732316899ca48cc1bcaebaa842aad216e0d2ed54
[linux-2.6.git] / drivers / char / tty_io.c
1 /*
2  *  linux/drivers/char/tty_io.c
3  *
4  *  Copyright (C) 1991, 1992  Linus Torvalds
5  */
6
7 /*
8  * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
9  * or rs-channels. It also implements echoing, cooked mode etc.
10  *
11  * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
12  *
13  * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
14  * tty_struct and tty_queue structures.  Previously there was an array
15  * of 256 tty_struct's which was statically allocated, and the
16  * tty_queue structures were allocated at boot time.  Both are now
17  * dynamically allocated only when the tty is open.
18  *
19  * Also restructured routines so that there is more of a separation
20  * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
21  * the low-level tty routines (serial.c, pty.c, console.c).  This
22  * makes for cleaner and more compact code.  -TYT, 9/17/92
23  *
24  * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
25  * which can be dynamically activated and de-activated by the line
26  * discipline handling modules (like SLIP).
27  *
28  * NOTE: pay no attention to the line discipline code (yet); its
29  * interface is still subject to change in this version...
30  * -- TYT, 1/31/92
31  *
32  * Added functionality to the OPOST tty handling.  No delays, but all
33  * other bits should be there.
34  *      -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
35  *
36  * Rewrote canonical mode and added more termios flags.
37  *      -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
38  *
39  * Reorganized FASYNC support so mouse code can share it.
40  *      -- ctm@ardi.com, 9Sep95
41  *
42  * New TIOCLINUX variants added.
43  *      -- mj@k332.feld.cvut.cz, 19-Nov-95
44  *
45  * Restrict vt switching via ioctl()
46  *      -- grif@cs.ucr.edu, 5-Dec-95
47  *
48  * Move console and virtual terminal code to more appropriate files,
49  * implement CONFIG_VT and generalize console device interface.
50  *      -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
51  *
52  * Rewrote init_dev and release_dev to eliminate races.
53  *      -- Bill Hawes <whawes@star.net>, June 97
54  *
55  * Added devfs support.
56  *      -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
57  *
58  * Added support for a Unix98-style ptmx device.
59  *      -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
60  *
61  * Reduced memory usage for older ARM systems
62  *      -- Russell King <rmk@arm.linux.org.uk>
63  *
64  * Move do_SAK() into process context.  Less stack use in devfs functions.
65  * alloc_tty_struct() always uses kmalloc()
66  *                       -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
67  */
68
69 #include <linux/types.h>
70 #include <linux/major.h>
71 #include <linux/errno.h>
72 #include <linux/signal.h>
73 #include <linux/fcntl.h>
74 #include <linux/sched.h>
75 #include <linux/interrupt.h>
76 #include <linux/tty.h>
77 #include <linux/tty_driver.h>
78 #include <linux/tty_flip.h>
79 #include <linux/devpts_fs.h>
80 #include <linux/file.h>
81 #include <linux/fdtable.h>
82 #include <linux/console.h>
83 #include <linux/timer.h>
84 #include <linux/ctype.h>
85 #include <linux/kd.h>
86 #include <linux/mm.h>
87 #include <linux/string.h>
88 #include <linux/slab.h>
89 #include <linux/poll.h>
90 #include <linux/proc_fs.h>
91 #include <linux/init.h>
92 #include <linux/module.h>
93 #include <linux/smp_lock.h>
94 #include <linux/device.h>
95 #include <linux/wait.h>
96 #include <linux/bitops.h>
97 #include <linux/delay.h>
98 #include <linux/seq_file.h>
99
100 #include <linux/uaccess.h>
101 #include <asm/system.h>
102
103 #include <linux/kbd_kern.h>
104 #include <linux/vt_kern.h>
105 #include <linux/selection.h>
106
107 #include <linux/kmod.h>
108 #include <linux/nsproxy.h>
109
110 #undef TTY_DEBUG_HANGUP
111
112 #define TTY_PARANOIA_CHECK 1
113 #define CHECK_TTY_COUNT 1
114
115 struct ktermios tty_std_termios = {     /* for the benefit of tty drivers  */
116         .c_iflag = ICRNL | IXON,
117         .c_oflag = OPOST | ONLCR,
118         .c_cflag = B38400 | CS8 | CREAD | HUPCL,
119         .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
120                    ECHOCTL | ECHOKE | IEXTEN,
121         .c_cc = INIT_C_CC,
122         .c_ispeed = 38400,
123         .c_ospeed = 38400
124 };
125
126 EXPORT_SYMBOL(tty_std_termios);
127
128 /* This list gets poked at by procfs and various bits of boot up code. This
129    could do with some rationalisation such as pulling the tty proc function
130    into this file */
131
132 LIST_HEAD(tty_drivers);                 /* linked list of tty drivers */
133
134 /* Mutex to protect creating and releasing a tty. This is shared with
135    vt.c for deeply disgusting hack reasons */
136 DEFINE_MUTEX(tty_mutex);
137 EXPORT_SYMBOL(tty_mutex);
138
139 #ifdef CONFIG_UNIX98_PTYS
140 extern struct tty_driver *ptm_driver;   /* Unix98 pty masters; for /dev/ptmx */
141 static int ptmx_open(struct inode *, struct file *);
142 #endif
143
144 static void initialize_tty_struct(struct tty_struct *tty);
145
146 static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
147 static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
148 ssize_t redirected_tty_write(struct file *, const char __user *,
149                                                         size_t, loff_t *);
150 static unsigned int tty_poll(struct file *, poll_table *);
151 static int tty_open(struct inode *, struct file *);
152 static int tty_release(struct inode *, struct file *);
153 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
154 #ifdef CONFIG_COMPAT
155 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
156                                 unsigned long arg);
157 #else
158 #define tty_compat_ioctl NULL
159 #endif
160 static int tty_fasync(int fd, struct file *filp, int on);
161 static void release_tty(struct tty_struct *tty, int idx);
162 static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
163 static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
164
165 /**
166  *      alloc_tty_struct        -       allocate a tty object
167  *
168  *      Return a new empty tty structure. The data fields have not
169  *      been initialized in any way but has been zeroed
170  *
171  *      Locking: none
172  */
173
174 static struct tty_struct *alloc_tty_struct(void)
175 {
176         return kzalloc(sizeof(struct tty_struct), GFP_KERNEL);
177 }
178
179 /**
180  *      free_tty_struct         -       free a disused tty
181  *      @tty: tty struct to free
182  *
183  *      Free the write buffers, tty queue and tty memory itself.
184  *
185  *      Locking: none. Must be called after tty is definitely unused
186  */
187
188 static inline void free_tty_struct(struct tty_struct *tty)
189 {
190         kfree(tty->write_buf);
191         tty_buffer_free_all(tty);
192         kfree(tty);
193 }
194
195 #define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
196
197 /**
198  *      tty_name        -       return tty naming
199  *      @tty: tty structure
200  *      @buf: buffer for output
201  *
202  *      Convert a tty structure into a name. The name reflects the kernel
203  *      naming policy and if udev is in use may not reflect user space
204  *
205  *      Locking: none
206  */
207
208 char *tty_name(struct tty_struct *tty, char *buf)
209 {
210         if (!tty) /* Hmm.  NULL pointer.  That's fun. */
211                 strcpy(buf, "NULL tty");
212         else
213                 strcpy(buf, tty->name);
214         return buf;
215 }
216
217 EXPORT_SYMBOL(tty_name);
218
219 int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
220                               const char *routine)
221 {
222 #ifdef TTY_PARANOIA_CHECK
223         if (!tty) {
224                 printk(KERN_WARNING
225                         "null TTY for (%d:%d) in %s\n",
226                         imajor(inode), iminor(inode), routine);
227                 return 1;
228         }
229         if (tty->magic != TTY_MAGIC) {
230                 printk(KERN_WARNING
231                         "bad magic number for tty struct (%d:%d) in %s\n",
232                         imajor(inode), iminor(inode), routine);
233                 return 1;
234         }
235 #endif
236         return 0;
237 }
238
239 static int check_tty_count(struct tty_struct *tty, const char *routine)
240 {
241 #ifdef CHECK_TTY_COUNT
242         struct list_head *p;
243         int count = 0;
244
245         file_list_lock();
246         list_for_each(p, &tty->tty_files) {
247                 count++;
248         }
249         file_list_unlock();
250         if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
251             tty->driver->subtype == PTY_TYPE_SLAVE &&
252             tty->link && tty->link->count)
253                 count++;
254         if (tty->count != count) {
255                 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
256                                     "!= #fd's(%d) in %s\n",
257                        tty->name, tty->count, count, routine);
258                 return count;
259         }
260 #endif
261         return 0;
262 }
263
264 /**
265  *      get_tty_driver          -       find device of a tty
266  *      @dev_t: device identifier
267  *      @index: returns the index of the tty
268  *
269  *      This routine returns a tty driver structure, given a device number
270  *      and also passes back the index number.
271  *
272  *      Locking: caller must hold tty_mutex
273  */
274
275 static struct tty_driver *get_tty_driver(dev_t device, int *index)
276 {
277         struct tty_driver *p;
278
279         list_for_each_entry(p, &tty_drivers, tty_drivers) {
280                 dev_t base = MKDEV(p->major, p->minor_start);
281                 if (device < base || device >= base + p->num)
282                         continue;
283                 *index = device - base;
284                 return p;
285         }
286         return NULL;
287 }
288
289 #ifdef CONFIG_CONSOLE_POLL
290
291 /**
292  *      tty_find_polling_driver -       find device of a polled tty
293  *      @name: name string to match
294  *      @line: pointer to resulting tty line nr
295  *
296  *      This routine returns a tty driver structure, given a name
297  *      and the condition that the tty driver is capable of polled
298  *      operation.
299  */
300 struct tty_driver *tty_find_polling_driver(char *name, int *line)
301 {
302         struct tty_driver *p, *res = NULL;
303         int tty_line = 0;
304         int len;
305         char *str;
306
307         for (str = name; *str; str++)
308                 if ((*str >= '0' && *str <= '9') || *str == ',')
309                         break;
310         if (!*str)
311                 return NULL;
312
313         len = str - name;
314         tty_line = simple_strtoul(str, &str, 10);
315
316         mutex_lock(&tty_mutex);
317         /* Search through the tty devices to look for a match */
318         list_for_each_entry(p, &tty_drivers, tty_drivers) {
319                 if (strncmp(name, p->name, len) != 0)
320                         continue;
321                 if (*str == ',')
322                         str++;
323                 if (*str == '\0')
324                         str = NULL;
325
326                 if (tty_line >= 0 && tty_line <= p->num && p->ops &&
327                     p->ops->poll_init && !p->ops->poll_init(p, tty_line, str)) {
328                         res = p;
329                         *line = tty_line;
330                         break;
331                 }
332         }
333         mutex_unlock(&tty_mutex);
334
335         return res;
336 }
337 EXPORT_SYMBOL_GPL(tty_find_polling_driver);
338 #endif
339
340 /**
341  *      tty_check_change        -       check for POSIX terminal changes
342  *      @tty: tty to check
343  *
344  *      If we try to write to, or set the state of, a terminal and we're
345  *      not in the foreground, send a SIGTTOU.  If the signal is blocked or
346  *      ignored, go ahead and perform the operation.  (POSIX 7.2)
347  *
348  *      Locking: ctrl_lock
349  */
350
351 int tty_check_change(struct tty_struct *tty)
352 {
353         unsigned long flags;
354         int ret = 0;
355
356         if (current->signal->tty != tty)
357                 return 0;
358
359         spin_lock_irqsave(&tty->ctrl_lock, flags);
360
361         if (!tty->pgrp) {
362                 printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n");
363                 goto out_unlock;
364         }
365         if (task_pgrp(current) == tty->pgrp)
366                 goto out_unlock;
367         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
368         if (is_ignored(SIGTTOU))
369                 goto out;
370         if (is_current_pgrp_orphaned()) {
371                 ret = -EIO;
372                 goto out;
373         }
374         kill_pgrp(task_pgrp(current), SIGTTOU, 1);
375         set_thread_flag(TIF_SIGPENDING);
376         ret = -ERESTARTSYS;
377 out:
378         return ret;
379 out_unlock:
380         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
381         return ret;
382 }
383
384 EXPORT_SYMBOL(tty_check_change);
385
386 static ssize_t hung_up_tty_read(struct file *file, char __user *buf,
387                                 size_t count, loff_t *ppos)
388 {
389         return 0;
390 }
391
392 static ssize_t hung_up_tty_write(struct file *file, const char __user *buf,
393                                  size_t count, loff_t *ppos)
394 {
395         return -EIO;
396 }
397
398 /* No kernel lock held - none needed ;) */
399 static unsigned int hung_up_tty_poll(struct file *filp, poll_table *wait)
400 {
401         return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
402 }
403
404 static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
405                 unsigned long arg)
406 {
407         return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
408 }
409
410 static long hung_up_tty_compat_ioctl(struct file *file,
411                                      unsigned int cmd, unsigned long arg)
412 {
413         return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
414 }
415
416 static const struct file_operations tty_fops = {
417         .llseek         = no_llseek,
418         .read           = tty_read,
419         .write          = tty_write,
420         .poll           = tty_poll,
421         .unlocked_ioctl = tty_ioctl,
422         .compat_ioctl   = tty_compat_ioctl,
423         .open           = tty_open,
424         .release        = tty_release,
425         .fasync         = tty_fasync,
426 };
427
428 #ifdef CONFIG_UNIX98_PTYS
429 static const struct file_operations ptmx_fops = {
430         .llseek         = no_llseek,
431         .read           = tty_read,
432         .write          = tty_write,
433         .poll           = tty_poll,
434         .unlocked_ioctl = tty_ioctl,
435         .compat_ioctl   = tty_compat_ioctl,
436         .open           = ptmx_open,
437         .release        = tty_release,
438         .fasync         = tty_fasync,
439 };
440 #endif
441
442 static const struct file_operations console_fops = {
443         .llseek         = no_llseek,
444         .read           = tty_read,
445         .write          = redirected_tty_write,
446         .poll           = tty_poll,
447         .unlocked_ioctl = tty_ioctl,
448         .compat_ioctl   = tty_compat_ioctl,
449         .open           = tty_open,
450         .release        = tty_release,
451         .fasync         = tty_fasync,
452 };
453
454 static const struct file_operations hung_up_tty_fops = {
455         .llseek         = no_llseek,
456         .read           = hung_up_tty_read,
457         .write          = hung_up_tty_write,
458         .poll           = hung_up_tty_poll,
459         .unlocked_ioctl = hung_up_tty_ioctl,
460         .compat_ioctl   = hung_up_tty_compat_ioctl,
461         .release        = tty_release,
462 };
463
464 static DEFINE_SPINLOCK(redirect_lock);
465 static struct file *redirect;
466
467 /**
468  *      tty_wakeup      -       request more data
469  *      @tty: terminal
470  *
471  *      Internal and external helper for wakeups of tty. This function
472  *      informs the line discipline if present that the driver is ready
473  *      to receive more output data.
474  */
475
476 void tty_wakeup(struct tty_struct *tty)
477 {
478         struct tty_ldisc *ld;
479
480         if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
481                 ld = tty_ldisc_ref(tty);
482                 if (ld) {
483                         if (ld->ops->write_wakeup)
484                                 ld->ops->write_wakeup(tty);
485                         tty_ldisc_deref(ld);
486                 }
487         }
488         wake_up_interruptible(&tty->write_wait);
489 }
490
491 EXPORT_SYMBOL_GPL(tty_wakeup);
492
493 /**
494  *      tty_ldisc_flush -       flush line discipline queue
495  *      @tty: tty
496  *
497  *      Flush the line discipline queue (if any) for this tty. If there
498  *      is no line discipline active this is a no-op.
499  */
500
501 void tty_ldisc_flush(struct tty_struct *tty)
502 {
503         struct tty_ldisc *ld = tty_ldisc_ref(tty);
504         if (ld) {
505                 if (ld->ops->flush_buffer)
506                         ld->ops->flush_buffer(tty);
507                 tty_ldisc_deref(ld);
508         }
509         tty_buffer_flush(tty);
510 }
511
512 EXPORT_SYMBOL_GPL(tty_ldisc_flush);
513
514 /**
515  *      tty_reset_termios       -       reset terminal state
516  *      @tty: tty to reset
517  *
518  *      Restore a terminal to the driver default state
519  */
520
521 static void tty_reset_termios(struct tty_struct *tty)
522 {
523         mutex_lock(&tty->termios_mutex);
524         *tty->termios = tty->driver->init_termios;
525         tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
526         tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
527         mutex_unlock(&tty->termios_mutex);
528 }
529
530 /**
531  *      do_tty_hangup           -       actual handler for hangup events
532  *      @work: tty device
533  *
534  *      This can be called by the "eventd" kernel thread.  That is process
535  *      synchronous but doesn't hold any locks, so we need to make sure we
536  *      have the appropriate locks for what we're doing.
537  *
538  *      The hangup event clears any pending redirections onto the hung up
539  *      device. It ensures future writes will error and it does the needed
540  *      line discipline hangup and signal delivery. The tty object itself
541  *      remains intact.
542  *
543  *      Locking:
544  *              BKL
545  *                redirect lock for undoing redirection
546  *                file list lock for manipulating list of ttys
547  *                tty_ldisc_lock from called functions
548  *                termios_mutex resetting termios data
549  *                tasklist_lock to walk task list for hangup event
550  *                  ->siglock to protect ->signal/->sighand
551  */
552 static void do_tty_hangup(struct work_struct *work)
553 {
554         struct tty_struct *tty =
555                 container_of(work, struct tty_struct, hangup_work);
556         struct file *cons_filp = NULL;
557         struct file *filp, *f = NULL;
558         struct task_struct *p;
559         struct tty_ldisc *ld;
560         int    closecount = 0, n;
561         unsigned long flags;
562
563         if (!tty)
564                 return;
565
566         /* inuse_filps is protected by the single kernel lock */
567         lock_kernel();
568
569         spin_lock(&redirect_lock);
570         if (redirect && redirect->private_data == tty) {
571                 f = redirect;
572                 redirect = NULL;
573         }
574         spin_unlock(&redirect_lock);
575
576         check_tty_count(tty, "do_tty_hangup");
577         file_list_lock();
578         /* This breaks for file handles being sent over AF_UNIX sockets ? */
579         list_for_each_entry(filp, &tty->tty_files, f_u.fu_list) {
580                 if (filp->f_op->write == redirected_tty_write)
581                         cons_filp = filp;
582                 if (filp->f_op->write != tty_write)
583                         continue;
584                 closecount++;
585                 tty_fasync(-1, filp, 0);        /* can't block */
586                 filp->f_op = &hung_up_tty_fops;
587         }
588         file_list_unlock();
589         /*
590          * FIXME! What are the locking issues here? This may me overdoing
591          * things... This question is especially important now that we've
592          * removed the irqlock.
593          */
594         ld = tty_ldisc_ref(tty);
595         if (ld != NULL) {
596                 /* We may have no line discipline at this point */
597                 if (ld->ops->flush_buffer)
598                         ld->ops->flush_buffer(tty);
599                 tty_driver_flush_buffer(tty);
600                 if ((test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) &&
601                     ld->ops->write_wakeup)
602                         ld->ops->write_wakeup(tty);
603                 if (ld->ops->hangup)
604                         ld->ops->hangup(tty);
605         }
606         /*
607          * FIXME: Once we trust the LDISC code better we can wait here for
608          * ldisc completion and fix the driver call race
609          */
610         wake_up_interruptible(&tty->write_wait);
611         wake_up_interruptible(&tty->read_wait);
612         /*
613          * Shutdown the current line discipline, and reset it to
614          * N_TTY.
615          */
616         if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
617                 tty_reset_termios(tty);
618         /* Defer ldisc switch */
619         /* tty_deferred_ldisc_switch(N_TTY);
620
621           This should get done automatically when the port closes and
622           tty_release is called */
623
624         read_lock(&tasklist_lock);
625         if (tty->session) {
626                 do_each_pid_task(tty->session, PIDTYPE_SID, p) {
627                         spin_lock_irq(&p->sighand->siglock);
628                         if (p->signal->tty == tty)
629                                 p->signal->tty = NULL;
630                         if (!p->signal->leader) {
631                                 spin_unlock_irq(&p->sighand->siglock);
632                                 continue;
633                         }
634                         __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
635                         __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
636                         put_pid(p->signal->tty_old_pgrp);  /* A noop */
637                         spin_lock_irqsave(&tty->ctrl_lock, flags);
638                         if (tty->pgrp)
639                                 p->signal->tty_old_pgrp = get_pid(tty->pgrp);
640                         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
641                         spin_unlock_irq(&p->sighand->siglock);
642                 } while_each_pid_task(tty->session, PIDTYPE_SID, p);
643         }
644         read_unlock(&tasklist_lock);
645
646         spin_lock_irqsave(&tty->ctrl_lock, flags);
647         tty->flags = 0;
648         put_pid(tty->session);
649         put_pid(tty->pgrp);
650         tty->session = NULL;
651         tty->pgrp = NULL;
652         tty->ctrl_status = 0;
653         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
654
655         /*
656          * If one of the devices matches a console pointer, we
657          * cannot just call hangup() because that will cause
658          * tty->count and state->count to go out of sync.
659          * So we just call close() the right number of times.
660          */
661         if (cons_filp) {
662                 if (tty->ops->close)
663                         for (n = 0; n < closecount; n++)
664                                 tty->ops->close(tty, cons_filp);
665         } else if (tty->ops->hangup)
666                 (tty->ops->hangup)(tty);
667         /*
668          * We don't want to have driver/ldisc interactions beyond
669          * the ones we did here. The driver layer expects no
670          * calls after ->hangup() from the ldisc side. However we
671          * can't yet guarantee all that.
672          */
673         set_bit(TTY_HUPPED, &tty->flags);
674         if (ld) {
675                 tty_ldisc_enable(tty);
676                 tty_ldisc_deref(ld);
677         }
678         unlock_kernel();
679         if (f)
680                 fput(f);
681 }
682
683 /**
684  *      tty_hangup              -       trigger a hangup event
685  *      @tty: tty to hangup
686  *
687  *      A carrier loss (virtual or otherwise) has occurred on this like
688  *      schedule a hangup sequence to run after this event.
689  */
690
691 void tty_hangup(struct tty_struct *tty)
692 {
693 #ifdef TTY_DEBUG_HANGUP
694         char    buf[64];
695         printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
696 #endif
697         schedule_work(&tty->hangup_work);
698 }
699
700 EXPORT_SYMBOL(tty_hangup);
701
702 /**
703  *      tty_vhangup             -       process vhangup
704  *      @tty: tty to hangup
705  *
706  *      The user has asked via system call for the terminal to be hung up.
707  *      We do this synchronously so that when the syscall returns the process
708  *      is complete. That guarantee is necessary for security reasons.
709  */
710
711 void tty_vhangup(struct tty_struct *tty)
712 {
713 #ifdef TTY_DEBUG_HANGUP
714         char    buf[64];
715
716         printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
717 #endif
718         do_tty_hangup(&tty->hangup_work);
719 }
720
721 EXPORT_SYMBOL(tty_vhangup);
722
723 /**
724  *      tty_hung_up_p           -       was tty hung up
725  *      @filp: file pointer of tty
726  *
727  *      Return true if the tty has been subject to a vhangup or a carrier
728  *      loss
729  */
730
731 int tty_hung_up_p(struct file *filp)
732 {
733         return (filp->f_op == &hung_up_tty_fops);
734 }
735
736 EXPORT_SYMBOL(tty_hung_up_p);
737
738 static void session_clear_tty(struct pid *session)
739 {
740         struct task_struct *p;
741         do_each_pid_task(session, PIDTYPE_SID, p) {
742                 proc_clear_tty(p);
743         } while_each_pid_task(session, PIDTYPE_SID, p);
744 }
745
746 /**
747  *      disassociate_ctty       -       disconnect controlling tty
748  *      @on_exit: true if exiting so need to "hang up" the session
749  *
750  *      This function is typically called only by the session leader, when
751  *      it wants to disassociate itself from its controlling tty.
752  *
753  *      It performs the following functions:
754  *      (1)  Sends a SIGHUP and SIGCONT to the foreground process group
755  *      (2)  Clears the tty from being controlling the session
756  *      (3)  Clears the controlling tty for all processes in the
757  *              session group.
758  *
759  *      The argument on_exit is set to 1 if called when a process is
760  *      exiting; it is 0 if called by the ioctl TIOCNOTTY.
761  *
762  *      Locking:
763  *              BKL is taken for hysterical raisins
764  *                tty_mutex is taken to protect tty
765  *                ->siglock is taken to protect ->signal/->sighand
766  *                tasklist_lock is taken to walk process list for sessions
767  *                  ->siglock is taken to protect ->signal/->sighand
768  */
769
770 void disassociate_ctty(int on_exit)
771 {
772         struct tty_struct *tty;
773         struct pid *tty_pgrp = NULL;
774
775
776         mutex_lock(&tty_mutex);
777         tty = get_current_tty();
778         if (tty) {
779                 tty_pgrp = get_pid(tty->pgrp);
780                 lock_kernel();
781                 mutex_unlock(&tty_mutex);
782                 /* XXX: here we race, there is nothing protecting tty */
783                 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY)
784                         tty_vhangup(tty);
785                 unlock_kernel();
786         } else if (on_exit) {
787                 struct pid *old_pgrp;
788                 spin_lock_irq(&current->sighand->siglock);
789                 old_pgrp = current->signal->tty_old_pgrp;
790                 current->signal->tty_old_pgrp = NULL;
791                 spin_unlock_irq(&current->sighand->siglock);
792                 if (old_pgrp) {
793                         kill_pgrp(old_pgrp, SIGHUP, on_exit);
794                         kill_pgrp(old_pgrp, SIGCONT, on_exit);
795                         put_pid(old_pgrp);
796                 }
797                 mutex_unlock(&tty_mutex);
798                 return;
799         }
800         if (tty_pgrp) {
801                 kill_pgrp(tty_pgrp, SIGHUP, on_exit);
802                 if (!on_exit)
803                         kill_pgrp(tty_pgrp, SIGCONT, on_exit);
804                 put_pid(tty_pgrp);
805         }
806
807         spin_lock_irq(&current->sighand->siglock);
808         put_pid(current->signal->tty_old_pgrp);
809         current->signal->tty_old_pgrp = NULL;
810         spin_unlock_irq(&current->sighand->siglock);
811
812         mutex_lock(&tty_mutex);
813         /* It is possible that do_tty_hangup has free'd this tty */
814         tty = get_current_tty();
815         if (tty) {
816                 unsigned long flags;
817                 spin_lock_irqsave(&tty->ctrl_lock, flags);
818                 put_pid(tty->session);
819                 put_pid(tty->pgrp);
820                 tty->session = NULL;
821                 tty->pgrp = NULL;
822                 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
823         } else {
824 #ifdef TTY_DEBUG_HANGUP
825                 printk(KERN_DEBUG "error attempted to write to tty [0x%p]"
826                        " = NULL", tty);
827 #endif
828         }
829         mutex_unlock(&tty_mutex);
830
831         /* Now clear signal->tty under the lock */
832         read_lock(&tasklist_lock);
833         session_clear_tty(task_session(current));
834         read_unlock(&tasklist_lock);
835 }
836
837 /**
838  *
839  *      no_tty  - Ensure the current process does not have a controlling tty
840  */
841 void no_tty(void)
842 {
843         struct task_struct *tsk = current;
844         lock_kernel();
845         if (tsk->signal->leader)
846                 disassociate_ctty(0);
847         unlock_kernel();
848         proc_clear_tty(tsk);
849 }
850
851
852 /**
853  *      stop_tty        -       propagate flow control
854  *      @tty: tty to stop
855  *
856  *      Perform flow control to the driver. For PTY/TTY pairs we
857  *      must also propagate the TIOCKPKT status. May be called
858  *      on an already stopped device and will not re-call the driver
859  *      method.
860  *
861  *      This functionality is used by both the line disciplines for
862  *      halting incoming flow and by the driver. It may therefore be
863  *      called from any context, may be under the tty atomic_write_lock
864  *      but not always.
865  *
866  *      Locking:
867  *              Uses the tty control lock internally
868  */
869
870 void stop_tty(struct tty_struct *tty)
871 {
872         unsigned long flags;
873         spin_lock_irqsave(&tty->ctrl_lock, flags);
874         if (tty->stopped) {
875                 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
876                 return;
877         }
878         tty->stopped = 1;
879         if (tty->link && tty->link->packet) {
880                 tty->ctrl_status &= ~TIOCPKT_START;
881                 tty->ctrl_status |= TIOCPKT_STOP;
882                 wake_up_interruptible(&tty->link->read_wait);
883         }
884         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
885         if (tty->ops->stop)
886                 (tty->ops->stop)(tty);
887 }
888
889 EXPORT_SYMBOL(stop_tty);
890
891 /**
892  *      start_tty       -       propagate flow control
893  *      @tty: tty to start
894  *
895  *      Start a tty that has been stopped if at all possible. Perform
896  *      any necessary wakeups and propagate the TIOCPKT status. If this
897  *      is the tty was previous stopped and is being started then the
898  *      driver start method is invoked and the line discipline woken.
899  *
900  *      Locking:
901  *              ctrl_lock
902  */
903
904 void start_tty(struct tty_struct *tty)
905 {
906         unsigned long flags;
907         spin_lock_irqsave(&tty->ctrl_lock, flags);
908         if (!tty->stopped || tty->flow_stopped) {
909                 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
910                 return;
911         }
912         tty->stopped = 0;
913         if (tty->link && tty->link->packet) {
914                 tty->ctrl_status &= ~TIOCPKT_STOP;
915                 tty->ctrl_status |= TIOCPKT_START;
916                 wake_up_interruptible(&tty->link->read_wait);
917         }
918         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
919         if (tty->ops->start)
920                 (tty->ops->start)(tty);
921         /* If we have a running line discipline it may need kicking */
922         tty_wakeup(tty);
923 }
924
925 EXPORT_SYMBOL(start_tty);
926
927 /**
928  *      tty_read        -       read method for tty device files
929  *      @file: pointer to tty file
930  *      @buf: user buffer
931  *      @count: size of user buffer
932  *      @ppos: unused
933  *
934  *      Perform the read system call function on this terminal device. Checks
935  *      for hung up devices before calling the line discipline method.
936  *
937  *      Locking:
938  *              Locks the line discipline internally while needed. Multiple
939  *      read calls may be outstanding in parallel.
940  */
941
942 static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
943                         loff_t *ppos)
944 {
945         int i;
946         struct tty_struct *tty;
947         struct inode *inode;
948         struct tty_ldisc *ld;
949
950         tty = (struct tty_struct *)file->private_data;
951         inode = file->f_path.dentry->d_inode;
952         if (tty_paranoia_check(tty, inode, "tty_read"))
953                 return -EIO;
954         if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
955                 return -EIO;
956
957         /* We want to wait for the line discipline to sort out in this
958            situation */
959         ld = tty_ldisc_ref_wait(tty);
960         if (ld->ops->read)
961                 i = (ld->ops->read)(tty, file, buf, count);
962         else
963                 i = -EIO;
964         tty_ldisc_deref(ld);
965         if (i > 0)
966                 inode->i_atime = current_fs_time(inode->i_sb);
967         return i;
968 }
969
970 void tty_write_unlock(struct tty_struct *tty)
971 {
972         mutex_unlock(&tty->atomic_write_lock);
973         wake_up_interruptible(&tty->write_wait);
974 }
975
976 int tty_write_lock(struct tty_struct *tty, int ndelay)
977 {
978         if (!mutex_trylock(&tty->atomic_write_lock)) {
979                 if (ndelay)
980                         return -EAGAIN;
981                 if (mutex_lock_interruptible(&tty->atomic_write_lock))
982                         return -ERESTARTSYS;
983         }
984         return 0;
985 }
986
987 /*
988  * Split writes up in sane blocksizes to avoid
989  * denial-of-service type attacks
990  */
991 static inline ssize_t do_tty_write(
992         ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
993         struct tty_struct *tty,
994         struct file *file,
995         const char __user *buf,
996         size_t count)
997 {
998         ssize_t ret, written = 0;
999         unsigned int chunk;
1000
1001         ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
1002         if (ret < 0)
1003                 return ret;
1004
1005         /*
1006          * We chunk up writes into a temporary buffer. This
1007          * simplifies low-level drivers immensely, since they
1008          * don't have locking issues and user mode accesses.
1009          *
1010          * But if TTY_NO_WRITE_SPLIT is set, we should use a
1011          * big chunk-size..
1012          *
1013          * The default chunk-size is 2kB, because the NTTY
1014          * layer has problems with bigger chunks. It will
1015          * claim to be able to handle more characters than
1016          * it actually does.
1017          *
1018          * FIXME: This can probably go away now except that 64K chunks
1019          * are too likely to fail unless switched to vmalloc...
1020          */
1021         chunk = 2048;
1022         if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1023                 chunk = 65536;
1024         if (count < chunk)
1025                 chunk = count;
1026
1027         /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1028         if (tty->write_cnt < chunk) {
1029                 unsigned char *buf;
1030
1031                 if (chunk < 1024)
1032                         chunk = 1024;
1033
1034                 buf = kmalloc(chunk, GFP_KERNEL);
1035                 if (!buf) {
1036                         ret = -ENOMEM;
1037                         goto out;
1038                 }
1039                 kfree(tty->write_buf);
1040                 tty->write_cnt = chunk;
1041                 tty->write_buf = buf;
1042         }
1043
1044         /* Do the write .. */
1045         for (;;) {
1046                 size_t size = count;
1047                 if (size > chunk)
1048                         size = chunk;
1049                 ret = -EFAULT;
1050                 if (copy_from_user(tty->write_buf, buf, size))
1051                         break;
1052                 ret = write(tty, file, tty->write_buf, size);
1053                 if (ret <= 0)
1054                         break;
1055                 written += ret;
1056                 buf += ret;
1057                 count -= ret;
1058                 if (!count)
1059                         break;
1060                 ret = -ERESTARTSYS;
1061                 if (signal_pending(current))
1062                         break;
1063                 cond_resched();
1064         }
1065         if (written) {
1066                 struct inode *inode = file->f_path.dentry->d_inode;
1067                 inode->i_mtime = current_fs_time(inode->i_sb);
1068                 ret = written;
1069         }
1070 out:
1071         tty_write_unlock(tty);
1072         return ret;
1073 }
1074
1075
1076 /**
1077  *      tty_write               -       write method for tty device file
1078  *      @file: tty file pointer
1079  *      @buf: user data to write
1080  *      @count: bytes to write
1081  *      @ppos: unused
1082  *
1083  *      Write data to a tty device via the line discipline.
1084  *
1085  *      Locking:
1086  *              Locks the line discipline as required
1087  *              Writes to the tty driver are serialized by the atomic_write_lock
1088  *      and are then processed in chunks to the device. The line discipline
1089  *      write method will not be involked in parallel for each device
1090  *              The line discipline write method is called under the big
1091  *      kernel lock for historical reasons. New code should not rely on this.
1092  */
1093
1094 static ssize_t tty_write(struct file *file, const char __user *buf,
1095                                                 size_t count, loff_t *ppos)
1096 {
1097         struct tty_struct *tty;
1098         struct inode *inode = file->f_path.dentry->d_inode;
1099         ssize_t ret;
1100         struct tty_ldisc *ld;
1101
1102         tty = (struct tty_struct *)file->private_data;
1103         if (tty_paranoia_check(tty, inode, "tty_write"))
1104                 return -EIO;
1105         if (!tty || !tty->ops->write ||
1106                 (test_bit(TTY_IO_ERROR, &tty->flags)))
1107                         return -EIO;
1108         /* Short term debug to catch buggy drivers */
1109         if (tty->ops->write_room == NULL)
1110                 printk(KERN_ERR "tty driver %s lacks a write_room method.\n",
1111                         tty->driver->name);
1112         ld = tty_ldisc_ref_wait(tty);
1113         if (!ld->ops->write)
1114                 ret = -EIO;
1115         else
1116                 ret = do_tty_write(ld->ops->write, tty, file, buf, count);
1117         tty_ldisc_deref(ld);
1118         return ret;
1119 }
1120
1121 ssize_t redirected_tty_write(struct file *file, const char __user *buf,
1122                                                 size_t count, loff_t *ppos)
1123 {
1124         struct file *p = NULL;
1125
1126         spin_lock(&redirect_lock);
1127         if (redirect) {
1128                 get_file(redirect);
1129                 p = redirect;
1130         }
1131         spin_unlock(&redirect_lock);
1132
1133         if (p) {
1134                 ssize_t res;
1135                 res = vfs_write(p, buf, count, &p->f_pos);
1136                 fput(p);
1137                 return res;
1138         }
1139         return tty_write(file, buf, count, ppos);
1140 }
1141
1142 static char ptychar[] = "pqrstuvwxyzabcde";
1143
1144 /**
1145  *      pty_line_name   -       generate name for a pty
1146  *      @driver: the tty driver in use
1147  *      @index: the minor number
1148  *      @p: output buffer of at least 6 bytes
1149  *
1150  *      Generate a name from a driver reference and write it to the output
1151  *      buffer.
1152  *
1153  *      Locking: None
1154  */
1155 static void pty_line_name(struct tty_driver *driver, int index, char *p)
1156 {
1157         int i = index + driver->name_base;
1158         /* ->name is initialized to "ttyp", but "tty" is expected */
1159         sprintf(p, "%s%c%x",
1160                 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1161                 ptychar[i >> 4 & 0xf], i & 0xf);
1162 }
1163
1164 /**
1165  *      pty_line_name   -       generate name for a tty
1166  *      @driver: the tty driver in use
1167  *      @index: the minor number
1168  *      @p: output buffer of at least 7 bytes
1169  *
1170  *      Generate a name from a driver reference and write it to the output
1171  *      buffer.
1172  *
1173  *      Locking: None
1174  */
1175 static void tty_line_name(struct tty_driver *driver, int index, char *p)
1176 {
1177         sprintf(p, "%s%d", driver->name, index + driver->name_base);
1178 }
1179
1180 /**
1181  *      init_dev                -       initialise a tty device
1182  *      @driver: tty driver we are opening a device on
1183  *      @idx: device index
1184  *      @tty: returned tty structure
1185  *
1186  *      Prepare a tty device. This may not be a "new" clean device but
1187  *      could also be an active device. The pty drivers require special
1188  *      handling because of this.
1189  *
1190  *      Locking:
1191  *              The function is called under the tty_mutex, which
1192  *      protects us from the tty struct or driver itself going away.
1193  *
1194  *      On exit the tty device has the line discipline attached and
1195  *      a reference count of 1. If a pair was created for pty/tty use
1196  *      and the other was a pty master then it too has a reference count of 1.
1197  *
1198  * WSH 06/09/97: Rewritten to remove races and properly clean up after a
1199  * failed open.  The new code protects the open with a mutex, so it's
1200  * really quite straightforward.  The mutex locking can probably be
1201  * relaxed for the (most common) case of reopening a tty.
1202  */
1203
1204 static int init_dev(struct tty_driver *driver, int idx,
1205         struct tty_struct **ret_tty)
1206 {
1207         struct tty_struct *tty, *o_tty;
1208         struct ktermios *tp, **tp_loc, *o_tp, **o_tp_loc;
1209         struct ktermios *ltp, **ltp_loc, *o_ltp, **o_ltp_loc;
1210         int retval = 0;
1211
1212         /* check whether we're reopening an existing tty */
1213         if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1214                 tty = devpts_get_tty(idx);
1215                 /*
1216                  * If we don't have a tty here on a slave open, it's because
1217                  * the master already started the close process and there's
1218                  * no relation between devpts file and tty anymore.
1219                  */
1220                 if (!tty && driver->subtype == PTY_TYPE_SLAVE) {
1221                         retval = -EIO;
1222                         goto end_init;
1223                 }
1224                 /*
1225                  * It's safe from now on because init_dev() is called with
1226                  * tty_mutex held and release_dev() won't change tty->count
1227                  * or tty->flags without having to grab tty_mutex
1228                  */
1229                 if (tty && driver->subtype == PTY_TYPE_MASTER)
1230                         tty = tty->link;
1231         } else {
1232                 tty = driver->ttys[idx];
1233         }
1234         if (tty) goto fast_track;
1235
1236         /*
1237          * First time open is complex, especially for PTY devices.
1238          * This code guarantees that either everything succeeds and the
1239          * TTY is ready for operation, or else the table slots are vacated
1240          * and the allocated memory released.  (Except that the termios
1241          * and locked termios may be retained.)
1242          */
1243
1244         if (!try_module_get(driver->owner)) {
1245                 retval = -ENODEV;
1246                 goto end_init;
1247         }
1248
1249         o_tty = NULL;
1250         tp = o_tp = NULL;
1251         ltp = o_ltp = NULL;
1252
1253         tty = alloc_tty_struct();
1254         if (!tty)
1255                 goto fail_no_mem;
1256         initialize_tty_struct(tty);
1257         tty->driver = driver;
1258         tty->ops = driver->ops;
1259         tty->index = idx;
1260         tty_line_name(driver, idx, tty->name);
1261
1262         if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1263                 tp_loc = &tty->termios;
1264                 ltp_loc = &tty->termios_locked;
1265         } else {
1266                 tp_loc = &driver->termios[idx];
1267                 ltp_loc = &driver->termios_locked[idx];
1268         }
1269
1270         if (!*tp_loc) {
1271                 tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
1272                 if (!tp)
1273                         goto free_mem_out;
1274                 *tp = driver->init_termios;
1275         }
1276
1277         if (!*ltp_loc) {
1278                 ltp = kzalloc(sizeof(struct ktermios), GFP_KERNEL);
1279                 if (!ltp)
1280                         goto free_mem_out;
1281         }
1282
1283         if (driver->type == TTY_DRIVER_TYPE_PTY) {
1284                 o_tty = alloc_tty_struct();
1285                 if (!o_tty)
1286                         goto free_mem_out;
1287                 initialize_tty_struct(o_tty);
1288                 o_tty->driver = driver->other;
1289                 o_tty->ops = driver->ops;
1290                 o_tty->index = idx;
1291                 tty_line_name(driver->other, idx, o_tty->name);
1292
1293                 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1294                         o_tp_loc = &o_tty->termios;
1295                         o_ltp_loc = &o_tty->termios_locked;
1296                 } else {
1297                         o_tp_loc = &driver->other->termios[idx];
1298                         o_ltp_loc = &driver->other->termios_locked[idx];
1299                 }
1300
1301                 if (!*o_tp_loc) {
1302                         o_tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
1303                         if (!o_tp)
1304                                 goto free_mem_out;
1305                         *o_tp = driver->other->init_termios;
1306                 }
1307
1308                 if (!*o_ltp_loc) {
1309                         o_ltp = kzalloc(sizeof(struct ktermios), GFP_KERNEL);
1310                         if (!o_ltp)
1311                                 goto free_mem_out;
1312                 }
1313
1314                 /*
1315                  * Everything allocated ... set up the o_tty structure.
1316                  */
1317                 if (!(driver->other->flags & TTY_DRIVER_DEVPTS_MEM))
1318                         driver->other->ttys[idx] = o_tty;
1319                 if (!*o_tp_loc)
1320                         *o_tp_loc = o_tp;
1321                 if (!*o_ltp_loc)
1322                         *o_ltp_loc = o_ltp;
1323                 o_tty->termios = *o_tp_loc;
1324                 o_tty->termios_locked = *o_ltp_loc;
1325                 driver->other->refcount++;
1326                 if (driver->subtype == PTY_TYPE_MASTER)
1327                         o_tty->count++;
1328
1329                 /* Establish the links in both directions */
1330                 tty->link   = o_tty;
1331                 o_tty->link = tty;
1332         }
1333
1334         /*
1335          * All structures have been allocated, so now we install them.
1336          * Failures after this point use release_tty to clean up, so
1337          * there's no need to null out the local pointers.
1338          */
1339         if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM))
1340                 driver->ttys[idx] = tty;
1341
1342         if (!*tp_loc)
1343                 *tp_loc = tp;
1344         if (!*ltp_loc)
1345                 *ltp_loc = ltp;
1346         tty->termios = *tp_loc;
1347         tty->termios_locked = *ltp_loc;
1348         /* Compatibility until drivers always set this */
1349         tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
1350         tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
1351         driver->refcount++;
1352         tty->count++;
1353
1354         /*
1355          * Structures all installed ... call the ldisc open routines.
1356          * If we fail here just call release_tty to clean up.  No need
1357          * to decrement the use counts, as release_tty doesn't care.
1358          */
1359
1360         retval = tty_ldisc_setup(tty, o_tty);
1361
1362         if (retval)
1363                 goto release_mem_out;
1364          goto success;
1365
1366         /*
1367          * This fast open can be used if the tty is already open.
1368          * No memory is allocated, and the only failures are from
1369          * attempting to open a closing tty or attempting multiple
1370          * opens on a pty master.
1371          */
1372 fast_track:
1373         if (test_bit(TTY_CLOSING, &tty->flags)) {
1374                 retval = -EIO;
1375                 goto end_init;
1376         }
1377         if (driver->type == TTY_DRIVER_TYPE_PTY &&
1378             driver->subtype == PTY_TYPE_MASTER) {
1379                 /*
1380                  * special case for PTY masters: only one open permitted,
1381                  * and the slave side open count is incremented as well.
1382                  */
1383                 if (tty->count) {
1384                         retval = -EIO;
1385                         goto end_init;
1386                 }
1387                 tty->link->count++;
1388         }
1389         tty->count++;
1390         tty->driver = driver; /* N.B. why do this every time?? */
1391
1392         /* FIXME */
1393         if (!test_bit(TTY_LDISC, &tty->flags))
1394                 printk(KERN_ERR "init_dev but no ldisc\n");
1395 success:
1396         *ret_tty = tty;
1397
1398         /* All paths come through here to release the mutex */
1399 end_init:
1400         return retval;
1401
1402         /* Release locally allocated memory ... nothing placed in slots */
1403 free_mem_out:
1404         kfree(o_tp);
1405         if (o_tty)
1406                 free_tty_struct(o_tty);
1407         kfree(ltp);
1408         kfree(tp);
1409         free_tty_struct(tty);
1410
1411 fail_no_mem:
1412         module_put(driver->owner);
1413         retval = -ENOMEM;
1414         goto end_init;
1415
1416         /* call the tty release_tty routine to clean out this slot */
1417 release_mem_out:
1418         if (printk_ratelimit())
1419                 printk(KERN_INFO "init_dev: ldisc open failed, "
1420                                  "clearing slot %d\n", idx);
1421         release_tty(tty, idx);
1422         goto end_init;
1423 }
1424
1425 /**
1426  *      release_one_tty         -       release tty structure memory
1427  *
1428  *      Releases memory associated with a tty structure, and clears out the
1429  *      driver table slots. This function is called when a device is no longer
1430  *      in use. It also gets called when setup of a device fails.
1431  *
1432  *      Locking:
1433  *              tty_mutex - sometimes only
1434  *              takes the file list lock internally when working on the list
1435  *      of ttys that the driver keeps.
1436  *              FIXME: should we require tty_mutex is held here ??
1437  */
1438 static void release_one_tty(struct tty_struct *tty, int idx)
1439 {
1440         int devpts = tty->driver->flags & TTY_DRIVER_DEVPTS_MEM;
1441         struct ktermios *tp;
1442
1443         if (!devpts)
1444                 tty->driver->ttys[idx] = NULL;
1445
1446         if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
1447                 tp = tty->termios;
1448                 if (!devpts)
1449                         tty->driver->termios[idx] = NULL;
1450                 kfree(tp);
1451
1452                 tp = tty->termios_locked;
1453                 if (!devpts)
1454                         tty->driver->termios_locked[idx] = NULL;
1455                 kfree(tp);
1456         }
1457
1458
1459         tty->magic = 0;
1460         tty->driver->refcount--;
1461
1462         file_list_lock();
1463         list_del_init(&tty->tty_files);
1464         file_list_unlock();
1465
1466         free_tty_struct(tty);
1467 }
1468
1469 /**
1470  *      release_tty             -       release tty structure memory
1471  *
1472  *      Release both @tty and a possible linked partner (think pty pair),
1473  *      and decrement the refcount of the backing module.
1474  *
1475  *      Locking:
1476  *              tty_mutex - sometimes only
1477  *              takes the file list lock internally when working on the list
1478  *      of ttys that the driver keeps.
1479  *              FIXME: should we require tty_mutex is held here ??
1480  */
1481 static void release_tty(struct tty_struct *tty, int idx)
1482 {
1483         struct tty_driver *driver = tty->driver;
1484
1485         if (tty->link)
1486                 release_one_tty(tty->link, idx);
1487         release_one_tty(tty, idx);
1488         module_put(driver->owner);
1489 }
1490
1491 /*
1492  * Even releasing the tty structures is a tricky business.. We have
1493  * to be very careful that the structures are all released at the
1494  * same time, as interrupts might otherwise get the wrong pointers.
1495  *
1496  * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1497  * lead to double frees or releasing memory still in use.
1498  */
1499 static void release_dev(struct file *filp)
1500 {
1501         struct tty_struct *tty, *o_tty;
1502         int     pty_master, tty_closing, o_tty_closing, do_sleep;
1503         int     devpts;
1504         int     idx;
1505         char    buf[64];
1506
1507         tty = (struct tty_struct *)filp->private_data;
1508         if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode,
1509                                                         "release_dev"))
1510                 return;
1511
1512         check_tty_count(tty, "release_dev");
1513
1514         tty_fasync(-1, filp, 0);
1515
1516         idx = tty->index;
1517         pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1518                       tty->driver->subtype == PTY_TYPE_MASTER);
1519         devpts = (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) != 0;
1520         o_tty = tty->link;
1521
1522 #ifdef TTY_PARANOIA_CHECK
1523         if (idx < 0 || idx >= tty->driver->num) {
1524                 printk(KERN_DEBUG "release_dev: bad idx when trying to "
1525                                   "free (%s)\n", tty->name);
1526                 return;
1527         }
1528         if (!(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
1529                 if (tty != tty->driver->ttys[idx]) {
1530                         printk(KERN_DEBUG "release_dev: driver.table[%d] not tty "
1531                                "for (%s)\n", idx, tty->name);
1532                         return;
1533                 }
1534                 if (tty->termios != tty->driver->termios[idx]) {
1535                         printk(KERN_DEBUG "release_dev: driver.termios[%d] not termios "
1536                                "for (%s)\n",
1537                                idx, tty->name);
1538                         return;
1539                 }
1540                 if (tty->termios_locked != tty->driver->termios_locked[idx]) {
1541                         printk(KERN_DEBUG "release_dev: driver.termios_locked[%d] not "
1542                                "termios_locked for (%s)\n",
1543                                idx, tty->name);
1544                         return;
1545                 }
1546         }
1547 #endif
1548
1549 #ifdef TTY_DEBUG_HANGUP
1550         printk(KERN_DEBUG "release_dev of %s (tty count=%d)...",
1551                tty_name(tty, buf), tty->count);
1552 #endif
1553
1554 #ifdef TTY_PARANOIA_CHECK
1555         if (tty->driver->other &&
1556              !(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
1557                 if (o_tty != tty->driver->other->ttys[idx]) {
1558                         printk(KERN_DEBUG "release_dev: other->table[%d] "
1559                                           "not o_tty for (%s)\n",
1560                                idx, tty->name);
1561                         return;
1562                 }
1563                 if (o_tty->termios != tty->driver->other->termios[idx]) {
1564                         printk(KERN_DEBUG "release_dev: other->termios[%d] "
1565                                           "not o_termios for (%s)\n",
1566                                idx, tty->name);
1567                         return;
1568                 }
1569                 if (o_tty->termios_locked !=
1570                       tty->driver->other->termios_locked[idx]) {
1571                         printk(KERN_DEBUG "release_dev: other->termios_locked["
1572                                           "%d] not o_termios_locked for (%s)\n",
1573                                idx, tty->name);
1574                         return;
1575                 }
1576                 if (o_tty->link != tty) {
1577                         printk(KERN_DEBUG "release_dev: bad pty pointers\n");
1578                         return;
1579                 }
1580         }
1581 #endif
1582         if (tty->ops->close)
1583                 tty->ops->close(tty, filp);
1584
1585         /*
1586          * Sanity check: if tty->count is going to zero, there shouldn't be
1587          * any waiters on tty->read_wait or tty->write_wait.  We test the
1588          * wait queues and kick everyone out _before_ actually starting to
1589          * close.  This ensures that we won't block while releasing the tty
1590          * structure.
1591          *
1592          * The test for the o_tty closing is necessary, since the master and
1593          * slave sides may close in any order.  If the slave side closes out
1594          * first, its count will be one, since the master side holds an open.
1595          * Thus this test wouldn't be triggered at the time the slave closes,
1596          * so we do it now.
1597          *
1598          * Note that it's possible for the tty to be opened again while we're
1599          * flushing out waiters.  By recalculating the closing flags before
1600          * each iteration we avoid any problems.
1601          */
1602         while (1) {
1603                 /* Guard against races with tty->count changes elsewhere and
1604                    opens on /dev/tty */
1605
1606                 mutex_lock(&tty_mutex);
1607                 tty_closing = tty->count <= 1;
1608                 o_tty_closing = o_tty &&
1609                         (o_tty->count <= (pty_master ? 1 : 0));
1610                 do_sleep = 0;
1611
1612                 if (tty_closing) {
1613                         if (waitqueue_active(&tty->read_wait)) {
1614                                 wake_up(&tty->read_wait);
1615                                 do_sleep++;
1616                         }
1617                         if (waitqueue_active(&tty->write_wait)) {
1618                                 wake_up(&tty->write_wait);
1619                                 do_sleep++;
1620                         }
1621                 }
1622                 if (o_tty_closing) {
1623                         if (waitqueue_active(&o_tty->read_wait)) {
1624                                 wake_up(&o_tty->read_wait);
1625                                 do_sleep++;
1626                         }
1627                         if (waitqueue_active(&o_tty->write_wait)) {
1628                                 wake_up(&o_tty->write_wait);
1629                                 do_sleep++;
1630                         }
1631                 }
1632                 if (!do_sleep)
1633                         break;
1634
1635                 printk(KERN_WARNING "release_dev: %s: read/write wait queue "
1636                                     "active!\n", tty_name(tty, buf));
1637                 mutex_unlock(&tty_mutex);
1638                 schedule();
1639         }
1640
1641         /*
1642          * The closing flags are now consistent with the open counts on
1643          * both sides, and we've completed the last operation that could
1644          * block, so it's safe to proceed with closing.
1645          */
1646         if (pty_master) {
1647                 if (--o_tty->count < 0) {
1648                         printk(KERN_WARNING "release_dev: bad pty slave count "
1649                                             "(%d) for %s\n",
1650                                o_tty->count, tty_name(o_tty, buf));
1651                         o_tty->count = 0;
1652                 }
1653         }
1654         if (--tty->count < 0) {
1655                 printk(KERN_WARNING "release_dev: bad tty->count (%d) for %s\n",
1656                        tty->count, tty_name(tty, buf));
1657                 tty->count = 0;
1658         }
1659
1660         /*
1661          * We've decremented tty->count, so we need to remove this file
1662          * descriptor off the tty->tty_files list; this serves two
1663          * purposes:
1664          *  - check_tty_count sees the correct number of file descriptors
1665          *    associated with this tty.
1666          *  - do_tty_hangup no longer sees this file descriptor as
1667          *    something that needs to be handled for hangups.
1668          */
1669         file_kill(filp);
1670         filp->private_data = NULL;
1671
1672         /*
1673          * Perform some housekeeping before deciding whether to return.
1674          *
1675          * Set the TTY_CLOSING flag if this was the last open.  In the
1676          * case of a pty we may have to wait around for the other side
1677          * to close, and TTY_CLOSING makes sure we can't be reopened.
1678          */
1679         if (tty_closing)
1680                 set_bit(TTY_CLOSING, &tty->flags);
1681         if (o_tty_closing)
1682                 set_bit(TTY_CLOSING, &o_tty->flags);
1683
1684         /*
1685          * If _either_ side is closing, make sure there aren't any
1686          * processes that still think tty or o_tty is their controlling
1687          * tty.
1688          */
1689         if (tty_closing || o_tty_closing) {
1690                 read_lock(&tasklist_lock);
1691                 session_clear_tty(tty->session);
1692                 if (o_tty)
1693                         session_clear_tty(o_tty->session);
1694                 read_unlock(&tasklist_lock);
1695         }
1696
1697         mutex_unlock(&tty_mutex);
1698
1699         /* check whether both sides are closing ... */
1700         if (!tty_closing || (o_tty && !o_tty_closing))
1701                 return;
1702
1703 #ifdef TTY_DEBUG_HANGUP
1704         printk(KERN_DEBUG "freeing tty structure...");
1705 #endif
1706         /*
1707          * Ask the line discipline code to release its structures
1708          */
1709         tty_ldisc_release(tty, o_tty);
1710         /*
1711          * The release_tty function takes care of the details of clearing
1712          * the slots and preserving the termios structure.
1713          */
1714         release_tty(tty, idx);
1715
1716         /* Make this pty number available for reallocation */
1717         if (devpts)
1718                 devpts_kill_index(idx);
1719 }
1720
1721 /**
1722  *      tty_open                -       open a tty device
1723  *      @inode: inode of device file
1724  *      @filp: file pointer to tty
1725  *
1726  *      tty_open and tty_release keep up the tty count that contains the
1727  *      number of opens done on a tty. We cannot use the inode-count, as
1728  *      different inodes might point to the same tty.
1729  *
1730  *      Open-counting is needed for pty masters, as well as for keeping
1731  *      track of serial lines: DTR is dropped when the last close happens.
1732  *      (This is not done solely through tty->count, now.  - Ted 1/27/92)
1733  *
1734  *      The termios state of a pty is reset on first open so that
1735  *      settings don't persist across reuse.
1736  *
1737  *      Locking: tty_mutex protects tty, get_tty_driver and init_dev work.
1738  *               tty->count should protect the rest.
1739  *               ->siglock protects ->signal/->sighand
1740  */
1741
1742 static int __tty_open(struct inode *inode, struct file *filp)
1743 {
1744         struct tty_struct *tty;
1745         int noctty, retval;
1746         struct tty_driver *driver;
1747         int index;
1748         dev_t device = inode->i_rdev;
1749         unsigned short saved_flags = filp->f_flags;
1750
1751         nonseekable_open(inode, filp);
1752
1753 retry_open:
1754         noctty = filp->f_flags & O_NOCTTY;
1755         index  = -1;
1756         retval = 0;
1757
1758         mutex_lock(&tty_mutex);
1759
1760         if (device == MKDEV(TTYAUX_MAJOR, 0)) {
1761                 tty = get_current_tty();
1762                 if (!tty) {
1763                         mutex_unlock(&tty_mutex);
1764                         return -ENXIO;
1765                 }
1766                 driver = tty->driver;
1767                 index = tty->index;
1768                 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
1769                 /* noctty = 1; */
1770                 goto got_driver;
1771         }
1772 #ifdef CONFIG_VT
1773         if (device == MKDEV(TTY_MAJOR, 0)) {
1774                 extern struct tty_driver *console_driver;
1775                 driver = console_driver;
1776                 index = fg_console;
1777                 noctty = 1;
1778                 goto got_driver;
1779         }
1780 #endif
1781         if (device == MKDEV(TTYAUX_MAJOR, 1)) {
1782                 driver = console_device(&index);
1783                 if (driver) {
1784                         /* Don't let /dev/console block */
1785                         filp->f_flags |= O_NONBLOCK;
1786                         noctty = 1;
1787                         goto got_driver;
1788                 }
1789                 mutex_unlock(&tty_mutex);
1790                 return -ENODEV;
1791         }
1792
1793         driver = get_tty_driver(device, &index);
1794         if (!driver) {
1795                 mutex_unlock(&tty_mutex);
1796                 return -ENODEV;
1797         }
1798 got_driver:
1799         retval = init_dev(driver, index, &tty);
1800         mutex_unlock(&tty_mutex);
1801         if (retval)
1802                 return retval;
1803
1804         filp->private_data = tty;
1805         file_move(filp, &tty->tty_files);
1806         check_tty_count(tty, "tty_open");
1807         if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1808             tty->driver->subtype == PTY_TYPE_MASTER)
1809                 noctty = 1;
1810 #ifdef TTY_DEBUG_HANGUP
1811         printk(KERN_DEBUG "opening %s...", tty->name);
1812 #endif
1813         if (!retval) {
1814                 if (tty->ops->open)
1815                         retval = tty->ops->open(tty, filp);
1816                 else
1817                         retval = -ENODEV;
1818         }
1819         filp->f_flags = saved_flags;
1820
1821         if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) &&
1822                                                 !capable(CAP_SYS_ADMIN))
1823                 retval = -EBUSY;
1824
1825         if (retval) {
1826 #ifdef TTY_DEBUG_HANGUP
1827                 printk(KERN_DEBUG "error %d in opening %s...", retval,
1828                        tty->name);
1829 #endif
1830                 release_dev(filp);
1831                 if (retval != -ERESTARTSYS)
1832                         return retval;
1833                 if (signal_pending(current))
1834                         return retval;
1835                 schedule();
1836                 /*
1837                  * Need to reset f_op in case a hangup happened.
1838                  */
1839                 if (filp->f_op == &hung_up_tty_fops)
1840                         filp->f_op = &tty_fops;
1841                 goto retry_open;
1842         }
1843
1844         mutex_lock(&tty_mutex);
1845         spin_lock_irq(&current->sighand->siglock);
1846         if (!noctty &&
1847             current->signal->leader &&
1848             !current->signal->tty &&
1849             tty->session == NULL)
1850                 __proc_set_tty(current, tty);
1851         spin_unlock_irq(&current->sighand->siglock);
1852         mutex_unlock(&tty_mutex);
1853         return 0;
1854 }
1855
1856 /* BKL pushdown: scary code avoidance wrapper */
1857 static int tty_open(struct inode *inode, struct file *filp)
1858 {
1859         int ret;
1860
1861         lock_kernel();
1862         ret = __tty_open(inode, filp);
1863         unlock_kernel();
1864         return ret;
1865 }
1866
1867
1868
1869 #ifdef CONFIG_UNIX98_PTYS
1870 /**
1871  *      ptmx_open               -       open a unix 98 pty master
1872  *      @inode: inode of device file
1873  *      @filp: file pointer to tty
1874  *
1875  *      Allocate a unix98 pty master device from the ptmx driver.
1876  *
1877  *      Locking: tty_mutex protects theinit_dev work. tty->count should
1878  *              protect the rest.
1879  *              allocated_ptys_lock handles the list of free pty numbers
1880  */
1881
1882 static int __ptmx_open(struct inode *inode, struct file *filp)
1883 {
1884         struct tty_struct *tty;
1885         int retval;
1886         int index;
1887
1888         nonseekable_open(inode, filp);
1889
1890         /* find a device that is not in use. */
1891         index = devpts_new_index();
1892         if (index < 0)
1893                 return index;
1894
1895         mutex_lock(&tty_mutex);
1896         retval = init_dev(ptm_driver, index, &tty);
1897         mutex_unlock(&tty_mutex);
1898
1899         if (retval)
1900                 goto out;
1901
1902         set_bit(TTY_PTY_LOCK, &tty->flags); /* LOCK THE SLAVE */
1903         filp->private_data = tty;
1904         file_move(filp, &tty->tty_files);
1905
1906         retval = devpts_pty_new(tty->link);
1907         if (retval)
1908                 goto out1;
1909
1910         check_tty_count(tty, "ptmx_open");
1911         retval = ptm_driver->ops->open(tty, filp);
1912         if (!retval)
1913                 return 0;
1914 out1:
1915         release_dev(filp);
1916         return retval;
1917 out:
1918         devpts_kill_index(index);
1919         return retval;
1920 }
1921
1922 static int ptmx_open(struct inode *inode, struct file *filp)
1923 {
1924         int ret;
1925
1926         lock_kernel();
1927         ret = __ptmx_open(inode, filp);
1928         unlock_kernel();
1929         return ret;
1930 }
1931 #endif
1932
1933 /**
1934  *      tty_release             -       vfs callback for close
1935  *      @inode: inode of tty
1936  *      @filp: file pointer for handle to tty
1937  *
1938  *      Called the last time each file handle is closed that references
1939  *      this tty. There may however be several such references.
1940  *
1941  *      Locking:
1942  *              Takes bkl. See release_dev
1943  */
1944
1945 static int tty_release(struct inode *inode, struct file *filp)
1946 {
1947         lock_kernel();
1948         release_dev(filp);
1949         unlock_kernel();
1950         return 0;
1951 }
1952
1953 /**
1954  *      tty_poll        -       check tty status
1955  *      @filp: file being polled
1956  *      @wait: poll wait structures to update
1957  *
1958  *      Call the line discipline polling method to obtain the poll
1959  *      status of the device.
1960  *
1961  *      Locking: locks called line discipline but ldisc poll method
1962  *      may be re-entered freely by other callers.
1963  */
1964
1965 static unsigned int tty_poll(struct file *filp, poll_table *wait)
1966 {
1967         struct tty_struct *tty;
1968         struct tty_ldisc *ld;
1969         int ret = 0;
1970
1971         tty = (struct tty_struct *)filp->private_data;
1972         if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_poll"))
1973                 return 0;
1974
1975         ld = tty_ldisc_ref_wait(tty);
1976         if (ld->ops->poll)
1977                 ret = (ld->ops->poll)(tty, filp, wait);
1978         tty_ldisc_deref(ld);
1979         return ret;
1980 }
1981
1982 static int tty_fasync(int fd, struct file *filp, int on)
1983 {
1984         struct tty_struct *tty;
1985         unsigned long flags;
1986         int retval = 0;
1987
1988         lock_kernel();
1989         tty = (struct tty_struct *)filp->private_data;
1990         if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_fasync"))
1991                 goto out;
1992
1993         retval = fasync_helper(fd, filp, on, &tty->fasync);
1994         if (retval <= 0)
1995                 goto out;
1996
1997         if (on) {
1998                 enum pid_type type;
1999                 struct pid *pid;
2000                 if (!waitqueue_active(&tty->read_wait))
2001                         tty->minimum_to_wake = 1;
2002                 spin_lock_irqsave(&tty->ctrl_lock, flags);
2003                 if (tty->pgrp) {
2004                         pid = tty->pgrp;
2005                         type = PIDTYPE_PGID;
2006                 } else {
2007                         pid = task_pid(current);
2008                         type = PIDTYPE_PID;
2009                 }
2010                 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2011                 retval = __f_setown(filp, pid, type, 0);
2012                 if (retval)
2013                         goto out;
2014         } else {
2015                 if (!tty->fasync && !waitqueue_active(&tty->read_wait))
2016                         tty->minimum_to_wake = N_TTY_BUF_SIZE;
2017         }
2018         retval = 0;
2019 out:
2020         unlock_kernel();
2021         return retval;
2022 }
2023
2024 /**
2025  *      tiocsti                 -       fake input character
2026  *      @tty: tty to fake input into
2027  *      @p: pointer to character
2028  *
2029  *      Fake input to a tty device. Does the necessary locking and
2030  *      input management.
2031  *
2032  *      FIXME: does not honour flow control ??
2033  *
2034  *      Locking:
2035  *              Called functions take tty_ldisc_lock
2036  *              current->signal->tty check is safe without locks
2037  *
2038  *      FIXME: may race normal receive processing
2039  */
2040
2041 static int tiocsti(struct tty_struct *tty, char __user *p)
2042 {
2043         char ch, mbz = 0;
2044         struct tty_ldisc *ld;
2045
2046         if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2047                 return -EPERM;
2048         if (get_user(ch, p))
2049                 return -EFAULT;
2050         ld = tty_ldisc_ref_wait(tty);
2051         ld->ops->receive_buf(tty, &ch, &mbz, 1);
2052         tty_ldisc_deref(ld);
2053         return 0;
2054 }
2055
2056 /**
2057  *      tiocgwinsz              -       implement window query ioctl
2058  *      @tty; tty
2059  *      @arg: user buffer for result
2060  *
2061  *      Copies the kernel idea of the window size into the user buffer.
2062  *
2063  *      Locking: tty->termios_mutex is taken to ensure the winsize data
2064  *              is consistent.
2065  */
2066
2067 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2068 {
2069         int err;
2070
2071         mutex_lock(&tty->termios_mutex);
2072         err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2073         mutex_unlock(&tty->termios_mutex);
2074
2075         return err ? -EFAULT: 0;
2076 }
2077
2078 /**
2079  *      tty_do_resize           -       resize event
2080  *      @tty: tty being resized
2081  *      @real_tty: real tty (not the same as tty if using a pty/tty pair)
2082  *      @rows: rows (character)
2083  *      @cols: cols (character)
2084  *
2085  *      Update the termios variables and send the neccessary signals to
2086  *      peform a terminal resize correctly
2087  */
2088
2089 int tty_do_resize(struct tty_struct *tty, struct tty_struct *real_tty,
2090                                         struct winsize *ws)
2091 {
2092         struct pid *pgrp, *rpgrp;
2093         unsigned long flags;
2094
2095         /* For a PTY we need to lock the tty side */
2096         mutex_lock(&real_tty->termios_mutex);
2097         if (!memcmp(ws, &tty->winsize, sizeof(*ws)))
2098                 goto done;
2099         /* Get the PID values and reference them so we can
2100            avoid holding the tty ctrl lock while sending signals */
2101         spin_lock_irqsave(&tty->ctrl_lock, flags);
2102         pgrp = get_pid(tty->pgrp);
2103         rpgrp = get_pid(real_tty->pgrp);
2104         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2105
2106         if (pgrp)
2107                 kill_pgrp(pgrp, SIGWINCH, 1);
2108         if (rpgrp != pgrp && rpgrp)
2109                 kill_pgrp(rpgrp, SIGWINCH, 1);
2110
2111         put_pid(pgrp);
2112         put_pid(rpgrp);
2113
2114         tty->winsize = *ws;
2115         real_tty->winsize = *ws;
2116 done:
2117         mutex_unlock(&real_tty->termios_mutex);
2118         return 0;
2119 }
2120
2121 /**
2122  *      tiocswinsz              -       implement window size set ioctl
2123  *      @tty; tty
2124  *      @arg: user buffer for result
2125  *
2126  *      Copies the user idea of the window size to the kernel. Traditionally
2127  *      this is just advisory information but for the Linux console it
2128  *      actually has driver level meaning and triggers a VC resize.
2129  *
2130  *      Locking:
2131  *              Driver dependant. The default do_resize method takes the
2132  *      tty termios mutex and ctrl_lock. The console takes its own lock
2133  *      then calls into the default method.
2134  */
2135
2136 static int tiocswinsz(struct tty_struct *tty, struct tty_struct *real_tty,
2137         struct winsize __user *arg)
2138 {
2139         struct winsize tmp_ws;
2140         if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2141                 return -EFAULT;
2142
2143         if (tty->ops->resize)
2144                 return tty->ops->resize(tty, real_tty, &tmp_ws);
2145         else
2146                 return tty_do_resize(tty, real_tty, &tmp_ws);
2147 }
2148
2149 /**
2150  *      tioccons        -       allow admin to move logical console
2151  *      @file: the file to become console
2152  *
2153  *      Allow the adminstrator to move the redirected console device
2154  *
2155  *      Locking: uses redirect_lock to guard the redirect information
2156  */
2157
2158 static int tioccons(struct file *file)
2159 {
2160         if (!capable(CAP_SYS_ADMIN))
2161                 return -EPERM;
2162         if (file->f_op->write == redirected_tty_write) {
2163                 struct file *f;
2164                 spin_lock(&redirect_lock);
2165                 f = redirect;
2166                 redirect = NULL;
2167                 spin_unlock(&redirect_lock);
2168                 if (f)
2169                         fput(f);
2170                 return 0;
2171         }
2172         spin_lock(&redirect_lock);
2173         if (redirect) {
2174                 spin_unlock(&redirect_lock);
2175                 return -EBUSY;
2176         }
2177         get_file(file);
2178         redirect = file;
2179         spin_unlock(&redirect_lock);
2180         return 0;
2181 }
2182
2183 /**
2184  *      fionbio         -       non blocking ioctl
2185  *      @file: file to set blocking value
2186  *      @p: user parameter
2187  *
2188  *      Historical tty interfaces had a blocking control ioctl before
2189  *      the generic functionality existed. This piece of history is preserved
2190  *      in the expected tty API of posix OS's.
2191  *
2192  *      Locking: none, the open fle handle ensures it won't go away.
2193  */
2194
2195 static int fionbio(struct file *file, int __user *p)
2196 {
2197         int nonblock;
2198
2199         if (get_user(nonblock, p))
2200                 return -EFAULT;
2201
2202         /* file->f_flags is still BKL protected in the fs layer - vomit */
2203         lock_kernel();
2204         if (nonblock)
2205                 file->f_flags |= O_NONBLOCK;
2206         else
2207                 file->f_flags &= ~O_NONBLOCK;
2208         unlock_kernel();
2209         return 0;
2210 }
2211
2212 /**
2213  *      tiocsctty       -       set controlling tty
2214  *      @tty: tty structure
2215  *      @arg: user argument
2216  *
2217  *      This ioctl is used to manage job control. It permits a session
2218  *      leader to set this tty as the controlling tty for the session.
2219  *
2220  *      Locking:
2221  *              Takes tty_mutex() to protect tty instance
2222  *              Takes tasklist_lock internally to walk sessions
2223  *              Takes ->siglock() when updating signal->tty
2224  */
2225
2226 static int tiocsctty(struct tty_struct *tty, int arg)
2227 {
2228         int ret = 0;
2229         if (current->signal->leader && (task_session(current) == tty->session))
2230                 return ret;
2231
2232         mutex_lock(&tty_mutex);
2233         /*
2234          * The process must be a session leader and
2235          * not have a controlling tty already.
2236          */
2237         if (!current->signal->leader || current->signal->tty) {
2238                 ret = -EPERM;
2239                 goto unlock;
2240         }
2241
2242         if (tty->session) {
2243                 /*
2244                  * This tty is already the controlling
2245                  * tty for another session group!
2246                  */
2247                 if (arg == 1 && capable(CAP_SYS_ADMIN)) {
2248                         /*
2249                          * Steal it away
2250                          */
2251                         read_lock(&tasklist_lock);
2252                         session_clear_tty(tty->session);
2253                         read_unlock(&tasklist_lock);
2254                 } else {
2255                         ret = -EPERM;
2256                         goto unlock;
2257                 }
2258         }
2259         proc_set_tty(current, tty);
2260 unlock:
2261         mutex_unlock(&tty_mutex);
2262         return ret;
2263 }
2264
2265 /**
2266  *      tty_get_pgrp    -       return a ref counted pgrp pid
2267  *      @tty: tty to read
2268  *
2269  *      Returns a refcounted instance of the pid struct for the process
2270  *      group controlling the tty.
2271  */
2272
2273 struct pid *tty_get_pgrp(struct tty_struct *tty)
2274 {
2275         unsigned long flags;
2276         struct pid *pgrp;
2277
2278         spin_lock_irqsave(&tty->ctrl_lock, flags);
2279         pgrp = get_pid(tty->pgrp);
2280         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2281
2282         return pgrp;
2283 }
2284 EXPORT_SYMBOL_GPL(tty_get_pgrp);
2285
2286 /**
2287  *      tiocgpgrp               -       get process group
2288  *      @tty: tty passed by user
2289  *      @real_tty: tty side of the tty pased by the user if a pty else the tty
2290  *      @p: returned pid
2291  *
2292  *      Obtain the process group of the tty. If there is no process group
2293  *      return an error.
2294  *
2295  *      Locking: none. Reference to current->signal->tty is safe.
2296  */
2297
2298 static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2299 {
2300         struct pid *pid;
2301         int ret;
2302         /*
2303          * (tty == real_tty) is a cheap way of
2304          * testing if the tty is NOT a master pty.
2305          */
2306         if (tty == real_tty && current->signal->tty != real_tty)
2307                 return -ENOTTY;
2308         pid = tty_get_pgrp(real_tty);
2309         ret =  put_user(pid_vnr(pid), p);
2310         put_pid(pid);
2311         return ret;
2312 }
2313
2314 /**
2315  *      tiocspgrp               -       attempt to set process group
2316  *      @tty: tty passed by user
2317  *      @real_tty: tty side device matching tty passed by user
2318  *      @p: pid pointer
2319  *
2320  *      Set the process group of the tty to the session passed. Only
2321  *      permitted where the tty session is our session.
2322  *
2323  *      Locking: RCU, ctrl lock
2324  */
2325
2326 static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2327 {
2328         struct pid *pgrp;
2329         pid_t pgrp_nr;
2330         int retval = tty_check_change(real_tty);
2331         unsigned long flags;
2332
2333         if (retval == -EIO)
2334                 return -ENOTTY;
2335         if (retval)
2336                 return retval;
2337         if (!current->signal->tty ||
2338             (current->signal->tty != real_tty) ||
2339             (real_tty->session != task_session(current)))
2340                 return -ENOTTY;
2341         if (get_user(pgrp_nr, p))
2342                 return -EFAULT;
2343         if (pgrp_nr < 0)
2344                 return -EINVAL;
2345         rcu_read_lock();
2346         pgrp = find_vpid(pgrp_nr);
2347         retval = -ESRCH;
2348         if (!pgrp)
2349                 goto out_unlock;
2350         retval = -EPERM;
2351         if (session_of_pgrp(pgrp) != task_session(current))
2352                 goto out_unlock;
2353         retval = 0;
2354         spin_lock_irqsave(&tty->ctrl_lock, flags);
2355         put_pid(real_tty->pgrp);
2356         real_tty->pgrp = get_pid(pgrp);
2357         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2358 out_unlock:
2359         rcu_read_unlock();
2360         return retval;
2361 }
2362
2363 /**
2364  *      tiocgsid                -       get session id
2365  *      @tty: tty passed by user
2366  *      @real_tty: tty side of the tty pased by the user if a pty else the tty
2367  *      @p: pointer to returned session id
2368  *
2369  *      Obtain the session id of the tty. If there is no session
2370  *      return an error.
2371  *
2372  *      Locking: none. Reference to current->signal->tty is safe.
2373  */
2374
2375 static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2376 {
2377         /*
2378          * (tty == real_tty) is a cheap way of
2379          * testing if the tty is NOT a master pty.
2380         */
2381         if (tty == real_tty && current->signal->tty != real_tty)
2382                 return -ENOTTY;
2383         if (!real_tty->session)
2384                 return -ENOTTY;
2385         return put_user(pid_vnr(real_tty->session), p);
2386 }
2387
2388 /**
2389  *      tiocsetd        -       set line discipline
2390  *      @tty: tty device
2391  *      @p: pointer to user data
2392  *
2393  *      Set the line discipline according to user request.
2394  *
2395  *      Locking: see tty_set_ldisc, this function is just a helper
2396  */
2397
2398 static int tiocsetd(struct tty_struct *tty, int __user *p)
2399 {
2400         int ldisc;
2401         int ret;
2402
2403         if (get_user(ldisc, p))
2404                 return -EFAULT;
2405
2406         lock_kernel();
2407         ret = tty_set_ldisc(tty, ldisc);
2408         unlock_kernel();
2409
2410         return ret;
2411 }
2412
2413 /**
2414  *      send_break      -       performed time break
2415  *      @tty: device to break on
2416  *      @duration: timeout in mS
2417  *
2418  *      Perform a timed break on hardware that lacks its own driver level
2419  *      timed break functionality.
2420  *
2421  *      Locking:
2422  *              atomic_write_lock serializes
2423  *
2424  */
2425
2426 static int send_break(struct tty_struct *tty, unsigned int duration)
2427 {
2428         int retval;
2429
2430         if (tty->ops->break_ctl == NULL)
2431                 return 0;
2432
2433         if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
2434                 retval = tty->ops->break_ctl(tty, duration);
2435         else {
2436                 /* Do the work ourselves */
2437                 if (tty_write_lock(tty, 0) < 0)
2438                         return -EINTR;
2439                 retval = tty->ops->break_ctl(tty, -1);
2440                 if (retval)
2441                         goto out;
2442                 if (!signal_pending(current))
2443                         msleep_interruptible(duration);
2444                 retval = tty->ops->break_ctl(tty, 0);
2445 out:
2446                 tty_write_unlock(tty);
2447                 if (signal_pending(current))
2448                         retval = -EINTR;
2449         }
2450         return retval;
2451 }
2452
2453 /**
2454  *      tty_tiocmget            -       get modem status
2455  *      @tty: tty device
2456  *      @file: user file pointer
2457  *      @p: pointer to result
2458  *
2459  *      Obtain the modem status bits from the tty driver if the feature
2460  *      is supported. Return -EINVAL if it is not available.
2461  *
2462  *      Locking: none (up to the driver)
2463  */
2464
2465 static int tty_tiocmget(struct tty_struct *tty, struct file *file, int __user *p)
2466 {
2467         int retval = -EINVAL;
2468
2469         if (tty->ops->tiocmget) {
2470                 retval = tty->ops->tiocmget(tty, file);
2471
2472                 if (retval >= 0)
2473                         retval = put_user(retval, p);
2474         }
2475         return retval;
2476 }
2477
2478 /**
2479  *      tty_tiocmset            -       set modem status
2480  *      @tty: tty device
2481  *      @file: user file pointer
2482  *      @cmd: command - clear bits, set bits or set all
2483  *      @p: pointer to desired bits
2484  *
2485  *      Set the modem status bits from the tty driver if the feature
2486  *      is supported. Return -EINVAL if it is not available.
2487  *
2488  *      Locking: none (up to the driver)
2489  */
2490
2491 static int tty_tiocmset(struct tty_struct *tty, struct file *file, unsigned int cmd,
2492              unsigned __user *p)
2493 {
2494         int retval;
2495         unsigned int set, clear, val;
2496
2497         if (tty->ops->tiocmset == NULL)
2498                 return -EINVAL;
2499
2500         retval = get_user(val, p);
2501         if (retval)
2502                 return retval;
2503         set = clear = 0;
2504         switch (cmd) {
2505         case TIOCMBIS:
2506                 set = val;
2507                 break;
2508         case TIOCMBIC:
2509                 clear = val;
2510                 break;
2511         case TIOCMSET:
2512                 set = val;
2513                 clear = ~val;
2514                 break;
2515         }
2516         set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2517         clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2518         return tty->ops->tiocmset(tty, file, set, clear);
2519 }
2520
2521 /*
2522  * Split this up, as gcc can choke on it otherwise..
2523  */
2524 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2525 {
2526         struct tty_struct *tty, *real_tty;
2527         void __user *p = (void __user *)arg;
2528         int retval;
2529         struct tty_ldisc *ld;
2530         struct inode *inode = file->f_dentry->d_inode;
2531
2532         tty = (struct tty_struct *)file->private_data;
2533         if (tty_paranoia_check(tty, inode, "tty_ioctl"))
2534                 return -EINVAL;
2535
2536         real_tty = tty;
2537         if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2538             tty->driver->subtype == PTY_TYPE_MASTER)
2539                 real_tty = tty->link;
2540
2541
2542         /*
2543          * Factor out some common prep work
2544          */
2545         switch (cmd) {
2546         case TIOCSETD:
2547         case TIOCSBRK:
2548         case TIOCCBRK:
2549         case TCSBRK:
2550         case TCSBRKP:
2551                 retval = tty_check_change(tty);
2552                 if (retval)
2553                         return retval;
2554                 if (cmd != TIOCCBRK) {
2555                         tty_wait_until_sent(tty, 0);
2556                         if (signal_pending(current))
2557                                 return -EINTR;
2558                 }
2559                 break;
2560         }
2561
2562         /*
2563          *      Now do the stuff.
2564          */
2565         switch (cmd) {
2566         case TIOCSTI:
2567                 return tiocsti(tty, p);
2568         case TIOCGWINSZ:
2569                 return tiocgwinsz(tty, p);
2570         case TIOCSWINSZ:
2571                 return tiocswinsz(tty, real_tty, p);
2572         case TIOCCONS:
2573                 return real_tty != tty ? -EINVAL : tioccons(file);
2574         case FIONBIO:
2575                 return fionbio(file, p);
2576         case TIOCEXCL:
2577                 set_bit(TTY_EXCLUSIVE, &tty->flags);
2578                 return 0;
2579         case TIOCNXCL:
2580                 clear_bit(TTY_EXCLUSIVE, &tty->flags);
2581                 return 0;
2582         case TIOCNOTTY:
2583                 if (current->signal->tty != tty)
2584                         return -ENOTTY;
2585                 no_tty();
2586                 return 0;
2587         case TIOCSCTTY:
2588                 return tiocsctty(tty, arg);
2589         case TIOCGPGRP:
2590                 return tiocgpgrp(tty, real_tty, p);
2591         case TIOCSPGRP:
2592                 return tiocspgrp(tty, real_tty, p);
2593         case TIOCGSID:
2594                 return tiocgsid(tty, real_tty, p);
2595         case TIOCGETD:
2596                 return put_user(tty->ldisc.ops->num, (int __user *)p);
2597         case TIOCSETD:
2598                 return tiocsetd(tty, p);
2599         /*
2600          * Break handling
2601          */
2602         case TIOCSBRK:  /* Turn break on, unconditionally */
2603                 if (tty->ops->break_ctl)
2604                         return tty->ops->break_ctl(tty, -1);
2605                 return 0;
2606         case TIOCCBRK:  /* Turn break off, unconditionally */
2607                 if (tty->ops->break_ctl)
2608                         return tty->ops->break_ctl(tty, 0);
2609                 return 0;
2610         case TCSBRK:   /* SVID version: non-zero arg --> no break */
2611                 /* non-zero arg means wait for all output data
2612                  * to be sent (performed above) but don't send break.
2613                  * This is used by the tcdrain() termios function.
2614                  */
2615                 if (!arg)
2616                         return send_break(tty, 250);
2617                 return 0;
2618         case TCSBRKP:   /* support for POSIX tcsendbreak() */
2619                 return send_break(tty, arg ? arg*100 : 250);
2620
2621         case TIOCMGET:
2622                 return tty_tiocmget(tty, file, p);
2623         case TIOCMSET:
2624         case TIOCMBIC:
2625         case TIOCMBIS:
2626                 return tty_tiocmset(tty, file, cmd, p);
2627         case TCFLSH:
2628                 switch (arg) {
2629                 case TCIFLUSH:
2630                 case TCIOFLUSH:
2631                 /* flush tty buffer and allow ldisc to process ioctl */
2632                         tty_buffer_flush(tty);
2633                         break;
2634                 }
2635                 break;
2636         }
2637         if (tty->ops->ioctl) {
2638                 retval = (tty->ops->ioctl)(tty, file, cmd, arg);
2639                 if (retval != -ENOIOCTLCMD)
2640                         return retval;
2641         }
2642         ld = tty_ldisc_ref_wait(tty);
2643         retval = -EINVAL;
2644         if (ld->ops->ioctl) {
2645                 retval = ld->ops->ioctl(tty, file, cmd, arg);
2646                 if (retval == -ENOIOCTLCMD)
2647                         retval = -EINVAL;
2648         }
2649         tty_ldisc_deref(ld);
2650         return retval;
2651 }
2652
2653 #ifdef CONFIG_COMPAT
2654 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
2655                                 unsigned long arg)
2656 {
2657         struct inode *inode = file->f_dentry->d_inode;
2658         struct tty_struct *tty = file->private_data;
2659         struct tty_ldisc *ld;
2660         int retval = -ENOIOCTLCMD;
2661
2662         if (tty_paranoia_check(tty, inode, "tty_ioctl"))
2663                 return -EINVAL;
2664
2665         if (tty->ops->compat_ioctl) {
2666                 retval = (tty->ops->compat_ioctl)(tty, file, cmd, arg);
2667                 if (retval != -ENOIOCTLCMD)
2668                         return retval;
2669         }
2670
2671         ld = tty_ldisc_ref_wait(tty);
2672         if (ld->ops->compat_ioctl)
2673                 retval = ld->ops->compat_ioctl(tty, file, cmd, arg);
2674         tty_ldisc_deref(ld);
2675
2676         return retval;
2677 }
2678 #endif
2679
2680 /*
2681  * This implements the "Secure Attention Key" ---  the idea is to
2682  * prevent trojan horses by killing all processes associated with this
2683  * tty when the user hits the "Secure Attention Key".  Required for
2684  * super-paranoid applications --- see the Orange Book for more details.
2685  *
2686  * This code could be nicer; ideally it should send a HUP, wait a few
2687  * seconds, then send a INT, and then a KILL signal.  But you then
2688  * have to coordinate with the init process, since all processes associated
2689  * with the current tty must be dead before the new getty is allowed
2690  * to spawn.
2691  *
2692  * Now, if it would be correct ;-/ The current code has a nasty hole -
2693  * it doesn't catch files in flight. We may send the descriptor to ourselves
2694  * via AF_UNIX socket, close it and later fetch from socket. FIXME.
2695  *
2696  * Nasty bug: do_SAK is being called in interrupt context.  This can
2697  * deadlock.  We punt it up to process context.  AKPM - 16Mar2001
2698  */
2699 void __do_SAK(struct tty_struct *tty)
2700 {
2701 #ifdef TTY_SOFT_SAK
2702         tty_hangup(tty);
2703 #else
2704         struct task_struct *g, *p;
2705         struct pid *session;
2706         int             i;
2707         struct file     *filp;
2708         struct fdtable *fdt;
2709
2710         if (!tty)
2711                 return;
2712         session = tty->session;
2713
2714         tty_ldisc_flush(tty);
2715
2716         tty_driver_flush_buffer(tty);
2717
2718         read_lock(&tasklist_lock);
2719         /* Kill the entire session */
2720         do_each_pid_task(session, PIDTYPE_SID, p) {
2721                 printk(KERN_NOTICE "SAK: killed process %d"
2722                         " (%s): task_session_nr(p)==tty->session\n",
2723                         task_pid_nr(p), p->comm);
2724                 send_sig(SIGKILL, p, 1);
2725         } while_each_pid_task(session, PIDTYPE_SID, p);
2726         /* Now kill any processes that happen to have the
2727          * tty open.
2728          */
2729         do_each_thread(g, p) {
2730                 if (p->signal->tty == tty) {
2731                         printk(KERN_NOTICE "SAK: killed process %d"
2732                             " (%s): task_session_nr(p)==tty->session\n",
2733                             task_pid_nr(p), p->comm);
2734                         send_sig(SIGKILL, p, 1);
2735                         continue;
2736                 }
2737                 task_lock(p);
2738                 if (p->files) {
2739                         /*
2740                          * We don't take a ref to the file, so we must
2741                          * hold ->file_lock instead.
2742                          */
2743                         spin_lock(&p->files->file_lock);
2744                         fdt = files_fdtable(p->files);
2745                         for (i = 0; i < fdt->max_fds; i++) {
2746                                 filp = fcheck_files(p->files, i);
2747                                 if (!filp)
2748                                         continue;
2749                                 if (filp->f_op->read == tty_read &&
2750                                     filp->private_data == tty) {
2751                                         printk(KERN_NOTICE "SAK: killed process %d"
2752                                             " (%s): fd#%d opened to the tty\n",
2753                                             task_pid_nr(p), p->comm, i);
2754                                         force_sig(SIGKILL, p);
2755                                         break;
2756                                 }
2757                         }
2758                         spin_unlock(&p->files->file_lock);
2759                 }
2760                 task_unlock(p);
2761         } while_each_thread(g, p);
2762         read_unlock(&tasklist_lock);
2763 #endif
2764 }
2765
2766 static void do_SAK_work(struct work_struct *work)
2767 {
2768         struct tty_struct *tty =
2769                 container_of(work, struct tty_struct, SAK_work);
2770         __do_SAK(tty);
2771 }
2772
2773 /*
2774  * The tq handling here is a little racy - tty->SAK_work may already be queued.
2775  * Fortunately we don't need to worry, because if ->SAK_work is already queued,
2776  * the values which we write to it will be identical to the values which it
2777  * already has. --akpm
2778  */
2779 void do_SAK(struct tty_struct *tty)
2780 {
2781         if (!tty)
2782                 return;
2783         schedule_work(&tty->SAK_work);
2784 }
2785
2786 EXPORT_SYMBOL(do_SAK);
2787
2788 /**
2789  *      initialize_tty_struct
2790  *      @tty: tty to initialize
2791  *
2792  *      This subroutine initializes a tty structure that has been newly
2793  *      allocated.
2794  *
2795  *      Locking: none - tty in question must not be exposed at this point
2796  */
2797
2798 static void initialize_tty_struct(struct tty_struct *tty)
2799 {
2800         memset(tty, 0, sizeof(struct tty_struct));
2801         tty->magic = TTY_MAGIC;
2802         tty_ldisc_init(tty);
2803         tty->session = NULL;
2804         tty->pgrp = NULL;
2805         tty->overrun_time = jiffies;
2806         tty->buf.head = tty->buf.tail = NULL;
2807         tty_buffer_init(tty);
2808         mutex_init(&tty->termios_mutex);
2809         init_waitqueue_head(&tty->write_wait);
2810         init_waitqueue_head(&tty->read_wait);
2811         INIT_WORK(&tty->hangup_work, do_tty_hangup);
2812         mutex_init(&tty->atomic_read_lock);
2813         mutex_init(&tty->atomic_write_lock);
2814         spin_lock_init(&tty->read_lock);
2815         spin_lock_init(&tty->ctrl_lock);
2816         INIT_LIST_HEAD(&tty->tty_files);
2817         INIT_WORK(&tty->SAK_work, do_SAK_work);
2818 }
2819
2820 /**
2821  *      tty_put_char    -       write one character to a tty
2822  *      @tty: tty
2823  *      @ch: character
2824  *
2825  *      Write one byte to the tty using the provided put_char method
2826  *      if present. Returns the number of characters successfully output.
2827  *
2828  *      Note: the specific put_char operation in the driver layer may go
2829  *      away soon. Don't call it directly, use this method
2830  */
2831
2832 int tty_put_char(struct tty_struct *tty, unsigned char ch)
2833 {
2834         if (tty->ops->put_char)
2835                 return tty->ops->put_char(tty, ch);
2836         return tty->ops->write(tty, &ch, 1);
2837 }
2838
2839 EXPORT_SYMBOL_GPL(tty_put_char);
2840
2841 static struct class *tty_class;
2842
2843 /**
2844  *      tty_register_device - register a tty device
2845  *      @driver: the tty driver that describes the tty device
2846  *      @index: the index in the tty driver for this tty device
2847  *      @device: a struct device that is associated with this tty device.
2848  *              This field is optional, if there is no known struct device
2849  *              for this tty device it can be set to NULL safely.
2850  *
2851  *      Returns a pointer to the struct device for this tty device
2852  *      (or ERR_PTR(-EFOO) on error).
2853  *
2854  *      This call is required to be made to register an individual tty device
2855  *      if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set.  If
2856  *      that bit is not set, this function should not be called by a tty
2857  *      driver.
2858  *
2859  *      Locking: ??
2860  */
2861
2862 struct device *tty_register_device(struct tty_driver *driver, unsigned index,
2863                                    struct device *device)
2864 {
2865         char name[64];
2866         dev_t dev = MKDEV(driver->major, driver->minor_start) + index;
2867
2868         if (index >= driver->num) {
2869                 printk(KERN_ERR "Attempt to register invalid tty line number "
2870                        " (%d).\n", index);
2871                 return ERR_PTR(-EINVAL);
2872         }
2873
2874         if (driver->type == TTY_DRIVER_TYPE_PTY)
2875                 pty_line_name(driver, index, name);
2876         else
2877                 tty_line_name(driver, index, name);
2878
2879         return device_create_drvdata(tty_class, device, dev, NULL, name);
2880 }
2881
2882 /**
2883  *      tty_unregister_device - unregister a tty device
2884  *      @driver: the tty driver that describes the tty device
2885  *      @index: the index in the tty driver for this tty device
2886  *
2887  *      If a tty device is registered with a call to tty_register_device() then
2888  *      this function must be called when the tty device is gone.
2889  *
2890  *      Locking: ??
2891  */
2892
2893 void tty_unregister_device(struct tty_driver *driver, unsigned index)
2894 {
2895         device_destroy(tty_class,
2896                 MKDEV(driver->major, driver->minor_start) + index);
2897 }
2898
2899 EXPORT_SYMBOL(tty_register_device);
2900 EXPORT_SYMBOL(tty_unregister_device);
2901
2902 struct tty_driver *alloc_tty_driver(int lines)
2903 {
2904         struct tty_driver *driver;
2905
2906         driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL);
2907         if (driver) {
2908                 driver->magic = TTY_DRIVER_MAGIC;
2909                 driver->num = lines;
2910                 /* later we'll move allocation of tables here */
2911         }
2912         return driver;
2913 }
2914
2915 void put_tty_driver(struct tty_driver *driver)
2916 {
2917         kfree(driver);
2918 }
2919
2920 void tty_set_operations(struct tty_driver *driver,
2921                         const struct tty_operations *op)
2922 {
2923         driver->ops = op;
2924 };
2925
2926 EXPORT_SYMBOL(alloc_tty_driver);
2927 EXPORT_SYMBOL(put_tty_driver);
2928 EXPORT_SYMBOL(tty_set_operations);
2929
2930 /*
2931  * Called by a tty driver to register itself.
2932  */
2933 int tty_register_driver(struct tty_driver *driver)
2934 {
2935         int error;
2936         int i;
2937         dev_t dev;
2938         void **p = NULL;
2939
2940         if (driver->flags & TTY_DRIVER_INSTALLED)
2941                 return 0;
2942
2943         if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM) && driver->num) {
2944                 p = kzalloc(driver->num * 3 * sizeof(void *), GFP_KERNEL);
2945                 if (!p)
2946                         return -ENOMEM;
2947         }
2948
2949         if (!driver->major) {
2950                 error = alloc_chrdev_region(&dev, driver->minor_start,
2951                                                 driver->num, driver->name);
2952                 if (!error) {
2953                         driver->major = MAJOR(dev);
2954                         driver->minor_start = MINOR(dev);
2955                 }
2956         } else {
2957                 dev = MKDEV(driver->major, driver->minor_start);
2958                 error = register_chrdev_region(dev, driver->num, driver->name);
2959         }
2960         if (error < 0) {
2961                 kfree(p);
2962                 return error;
2963         }
2964
2965         if (p) {
2966                 driver->ttys = (struct tty_struct **)p;
2967                 driver->termios = (struct ktermios **)(p + driver->num);
2968                 driver->termios_locked = (struct ktermios **)
2969                                                         (p + driver->num * 2);
2970         } else {
2971                 driver->ttys = NULL;
2972                 driver->termios = NULL;
2973                 driver->termios_locked = NULL;
2974         }
2975
2976         cdev_init(&driver->cdev, &tty_fops);
2977         driver->cdev.owner = driver->owner;
2978         error = cdev_add(&driver->cdev, dev, driver->num);
2979         if (error) {
2980                 unregister_chrdev_region(dev, driver->num);
2981                 driver->ttys = NULL;
2982                 driver->termios = driver->termios_locked = NULL;
2983                 kfree(p);
2984                 return error;
2985         }
2986
2987         mutex_lock(&tty_mutex);
2988         list_add(&driver->tty_drivers, &tty_drivers);
2989         mutex_unlock(&tty_mutex);
2990
2991         if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
2992                 for (i = 0; i < driver->num; i++)
2993                     tty_register_device(driver, i, NULL);
2994         }
2995         proc_tty_register_driver(driver);
2996         return 0;
2997 }
2998
2999 EXPORT_SYMBOL(tty_register_driver);
3000
3001 /*
3002  * Called by a tty driver to unregister itself.
3003  */
3004 int tty_unregister_driver(struct tty_driver *driver)
3005 {
3006         int i;
3007         struct ktermios *tp;
3008         void *p;
3009
3010         if (driver->refcount)
3011                 return -EBUSY;
3012
3013         unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3014                                 driver->num);
3015         mutex_lock(&tty_mutex);
3016         list_del(&driver->tty_drivers);
3017         mutex_unlock(&tty_mutex);
3018
3019         /*
3020          * Free the termios and termios_locked structures because
3021          * we don't want to get memory leaks when modular tty
3022          * drivers are removed from the kernel.
3023          */
3024         for (i = 0; i < driver->num; i++) {
3025                 tp = driver->termios[i];
3026                 if (tp) {
3027                         driver->termios[i] = NULL;
3028                         kfree(tp);
3029                 }
3030                 tp = driver->termios_locked[i];
3031                 if (tp) {
3032                         driver->termios_locked[i] = NULL;
3033                         kfree(tp);
3034                 }
3035                 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3036                         tty_unregister_device(driver, i);
3037         }
3038         p = driver->ttys;
3039         proc_tty_unregister_driver(driver);
3040         driver->ttys = NULL;
3041         driver->termios = driver->termios_locked = NULL;
3042         kfree(p);
3043         cdev_del(&driver->cdev);
3044         return 0;
3045 }
3046 EXPORT_SYMBOL(tty_unregister_driver);
3047
3048 dev_t tty_devnum(struct tty_struct *tty)
3049 {
3050         return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3051 }
3052 EXPORT_SYMBOL(tty_devnum);
3053
3054 void proc_clear_tty(struct task_struct *p)
3055 {
3056         spin_lock_irq(&p->sighand->siglock);
3057         p->signal->tty = NULL;
3058         spin_unlock_irq(&p->sighand->siglock);
3059 }
3060
3061 /* Called under the sighand lock */
3062
3063 static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
3064 {
3065         if (tty) {
3066                 unsigned long flags;
3067                 /* We should not have a session or pgrp to put here but.... */
3068                 spin_lock_irqsave(&tty->ctrl_lock, flags);
3069                 put_pid(tty->session);
3070                 put_pid(tty->pgrp);
3071                 tty->pgrp = get_pid(task_pgrp(tsk));
3072                 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
3073                 tty->session = get_pid(task_session(tsk));
3074         }
3075         put_pid(tsk->signal->tty_old_pgrp);
3076         tsk->signal->tty = tty;
3077         tsk->signal->tty_old_pgrp = NULL;
3078 }
3079
3080 static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
3081 {
3082         spin_lock_irq(&tsk->sighand->siglock);
3083         __proc_set_tty(tsk, tty);
3084         spin_unlock_irq(&tsk->sighand->siglock);
3085 }
3086
3087 struct tty_struct *get_current_tty(void)
3088 {
3089         struct tty_struct *tty;
3090         WARN_ON_ONCE(!mutex_is_locked(&tty_mutex));
3091         tty = current->signal->tty;
3092         /*
3093          * session->tty can be changed/cleared from under us, make sure we
3094          * issue the load. The obtained pointer, when not NULL, is valid as
3095          * long as we hold tty_mutex.
3096          */
3097         barrier();
3098         return tty;
3099 }
3100 EXPORT_SYMBOL_GPL(get_current_tty);
3101
3102 /*
3103  * Initialize the console device. This is called *early*, so
3104  * we can't necessarily depend on lots of kernel help here.
3105  * Just do some early initializations, and do the complex setup
3106  * later.
3107  */
3108 void __init console_init(void)
3109 {
3110         initcall_t *call;
3111
3112         /* Setup the default TTY line discipline. */
3113         tty_ldisc_begin();
3114
3115         /*
3116          * set up the console device so that later boot sequences can
3117          * inform about problems etc..
3118          */
3119         call = __con_initcall_start;
3120         while (call < __con_initcall_end) {
3121                 (*call)();
3122                 call++;
3123         }
3124 }
3125
3126 static int __init tty_class_init(void)
3127 {
3128         tty_class = class_create(THIS_MODULE, "tty");
3129         if (IS_ERR(tty_class))
3130                 return PTR_ERR(tty_class);
3131         return 0;
3132 }
3133
3134 postcore_initcall(tty_class_init);
3135
3136 /* 3/2004 jmc: why do these devices exist? */
3137
3138 static struct cdev tty_cdev, console_cdev;
3139 #ifdef CONFIG_UNIX98_PTYS
3140 static struct cdev ptmx_cdev;
3141 #endif
3142 #ifdef CONFIG_VT
3143 static struct cdev vc0_cdev;
3144 #endif
3145
3146 /*
3147  * Ok, now we can initialize the rest of the tty devices and can count
3148  * on memory allocations, interrupts etc..
3149  */
3150 static int __init tty_init(void)
3151 {
3152         cdev_init(&tty_cdev, &tty_fops);
3153         if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3154             register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3155                 panic("Couldn't register /dev/tty driver\n");
3156         device_create_drvdata(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL,
3157                               "tty");
3158
3159         cdev_init(&console_cdev, &console_fops);
3160         if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3161             register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3162                 panic("Couldn't register /dev/console driver\n");
3163         device_create_drvdata(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), NULL,
3164                               "console");
3165
3166 #ifdef CONFIG_UNIX98_PTYS
3167         cdev_init(&ptmx_cdev, &ptmx_fops);
3168         if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) ||
3169             register_chrdev_region(MKDEV(TTYAUX_MAJOR, 2), 1, "/dev/ptmx") < 0)
3170                 panic("Couldn't register /dev/ptmx driver\n");
3171         device_create_drvdata(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 2), NULL, "ptmx");
3172 #endif
3173
3174 #ifdef CONFIG_VT
3175         cdev_init(&vc0_cdev, &console_fops);
3176         if (cdev_add(&vc0_cdev, MKDEV(TTY_MAJOR, 0), 1) ||
3177             register_chrdev_region(MKDEV(TTY_MAJOR, 0), 1, "/dev/vc/0") < 0)
3178                 panic("Couldn't register /dev/tty0 driver\n");
3179         device_create_drvdata(tty_class, NULL, MKDEV(TTY_MAJOR, 0), NULL, "tty0");
3180
3181         vty_init();
3182 #endif
3183         return 0;
3184 }
3185 module_init(tty_init);