[WAN]: lmc_ioctl: don't return with locks held
[linux-2.6] / drivers / char / tty_io.c
1 /*
2  *  linux/drivers/char/tty_io.c
3  *
4  *  Copyright (C) 1991, 1992  Linus Torvalds
5  */
6
7 /*
8  * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
9  * or rs-channels. It also implements echoing, cooked mode etc.
10  *
11  * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
12  *
13  * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
14  * tty_struct and tty_queue structures.  Previously there was an array
15  * of 256 tty_struct's which was statically allocated, and the
16  * tty_queue structures were allocated at boot time.  Both are now
17  * dynamically allocated only when the tty is open.
18  *
19  * Also restructured routines so that there is more of a separation
20  * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
21  * the low-level tty routines (serial.c, pty.c, console.c).  This
22  * makes for cleaner and more compact code.  -TYT, 9/17/92 
23  *
24  * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
25  * which can be dynamically activated and de-activated by the line
26  * discipline handling modules (like SLIP).
27  *
28  * NOTE: pay no attention to the line discipline code (yet); its
29  * interface is still subject to change in this version...
30  * -- TYT, 1/31/92
31  *
32  * Added functionality to the OPOST tty handling.  No delays, but all
33  * other bits should be there.
34  *      -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
35  *
36  * Rewrote canonical mode and added more termios flags.
37  *      -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
38  *
39  * Reorganized FASYNC support so mouse code can share it.
40  *      -- ctm@ardi.com, 9Sep95
41  *
42  * New TIOCLINUX variants added.
43  *      -- mj@k332.feld.cvut.cz, 19-Nov-95
44  * 
45  * Restrict vt switching via ioctl()
46  *      -- grif@cs.ucr.edu, 5-Dec-95
47  *
48  * Move console and virtual terminal code to more appropriate files,
49  * implement CONFIG_VT and generalize console device interface.
50  *      -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
51  *
52  * Rewrote init_dev and release_dev to eliminate races.
53  *      -- Bill Hawes <whawes@star.net>, June 97
54  *
55  * Added devfs support.
56  *      -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
57  *
58  * Added support for a Unix98-style ptmx device.
59  *      -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
60  *
61  * Reduced memory usage for older ARM systems
62  *      -- Russell King <rmk@arm.linux.org.uk>
63  *
64  * Move do_SAK() into process context.  Less stack use in devfs functions.
65  * alloc_tty_struct() always uses kmalloc() -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
66  */
67
68 #include <linux/types.h>
69 #include <linux/major.h>
70 #include <linux/errno.h>
71 #include <linux/signal.h>
72 #include <linux/fcntl.h>
73 #include <linux/sched.h>
74 #include <linux/interrupt.h>
75 #include <linux/tty.h>
76 #include <linux/tty_driver.h>
77 #include <linux/tty_flip.h>
78 #include <linux/devpts_fs.h>
79 #include <linux/file.h>
80 #include <linux/console.h>
81 #include <linux/timer.h>
82 #include <linux/ctype.h>
83 #include <linux/kd.h>
84 #include <linux/mm.h>
85 #include <linux/string.h>
86 #include <linux/slab.h>
87 #include <linux/poll.h>
88 #include <linux/proc_fs.h>
89 #include <linux/init.h>
90 #include <linux/module.h>
91 #include <linux/smp_lock.h>
92 #include <linux/device.h>
93 #include <linux/idr.h>
94 #include <linux/wait.h>
95 #include <linux/bitops.h>
96 #include <linux/delay.h>
97
98 #include <asm/uaccess.h>
99 #include <asm/system.h>
100
101 #include <linux/kbd_kern.h>
102 #include <linux/vt_kern.h>
103 #include <linux/selection.h>
104
105 #include <linux/kmod.h>
106 #include <linux/nsproxy.h>
107
108 #undef TTY_DEBUG_HANGUP
109
110 #define TTY_PARANOIA_CHECK 1
111 #define CHECK_TTY_COUNT 1
112
113 struct ktermios tty_std_termios = {     /* for the benefit of tty drivers  */
114         .c_iflag = ICRNL | IXON,
115         .c_oflag = OPOST | ONLCR,
116         .c_cflag = B38400 | CS8 | CREAD | HUPCL,
117         .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
118                    ECHOCTL | ECHOKE | IEXTEN,
119         .c_cc = INIT_C_CC,
120         .c_ispeed = 38400,
121         .c_ospeed = 38400
122 };
123
124 EXPORT_SYMBOL(tty_std_termios);
125
126 /* This list gets poked at by procfs and various bits of boot up code. This
127    could do with some rationalisation such as pulling the tty proc function
128    into this file */
129    
130 LIST_HEAD(tty_drivers);                 /* linked list of tty drivers */
131
132 /* Mutex to protect creating and releasing a tty. This is shared with
133    vt.c for deeply disgusting hack reasons */
134 DEFINE_MUTEX(tty_mutex);
135 EXPORT_SYMBOL(tty_mutex);
136
137 #ifdef CONFIG_UNIX98_PTYS
138 extern struct tty_driver *ptm_driver;   /* Unix98 pty masters; for /dev/ptmx */
139 extern int pty_limit;           /* Config limit on Unix98 ptys */
140 static DEFINE_IDR(allocated_ptys);
141 static DECLARE_MUTEX(allocated_ptys_lock);
142 static int ptmx_open(struct inode *, struct file *);
143 #endif
144
145 static void initialize_tty_struct(struct tty_struct *tty);
146
147 static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
148 static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
149 ssize_t redirected_tty_write(struct file *, const char __user *, size_t, loff_t *);
150 static unsigned int tty_poll(struct file *, poll_table *);
151 static int tty_open(struct inode *, struct file *);
152 static int tty_release(struct inode *, struct file *);
153 int tty_ioctl(struct inode * inode, struct file * file,
154               unsigned int cmd, unsigned long arg);
155 #ifdef CONFIG_COMPAT
156 static long tty_compat_ioctl(struct file * file, unsigned int cmd,
157                                 unsigned long arg);
158 #else
159 #define tty_compat_ioctl NULL
160 #endif
161 static int tty_fasync(int fd, struct file * filp, int on);
162 static void release_tty(struct tty_struct *tty, int idx);
163 static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
164 static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
165
166 /**
167  *      alloc_tty_struct        -       allocate a tty object
168  *
169  *      Return a new empty tty structure. The data fields have not
170  *      been initialized in any way but has been zeroed
171  *
172  *      Locking: none
173  */
174
175 static struct tty_struct *alloc_tty_struct(void)
176 {
177         return kzalloc(sizeof(struct tty_struct), GFP_KERNEL);
178 }
179
180 static void tty_buffer_free_all(struct tty_struct *);
181
182 /**
183  *      free_tty_struct         -       free a disused tty
184  *      @tty: tty struct to free
185  *
186  *      Free the write buffers, tty queue and tty memory itself.
187  *
188  *      Locking: none. Must be called after tty is definitely unused
189  */
190
191 static inline void free_tty_struct(struct tty_struct *tty)
192 {
193         kfree(tty->write_buf);
194         tty_buffer_free_all(tty);
195         kfree(tty);
196 }
197
198 #define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
199
200 /**
201  *      tty_name        -       return tty naming
202  *      @tty: tty structure
203  *      @buf: buffer for output
204  *
205  *      Convert a tty structure into a name. The name reflects the kernel
206  *      naming policy and if udev is in use may not reflect user space
207  *
208  *      Locking: none
209  */
210
211 char *tty_name(struct tty_struct *tty, char *buf)
212 {
213         if (!tty) /* Hmm.  NULL pointer.  That's fun. */
214                 strcpy(buf, "NULL tty");
215         else
216                 strcpy(buf, tty->name);
217         return buf;
218 }
219
220 EXPORT_SYMBOL(tty_name);
221
222 int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
223                               const char *routine)
224 {
225 #ifdef TTY_PARANOIA_CHECK
226         if (!tty) {
227                 printk(KERN_WARNING
228                         "null TTY for (%d:%d) in %s\n",
229                         imajor(inode), iminor(inode), routine);
230                 return 1;
231         }
232         if (tty->magic != TTY_MAGIC) {
233                 printk(KERN_WARNING
234                         "bad magic number for tty struct (%d:%d) in %s\n",
235                         imajor(inode), iminor(inode), routine);
236                 return 1;
237         }
238 #endif
239         return 0;
240 }
241
242 static int check_tty_count(struct tty_struct *tty, const char *routine)
243 {
244 #ifdef CHECK_TTY_COUNT
245         struct list_head *p;
246         int count = 0;
247         
248         file_list_lock();
249         list_for_each(p, &tty->tty_files) {
250                 count++;
251         }
252         file_list_unlock();
253         if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
254             tty->driver->subtype == PTY_TYPE_SLAVE &&
255             tty->link && tty->link->count)
256                 count++;
257         if (tty->count != count) {
258                 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
259                                     "!= #fd's(%d) in %s\n",
260                        tty->name, tty->count, count, routine);
261                 return count;
262         }
263 #endif
264         return 0;
265 }
266
267 /*
268  * Tty buffer allocation management
269  */
270
271 /**
272  *      tty_buffer_free_all             -       free buffers used by a tty
273  *      @tty: tty to free from
274  *
275  *      Remove all the buffers pending on a tty whether queued with data
276  *      or in the free ring. Must be called when the tty is no longer in use
277  *
278  *      Locking: none
279  */
280
281 static void tty_buffer_free_all(struct tty_struct *tty)
282 {
283         struct tty_buffer *thead;
284         while((thead = tty->buf.head) != NULL) {
285                 tty->buf.head = thead->next;
286                 kfree(thead);
287         }
288         while((thead = tty->buf.free) != NULL) {
289                 tty->buf.free = thead->next;
290                 kfree(thead);
291         }
292         tty->buf.tail = NULL;
293         tty->buf.memory_used = 0;
294 }
295
296 /**
297  *      tty_buffer_init         -       prepare a tty buffer structure
298  *      @tty: tty to initialise
299  *
300  *      Set up the initial state of the buffer management for a tty device.
301  *      Must be called before the other tty buffer functions are used.
302  *
303  *      Locking: none
304  */
305
306 static void tty_buffer_init(struct tty_struct *tty)
307 {
308         spin_lock_init(&tty->buf.lock);
309         tty->buf.head = NULL;
310         tty->buf.tail = NULL;
311         tty->buf.free = NULL;
312         tty->buf.memory_used = 0;
313 }
314
315 /**
316  *      tty_buffer_alloc        -       allocate a tty buffer
317  *      @tty: tty device
318  *      @size: desired size (characters)
319  *
320  *      Allocate a new tty buffer to hold the desired number of characters.
321  *      Return NULL if out of memory or the allocation would exceed the
322  *      per device queue
323  *
324  *      Locking: Caller must hold tty->buf.lock
325  */
326
327 static struct tty_buffer *tty_buffer_alloc(struct tty_struct *tty, size_t size)
328 {
329         struct tty_buffer *p;
330
331         if (tty->buf.memory_used + size > 65536)
332                 return NULL;
333         p = kmalloc(sizeof(struct tty_buffer) + 2 * size, GFP_ATOMIC);
334         if(p == NULL)
335                 return NULL;
336         p->used = 0;
337         p->size = size;
338         p->next = NULL;
339         p->commit = 0;
340         p->read = 0;
341         p->char_buf_ptr = (char *)(p->data);
342         p->flag_buf_ptr = (unsigned char *)p->char_buf_ptr + size;
343         tty->buf.memory_used += size;
344         return p;
345 }
346
347 /**
348  *      tty_buffer_free         -       free a tty buffer
349  *      @tty: tty owning the buffer
350  *      @b: the buffer to free
351  *
352  *      Free a tty buffer, or add it to the free list according to our
353  *      internal strategy
354  *
355  *      Locking: Caller must hold tty->buf.lock
356  */
357
358 static void tty_buffer_free(struct tty_struct *tty, struct tty_buffer *b)
359 {
360         /* Dumb strategy for now - should keep some stats */
361         tty->buf.memory_used -= b->size;
362         WARN_ON(tty->buf.memory_used < 0);
363
364         if(b->size >= 512)
365                 kfree(b);
366         else {
367                 b->next = tty->buf.free;
368                 tty->buf.free = b;
369         }
370 }
371
372 /**
373  *      __tty_buffer_flush              -       flush full tty buffers
374  *      @tty: tty to flush
375  *
376  *      flush all the buffers containing receive data. Caller must
377  *      hold the buffer lock and must have ensured no parallel flush to
378  *      ldisc is running.
379  *
380  *      Locking: Caller must hold tty->buf.lock
381  */
382
383 static void __tty_buffer_flush(struct tty_struct *tty)
384 {
385         struct tty_buffer *thead;
386
387         while((thead = tty->buf.head) != NULL) {
388                 tty->buf.head = thead->next;
389                 tty_buffer_free(tty, thead);
390         }
391         tty->buf.tail = NULL;
392 }
393
394 /**
395  *      tty_buffer_flush                -       flush full tty buffers
396  *      @tty: tty to flush
397  *
398  *      flush all the buffers containing receive data. If the buffer is
399  *      being processed by flush_to_ldisc then we defer the processing
400  *      to that function
401  *
402  *      Locking: none
403  */
404
405 static void tty_buffer_flush(struct tty_struct *tty)
406 {
407         unsigned long flags;
408         spin_lock_irqsave(&tty->buf.lock, flags);
409
410         /* If the data is being pushed to the tty layer then we can't
411            process it here. Instead set a flag and the flush_to_ldisc
412            path will process the flush request before it exits */
413         if (test_bit(TTY_FLUSHING, &tty->flags)) {
414                 set_bit(TTY_FLUSHPENDING, &tty->flags);
415                 spin_unlock_irqrestore(&tty->buf.lock, flags);
416                 wait_event(tty->read_wait,
417                                 test_bit(TTY_FLUSHPENDING, &tty->flags) == 0);
418                 return;
419         } else
420                 __tty_buffer_flush(tty);
421         spin_unlock_irqrestore(&tty->buf.lock, flags);
422 }
423
424 /**
425  *      tty_buffer_find         -       find a free tty buffer
426  *      @tty: tty owning the buffer
427  *      @size: characters wanted
428  *
429  *      Locate an existing suitable tty buffer or if we are lacking one then
430  *      allocate a new one. We round our buffers off in 256 character chunks
431  *      to get better allocation behaviour.
432  *
433  *      Locking: Caller must hold tty->buf.lock
434  */
435
436 static struct tty_buffer *tty_buffer_find(struct tty_struct *tty, size_t size)
437 {
438         struct tty_buffer **tbh = &tty->buf.free;
439         while((*tbh) != NULL) {
440                 struct tty_buffer *t = *tbh;
441                 if(t->size >= size) {
442                         *tbh = t->next;
443                         t->next = NULL;
444                         t->used = 0;
445                         t->commit = 0;
446                         t->read = 0;
447                         tty->buf.memory_used += t->size;
448                         return t;
449                 }
450                 tbh = &((*tbh)->next);
451         }
452         /* Round the buffer size out */
453         size = (size + 0xFF) & ~ 0xFF;
454         return tty_buffer_alloc(tty, size);
455         /* Should possibly check if this fails for the largest buffer we
456            have queued and recycle that ? */
457 }
458
459 /**
460  *      tty_buffer_request_room         -       grow tty buffer if needed
461  *      @tty: tty structure
462  *      @size: size desired
463  *
464  *      Make at least size bytes of linear space available for the tty
465  *      buffer. If we fail return the size we managed to find.
466  *
467  *      Locking: Takes tty->buf.lock
468  */
469 int tty_buffer_request_room(struct tty_struct *tty, size_t size)
470 {
471         struct tty_buffer *b, *n;
472         int left;
473         unsigned long flags;
474
475         spin_lock_irqsave(&tty->buf.lock, flags);
476
477         /* OPTIMISATION: We could keep a per tty "zero" sized buffer to
478            remove this conditional if its worth it. This would be invisible
479            to the callers */
480         if ((b = tty->buf.tail) != NULL)
481                 left = b->size - b->used;
482         else
483                 left = 0;
484
485         if (left < size) {
486                 /* This is the slow path - looking for new buffers to use */
487                 if ((n = tty_buffer_find(tty, size)) != NULL) {
488                         if (b != NULL) {
489                                 b->next = n;
490                                 b->commit = b->used;
491                         } else
492                                 tty->buf.head = n;
493                         tty->buf.tail = n;
494                 } else
495                         size = left;
496         }
497
498         spin_unlock_irqrestore(&tty->buf.lock, flags);
499         return size;
500 }
501 EXPORT_SYMBOL_GPL(tty_buffer_request_room);
502
503 /**
504  *      tty_insert_flip_string  -       Add characters to the tty buffer
505  *      @tty: tty structure
506  *      @chars: characters
507  *      @size: size
508  *
509  *      Queue a series of bytes to the tty buffering. All the characters
510  *      passed are marked as without error. Returns the number added.
511  *
512  *      Locking: Called functions may take tty->buf.lock
513  */
514
515 int tty_insert_flip_string(struct tty_struct *tty, const unsigned char *chars,
516                                 size_t size)
517 {
518         int copied = 0;
519         do {
520                 int space = tty_buffer_request_room(tty, size - copied);
521                 struct tty_buffer *tb = tty->buf.tail;
522                 /* If there is no space then tb may be NULL */
523                 if(unlikely(space == 0))
524                         break;
525                 memcpy(tb->char_buf_ptr + tb->used, chars, space);
526                 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
527                 tb->used += space;
528                 copied += space;
529                 chars += space;
530                 /* There is a small chance that we need to split the data over
531                    several buffers. If this is the case we must loop */
532         } while (unlikely(size > copied));
533         return copied;
534 }
535 EXPORT_SYMBOL(tty_insert_flip_string);
536
537 /**
538  *      tty_insert_flip_string_flags    -       Add characters to the tty buffer
539  *      @tty: tty structure
540  *      @chars: characters
541  *      @flags: flag bytes
542  *      @size: size
543  *
544  *      Queue a series of bytes to the tty buffering. For each character
545  *      the flags array indicates the status of the character. Returns the
546  *      number added.
547  *
548  *      Locking: Called functions may take tty->buf.lock
549  */
550
551 int tty_insert_flip_string_flags(struct tty_struct *tty,
552                 const unsigned char *chars, const char *flags, size_t size)
553 {
554         int copied = 0;
555         do {
556                 int space = tty_buffer_request_room(tty, size - copied);
557                 struct tty_buffer *tb = tty->buf.tail;
558                 /* If there is no space then tb may be NULL */
559                 if(unlikely(space == 0))
560                         break;
561                 memcpy(tb->char_buf_ptr + tb->used, chars, space);
562                 memcpy(tb->flag_buf_ptr + tb->used, flags, space);
563                 tb->used += space;
564                 copied += space;
565                 chars += space;
566                 flags += space;
567                 /* There is a small chance that we need to split the data over
568                    several buffers. If this is the case we must loop */
569         } while (unlikely(size > copied));
570         return copied;
571 }
572 EXPORT_SYMBOL(tty_insert_flip_string_flags);
573
574 /**
575  *      tty_schedule_flip       -       push characters to ldisc
576  *      @tty: tty to push from
577  *
578  *      Takes any pending buffers and transfers their ownership to the
579  *      ldisc side of the queue. It then schedules those characters for
580  *      processing by the line discipline.
581  *
582  *      Locking: Takes tty->buf.lock
583  */
584
585 void tty_schedule_flip(struct tty_struct *tty)
586 {
587         unsigned long flags;
588         spin_lock_irqsave(&tty->buf.lock, flags);
589         if (tty->buf.tail != NULL)
590                 tty->buf.tail->commit = tty->buf.tail->used;
591         spin_unlock_irqrestore(&tty->buf.lock, flags);
592         schedule_delayed_work(&tty->buf.work, 1);
593 }
594 EXPORT_SYMBOL(tty_schedule_flip);
595
596 /**
597  *      tty_prepare_flip_string         -       make room for characters
598  *      @tty: tty
599  *      @chars: return pointer for character write area
600  *      @size: desired size
601  *
602  *      Prepare a block of space in the buffer for data. Returns the length
603  *      available and buffer pointer to the space which is now allocated and
604  *      accounted for as ready for normal characters. This is used for drivers
605  *      that need their own block copy routines into the buffer. There is no
606  *      guarantee the buffer is a DMA target!
607  *
608  *      Locking: May call functions taking tty->buf.lock
609  */
610
611 int tty_prepare_flip_string(struct tty_struct *tty, unsigned char **chars, size_t size)
612 {
613         int space = tty_buffer_request_room(tty, size);
614         if (likely(space)) {
615                 struct tty_buffer *tb = tty->buf.tail;
616                 *chars = tb->char_buf_ptr + tb->used;
617                 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
618                 tb->used += space;
619         }
620         return space;
621 }
622
623 EXPORT_SYMBOL_GPL(tty_prepare_flip_string);
624
625 /**
626  *      tty_prepare_flip_string_flags   -       make room for characters
627  *      @tty: tty
628  *      @chars: return pointer for character write area
629  *      @flags: return pointer for status flag write area
630  *      @size: desired size
631  *
632  *      Prepare a block of space in the buffer for data. Returns the length
633  *      available and buffer pointer to the space which is now allocated and
634  *      accounted for as ready for characters. This is used for drivers
635  *      that need their own block copy routines into the buffer. There is no
636  *      guarantee the buffer is a DMA target!
637  *
638  *      Locking: May call functions taking tty->buf.lock
639  */
640
641 int tty_prepare_flip_string_flags(struct tty_struct *tty, unsigned char **chars, char **flags, size_t size)
642 {
643         int space = tty_buffer_request_room(tty, size);
644         if (likely(space)) {
645                 struct tty_buffer *tb = tty->buf.tail;
646                 *chars = tb->char_buf_ptr + tb->used;
647                 *flags = tb->flag_buf_ptr + tb->used;
648                 tb->used += space;
649         }
650         return space;
651 }
652
653 EXPORT_SYMBOL_GPL(tty_prepare_flip_string_flags);
654
655
656
657 /**
658  *      tty_set_termios_ldisc           -       set ldisc field
659  *      @tty: tty structure
660  *      @num: line discipline number
661  *
662  *      This is probably overkill for real world processors but
663  *      they are not on hot paths so a little discipline won't do 
664  *      any harm.
665  *
666  *      Locking: takes termios_mutex
667  */
668  
669 static void tty_set_termios_ldisc(struct tty_struct *tty, int num)
670 {
671         mutex_lock(&tty->termios_mutex);
672         tty->termios->c_line = num;
673         mutex_unlock(&tty->termios_mutex);
674 }
675
676 /*
677  *      This guards the refcounted line discipline lists. The lock
678  *      must be taken with irqs off because there are hangup path
679  *      callers who will do ldisc lookups and cannot sleep.
680  */
681  
682 static DEFINE_SPINLOCK(tty_ldisc_lock);
683 static DECLARE_WAIT_QUEUE_HEAD(tty_ldisc_wait);
684 static struct tty_ldisc tty_ldiscs[NR_LDISCS];  /* line disc dispatch table */
685
686 /**
687  *      tty_register_ldisc      -       install a line discipline
688  *      @disc: ldisc number
689  *      @new_ldisc: pointer to the ldisc object
690  *
691  *      Installs a new line discipline into the kernel. The discipline
692  *      is set up as unreferenced and then made available to the kernel
693  *      from this point onwards.
694  *
695  *      Locking:
696  *              takes tty_ldisc_lock to guard against ldisc races
697  */
698
699 int tty_register_ldisc(int disc, struct tty_ldisc *new_ldisc)
700 {
701         unsigned long flags;
702         int ret = 0;
703         
704         if (disc < N_TTY || disc >= NR_LDISCS)
705                 return -EINVAL;
706         
707         spin_lock_irqsave(&tty_ldisc_lock, flags);
708         tty_ldiscs[disc] = *new_ldisc;
709         tty_ldiscs[disc].num = disc;
710         tty_ldiscs[disc].flags |= LDISC_FLAG_DEFINED;
711         tty_ldiscs[disc].refcount = 0;
712         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
713         
714         return ret;
715 }
716 EXPORT_SYMBOL(tty_register_ldisc);
717
718 /**
719  *      tty_unregister_ldisc    -       unload a line discipline
720  *      @disc: ldisc number
721  *      @new_ldisc: pointer to the ldisc object
722  *
723  *      Remove a line discipline from the kernel providing it is not
724  *      currently in use.
725  *
726  *      Locking:
727  *              takes tty_ldisc_lock to guard against ldisc races
728  */
729
730 int tty_unregister_ldisc(int disc)
731 {
732         unsigned long flags;
733         int ret = 0;
734
735         if (disc < N_TTY || disc >= NR_LDISCS)
736                 return -EINVAL;
737
738         spin_lock_irqsave(&tty_ldisc_lock, flags);
739         if (tty_ldiscs[disc].refcount)
740                 ret = -EBUSY;
741         else
742                 tty_ldiscs[disc].flags &= ~LDISC_FLAG_DEFINED;
743         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
744
745         return ret;
746 }
747 EXPORT_SYMBOL(tty_unregister_ldisc);
748
749 /**
750  *      tty_ldisc_get           -       take a reference to an ldisc
751  *      @disc: ldisc number
752  *
753  *      Takes a reference to a line discipline. Deals with refcounts and
754  *      module locking counts. Returns NULL if the discipline is not available.
755  *      Returns a pointer to the discipline and bumps the ref count if it is
756  *      available
757  *
758  *      Locking:
759  *              takes tty_ldisc_lock to guard against ldisc races
760  */
761
762 struct tty_ldisc *tty_ldisc_get(int disc)
763 {
764         unsigned long flags;
765         struct tty_ldisc *ld;
766
767         if (disc < N_TTY || disc >= NR_LDISCS)
768                 return NULL;
769         
770         spin_lock_irqsave(&tty_ldisc_lock, flags);
771
772         ld = &tty_ldiscs[disc];
773         /* Check the entry is defined */
774         if(ld->flags & LDISC_FLAG_DEFINED)
775         {
776                 /* If the module is being unloaded we can't use it */
777                 if (!try_module_get(ld->owner))
778                         ld = NULL;
779                 else /* lock it */
780                         ld->refcount++;
781         }
782         else
783                 ld = NULL;
784         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
785         return ld;
786 }
787
788 EXPORT_SYMBOL_GPL(tty_ldisc_get);
789
790 /**
791  *      tty_ldisc_put           -       drop ldisc reference
792  *      @disc: ldisc number
793  *
794  *      Drop a reference to a line discipline. Manage refcounts and
795  *      module usage counts
796  *
797  *      Locking:
798  *              takes tty_ldisc_lock to guard against ldisc races
799  */
800
801 void tty_ldisc_put(int disc)
802 {
803         struct tty_ldisc *ld;
804         unsigned long flags;
805         
806         BUG_ON(disc < N_TTY || disc >= NR_LDISCS);
807                 
808         spin_lock_irqsave(&tty_ldisc_lock, flags);
809         ld = &tty_ldiscs[disc];
810         BUG_ON(ld->refcount == 0);
811         ld->refcount--;
812         module_put(ld->owner);
813         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
814 }
815         
816 EXPORT_SYMBOL_GPL(tty_ldisc_put);
817
818 /**
819  *      tty_ldisc_assign        -       set ldisc on a tty
820  *      @tty: tty to assign
821  *      @ld: line discipline
822  *
823  *      Install an instance of a line discipline into a tty structure. The
824  *      ldisc must have a reference count above zero to ensure it remains/
825  *      The tty instance refcount starts at zero.
826  *
827  *      Locking:
828  *              Caller must hold references
829  */
830
831 static void tty_ldisc_assign(struct tty_struct *tty, struct tty_ldisc *ld)
832 {
833         tty->ldisc = *ld;
834         tty->ldisc.refcount = 0;
835 }
836
837 /**
838  *      tty_ldisc_try           -       internal helper
839  *      @tty: the tty
840  *
841  *      Make a single attempt to grab and bump the refcount on
842  *      the tty ldisc. Return 0 on failure or 1 on success. This is
843  *      used to implement both the waiting and non waiting versions
844  *      of tty_ldisc_ref
845  *
846  *      Locking: takes tty_ldisc_lock
847  */
848
849 static int tty_ldisc_try(struct tty_struct *tty)
850 {
851         unsigned long flags;
852         struct tty_ldisc *ld;
853         int ret = 0;
854         
855         spin_lock_irqsave(&tty_ldisc_lock, flags);
856         ld = &tty->ldisc;
857         if(test_bit(TTY_LDISC, &tty->flags))
858         {
859                 ld->refcount++;
860                 ret = 1;
861         }
862         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
863         return ret;
864 }
865
866 /**
867  *      tty_ldisc_ref_wait      -       wait for the tty ldisc
868  *      @tty: tty device
869  *
870  *      Dereference the line discipline for the terminal and take a 
871  *      reference to it. If the line discipline is in flux then 
872  *      wait patiently until it changes.
873  *
874  *      Note: Must not be called from an IRQ/timer context. The caller
875  *      must also be careful not to hold other locks that will deadlock
876  *      against a discipline change, such as an existing ldisc reference
877  *      (which we check for)
878  *
879  *      Locking: call functions take tty_ldisc_lock
880  */
881  
882 struct tty_ldisc *tty_ldisc_ref_wait(struct tty_struct *tty)
883 {
884         /* wait_event is a macro */
885         wait_event(tty_ldisc_wait, tty_ldisc_try(tty));
886         if(tty->ldisc.refcount == 0)
887                 printk(KERN_ERR "tty_ldisc_ref_wait\n");
888         return &tty->ldisc;
889 }
890
891 EXPORT_SYMBOL_GPL(tty_ldisc_ref_wait);
892
893 /**
894  *      tty_ldisc_ref           -       get the tty ldisc
895  *      @tty: tty device
896  *
897  *      Dereference the line discipline for the terminal and take a 
898  *      reference to it. If the line discipline is in flux then 
899  *      return NULL. Can be called from IRQ and timer functions.
900  *
901  *      Locking: called functions take tty_ldisc_lock
902  */
903  
904 struct tty_ldisc *tty_ldisc_ref(struct tty_struct *tty)
905 {
906         if(tty_ldisc_try(tty))
907                 return &tty->ldisc;
908         return NULL;
909 }
910
911 EXPORT_SYMBOL_GPL(tty_ldisc_ref);
912
913 /**
914  *      tty_ldisc_deref         -       free a tty ldisc reference
915  *      @ld: reference to free up
916  *
917  *      Undoes the effect of tty_ldisc_ref or tty_ldisc_ref_wait. May
918  *      be called in IRQ context.
919  *
920  *      Locking: takes tty_ldisc_lock
921  */
922  
923 void tty_ldisc_deref(struct tty_ldisc *ld)
924 {
925         unsigned long flags;
926
927         BUG_ON(ld == NULL);
928                 
929         spin_lock_irqsave(&tty_ldisc_lock, flags);
930         if(ld->refcount == 0)
931                 printk(KERN_ERR "tty_ldisc_deref: no references.\n");
932         else
933                 ld->refcount--;
934         if(ld->refcount == 0)
935                 wake_up(&tty_ldisc_wait);
936         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
937 }
938
939 EXPORT_SYMBOL_GPL(tty_ldisc_deref);
940
941 /**
942  *      tty_ldisc_enable        -       allow ldisc use
943  *      @tty: terminal to activate ldisc on
944  *
945  *      Set the TTY_LDISC flag when the line discipline can be called
946  *      again. Do necessary wakeups for existing sleepers.
947  *
948  *      Note: nobody should set this bit except via this function. Clearing
949  *      directly is allowed.
950  */
951
952 static void tty_ldisc_enable(struct tty_struct *tty)
953 {
954         set_bit(TTY_LDISC, &tty->flags);
955         wake_up(&tty_ldisc_wait);
956 }
957         
958 /**
959  *      tty_set_ldisc           -       set line discipline
960  *      @tty: the terminal to set
961  *      @ldisc: the line discipline
962  *
963  *      Set the discipline of a tty line. Must be called from a process
964  *      context.
965  *
966  *      Locking: takes tty_ldisc_lock.
967  *               called functions take termios_mutex
968  */
969  
970 static int tty_set_ldisc(struct tty_struct *tty, int ldisc)
971 {
972         int retval = 0;
973         struct tty_ldisc o_ldisc;
974         char buf[64];
975         int work;
976         unsigned long flags;
977         struct tty_ldisc *ld;
978         struct tty_struct *o_tty;
979
980         if ((ldisc < N_TTY) || (ldisc >= NR_LDISCS))
981                 return -EINVAL;
982
983 restart:
984
985         ld = tty_ldisc_get(ldisc);
986         /* Eduardo Blanco <ejbs@cs.cs.com.uy> */
987         /* Cyrus Durgin <cider@speakeasy.org> */
988         if (ld == NULL) {
989                 request_module("tty-ldisc-%d", ldisc);
990                 ld = tty_ldisc_get(ldisc);
991         }
992         if (ld == NULL)
993                 return -EINVAL;
994
995         /*
996          *      Problem: What do we do if this blocks ?
997          */
998
999         tty_wait_until_sent(tty, 0);
1000
1001         if (tty->ldisc.num == ldisc) {
1002                 tty_ldisc_put(ldisc);
1003                 return 0;
1004         }
1005
1006         /*
1007          *      No more input please, we are switching. The new ldisc
1008          *      will update this value in the ldisc open function
1009          */
1010
1011         tty->receive_room = 0;
1012
1013         o_ldisc = tty->ldisc;
1014         o_tty = tty->link;
1015
1016         /*
1017          *      Make sure we don't change while someone holds a
1018          *      reference to the line discipline. The TTY_LDISC bit
1019          *      prevents anyone taking a reference once it is clear.
1020          *      We need the lock to avoid racing reference takers.
1021          */
1022
1023         spin_lock_irqsave(&tty_ldisc_lock, flags);
1024         if (tty->ldisc.refcount || (o_tty && o_tty->ldisc.refcount)) {
1025                 if(tty->ldisc.refcount) {
1026                         /* Free the new ldisc we grabbed. Must drop the lock
1027                            first. */
1028                         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1029                         tty_ldisc_put(ldisc);
1030                         /*
1031                          * There are several reasons we may be busy, including
1032                          * random momentary I/O traffic. We must therefore
1033                          * retry. We could distinguish between blocking ops
1034                          * and retries if we made tty_ldisc_wait() smarter. That
1035                          * is up for discussion.
1036                          */
1037                         if (wait_event_interruptible(tty_ldisc_wait, tty->ldisc.refcount == 0) < 0)
1038                                 return -ERESTARTSYS;
1039                         goto restart;
1040                 }
1041                 if(o_tty && o_tty->ldisc.refcount) {
1042                         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1043                         tty_ldisc_put(ldisc);
1044                         if (wait_event_interruptible(tty_ldisc_wait, o_tty->ldisc.refcount == 0) < 0)
1045                                 return -ERESTARTSYS;
1046                         goto restart;
1047                 }
1048         }
1049
1050         /* if the TTY_LDISC bit is set, then we are racing against another ldisc change */
1051
1052         if (!test_bit(TTY_LDISC, &tty->flags)) {
1053                 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1054                 tty_ldisc_put(ldisc);
1055                 ld = tty_ldisc_ref_wait(tty);
1056                 tty_ldisc_deref(ld);
1057                 goto restart;
1058         }
1059
1060         clear_bit(TTY_LDISC, &tty->flags);
1061         if (o_tty)
1062                 clear_bit(TTY_LDISC, &o_tty->flags);
1063         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1064
1065         /*
1066          *      From this point on we know nobody has an ldisc
1067          *      usage reference, nor can they obtain one until
1068          *      we say so later on.
1069          */
1070
1071         work = cancel_delayed_work(&tty->buf.work);
1072         /*
1073          * Wait for ->hangup_work and ->buf.work handlers to terminate
1074          */
1075          
1076         flush_scheduled_work();
1077         /* Shutdown the current discipline. */
1078         if (tty->ldisc.close)
1079                 (tty->ldisc.close)(tty);
1080
1081         /* Now set up the new line discipline. */
1082         tty_ldisc_assign(tty, ld);
1083         tty_set_termios_ldisc(tty, ldisc);
1084         if (tty->ldisc.open)
1085                 retval = (tty->ldisc.open)(tty);
1086         if (retval < 0) {
1087                 tty_ldisc_put(ldisc);
1088                 /* There is an outstanding reference here so this is safe */
1089                 tty_ldisc_assign(tty, tty_ldisc_get(o_ldisc.num));
1090                 tty_set_termios_ldisc(tty, tty->ldisc.num);
1091                 if (tty->ldisc.open && (tty->ldisc.open(tty) < 0)) {
1092                         tty_ldisc_put(o_ldisc.num);
1093                         /* This driver is always present */
1094                         tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
1095                         tty_set_termios_ldisc(tty, N_TTY);
1096                         if (tty->ldisc.open) {
1097                                 int r = tty->ldisc.open(tty);
1098
1099                                 if (r < 0)
1100                                         panic("Couldn't open N_TTY ldisc for "
1101                                               "%s --- error %d.",
1102                                               tty_name(tty, buf), r);
1103                         }
1104                 }
1105         }
1106         /* At this point we hold a reference to the new ldisc and a
1107            a reference to the old ldisc. If we ended up flipping back
1108            to the existing ldisc we have two references to it */
1109         
1110         if (tty->ldisc.num != o_ldisc.num && tty->driver->set_ldisc)
1111                 tty->driver->set_ldisc(tty);
1112                 
1113         tty_ldisc_put(o_ldisc.num);
1114         
1115         /*
1116          *      Allow ldisc referencing to occur as soon as the driver
1117          *      ldisc callback completes.
1118          */
1119          
1120         tty_ldisc_enable(tty);
1121         if (o_tty)
1122                 tty_ldisc_enable(o_tty);
1123         
1124         /* Restart it in case no characters kick it off. Safe if
1125            already running */
1126         if (work)
1127                 schedule_delayed_work(&tty->buf.work, 1);
1128         return retval;
1129 }
1130
1131 /**
1132  *      get_tty_driver          -       find device of a tty
1133  *      @dev_t: device identifier
1134  *      @index: returns the index of the tty
1135  *
1136  *      This routine returns a tty driver structure, given a device number
1137  *      and also passes back the index number.
1138  *
1139  *      Locking: caller must hold tty_mutex
1140  */
1141
1142 static struct tty_driver *get_tty_driver(dev_t device, int *index)
1143 {
1144         struct tty_driver *p;
1145
1146         list_for_each_entry(p, &tty_drivers, tty_drivers) {
1147                 dev_t base = MKDEV(p->major, p->minor_start);
1148                 if (device < base || device >= base + p->num)
1149                         continue;
1150                 *index = device - base;
1151                 return p;
1152         }
1153         return NULL;
1154 }
1155
1156 /**
1157  *      tty_check_change        -       check for POSIX terminal changes
1158  *      @tty: tty to check
1159  *
1160  *      If we try to write to, or set the state of, a terminal and we're
1161  *      not in the foreground, send a SIGTTOU.  If the signal is blocked or
1162  *      ignored, go ahead and perform the operation.  (POSIX 7.2)
1163  *
1164  *      Locking: none
1165  */
1166
1167 int tty_check_change(struct tty_struct * tty)
1168 {
1169         if (current->signal->tty != tty)
1170                 return 0;
1171         if (!tty->pgrp) {
1172                 printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n");
1173                 return 0;
1174         }
1175         if (task_pgrp(current) == tty->pgrp)
1176                 return 0;
1177         if (is_ignored(SIGTTOU))
1178                 return 0;
1179         if (is_current_pgrp_orphaned())
1180                 return -EIO;
1181         kill_pgrp(task_pgrp(current), SIGTTOU, 1);
1182         set_thread_flag(TIF_SIGPENDING);
1183         return -ERESTARTSYS;
1184 }
1185
1186 EXPORT_SYMBOL(tty_check_change);
1187
1188 static ssize_t hung_up_tty_read(struct file * file, char __user * buf,
1189                                 size_t count, loff_t *ppos)
1190 {
1191         return 0;
1192 }
1193
1194 static ssize_t hung_up_tty_write(struct file * file, const char __user * buf,
1195                                  size_t count, loff_t *ppos)
1196 {
1197         return -EIO;
1198 }
1199
1200 /* No kernel lock held - none needed ;) */
1201 static unsigned int hung_up_tty_poll(struct file * filp, poll_table * wait)
1202 {
1203         return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
1204 }
1205
1206 static int hung_up_tty_ioctl(struct inode * inode, struct file * file,
1207                              unsigned int cmd, unsigned long arg)
1208 {
1209         return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
1210 }
1211
1212 static long hung_up_tty_compat_ioctl(struct file * file,
1213                                      unsigned int cmd, unsigned long arg)
1214 {
1215         return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
1216 }
1217
1218 static const struct file_operations tty_fops = {
1219         .llseek         = no_llseek,
1220         .read           = tty_read,
1221         .write          = tty_write,
1222         .poll           = tty_poll,
1223         .ioctl          = tty_ioctl,
1224         .compat_ioctl   = tty_compat_ioctl,
1225         .open           = tty_open,
1226         .release        = tty_release,
1227         .fasync         = tty_fasync,
1228 };
1229
1230 #ifdef CONFIG_UNIX98_PTYS
1231 static const struct file_operations ptmx_fops = {
1232         .llseek         = no_llseek,
1233         .read           = tty_read,
1234         .write          = tty_write,
1235         .poll           = tty_poll,
1236         .ioctl          = tty_ioctl,
1237         .compat_ioctl   = tty_compat_ioctl,
1238         .open           = ptmx_open,
1239         .release        = tty_release,
1240         .fasync         = tty_fasync,
1241 };
1242 #endif
1243
1244 static const struct file_operations console_fops = {
1245         .llseek         = no_llseek,
1246         .read           = tty_read,
1247         .write          = redirected_tty_write,
1248         .poll           = tty_poll,
1249         .ioctl          = tty_ioctl,
1250         .compat_ioctl   = tty_compat_ioctl,
1251         .open           = tty_open,
1252         .release        = tty_release,
1253         .fasync         = tty_fasync,
1254 };
1255
1256 static const struct file_operations hung_up_tty_fops = {
1257         .llseek         = no_llseek,
1258         .read           = hung_up_tty_read,
1259         .write          = hung_up_tty_write,
1260         .poll           = hung_up_tty_poll,
1261         .ioctl          = hung_up_tty_ioctl,
1262         .compat_ioctl   = hung_up_tty_compat_ioctl,
1263         .release        = tty_release,
1264 };
1265
1266 static DEFINE_SPINLOCK(redirect_lock);
1267 static struct file *redirect;
1268
1269 /**
1270  *      tty_wakeup      -       request more data
1271  *      @tty: terminal
1272  *
1273  *      Internal and external helper for wakeups of tty. This function
1274  *      informs the line discipline if present that the driver is ready
1275  *      to receive more output data.
1276  */
1277  
1278 void tty_wakeup(struct tty_struct *tty)
1279 {
1280         struct tty_ldisc *ld;
1281         
1282         if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
1283                 ld = tty_ldisc_ref(tty);
1284                 if(ld) {
1285                         if(ld->write_wakeup)
1286                                 ld->write_wakeup(tty);
1287                         tty_ldisc_deref(ld);
1288                 }
1289         }
1290         wake_up_interruptible(&tty->write_wait);
1291 }
1292
1293 EXPORT_SYMBOL_GPL(tty_wakeup);
1294
1295 /**
1296  *      tty_ldisc_flush -       flush line discipline queue
1297  *      @tty: tty
1298  *
1299  *      Flush the line discipline queue (if any) for this tty. If there
1300  *      is no line discipline active this is a no-op.
1301  */
1302  
1303 void tty_ldisc_flush(struct tty_struct *tty)
1304 {
1305         struct tty_ldisc *ld = tty_ldisc_ref(tty);
1306         if(ld) {
1307                 if(ld->flush_buffer)
1308                         ld->flush_buffer(tty);
1309                 tty_ldisc_deref(ld);
1310         }
1311         tty_buffer_flush(tty);
1312 }
1313
1314 EXPORT_SYMBOL_GPL(tty_ldisc_flush);
1315
1316 /**
1317  *      tty_reset_termios       -       reset terminal state
1318  *      @tty: tty to reset
1319  *
1320  *      Restore a terminal to the driver default state
1321  */
1322
1323 static void tty_reset_termios(struct tty_struct *tty)
1324 {
1325         mutex_lock(&tty->termios_mutex);
1326         *tty->termios = tty->driver->init_termios;
1327         tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
1328         tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
1329         mutex_unlock(&tty->termios_mutex);
1330 }
1331         
1332 /**
1333  *      do_tty_hangup           -       actual handler for hangup events
1334  *      @work: tty device
1335  *
1336  *      This can be called by the "eventd" kernel thread.  That is process
1337  *      synchronous but doesn't hold any locks, so we need to make sure we
1338  *      have the appropriate locks for what we're doing.
1339  *
1340  *      The hangup event clears any pending redirections onto the hung up
1341  *      device. It ensures future writes will error and it does the needed
1342  *      line discipline hangup and signal delivery. The tty object itself
1343  *      remains intact.
1344  *
1345  *      Locking:
1346  *              BKL
1347  *                redirect lock for undoing redirection
1348  *                file list lock for manipulating list of ttys
1349  *                tty_ldisc_lock from called functions
1350  *                termios_mutex resetting termios data
1351  *                tasklist_lock to walk task list for hangup event
1352  *                  ->siglock to protect ->signal/->sighand
1353  */
1354 static void do_tty_hangup(struct work_struct *work)
1355 {
1356         struct tty_struct *tty =
1357                 container_of(work, struct tty_struct, hangup_work);
1358         struct file * cons_filp = NULL;
1359         struct file *filp, *f = NULL;
1360         struct task_struct *p;
1361         struct tty_ldisc *ld;
1362         int    closecount = 0, n;
1363
1364         if (!tty)
1365                 return;
1366
1367         /* inuse_filps is protected by the single kernel lock */
1368         lock_kernel();
1369
1370         spin_lock(&redirect_lock);
1371         if (redirect && redirect->private_data == tty) {
1372                 f = redirect;
1373                 redirect = NULL;
1374         }
1375         spin_unlock(&redirect_lock);
1376         
1377         check_tty_count(tty, "do_tty_hangup");
1378         file_list_lock();
1379         /* This breaks for file handles being sent over AF_UNIX sockets ? */
1380         list_for_each_entry(filp, &tty->tty_files, f_u.fu_list) {
1381                 if (filp->f_op->write == redirected_tty_write)
1382                         cons_filp = filp;
1383                 if (filp->f_op->write != tty_write)
1384                         continue;
1385                 closecount++;
1386                 tty_fasync(-1, filp, 0);        /* can't block */
1387                 filp->f_op = &hung_up_tty_fops;
1388         }
1389         file_list_unlock();
1390         
1391         /* FIXME! What are the locking issues here? This may me overdoing things..
1392          * this question is especially important now that we've removed the irqlock. */
1393
1394         ld = tty_ldisc_ref(tty);
1395         if(ld != NULL)  /* We may have no line discipline at this point */
1396         {
1397                 if (ld->flush_buffer)
1398                         ld->flush_buffer(tty);
1399                 if (tty->driver->flush_buffer)
1400                         tty->driver->flush_buffer(tty);
1401                 if ((test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) &&
1402                     ld->write_wakeup)
1403                         ld->write_wakeup(tty);
1404                 if (ld->hangup)
1405                         ld->hangup(tty);
1406         }
1407
1408         /* FIXME: Once we trust the LDISC code better we can wait here for
1409            ldisc completion and fix the driver call race */
1410            
1411         wake_up_interruptible(&tty->write_wait);
1412         wake_up_interruptible(&tty->read_wait);
1413
1414         /*
1415          * Shutdown the current line discipline, and reset it to
1416          * N_TTY.
1417          */
1418         if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1419                 tty_reset_termios(tty);
1420         
1421         /* Defer ldisc switch */
1422         /* tty_deferred_ldisc_switch(N_TTY);
1423         
1424           This should get done automatically when the port closes and
1425           tty_release is called */
1426         
1427         read_lock(&tasklist_lock);
1428         if (tty->session) {
1429                 do_each_pid_task(tty->session, PIDTYPE_SID, p) {
1430                         spin_lock_irq(&p->sighand->siglock);
1431                         if (p->signal->tty == tty)
1432                                 p->signal->tty = NULL;
1433                         if (!p->signal->leader) {
1434                                 spin_unlock_irq(&p->sighand->siglock);
1435                                 continue;
1436                         }
1437                         __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
1438                         __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
1439                         put_pid(p->signal->tty_old_pgrp);  /* A noop */
1440                         if (tty->pgrp)
1441                                 p->signal->tty_old_pgrp = get_pid(tty->pgrp);
1442                         spin_unlock_irq(&p->sighand->siglock);
1443                 } while_each_pid_task(tty->session, PIDTYPE_SID, p);
1444         }
1445         read_unlock(&tasklist_lock);
1446
1447         tty->flags = 0;
1448         put_pid(tty->session);
1449         put_pid(tty->pgrp);
1450         tty->session = NULL;
1451         tty->pgrp = NULL;
1452         tty->ctrl_status = 0;
1453         /*
1454          *      If one of the devices matches a console pointer, we
1455          *      cannot just call hangup() because that will cause
1456          *      tty->count and state->count to go out of sync.
1457          *      So we just call close() the right number of times.
1458          */
1459         if (cons_filp) {
1460                 if (tty->driver->close)
1461                         for (n = 0; n < closecount; n++)
1462                                 tty->driver->close(tty, cons_filp);
1463         } else if (tty->driver->hangup)
1464                 (tty->driver->hangup)(tty);
1465                 
1466         /* We don't want to have driver/ldisc interactions beyond
1467            the ones we did here. The driver layer expects no
1468            calls after ->hangup() from the ldisc side. However we
1469            can't yet guarantee all that */
1470
1471         set_bit(TTY_HUPPED, &tty->flags);
1472         if (ld) {
1473                 tty_ldisc_enable(tty);
1474                 tty_ldisc_deref(ld);
1475         }
1476         unlock_kernel();
1477         if (f)
1478                 fput(f);
1479 }
1480
1481 /**
1482  *      tty_hangup              -       trigger a hangup event
1483  *      @tty: tty to hangup
1484  *
1485  *      A carrier loss (virtual or otherwise) has occurred on this like
1486  *      schedule a hangup sequence to run after this event.
1487  */
1488
1489 void tty_hangup(struct tty_struct * tty)
1490 {
1491 #ifdef TTY_DEBUG_HANGUP
1492         char    buf[64];
1493         
1494         printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
1495 #endif
1496         schedule_work(&tty->hangup_work);
1497 }
1498
1499 EXPORT_SYMBOL(tty_hangup);
1500
1501 /**
1502  *      tty_vhangup             -       process vhangup
1503  *      @tty: tty to hangup
1504  *
1505  *      The user has asked via system call for the terminal to be hung up.
1506  *      We do this synchronously so that when the syscall returns the process
1507  *      is complete. That guarantee is necessary for security reasons.
1508  */
1509
1510 void tty_vhangup(struct tty_struct * tty)
1511 {
1512 #ifdef TTY_DEBUG_HANGUP
1513         char    buf[64];
1514
1515         printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
1516 #endif
1517         do_tty_hangup(&tty->hangup_work);
1518 }
1519 EXPORT_SYMBOL(tty_vhangup);
1520
1521 /**
1522  *      tty_hung_up_p           -       was tty hung up
1523  *      @filp: file pointer of tty
1524  *
1525  *      Return true if the tty has been subject to a vhangup or a carrier
1526  *      loss
1527  */
1528
1529 int tty_hung_up_p(struct file * filp)
1530 {
1531         return (filp->f_op == &hung_up_tty_fops);
1532 }
1533
1534 EXPORT_SYMBOL(tty_hung_up_p);
1535
1536 /**
1537  * is_tty       -       checker whether file is a TTY
1538  */
1539 int is_tty(struct file *filp)
1540 {
1541         return filp->f_op->read == tty_read
1542                 || filp->f_op->read == hung_up_tty_read;
1543 }
1544
1545 static void session_clear_tty(struct pid *session)
1546 {
1547         struct task_struct *p;
1548         do_each_pid_task(session, PIDTYPE_SID, p) {
1549                 proc_clear_tty(p);
1550         } while_each_pid_task(session, PIDTYPE_SID, p);
1551 }
1552
1553 /**
1554  *      disassociate_ctty       -       disconnect controlling tty
1555  *      @on_exit: true if exiting so need to "hang up" the session
1556  *
1557  *      This function is typically called only by the session leader, when
1558  *      it wants to disassociate itself from its controlling tty.
1559  *
1560  *      It performs the following functions:
1561  *      (1)  Sends a SIGHUP and SIGCONT to the foreground process group
1562  *      (2)  Clears the tty from being controlling the session
1563  *      (3)  Clears the controlling tty for all processes in the
1564  *              session group.
1565  *
1566  *      The argument on_exit is set to 1 if called when a process is
1567  *      exiting; it is 0 if called by the ioctl TIOCNOTTY.
1568  *
1569  *      Locking:
1570  *              BKL is taken for hysterical raisins
1571  *                tty_mutex is taken to protect tty
1572  *                ->siglock is taken to protect ->signal/->sighand
1573  *                tasklist_lock is taken to walk process list for sessions
1574  *                  ->siglock is taken to protect ->signal/->sighand
1575  */
1576
1577 void disassociate_ctty(int on_exit)
1578 {
1579         struct tty_struct *tty;
1580         struct pid *tty_pgrp = NULL;
1581
1582         lock_kernel();
1583
1584         mutex_lock(&tty_mutex);
1585         tty = get_current_tty();
1586         if (tty) {
1587                 tty_pgrp = get_pid(tty->pgrp);
1588                 mutex_unlock(&tty_mutex);
1589                 /* XXX: here we race, there is nothing protecting tty */
1590                 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY)
1591                         tty_vhangup(tty);
1592         } else if (on_exit) {
1593                 struct pid *old_pgrp;
1594                 spin_lock_irq(&current->sighand->siglock);
1595                 old_pgrp = current->signal->tty_old_pgrp;
1596                 current->signal->tty_old_pgrp = NULL;
1597                 spin_unlock_irq(&current->sighand->siglock);
1598                 if (old_pgrp) {
1599                         kill_pgrp(old_pgrp, SIGHUP, on_exit);
1600                         kill_pgrp(old_pgrp, SIGCONT, on_exit);
1601                         put_pid(old_pgrp);
1602                 }
1603                 mutex_unlock(&tty_mutex);
1604                 unlock_kernel();        
1605                 return;
1606         }
1607         if (tty_pgrp) {
1608                 kill_pgrp(tty_pgrp, SIGHUP, on_exit);
1609                 if (!on_exit)
1610                         kill_pgrp(tty_pgrp, SIGCONT, on_exit);
1611                 put_pid(tty_pgrp);
1612         }
1613
1614         spin_lock_irq(&current->sighand->siglock);
1615         put_pid(current->signal->tty_old_pgrp);
1616         current->signal->tty_old_pgrp = NULL;
1617         spin_unlock_irq(&current->sighand->siglock);
1618
1619         mutex_lock(&tty_mutex);
1620         /* It is possible that do_tty_hangup has free'd this tty */
1621         tty = get_current_tty();
1622         if (tty) {
1623                 put_pid(tty->session);
1624                 put_pid(tty->pgrp);
1625                 tty->session = NULL;
1626                 tty->pgrp = NULL;
1627         } else {
1628 #ifdef TTY_DEBUG_HANGUP
1629                 printk(KERN_DEBUG "error attempted to write to tty [0x%p]"
1630                        " = NULL", tty);
1631 #endif
1632         }
1633         mutex_unlock(&tty_mutex);
1634
1635         /* Now clear signal->tty under the lock */
1636         read_lock(&tasklist_lock);
1637         session_clear_tty(task_session(current));
1638         read_unlock(&tasklist_lock);
1639         unlock_kernel();
1640 }
1641
1642 /**
1643  *
1644  *      no_tty  - Ensure the current process does not have a controlling tty
1645  */
1646 void no_tty(void)
1647 {
1648         struct task_struct *tsk = current;
1649         if (tsk->signal->leader)
1650                 disassociate_ctty(0);
1651         proc_clear_tty(tsk);
1652 }
1653
1654
1655 /**
1656  *      stop_tty        -       propagate flow control
1657  *      @tty: tty to stop
1658  *
1659  *      Perform flow control to the driver. For PTY/TTY pairs we
1660  *      must also propagate the TIOCKPKT status. May be called
1661  *      on an already stopped device and will not re-call the driver
1662  *      method.
1663  *
1664  *      This functionality is used by both the line disciplines for
1665  *      halting incoming flow and by the driver. It may therefore be
1666  *      called from any context, may be under the tty atomic_write_lock
1667  *      but not always.
1668  *
1669  *      Locking:
1670  *              Broken. Relies on BKL which is unsafe here.
1671  */
1672
1673 void stop_tty(struct tty_struct *tty)
1674 {
1675         if (tty->stopped)
1676                 return;
1677         tty->stopped = 1;
1678         if (tty->link && tty->link->packet) {
1679                 tty->ctrl_status &= ~TIOCPKT_START;
1680                 tty->ctrl_status |= TIOCPKT_STOP;
1681                 wake_up_interruptible(&tty->link->read_wait);
1682         }
1683         if (tty->driver->stop)
1684                 (tty->driver->stop)(tty);
1685 }
1686
1687 EXPORT_SYMBOL(stop_tty);
1688
1689 /**
1690  *      start_tty       -       propagate flow control
1691  *      @tty: tty to start
1692  *
1693  *      Start a tty that has been stopped if at all possible. Perform
1694  *      any necessary wakeups and propagate the TIOCPKT status. If this
1695  *      is the tty was previous stopped and is being started then the
1696  *      driver start method is invoked and the line discipline woken.
1697  *
1698  *      Locking:
1699  *              Broken. Relies on BKL which is unsafe here.
1700  */
1701
1702 void start_tty(struct tty_struct *tty)
1703 {
1704         if (!tty->stopped || tty->flow_stopped)
1705                 return;
1706         tty->stopped = 0;
1707         if (tty->link && tty->link->packet) {
1708                 tty->ctrl_status &= ~TIOCPKT_STOP;
1709                 tty->ctrl_status |= TIOCPKT_START;
1710                 wake_up_interruptible(&tty->link->read_wait);
1711         }
1712         if (tty->driver->start)
1713                 (tty->driver->start)(tty);
1714
1715         /* If we have a running line discipline it may need kicking */
1716         tty_wakeup(tty);
1717 }
1718
1719 EXPORT_SYMBOL(start_tty);
1720
1721 /**
1722  *      tty_read        -       read method for tty device files
1723  *      @file: pointer to tty file
1724  *      @buf: user buffer
1725  *      @count: size of user buffer
1726  *      @ppos: unused
1727  *
1728  *      Perform the read system call function on this terminal device. Checks
1729  *      for hung up devices before calling the line discipline method.
1730  *
1731  *      Locking:
1732  *              Locks the line discipline internally while needed
1733  *              For historical reasons the line discipline read method is
1734  *      invoked under the BKL. This will go away in time so do not rely on it
1735  *      in new code. Multiple read calls may be outstanding in parallel.
1736  */
1737
1738 static ssize_t tty_read(struct file * file, char __user * buf, size_t count, 
1739                         loff_t *ppos)
1740 {
1741         int i;
1742         struct tty_struct * tty;
1743         struct inode *inode;
1744         struct tty_ldisc *ld;
1745
1746         tty = (struct tty_struct *)file->private_data;
1747         inode = file->f_path.dentry->d_inode;
1748         if (tty_paranoia_check(tty, inode, "tty_read"))
1749                 return -EIO;
1750         if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
1751                 return -EIO;
1752
1753         /* We want to wait for the line discipline to sort out in this
1754            situation */
1755         ld = tty_ldisc_ref_wait(tty);
1756         lock_kernel();
1757         if (ld->read)
1758                 i = (ld->read)(tty,file,buf,count);
1759         else
1760                 i = -EIO;
1761         tty_ldisc_deref(ld);
1762         unlock_kernel();
1763         if (i > 0)
1764                 inode->i_atime = current_fs_time(inode->i_sb);
1765         return i;
1766 }
1767
1768 void tty_write_unlock(struct tty_struct *tty)
1769 {
1770         mutex_unlock(&tty->atomic_write_lock);
1771         wake_up_interruptible(&tty->write_wait);
1772 }
1773
1774 int tty_write_lock(struct tty_struct *tty, int ndelay)
1775 {
1776         if (!mutex_trylock(&tty->atomic_write_lock)) {
1777                 if (ndelay)
1778                         return -EAGAIN;
1779                 if (mutex_lock_interruptible(&tty->atomic_write_lock))
1780                         return -ERESTARTSYS;
1781         }
1782         return 0;
1783 }
1784
1785 /*
1786  * Split writes up in sane blocksizes to avoid
1787  * denial-of-service type attacks
1788  */
1789 static inline ssize_t do_tty_write(
1790         ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1791         struct tty_struct *tty,
1792         struct file *file,
1793         const char __user *buf,
1794         size_t count)
1795 {
1796         ssize_t ret, written = 0;
1797         unsigned int chunk;
1798         
1799         ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
1800         if (ret < 0)
1801                 return ret;
1802
1803         /*
1804          * We chunk up writes into a temporary buffer. This
1805          * simplifies low-level drivers immensely, since they
1806          * don't have locking issues and user mode accesses.
1807          *
1808          * But if TTY_NO_WRITE_SPLIT is set, we should use a
1809          * big chunk-size..
1810          *
1811          * The default chunk-size is 2kB, because the NTTY
1812          * layer has problems with bigger chunks. It will
1813          * claim to be able to handle more characters than
1814          * it actually does.
1815          *
1816          * FIXME: This can probably go away now except that 64K chunks
1817          * are too likely to fail unless switched to vmalloc...
1818          */
1819         chunk = 2048;
1820         if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1821                 chunk = 65536;
1822         if (count < chunk)
1823                 chunk = count;
1824
1825         /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1826         if (tty->write_cnt < chunk) {
1827                 unsigned char *buf;
1828
1829                 if (chunk < 1024)
1830                         chunk = 1024;
1831
1832                 buf = kmalloc(chunk, GFP_KERNEL);
1833                 if (!buf) {
1834                         ret = -ENOMEM;
1835                         goto out;
1836                 }
1837                 kfree(tty->write_buf);
1838                 tty->write_cnt = chunk;
1839                 tty->write_buf = buf;
1840         }
1841
1842         /* Do the write .. */
1843         for (;;) {
1844                 size_t size = count;
1845                 if (size > chunk)
1846                         size = chunk;
1847                 ret = -EFAULT;
1848                 if (copy_from_user(tty->write_buf, buf, size))
1849                         break;
1850                 lock_kernel();
1851                 ret = write(tty, file, tty->write_buf, size);
1852                 unlock_kernel();
1853                 if (ret <= 0)
1854                         break;
1855                 written += ret;
1856                 buf += ret;
1857                 count -= ret;
1858                 if (!count)
1859                         break;
1860                 ret = -ERESTARTSYS;
1861                 if (signal_pending(current))
1862                         break;
1863                 cond_resched();
1864         }
1865         if (written) {
1866                 struct inode *inode = file->f_path.dentry->d_inode;
1867                 inode->i_mtime = current_fs_time(inode->i_sb);
1868                 ret = written;
1869         }
1870 out:
1871         tty_write_unlock(tty);
1872         return ret;
1873 }
1874
1875
1876 /**
1877  *      tty_write               -       write method for tty device file
1878  *      @file: tty file pointer
1879  *      @buf: user data to write
1880  *      @count: bytes to write
1881  *      @ppos: unused
1882  *
1883  *      Write data to a tty device via the line discipline.
1884  *
1885  *      Locking:
1886  *              Locks the line discipline as required
1887  *              Writes to the tty driver are serialized by the atomic_write_lock
1888  *      and are then processed in chunks to the device. The line discipline
1889  *      write method will not be involked in parallel for each device
1890  *              The line discipline write method is called under the big
1891  *      kernel lock for historical reasons. New code should not rely on this.
1892  */
1893
1894 static ssize_t tty_write(struct file * file, const char __user * buf, size_t count,
1895                          loff_t *ppos)
1896 {
1897         struct tty_struct * tty;
1898         struct inode *inode = file->f_path.dentry->d_inode;
1899         ssize_t ret;
1900         struct tty_ldisc *ld;
1901         
1902         tty = (struct tty_struct *)file->private_data;
1903         if (tty_paranoia_check(tty, inode, "tty_write"))
1904                 return -EIO;
1905         if (!tty || !tty->driver->write || (test_bit(TTY_IO_ERROR, &tty->flags)))
1906                 return -EIO;
1907
1908         ld = tty_ldisc_ref_wait(tty);           
1909         if (!ld->write)
1910                 ret = -EIO;
1911         else
1912                 ret = do_tty_write(ld->write, tty, file, buf, count);
1913         tty_ldisc_deref(ld);
1914         return ret;
1915 }
1916
1917 ssize_t redirected_tty_write(struct file * file, const char __user * buf, size_t count,
1918                          loff_t *ppos)
1919 {
1920         struct file *p = NULL;
1921
1922         spin_lock(&redirect_lock);
1923         if (redirect) {
1924                 get_file(redirect);
1925                 p = redirect;
1926         }
1927         spin_unlock(&redirect_lock);
1928
1929         if (p) {
1930                 ssize_t res;
1931                 res = vfs_write(p, buf, count, &p->f_pos);
1932                 fput(p);
1933                 return res;
1934         }
1935
1936         return tty_write(file, buf, count, ppos);
1937 }
1938
1939 static char ptychar[] = "pqrstuvwxyzabcde";
1940
1941 /**
1942  *      pty_line_name   -       generate name for a pty
1943  *      @driver: the tty driver in use
1944  *      @index: the minor number
1945  *      @p: output buffer of at least 6 bytes
1946  *
1947  *      Generate a name from a driver reference and write it to the output
1948  *      buffer.
1949  *
1950  *      Locking: None
1951  */
1952 static void pty_line_name(struct tty_driver *driver, int index, char *p)
1953 {
1954         int i = index + driver->name_base;
1955         /* ->name is initialized to "ttyp", but "tty" is expected */
1956         sprintf(p, "%s%c%x",
1957                         driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1958                         ptychar[i >> 4 & 0xf], i & 0xf);
1959 }
1960
1961 /**
1962  *      pty_line_name   -       generate name for a tty
1963  *      @driver: the tty driver in use
1964  *      @index: the minor number
1965  *      @p: output buffer of at least 7 bytes
1966  *
1967  *      Generate a name from a driver reference and write it to the output
1968  *      buffer.
1969  *
1970  *      Locking: None
1971  */
1972 static void tty_line_name(struct tty_driver *driver, int index, char *p)
1973 {
1974         sprintf(p, "%s%d", driver->name, index + driver->name_base);
1975 }
1976
1977 /**
1978  *      init_dev                -       initialise a tty device
1979  *      @driver: tty driver we are opening a device on
1980  *      @idx: device index
1981  *      @tty: returned tty structure
1982  *
1983  *      Prepare a tty device. This may not be a "new" clean device but
1984  *      could also be an active device. The pty drivers require special
1985  *      handling because of this.
1986  *
1987  *      Locking:
1988  *              The function is called under the tty_mutex, which
1989  *      protects us from the tty struct or driver itself going away.
1990  *
1991  *      On exit the tty device has the line discipline attached and
1992  *      a reference count of 1. If a pair was created for pty/tty use
1993  *      and the other was a pty master then it too has a reference count of 1.
1994  *
1995  * WSH 06/09/97: Rewritten to remove races and properly clean up after a
1996  * failed open.  The new code protects the open with a mutex, so it's
1997  * really quite straightforward.  The mutex locking can probably be
1998  * relaxed for the (most common) case of reopening a tty.
1999  */
2000
2001 static int init_dev(struct tty_driver *driver, int idx,
2002         struct tty_struct **ret_tty)
2003 {
2004         struct tty_struct *tty, *o_tty;
2005         struct ktermios *tp, **tp_loc, *o_tp, **o_tp_loc;
2006         struct ktermios *ltp, **ltp_loc, *o_ltp, **o_ltp_loc;
2007         int retval = 0;
2008
2009         /* check whether we're reopening an existing tty */
2010         if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
2011                 tty = devpts_get_tty(idx);
2012                 /*
2013                  * If we don't have a tty here on a slave open, it's because
2014                  * the master already started the close process and there's
2015                  * no relation between devpts file and tty anymore.
2016                  */
2017                 if (!tty && driver->subtype == PTY_TYPE_SLAVE) {
2018                         retval = -EIO;
2019                         goto end_init;
2020                 }
2021                 /*
2022                  * It's safe from now on because init_dev() is called with
2023                  * tty_mutex held and release_dev() won't change tty->count
2024                  * or tty->flags without having to grab tty_mutex
2025                  */
2026                 if (tty && driver->subtype == PTY_TYPE_MASTER)
2027                         tty = tty->link;
2028         } else {
2029                 tty = driver->ttys[idx];
2030         }
2031         if (tty) goto fast_track;
2032
2033         /*
2034          * First time open is complex, especially for PTY devices.
2035          * This code guarantees that either everything succeeds and the
2036          * TTY is ready for operation, or else the table slots are vacated
2037          * and the allocated memory released.  (Except that the termios 
2038          * and locked termios may be retained.)
2039          */
2040
2041         if (!try_module_get(driver->owner)) {
2042                 retval = -ENODEV;
2043                 goto end_init;
2044         }
2045
2046         o_tty = NULL;
2047         tp = o_tp = NULL;
2048         ltp = o_ltp = NULL;
2049
2050         tty = alloc_tty_struct();
2051         if(!tty)
2052                 goto fail_no_mem;
2053         initialize_tty_struct(tty);
2054         tty->driver = driver;
2055         tty->index = idx;
2056         tty_line_name(driver, idx, tty->name);
2057
2058         if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
2059                 tp_loc = &tty->termios;
2060                 ltp_loc = &tty->termios_locked;
2061         } else {
2062                 tp_loc = &driver->termios[idx];
2063                 ltp_loc = &driver->termios_locked[idx];
2064         }
2065
2066         if (!*tp_loc) {
2067                 tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
2068                 if (!tp)
2069                         goto free_mem_out;
2070                 *tp = driver->init_termios;
2071         }
2072
2073         if (!*ltp_loc) {
2074                 ltp = kzalloc(sizeof(struct ktermios), GFP_KERNEL);
2075                 if (!ltp)
2076                         goto free_mem_out;
2077         }
2078
2079         if (driver->type == TTY_DRIVER_TYPE_PTY) {
2080                 o_tty = alloc_tty_struct();
2081                 if (!o_tty)
2082                         goto free_mem_out;
2083                 initialize_tty_struct(o_tty);
2084                 o_tty->driver = driver->other;
2085                 o_tty->index = idx;
2086                 tty_line_name(driver->other, idx, o_tty->name);
2087
2088                 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
2089                         o_tp_loc = &o_tty->termios;
2090                         o_ltp_loc = &o_tty->termios_locked;
2091                 } else {
2092                         o_tp_loc = &driver->other->termios[idx];
2093                         o_ltp_loc = &driver->other->termios_locked[idx];
2094                 }
2095
2096                 if (!*o_tp_loc) {
2097                         o_tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
2098                         if (!o_tp)
2099                                 goto free_mem_out;
2100                         *o_tp = driver->other->init_termios;
2101                 }
2102
2103                 if (!*o_ltp_loc) {
2104                         o_ltp = kzalloc(sizeof(struct ktermios), GFP_KERNEL);
2105                         if (!o_ltp)
2106                                 goto free_mem_out;
2107                 }
2108
2109                 /*
2110                  * Everything allocated ... set up the o_tty structure.
2111                  */
2112                 if (!(driver->other->flags & TTY_DRIVER_DEVPTS_MEM)) {
2113                         driver->other->ttys[idx] = o_tty;
2114                 }
2115                 if (!*o_tp_loc)
2116                         *o_tp_loc = o_tp;
2117                 if (!*o_ltp_loc)
2118                         *o_ltp_loc = o_ltp;
2119                 o_tty->termios = *o_tp_loc;
2120                 o_tty->termios_locked = *o_ltp_loc;
2121                 driver->other->refcount++;
2122                 if (driver->subtype == PTY_TYPE_MASTER)
2123                         o_tty->count++;
2124
2125                 /* Establish the links in both directions */
2126                 tty->link   = o_tty;
2127                 o_tty->link = tty;
2128         }
2129
2130         /* 
2131          * All structures have been allocated, so now we install them.
2132          * Failures after this point use release_tty to clean up, so
2133          * there's no need to null out the local pointers.
2134          */
2135         if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2136                 driver->ttys[idx] = tty;
2137         }
2138         
2139         if (!*tp_loc)
2140                 *tp_loc = tp;
2141         if (!*ltp_loc)
2142                 *ltp_loc = ltp;
2143         tty->termios = *tp_loc;
2144         tty->termios_locked = *ltp_loc;
2145         /* Compatibility until drivers always set this */
2146         tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
2147         tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
2148         driver->refcount++;
2149         tty->count++;
2150
2151         /* 
2152          * Structures all installed ... call the ldisc open routines.
2153          * If we fail here just call release_tty to clean up.  No need
2154          * to decrement the use counts, as release_tty doesn't care.
2155          */
2156
2157         if (tty->ldisc.open) {
2158                 retval = (tty->ldisc.open)(tty);
2159                 if (retval)
2160                         goto release_mem_out;
2161         }
2162         if (o_tty && o_tty->ldisc.open) {
2163                 retval = (o_tty->ldisc.open)(o_tty);
2164                 if (retval) {
2165                         if (tty->ldisc.close)
2166                                 (tty->ldisc.close)(tty);
2167                         goto release_mem_out;
2168                 }
2169                 tty_ldisc_enable(o_tty);
2170         }
2171         tty_ldisc_enable(tty);
2172         goto success;
2173
2174         /*
2175          * This fast open can be used if the tty is already open.
2176          * No memory is allocated, and the only failures are from
2177          * attempting to open a closing tty or attempting multiple
2178          * opens on a pty master.
2179          */
2180 fast_track:
2181         if (test_bit(TTY_CLOSING, &tty->flags)) {
2182                 retval = -EIO;
2183                 goto end_init;
2184         }
2185         if (driver->type == TTY_DRIVER_TYPE_PTY &&
2186             driver->subtype == PTY_TYPE_MASTER) {
2187                 /*
2188                  * special case for PTY masters: only one open permitted, 
2189                  * and the slave side open count is incremented as well.
2190                  */
2191                 if (tty->count) {
2192                         retval = -EIO;
2193                         goto end_init;
2194                 }
2195                 tty->link->count++;
2196         }
2197         tty->count++;
2198         tty->driver = driver; /* N.B. why do this every time?? */
2199
2200         /* FIXME */
2201         if(!test_bit(TTY_LDISC, &tty->flags))
2202                 printk(KERN_ERR "init_dev but no ldisc\n");
2203 success:
2204         *ret_tty = tty;
2205         
2206         /* All paths come through here to release the mutex */
2207 end_init:
2208         return retval;
2209
2210         /* Release locally allocated memory ... nothing placed in slots */
2211 free_mem_out:
2212         kfree(o_tp);
2213         if (o_tty)
2214                 free_tty_struct(o_tty);
2215         kfree(ltp);
2216         kfree(tp);
2217         free_tty_struct(tty);
2218
2219 fail_no_mem:
2220         module_put(driver->owner);
2221         retval = -ENOMEM;
2222         goto end_init;
2223
2224         /* call the tty release_tty routine to clean out this slot */
2225 release_mem_out:
2226         if (printk_ratelimit())
2227                 printk(KERN_INFO "init_dev: ldisc open failed, "
2228                                  "clearing slot %d\n", idx);
2229         release_tty(tty, idx);
2230         goto end_init;
2231 }
2232
2233 /**
2234  *      release_one_tty         -       release tty structure memory
2235  *
2236  *      Releases memory associated with a tty structure, and clears out the
2237  *      driver table slots. This function is called when a device is no longer
2238  *      in use. It also gets called when setup of a device fails.
2239  *
2240  *      Locking:
2241  *              tty_mutex - sometimes only
2242  *              takes the file list lock internally when working on the list
2243  *      of ttys that the driver keeps.
2244  *              FIXME: should we require tty_mutex is held here ??
2245  */
2246 static void release_one_tty(struct tty_struct *tty, int idx)
2247 {
2248         int devpts = tty->driver->flags & TTY_DRIVER_DEVPTS_MEM;
2249         struct ktermios *tp;
2250
2251         if (!devpts)
2252                 tty->driver->ttys[idx] = NULL;
2253
2254         if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
2255                 tp = tty->termios;
2256                 if (!devpts)
2257                         tty->driver->termios[idx] = NULL;
2258                 kfree(tp);
2259
2260                 tp = tty->termios_locked;
2261                 if (!devpts)
2262                         tty->driver->termios_locked[idx] = NULL;
2263                 kfree(tp);
2264         }
2265
2266
2267         tty->magic = 0;
2268         tty->driver->refcount--;
2269
2270         file_list_lock();
2271         list_del_init(&tty->tty_files);
2272         file_list_unlock();
2273
2274         free_tty_struct(tty);
2275 }
2276
2277 /**
2278  *      release_tty             -       release tty structure memory
2279  *
2280  *      Release both @tty and a possible linked partner (think pty pair),
2281  *      and decrement the refcount of the backing module.
2282  *
2283  *      Locking:
2284  *              tty_mutex - sometimes only
2285  *              takes the file list lock internally when working on the list
2286  *      of ttys that the driver keeps.
2287  *              FIXME: should we require tty_mutex is held here ??
2288  */
2289 static void release_tty(struct tty_struct *tty, int idx)
2290 {
2291         struct tty_driver *driver = tty->driver;
2292
2293         if (tty->link)
2294                 release_one_tty(tty->link, idx);
2295         release_one_tty(tty, idx);
2296         module_put(driver->owner);
2297 }
2298
2299 /*
2300  * Even releasing the tty structures is a tricky business.. We have
2301  * to be very careful that the structures are all released at the
2302  * same time, as interrupts might otherwise get the wrong pointers.
2303  *
2304  * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
2305  * lead to double frees or releasing memory still in use.
2306  */
2307 static void release_dev(struct file * filp)
2308 {
2309         struct tty_struct *tty, *o_tty;
2310         int     pty_master, tty_closing, o_tty_closing, do_sleep;
2311         int     devpts;
2312         int     idx;
2313         char    buf[64];
2314         unsigned long flags;
2315         
2316         tty = (struct tty_struct *)filp->private_data;
2317         if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "release_dev"))
2318                 return;
2319
2320         check_tty_count(tty, "release_dev");
2321
2322         tty_fasync(-1, filp, 0);
2323
2324         idx = tty->index;
2325         pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2326                       tty->driver->subtype == PTY_TYPE_MASTER);
2327         devpts = (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) != 0;
2328         o_tty = tty->link;
2329
2330 #ifdef TTY_PARANOIA_CHECK
2331         if (idx < 0 || idx >= tty->driver->num) {
2332                 printk(KERN_DEBUG "release_dev: bad idx when trying to "
2333                                   "free (%s)\n", tty->name);
2334                 return;
2335         }
2336         if (!(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2337                 if (tty != tty->driver->ttys[idx]) {
2338                         printk(KERN_DEBUG "release_dev: driver.table[%d] not tty "
2339                                "for (%s)\n", idx, tty->name);
2340                         return;
2341                 }
2342                 if (tty->termios != tty->driver->termios[idx]) {
2343                         printk(KERN_DEBUG "release_dev: driver.termios[%d] not termios "
2344                                "for (%s)\n",
2345                                idx, tty->name);
2346                         return;
2347                 }
2348                 if (tty->termios_locked != tty->driver->termios_locked[idx]) {
2349                         printk(KERN_DEBUG "release_dev: driver.termios_locked[%d] not "
2350                                "termios_locked for (%s)\n",
2351                                idx, tty->name);
2352                         return;
2353                 }
2354         }
2355 #endif
2356
2357 #ifdef TTY_DEBUG_HANGUP
2358         printk(KERN_DEBUG "release_dev of %s (tty count=%d)...",
2359                tty_name(tty, buf), tty->count);
2360 #endif
2361
2362 #ifdef TTY_PARANOIA_CHECK
2363         if (tty->driver->other &&
2364              !(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2365                 if (o_tty != tty->driver->other->ttys[idx]) {
2366                         printk(KERN_DEBUG "release_dev: other->table[%d] "
2367                                           "not o_tty for (%s)\n",
2368                                idx, tty->name);
2369                         return;
2370                 }
2371                 if (o_tty->termios != tty->driver->other->termios[idx]) {
2372                         printk(KERN_DEBUG "release_dev: other->termios[%d] "
2373                                           "not o_termios for (%s)\n",
2374                                idx, tty->name);
2375                         return;
2376                 }
2377                 if (o_tty->termios_locked != 
2378                       tty->driver->other->termios_locked[idx]) {
2379                         printk(KERN_DEBUG "release_dev: other->termios_locked["
2380                                           "%d] not o_termios_locked for (%s)\n",
2381                                idx, tty->name);
2382                         return;
2383                 }
2384                 if (o_tty->link != tty) {
2385                         printk(KERN_DEBUG "release_dev: bad pty pointers\n");
2386                         return;
2387                 }
2388         }
2389 #endif
2390         if (tty->driver->close)
2391                 tty->driver->close(tty, filp);
2392
2393         /*
2394          * Sanity check: if tty->count is going to zero, there shouldn't be
2395          * any waiters on tty->read_wait or tty->write_wait.  We test the
2396          * wait queues and kick everyone out _before_ actually starting to
2397          * close.  This ensures that we won't block while releasing the tty
2398          * structure.
2399          *
2400          * The test for the o_tty closing is necessary, since the master and
2401          * slave sides may close in any order.  If the slave side closes out
2402          * first, its count will be one, since the master side holds an open.
2403          * Thus this test wouldn't be triggered at the time the slave closes,
2404          * so we do it now.
2405          *
2406          * Note that it's possible for the tty to be opened again while we're
2407          * flushing out waiters.  By recalculating the closing flags before
2408          * each iteration we avoid any problems.
2409          */
2410         while (1) {
2411                 /* Guard against races with tty->count changes elsewhere and
2412                    opens on /dev/tty */
2413                    
2414                 mutex_lock(&tty_mutex);
2415                 tty_closing = tty->count <= 1;
2416                 o_tty_closing = o_tty &&
2417                         (o_tty->count <= (pty_master ? 1 : 0));
2418                 do_sleep = 0;
2419
2420                 if (tty_closing) {
2421                         if (waitqueue_active(&tty->read_wait)) {
2422                                 wake_up(&tty->read_wait);
2423                                 do_sleep++;
2424                         }
2425                         if (waitqueue_active(&tty->write_wait)) {
2426                                 wake_up(&tty->write_wait);
2427                                 do_sleep++;
2428                         }
2429                 }
2430                 if (o_tty_closing) {
2431                         if (waitqueue_active(&o_tty->read_wait)) {
2432                                 wake_up(&o_tty->read_wait);
2433                                 do_sleep++;
2434                         }
2435                         if (waitqueue_active(&o_tty->write_wait)) {
2436                                 wake_up(&o_tty->write_wait);
2437                                 do_sleep++;
2438                         }
2439                 }
2440                 if (!do_sleep)
2441                         break;
2442
2443                 printk(KERN_WARNING "release_dev: %s: read/write wait queue "
2444                                     "active!\n", tty_name(tty, buf));
2445                 mutex_unlock(&tty_mutex);
2446                 schedule();
2447         }       
2448
2449         /*
2450          * The closing flags are now consistent with the open counts on 
2451          * both sides, and we've completed the last operation that could 
2452          * block, so it's safe to proceed with closing.
2453          */
2454         if (pty_master) {
2455                 if (--o_tty->count < 0) {
2456                         printk(KERN_WARNING "release_dev: bad pty slave count "
2457                                             "(%d) for %s\n",
2458                                o_tty->count, tty_name(o_tty, buf));
2459                         o_tty->count = 0;
2460                 }
2461         }
2462         if (--tty->count < 0) {
2463                 printk(KERN_WARNING "release_dev: bad tty->count (%d) for %s\n",
2464                        tty->count, tty_name(tty, buf));
2465                 tty->count = 0;
2466         }
2467         
2468         /*
2469          * We've decremented tty->count, so we need to remove this file
2470          * descriptor off the tty->tty_files list; this serves two
2471          * purposes:
2472          *  - check_tty_count sees the correct number of file descriptors
2473          *    associated with this tty.
2474          *  - do_tty_hangup no longer sees this file descriptor as
2475          *    something that needs to be handled for hangups.
2476          */
2477         file_kill(filp);
2478         filp->private_data = NULL;
2479
2480         /*
2481          * Perform some housekeeping before deciding whether to return.
2482          *
2483          * Set the TTY_CLOSING flag if this was the last open.  In the
2484          * case of a pty we may have to wait around for the other side
2485          * to close, and TTY_CLOSING makes sure we can't be reopened.
2486          */
2487         if(tty_closing)
2488                 set_bit(TTY_CLOSING, &tty->flags);
2489         if(o_tty_closing)
2490                 set_bit(TTY_CLOSING, &o_tty->flags);
2491
2492         /*
2493          * If _either_ side is closing, make sure there aren't any
2494          * processes that still think tty or o_tty is their controlling
2495          * tty.
2496          */
2497         if (tty_closing || o_tty_closing) {
2498                 read_lock(&tasklist_lock);
2499                 session_clear_tty(tty->session);
2500                 if (o_tty)
2501                         session_clear_tty(o_tty->session);
2502                 read_unlock(&tasklist_lock);
2503         }
2504
2505         mutex_unlock(&tty_mutex);
2506
2507         /* check whether both sides are closing ... */
2508         if (!tty_closing || (o_tty && !o_tty_closing))
2509                 return;
2510         
2511 #ifdef TTY_DEBUG_HANGUP
2512         printk(KERN_DEBUG "freeing tty structure...");
2513 #endif
2514         /*
2515          * Prevent flush_to_ldisc() from rescheduling the work for later.  Then
2516          * kill any delayed work. As this is the final close it does not
2517          * race with the set_ldisc code path.
2518          */
2519         clear_bit(TTY_LDISC, &tty->flags);
2520         cancel_delayed_work(&tty->buf.work);
2521
2522         /*
2523          * Wait for ->hangup_work and ->buf.work handlers to terminate
2524          */
2525          
2526         flush_scheduled_work();
2527         
2528         /*
2529          * Wait for any short term users (we know they are just driver
2530          * side waiters as the file is closing so user count on the file
2531          * side is zero.
2532          */
2533         spin_lock_irqsave(&tty_ldisc_lock, flags);
2534         while(tty->ldisc.refcount)
2535         {
2536                 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
2537                 wait_event(tty_ldisc_wait, tty->ldisc.refcount == 0);
2538                 spin_lock_irqsave(&tty_ldisc_lock, flags);
2539         }
2540         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
2541         /*
2542          * Shutdown the current line discipline, and reset it to N_TTY.
2543          * N.B. why reset ldisc when we're releasing the memory??
2544          *
2545          * FIXME: this MUST get fixed for the new reflocking
2546          */
2547         if (tty->ldisc.close)
2548                 (tty->ldisc.close)(tty);
2549         tty_ldisc_put(tty->ldisc.num);
2550         
2551         /*
2552          *      Switch the line discipline back
2553          */
2554         tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
2555         tty_set_termios_ldisc(tty,N_TTY); 
2556         if (o_tty) {
2557                 /* FIXME: could o_tty be in setldisc here ? */
2558                 clear_bit(TTY_LDISC, &o_tty->flags);
2559                 if (o_tty->ldisc.close)
2560                         (o_tty->ldisc.close)(o_tty);
2561                 tty_ldisc_put(o_tty->ldisc.num);
2562                 tty_ldisc_assign(o_tty, tty_ldisc_get(N_TTY));
2563                 tty_set_termios_ldisc(o_tty,N_TTY); 
2564         }
2565         /*
2566          * The release_tty function takes care of the details of clearing
2567          * the slots and preserving the termios structure.
2568          */
2569         release_tty(tty, idx);
2570
2571 #ifdef CONFIG_UNIX98_PTYS
2572         /* Make this pty number available for reallocation */
2573         if (devpts) {
2574                 down(&allocated_ptys_lock);
2575                 idr_remove(&allocated_ptys, idx);
2576                 up(&allocated_ptys_lock);
2577         }
2578 #endif
2579
2580 }
2581
2582 /**
2583  *      tty_open                -       open a tty device
2584  *      @inode: inode of device file
2585  *      @filp: file pointer to tty
2586  *
2587  *      tty_open and tty_release keep up the tty count that contains the
2588  *      number of opens done on a tty. We cannot use the inode-count, as
2589  *      different inodes might point to the same tty.
2590  *
2591  *      Open-counting is needed for pty masters, as well as for keeping
2592  *      track of serial lines: DTR is dropped when the last close happens.
2593  *      (This is not done solely through tty->count, now.  - Ted 1/27/92)
2594  *
2595  *      The termios state of a pty is reset on first open so that
2596  *      settings don't persist across reuse.
2597  *
2598  *      Locking: tty_mutex protects tty, get_tty_driver and init_dev work.
2599  *               tty->count should protect the rest.
2600  *               ->siglock protects ->signal/->sighand
2601  */
2602
2603 static int tty_open(struct inode * inode, struct file * filp)
2604 {
2605         struct tty_struct *tty;
2606         int noctty, retval;
2607         struct tty_driver *driver;
2608         int index;
2609         dev_t device = inode->i_rdev;
2610         unsigned short saved_flags = filp->f_flags;
2611
2612         nonseekable_open(inode, filp);
2613         
2614 retry_open:
2615         noctty = filp->f_flags & O_NOCTTY;
2616         index  = -1;
2617         retval = 0;
2618         
2619         mutex_lock(&tty_mutex);
2620
2621         if (device == MKDEV(TTYAUX_MAJOR,0)) {
2622                 tty = get_current_tty();
2623                 if (!tty) {
2624                         mutex_unlock(&tty_mutex);
2625                         return -ENXIO;
2626                 }
2627                 driver = tty->driver;
2628                 index = tty->index;
2629                 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
2630                 /* noctty = 1; */
2631                 goto got_driver;
2632         }
2633 #ifdef CONFIG_VT
2634         if (device == MKDEV(TTY_MAJOR,0)) {
2635                 extern struct tty_driver *console_driver;
2636                 driver = console_driver;
2637                 index = fg_console;
2638                 noctty = 1;
2639                 goto got_driver;
2640         }
2641 #endif
2642         if (device == MKDEV(TTYAUX_MAJOR,1)) {
2643                 driver = console_device(&index);
2644                 if (driver) {
2645                         /* Don't let /dev/console block */
2646                         filp->f_flags |= O_NONBLOCK;
2647                         noctty = 1;
2648                         goto got_driver;
2649                 }
2650                 mutex_unlock(&tty_mutex);
2651                 return -ENODEV;
2652         }
2653
2654         driver = get_tty_driver(device, &index);
2655         if (!driver) {
2656                 mutex_unlock(&tty_mutex);
2657                 return -ENODEV;
2658         }
2659 got_driver:
2660         retval = init_dev(driver, index, &tty);
2661         mutex_unlock(&tty_mutex);
2662         if (retval)
2663                 return retval;
2664
2665         filp->private_data = tty;
2666         file_move(filp, &tty->tty_files);
2667         check_tty_count(tty, "tty_open");
2668         if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2669             tty->driver->subtype == PTY_TYPE_MASTER)
2670                 noctty = 1;
2671 #ifdef TTY_DEBUG_HANGUP
2672         printk(KERN_DEBUG "opening %s...", tty->name);
2673 #endif
2674         if (!retval) {
2675                 if (tty->driver->open)
2676                         retval = tty->driver->open(tty, filp);
2677                 else
2678                         retval = -ENODEV;
2679         }
2680         filp->f_flags = saved_flags;
2681
2682         if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN))
2683                 retval = -EBUSY;
2684
2685         if (retval) {
2686 #ifdef TTY_DEBUG_HANGUP
2687                 printk(KERN_DEBUG "error %d in opening %s...", retval,
2688                        tty->name);
2689 #endif
2690                 release_dev(filp);
2691                 if (retval != -ERESTARTSYS)
2692                         return retval;
2693                 if (signal_pending(current))
2694                         return retval;
2695                 schedule();
2696                 /*
2697                  * Need to reset f_op in case a hangup happened.
2698                  */
2699                 if (filp->f_op == &hung_up_tty_fops)
2700                         filp->f_op = &tty_fops;
2701                 goto retry_open;
2702         }
2703
2704         mutex_lock(&tty_mutex);
2705         spin_lock_irq(&current->sighand->siglock);
2706         if (!noctty &&
2707             current->signal->leader &&
2708             !current->signal->tty &&
2709             tty->session == NULL)
2710                 __proc_set_tty(current, tty);
2711         spin_unlock_irq(&current->sighand->siglock);
2712         mutex_unlock(&tty_mutex);
2713         tty_audit_opening();
2714         return 0;
2715 }
2716
2717 #ifdef CONFIG_UNIX98_PTYS
2718 /**
2719  *      ptmx_open               -       open a unix 98 pty master
2720  *      @inode: inode of device file
2721  *      @filp: file pointer to tty
2722  *
2723  *      Allocate a unix98 pty master device from the ptmx driver.
2724  *
2725  *      Locking: tty_mutex protects theinit_dev work. tty->count should
2726                 protect the rest.
2727  *              allocated_ptys_lock handles the list of free pty numbers
2728  */
2729
2730 static int ptmx_open(struct inode * inode, struct file * filp)
2731 {
2732         struct tty_struct *tty;
2733         int retval;
2734         int index;
2735         int idr_ret;
2736
2737         nonseekable_open(inode, filp);
2738
2739         /* find a device that is not in use. */
2740         down(&allocated_ptys_lock);
2741         if (!idr_pre_get(&allocated_ptys, GFP_KERNEL)) {
2742                 up(&allocated_ptys_lock);
2743                 return -ENOMEM;
2744         }
2745         idr_ret = idr_get_new(&allocated_ptys, NULL, &index);
2746         if (idr_ret < 0) {
2747                 up(&allocated_ptys_lock);
2748                 if (idr_ret == -EAGAIN)
2749                         return -ENOMEM;
2750                 return -EIO;
2751         }
2752         if (index >= pty_limit) {
2753                 idr_remove(&allocated_ptys, index);
2754                 up(&allocated_ptys_lock);
2755                 return -EIO;
2756         }
2757         up(&allocated_ptys_lock);
2758
2759         mutex_lock(&tty_mutex);
2760         retval = init_dev(ptm_driver, index, &tty);
2761         mutex_unlock(&tty_mutex);
2762         
2763         if (retval)
2764                 goto out;
2765
2766         set_bit(TTY_PTY_LOCK, &tty->flags); /* LOCK THE SLAVE */
2767         filp->private_data = tty;
2768         file_move(filp, &tty->tty_files);
2769
2770         retval = -ENOMEM;
2771         if (devpts_pty_new(tty->link))
2772                 goto out1;
2773
2774         check_tty_count(tty, "tty_open");
2775         retval = ptm_driver->open(tty, filp);
2776         if (!retval) {
2777                 tty_audit_opening();
2778                 return 0;
2779         }
2780 out1:
2781         release_dev(filp);
2782         return retval;
2783 out:
2784         down(&allocated_ptys_lock);
2785         idr_remove(&allocated_ptys, index);
2786         up(&allocated_ptys_lock);
2787         return retval;
2788 }
2789 #endif
2790
2791 /**
2792  *      tty_release             -       vfs callback for close
2793  *      @inode: inode of tty
2794  *      @filp: file pointer for handle to tty
2795  *
2796  *      Called the last time each file handle is closed that references
2797  *      this tty. There may however be several such references.
2798  *
2799  *      Locking:
2800  *              Takes bkl. See release_dev
2801  */
2802
2803 static int tty_release(struct inode * inode, struct file * filp)
2804 {
2805         lock_kernel();
2806         release_dev(filp);
2807         unlock_kernel();
2808         return 0;
2809 }
2810
2811 /**
2812  *      tty_poll        -       check tty status
2813  *      @filp: file being polled
2814  *      @wait: poll wait structures to update
2815  *
2816  *      Call the line discipline polling method to obtain the poll
2817  *      status of the device.
2818  *
2819  *      Locking: locks called line discipline but ldisc poll method
2820  *      may be re-entered freely by other callers.
2821  */
2822
2823 static unsigned int tty_poll(struct file * filp, poll_table * wait)
2824 {
2825         struct tty_struct * tty;
2826         struct tty_ldisc *ld;
2827         int ret = 0;
2828
2829         tty = (struct tty_struct *)filp->private_data;
2830         if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_poll"))
2831                 return 0;
2832                 
2833         ld = tty_ldisc_ref_wait(tty);
2834         if (ld->poll)
2835                 ret = (ld->poll)(tty, filp, wait);
2836         tty_ldisc_deref(ld);
2837         return ret;
2838 }
2839
2840 static int tty_fasync(int fd, struct file * filp, int on)
2841 {
2842         struct tty_struct * tty;
2843         int retval;
2844
2845         tty = (struct tty_struct *)filp->private_data;
2846         if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_fasync"))
2847                 return 0;
2848         
2849         retval = fasync_helper(fd, filp, on, &tty->fasync);
2850         if (retval <= 0)
2851                 return retval;
2852
2853         if (on) {
2854                 enum pid_type type;
2855                 struct pid *pid;
2856                 if (!waitqueue_active(&tty->read_wait))
2857                         tty->minimum_to_wake = 1;
2858                 if (tty->pgrp) {
2859                         pid = tty->pgrp;
2860                         type = PIDTYPE_PGID;
2861                 } else {
2862                         pid = task_pid(current);
2863                         type = PIDTYPE_PID;
2864                 }
2865                 retval = __f_setown(filp, pid, type, 0);
2866                 if (retval)
2867                         return retval;
2868         } else {
2869                 if (!tty->fasync && !waitqueue_active(&tty->read_wait))
2870                         tty->minimum_to_wake = N_TTY_BUF_SIZE;
2871         }
2872         return 0;
2873 }
2874
2875 /**
2876  *      tiocsti                 -       fake input character
2877  *      @tty: tty to fake input into
2878  *      @p: pointer to character
2879  *
2880  *      Fake input to a tty device. Does the necessary locking and
2881  *      input management.
2882  *
2883  *      FIXME: does not honour flow control ??
2884  *
2885  *      Locking:
2886  *              Called functions take tty_ldisc_lock
2887  *              current->signal->tty check is safe without locks
2888  *
2889  *      FIXME: may race normal receive processing
2890  */
2891
2892 static int tiocsti(struct tty_struct *tty, char __user *p)
2893 {
2894         char ch, mbz = 0;
2895         struct tty_ldisc *ld;
2896         
2897         if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2898                 return -EPERM;
2899         if (get_user(ch, p))
2900                 return -EFAULT;
2901         ld = tty_ldisc_ref_wait(tty);
2902         ld->receive_buf(tty, &ch, &mbz, 1);
2903         tty_ldisc_deref(ld);
2904         return 0;
2905 }
2906
2907 /**
2908  *      tiocgwinsz              -       implement window query ioctl
2909  *      @tty; tty
2910  *      @arg: user buffer for result
2911  *
2912  *      Copies the kernel idea of the window size into the user buffer.
2913  *
2914  *      Locking: tty->termios_mutex is taken to ensure the winsize data
2915  *              is consistent.
2916  */
2917
2918 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user * arg)
2919 {
2920         int err;
2921
2922         mutex_lock(&tty->termios_mutex);
2923         err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2924         mutex_unlock(&tty->termios_mutex);
2925
2926         return err ? -EFAULT: 0;
2927 }
2928
2929 /**
2930  *      tiocswinsz              -       implement window size set ioctl
2931  *      @tty; tty
2932  *      @arg: user buffer for result
2933  *
2934  *      Copies the user idea of the window size to the kernel. Traditionally
2935  *      this is just advisory information but for the Linux console it
2936  *      actually has driver level meaning and triggers a VC resize.
2937  *
2938  *      Locking:
2939  *              Called function use the console_sem is used to ensure we do
2940  *      not try and resize the console twice at once.
2941  *              The tty->termios_mutex is used to ensure we don't double
2942  *      resize and get confused. Lock order - tty->termios_mutex before
2943  *      console sem
2944  */
2945
2946 static int tiocswinsz(struct tty_struct *tty, struct tty_struct *real_tty,
2947         struct winsize __user * arg)
2948 {
2949         struct winsize tmp_ws;
2950
2951         if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2952                 return -EFAULT;
2953
2954         mutex_lock(&tty->termios_mutex);
2955         if (!memcmp(&tmp_ws, &tty->winsize, sizeof(*arg)))
2956                 goto done;
2957
2958 #ifdef CONFIG_VT
2959         if (tty->driver->type == TTY_DRIVER_TYPE_CONSOLE) {
2960                 if (vc_lock_resize(tty->driver_data, tmp_ws.ws_col,
2961                                         tmp_ws.ws_row)) {
2962                         mutex_unlock(&tty->termios_mutex);
2963                         return -ENXIO;
2964                 }
2965         }
2966 #endif
2967         if (tty->pgrp)
2968                 kill_pgrp(tty->pgrp, SIGWINCH, 1);
2969         if ((real_tty->pgrp != tty->pgrp) && real_tty->pgrp)
2970                 kill_pgrp(real_tty->pgrp, SIGWINCH, 1);
2971         tty->winsize = tmp_ws;
2972         real_tty->winsize = tmp_ws;
2973 done:
2974         mutex_unlock(&tty->termios_mutex);
2975         return 0;
2976 }
2977
2978 /**
2979  *      tioccons        -       allow admin to move logical console
2980  *      @file: the file to become console
2981  *
2982  *      Allow the adminstrator to move the redirected console device
2983  *
2984  *      Locking: uses redirect_lock to guard the redirect information
2985  */
2986
2987 static int tioccons(struct file *file)
2988 {
2989         if (!capable(CAP_SYS_ADMIN))
2990                 return -EPERM;
2991         if (file->f_op->write == redirected_tty_write) {
2992                 struct file *f;
2993                 spin_lock(&redirect_lock);
2994                 f = redirect;
2995                 redirect = NULL;
2996                 spin_unlock(&redirect_lock);
2997                 if (f)
2998                         fput(f);
2999                 return 0;
3000         }
3001         spin_lock(&redirect_lock);
3002         if (redirect) {
3003                 spin_unlock(&redirect_lock);
3004                 return -EBUSY;
3005         }
3006         get_file(file);
3007         redirect = file;
3008         spin_unlock(&redirect_lock);
3009         return 0;
3010 }
3011
3012 /**
3013  *      fionbio         -       non blocking ioctl
3014  *      @file: file to set blocking value
3015  *      @p: user parameter
3016  *
3017  *      Historical tty interfaces had a blocking control ioctl before
3018  *      the generic functionality existed. This piece of history is preserved
3019  *      in the expected tty API of posix OS's.
3020  *
3021  *      Locking: none, the open fle handle ensures it won't go away.
3022  */
3023
3024 static int fionbio(struct file *file, int __user *p)
3025 {
3026         int nonblock;
3027
3028         if (get_user(nonblock, p))
3029                 return -EFAULT;
3030
3031         if (nonblock)
3032                 file->f_flags |= O_NONBLOCK;
3033         else
3034                 file->f_flags &= ~O_NONBLOCK;
3035         return 0;
3036 }
3037
3038 /**
3039  *      tiocsctty       -       set controlling tty
3040  *      @tty: tty structure
3041  *      @arg: user argument
3042  *
3043  *      This ioctl is used to manage job control. It permits a session
3044  *      leader to set this tty as the controlling tty for the session.
3045  *
3046  *      Locking:
3047  *              Takes tty_mutex() to protect tty instance
3048  *              Takes tasklist_lock internally to walk sessions
3049  *              Takes ->siglock() when updating signal->tty
3050  */
3051
3052 static int tiocsctty(struct tty_struct *tty, int arg)
3053 {
3054         int ret = 0;
3055         if (current->signal->leader && (task_session(current) == tty->session))
3056                 return ret;
3057
3058         mutex_lock(&tty_mutex);
3059         /*
3060          * The process must be a session leader and
3061          * not have a controlling tty already.
3062          */
3063         if (!current->signal->leader || current->signal->tty) {
3064                 ret = -EPERM;
3065                 goto unlock;
3066         }
3067
3068         if (tty->session) {
3069                 /*
3070                  * This tty is already the controlling
3071                  * tty for another session group!
3072                  */
3073                 if ((arg == 1) && capable(CAP_SYS_ADMIN)) {
3074                         /*
3075                          * Steal it away
3076                          */
3077                         read_lock(&tasklist_lock);
3078                         session_clear_tty(tty->session);
3079                         read_unlock(&tasklist_lock);
3080                 } else {
3081                         ret = -EPERM;
3082                         goto unlock;
3083                 }
3084         }
3085         proc_set_tty(current, tty);
3086 unlock:
3087         mutex_unlock(&tty_mutex);
3088         return ret;
3089 }
3090
3091 /**
3092  *      tiocgpgrp               -       get process group
3093  *      @tty: tty passed by user
3094  *      @real_tty: tty side of the tty pased by the user if a pty else the tty
3095  *      @p: returned pid
3096  *
3097  *      Obtain the process group of the tty. If there is no process group
3098  *      return an error.
3099  *
3100  *      Locking: none. Reference to current->signal->tty is safe.
3101  */
3102
3103 static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3104 {
3105         /*
3106          * (tty == real_tty) is a cheap way of
3107          * testing if the tty is NOT a master pty.
3108          */
3109         if (tty == real_tty && current->signal->tty != real_tty)
3110                 return -ENOTTY;
3111         return put_user(pid_vnr(real_tty->pgrp), p);
3112 }
3113
3114 /**
3115  *      tiocspgrp               -       attempt to set process group
3116  *      @tty: tty passed by user
3117  *      @real_tty: tty side device matching tty passed by user
3118  *      @p: pid pointer
3119  *
3120  *      Set the process group of the tty to the session passed. Only
3121  *      permitted where the tty session is our session.
3122  *
3123  *      Locking: None
3124  */
3125
3126 static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3127 {
3128         struct pid *pgrp;
3129         pid_t pgrp_nr;
3130         int retval = tty_check_change(real_tty);
3131
3132         if (retval == -EIO)
3133                 return -ENOTTY;
3134         if (retval)
3135                 return retval;
3136         if (!current->signal->tty ||
3137             (current->signal->tty != real_tty) ||
3138             (real_tty->session != task_session(current)))
3139                 return -ENOTTY;
3140         if (get_user(pgrp_nr, p))
3141                 return -EFAULT;
3142         if (pgrp_nr < 0)
3143                 return -EINVAL;
3144         rcu_read_lock();
3145         pgrp = find_vpid(pgrp_nr);
3146         retval = -ESRCH;
3147         if (!pgrp)
3148                 goto out_unlock;
3149         retval = -EPERM;
3150         if (session_of_pgrp(pgrp) != task_session(current))
3151                 goto out_unlock;
3152         retval = 0;
3153         put_pid(real_tty->pgrp);
3154         real_tty->pgrp = get_pid(pgrp);
3155 out_unlock:
3156         rcu_read_unlock();
3157         return retval;
3158 }
3159
3160 /**
3161  *      tiocgsid                -       get session id
3162  *      @tty: tty passed by user
3163  *      @real_tty: tty side of the tty pased by the user if a pty else the tty
3164  *      @p: pointer to returned session id
3165  *
3166  *      Obtain the session id of the tty. If there is no session
3167  *      return an error.
3168  *
3169  *      Locking: none. Reference to current->signal->tty is safe.
3170  */
3171
3172 static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3173 {
3174         /*
3175          * (tty == real_tty) is a cheap way of
3176          * testing if the tty is NOT a master pty.
3177         */
3178         if (tty == real_tty && current->signal->tty != real_tty)
3179                 return -ENOTTY;
3180         if (!real_tty->session)
3181                 return -ENOTTY;
3182         return put_user(pid_vnr(real_tty->session), p);
3183 }
3184
3185 /**
3186  *      tiocsetd        -       set line discipline
3187  *      @tty: tty device
3188  *      @p: pointer to user data
3189  *
3190  *      Set the line discipline according to user request.
3191  *
3192  *      Locking: see tty_set_ldisc, this function is just a helper
3193  */
3194
3195 static int tiocsetd(struct tty_struct *tty, int __user *p)
3196 {
3197         int ldisc;
3198
3199         if (get_user(ldisc, p))
3200                 return -EFAULT;
3201         return tty_set_ldisc(tty, ldisc);
3202 }
3203
3204 /**
3205  *      send_break      -       performed time break
3206  *      @tty: device to break on
3207  *      @duration: timeout in mS
3208  *
3209  *      Perform a timed break on hardware that lacks its own driver level
3210  *      timed break functionality.
3211  *
3212  *      Locking:
3213  *              atomic_write_lock serializes
3214  *
3215  */
3216
3217 static int send_break(struct tty_struct *tty, unsigned int duration)
3218 {
3219         if (tty_write_lock(tty, 0) < 0)
3220                 return -EINTR;
3221         tty->driver->break_ctl(tty, -1);
3222         if (!signal_pending(current))
3223                 msleep_interruptible(duration);
3224         tty->driver->break_ctl(tty, 0);
3225         tty_write_unlock(tty);
3226         if (signal_pending(current))
3227                 return -EINTR;
3228         return 0;
3229 }
3230
3231 /**
3232  *      tiocmget                -       get modem status
3233  *      @tty: tty device
3234  *      @file: user file pointer
3235  *      @p: pointer to result
3236  *
3237  *      Obtain the modem status bits from the tty driver if the feature
3238  *      is supported. Return -EINVAL if it is not available.
3239  *
3240  *      Locking: none (up to the driver)
3241  */
3242
3243 static int tty_tiocmget(struct tty_struct *tty, struct file *file, int __user *p)
3244 {
3245         int retval = -EINVAL;
3246
3247         if (tty->driver->tiocmget) {
3248                 retval = tty->driver->tiocmget(tty, file);
3249
3250                 if (retval >= 0)
3251                         retval = put_user(retval, p);
3252         }
3253         return retval;
3254 }
3255
3256 /**
3257  *      tiocmset                -       set modem status
3258  *      @tty: tty device
3259  *      @file: user file pointer
3260  *      @cmd: command - clear bits, set bits or set all
3261  *      @p: pointer to desired bits
3262  *
3263  *      Set the modem status bits from the tty driver if the feature
3264  *      is supported. Return -EINVAL if it is not available.
3265  *
3266  *      Locking: none (up to the driver)
3267  */
3268
3269 static int tty_tiocmset(struct tty_struct *tty, struct file *file, unsigned int cmd,
3270              unsigned __user *p)
3271 {
3272         int retval = -EINVAL;
3273
3274         if (tty->driver->tiocmset) {
3275                 unsigned int set, clear, val;
3276
3277                 retval = get_user(val, p);
3278                 if (retval)
3279                         return retval;
3280
3281                 set = clear = 0;
3282                 switch (cmd) {
3283                 case TIOCMBIS:
3284                         set = val;
3285                         break;
3286                 case TIOCMBIC:
3287                         clear = val;
3288                         break;
3289                 case TIOCMSET:
3290                         set = val;
3291                         clear = ~val;
3292                         break;
3293                 }
3294
3295                 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
3296                 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
3297
3298                 retval = tty->driver->tiocmset(tty, file, set, clear);
3299         }
3300         return retval;
3301 }
3302
3303 /*
3304  * Split this up, as gcc can choke on it otherwise..
3305  */
3306 int tty_ioctl(struct inode * inode, struct file * file,
3307               unsigned int cmd, unsigned long arg)
3308 {
3309         struct tty_struct *tty, *real_tty;
3310         void __user *p = (void __user *)arg;
3311         int retval;
3312         struct tty_ldisc *ld;
3313         
3314         tty = (struct tty_struct *)file->private_data;
3315         if (tty_paranoia_check(tty, inode, "tty_ioctl"))
3316                 return -EINVAL;
3317
3318         /* CHECKME: is this safe as one end closes ? */
3319
3320         real_tty = tty;
3321         if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
3322             tty->driver->subtype == PTY_TYPE_MASTER)
3323                 real_tty = tty->link;
3324
3325         /*
3326          * Break handling by driver
3327          */
3328         if (!tty->driver->break_ctl) {
3329                 switch(cmd) {
3330                 case TIOCSBRK:
3331                 case TIOCCBRK:
3332                         if (tty->driver->ioctl)
3333                                 return tty->driver->ioctl(tty, file, cmd, arg);
3334                         return -EINVAL;
3335                         
3336                 /* These two ioctl's always return success; even if */
3337                 /* the driver doesn't support them. */
3338                 case TCSBRK:
3339                 case TCSBRKP:
3340                         if (!tty->driver->ioctl)
3341                                 return 0;
3342                         retval = tty->driver->ioctl(tty, file, cmd, arg);
3343                         if (retval == -ENOIOCTLCMD)
3344                                 retval = 0;
3345                         return retval;
3346                 }
3347         }
3348
3349         /*
3350          * Factor out some common prep work
3351          */
3352         switch (cmd) {
3353         case TIOCSETD:
3354         case TIOCSBRK:
3355         case TIOCCBRK:
3356         case TCSBRK:
3357         case TCSBRKP:                   
3358                 retval = tty_check_change(tty);
3359                 if (retval)
3360                         return retval;
3361                 if (cmd != TIOCCBRK) {
3362                         tty_wait_until_sent(tty, 0);
3363                         if (signal_pending(current))
3364                                 return -EINTR;
3365                 }
3366                 break;
3367         }
3368
3369         switch (cmd) {
3370                 case TIOCSTI:
3371                         return tiocsti(tty, p);
3372                 case TIOCGWINSZ:
3373                         return tiocgwinsz(tty, p);
3374                 case TIOCSWINSZ:
3375                         return tiocswinsz(tty, real_tty, p);
3376                 case TIOCCONS:
3377                         return real_tty!=tty ? -EINVAL : tioccons(file);
3378                 case FIONBIO:
3379                         return fionbio(file, p);
3380                 case TIOCEXCL:
3381                         set_bit(TTY_EXCLUSIVE, &tty->flags);
3382                         return 0;
3383                 case TIOCNXCL:
3384                         clear_bit(TTY_EXCLUSIVE, &tty->flags);
3385                         return 0;
3386                 case TIOCNOTTY:
3387                         if (current->signal->tty != tty)
3388                                 return -ENOTTY;
3389                         no_tty();
3390                         return 0;
3391                 case TIOCSCTTY:
3392                         return tiocsctty(tty, arg);
3393                 case TIOCGPGRP:
3394                         return tiocgpgrp(tty, real_tty, p);
3395                 case TIOCSPGRP:
3396                         return tiocspgrp(tty, real_tty, p);
3397                 case TIOCGSID:
3398                         return tiocgsid(tty, real_tty, p);
3399                 case TIOCGETD:
3400                         /* FIXME: check this is ok */
3401                         return put_user(tty->ldisc.num, (int __user *)p);
3402                 case TIOCSETD:
3403                         return tiocsetd(tty, p);
3404 #ifdef CONFIG_VT
3405                 case TIOCLINUX:
3406                         return tioclinux(tty, arg);
3407 #endif
3408                 /*
3409                  * Break handling
3410                  */
3411                 case TIOCSBRK:  /* Turn break on, unconditionally */
3412                         tty->driver->break_ctl(tty, -1);
3413                         return 0;
3414                         
3415                 case TIOCCBRK:  /* Turn break off, unconditionally */
3416                         tty->driver->break_ctl(tty, 0);
3417                         return 0;
3418                 case TCSBRK:   /* SVID version: non-zero arg --> no break */
3419                         /* non-zero arg means wait for all output data
3420                          * to be sent (performed above) but don't send break.
3421                          * This is used by the tcdrain() termios function.
3422                          */
3423                         if (!arg)
3424                                 return send_break(tty, 250);
3425                         return 0;
3426                 case TCSBRKP:   /* support for POSIX tcsendbreak() */   
3427                         return send_break(tty, arg ? arg*100 : 250);
3428
3429                 case TIOCMGET:
3430                         return tty_tiocmget(tty, file, p);
3431
3432                 case TIOCMSET:
3433                 case TIOCMBIC:
3434                 case TIOCMBIS:
3435                         return tty_tiocmset(tty, file, cmd, p);
3436                 case TCFLSH:
3437                         switch (arg) {
3438                         case TCIFLUSH:
3439                         case TCIOFLUSH:
3440                                 /* flush tty buffer and allow ldisc to process ioctl */
3441                                 tty_buffer_flush(tty);
3442                                 break;
3443                         }
3444                         break;
3445         }
3446         if (tty->driver->ioctl) {
3447                 retval = (tty->driver->ioctl)(tty, file, cmd, arg);
3448                 if (retval != -ENOIOCTLCMD)
3449                         return retval;
3450         }
3451         ld = tty_ldisc_ref_wait(tty);
3452         retval = -EINVAL;
3453         if (ld->ioctl) {
3454                 retval = ld->ioctl(tty, file, cmd, arg);
3455                 if (retval == -ENOIOCTLCMD)
3456                         retval = -EINVAL;
3457         }
3458         tty_ldisc_deref(ld);
3459         return retval;
3460 }
3461
3462 #ifdef CONFIG_COMPAT
3463 static long tty_compat_ioctl(struct file * file, unsigned int cmd,
3464                                 unsigned long arg)
3465 {
3466         struct inode *inode = file->f_dentry->d_inode;
3467         struct tty_struct *tty = file->private_data;
3468         struct tty_ldisc *ld;
3469         int retval = -ENOIOCTLCMD;
3470
3471         if (tty_paranoia_check(tty, inode, "tty_ioctl"))
3472                 return -EINVAL;
3473
3474         if (tty->driver->compat_ioctl) {
3475                 retval = (tty->driver->compat_ioctl)(tty, file, cmd, arg);
3476                 if (retval != -ENOIOCTLCMD)
3477                         return retval;
3478         }
3479
3480         ld = tty_ldisc_ref_wait(tty);
3481         if (ld->compat_ioctl)
3482                 retval = ld->compat_ioctl(tty, file, cmd, arg);
3483         tty_ldisc_deref(ld);
3484
3485         return retval;
3486 }
3487 #endif
3488
3489 /*
3490  * This implements the "Secure Attention Key" ---  the idea is to
3491  * prevent trojan horses by killing all processes associated with this
3492  * tty when the user hits the "Secure Attention Key".  Required for
3493  * super-paranoid applications --- see the Orange Book for more details.
3494  * 
3495  * This code could be nicer; ideally it should send a HUP, wait a few
3496  * seconds, then send a INT, and then a KILL signal.  But you then
3497  * have to coordinate with the init process, since all processes associated
3498  * with the current tty must be dead before the new getty is allowed
3499  * to spawn.
3500  *
3501  * Now, if it would be correct ;-/ The current code has a nasty hole -
3502  * it doesn't catch files in flight. We may send the descriptor to ourselves
3503  * via AF_UNIX socket, close it and later fetch from socket. FIXME.
3504  *
3505  * Nasty bug: do_SAK is being called in interrupt context.  This can
3506  * deadlock.  We punt it up to process context.  AKPM - 16Mar2001
3507  */
3508 void __do_SAK(struct tty_struct *tty)
3509 {
3510 #ifdef TTY_SOFT_SAK
3511         tty_hangup(tty);
3512 #else
3513         struct task_struct *g, *p;
3514         struct pid *session;
3515         int             i;
3516         struct file     *filp;
3517         struct fdtable *fdt;
3518         
3519         if (!tty)
3520                 return;
3521         session = tty->session;
3522         
3523         tty_ldisc_flush(tty);
3524
3525         if (tty->driver->flush_buffer)
3526                 tty->driver->flush_buffer(tty);
3527         
3528         read_lock(&tasklist_lock);
3529         /* Kill the entire session */
3530         do_each_pid_task(session, PIDTYPE_SID, p) {
3531                 printk(KERN_NOTICE "SAK: killed process %d"
3532                         " (%s): task_session_nr(p)==tty->session\n",
3533                         task_pid_nr(p), p->comm);
3534                 send_sig(SIGKILL, p, 1);
3535         } while_each_pid_task(session, PIDTYPE_SID, p);
3536         /* Now kill any processes that happen to have the
3537          * tty open.
3538          */
3539         do_each_thread(g, p) {
3540                 if (p->signal->tty == tty) {
3541                         printk(KERN_NOTICE "SAK: killed process %d"
3542                             " (%s): task_session_nr(p)==tty->session\n",
3543                             task_pid_nr(p), p->comm);
3544                         send_sig(SIGKILL, p, 1);
3545                         continue;
3546                 }
3547                 task_lock(p);
3548                 if (p->files) {
3549                         /*
3550                          * We don't take a ref to the file, so we must
3551                          * hold ->file_lock instead.
3552                          */
3553                         spin_lock(&p->files->file_lock);
3554                         fdt = files_fdtable(p->files);
3555                         for (i=0; i < fdt->max_fds; i++) {
3556                                 filp = fcheck_files(p->files, i);
3557                                 if (!filp)
3558                                         continue;
3559                                 if (filp->f_op->read == tty_read &&
3560                                     filp->private_data == tty) {
3561                                         printk(KERN_NOTICE "SAK: killed process %d"
3562                                             " (%s): fd#%d opened to the tty\n",
3563                                             task_pid_nr(p), p->comm, i);
3564                                         force_sig(SIGKILL, p);
3565                                         break;
3566                                 }
3567                         }
3568                         spin_unlock(&p->files->file_lock);
3569                 }
3570                 task_unlock(p);
3571         } while_each_thread(g, p);
3572         read_unlock(&tasklist_lock);
3573 #endif
3574 }
3575
3576 static void do_SAK_work(struct work_struct *work)
3577 {
3578         struct tty_struct *tty =
3579                 container_of(work, struct tty_struct, SAK_work);
3580         __do_SAK(tty);
3581 }
3582
3583 /*
3584  * The tq handling here is a little racy - tty->SAK_work may already be queued.
3585  * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3586  * the values which we write to it will be identical to the values which it
3587  * already has. --akpm
3588  */
3589 void do_SAK(struct tty_struct *tty)
3590 {
3591         if (!tty)
3592                 return;
3593         schedule_work(&tty->SAK_work);
3594 }
3595
3596 EXPORT_SYMBOL(do_SAK);
3597
3598 /**
3599  *      flush_to_ldisc
3600  *      @work: tty structure passed from work queue.
3601  *
3602  *      This routine is called out of the software interrupt to flush data
3603  *      from the buffer chain to the line discipline.
3604  *
3605  *      Locking: holds tty->buf.lock to guard buffer list. Drops the lock
3606  *      while invoking the line discipline receive_buf method. The
3607  *      receive_buf method is single threaded for each tty instance.
3608  */
3609  
3610 static void flush_to_ldisc(struct work_struct *work)
3611 {
3612         struct tty_struct *tty =
3613                 container_of(work, struct tty_struct, buf.work.work);
3614         unsigned long   flags;
3615         struct tty_ldisc *disc;
3616         struct tty_buffer *tbuf, *head;
3617         char *char_buf;
3618         unsigned char *flag_buf;
3619
3620         disc = tty_ldisc_ref(tty);
3621         if (disc == NULL)       /*  !TTY_LDISC */
3622                 return;
3623
3624         spin_lock_irqsave(&tty->buf.lock, flags);
3625         set_bit(TTY_FLUSHING, &tty->flags);     /* So we know a flush is running */
3626         head = tty->buf.head;
3627         if (head != NULL) {
3628                 tty->buf.head = NULL;
3629                 for (;;) {
3630                         int count = head->commit - head->read;
3631                         if (!count) {
3632                                 if (head->next == NULL)
3633                                         break;
3634                                 tbuf = head;
3635                                 head = head->next;
3636                                 tty_buffer_free(tty, tbuf);
3637                                 continue;
3638                         }
3639                         /* Ldisc or user is trying to flush the buffers
3640                            we are feeding to the ldisc, stop feeding the
3641                            line discipline as we want to empty the queue */
3642                         if (test_bit(TTY_FLUSHPENDING, &tty->flags))
3643                                 break;
3644                         if (!tty->receive_room) {
3645                                 schedule_delayed_work(&tty->buf.work, 1);
3646                                 break;
3647                         }
3648                         if (count > tty->receive_room)
3649                                 count = tty->receive_room;
3650                         char_buf = head->char_buf_ptr + head->read;
3651                         flag_buf = head->flag_buf_ptr + head->read;
3652                         head->read += count;
3653                         spin_unlock_irqrestore(&tty->buf.lock, flags);
3654                         disc->receive_buf(tty, char_buf, flag_buf, count);
3655                         spin_lock_irqsave(&tty->buf.lock, flags);
3656                 }
3657                 /* Restore the queue head */
3658                 tty->buf.head = head;
3659         }
3660         /* We may have a deferred request to flush the input buffer,
3661            if so pull the chain under the lock and empty the queue */
3662         if (test_bit(TTY_FLUSHPENDING, &tty->flags)) {
3663                 __tty_buffer_flush(tty);
3664                 clear_bit(TTY_FLUSHPENDING, &tty->flags);
3665                 wake_up(&tty->read_wait);
3666         }
3667         clear_bit(TTY_FLUSHING, &tty->flags);
3668         spin_unlock_irqrestore(&tty->buf.lock, flags);
3669
3670         tty_ldisc_deref(disc);
3671 }
3672
3673 /**
3674  *      tty_flip_buffer_push    -       terminal
3675  *      @tty: tty to push
3676  *
3677  *      Queue a push of the terminal flip buffers to the line discipline. This
3678  *      function must not be called from IRQ context if tty->low_latency is set.
3679  *
3680  *      In the event of the queue being busy for flipping the work will be
3681  *      held off and retried later.
3682  *
3683  *      Locking: tty buffer lock. Driver locks in low latency mode.
3684  */
3685
3686 void tty_flip_buffer_push(struct tty_struct *tty)
3687 {
3688         unsigned long flags;
3689         spin_lock_irqsave(&tty->buf.lock, flags);
3690         if (tty->buf.tail != NULL)
3691                 tty->buf.tail->commit = tty->buf.tail->used;
3692         spin_unlock_irqrestore(&tty->buf.lock, flags);
3693
3694         if (tty->low_latency)
3695                 flush_to_ldisc(&tty->buf.work.work);
3696         else
3697                 schedule_delayed_work(&tty->buf.work, 1);
3698 }
3699
3700 EXPORT_SYMBOL(tty_flip_buffer_push);
3701
3702
3703 /**
3704  *      initialize_tty_struct
3705  *      @tty: tty to initialize
3706  *
3707  *      This subroutine initializes a tty structure that has been newly
3708  *      allocated.
3709  *
3710  *      Locking: none - tty in question must not be exposed at this point
3711  */
3712
3713 static void initialize_tty_struct(struct tty_struct *tty)
3714 {
3715         memset(tty, 0, sizeof(struct tty_struct));
3716         tty->magic = TTY_MAGIC;
3717         tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
3718         tty->session = NULL;
3719         tty->pgrp = NULL;
3720         tty->overrun_time = jiffies;
3721         tty->buf.head = tty->buf.tail = NULL;
3722         tty_buffer_init(tty);
3723         INIT_DELAYED_WORK(&tty->buf.work, flush_to_ldisc);
3724         init_MUTEX(&tty->buf.pty_sem);
3725         mutex_init(&tty->termios_mutex);
3726         init_waitqueue_head(&tty->write_wait);
3727         init_waitqueue_head(&tty->read_wait);
3728         INIT_WORK(&tty->hangup_work, do_tty_hangup);
3729         mutex_init(&tty->atomic_read_lock);
3730         mutex_init(&tty->atomic_write_lock);
3731         spin_lock_init(&tty->read_lock);
3732         INIT_LIST_HEAD(&tty->tty_files);
3733         INIT_WORK(&tty->SAK_work, do_SAK_work);
3734 }
3735
3736 /*
3737  * The default put_char routine if the driver did not define one.
3738  */
3739
3740 static void tty_default_put_char(struct tty_struct *tty, unsigned char ch)
3741 {
3742         tty->driver->write(tty, &ch, 1);
3743 }
3744
3745 static struct class *tty_class;
3746
3747 /**
3748  *      tty_register_device - register a tty device
3749  *      @driver: the tty driver that describes the tty device
3750  *      @index: the index in the tty driver for this tty device
3751  *      @device: a struct device that is associated with this tty device.
3752  *              This field is optional, if there is no known struct device
3753  *              for this tty device it can be set to NULL safely.
3754  *
3755  *      Returns a pointer to the struct device for this tty device
3756  *      (or ERR_PTR(-EFOO) on error).
3757  *
3758  *      This call is required to be made to register an individual tty device
3759  *      if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set.  If
3760  *      that bit is not set, this function should not be called by a tty
3761  *      driver.
3762  *
3763  *      Locking: ??
3764  */
3765
3766 struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3767                                    struct device *device)
3768 {
3769         char name[64];
3770         dev_t dev = MKDEV(driver->major, driver->minor_start) + index;
3771
3772         if (index >= driver->num) {
3773                 printk(KERN_ERR "Attempt to register invalid tty line number "
3774                        " (%d).\n", index);
3775                 return ERR_PTR(-EINVAL);
3776         }
3777
3778         if (driver->type == TTY_DRIVER_TYPE_PTY)
3779                 pty_line_name(driver, index, name);
3780         else
3781                 tty_line_name(driver, index, name);
3782
3783         return device_create(tty_class, device, dev, name);
3784 }
3785
3786 /**
3787  *      tty_unregister_device - unregister a tty device
3788  *      @driver: the tty driver that describes the tty device
3789  *      @index: the index in the tty driver for this tty device
3790  *
3791  *      If a tty device is registered with a call to tty_register_device() then
3792  *      this function must be called when the tty device is gone.
3793  *
3794  *      Locking: ??
3795  */
3796
3797 void tty_unregister_device(struct tty_driver *driver, unsigned index)
3798 {
3799         device_destroy(tty_class, MKDEV(driver->major, driver->minor_start) + index);
3800 }
3801
3802 EXPORT_SYMBOL(tty_register_device);
3803 EXPORT_SYMBOL(tty_unregister_device);
3804
3805 struct tty_driver *alloc_tty_driver(int lines)
3806 {
3807         struct tty_driver *driver;
3808
3809         driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL);
3810         if (driver) {
3811                 driver->magic = TTY_DRIVER_MAGIC;
3812                 driver->num = lines;
3813                 /* later we'll move allocation of tables here */
3814         }
3815         return driver;
3816 }
3817
3818 void put_tty_driver(struct tty_driver *driver)
3819 {
3820         kfree(driver);
3821 }
3822
3823 void tty_set_operations(struct tty_driver *driver,
3824                         const struct tty_operations *op)
3825 {
3826         driver->open = op->open;
3827         driver->close = op->close;
3828         driver->write = op->write;
3829         driver->put_char = op->put_char;
3830         driver->flush_chars = op->flush_chars;
3831         driver->write_room = op->write_room;
3832         driver->chars_in_buffer = op->chars_in_buffer;
3833         driver->ioctl = op->ioctl;
3834         driver->compat_ioctl = op->compat_ioctl;
3835         driver->set_termios = op->set_termios;
3836         driver->throttle = op->throttle;
3837         driver->unthrottle = op->unthrottle;
3838         driver->stop = op->stop;
3839         driver->start = op->start;
3840         driver->hangup = op->hangup;
3841         driver->break_ctl = op->break_ctl;
3842         driver->flush_buffer = op->flush_buffer;
3843         driver->set_ldisc = op->set_ldisc;
3844         driver->wait_until_sent = op->wait_until_sent;
3845         driver->send_xchar = op->send_xchar;
3846         driver->read_proc = op->read_proc;
3847         driver->write_proc = op->write_proc;
3848         driver->tiocmget = op->tiocmget;
3849         driver->tiocmset = op->tiocmset;
3850 }
3851
3852
3853 EXPORT_SYMBOL(alloc_tty_driver);
3854 EXPORT_SYMBOL(put_tty_driver);
3855 EXPORT_SYMBOL(tty_set_operations);
3856
3857 /*
3858  * Called by a tty driver to register itself.
3859  */
3860 int tty_register_driver(struct tty_driver *driver)
3861 {
3862         int error;
3863         int i;
3864         dev_t dev;
3865         void **p = NULL;
3866
3867         if (driver->flags & TTY_DRIVER_INSTALLED)
3868                 return 0;
3869
3870         if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM) && driver->num) {
3871                 p = kzalloc(driver->num * 3 * sizeof(void *), GFP_KERNEL);
3872                 if (!p)
3873                         return -ENOMEM;
3874         }
3875
3876         if (!driver->major) {
3877                 error = alloc_chrdev_region(&dev, driver->minor_start, driver->num,
3878                                                 driver->name);
3879                 if (!error) {
3880                         driver->major = MAJOR(dev);
3881                         driver->minor_start = MINOR(dev);
3882                 }
3883         } else {
3884                 dev = MKDEV(driver->major, driver->minor_start);
3885                 error = register_chrdev_region(dev, driver->num, driver->name);
3886         }
3887         if (error < 0) {
3888                 kfree(p);
3889                 return error;
3890         }
3891
3892         if (p) {
3893                 driver->ttys = (struct tty_struct **)p;
3894                 driver->termios = (struct ktermios **)(p + driver->num);
3895                 driver->termios_locked = (struct ktermios **)(p + driver->num * 2);
3896         } else {
3897                 driver->ttys = NULL;
3898                 driver->termios = NULL;
3899                 driver->termios_locked = NULL;
3900         }
3901
3902         cdev_init(&driver->cdev, &tty_fops);
3903         driver->cdev.owner = driver->owner;
3904         error = cdev_add(&driver->cdev, dev, driver->num);
3905         if (error) {
3906                 unregister_chrdev_region(dev, driver->num);
3907                 driver->ttys = NULL;
3908                 driver->termios = driver->termios_locked = NULL;
3909                 kfree(p);
3910                 return error;
3911         }
3912
3913         if (!driver->put_char)
3914                 driver->put_char = tty_default_put_char;
3915         
3916         mutex_lock(&tty_mutex);
3917         list_add(&driver->tty_drivers, &tty_drivers);
3918         mutex_unlock(&tty_mutex);
3919         
3920         if ( !(driver->flags & TTY_DRIVER_DYNAMIC_DEV) ) {
3921                 for(i = 0; i < driver->num; i++)
3922                     tty_register_device(driver, i, NULL);
3923         }
3924         proc_tty_register_driver(driver);
3925         return 0;
3926 }
3927
3928 EXPORT_SYMBOL(tty_register_driver);
3929
3930 /*
3931  * Called by a tty driver to unregister itself.
3932  */
3933 int tty_unregister_driver(struct tty_driver *driver)
3934 {
3935         int i;
3936         struct ktermios *tp;
3937         void *p;
3938
3939         if (driver->refcount)
3940                 return -EBUSY;
3941
3942         unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3943                                 driver->num);
3944         mutex_lock(&tty_mutex);
3945         list_del(&driver->tty_drivers);
3946         mutex_unlock(&tty_mutex);
3947
3948         /*
3949          * Free the termios and termios_locked structures because
3950          * we don't want to get memory leaks when modular tty
3951          * drivers are removed from the kernel.
3952          */
3953         for (i = 0; i < driver->num; i++) {
3954                 tp = driver->termios[i];
3955                 if (tp) {
3956                         driver->termios[i] = NULL;
3957                         kfree(tp);
3958                 }
3959                 tp = driver->termios_locked[i];
3960                 if (tp) {
3961                         driver->termios_locked[i] = NULL;
3962                         kfree(tp);
3963                 }
3964                 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3965                         tty_unregister_device(driver, i);
3966         }
3967         p = driver->ttys;
3968         proc_tty_unregister_driver(driver);
3969         driver->ttys = NULL;
3970         driver->termios = driver->termios_locked = NULL;
3971         kfree(p);
3972         cdev_del(&driver->cdev);
3973         return 0;
3974 }
3975 EXPORT_SYMBOL(tty_unregister_driver);
3976
3977 dev_t tty_devnum(struct tty_struct *tty)
3978 {
3979         return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3980 }
3981 EXPORT_SYMBOL(tty_devnum);
3982
3983 void proc_clear_tty(struct task_struct *p)
3984 {
3985         spin_lock_irq(&p->sighand->siglock);
3986         p->signal->tty = NULL;
3987         spin_unlock_irq(&p->sighand->siglock);
3988 }
3989 EXPORT_SYMBOL(proc_clear_tty);
3990
3991 static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
3992 {
3993         if (tty) {
3994                 /* We should not have a session or pgrp to here but.... */
3995                 put_pid(tty->session);
3996                 put_pid(tty->pgrp);
3997                 tty->session = get_pid(task_session(tsk));
3998                 tty->pgrp = get_pid(task_pgrp(tsk));
3999         }
4000         put_pid(tsk->signal->tty_old_pgrp);
4001         tsk->signal->tty = tty;
4002         tsk->signal->tty_old_pgrp = NULL;
4003 }
4004
4005 static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
4006 {
4007         spin_lock_irq(&tsk->sighand->siglock);
4008         __proc_set_tty(tsk, tty);
4009         spin_unlock_irq(&tsk->sighand->siglock);
4010 }
4011
4012 struct tty_struct *get_current_tty(void)
4013 {
4014         struct tty_struct *tty;
4015         WARN_ON_ONCE(!mutex_is_locked(&tty_mutex));
4016         tty = current->signal->tty;
4017         /*
4018          * session->tty can be changed/cleared from under us, make sure we
4019          * issue the load. The obtained pointer, when not NULL, is valid as
4020          * long as we hold tty_mutex.
4021          */
4022         barrier();
4023         return tty;
4024 }
4025 EXPORT_SYMBOL_GPL(get_current_tty);
4026
4027 /*
4028  * Initialize the console device. This is called *early*, so
4029  * we can't necessarily depend on lots of kernel help here.
4030  * Just do some early initializations, and do the complex setup
4031  * later.
4032  */
4033 void __init console_init(void)
4034 {
4035         initcall_t *call;
4036
4037         /* Setup the default TTY line discipline. */
4038         (void) tty_register_ldisc(N_TTY, &tty_ldisc_N_TTY);
4039
4040         /*
4041          * set up the console device so that later boot sequences can 
4042          * inform about problems etc..
4043          */
4044         call = __con_initcall_start;
4045         while (call < __con_initcall_end) {
4046                 (*call)();
4047                 call++;
4048         }
4049 }
4050
4051 #ifdef CONFIG_VT
4052 extern int vty_init(void);
4053 #endif
4054
4055 static int __init tty_class_init(void)
4056 {
4057         tty_class = class_create(THIS_MODULE, "tty");
4058         if (IS_ERR(tty_class))
4059                 return PTR_ERR(tty_class);
4060         return 0;
4061 }
4062
4063 postcore_initcall(tty_class_init);
4064
4065 /* 3/2004 jmc: why do these devices exist? */
4066
4067 static struct cdev tty_cdev, console_cdev;
4068 #ifdef CONFIG_UNIX98_PTYS
4069 static struct cdev ptmx_cdev;
4070 #endif
4071 #ifdef CONFIG_VT
4072 static struct cdev vc0_cdev;
4073 #endif
4074
4075 /*
4076  * Ok, now we can initialize the rest of the tty devices and can count
4077  * on memory allocations, interrupts etc..
4078  */
4079 static int __init tty_init(void)
4080 {
4081         cdev_init(&tty_cdev, &tty_fops);
4082         if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
4083             register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
4084                 panic("Couldn't register /dev/tty driver\n");
4085         device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), "tty");
4086
4087         cdev_init(&console_cdev, &console_fops);
4088         if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
4089             register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
4090                 panic("Couldn't register /dev/console driver\n");
4091         device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), "console");
4092
4093 #ifdef CONFIG_UNIX98_PTYS
4094         cdev_init(&ptmx_cdev, &ptmx_fops);
4095         if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) ||
4096             register_chrdev_region(MKDEV(TTYAUX_MAJOR, 2), 1, "/dev/ptmx") < 0)
4097                 panic("Couldn't register /dev/ptmx driver\n");
4098         device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 2), "ptmx");
4099 #endif
4100
4101 #ifdef CONFIG_VT
4102         cdev_init(&vc0_cdev, &console_fops);
4103         if (cdev_add(&vc0_cdev, MKDEV(TTY_MAJOR, 0), 1) ||
4104             register_chrdev_region(MKDEV(TTY_MAJOR, 0), 1, "/dev/vc/0") < 0)
4105                 panic("Couldn't register /dev/tty0 driver\n");
4106         device_create(tty_class, NULL, MKDEV(TTY_MAJOR, 0), "tty0");
4107
4108         vty_init();
4109 #endif
4110         return 0;
4111 }
4112 module_init(tty_init);