifdef CONFIG_UNIX98_PTYS
3912 static struct cdev ptmx_cdev;
3913 #endif
3914 #ifdef CONFIG_VT
3915 static struct cdev vc0_cdev;
3916 #endif
3917
3918 /*
3919  * Ok, now we can initialize the rest of the tty devices and can count
3920  * on memory allocations, interrupts etc..
3921  */
3922 static int __init tty_init(void)
3923 {
3924         cdev_init(&tty_cdev, &tty_fops);
3925         if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3926             register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3927                 panic("Couldn't register /dev/tty driver\n");
3928         device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), "tty");
3929
3930         cdev_init(&console_cdev, &console_fops);
3931         if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3932             register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3933                 panic("Couldn't register /dev/console driver\n");
3934         device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), "console");
3935
3936 #ifdef CONFIG_UNIX98_PTYS
3937         cdev_init(&ptmx_cdev, &ptmx_fops);
3938         if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) ||
3939             register_chrdev_region(MKDEV(TTYAUX_MAJOR, 2), 1, "/dev/ptmx") < 0)
3940                 panic("Couldn't register /dev/ptmx driver\n");
3941         device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 2), "ptmx");
3942 #endif
3943
3944 #ifdef CONFIG_VT
3945         cdev_init(&vc0_cdev, &console_fops);
3946         if (cdev_add(&vc0_cdev, MKDEV(TTY_MAJOR, 0), 1) ||
3947             register_chrdev_region(MKDEV(TTY_MAJOR, 0), 1, "/dev/vc/0") < 0)
3948                 panic("Couldn't register /dev/tty0 driver\n");
3949         device_create(tty_class, NULL, MKDEV(TTY_MAJOR, 0), "tty0");
3950
3951         vty_init();
3952 #endif
3953         return 0;
3954 }
3955 module_init(tty_init);