[PATCH] new tty buffering locking fix
[linux-2.6.git] / drivers / char / tty_io.c
1 /*
2  *  linux/drivers/char/tty_io.c
3  *
4  *  Copyright (C) 1991, 1992  Linus Torvalds
5  */
6
7 /*
8  * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
9  * or rs-channels. It also implements echoing, cooked mode etc.
10  *
11  * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
12  *
13  * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
14  * tty_struct and tty_queue structures.  Previously there was an array
15  * of 256 tty_struct's which was statically allocated, and the
16  * tty_queue structures were allocated at boot time.  Both are now
17  * dynamically allocated only when the tty is open.
18  *
19  * Also restructured routines so that there is more of a separation
20  * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
21  * the low-level tty routines (serial.c, pty.c, console.c).  This
22  * makes for cleaner and more compact code.  -TYT, 9/17/92 
23  *
24  * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
25  * which can be dynamically activated and de-activated by the line
26  * discipline handling modules (like SLIP).
27  *
28  * NOTE: pay no attention to the line discipline code (yet); its
29  * interface is still subject to change in this version...
30  * -- TYT, 1/31/92
31  *
32  * Added functionality to the OPOST tty handling.  No delays, but all
33  * other bits should be there.
34  *      -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
35  *
36  * Rewrote canonical mode and added more termios flags.
37  *      -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
38  *
39  * Reorganized FASYNC support so mouse code can share it.
40  *      -- ctm@ardi.com, 9Sep95
41  *
42  * New TIOCLINUX variants added.
43  *      -- mj@k332.feld.cvut.cz, 19-Nov-95
44  * 
45  * Restrict vt switching via ioctl()
46  *      -- grif@cs.ucr.edu, 5-Dec-95
47  *
48  * Move console and virtual terminal code to more appropriate files,
49  * implement CONFIG_VT and generalize console device interface.
50  *      -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
51  *
52  * Rewrote init_dev and release_dev to eliminate races.
53  *      -- Bill Hawes <whawes@star.net>, June 97
54  *
55  * Added devfs support.
56  *      -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
57  *
58  * Added support for a Unix98-style ptmx device.
59  *      -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
60  *
61  * Reduced memory usage for older ARM systems
62  *      -- Russell King <rmk@arm.linux.org.uk>
63  *
64  * Move do_SAK() into process context.  Less stack use in devfs functions.
65  * alloc_tty_struct() always uses kmalloc() -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
66  */
67
68 #include <linux/config.h>
69 #include <linux/types.h>
70 #include <linux/major.h>
71 #include <linux/errno.h>
72 #include <linux/signal.h>
73 #include <linux/fcntl.h>
74 #include <linux/sched.h>
75 #include <linux/interrupt.h>
76 #include <linux/tty.h>
77 #include <linux/tty_driver.h>
78 #include <linux/tty_flip.h>
79 #include <linux/devpts_fs.h>
80 #include <linux/file.h>
81 #include <linux/console.h>
82 #include <linux/timer.h>
83 #include <linux/ctype.h>
84 #include <linux/kd.h>
85 #include <linux/mm.h>
86 #include <linux/string.h>
87 #include <linux/slab.h>
88 #include <linux/poll.h>
89 #include <linux/proc_fs.h>
90 #include <linux/init.h>
91 #include <linux/module.h>
92 #include <linux/smp_lock.h>
93 #include <linux/device.h>
94 #include <linux/idr.h>
95 #include <linux/wait.h>
96 #include <linux/bitops.h>
97 #include <linux/delay.h>
98
99 #include <asm/uaccess.h>
100 #include <asm/system.h>
101
102 #include <linux/kbd_kern.h>
103 #include <linux/vt_kern.h>
104 #include <linux/selection.h>
105 #include <linux/devfs_fs_kernel.h>
106
107 #include <linux/kmod.h>
108
109 #undef TTY_DEBUG_HANGUP
110
111 #define TTY_PARANOIA_CHECK 1
112 #define CHECK_TTY_COUNT 1
113
114 struct termios tty_std_termios = {      /* for the benefit of tty drivers  */
115         .c_iflag = ICRNL | IXON,
116         .c_oflag = OPOST | ONLCR,
117         .c_cflag = B38400 | CS8 | CREAD | HUPCL,
118         .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
119                    ECHOCTL | ECHOKE | IEXTEN,
120         .c_cc = INIT_C_CC
121 };
122
123 EXPORT_SYMBOL(tty_std_termios);
124
125 /* This list gets poked at by procfs and various bits of boot up code. This
126    could do with some rationalisation such as pulling the tty proc function
127    into this file */
128    
129 LIST_HEAD(tty_drivers);                 /* linked list of tty drivers */
130
131 /* Semaphore to protect creating and releasing a tty. This is shared with
132    vt.c for deeply disgusting hack reasons */
133 DECLARE_MUTEX(tty_sem);
134
135 #ifdef CONFIG_UNIX98_PTYS
136 extern struct tty_driver *ptm_driver;   /* Unix98 pty masters; for /dev/ptmx */
137 extern int pty_limit;           /* Config limit on Unix98 ptys */
138 static DEFINE_IDR(allocated_ptys);
139 static DECLARE_MUTEX(allocated_ptys_lock);
140 static int ptmx_open(struct inode *, struct file *);
141 #endif
142
143 extern void disable_early_printk(void);
144
145 static void initialize_tty_struct(struct tty_struct *tty);
146
147 static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
148 static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
149 ssize_t redirected_tty_write(struct file *, const char __user *, size_t, loff_t *);
150 static unsigned int tty_poll(struct file *, poll_table *);
151 static int tty_open(struct inode *, struct file *);
152 static int tty_release(struct inode *, struct file *);
153 int tty_ioctl(struct inode * inode, struct file * file,
154               unsigned int cmd, unsigned long arg);
155 static int tty_fasync(int fd, struct file * filp, int on);
156 static void release_mem(struct tty_struct *tty, int idx);
157
158
159 static struct tty_struct *alloc_tty_struct(void)
160 {
161         struct tty_struct *tty;
162
163         tty = kmalloc(sizeof(struct tty_struct), GFP_KERNEL);
164         if (tty)
165                 memset(tty, 0, sizeof(struct tty_struct));
166         return tty;
167 }
168
169 static void tty_buffer_free_all(struct tty_struct *);
170
171 static inline void free_tty_struct(struct tty_struct *tty)
172 {
173         kfree(tty->write_buf);
174         tty_buffer_free_all(tty);
175         kfree(tty);
176 }
177
178 #define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
179
180 char *tty_name(struct tty_struct *tty, char *buf)
181 {
182         if (!tty) /* Hmm.  NULL pointer.  That's fun. */
183                 strcpy(buf, "NULL tty");
184         else
185                 strcpy(buf, tty->name);
186         return buf;
187 }
188
189 EXPORT_SYMBOL(tty_name);
190
191 int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
192                               const char *routine)
193 {
194 #ifdef TTY_PARANOIA_CHECK
195         if (!tty) {
196                 printk(KERN_WARNING
197                         "null TTY for (%d:%d) in %s\n",
198                         imajor(inode), iminor(inode), routine);
199                 return 1;
200         }
201         if (tty->magic != TTY_MAGIC) {
202                 printk(KERN_WARNING
203                         "bad magic number for tty struct (%d:%d) in %s\n",
204                         imajor(inode), iminor(inode), routine);
205                 return 1;
206         }
207 #endif
208         return 0;
209 }
210
211 static int check_tty_count(struct tty_struct *tty, const char *routine)
212 {
213 #ifdef CHECK_TTY_COUNT
214         struct list_head *p;
215         int count = 0;
216         
217         file_list_lock();
218         list_for_each(p, &tty->tty_files) {
219                 count++;
220         }
221         file_list_unlock();
222         if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
223             tty->driver->subtype == PTY_TYPE_SLAVE &&
224             tty->link && tty->link->count)
225                 count++;
226         if (tty->count != count) {
227                 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
228                                     "!= #fd's(%d) in %s\n",
229                        tty->name, tty->count, count, routine);
230                 return count;
231        }        
232 #endif
233         return 0;
234 }
235
236 /*
237  * Tty buffer allocation management
238  */
239
240 static void tty_buffer_free_all(struct tty_struct *tty)
241 {
242         struct tty_buffer *thead;
243         while((thead = tty->buf.head) != NULL) {
244                 tty->buf.head = thead->next;
245                 kfree(thead);
246         }
247         while((thead = tty->buf.free) != NULL) {
248                 tty->buf.free = thead->next;
249                 kfree(thead);
250         }
251         tty->buf.tail = NULL;
252 }
253
254 static void tty_buffer_init(struct tty_struct *tty)
255 {
256         spin_lock_init(&tty->buf.lock);
257         tty->buf.head = NULL;
258         tty->buf.tail = NULL;
259         tty->buf.free = NULL;
260 }
261
262 static struct tty_buffer *tty_buffer_alloc(size_t size)
263 {
264         struct tty_buffer *p = kmalloc(sizeof(struct tty_buffer) + 2 * size, GFP_ATOMIC);
265         if(p == NULL)
266                 return NULL;
267         p->used = 0;
268         p->size = size;
269         p->next = NULL;
270         p->active = 0;
271         p->char_buf_ptr = (char *)(p->data);
272         p->flag_buf_ptr = (unsigned char *)p->char_buf_ptr + size;
273 /*      printk("Flip create %p\n", p); */
274         return p;
275 }
276
277 /* Must be called with the tty_read lock held. This needs to acquire strategy
278    code to decide if we should kfree or relink a given expired buffer */
279
280 static void tty_buffer_free(struct tty_struct *tty, struct tty_buffer *b)
281 {
282         /* Dumb strategy for now - should keep some stats */
283 /*      printk("Flip dispose %p\n", b); */
284         if(b->size >= 512)
285                 kfree(b);
286         else {
287                 b->next = tty->buf.free;
288                 tty->buf.free = b;
289         }
290 }
291
292 static struct tty_buffer *tty_buffer_find(struct tty_struct *tty, size_t size)
293 {
294         struct tty_buffer **tbh = &tty->buf.free;
295         while((*tbh) != NULL) {
296                 struct tty_buffer *t = *tbh;
297                 if(t->size >= size) {
298                         *tbh = t->next;
299                         t->next = NULL;
300                         t->used = 0;
301                         /* DEBUG ONLY */
302                         memset(t->data, '*', size);
303 /*                      printk("Flip recycle %p\n", t); */
304                         return t;
305                 }
306                 tbh = &((*tbh)->next);
307         }
308         /* Round the buffer size out */
309         size = (size + 0xFF) & ~ 0xFF;
310         return tty_buffer_alloc(size);
311         /* Should possibly check if this fails for the largest buffer we
312            have queued and recycle that ? */
313 }
314
315 int tty_buffer_request_room(struct tty_struct *tty, size_t size)
316 {
317         struct tty_buffer *b, *n;
318         int left;
319         unsigned long flags;
320
321         spin_lock_irqsave(&tty->buf.lock, flags);
322
323         /* OPTIMISATION: We could keep a per tty "zero" sized buffer to
324            remove this conditional if its worth it. This would be invisible
325            to the callers */
326         if ((b = tty->buf.tail) != NULL) {
327                 left = b->size - b->used;
328                 b->active = 1;
329         } else
330                 left = 0;
331
332         if (left < size) {
333                 /* This is the slow path - looking for new buffers to use */
334                 if ((n = tty_buffer_find(tty, size)) != NULL) {
335                         if (b != NULL) {
336                                 b->next = n;
337                                 b->active = 0;
338                         } else
339                                 tty->buf.head = n;
340                         tty->buf.tail = n;
341                         n->active = 1;
342                 } else
343                         size = left;
344         }
345
346         spin_unlock_irqrestore(&tty->buf.lock, flags);
347         return size;
348 }
349
350 EXPORT_SYMBOL_GPL(tty_buffer_request_room);
351
352 int tty_insert_flip_string(struct tty_struct *tty, unsigned char *chars, size_t size)
353 {
354         int copied = 0;
355         do {
356                 int space = tty_buffer_request_room(tty, size - copied);
357                 struct tty_buffer *tb = tty->buf.tail;
358                 /* If there is no space then tb may be NULL */
359                 if(unlikely(space == 0))
360                         break;
361                 memcpy(tb->char_buf_ptr + tb->used, chars, space);
362                 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
363                 tb->used += space;
364                 copied += space;
365                 chars += space;
366 /*              printk("Flip insert %d.\n", space); */
367         }
368         /* There is a small chance that we need to split the data over
369            several buffers. If this is the case we must loop */
370         while (unlikely(size > copied));
371         return copied;
372 }
373
374 EXPORT_SYMBOL_GPL(tty_insert_flip_string);
375
376 int tty_insert_flip_string_flags(struct tty_struct *tty, unsigned char *chars, char *flags, size_t size)
377 {
378         int copied = 0;
379         do {
380                 int space = tty_buffer_request_room(tty, size - copied);
381                 struct tty_buffer *tb = tty->buf.tail;
382                 /* If there is no space then tb may be NULL */
383                 if(unlikely(space == 0))
384                         break;
385                 memcpy(tb->char_buf_ptr + tb->used, chars, space);
386                 memcpy(tb->flag_buf_ptr + tb->used, flags, space);
387                 tb->used += space;
388                 copied += space;
389                 chars += space;
390                 flags += space;
391         }
392         /* There is a small chance that we need to split the data over
393            several buffers. If this is the case we must loop */
394         while (unlikely(size > copied));
395         return copied;
396 }
397
398 EXPORT_SYMBOL_GPL(tty_insert_flip_string_flags);
399
400
401 /*
402  *      Prepare a block of space in the buffer for data. Returns the length
403  *      available and buffer pointer to the space which is now allocated and
404  *      accounted for as ready for normal characters. This is used for drivers
405  *      that need their own block copy routines into the buffer. There is no
406  *      guarantee the buffer is a DMA target!
407  */
408
409 int tty_prepare_flip_string(struct tty_struct *tty, unsigned char **chars, size_t size)
410 {
411         int space = tty_buffer_request_room(tty, size);
412         if (likely(space)) {
413                 struct tty_buffer *tb = tty->buf.tail;
414                 *chars = tb->char_buf_ptr + tb->used;
415                 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
416                 tb->used += space;
417         }
418         return space;
419 }
420
421 EXPORT_SYMBOL_GPL(tty_prepare_flip_string);
422
423 /*
424  *      Prepare a block of space in the buffer for data. Returns the length
425  *      available and buffer pointer to the space which is now allocated and
426  *      accounted for as ready for characters. This is used for drivers
427  *      that need their own block copy routines into the buffer. There is no
428  *      guarantee the buffer is a DMA target!
429  */
430
431 int tty_prepare_flip_string_flags(struct tty_struct *tty, unsigned char **chars, char **flags, size_t size)
432 {
433         int space = tty_buffer_request_room(tty, size);
434         if (likely(space)) {
435                 struct tty_buffer *tb = tty->buf.tail;
436                 *chars = tb->char_buf_ptr + tb->used;
437                 *flags = tb->flag_buf_ptr + tb->used;
438                 tb->used += space;
439         }
440         return space;
441 }
442
443 EXPORT_SYMBOL_GPL(tty_prepare_flip_string_flags);
444
445
446
447 /*
448  *      This is probably overkill for real world processors but
449  *      they are not on hot paths so a little discipline won't do 
450  *      any harm.
451  */
452  
453 static void tty_set_termios_ldisc(struct tty_struct *tty, int num)
454 {
455         down(&tty->termios_sem);
456         tty->termios->c_line = num;
457         up(&tty->termios_sem);
458 }
459
460 /*
461  *      This guards the refcounted line discipline lists. The lock
462  *      must be taken with irqs off because there are hangup path
463  *      callers who will do ldisc lookups and cannot sleep.
464  */
465  
466 static DEFINE_SPINLOCK(tty_ldisc_lock);
467 static DECLARE_WAIT_QUEUE_HEAD(tty_ldisc_wait);
468 static struct tty_ldisc tty_ldiscs[NR_LDISCS];  /* line disc dispatch table */
469
470 int tty_register_ldisc(int disc, struct tty_ldisc *new_ldisc)
471 {
472         unsigned long flags;
473         int ret = 0;
474         
475         if (disc < N_TTY || disc >= NR_LDISCS)
476                 return -EINVAL;
477         
478         spin_lock_irqsave(&tty_ldisc_lock, flags);
479         tty_ldiscs[disc] = *new_ldisc;
480         tty_ldiscs[disc].num = disc;
481         tty_ldiscs[disc].flags |= LDISC_FLAG_DEFINED;
482         tty_ldiscs[disc].refcount = 0;
483         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
484         
485         return ret;
486 }
487 EXPORT_SYMBOL(tty_register_ldisc);
488
489 int tty_unregister_ldisc(int disc)
490 {
491         unsigned long flags;
492         int ret = 0;
493
494         if (disc < N_TTY || disc >= NR_LDISCS)
495                 return -EINVAL;
496
497         spin_lock_irqsave(&tty_ldisc_lock, flags);
498         if (tty_ldiscs[disc].refcount)
499                 ret = -EBUSY;
500         else
501                 tty_ldiscs[disc].flags &= ~LDISC_FLAG_DEFINED;
502         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
503
504         return ret;
505 }
506 EXPORT_SYMBOL(tty_unregister_ldisc);
507
508 struct tty_ldisc *tty_ldisc_get(int disc)
509 {
510         unsigned long flags;
511         struct tty_ldisc *ld;
512
513         if (disc < N_TTY || disc >= NR_LDISCS)
514                 return NULL;
515         
516         spin_lock_irqsave(&tty_ldisc_lock, flags);
517
518         ld = &tty_ldiscs[disc];
519         /* Check the entry is defined */
520         if(ld->flags & LDISC_FLAG_DEFINED)
521         {
522                 /* If the module is being unloaded we can't use it */
523                 if (!try_module_get(ld->owner))
524                         ld = NULL;
525                 else /* lock it */
526                         ld->refcount++;
527         }
528         else
529                 ld = NULL;
530         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
531         return ld;
532 }
533
534 EXPORT_SYMBOL_GPL(tty_ldisc_get);
535
536 void tty_ldisc_put(int disc)
537 {
538         struct tty_ldisc *ld;
539         unsigned long flags;
540         
541         if (disc < N_TTY || disc >= NR_LDISCS)
542                 BUG();
543                 
544         spin_lock_irqsave(&tty_ldisc_lock, flags);
545         ld = &tty_ldiscs[disc];
546         if(ld->refcount == 0)
547                 BUG();
548         ld->refcount --;
549         module_put(ld->owner);
550         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
551 }
552         
553 EXPORT_SYMBOL_GPL(tty_ldisc_put);
554
555 static void tty_ldisc_assign(struct tty_struct *tty, struct tty_ldisc *ld)
556 {
557         tty->ldisc = *ld;
558         tty->ldisc.refcount = 0;
559 }
560
561 /**
562  *      tty_ldisc_try           -       internal helper
563  *      @tty: the tty
564  *
565  *      Make a single attempt to grab and bump the refcount on
566  *      the tty ldisc. Return 0 on failure or 1 on success. This is
567  *      used to implement both the waiting and non waiting versions
568  *      of tty_ldisc_ref
569  */
570
571 static int tty_ldisc_try(struct tty_struct *tty)
572 {
573         unsigned long flags;
574         struct tty_ldisc *ld;
575         int ret = 0;
576         
577         spin_lock_irqsave(&tty_ldisc_lock, flags);
578         ld = &tty->ldisc;
579         if(test_bit(TTY_LDISC, &tty->flags))
580         {
581                 ld->refcount++;
582                 ret = 1;
583         }
584         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
585         return ret;
586 }
587
588 /**
589  *      tty_ldisc_ref_wait      -       wait for the tty ldisc
590  *      @tty: tty device
591  *
592  *      Dereference the line discipline for the terminal and take a 
593  *      reference to it. If the line discipline is in flux then 
594  *      wait patiently until it changes.
595  *
596  *      Note: Must not be called from an IRQ/timer context. The caller
597  *      must also be careful not to hold other locks that will deadlock
598  *      against a discipline change, such as an existing ldisc reference
599  *      (which we check for)
600  */
601  
602 struct tty_ldisc *tty_ldisc_ref_wait(struct tty_struct *tty)
603 {
604         /* wait_event is a macro */
605         wait_event(tty_ldisc_wait, tty_ldisc_try(tty));
606         if(tty->ldisc.refcount == 0)
607                 printk(KERN_ERR "tty_ldisc_ref_wait\n");
608         return &tty->ldisc;
609 }
610
611 EXPORT_SYMBOL_GPL(tty_ldisc_ref_wait);
612
613 /**
614  *      tty_ldisc_ref           -       get the tty ldisc
615  *      @tty: tty device
616  *
617  *      Dereference the line discipline for the terminal and take a 
618  *      reference to it. If the line discipline is in flux then 
619  *      return NULL. Can be called from IRQ and timer functions.
620  */
621  
622 struct tty_ldisc *tty_ldisc_ref(struct tty_struct *tty)
623 {
624         if(tty_ldisc_try(tty))
625                 return &tty->ldisc;
626         return NULL;
627 }
628
629 EXPORT_SYMBOL_GPL(tty_ldisc_ref);
630
631 /**
632  *      tty_ldisc_deref         -       free a tty ldisc reference
633  *      @ld: reference to free up
634  *
635  *      Undoes the effect of tty_ldisc_ref or tty_ldisc_ref_wait. May
636  *      be called in IRQ context.
637  */
638  
639 void tty_ldisc_deref(struct tty_ldisc *ld)
640 {
641         unsigned long flags;
642
643         if(ld == NULL)
644                 BUG();
645                 
646         spin_lock_irqsave(&tty_ldisc_lock, flags);
647         if(ld->refcount == 0)
648                 printk(KERN_ERR "tty_ldisc_deref: no references.\n");
649         else
650                 ld->refcount--;
651         if(ld->refcount == 0)
652                 wake_up(&tty_ldisc_wait);
653         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
654 }
655
656 EXPORT_SYMBOL_GPL(tty_ldisc_deref);
657
658 /**
659  *      tty_ldisc_enable        -       allow ldisc use
660  *      @tty: terminal to activate ldisc on
661  *
662  *      Set the TTY_LDISC flag when the line discipline can be called
663  *      again. Do neccessary wakeups for existing sleepers.
664  *
665  *      Note: nobody should set this bit except via this function. Clearing
666  *      directly is allowed.
667  */
668
669 static void tty_ldisc_enable(struct tty_struct *tty)
670 {
671         set_bit(TTY_LDISC, &tty->flags);
672         wake_up(&tty_ldisc_wait);
673 }
674         
675 /**
676  *      tty_set_ldisc           -       set line discipline
677  *      @tty: the terminal to set
678  *      @ldisc: the line discipline
679  *
680  *      Set the discipline of a tty line. Must be called from a process
681  *      context.
682  */
683  
684 static int tty_set_ldisc(struct tty_struct *tty, int ldisc)
685 {
686         int retval = 0;
687         struct tty_ldisc o_ldisc;
688         char buf[64];
689         int work;
690         unsigned long flags;
691         struct tty_ldisc *ld;
692         struct tty_struct *o_tty;
693
694         if ((ldisc < N_TTY) || (ldisc >= NR_LDISCS))
695                 return -EINVAL;
696
697 restart:
698
699         ld = tty_ldisc_get(ldisc);
700         /* Eduardo Blanco <ejbs@cs.cs.com.uy> */
701         /* Cyrus Durgin <cider@speakeasy.org> */
702         if (ld == NULL) {
703                 request_module("tty-ldisc-%d", ldisc);
704                 ld = tty_ldisc_get(ldisc);
705         }
706         if (ld == NULL)
707                 return -EINVAL;
708
709         /*
710          *      No more input please, we are switching. The new ldisc
711          *      will update this value in the ldisc open function
712          */
713
714         tty->receive_room = 0;
715
716         /*
717          *      Problem: What do we do if this blocks ?
718          */
719
720         tty_wait_until_sent(tty, 0);
721
722         if (tty->ldisc.num == ldisc) {
723                 tty_ldisc_put(ldisc);
724                 return 0;
725         }
726
727         o_ldisc = tty->ldisc;
728         o_tty = tty->link;
729
730         /*
731          *      Make sure we don't change while someone holds a
732          *      reference to the line discipline. The TTY_LDISC bit
733          *      prevents anyone taking a reference once it is clear.
734          *      We need the lock to avoid racing reference takers.
735          */
736
737         spin_lock_irqsave(&tty_ldisc_lock, flags);
738         if (tty->ldisc.refcount || (o_tty && o_tty->ldisc.refcount)) {
739                 if(tty->ldisc.refcount) {
740                         /* Free the new ldisc we grabbed. Must drop the lock
741                            first. */
742                         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
743                         tty_ldisc_put(ldisc);
744                         /*
745                          * There are several reasons we may be busy, including
746                          * random momentary I/O traffic. We must therefore
747                          * retry. We could distinguish between blocking ops
748                          * and retries if we made tty_ldisc_wait() smarter. That
749                          * is up for discussion.
750                          */
751                         if (wait_event_interruptible(tty_ldisc_wait, tty->ldisc.refcount == 0) < 0)
752                                 return -ERESTARTSYS;
753                         goto restart;
754                 }
755                 if(o_tty && o_tty->ldisc.refcount) {
756                         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
757                         tty_ldisc_put(ldisc);
758                         if (wait_event_interruptible(tty_ldisc_wait, o_tty->ldisc.refcount == 0) < 0)
759                                 return -ERESTARTSYS;
760                         goto restart;
761                 }
762         }
763
764         /* if the TTY_LDISC bit is set, then we are racing against another ldisc change */
765
766         if (!test_bit(TTY_LDISC, &tty->flags)) {
767                 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
768                 tty_ldisc_put(ldisc);
769                 ld = tty_ldisc_ref_wait(tty);
770                 tty_ldisc_deref(ld);
771                 goto restart;
772         }
773
774         clear_bit(TTY_LDISC, &tty->flags);
775         clear_bit(TTY_DONT_FLIP, &tty->flags);
776         if (o_tty) {
777                 clear_bit(TTY_LDISC, &o_tty->flags);
778                 clear_bit(TTY_DONT_FLIP, &o_tty->flags);
779         }
780         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
781
782         /*
783          *      From this point on we know nobody has an ldisc
784          *      usage reference, nor can they obtain one until
785          *      we say so later on.
786          */
787
788         work = cancel_delayed_work(&tty->buf.work);
789         /*
790          * Wait for ->hangup_work and ->buf.work handlers to terminate
791          */
792          
793         flush_scheduled_work();
794         /* Shutdown the current discipline. */
795         if (tty->ldisc.close)
796                 (tty->ldisc.close)(tty);
797
798         /* Now set up the new line discipline. */
799         tty_ldisc_assign(tty, ld);
800         tty_set_termios_ldisc(tty, ldisc);
801         if (tty->ldisc.open)
802                 retval = (tty->ldisc.open)(tty);
803         if (retval < 0) {
804                 tty_ldisc_put(ldisc);
805                 /* There is an outstanding reference here so this is safe */
806                 tty_ldisc_assign(tty, tty_ldisc_get(o_ldisc.num));
807                 tty_set_termios_ldisc(tty, tty->ldisc.num);
808                 if (tty->ldisc.open && (tty->ldisc.open(tty) < 0)) {
809                         tty_ldisc_put(o_ldisc.num);
810                         /* This driver is always present */
811                         tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
812                         tty_set_termios_ldisc(tty, N_TTY);
813                         if (tty->ldisc.open) {
814                                 int r = tty->ldisc.open(tty);
815
816                                 if (r < 0)
817                                         panic("Couldn't open N_TTY ldisc for "
818                                               "%s --- error %d.",
819                                               tty_name(tty, buf), r);
820                         }
821                 }
822         }
823         /* At this point we hold a reference to the new ldisc and a
824            a reference to the old ldisc. If we ended up flipping back
825            to the existing ldisc we have two references to it */
826         
827         if (tty->ldisc.num != o_ldisc.num && tty->driver->set_ldisc)
828                 tty->driver->set_ldisc(tty);
829                 
830         tty_ldisc_put(o_ldisc.num);
831         
832         /*
833          *      Allow ldisc referencing to occur as soon as the driver
834          *      ldisc callback completes.
835          */
836          
837         tty_ldisc_enable(tty);
838         if (o_tty)
839                 tty_ldisc_enable(o_tty);
840         
841         /* Restart it in case no characters kick it off. Safe if
842            already running */
843         if (work)
844                 schedule_delayed_work(&tty->buf.work, 1);
845         return retval;
846 }
847
848 /*
849  * This routine returns a tty driver structure, given a device number
850  */
851 static struct tty_driver *get_tty_driver(dev_t device, int *index)
852 {
853         struct tty_driver *p;
854
855         list_for_each_entry(p, &tty_drivers, tty_drivers) {
856                 dev_t base = MKDEV(p->major, p->minor_start);
857                 if (device < base || device >= base + p->num)
858                         continue;
859                 *index = device - base;
860                 return p;
861         }
862         return NULL;
863 }
864
865 /*
866  * If we try to write to, or set the state of, a terminal and we're
867  * not in the foreground, send a SIGTTOU.  If the signal is blocked or
868  * ignored, go ahead and perform the operation.  (POSIX 7.2)
869  */
870 int tty_check_change(struct tty_struct * tty)
871 {
872         if (current->signal->tty != tty)
873                 return 0;
874         if (tty->pgrp <= 0) {
875                 printk(KERN_WARNING "tty_check_change: tty->pgrp <= 0!\n");
876                 return 0;
877         }
878         if (process_group(current) == tty->pgrp)
879                 return 0;
880         if (is_ignored(SIGTTOU))
881                 return 0;
882         if (is_orphaned_pgrp(process_group(current)))
883                 return -EIO;
884         (void) kill_pg(process_group(current), SIGTTOU, 1);
885         return -ERESTARTSYS;
886 }
887
888 EXPORT_SYMBOL(tty_check_change);
889
890 static ssize_t hung_up_tty_read(struct file * file, char __user * buf,
891                                 size_t count, loff_t *ppos)
892 {
893         return 0;
894 }
895
896 static ssize_t hung_up_tty_write(struct file * file, const char __user * buf,
897                                  size_t count, loff_t *ppos)
898 {
899         return -EIO;
900 }
901
902 /* No kernel lock held - none needed ;) */
903 static unsigned int hung_up_tty_poll(struct file * filp, poll_table * wait)
904 {
905         return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
906 }
907
908 static int hung_up_tty_ioctl(struct inode * inode, struct file * file,
909                              unsigned int cmd, unsigned long arg)
910 {
911         return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
912 }
913
914 static struct file_operations tty_fops = {
915         .llseek         = no_llseek,
916         .read           = tty_read,
917         .write          = tty_write,
918         .poll           = tty_poll,
919         .ioctl          = tty_ioctl,
920         .open           = tty_open,
921         .release        = tty_release,
922         .fasync         = tty_fasync,
923 };
924
925 #ifdef CONFIG_UNIX98_PTYS
926 static struct file_operations ptmx_fops = {
927         .llseek         = no_llseek,
928         .read           = tty_read,
929         .write          = tty_write,
930         .poll           = tty_poll,
931         .ioctl          = tty_ioctl,
932         .open           = ptmx_open,
933         .release        = tty_release,
934         .fasync         = tty_fasync,
935 };
936 #endif
937
938 static struct file_operations console_fops = {
939         .llseek         = no_llseek,
940         .read           = tty_read,
941         .write          = redirected_tty_write,
942         .poll           = tty_poll,
943         .ioctl          = tty_ioctl,
944         .open           = tty_open,
945         .release        = tty_release,
946         .fasync         = tty_fasync,
947 };
948
949 static struct file_operations hung_up_tty_fops = {
950         .llseek         = no_llseek,
951         .read           = hung_up_tty_read,
952         .write          = hung_up_tty_write,
953         .poll           = hung_up_tty_poll,
954         .ioctl          = hung_up_tty_ioctl,
955         .release        = tty_release,
956 };
957
958 static DEFINE_SPINLOCK(redirect_lock);
959 static struct file *redirect;
960
961 /**
962  *      tty_wakeup      -       request more data
963  *      @tty: terminal
964  *
965  *      Internal and external helper for wakeups of tty. This function
966  *      informs the line discipline if present that the driver is ready
967  *      to receive more output data.
968  */
969  
970 void tty_wakeup(struct tty_struct *tty)
971 {
972         struct tty_ldisc *ld;
973         
974         if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
975                 ld = tty_ldisc_ref(tty);
976                 if(ld) {
977                         if(ld->write_wakeup)
978                                 ld->write_wakeup(tty);
979                         tty_ldisc_deref(ld);
980                 }
981         }
982         wake_up_interruptible(&tty->write_wait);
983 }
984
985 EXPORT_SYMBOL_GPL(tty_wakeup);
986
987 /**
988  *      tty_ldisc_flush -       flush line discipline queue
989  *      @tty: tty
990  *
991  *      Flush the line discipline queue (if any) for this tty. If there
992  *      is no line discipline active this is a no-op.
993  */
994  
995 void tty_ldisc_flush(struct tty_struct *tty)
996 {
997         struct tty_ldisc *ld = tty_ldisc_ref(tty);
998         if(ld) {
999                 if(ld->flush_buffer)
1000                         ld->flush_buffer(tty);
1001                 tty_ldisc_deref(ld);
1002         }
1003 }
1004
1005 EXPORT_SYMBOL_GPL(tty_ldisc_flush);
1006         
1007 /*
1008  * This can be called by the "eventd" kernel thread.  That is process synchronous,
1009  * but doesn't hold any locks, so we need to make sure we have the appropriate
1010  * locks for what we're doing..
1011  */
1012 static void do_tty_hangup(void *data)
1013 {
1014         struct tty_struct *tty = (struct tty_struct *) data;
1015         struct file * cons_filp = NULL;
1016         struct file *filp, *f = NULL;
1017         struct task_struct *p;
1018         struct tty_ldisc *ld;
1019         int    closecount = 0, n;
1020
1021         if (!tty)
1022                 return;
1023
1024         /* inuse_filps is protected by the single kernel lock */
1025         lock_kernel();
1026
1027         spin_lock(&redirect_lock);
1028         if (redirect && redirect->private_data == tty) {
1029                 f = redirect;
1030                 redirect = NULL;
1031         }
1032         spin_unlock(&redirect_lock);
1033         
1034         check_tty_count(tty, "do_tty_hangup");
1035         file_list_lock();
1036         /* This breaks for file handles being sent over AF_UNIX sockets ? */
1037         list_for_each_entry(filp, &tty->tty_files, f_u.fu_list) {
1038                 if (filp->f_op->write == redirected_tty_write)
1039                         cons_filp = filp;
1040                 if (filp->f_op->write != tty_write)
1041                         continue;
1042                 closecount++;
1043                 tty_fasync(-1, filp, 0);        /* can't block */
1044                 filp->f_op = &hung_up_tty_fops;
1045         }
1046         file_list_unlock();
1047         
1048         /* FIXME! What are the locking issues here? This may me overdoing things..
1049          * this question is especially important now that we've removed the irqlock. */
1050
1051         ld = tty_ldisc_ref(tty);
1052         if(ld != NULL)  /* We may have no line discipline at this point */
1053         {
1054                 if (ld->flush_buffer)
1055                         ld->flush_buffer(tty);
1056                 if (tty->driver->flush_buffer)
1057                         tty->driver->flush_buffer(tty);
1058                 if ((test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) &&
1059                     ld->write_wakeup)
1060                         ld->write_wakeup(tty);
1061                 if (ld->hangup)
1062                         ld->hangup(tty);
1063         }
1064
1065         /* FIXME: Once we trust the LDISC code better we can wait here for
1066            ldisc completion and fix the driver call race */
1067            
1068         wake_up_interruptible(&tty->write_wait);
1069         wake_up_interruptible(&tty->read_wait);
1070
1071         /*
1072          * Shutdown the current line discipline, and reset it to
1073          * N_TTY.
1074          */
1075         if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1076         {
1077                 down(&tty->termios_sem);
1078                 *tty->termios = tty->driver->init_termios;
1079                 up(&tty->termios_sem);
1080         }
1081         
1082         /* Defer ldisc switch */
1083         /* tty_deferred_ldisc_switch(N_TTY);
1084         
1085           This should get done automatically when the port closes and
1086           tty_release is called */
1087         
1088         read_lock(&tasklist_lock);
1089         if (tty->session > 0) {
1090                 do_each_task_pid(tty->session, PIDTYPE_SID, p) {
1091                         if (p->signal->tty == tty)
1092                                 p->signal->tty = NULL;
1093                         if (!p->signal->leader)
1094                                 continue;
1095                         send_group_sig_info(SIGHUP, SEND_SIG_PRIV, p);
1096                         send_group_sig_info(SIGCONT, SEND_SIG_PRIV, p);
1097                         if (tty->pgrp > 0)
1098                                 p->signal->tty_old_pgrp = tty->pgrp;
1099                 } while_each_task_pid(tty->session, PIDTYPE_SID, p);
1100         }
1101         read_unlock(&tasklist_lock);
1102
1103         tty->flags = 0;
1104         tty->session = 0;
1105         tty->pgrp = -1;
1106         tty->ctrl_status = 0;
1107         /*
1108          *      If one of the devices matches a console pointer, we
1109          *      cannot just call hangup() because that will cause
1110          *      tty->count and state->count to go out of sync.
1111          *      So we just call close() the right number of times.
1112          */
1113         if (cons_filp) {
1114                 if (tty->driver->close)
1115                         for (n = 0; n < closecount; n++)
1116                                 tty->driver->close(tty, cons_filp);
1117         } else if (tty->driver->hangup)
1118                 (tty->driver->hangup)(tty);
1119                 
1120         /* We don't want to have driver/ldisc interactions beyond
1121            the ones we did here. The driver layer expects no
1122            calls after ->hangup() from the ldisc side. However we
1123            can't yet guarantee all that */
1124
1125         set_bit(TTY_HUPPED, &tty->flags);
1126         if (ld) {
1127                 tty_ldisc_enable(tty);
1128                 tty_ldisc_deref(ld);
1129         }
1130         unlock_kernel();
1131         if (f)
1132                 fput(f);
1133 }
1134
1135 void tty_hangup(struct tty_struct * tty)
1136 {
1137 #ifdef TTY_DEBUG_HANGUP
1138         char    buf[64];
1139         
1140         printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
1141 #endif
1142         schedule_work(&tty->hangup_work);
1143 }
1144
1145 EXPORT_SYMBOL(tty_hangup);
1146
1147 void tty_vhangup(struct tty_struct * tty)
1148 {
1149 #ifdef TTY_DEBUG_HANGUP
1150         char    buf[64];
1151
1152         printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
1153 #endif
1154         do_tty_hangup((void *) tty);
1155 }
1156 EXPORT_SYMBOL(tty_vhangup);
1157
1158 int tty_hung_up_p(struct file * filp)
1159 {
1160         return (filp->f_op == &hung_up_tty_fops);
1161 }
1162
1163 EXPORT_SYMBOL(tty_hung_up_p);
1164
1165 /*
1166  * This function is typically called only by the session leader, when
1167  * it wants to disassociate itself from its controlling tty.
1168  *
1169  * It performs the following functions:
1170  *      (1)  Sends a SIGHUP and SIGCONT to the foreground process group
1171  *      (2)  Clears the tty from being controlling the session
1172  *      (3)  Clears the controlling tty for all processes in the
1173  *              session group.
1174  *
1175  * The argument on_exit is set to 1 if called when a process is
1176  * exiting; it is 0 if called by the ioctl TIOCNOTTY.
1177  */
1178 void disassociate_ctty(int on_exit)
1179 {
1180         struct tty_struct *tty;
1181         struct task_struct *p;
1182         int tty_pgrp = -1;
1183
1184         lock_kernel();
1185
1186         down(&tty_sem);
1187         tty = current->signal->tty;
1188         if (tty) {
1189                 tty_pgrp = tty->pgrp;
1190                 up(&tty_sem);
1191                 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY)
1192                         tty_vhangup(tty);
1193         } else {
1194                 if (current->signal->tty_old_pgrp) {
1195                         kill_pg(current->signal->tty_old_pgrp, SIGHUP, on_exit);
1196                         kill_pg(current->signal->tty_old_pgrp, SIGCONT, on_exit);
1197                 }
1198                 up(&tty_sem);
1199                 unlock_kernel();        
1200                 return;
1201         }
1202         if (tty_pgrp > 0) {
1203                 kill_pg(tty_pgrp, SIGHUP, on_exit);
1204                 if (!on_exit)
1205                         kill_pg(tty_pgrp, SIGCONT, on_exit);
1206         }
1207
1208         /* Must lock changes to tty_old_pgrp */
1209         down(&tty_sem);
1210         current->signal->tty_old_pgrp = 0;
1211         tty->session = 0;
1212         tty->pgrp = -1;
1213
1214         /* Now clear signal->tty under the lock */
1215         read_lock(&tasklist_lock);
1216         do_each_task_pid(current->signal->session, PIDTYPE_SID, p) {
1217                 p->signal->tty = NULL;
1218         } while_each_task_pid(current->signal->session, PIDTYPE_SID, p);
1219         read_unlock(&tasklist_lock);
1220         up(&tty_sem);
1221         unlock_kernel();
1222 }
1223
1224 void stop_tty(struct tty_struct *tty)
1225 {
1226         if (tty->stopped)
1227                 return;
1228         tty->stopped = 1;
1229         if (tty->link && tty->link->packet) {
1230                 tty->ctrl_status &= ~TIOCPKT_START;
1231                 tty->ctrl_status |= TIOCPKT_STOP;
1232                 wake_up_interruptible(&tty->link->read_wait);
1233         }
1234         if (tty->driver->stop)
1235                 (tty->driver->stop)(tty);
1236 }
1237
1238 EXPORT_SYMBOL(stop_tty);
1239
1240 void start_tty(struct tty_struct *tty)
1241 {
1242         if (!tty->stopped || tty->flow_stopped)
1243                 return;
1244         tty->stopped = 0;
1245         if (tty->link && tty->link->packet) {
1246                 tty->ctrl_status &= ~TIOCPKT_STOP;
1247                 tty->ctrl_status |= TIOCPKT_START;
1248                 wake_up_interruptible(&tty->link->read_wait);
1249         }
1250         if (tty->driver->start)
1251                 (tty->driver->start)(tty);
1252
1253         /* If we have a running line discipline it may need kicking */
1254         tty_wakeup(tty);
1255         wake_up_interruptible(&tty->write_wait);
1256 }
1257
1258 EXPORT_SYMBOL(start_tty);
1259
1260 static ssize_t tty_read(struct file * file, char __user * buf, size_t count, 
1261                         loff_t *ppos)
1262 {
1263         int i;
1264         struct tty_struct * tty;
1265         struct inode *inode;
1266         struct tty_ldisc *ld;
1267
1268         tty = (struct tty_struct *)file->private_data;
1269         inode = file->f_dentry->d_inode;
1270         if (tty_paranoia_check(tty, inode, "tty_read"))
1271                 return -EIO;
1272         if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
1273                 return -EIO;
1274
1275         /* We want to wait for the line discipline to sort out in this
1276            situation */
1277         ld = tty_ldisc_ref_wait(tty);
1278         lock_kernel();
1279         if (ld->read)
1280                 i = (ld->read)(tty,file,buf,count);
1281         else
1282                 i = -EIO;
1283         tty_ldisc_deref(ld);
1284         unlock_kernel();
1285         if (i > 0)
1286                 inode->i_atime = current_fs_time(inode->i_sb);
1287         return i;
1288 }
1289
1290 /*
1291  * Split writes up in sane blocksizes to avoid
1292  * denial-of-service type attacks
1293  */
1294 static inline ssize_t do_tty_write(
1295         ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1296         struct tty_struct *tty,
1297         struct file *file,
1298         const char __user *buf,
1299         size_t count)
1300 {
1301         ssize_t ret = 0, written = 0;
1302         unsigned int chunk;
1303         
1304         if (down_interruptible(&tty->atomic_write)) {
1305                 return -ERESTARTSYS;
1306         }
1307
1308         /*
1309          * We chunk up writes into a temporary buffer. This
1310          * simplifies low-level drivers immensely, since they
1311          * don't have locking issues and user mode accesses.
1312          *
1313          * But if TTY_NO_WRITE_SPLIT is set, we should use a
1314          * big chunk-size..
1315          *
1316          * The default chunk-size is 2kB, because the NTTY
1317          * layer has problems with bigger chunks. It will
1318          * claim to be able to handle more characters than
1319          * it actually does.
1320          */
1321         chunk = 2048;
1322         if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1323                 chunk = 65536;
1324         if (count < chunk)
1325                 chunk = count;
1326
1327         /* write_buf/write_cnt is protected by the atomic_write semaphore */
1328         if (tty->write_cnt < chunk) {
1329                 unsigned char *buf;
1330
1331                 if (chunk < 1024)
1332                         chunk = 1024;
1333
1334                 buf = kmalloc(chunk, GFP_KERNEL);
1335                 if (!buf) {
1336                         up(&tty->atomic_write);
1337                         return -ENOMEM;
1338                 }
1339                 kfree(tty->write_buf);
1340                 tty->write_cnt = chunk;
1341                 tty->write_buf = buf;
1342         }
1343
1344         /* Do the write .. */
1345         for (;;) {
1346                 size_t size = count;
1347                 if (size > chunk)
1348                         size = chunk;
1349                 ret = -EFAULT;
1350                 if (copy_from_user(tty->write_buf, buf, size))
1351                         break;
1352                 lock_kernel();
1353                 ret = write(tty, file, tty->write_buf, size);
1354                 unlock_kernel();
1355                 if (ret <= 0)
1356                         break;
1357                 written += ret;
1358                 buf += ret;
1359                 count -= ret;
1360                 if (!count)
1361                         break;
1362                 ret = -ERESTARTSYS;
1363                 if (signal_pending(current))
1364                         break;
1365                 cond_resched();
1366         }
1367         if (written) {
1368                 struct inode *inode = file->f_dentry->d_inode;
1369                 inode->i_mtime = current_fs_time(inode->i_sb);
1370                 ret = written;
1371         }
1372         up(&tty->atomic_write);
1373         return ret;
1374 }
1375
1376
1377 static ssize_t tty_write(struct file * file, const char __user * buf, size_t count,
1378                          loff_t *ppos)
1379 {
1380         struct tty_struct * tty;
1381         struct inode *inode = file->f_dentry->d_inode;
1382         ssize_t ret;
1383         struct tty_ldisc *ld;
1384         
1385         tty = (struct tty_struct *)file->private_data;
1386         if (tty_paranoia_check(tty, inode, "tty_write"))
1387                 return -EIO;
1388         if (!tty || !tty->driver->write || (test_bit(TTY_IO_ERROR, &tty->flags)))
1389                 return -EIO;
1390
1391         ld = tty_ldisc_ref_wait(tty);           
1392         if (!ld->write)
1393                 ret = -EIO;
1394         else
1395                 ret = do_tty_write(ld->write, tty, file, buf, count);
1396         tty_ldisc_deref(ld);
1397         return ret;
1398 }
1399
1400 ssize_t redirected_tty_write(struct file * file, const char __user * buf, size_t count,
1401                          loff_t *ppos)
1402 {
1403         struct file *p = NULL;
1404
1405         spin_lock(&redirect_lock);
1406         if (redirect) {
1407                 get_file(redirect);
1408                 p = redirect;
1409         }
1410         spin_unlock(&redirect_lock);
1411
1412         if (p) {
1413                 ssize_t res;
1414                 res = vfs_write(p, buf, count, &p->f_pos);
1415                 fput(p);
1416                 return res;
1417         }
1418
1419         return tty_write(file, buf, count, ppos);
1420 }
1421
1422 static char ptychar[] = "pqrstuvwxyzabcde";
1423
1424 static inline void pty_line_name(struct tty_driver *driver, int index, char *p)
1425 {
1426         int i = index + driver->name_base;
1427         /* ->name is initialized to "ttyp", but "tty" is expected */
1428         sprintf(p, "%s%c%x",
1429                         driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1430                         ptychar[i >> 4 & 0xf], i & 0xf);
1431 }
1432
1433 static inline void tty_line_name(struct tty_driver *driver, int index, char *p)
1434 {
1435         sprintf(p, "%s%d", driver->name, index + driver->name_base);
1436 }
1437
1438 /*
1439  * WSH 06/09/97: Rewritten to remove races and properly clean up after a
1440  * failed open.  The new code protects the open with a semaphore, so it's
1441  * really quite straightforward.  The semaphore locking can probably be
1442  * relaxed for the (most common) case of reopening a tty.
1443  */
1444 static int init_dev(struct tty_driver *driver, int idx,
1445         struct tty_struct **ret_tty)
1446 {
1447         struct tty_struct *tty, *o_tty;
1448         struct termios *tp, **tp_loc, *o_tp, **o_tp_loc;
1449         struct termios *ltp, **ltp_loc, *o_ltp, **o_ltp_loc;
1450         int retval=0;
1451
1452         /* check whether we're reopening an existing tty */
1453         if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1454                 tty = devpts_get_tty(idx);
1455                 if (tty && driver->subtype == PTY_TYPE_MASTER)
1456                         tty = tty->link;
1457         } else {
1458                 tty = driver->ttys[idx];
1459         }
1460         if (tty) goto fast_track;
1461
1462         /*
1463          * First time open is complex, especially for PTY devices.
1464          * This code guarantees that either everything succeeds and the
1465          * TTY is ready for operation, or else the table slots are vacated
1466          * and the allocated memory released.  (Except that the termios 
1467          * and locked termios may be retained.)
1468          */
1469
1470         if (!try_module_get(driver->owner)) {
1471                 retval = -ENODEV;
1472                 goto end_init;
1473         }
1474
1475         o_tty = NULL;
1476         tp = o_tp = NULL;
1477         ltp = o_ltp = NULL;
1478
1479         tty = alloc_tty_struct();
1480         if(!tty)
1481                 goto fail_no_mem;
1482         initialize_tty_struct(tty);
1483         tty->driver = driver;
1484         tty->index = idx;
1485         tty_line_name(driver, idx, tty->name);
1486
1487         if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1488                 tp_loc = &tty->termios;
1489                 ltp_loc = &tty->termios_locked;
1490         } else {
1491                 tp_loc = &driver->termios[idx];
1492                 ltp_loc = &driver->termios_locked[idx];
1493         }
1494
1495         if (!*tp_loc) {
1496                 tp = (struct termios *) kmalloc(sizeof(struct termios),
1497                                                 GFP_KERNEL);
1498                 if (!tp)
1499                         goto free_mem_out;
1500                 *tp = driver->init_termios;
1501         }
1502
1503         if (!*ltp_loc) {
1504                 ltp = (struct termios *) kmalloc(sizeof(struct termios),
1505                                                  GFP_KERNEL);
1506                 if (!ltp)
1507                         goto free_mem_out;
1508                 memset(ltp, 0, sizeof(struct termios));
1509         }
1510
1511         if (driver->type == TTY_DRIVER_TYPE_PTY) {
1512                 o_tty = alloc_tty_struct();
1513                 if (!o_tty)
1514                         goto free_mem_out;
1515                 initialize_tty_struct(o_tty);
1516                 o_tty->driver = driver->other;
1517                 o_tty->index = idx;
1518                 tty_line_name(driver->other, idx, o_tty->name);
1519
1520                 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1521                         o_tp_loc = &o_tty->termios;
1522                         o_ltp_loc = &o_tty->termios_locked;
1523                 } else {
1524                         o_tp_loc = &driver->other->termios[idx];
1525                         o_ltp_loc = &driver->other->termios_locked[idx];
1526                 }
1527
1528                 if (!*o_tp_loc) {
1529                         o_tp = (struct termios *)
1530                                 kmalloc(sizeof(struct termios), GFP_KERNEL);
1531                         if (!o_tp)
1532                                 goto free_mem_out;
1533                         *o_tp = driver->other->init_termios;
1534                 }
1535
1536                 if (!*o_ltp_loc) {
1537                         o_ltp = (struct termios *)
1538                                 kmalloc(sizeof(struct termios), GFP_KERNEL);
1539                         if (!o_ltp)
1540                                 goto free_mem_out;
1541                         memset(o_ltp, 0, sizeof(struct termios));
1542                 }
1543
1544                 /*
1545                  * Everything allocated ... set up the o_tty structure.
1546                  */
1547                 if (!(driver->other->flags & TTY_DRIVER_DEVPTS_MEM)) {
1548                         driver->other->ttys[idx] = o_tty;
1549                 }
1550                 if (!*o_tp_loc)
1551                         *o_tp_loc = o_tp;
1552                 if (!*o_ltp_loc)
1553                         *o_ltp_loc = o_ltp;
1554                 o_tty->termios = *o_tp_loc;
1555                 o_tty->termios_locked = *o_ltp_loc;
1556                 driver->other->refcount++;
1557                 if (driver->subtype == PTY_TYPE_MASTER)
1558                         o_tty->count++;
1559
1560                 /* Establish the links in both directions */
1561                 tty->link   = o_tty;
1562                 o_tty->link = tty;
1563         }
1564
1565         /* 
1566          * All structures have been allocated, so now we install them.
1567          * Failures after this point use release_mem to clean up, so 
1568          * there's no need to null out the local pointers.
1569          */
1570         if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
1571                 driver->ttys[idx] = tty;
1572         }
1573         
1574         if (!*tp_loc)
1575                 *tp_loc = tp;
1576         if (!*ltp_loc)
1577                 *ltp_loc = ltp;
1578         tty->termios = *tp_loc;
1579         tty->termios_locked = *ltp_loc;
1580         driver->refcount++;
1581         tty->count++;
1582
1583         /* 
1584          * Structures all installed ... call the ldisc open routines.
1585          * If we fail here just call release_mem to clean up.  No need
1586          * to decrement the use counts, as release_mem doesn't care.
1587          */
1588
1589         if (tty->ldisc.open) {
1590                 retval = (tty->ldisc.open)(tty);
1591                 if (retval)
1592                         goto release_mem_out;
1593         }
1594         if (o_tty && o_tty->ldisc.open) {
1595                 retval = (o_tty->ldisc.open)(o_tty);
1596                 if (retval) {
1597                         if (tty->ldisc.close)
1598                                 (tty->ldisc.close)(tty);
1599                         goto release_mem_out;
1600                 }
1601                 tty_ldisc_enable(o_tty);
1602         }
1603         tty_ldisc_enable(tty);
1604         goto success;
1605
1606         /*
1607          * This fast open can be used if the tty is already open.
1608          * No memory is allocated, and the only failures are from
1609          * attempting to open a closing tty or attempting multiple
1610          * opens on a pty master.
1611          */
1612 fast_track:
1613         if (test_bit(TTY_CLOSING, &tty->flags)) {
1614                 retval = -EIO;
1615                 goto end_init;
1616         }
1617         if (driver->type == TTY_DRIVER_TYPE_PTY &&
1618             driver->subtype == PTY_TYPE_MASTER) {
1619                 /*
1620                  * special case for PTY masters: only one open permitted, 
1621                  * and the slave side open count is incremented as well.
1622                  */
1623                 if (tty->count) {
1624                         retval = -EIO;
1625                         goto end_init;
1626                 }
1627                 tty->link->count++;
1628         }
1629         tty->count++;
1630         tty->driver = driver; /* N.B. why do this every time?? */
1631
1632         /* FIXME */
1633         if(!test_bit(TTY_LDISC, &tty->flags))
1634                 printk(KERN_ERR "init_dev but no ldisc\n");
1635 success:
1636         *ret_tty = tty;
1637         
1638         /* All paths come through here to release the semaphore */
1639 end_init:
1640         return retval;
1641
1642         /* Release locally allocated memory ... nothing placed in slots */
1643 free_mem_out:
1644         kfree(o_tp);
1645         if (o_tty)
1646                 free_tty_struct(o_tty);
1647         kfree(ltp);
1648         kfree(tp);
1649         free_tty_struct(tty);
1650
1651 fail_no_mem:
1652         module_put(driver->owner);
1653         retval = -ENOMEM;
1654         goto end_init;
1655
1656         /* call the tty release_mem routine to clean out this slot */
1657 release_mem_out:
1658         printk(KERN_INFO "init_dev: ldisc open failed, "
1659                          "clearing slot %d\n", idx);
1660         release_mem(tty, idx);
1661         goto end_init;
1662 }
1663
1664 /*
1665  * Releases memory associated with a tty structure, and clears out the
1666  * driver table slots.
1667  */
1668 static void release_mem(struct tty_struct *tty, int idx)
1669 {
1670         struct tty_struct *o_tty;
1671         struct termios *tp;
1672         int devpts = tty->driver->flags & TTY_DRIVER_DEVPTS_MEM;
1673
1674         if ((o_tty = tty->link) != NULL) {
1675                 if (!devpts)
1676                         o_tty->driver->ttys[idx] = NULL;
1677                 if (o_tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
1678                         tp = o_tty->termios;
1679                         if (!devpts)
1680                                 o_tty->driver->termios[idx] = NULL;
1681                         kfree(tp);
1682
1683                         tp = o_tty->termios_locked;
1684                         if (!devpts)
1685                                 o_tty->driver->termios_locked[idx] = NULL;
1686                         kfree(tp);
1687                 }
1688                 o_tty->magic = 0;
1689                 o_tty->driver->refcount--;
1690                 file_list_lock();
1691                 list_del_init(&o_tty->tty_files);
1692                 file_list_unlock();
1693                 free_tty_struct(o_tty);
1694         }
1695
1696         if (!devpts)
1697                 tty->driver->ttys[idx] = NULL;
1698         if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
1699                 tp = tty->termios;
1700                 if (!devpts)
1701                         tty->driver->termios[idx] = NULL;
1702                 kfree(tp);
1703
1704                 tp = tty->termios_locked;
1705                 if (!devpts)
1706                         tty->driver->termios_locked[idx] = NULL;
1707                 kfree(tp);
1708         }
1709
1710         tty->magic = 0;
1711         tty->driver->refcount--;
1712         file_list_lock();
1713         list_del_init(&tty->tty_files);
1714         file_list_unlock();
1715         module_put(tty->driver->owner);
1716         free_tty_struct(tty);
1717 }
1718
1719 /*
1720  * Even releasing the tty structures is a tricky business.. We have
1721  * to be very careful that the structures are all released at the
1722  * same time, as interrupts might otherwise get the wrong pointers.
1723  *
1724  * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1725  * lead to double frees or releasing memory still in use.
1726  */
1727 static void release_dev(struct file * filp)
1728 {
1729         struct tty_struct *tty, *o_tty;
1730         int     pty_master, tty_closing, o_tty_closing, do_sleep;
1731         int     devpts_master, devpts;
1732         int     idx;
1733         char    buf[64];
1734         unsigned long flags;
1735         
1736         tty = (struct tty_struct *)filp->private_data;
1737         if (tty_paranoia_check(tty, filp->f_dentry->d_inode, "release_dev"))
1738                 return;
1739
1740         check_tty_count(tty, "release_dev");
1741
1742         tty_fasync(-1, filp, 0);
1743
1744         idx = tty->index;
1745         pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1746                       tty->driver->subtype == PTY_TYPE_MASTER);
1747         devpts = (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) != 0;
1748         devpts_master = pty_master && devpts;
1749         o_tty = tty->link;
1750
1751 #ifdef TTY_PARANOIA_CHECK
1752         if (idx < 0 || idx >= tty->driver->num) {
1753                 printk(KERN_DEBUG "release_dev: bad idx when trying to "
1754                                   "free (%s)\n", tty->name);
1755                 return;
1756         }
1757         if (!(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
1758                 if (tty != tty->driver->ttys[idx]) {
1759                         printk(KERN_DEBUG "release_dev: driver.table[%d] not tty "
1760                                "for (%s)\n", idx, tty->name);
1761                         return;
1762                 }
1763                 if (tty->termios != tty->driver->termios[idx]) {
1764                         printk(KERN_DEBUG "release_dev: driver.termios[%d] not termios "
1765                                "for (%s)\n",
1766                                idx, tty->name);
1767                         return;
1768                 }
1769                 if (tty->termios_locked != tty->driver->termios_locked[idx]) {
1770                         printk(KERN_DEBUG "release_dev: driver.termios_locked[%d] not "
1771                                "termios_locked for (%s)\n",
1772                                idx, tty->name);
1773                         return;
1774                 }
1775         }
1776 #endif
1777
1778 #ifdef TTY_DEBUG_HANGUP
1779         printk(KERN_DEBUG "release_dev of %s (tty count=%d)...",
1780                tty_name(tty, buf), tty->count);
1781 #endif
1782
1783 #ifdef TTY_PARANOIA_CHECK
1784         if (tty->driver->other &&
1785              !(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
1786                 if (o_tty != tty->driver->other->ttys[idx]) {
1787                         printk(KERN_DEBUG "release_dev: other->table[%d] "
1788                                           "not o_tty for (%s)\n",
1789                                idx, tty->name);
1790                         return;
1791                 }
1792                 if (o_tty->termios != tty->driver->other->termios[idx]) {
1793                         printk(KERN_DEBUG "release_dev: other->termios[%d] "
1794                                           "not o_termios for (%s)\n",
1795                                idx, tty->name);
1796                         return;
1797                 }
1798                 if (o_tty->termios_locked != 
1799                       tty->driver->other->termios_locked[idx]) {
1800                         printk(KERN_DEBUG "release_dev: other->termios_locked["
1801                                           "%d] not o_termios_locked for (%s)\n",
1802                                idx, tty->name);
1803                         return;
1804                 }
1805                 if (o_tty->link != tty) {
1806                         printk(KERN_DEBUG "release_dev: bad pty pointers\n");
1807                         return;
1808                 }
1809         }
1810 #endif
1811         if (tty->driver->close)
1812                 tty->driver->close(tty, filp);
1813
1814         /*
1815          * Sanity check: if tty->count is going to zero, there shouldn't be
1816          * any waiters on tty->read_wait or tty->write_wait.  We test the
1817          * wait queues and kick everyone out _before_ actually starting to
1818          * close.  This ensures that we won't block while releasing the tty
1819          * structure.
1820          *
1821          * The test for the o_tty closing is necessary, since the master and
1822          * slave sides may close in any order.  If the slave side closes out
1823          * first, its count will be one, since the master side holds an open.
1824          * Thus this test wouldn't be triggered at the time the slave closes,
1825          * so we do it now.
1826          *
1827          * Note that it's possible for the tty to be opened again while we're
1828          * flushing out waiters.  By recalculating the closing flags before
1829          * each iteration we avoid any problems.
1830          */
1831         while (1) {
1832                 /* Guard against races with tty->count changes elsewhere and
1833                    opens on /dev/tty */
1834                    
1835                 down(&tty_sem);
1836                 tty_closing = tty->count <= 1;
1837                 o_tty_closing = o_tty &&
1838                         (o_tty->count <= (pty_master ? 1 : 0));
1839                 up(&tty_sem);
1840                 do_sleep = 0;
1841
1842                 if (tty_closing) {
1843                         if (waitqueue_active(&tty->read_wait)) {
1844                                 wake_up(&tty->read_wait);
1845                                 do_sleep++;
1846                         }
1847                         if (waitqueue_active(&tty->write_wait)) {
1848                                 wake_up(&tty->write_wait);
1849                                 do_sleep++;
1850                         }
1851                 }
1852                 if (o_tty_closing) {
1853                         if (waitqueue_active(&o_tty->read_wait)) {
1854                                 wake_up(&o_tty->read_wait);
1855                                 do_sleep++;
1856                         }
1857                         if (waitqueue_active(&o_tty->write_wait)) {
1858                                 wake_up(&o_tty->write_wait);
1859                                 do_sleep++;
1860                         }
1861                 }
1862                 if (!do_sleep)
1863                         break;
1864
1865                 printk(KERN_WARNING "release_dev: %s: read/write wait queue "
1866                                     "active!\n", tty_name(tty, buf));
1867                 schedule();
1868         }       
1869
1870         /*
1871          * The closing flags are now consistent with the open counts on 
1872          * both sides, and we've completed the last operation that could 
1873          * block, so it's safe to proceed with closing.
1874          */
1875          
1876         down(&tty_sem);
1877         if (pty_master) {
1878                 if (--o_tty->count < 0) {
1879                         printk(KERN_WARNING "release_dev: bad pty slave count "
1880                                             "(%d) for %s\n",
1881                                o_tty->count, tty_name(o_tty, buf));
1882                         o_tty->count = 0;
1883                 }
1884         }
1885         if (--tty->count < 0) {
1886                 printk(KERN_WARNING "release_dev: bad tty->count (%d) for %s\n",
1887                        tty->count, tty_name(tty, buf));
1888                 tty->count = 0;
1889         }
1890         up(&tty_sem);
1891         
1892         /*
1893          * We've decremented tty->count, so we need to remove this file
1894          * descriptor off the tty->tty_files list; this serves two
1895          * purposes:
1896          *  - check_tty_count sees the correct number of file descriptors
1897          *    associated with this tty.
1898          *  - do_tty_hangup no longer sees this file descriptor as
1899          *    something that needs to be handled for hangups.
1900          */
1901         file_kill(filp);
1902         filp->private_data = NULL;
1903
1904         /*
1905          * Perform some housekeeping before deciding whether to return.
1906          *
1907          * Set the TTY_CLOSING flag if this was the last open.  In the
1908          * case of a pty we may have to wait around for the other side
1909          * to close, and TTY_CLOSING makes sure we can't be reopened.
1910          */
1911         if(tty_closing)
1912                 set_bit(TTY_CLOSING, &tty->flags);
1913         if(o_tty_closing)
1914                 set_bit(TTY_CLOSING, &o_tty->flags);
1915
1916         /*
1917          * If _either_ side is closing, make sure there aren't any
1918          * processes that still think tty or o_tty is their controlling
1919          * tty.
1920          */
1921         if (tty_closing || o_tty_closing) {
1922                 struct task_struct *p;
1923
1924                 read_lock(&tasklist_lock);
1925                 do_each_task_pid(tty->session, PIDTYPE_SID, p) {
1926                         p->signal->tty = NULL;
1927                 } while_each_task_pid(tty->session, PIDTYPE_SID, p);
1928                 if (o_tty)
1929                         do_each_task_pid(o_tty->session, PIDTYPE_SID, p) {
1930                                 p->signal->tty = NULL;
1931                         } while_each_task_pid(o_tty->session, PIDTYPE_SID, p);
1932                 read_unlock(&tasklist_lock);
1933         }
1934
1935         /* check whether both sides are closing ... */
1936         if (!tty_closing || (o_tty && !o_tty_closing))
1937                 return;
1938         
1939 #ifdef TTY_DEBUG_HANGUP
1940         printk(KERN_DEBUG "freeing tty structure...");
1941 #endif
1942         /*
1943          * Prevent flush_to_ldisc() from rescheduling the work for later.  Then
1944          * kill any delayed work. As this is the final close it does not
1945          * race with the set_ldisc code path.
1946          */
1947         clear_bit(TTY_LDISC, &tty->flags);
1948         clear_bit(TTY_DONT_FLIP, &tty->flags);
1949         cancel_delayed_work(&tty->buf.work);
1950
1951         /*
1952          * Wait for ->hangup_work and ->buf.work handlers to terminate
1953          */
1954          
1955         flush_scheduled_work();
1956         
1957         /*
1958          * Wait for any short term users (we know they are just driver
1959          * side waiters as the file is closing so user count on the file
1960          * side is zero.
1961          */
1962         spin_lock_irqsave(&tty_ldisc_lock, flags);
1963         while(tty->ldisc.refcount)
1964         {
1965                 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1966                 wait_event(tty_ldisc_wait, tty->ldisc.refcount == 0);
1967                 spin_lock_irqsave(&tty_ldisc_lock, flags);
1968         }
1969         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1970         /*
1971          * Shutdown the current line discipline, and reset it to N_TTY.
1972          * N.B. why reset ldisc when we're releasing the memory??
1973          *
1974          * FIXME: this MUST get fixed for the new reflocking
1975          */
1976         if (tty->ldisc.close)
1977                 (tty->ldisc.close)(tty);
1978         tty_ldisc_put(tty->ldisc.num);
1979         
1980         /*
1981          *      Switch the line discipline back
1982          */
1983         tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
1984         tty_set_termios_ldisc(tty,N_TTY); 
1985         if (o_tty) {
1986                 /* FIXME: could o_tty be in setldisc here ? */
1987                 clear_bit(TTY_LDISC, &o_tty->flags);
1988                 if (o_tty->ldisc.close)
1989                         (o_tty->ldisc.close)(o_tty);
1990                 tty_ldisc_put(o_tty->ldisc.num);
1991                 tty_ldisc_assign(o_tty, tty_ldisc_get(N_TTY));
1992                 tty_set_termios_ldisc(o_tty,N_TTY); 
1993         }
1994         /*
1995          * The release_mem function takes care of the details of clearing
1996          * the slots and preserving the termios structure.
1997          */
1998         release_mem(tty, idx);
1999
2000 #ifdef CONFIG_UNIX98_PTYS
2001         /* Make this pty number available for reallocation */
2002         if (devpts) {
2003                 down(&allocated_ptys_lock);
2004                 idr_remove(&allocated_ptys, idx);
2005                 up(&allocated_ptys_lock);
2006         }
2007 #endif
2008
2009 }
2010
2011 /*
2012  * tty_open and tty_release keep up the tty count that contains the
2013  * number of opens done on a tty. We cannot use the inode-count, as
2014  * different inodes might point to the same tty.
2015  *
2016  * Open-counting is needed for pty masters, as well as for keeping
2017  * track of serial lines: DTR is dropped when the last close happens.
2018  * (This is not done solely through tty->count, now.  - Ted 1/27/92)
2019  *
2020  * The termios state of a pty is reset on first open so that
2021  * settings don't persist across reuse.
2022  */
2023 static int tty_open(struct inode * inode, struct file * filp)
2024 {
2025         struct tty_struct *tty;
2026         int noctty, retval;
2027         struct tty_driver *driver;
2028         int index;
2029         dev_t device = inode->i_rdev;
2030         unsigned short saved_flags = filp->f_flags;
2031
2032         nonseekable_open(inode, filp);
2033         
2034 retry_open:
2035         noctty = filp->f_flags & O_NOCTTY;
2036         index  = -1;
2037         retval = 0;
2038         
2039         down(&tty_sem);
2040
2041         if (device == MKDEV(TTYAUX_MAJOR,0)) {
2042                 if (!current->signal->tty) {
2043                         up(&tty_sem);
2044                         return -ENXIO;
2045                 }
2046                 driver = current->signal->tty->driver;
2047                 index = current->signal->tty->index;
2048                 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
2049                 /* noctty = 1; */
2050                 goto got_driver;
2051         }
2052 #ifdef CONFIG_VT
2053         if (device == MKDEV(TTY_MAJOR,0)) {
2054                 extern struct tty_driver *console_driver;
2055                 driver = console_driver;
2056                 index = fg_console;
2057                 noctty = 1;
2058                 goto got_driver;
2059         }
2060 #endif
2061         if (device == MKDEV(TTYAUX_MAJOR,1)) {
2062                 driver = console_device(&index);
2063                 if (driver) {
2064                         /* Don't let /dev/console block */
2065                         filp->f_flags |= O_NONBLOCK;
2066                         noctty = 1;
2067                         goto got_driver;
2068                 }
2069                 up(&tty_sem);
2070                 return -ENODEV;
2071         }
2072
2073         driver = get_tty_driver(device, &index);
2074         if (!driver) {
2075                 up(&tty_sem);
2076                 return -ENODEV;
2077         }
2078 got_driver:
2079         retval = init_dev(driver, index, &tty);
2080         up(&tty_sem);
2081         if (retval)
2082                 return retval;
2083
2084         filp->private_data = tty;
2085         file_move(filp, &tty->tty_files);
2086         check_tty_count(tty, "tty_open");
2087         if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2088             tty->driver->subtype == PTY_TYPE_MASTER)
2089                 noctty = 1;
2090 #ifdef TTY_DEBUG_HANGUP
2091         printk(KERN_DEBUG "opening %s...", tty->name);
2092 #endif
2093         if (!retval) {
2094                 if (tty->driver->open)
2095                         retval = tty->driver->open(tty, filp);
2096                 else
2097                         retval = -ENODEV;
2098         }
2099         filp->f_flags = saved_flags;
2100
2101         if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN))
2102                 retval = -EBUSY;
2103
2104         if (retval) {
2105 #ifdef TTY_DEBUG_HANGUP
2106                 printk(KERN_DEBUG "error %d in opening %s...", retval,
2107                        tty->name);
2108 #endif
2109                 release_dev(filp);
2110                 if (retval != -ERESTARTSYS)
2111                         return retval;
2112                 if (signal_pending(current))
2113                         return retval;
2114                 schedule();
2115                 /*
2116                  * Need to reset f_op in case a hangup happened.
2117                  */
2118                 if (filp->f_op == &hung_up_tty_fops)
2119                         filp->f_op = &tty_fops;
2120                 goto retry_open;
2121         }
2122         if (!noctty &&
2123             current->signal->leader &&
2124             !current->signal->tty &&
2125             tty->session == 0) {
2126                 task_lock(current);
2127                 current->signal->tty = tty;
2128                 task_unlock(current);
2129                 current->signal->tty_old_pgrp = 0;
2130                 tty->session = current->signal->session;
2131                 tty->pgrp = process_group(current);
2132         }
2133         return 0;
2134 }
2135
2136 #ifdef CONFIG_UNIX98_PTYS
2137 static int ptmx_open(struct inode * inode, struct file * filp)
2138 {
2139         struct tty_struct *tty;
2140         int retval;
2141         int index;
2142         int idr_ret;
2143
2144         nonseekable_open(inode, filp);
2145
2146         /* find a device that is not in use. */
2147         down(&allocated_ptys_lock);
2148         if (!idr_pre_get(&allocated_ptys, GFP_KERNEL)) {
2149                 up(&allocated_ptys_lock);
2150                 return -ENOMEM;
2151         }
2152         idr_ret = idr_get_new(&allocated_ptys, NULL, &index);
2153         if (idr_ret < 0) {
2154                 up(&allocated_ptys_lock);
2155                 if (idr_ret == -EAGAIN)
2156                         return -ENOMEM;
2157                 return -EIO;
2158         }
2159         if (index >= pty_limit) {
2160                 idr_remove(&allocated_ptys, index);
2161                 up(&allocated_ptys_lock);
2162                 return -EIO;
2163         }
2164         up(&allocated_ptys_lock);
2165
2166         down(&tty_sem);
2167         retval = init_dev(ptm_driver, index, &tty);
2168         up(&tty_sem);
2169         
2170         if (retval)
2171                 goto out;
2172
2173         set_bit(TTY_PTY_LOCK, &tty->flags); /* LOCK THE SLAVE */
2174         filp->private_data = tty;
2175         file_move(filp, &tty->tty_files);
2176
2177         retval = -ENOMEM;
2178         if (devpts_pty_new(tty->link))
2179                 goto out1;
2180
2181         check_tty_count(tty, "tty_open");
2182         retval = ptm_driver->open(tty, filp);
2183         if (!retval)
2184                 return 0;
2185 out1:
2186         release_dev(filp);
2187 out:
2188         down(&allocated_ptys_lock);
2189         idr_remove(&allocated_ptys, index);
2190         up(&allocated_ptys_lock);
2191         return retval;
2192 }
2193 #endif
2194
2195 static int tty_release(struct inode * inode, struct file * filp)
2196 {
2197         lock_kernel();
2198         release_dev(filp);
2199         unlock_kernel();
2200         return 0;
2201 }
2202
2203 /* No kernel lock held - fine */
2204 static unsigned int tty_poll(struct file * filp, poll_table * wait)
2205 {
2206         struct tty_struct * tty;
2207         struct tty_ldisc *ld;
2208         int ret = 0;
2209
2210         tty = (struct tty_struct *)filp->private_data;
2211         if (tty_paranoia_check(tty, filp->f_dentry->d_inode, "tty_poll"))
2212                 return 0;
2213                 
2214         ld = tty_ldisc_ref_wait(tty);
2215         if (ld->poll)
2216                 ret = (ld->poll)(tty, filp, wait);
2217         tty_ldisc_deref(ld);
2218         return ret;
2219 }
2220
2221 static int tty_fasync(int fd, struct file * filp, int on)
2222 {
2223         struct tty_struct * tty;
2224         int retval;
2225
2226         tty = (struct tty_struct *)filp->private_data;
2227         if (tty_paranoia_check(tty, filp->f_dentry->d_inode, "tty_fasync"))
2228                 return 0;
2229         
2230         retval = fasync_helper(fd, filp, on, &tty->fasync);
2231         if (retval <= 0)
2232                 return retval;
2233
2234         if (on) {
2235                 if (!waitqueue_active(&tty->read_wait))
2236                         tty->minimum_to_wake = 1;
2237                 retval = f_setown(filp, (-tty->pgrp) ? : current->pid, 0);
2238                 if (retval)
2239                         return retval;
2240         } else {
2241                 if (!tty->fasync && !waitqueue_active(&tty->read_wait))
2242                         tty->minimum_to_wake = N_TTY_BUF_SIZE;
2243         }
2244         return 0;
2245 }
2246
2247 static int tiocsti(struct tty_struct *tty, char __user *p)
2248 {
2249         char ch, mbz = 0;
2250         struct tty_ldisc *ld;
2251         
2252         if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2253                 return -EPERM;
2254         if (get_user(ch, p))
2255                 return -EFAULT;
2256         ld = tty_ldisc_ref_wait(tty);
2257         ld->receive_buf(tty, &ch, &mbz, 1);
2258         tty_ldisc_deref(ld);
2259         return 0;
2260 }
2261
2262 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user * arg)
2263 {
2264         if (copy_to_user(arg, &tty->winsize, sizeof(*arg)))
2265                 return -EFAULT;
2266         return 0;
2267 }
2268
2269 static int tiocswinsz(struct tty_struct *tty, struct tty_struct *real_tty,
2270         struct winsize __user * arg)
2271 {
2272         struct winsize tmp_ws;
2273
2274         if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2275                 return -EFAULT;
2276         if (!memcmp(&tmp_ws, &tty->winsize, sizeof(*arg)))
2277                 return 0;
2278 #ifdef CONFIG_VT
2279         if (tty->driver->type == TTY_DRIVER_TYPE_CONSOLE) {
2280                 int rc;
2281
2282                 acquire_console_sem();
2283                 rc = vc_resize(tty->driver_data, tmp_ws.ws_col, tmp_ws.ws_row);
2284                 release_console_sem();
2285                 if (rc)
2286                         return -ENXIO;
2287         }
2288 #endif
2289         if (tty->pgrp > 0)
2290                 kill_pg(tty->pgrp, SIGWINCH, 1);
2291         if ((real_tty->pgrp != tty->pgrp) && (real_tty->pgrp > 0))
2292                 kill_pg(real_tty->pgrp, SIGWINCH, 1);
2293         tty->winsize = tmp_ws;
2294         real_tty->winsize = tmp_ws;
2295         return 0;
2296 }
2297
2298 static int tioccons(struct file *file)
2299 {
2300         if (!capable(CAP_SYS_ADMIN))
2301                 return -EPERM;
2302         if (file->f_op->write == redirected_tty_write) {
2303                 struct file *f;
2304                 spin_lock(&redirect_lock);
2305                 f = redirect;
2306                 redirect = NULL;
2307                 spin_unlock(&redirect_lock);
2308                 if (f)
2309                         fput(f);
2310                 return 0;
2311         }
2312         spin_lock(&redirect_lock);
2313         if (redirect) {
2314                 spin_unlock(&redirect_lock);
2315                 return -EBUSY;
2316         }
2317         get_file(file);
2318         redirect = file;
2319         spin_unlock(&redirect_lock);
2320         return 0;
2321 }
2322
2323
2324 static int fionbio(struct file *file, int __user *p)
2325 {
2326         int nonblock;
2327
2328         if (get_user(nonblock, p))
2329                 return -EFAULT;
2330
2331         if (nonblock)
2332                 file->f_flags |= O_NONBLOCK;
2333         else
2334                 file->f_flags &= ~O_NONBLOCK;
2335         return 0;
2336 }
2337
2338 static int tiocsctty(struct tty_struct *tty, int arg)
2339 {
2340         task_t *p;
2341
2342         if (current->signal->leader &&
2343             (current->signal->session == tty->session))
2344                 return 0;
2345         /*
2346          * The process must be a session leader and
2347          * not have a controlling tty already.
2348          */
2349         if (!current->signal->leader || current->signal->tty)
2350                 return -EPERM;
2351         if (tty->session > 0) {
2352                 /*
2353                  * This tty is already the controlling
2354                  * tty for another session group!
2355                  */
2356                 if ((arg == 1) && capable(CAP_SYS_ADMIN)) {
2357                         /*
2358                          * Steal it away
2359                          */
2360
2361                         read_lock(&tasklist_lock);
2362                         do_each_task_pid(tty->session, PIDTYPE_SID, p) {
2363                                 p->signal->tty = NULL;
2364                         } while_each_task_pid(tty->session, PIDTYPE_SID, p);
2365                         read_unlock(&tasklist_lock);
2366                 } else
2367                         return -EPERM;
2368         }
2369         task_lock(current);
2370         current->signal->tty = tty;
2371         task_unlock(current);
2372         current->signal->tty_old_pgrp = 0;
2373         tty->session = current->signal->session;
2374         tty->pgrp = process_group(current);
2375         return 0;
2376 }
2377
2378 static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2379 {
2380         /*
2381          * (tty == real_tty) is a cheap way of
2382          * testing if the tty is NOT a master pty.
2383          */
2384         if (tty == real_tty && current->signal->tty != real_tty)
2385                 return -ENOTTY;
2386         return put_user(real_tty->pgrp, p);
2387 }
2388
2389 static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2390 {
2391         pid_t pgrp;
2392         int retval = tty_check_change(real_tty);
2393
2394         if (retval == -EIO)
2395                 return -ENOTTY;
2396         if (retval)
2397                 return retval;
2398         if (!current->signal->tty ||
2399             (current->signal->tty != real_tty) ||
2400             (real_tty->session != current->signal->session))
2401                 return -ENOTTY;
2402         if (get_user(pgrp, p))
2403                 return -EFAULT;
2404         if (pgrp < 0)
2405                 return -EINVAL;
2406         if (session_of_pgrp(pgrp) != current->signal->session)
2407                 return -EPERM;
2408         real_tty->pgrp = pgrp;
2409         return 0;
2410 }
2411
2412 static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2413 {
2414         /*
2415          * (tty == real_tty) is a cheap way of
2416          * testing if the tty is NOT a master pty.
2417         */
2418         if (tty == real_tty && current->signal->tty != real_tty)
2419                 return -ENOTTY;
2420         if (real_tty->session <= 0)
2421                 return -ENOTTY;
2422         return put_user(real_tty->session, p);
2423 }
2424
2425 static int tiocsetd(struct tty_struct *tty, int __user *p)
2426 {
2427         int ldisc;
2428
2429         if (get_user(ldisc, p))
2430                 return -EFAULT;
2431         return tty_set_ldisc(tty, ldisc);
2432 }
2433
2434 static int send_break(struct tty_struct *tty, unsigned int duration)
2435 {
2436         tty->driver->break_ctl(tty, -1);
2437         if (!signal_pending(current)) {
2438                 msleep_interruptible(duration);
2439         }
2440         tty->driver->break_ctl(tty, 0);
2441         if (signal_pending(current))
2442                 return -EINTR;
2443         return 0;
2444 }
2445
2446 static int
2447 tty_tiocmget(struct tty_struct *tty, struct file *file, int __user *p)
2448 {
2449         int retval = -EINVAL;
2450
2451         if (tty->driver->tiocmget) {
2452                 retval = tty->driver->tiocmget(tty, file);
2453
2454                 if (retval >= 0)
2455                         retval = put_user(retval, p);
2456         }
2457         return retval;
2458 }
2459
2460 static int
2461 tty_tiocmset(struct tty_struct *tty, struct file *file, unsigned int cmd,
2462              unsigned __user *p)
2463 {
2464         int retval = -EINVAL;
2465
2466         if (tty->driver->tiocmset) {
2467                 unsigned int set, clear, val;
2468
2469                 retval = get_user(val, p);
2470                 if (retval)
2471                         return retval;
2472
2473                 set = clear = 0;
2474                 switch (cmd) {
2475                 case TIOCMBIS:
2476                         set = val;
2477                         break;
2478                 case TIOCMBIC:
2479                         clear = val;
2480                         break;
2481                 case TIOCMSET:
2482                         set = val;
2483                         clear = ~val;
2484                         break;
2485                 }
2486
2487                 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2488                 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2489
2490                 retval = tty->driver->tiocmset(tty, file, set, clear);
2491         }
2492         return retval;
2493 }
2494
2495 /*
2496  * Split this up, as gcc can choke on it otherwise..
2497  */
2498 int tty_ioctl(struct inode * inode, struct file * file,
2499               unsigned int cmd, unsigned long arg)
2500 {
2501         struct tty_struct *tty, *real_tty;
2502         void __user *p = (void __user *)arg;
2503         int retval;
2504         struct tty_ldisc *ld;
2505         
2506         tty = (struct tty_struct *)file->private_data;
2507         if (tty_paranoia_check(tty, inode, "tty_ioctl"))
2508                 return -EINVAL;
2509
2510         real_tty = tty;
2511         if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2512             tty->driver->subtype == PTY_TYPE_MASTER)
2513                 real_tty = tty->link;
2514
2515         /*
2516          * Break handling by driver
2517          */
2518         if (!tty->driver->break_ctl) {
2519                 switch(cmd) {
2520                 case TIOCSBRK:
2521                 case TIOCCBRK:
2522                         if (tty->driver->ioctl)
2523                                 return tty->driver->ioctl(tty, file, cmd, arg);
2524                         return -EINVAL;
2525                         
2526                 /* These two ioctl's always return success; even if */
2527                 /* the driver doesn't support them. */
2528                 case TCSBRK:
2529                 case TCSBRKP:
2530                         if (!tty->driver->ioctl)
2531                                 return 0;
2532                         retval = tty->driver->ioctl(tty, file, cmd, arg);
2533                         if (retval == -ENOIOCTLCMD)
2534                                 retval = 0;
2535                         return retval;
2536                 }
2537         }
2538
2539         /*
2540          * Factor out some common prep work
2541          */
2542         switch (cmd) {
2543         case TIOCSETD:
2544         case TIOCSBRK:
2545         case TIOCCBRK:
2546         case TCSBRK:
2547         case TCSBRKP:                   
2548                 retval = tty_check_change(tty);
2549                 if (retval)
2550                         return retval;
2551                 if (cmd != TIOCCBRK) {
2552                         tty_wait_until_sent(tty, 0);
2553                         if (signal_pending(current))
2554                                 return -EINTR;
2555                 }
2556                 break;
2557         }
2558
2559         switch (cmd) {
2560                 case TIOCSTI:
2561                         return tiocsti(tty, p);
2562                 case TIOCGWINSZ:
2563                         return tiocgwinsz(tty, p);
2564                 case TIOCSWINSZ:
2565                         return tiocswinsz(tty, real_tty, p);
2566                 case TIOCCONS:
2567                         return real_tty!=tty ? -EINVAL : tioccons(file);
2568                 case FIONBIO:
2569                         return fionbio(file, p);
2570                 case TIOCEXCL:
2571                         set_bit(TTY_EXCLUSIVE, &tty->flags);
2572                         return 0;
2573                 case TIOCNXCL:
2574                         clear_bit(TTY_EXCLUSIVE, &tty->flags);
2575                         return 0;
2576                 case TIOCNOTTY:
2577                         if (current->signal->tty != tty)
2578                                 return -ENOTTY;
2579                         if (current->signal->leader)
2580                                 disassociate_ctty(0);
2581                         task_lock(current);
2582                         current->signal->tty = NULL;
2583                         task_unlock(current);
2584                         return 0;
2585                 case TIOCSCTTY:
2586                         return tiocsctty(tty, arg);
2587                 case TIOCGPGRP:
2588                         return tiocgpgrp(tty, real_tty, p);
2589                 case TIOCSPGRP:
2590                         return tiocspgrp(tty, real_tty, p);
2591                 case TIOCGSID:
2592                         return tiocgsid(tty, real_tty, p);
2593                 case TIOCGETD:
2594                         /* FIXME: check this is ok */
2595                         return put_user(tty->ldisc.num, (int __user *)p);
2596                 case TIOCSETD:
2597                         return tiocsetd(tty, p);
2598 #ifdef CONFIG_VT
2599                 case TIOCLINUX:
2600                         return tioclinux(tty, arg);
2601 #endif
2602                 /*
2603                  * Break handling
2604                  */
2605                 case TIOCSBRK:  /* Turn break on, unconditionally */
2606                         tty->driver->break_ctl(tty, -1);
2607                         return 0;
2608                         
2609                 case TIOCCBRK:  /* Turn break off, unconditionally */
2610                         tty->driver->break_ctl(tty, 0);
2611                         return 0;
2612                 case TCSBRK:   /* SVID version: non-zero arg --> no break */
2613                         /*
2614                          * XXX is the above comment correct, or the
2615                          * code below correct?  Is this ioctl used at
2616                          * all by anyone?
2617                          */
2618                         if (!arg)
2619                                 return send_break(tty, 250);
2620                         return 0;
2621                 case TCSBRKP:   /* support for POSIX tcsendbreak() */   
2622                         return send_break(tty, arg ? arg*100 : 250);
2623
2624                 case TIOCMGET:
2625                         return tty_tiocmget(tty, file, p);
2626
2627                 case TIOCMSET:
2628                 case TIOCMBIC:
2629                 case TIOCMBIS:
2630                         return tty_tiocmset(tty, file, cmd, p);
2631         }
2632         if (tty->driver->ioctl) {
2633                 retval = (tty->driver->ioctl)(tty, file, cmd, arg);
2634                 if (retval != -ENOIOCTLCMD)
2635                         return retval;
2636         }
2637         ld = tty_ldisc_ref_wait(tty);
2638         retval = -EINVAL;
2639         if (ld->ioctl) {
2640                 retval = ld->ioctl(tty, file, cmd, arg);
2641                 if (retval == -ENOIOCTLCMD)
2642                         retval = -EINVAL;
2643         }
2644         tty_ldisc_deref(ld);
2645         return retval;
2646 }
2647
2648
2649 /*
2650  * This implements the "Secure Attention Key" ---  the idea is to
2651  * prevent trojan horses by killing all processes associated with this
2652  * tty when the user hits the "Secure Attention Key".  Required for
2653  * super-paranoid applications --- see the Orange Book for more details.
2654  * 
2655  * This code could be nicer; ideally it should send a HUP, wait a few
2656  * seconds, then send a INT, and then a KILL signal.  But you then
2657  * have to coordinate with the init process, since all processes associated
2658  * with the current tty must be dead before the new getty is allowed
2659  * to spawn.
2660  *
2661  * Now, if it would be correct ;-/ The current code has a nasty hole -
2662  * it doesn't catch files in flight. We may send the descriptor to ourselves
2663  * via AF_UNIX socket, close it and later fetch from socket. FIXME.
2664  *
2665  * Nasty bug: do_SAK is being called in interrupt context.  This can
2666  * deadlock.  We punt it up to process context.  AKPM - 16Mar2001
2667  */
2668 static void __do_SAK(void *arg)
2669 {
2670 #ifdef TTY_SOFT_SAK
2671         tty_hangup(tty);
2672 #else
2673         struct tty_struct *tty = arg;
2674         struct task_struct *p;
2675         int session;
2676         int             i;
2677         struct file     *filp;
2678         struct tty_ldisc *disc;
2679         struct fdtable *fdt;
2680         
2681         if (!tty)
2682                 return;
2683         session  = tty->session;
2684         
2685         /* We don't want an ldisc switch during this */
2686         disc = tty_ldisc_ref(tty);
2687         if (disc && disc->flush_buffer)
2688                 disc->flush_buffer(tty);
2689         tty_ldisc_deref(disc);
2690
2691         if (tty->driver->flush_buffer)
2692                 tty->driver->flush_buffer(tty);
2693         
2694         read_lock(&tasklist_lock);
2695         do_each_task_pid(session, PIDTYPE_SID, p) {
2696                 if (p->signal->tty == tty || session > 0) {
2697                         printk(KERN_NOTICE "SAK: killed process %d"
2698                             " (%s): p->signal->session==tty->session\n",
2699                             p->pid, p->comm);
2700                         send_sig(SIGKILL, p, 1);
2701                         continue;
2702                 }
2703                 task_lock(p);
2704                 if (p->files) {
2705                         rcu_read_lock();
2706                         fdt = files_fdtable(p->files);
2707                         for (i=0; i < fdt->max_fds; i++) {
2708                                 filp = fcheck_files(p->files, i);
2709                                 if (!filp)
2710                                         continue;
2711                                 if (filp->f_op->read == tty_read &&
2712                                     filp->private_data == tty) {
2713                                         printk(KERN_NOTICE "SAK: killed process %d"
2714                                             " (%s): fd#%d opened to the tty\n",
2715                                             p->pid, p->comm, i);
2716                                         send_sig(SIGKILL, p, 1);
2717                                         break;
2718                                 }
2719                         }
2720                         rcu_read_unlock();
2721                 }
2722                 task_unlock(p);
2723         } while_each_task_pid(session, PIDTYPE_SID, p);
2724         read_unlock(&tasklist_lock);
2725 #endif
2726 }
2727
2728 /*
2729  * The tq handling here is a little racy - tty->SAK_work may already be queued.
2730  * Fortunately we don't need to worry, because if ->SAK_work is already queued,
2731  * the values which we write to it will be identical to the values which it
2732  * already has. --akpm
2733  */
2734 void do_SAK(struct tty_struct *tty)
2735 {
2736         if (!tty)
2737                 return;
2738         PREPARE_WORK(&tty->SAK_work, __do_SAK, tty);
2739         schedule_work(&tty->SAK_work);
2740 }
2741
2742 EXPORT_SYMBOL(do_SAK);
2743
2744 /*
2745  * This routine is called out of the software interrupt to flush data
2746  * from the buffer chain to the line discipline.
2747  */
2748  
2749 static void flush_to_ldisc(void *private_)
2750 {
2751         struct tty_struct *tty = (struct tty_struct *) private_;
2752         unsigned long   flags;
2753         struct tty_ldisc *disc;
2754         struct tty_buffer *tbuf;
2755
2756         disc = tty_ldisc_ref(tty);
2757         if (disc == NULL)       /*  !TTY_LDISC */
2758                 return;
2759
2760         if (test_bit(TTY_DONT_FLIP, &tty->flags)) {
2761                 /*
2762                  * Do it after the next timer tick:
2763                  */
2764                 schedule_delayed_work(&tty->buf.work, 1);
2765                 goto out;
2766         }
2767         spin_lock_irqsave(&tty->buf.lock, flags);
2768         while((tbuf = tty->buf.head) != NULL && !tbuf->active) {
2769                 tty->buf.head = tbuf->next;
2770                 if (tty->buf.head == NULL)
2771                         tty->buf.tail = NULL;
2772                 spin_unlock_irqrestore(&tty->buf.lock, flags);
2773                 /* printk("Process buffer %p for %d\n", tbuf, tbuf->used); */
2774                 disc->receive_buf(tty, tbuf->char_buf_ptr,
2775                                        tbuf->flag_buf_ptr,
2776                                        tbuf->used);
2777                 spin_lock_irqsave(&tty->buf.lock, flags);
2778                 tty_buffer_free(tty, tbuf);
2779         }
2780         spin_unlock_irqrestore(&tty->buf.lock, flags);
2781 out:
2782         tty_ldisc_deref(disc);
2783 }
2784
2785 /*
2786  * Routine which returns the baud rate of the tty
2787  *
2788  * Note that the baud_table needs to be kept in sync with the
2789  * include/asm/termbits.h file.
2790  */
2791 static int baud_table[] = {
2792         0, 50, 75, 110, 134, 150, 200, 300, 600, 1200, 1800, 2400, 4800,
2793         9600, 19200, 38400, 57600, 115200, 230400, 460800,
2794 #ifdef __sparc__
2795         76800, 153600, 307200, 614400, 921600
2796 #else
2797         500000, 576000, 921600, 1000000, 1152000, 1500000, 2000000,
2798         2500000, 3000000, 3500000, 4000000
2799 #endif
2800 };
2801
2802 static int n_baud_table = ARRAY_SIZE(baud_table);
2803
2804 /**
2805  *      tty_termios_baud_rate
2806  *      @termios: termios structure
2807  *
2808  *      Convert termios baud rate data into a speed. This should be called
2809  *      with the termios lock held if this termios is a terminal termios
2810  *      structure. May change the termios data.
2811  */
2812  
2813 int tty_termios_baud_rate(struct termios *termios)
2814 {
2815         unsigned int cbaud;
2816         
2817         cbaud = termios->c_cflag & CBAUD;
2818
2819         if (cbaud & CBAUDEX) {
2820                 cbaud &= ~CBAUDEX;
2821
2822                 if (cbaud < 1 || cbaud + 15 > n_baud_table)
2823                         termios->c_cflag &= ~CBAUDEX;
2824                 else
2825                         cbaud += 15;
2826         }
2827         return baud_table[cbaud];
2828 }
2829
2830 EXPORT_SYMBOL(tty_termios_baud_rate);
2831
2832 /**
2833  *      tty_get_baud_rate       -       get tty bit rates
2834  *      @tty: tty to query
2835  *
2836  *      Returns the baud rate as an integer for this terminal. The
2837  *      termios lock must be held by the caller and the terminal bit
2838  *      flags may be updated.
2839  */
2840  
2841 int tty_get_baud_rate(struct tty_struct *tty)
2842 {
2843         int baud = tty_termios_baud_rate(tty->termios);
2844
2845         if (baud == 38400 && tty->alt_speed) {
2846                 if (!tty->warned) {
2847                         printk(KERN_WARNING "Use of setserial/setrocket to "
2848                                             "set SPD_* flags is deprecated\n");
2849                         tty->warned = 1;
2850                 }
2851                 baud = tty->alt_speed;
2852         }
2853         
2854         return baud;
2855 }
2856
2857 EXPORT_SYMBOL(tty_get_baud_rate);
2858
2859 /**
2860  *      tty_flip_buffer_push    -       terminal
2861  *      @tty: tty to push
2862  *
2863  *      Queue a push of the terminal flip buffers to the line discipline. This
2864  *      function must not be called from IRQ context if tty->low_latency is set.
2865  *
2866  *      In the event of the queue being busy for flipping the work will be
2867  *      held off and retried later.
2868  */
2869
2870 void tty_flip_buffer_push(struct tty_struct *tty)
2871 {
2872         unsigned long flags;
2873         spin_lock_irqsave(&tty->buf.lock, flags);
2874         if (tty->buf.tail != NULL)
2875                 tty->buf.tail->active = 0;
2876         spin_unlock_irqrestore(&tty->buf.lock, flags);
2877
2878         if (tty->low_latency)
2879                 flush_to_ldisc((void *) tty);
2880         else
2881                 schedule_delayed_work(&tty->buf.work, 1);
2882 }
2883
2884 EXPORT_SYMBOL(tty_flip_buffer_push);
2885
2886
2887 /*
2888  * This subroutine initializes a tty structure.
2889  */
2890 static void initialize_tty_struct(struct tty_struct *tty)
2891 {
2892         memset(tty, 0, sizeof(struct tty_struct));
2893         tty->magic = TTY_MAGIC;
2894         tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
2895         tty->pgrp = -1;
2896         tty->overrun_time = jiffies;
2897         tty->buf.head = tty->buf.tail = NULL;
2898         tty_buffer_init(tty);
2899         INIT_WORK(&tty->buf.work, flush_to_ldisc, tty);
2900         init_MUTEX(&tty->buf.pty_sem);
2901         init_MUTEX(&tty->termios_sem);
2902         init_waitqueue_head(&tty->write_wait);
2903         init_waitqueue_head(&tty->read_wait);
2904         INIT_WORK(&tty->hangup_work, do_tty_hangup, tty);
2905         sema_init(&tty->atomic_read, 1);
2906         sema_init(&tty->atomic_write, 1);
2907         spin_lock_init(&tty->read_lock);
2908         INIT_LIST_HEAD(&tty->tty_files);
2909         INIT_WORK(&tty->SAK_work, NULL, NULL);
2910 }
2911
2912 /*
2913  * The default put_char routine if the driver did not define one.
2914  */
2915 static void tty_default_put_char(struct tty_struct *tty, unsigned char ch)
2916 {
2917         tty->driver->write(tty, &ch, 1);
2918 }
2919
2920 static struct class *tty_class;
2921
2922 /**
2923  * tty_register_device - register a tty device
2924  * @driver: the tty driver that describes the tty device
2925  * @index: the index in the tty driver for this tty device
2926  * @device: a struct device that is associated with this tty device.
2927  *      This field is optional, if there is no known struct device for this
2928  *      tty device it can be set to NULL safely.
2929  *
2930  * This call is required to be made to register an individual tty device if
2931  * the tty driver's flags have the TTY_DRIVER_NO_DEVFS bit set.  If that
2932  * bit is not set, this function should not be called.
2933  */
2934 void tty_register_device(struct tty_driver *driver, unsigned index,
2935                          struct device *device)
2936 {
2937         char name[64];
2938         dev_t dev = MKDEV(driver->major, driver->minor_start) + index;
2939
2940         if (index >= driver->num) {
2941                 printk(KERN_ERR "Attempt to register invalid tty line number "
2942                        " (%d).\n", index);
2943                 return;
2944         }
2945
2946         devfs_mk_cdev(dev, S_IFCHR | S_IRUSR | S_IWUSR,
2947                         "%s%d", driver->devfs_name, index + driver->name_base);
2948
2949         if (driver->type == TTY_DRIVER_TYPE_PTY)
2950                 pty_line_name(driver, index, name);
2951         else
2952                 tty_line_name(driver, index, name);
2953         class_device_create(tty_class, NULL, dev, device, "%s", name);
2954 }
2955
2956 /**
2957  * tty_unregister_device - unregister a tty device
2958  * @driver: the tty driver that describes the tty device
2959  * @index: the index in the tty driver for this tty device
2960  *
2961  * If a tty device is registered with a call to tty_register_device() then
2962  * this function must be made when the tty device is gone.
2963  */
2964 void tty_unregister_device(struct tty_driver *driver, unsigned index)
2965 {
2966         devfs_remove("%s%d", driver->devfs_name, index + driver->name_base);
2967         class_device_destroy(tty_class, MKDEV(driver->major, driver->minor_start) + index);
2968 }
2969
2970 EXPORT_SYMBOL(tty_register_device);
2971 EXPORT_SYMBOL(tty_unregister_device);
2972
2973 struct tty_driver *alloc_tty_driver(int lines)
2974 {
2975         struct tty_driver *driver;
2976
2977         driver = kmalloc(sizeof(struct tty_driver), GFP_KERNEL);
2978         if (driver) {
2979                 memset(driver, 0, sizeof(struct tty_driver));
2980                 driver->magic = TTY_DRIVER_MAGIC;
2981                 driver->num = lines;
2982                 /* later we'll move allocation of tables here */
2983         }
2984         return driver;
2985 }
2986
2987 void put_tty_driver(struct tty_driver *driver)
2988 {
2989         kfree(driver);
2990 }
2991
2992 void tty_set_operations(struct tty_driver *driver, struct tty_operations *op)
2993 {
2994         driver->open = op->open;
2995         driver->close = op->close;
2996         driver->write = op->write;
2997         driver->put_char = op->put_char;
2998         driver->flush_chars = op->flush_chars;
2999         driver->write_room = op->write_room;
3000         driver->chars_in_buffer = op->chars_in_buffer;
3001         driver->ioctl = op->ioctl;
3002         driver->set_termios = op->set_termios;
3003         driver->throttle = op->throttle;
3004         driver->unthrottle = op->unthrottle;
3005         driver->stop = op->stop;
3006         driver->start = op->start;
3007         driver->hangup = op->hangup;
3008         driver->break_ctl = op->break_ctl;
3009         driver->flush_buffer = op->flush_buffer;
3010         driver->set_ldisc = op->set_ldisc;
3011         driver->wait_until_sent = op->wait_until_sent;
3012         driver->send_xchar = op->send_xchar;
3013         driver->read_proc = op->read_proc;
3014         driver->write_proc = op->write_proc;
3015         driver->tiocmget = op->tiocmget;
3016         driver->tiocmset = op->tiocmset;
3017 }
3018
3019
3020 EXPORT_SYMBOL(alloc_tty_driver);
3021 EXPORT_SYMBOL(put_tty_driver);
3022 EXPORT_SYMBOL(tty_set_operations);
3023
3024 /*
3025  * Called by a tty driver to register itself.
3026  */
3027 int tty_register_driver(struct tty_driver *driver)
3028 {
3029         int error;
3030         int i;
3031         dev_t dev;
3032         void **p = NULL;
3033
3034         if (driver->flags & TTY_DRIVER_INSTALLED)
3035                 return 0;
3036
3037         if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
3038                 p = kmalloc(driver->num * 3 * sizeof(void *), GFP_KERNEL);
3039                 if (!p)
3040                         return -ENOMEM;
3041                 memset(p, 0, driver->num * 3 * sizeof(void *));
3042         }
3043
3044         if (!driver->major) {
3045                 error = alloc_chrdev_region(&dev, driver->minor_start, driver->num,
3046                                                 (char*)driver->name);
3047                 if (!error) {
3048                         driver->major = MAJOR(dev);
3049                         driver->minor_start = MINOR(dev);
3050                 }
3051         } else {
3052                 dev = MKDEV(driver->major, driver->minor_start);
3053                 error = register_chrdev_region(dev, driver->num,
3054                                                 (char*)driver->name);
3055         }
3056         if (error < 0) {
3057                 kfree(p);
3058                 return error;
3059         }
3060
3061         if (p) {
3062                 driver->ttys = (struct tty_struct **)p;
3063                 driver->termios = (struct termios **)(p + driver->num);
3064                 driver->termios_locked = (struct termios **)(p + driver->num * 2);
3065         } else {
3066                 driver->ttys = NULL;
3067                 driver->termios = NULL;
3068                 driver->termios_locked = NULL;
3069         }
3070
3071         cdev_init(&driver->cdev, &tty_fops);
3072         driver->cdev.owner = driver->owner;
3073         error = cdev_add(&driver->cdev, dev, driver->num);
3074         if (error) {
3075                 cdev_del(&driver->cdev);
3076                 unregister_chrdev_region(dev, driver->num);
3077                 driver->ttys = NULL;
3078                 driver->termios = driver->termios_locked = NULL;
3079                 kfree(p);
3080                 return error;
3081         }
3082
3083         if (!driver->put_char)
3084                 driver->put_char = tty_default_put_char;
3085         
3086         list_add(&driver->tty_drivers, &tty_drivers);
3087         
3088         if ( !(driver->flags & TTY_DRIVER_NO_DEVFS) ) {
3089                 for(i = 0; i < driver->num; i++)
3090                     tty_register_device(driver, i, NULL);
3091         }
3092         proc_tty_register_driver(driver);
3093         return 0;
3094 }
3095
3096 EXPORT_SYMBOL(tty_register_driver);
3097
3098 /*
3099  * Called by a tty driver to unregister itself.
3100  */
3101 int tty_unregister_driver(struct tty_driver *driver)
3102 {
3103         int i;
3104         struct termios *tp;
3105         void *p;
3106
3107         if (driver->refcount)
3108                 return -EBUSY;
3109
3110         unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3111                                 driver->num);
3112
3113         list_del(&driver->tty_drivers);
3114
3115         /*
3116          * Free the termios and termios_locked structures because
3117          * we don't want to get memory leaks when modular tty
3118          * drivers are removed from the kernel.
3119          */
3120         for (i = 0; i < driver->num; i++) {
3121                 tp = driver->termios[i];
3122                 if (tp) {
3123                         driver->termios[i] = NULL;
3124                         kfree(tp);
3125                 }
3126                 tp = driver->termios_locked[i];
3127                 if (tp) {
3128                         driver->termios_locked[i] = NULL;
3129                         kfree(tp);
3130                 }
3131                 if (!(driver->flags & TTY_DRIVER_NO_DEVFS))
3132                         tty_unregister_device(driver, i);
3133         }
3134         p = driver->ttys;
3135         proc_tty_unregister_driver(driver);
3136         driver->ttys = NULL;
3137         driver->termios = driver->termios_locked = NULL;
3138         kfree(p);
3139         cdev_del(&driver->cdev);
3140         return 0;
3141 }
3142
3143 EXPORT_SYMBOL(tty_unregister_driver);
3144
3145
3146 /*
3147  * Initialize the console device. This is called *early*, so
3148  * we can't necessarily depend on lots of kernel help here.
3149  * Just do some early initializations, and do the complex setup
3150  * later.
3151  */
3152 void __init console_init(void)
3153 {
3154         initcall_t *call;
3155
3156         /* Setup the default TTY line discipline. */
3157         (void) tty_register_ldisc(N_TTY, &tty_ldisc_N_TTY);
3158
3159         /*
3160          * set up the console device so that later boot sequences can 
3161          * inform about problems etc..
3162          */
3163 #ifdef CONFIG_EARLY_PRINTK
3164         disable_early_printk();
3165 #endif
3166         call = __con_initcall_start;
3167         while (call < __con_initcall_end) {
3168                 (*call)();
3169                 call++;
3170         }
3171 }
3172
3173 #ifdef CONFIG_VT
3174 extern int vty_init(void);
3175 #endif
3176
3177 static int __init tty_class_init(void)
3178 {
3179         tty_class = class_create(THIS_MODULE, "tty");
3180         if (IS_ERR(tty_class))
3181                 return PTR_ERR(tty_class);
3182         return 0;
3183 }
3184
3185 postcore_initcall(tty_class_init);
3186
3187 /* 3/2004 jmc: why do these devices exist? */
3188
3189 static struct cdev tty_cdev, console_cdev;
3190 #ifdef CONFIG_UNIX98_PTYS
3191 static struct cdev ptmx_cdev;
3192 #endif
3193 #ifdef CONFIG_VT
3194 static struct cdev vc0_cdev;
3195 #endif
3196
3197 /*
3198  * Ok, now we can initialize the rest of the tty devices and can count
3199  * on memory allocations, interrupts etc..
3200  */
3201 static int __init tty_init(void)
3202 {
3203         cdev_init(&tty_cdev, &tty_fops);
3204         if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3205             register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3206                 panic("Couldn't register /dev/tty driver\n");
3207         devfs_mk_cdev(MKDEV(TTYAUX_MAJOR, 0), S_IFCHR|S_IRUGO|S_IWUGO, "tty");
3208         class_device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty");
3209
3210         cdev_init(&console_cdev, &console_fops);
3211         if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3212             register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3213                 panic("Couldn't register /dev/console driver\n");
3214         devfs_mk_cdev(MKDEV(TTYAUX_MAJOR, 1), S_IFCHR|S_IRUSR|S_IWUSR, "console");
3215         class_device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), NULL, "console");
3216
3217 #ifdef CONFIG_UNIX98_PTYS
3218         cdev_init(&ptmx_cdev, &ptmx_fops);
3219         if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) ||
3220             register_chrdev_region(MKDEV(TTYAUX_MAJOR, 2), 1, "/dev/ptmx") < 0)
3221                 panic("Couldn't register /dev/ptmx driver\n");
3222         devfs_mk_cdev(MKDEV(TTYAUX_MAJOR, 2), S_IFCHR|S_IRUGO|S_IWUGO, "ptmx");
3223         class_device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 2), NULL, "ptmx");
3224 #endif
3225
3226 #ifdef CONFIG_VT
3227         cdev_init(&vc0_cdev, &console_fops);
3228         if (cdev_add(&vc0_cdev, MKDEV(TTY_MAJOR, 0), 1) ||
3229             register_chrdev_region(MKDEV(TTY_MAJOR, 0), 1, "/dev/vc/0") < 0)
3230                 panic("Couldn't register /dev/tty0 driver\n");
3231         devfs_mk_cdev(MKDEV(TTY_MAJOR, 0), S_IFCHR|S_IRUSR|S_IWUSR, "vc/0");
3232         class_device_create(tty_class, NULL, MKDEV(TTY_MAJOR, 0), NULL, "tty0");
3233
3234         vty_init();
3235 #endif
3236         return 0;
3237 }
3238 module_init(tty_init);