tty_register_driver: only allocate tty instances when defined
[linux-2.6.git] / drivers / char / tty_io.c
1 /*
2  *  linux/drivers/char/tty_io.c
3  *
4  *  Copyright (C) 1991, 1992  Linus Torvalds
5  */
6
7 /*
8  * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
9  * or rs-channels. It also implements echoing, cooked mode etc.
10  *
11  * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
12  *
13  * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
14  * tty_struct and tty_queue structures.  Previously there was an array
15  * of 256 tty_struct's which was statically allocated, and the
16  * tty_queue structures were allocated at boot time.  Both are now
17  * dynamically allocated only when the tty is open.
18  *
19  * Also restructured routines so that there is more of a separation
20  * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
21  * the low-level tty routines (serial.c, pty.c, console.c).  This
22  * makes for cleaner and more compact code.  -TYT, 9/17/92 
23  *
24  * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
25  * which can be dynamically activated and de-activated by the line
26  * discipline handling modules (like SLIP).
27  *
28  * NOTE: pay no attention to the line discipline code (yet); its
29  * interface is still subject to change in this version...
30  * -- TYT, 1/31/92
31  *
32  * Added functionality to the OPOST tty handling.  No delays, but all
33  * other bits should be there.
34  *      -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
35  *
36  * Rewrote canonical mode and added more termios flags.
37  *      -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
38  *
39  * Reorganized FASYNC support so mouse code can share it.
40  *      -- ctm@ardi.com, 9Sep95
41  *
42  * New TIOCLINUX variants added.
43  *      -- mj@k332.feld.cvut.cz, 19-Nov-95
44  * 
45  * Restrict vt switching via ioctl()
46  *      -- grif@cs.ucr.edu, 5-Dec-95
47  *
48  * Move console and virtual terminal code to more appropriate files,
49  * implement CONFIG_VT and generalize console device interface.
50  *      -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
51  *
52  * Rewrote init_dev and release_dev to eliminate races.
53  *      -- Bill Hawes <whawes@star.net>, June 97
54  *
55  * Added devfs support.
56  *      -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
57  *
58  * Added support for a Unix98-style ptmx device.
59  *      -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
60  *
61  * Reduced memory usage for older ARM systems
62  *      -- Russell King <rmk@arm.linux.org.uk>
63  *
64  * Move do_SAK() into process context.  Less stack use in devfs functions.
65  * alloc_tty_struct() always uses kmalloc() -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
66  */
67
68 #include <linux/types.h>
69 #include <linux/major.h>
70 #include <linux/errno.h>
71 #include <linux/signal.h>
72 #include <linux/fcntl.h>
73 #include <linux/sched.h>
74 #include <linux/interrupt.h>
75 #include <linux/tty.h>
76 #include <linux/tty_driver.h>
77 #include <linux/tty_flip.h>
78 #include <linux/devpts_fs.h>
79 #include <linux/file.h>
80 #include <linux/console.h>
81 #include <linux/timer.h>
82 #include <linux/ctype.h>
83 #include <linux/kd.h>
84 #include <linux/mm.h>
85 #include <linux/string.h>
86 #include <linux/slab.h>
87 #include <linux/poll.h>
88 #include <linux/proc_fs.h>
89 #include <linux/init.h>
90 #include <linux/module.h>
91 #include <linux/smp_lock.h>
92 #include <linux/device.h>
93 #include <linux/idr.h>
94 #include <linux/wait.h>
95 #include <linux/bitops.h>
96 #include <linux/delay.h>
97
98 #include <asm/uaccess.h>
99 #include <asm/system.h>
100
101 #include <linux/kbd_kern.h>
102 #include <linux/vt_kern.h>
103 #include <linux/selection.h>
104
105 #include <linux/kmod.h>
106
107 #undef TTY_DEBUG_HANGUP
108
109 #define TTY_PARANOIA_CHECK 1
110 #define CHECK_TTY_COUNT 1
111
112 struct ktermios tty_std_termios = {     /* for the benefit of tty drivers  */
113         .c_iflag = ICRNL | IXON,
114         .c_oflag = OPOST | ONLCR,
115         .c_cflag = B38400 | CS8 | CREAD | HUPCL,
116         .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
117                    ECHOCTL | ECHOKE | IEXTEN,
118         .c_cc = INIT_C_CC,
119         .c_ispeed = 38400,
120         .c_ospeed = 38400
121 };
122
123 EXPORT_SYMBOL(tty_std_termios);
124
125 /* This list gets poked at by procfs and various bits of boot up code. This
126    could do with some rationalisation such as pulling the tty proc function
127    into this file */
128    
129 LIST_HEAD(tty_drivers);                 /* linked list of tty drivers */
130
131 /* Mutex to protect creating and releasing a tty. This is shared with
132    vt.c for deeply disgusting hack reasons */
133 DEFINE_MUTEX(tty_mutex);
134 EXPORT_SYMBOL(tty_mutex);
135
136 #ifdef CONFIG_UNIX98_PTYS
137 extern struct tty_driver *ptm_driver;   /* Unix98 pty masters; for /dev/ptmx */
138 extern int pty_limit;           /* Config limit on Unix98 ptys */
139 static DEFINE_IDR(allocated_ptys);
140 static DECLARE_MUTEX(allocated_ptys_lock);
141 static int ptmx_open(struct inode *, struct file *);
142 #endif
143
144 extern void disable_early_printk(void);
145
146 static void initialize_tty_struct(struct tty_struct *tty);
147
148 static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
149 static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
150 ssize_t redirected_tty_write(struct file *, const char __user *, size_t, loff_t *);
151 static unsigned int tty_poll(struct file *, poll_table *);
152 static int tty_open(struct inode *, struct file *);
153 static int tty_release(struct inode *, struct file *);
154 int tty_ioctl(struct inode * inode, struct file * file,
155               unsigned int cmd, unsigned long arg);
156 static int tty_fasync(int fd, struct file * filp, int on);
157 static void release_tty(struct tty_struct *tty, int idx);
158 static struct pid *__proc_set_tty(struct task_struct *tsk,
159                                 struct tty_struct *tty);
160
161 /**
162  *      alloc_tty_struct        -       allocate a tty object
163  *
164  *      Return a new empty tty structure. The data fields have not
165  *      been initialized in any way but has been zeroed
166  *
167  *      Locking: none
168  */
169
170 static struct tty_struct *alloc_tty_struct(void)
171 {
172         return kzalloc(sizeof(struct tty_struct), GFP_KERNEL);
173 }
174
175 static void tty_buffer_free_all(struct tty_struct *);
176
177 /**
178  *      free_tty_struct         -       free a disused tty
179  *      @tty: tty struct to free
180  *
181  *      Free the write buffers, tty queue and tty memory itself.
182  *
183  *      Locking: none. Must be called after tty is definitely unused
184  */
185
186 static inline void free_tty_struct(struct tty_struct *tty)
187 {
188         kfree(tty->write_buf);
189         tty_buffer_free_all(tty);
190         kfree(tty);
191 }
192
193 #define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
194
195 /**
196  *      tty_name        -       return tty naming
197  *      @tty: tty structure
198  *      @buf: buffer for output
199  *
200  *      Convert a tty structure into a name. The name reflects the kernel
201  *      naming policy and if udev is in use may not reflect user space
202  *
203  *      Locking: none
204  */
205
206 char *tty_name(struct tty_struct *tty, char *buf)
207 {
208         if (!tty) /* Hmm.  NULL pointer.  That's fun. */
209                 strcpy(buf, "NULL tty");
210         else
211                 strcpy(buf, tty->name);
212         return buf;
213 }
214
215 EXPORT_SYMBOL(tty_name);
216
217 int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
218                               const char *routine)
219 {
220 #ifdef TTY_PARANOIA_CHECK
221         if (!tty) {
222                 printk(KERN_WARNING
223                         "null TTY for (%d:%d) in %s\n",
224                         imajor(inode), iminor(inode), routine);
225                 return 1;
226         }
227         if (tty->magic != TTY_MAGIC) {
228                 printk(KERN_WARNING
229                         "bad magic number for tty struct (%d:%d) in %s\n",
230                         imajor(inode), iminor(inode), routine);
231                 return 1;
232         }
233 #endif
234         return 0;
235 }
236
237 static int check_tty_count(struct tty_struct *tty, const char *routine)
238 {
239 #ifdef CHECK_TTY_COUNT
240         struct list_head *p;
241         int count = 0;
242         
243         file_list_lock();
244         list_for_each(p, &tty->tty_files) {
245                 count++;
246         }
247         file_list_unlock();
248         if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
249             tty->driver->subtype == PTY_TYPE_SLAVE &&
250             tty->link && tty->link->count)
251                 count++;
252         if (tty->count != count) {
253                 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
254                                     "!= #fd's(%d) in %s\n",
255                        tty->name, tty->count, count, routine);
256                 return count;
257         }
258 #endif
259         return 0;
260 }
261
262 /*
263  * Tty buffer allocation management
264  */
265
266 /**
267  *      tty_buffer_free_all             -       free buffers used by a tty
268  *      @tty: tty to free from
269  *
270  *      Remove all the buffers pending on a tty whether queued with data
271  *      or in the free ring. Must be called when the tty is no longer in use
272  *
273  *      Locking: none
274  */
275
276 static void tty_buffer_free_all(struct tty_struct *tty)
277 {
278         struct tty_buffer *thead;
279         while((thead = tty->buf.head) != NULL) {
280                 tty->buf.head = thead->next;
281                 kfree(thead);
282         }
283         while((thead = tty->buf.free) != NULL) {
284                 tty->buf.free = thead->next;
285                 kfree(thead);
286         }
287         tty->buf.tail = NULL;
288         tty->buf.memory_used = 0;
289 }
290
291 /**
292  *      tty_buffer_init         -       prepare a tty buffer structure
293  *      @tty: tty to initialise
294  *
295  *      Set up the initial state of the buffer management for a tty device.
296  *      Must be called before the other tty buffer functions are used.
297  *
298  *      Locking: none
299  */
300
301 static void tty_buffer_init(struct tty_struct *tty)
302 {
303         spin_lock_init(&tty->buf.lock);
304         tty->buf.head = NULL;
305         tty->buf.tail = NULL;
306         tty->buf.free = NULL;
307         tty->buf.memory_used = 0;
308 }
309
310 /**
311  *      tty_buffer_alloc        -       allocate a tty buffer
312  *      @tty: tty device
313  *      @size: desired size (characters)
314  *
315  *      Allocate a new tty buffer to hold the desired number of characters.
316  *      Return NULL if out of memory or the allocation would exceed the
317  *      per device queue
318  *
319  *      Locking: Caller must hold tty->buf.lock
320  */
321
322 static struct tty_buffer *tty_buffer_alloc(struct tty_struct *tty, size_t size)
323 {
324         struct tty_buffer *p;
325
326         if (tty->buf.memory_used + size > 65536)
327                 return NULL;
328         p = kmalloc(sizeof(struct tty_buffer) + 2 * size, GFP_ATOMIC);
329         if(p == NULL)
330                 return NULL;
331         p->used = 0;
332         p->size = size;
333         p->next = NULL;
334         p->commit = 0;
335         p->read = 0;
336         p->char_buf_ptr = (char *)(p->data);
337         p->flag_buf_ptr = (unsigned char *)p->char_buf_ptr + size;
338         tty->buf.memory_used += size;
339         return p;
340 }
341
342 /**
343  *      tty_buffer_free         -       free a tty buffer
344  *      @tty: tty owning the buffer
345  *      @b: the buffer to free
346  *
347  *      Free a tty buffer, or add it to the free list according to our
348  *      internal strategy
349  *
350  *      Locking: Caller must hold tty->buf.lock
351  */
352
353 static void tty_buffer_free(struct tty_struct *tty, struct tty_buffer *b)
354 {
355         /* Dumb strategy for now - should keep some stats */
356         tty->buf.memory_used -= b->size;
357         WARN_ON(tty->buf.memory_used < 0);
358
359         if(b->size >= 512)
360                 kfree(b);
361         else {
362                 b->next = tty->buf.free;
363                 tty->buf.free = b;
364         }
365 }
366
367 /**
368  *      tty_buffer_find         -       find a free tty buffer
369  *      @tty: tty owning the buffer
370  *      @size: characters wanted
371  *
372  *      Locate an existing suitable tty buffer or if we are lacking one then
373  *      allocate a new one. We round our buffers off in 256 character chunks
374  *      to get better allocation behaviour.
375  *
376  *      Locking: Caller must hold tty->buf.lock
377  */
378
379 static struct tty_buffer *tty_buffer_find(struct tty_struct *tty, size_t size)
380 {
381         struct tty_buffer **tbh = &tty->buf.free;
382         while((*tbh) != NULL) {
383                 struct tty_buffer *t = *tbh;
384                 if(t->size >= size) {
385                         *tbh = t->next;
386                         t->next = NULL;
387                         t->used = 0;
388                         t->commit = 0;
389                         t->read = 0;
390                         tty->buf.memory_used += t->size;
391                         return t;
392                 }
393                 tbh = &((*tbh)->next);
394         }
395         /* Round the buffer size out */
396         size = (size + 0xFF) & ~ 0xFF;
397         return tty_buffer_alloc(tty, size);
398         /* Should possibly check if this fails for the largest buffer we
399            have queued and recycle that ? */
400 }
401
402 /**
403  *      tty_buffer_request_room         -       grow tty buffer if needed
404  *      @tty: tty structure
405  *      @size: size desired
406  *
407  *      Make at least size bytes of linear space available for the tty
408  *      buffer. If we fail return the size we managed to find.
409  *
410  *      Locking: Takes tty->buf.lock
411  */
412 int tty_buffer_request_room(struct tty_struct *tty, size_t size)
413 {
414         struct tty_buffer *b, *n;
415         int left;
416         unsigned long flags;
417
418         spin_lock_irqsave(&tty->buf.lock, flags);
419
420         /* OPTIMISATION: We could keep a per tty "zero" sized buffer to
421            remove this conditional if its worth it. This would be invisible
422            to the callers */
423         if ((b = tty->buf.tail) != NULL)
424                 left = b->size - b->used;
425         else
426                 left = 0;
427
428         if (left < size) {
429                 /* This is the slow path - looking for new buffers to use */
430                 if ((n = tty_buffer_find(tty, size)) != NULL) {
431                         if (b != NULL) {
432                                 b->next = n;
433                                 b->commit = b->used;
434                         } else
435                                 tty->buf.head = n;
436                         tty->buf.tail = n;
437                 } else
438                         size = left;
439         }
440
441         spin_unlock_irqrestore(&tty->buf.lock, flags);
442         return size;
443 }
444 EXPORT_SYMBOL_GPL(tty_buffer_request_room);
445
446 /**
447  *      tty_insert_flip_string  -       Add characters to the tty buffer
448  *      @tty: tty structure
449  *      @chars: characters
450  *      @size: size
451  *
452  *      Queue a series of bytes to the tty buffering. All the characters
453  *      passed are marked as without error. Returns the number added.
454  *
455  *      Locking: Called functions may take tty->buf.lock
456  */
457
458 int tty_insert_flip_string(struct tty_struct *tty, const unsigned char *chars,
459                                 size_t size)
460 {
461         int copied = 0;
462         do {
463                 int space = tty_buffer_request_room(tty, size - copied);
464                 struct tty_buffer *tb = tty->buf.tail;
465                 /* If there is no space then tb may be NULL */
466                 if(unlikely(space == 0))
467                         break;
468                 memcpy(tb->char_buf_ptr + tb->used, chars, space);
469                 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
470                 tb->used += space;
471                 copied += space;
472                 chars += space;
473                 /* There is a small chance that we need to split the data over
474                    several buffers. If this is the case we must loop */
475         } while (unlikely(size > copied));
476         return copied;
477 }
478 EXPORT_SYMBOL(tty_insert_flip_string);
479
480 /**
481  *      tty_insert_flip_string_flags    -       Add characters to the tty buffer
482  *      @tty: tty structure
483  *      @chars: characters
484  *      @flags: flag bytes
485  *      @size: size
486  *
487  *      Queue a series of bytes to the tty buffering. For each character
488  *      the flags array indicates the status of the character. Returns the
489  *      number added.
490  *
491  *      Locking: Called functions may take tty->buf.lock
492  */
493
494 int tty_insert_flip_string_flags(struct tty_struct *tty,
495                 const unsigned char *chars, const char *flags, size_t size)
496 {
497         int copied = 0;
498         do {
499                 int space = tty_buffer_request_room(tty, size - copied);
500                 struct tty_buffer *tb = tty->buf.tail;
501                 /* If there is no space then tb may be NULL */
502                 if(unlikely(space == 0))
503                         break;
504                 memcpy(tb->char_buf_ptr + tb->used, chars, space);
505                 memcpy(tb->flag_buf_ptr + tb->used, flags, space);
506                 tb->used += space;
507                 copied += space;
508                 chars += space;
509                 flags += space;
510                 /* There is a small chance that we need to split the data over
511                    several buffers. If this is the case we must loop */
512         } while (unlikely(size > copied));
513         return copied;
514 }
515 EXPORT_SYMBOL(tty_insert_flip_string_flags);
516
517 /**
518  *      tty_schedule_flip       -       push characters to ldisc
519  *      @tty: tty to push from
520  *
521  *      Takes any pending buffers and transfers their ownership to the
522  *      ldisc side of the queue. It then schedules those characters for
523  *      processing by the line discipline.
524  *
525  *      Locking: Takes tty->buf.lock
526  */
527
528 void tty_schedule_flip(struct tty_struct *tty)
529 {
530         unsigned long flags;
531         spin_lock_irqsave(&tty->buf.lock, flags);
532         if (tty->buf.tail != NULL)
533                 tty->buf.tail->commit = tty->buf.tail->used;
534         spin_unlock_irqrestore(&tty->buf.lock, flags);
535         schedule_delayed_work(&tty->buf.work, 1);
536 }
537 EXPORT_SYMBOL(tty_schedule_flip);
538
539 /**
540  *      tty_prepare_flip_string         -       make room for characters
541  *      @tty: tty
542  *      @chars: return pointer for character write area
543  *      @size: desired size
544  *
545  *      Prepare a block of space in the buffer for data. Returns the length
546  *      available and buffer pointer to the space which is now allocated and
547  *      accounted for as ready for normal characters. This is used for drivers
548  *      that need their own block copy routines into the buffer. There is no
549  *      guarantee the buffer is a DMA target!
550  *
551  *      Locking: May call functions taking tty->buf.lock
552  */
553
554 int tty_prepare_flip_string(struct tty_struct *tty, unsigned char **chars, size_t size)
555 {
556         int space = tty_buffer_request_room(tty, size);
557         if (likely(space)) {
558                 struct tty_buffer *tb = tty->buf.tail;
559                 *chars = tb->char_buf_ptr + tb->used;
560                 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
561                 tb->used += space;
562         }
563         return space;
564 }
565
566 EXPORT_SYMBOL_GPL(tty_prepare_flip_string);
567
568 /**
569  *      tty_prepare_flip_string_flags   -       make room for characters
570  *      @tty: tty
571  *      @chars: return pointer for character write area
572  *      @flags: return pointer for status flag write area
573  *      @size: desired size
574  *
575  *      Prepare a block of space in the buffer for data. Returns the length
576  *      available and buffer pointer to the space which is now allocated and
577  *      accounted for as ready for characters. This is used for drivers
578  *      that need their own block copy routines into the buffer. There is no
579  *      guarantee the buffer is a DMA target!
580  *
581  *      Locking: May call functions taking tty->buf.lock
582  */
583
584 int tty_prepare_flip_string_flags(struct tty_struct *tty, unsigned char **chars, char **flags, size_t size)
585 {
586         int space = tty_buffer_request_room(tty, size);
587         if (likely(space)) {
588                 struct tty_buffer *tb = tty->buf.tail;
589                 *chars = tb->char_buf_ptr + tb->used;
590                 *flags = tb->flag_buf_ptr + tb->used;
591                 tb->used += space;
592         }
593         return space;
594 }
595
596 EXPORT_SYMBOL_GPL(tty_prepare_flip_string_flags);
597
598
599
600 /**
601  *      tty_set_termios_ldisc           -       set ldisc field
602  *      @tty: tty structure
603  *      @num: line discipline number
604  *
605  *      This is probably overkill for real world processors but
606  *      they are not on hot paths so a little discipline won't do 
607  *      any harm.
608  *
609  *      Locking: takes termios_mutex
610  */
611  
612 static void tty_set_termios_ldisc(struct tty_struct *tty, int num)
613 {
614         mutex_lock(&tty->termios_mutex);
615         tty->termios->c_line = num;
616         mutex_unlock(&tty->termios_mutex);
617 }
618
619 /*
620  *      This guards the refcounted line discipline lists. The lock
621  *      must be taken with irqs off because there are hangup path
622  *      callers who will do ldisc lookups and cannot sleep.
623  */
624  
625 static DEFINE_SPINLOCK(tty_ldisc_lock);
626 static DECLARE_WAIT_QUEUE_HEAD(tty_ldisc_wait);
627 static struct tty_ldisc tty_ldiscs[NR_LDISCS];  /* line disc dispatch table */
628
629 /**
630  *      tty_register_ldisc      -       install a line discipline
631  *      @disc: ldisc number
632  *      @new_ldisc: pointer to the ldisc object
633  *
634  *      Installs a new line discipline into the kernel. The discipline
635  *      is set up as unreferenced and then made available to the kernel
636  *      from this point onwards.
637  *
638  *      Locking:
639  *              takes tty_ldisc_lock to guard against ldisc races
640  */
641
642 int tty_register_ldisc(int disc, struct tty_ldisc *new_ldisc)
643 {
644         unsigned long flags;
645         int ret = 0;
646         
647         if (disc < N_TTY || disc >= NR_LDISCS)
648                 return -EINVAL;
649         
650         spin_lock_irqsave(&tty_ldisc_lock, flags);
651         tty_ldiscs[disc] = *new_ldisc;
652         tty_ldiscs[disc].num = disc;
653         tty_ldiscs[disc].flags |= LDISC_FLAG_DEFINED;
654         tty_ldiscs[disc].refcount = 0;
655         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
656         
657         return ret;
658 }
659 EXPORT_SYMBOL(tty_register_ldisc);
660
661 /**
662  *      tty_unregister_ldisc    -       unload a line discipline
663  *      @disc: ldisc number
664  *      @new_ldisc: pointer to the ldisc object
665  *
666  *      Remove a line discipline from the kernel providing it is not
667  *      currently in use.
668  *
669  *      Locking:
670  *              takes tty_ldisc_lock to guard against ldisc races
671  */
672
673 int tty_unregister_ldisc(int disc)
674 {
675         unsigned long flags;
676         int ret = 0;
677
678         if (disc < N_TTY || disc >= NR_LDISCS)
679                 return -EINVAL;
680
681         spin_lock_irqsave(&tty_ldisc_lock, flags);
682         if (tty_ldiscs[disc].refcount)
683                 ret = -EBUSY;
684         else
685                 tty_ldiscs[disc].flags &= ~LDISC_FLAG_DEFINED;
686         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
687
688         return ret;
689 }
690 EXPORT_SYMBOL(tty_unregister_ldisc);
691
692 /**
693  *      tty_ldisc_get           -       take a reference to an ldisc
694  *      @disc: ldisc number
695  *
696  *      Takes a reference to a line discipline. Deals with refcounts and
697  *      module locking counts. Returns NULL if the discipline is not available.
698  *      Returns a pointer to the discipline and bumps the ref count if it is
699  *      available
700  *
701  *      Locking:
702  *              takes tty_ldisc_lock to guard against ldisc races
703  */
704
705 struct tty_ldisc *tty_ldisc_get(int disc)
706 {
707         unsigned long flags;
708         struct tty_ldisc *ld;
709
710         if (disc < N_TTY || disc >= NR_LDISCS)
711                 return NULL;
712         
713         spin_lock_irqsave(&tty_ldisc_lock, flags);
714
715         ld = &tty_ldiscs[disc];
716         /* Check the entry is defined */
717         if(ld->flags & LDISC_FLAG_DEFINED)
718         {
719                 /* If the module is being unloaded we can't use it */
720                 if (!try_module_get(ld->owner))
721                         ld = NULL;
722                 else /* lock it */
723                         ld->refcount++;
724         }
725         else
726                 ld = NULL;
727         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
728         return ld;
729 }
730
731 EXPORT_SYMBOL_GPL(tty_ldisc_get);
732
733 /**
734  *      tty_ldisc_put           -       drop ldisc reference
735  *      @disc: ldisc number
736  *
737  *      Drop a reference to a line discipline. Manage refcounts and
738  *      module usage counts
739  *
740  *      Locking:
741  *              takes tty_ldisc_lock to guard against ldisc races
742  */
743
744 void tty_ldisc_put(int disc)
745 {
746         struct tty_ldisc *ld;
747         unsigned long flags;
748         
749         BUG_ON(disc < N_TTY || disc >= NR_LDISCS);
750                 
751         spin_lock_irqsave(&tty_ldisc_lock, flags);
752         ld = &tty_ldiscs[disc];
753         BUG_ON(ld->refcount == 0);
754         ld->refcount--;
755         module_put(ld->owner);
756         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
757 }
758         
759 EXPORT_SYMBOL_GPL(tty_ldisc_put);
760
761 /**
762  *      tty_ldisc_assign        -       set ldisc on a tty
763  *      @tty: tty to assign
764  *      @ld: line discipline
765  *
766  *      Install an instance of a line discipline into a tty structure. The
767  *      ldisc must have a reference count above zero to ensure it remains/
768  *      The tty instance refcount starts at zero.
769  *
770  *      Locking:
771  *              Caller must hold references
772  */
773
774 static void tty_ldisc_assign(struct tty_struct *tty, struct tty_ldisc *ld)
775 {
776         tty->ldisc = *ld;
777         tty->ldisc.refcount = 0;
778 }
779
780 /**
781  *      tty_ldisc_try           -       internal helper
782  *      @tty: the tty
783  *
784  *      Make a single attempt to grab and bump the refcount on
785  *      the tty ldisc. Return 0 on failure or 1 on success. This is
786  *      used to implement both the waiting and non waiting versions
787  *      of tty_ldisc_ref
788  *
789  *      Locking: takes tty_ldisc_lock
790  */
791
792 static int tty_ldisc_try(struct tty_struct *tty)
793 {
794         unsigned long flags;
795         struct tty_ldisc *ld;
796         int ret = 0;
797         
798         spin_lock_irqsave(&tty_ldisc_lock, flags);
799         ld = &tty->ldisc;
800         if(test_bit(TTY_LDISC, &tty->flags))
801         {
802                 ld->refcount++;
803                 ret = 1;
804         }
805         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
806         return ret;
807 }
808
809 /**
810  *      tty_ldisc_ref_wait      -       wait for the tty ldisc
811  *      @tty: tty device
812  *
813  *      Dereference the line discipline for the terminal and take a 
814  *      reference to it. If the line discipline is in flux then 
815  *      wait patiently until it changes.
816  *
817  *      Note: Must not be called from an IRQ/timer context. The caller
818  *      must also be careful not to hold other locks that will deadlock
819  *      against a discipline change, such as an existing ldisc reference
820  *      (which we check for)
821  *
822  *      Locking: call functions take tty_ldisc_lock
823  */
824  
825 struct tty_ldisc *tty_ldisc_ref_wait(struct tty_struct *tty)
826 {
827         /* wait_event is a macro */
828         wait_event(tty_ldisc_wait, tty_ldisc_try(tty));
829         if(tty->ldisc.refcount == 0)
830                 printk(KERN_ERR "tty_ldisc_ref_wait\n");
831         return &tty->ldisc;
832 }
833
834 EXPORT_SYMBOL_GPL(tty_ldisc_ref_wait);
835
836 /**
837  *      tty_ldisc_ref           -       get the tty ldisc
838  *      @tty: tty device
839  *
840  *      Dereference the line discipline for the terminal and take a 
841  *      reference to it. If the line discipline is in flux then 
842  *      return NULL. Can be called from IRQ and timer functions.
843  *
844  *      Locking: called functions take tty_ldisc_lock
845  */
846  
847 struct tty_ldisc *tty_ldisc_ref(struct tty_struct *tty)
848 {
849         if(tty_ldisc_try(tty))
850                 return &tty->ldisc;
851         return NULL;
852 }
853
854 EXPORT_SYMBOL_GPL(tty_ldisc_ref);
855
856 /**
857  *      tty_ldisc_deref         -       free a tty ldisc reference
858  *      @ld: reference to free up
859  *
860  *      Undoes the effect of tty_ldisc_ref or tty_ldisc_ref_wait. May
861  *      be called in IRQ context.
862  *
863  *      Locking: takes tty_ldisc_lock
864  */
865  
866 void tty_ldisc_deref(struct tty_ldisc *ld)
867 {
868         unsigned long flags;
869
870         BUG_ON(ld == NULL);
871                 
872         spin_lock_irqsave(&tty_ldisc_lock, flags);
873         if(ld->refcount == 0)
874                 printk(KERN_ERR "tty_ldisc_deref: no references.\n");
875         else
876                 ld->refcount--;
877         if(ld->refcount == 0)
878                 wake_up(&tty_ldisc_wait);
879         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
880 }
881
882 EXPORT_SYMBOL_GPL(tty_ldisc_deref);
883
884 /**
885  *      tty_ldisc_enable        -       allow ldisc use
886  *      @tty: terminal to activate ldisc on
887  *
888  *      Set the TTY_LDISC flag when the line discipline can be called
889  *      again. Do neccessary wakeups for existing sleepers.
890  *
891  *      Note: nobody should set this bit except via this function. Clearing
892  *      directly is allowed.
893  */
894
895 static void tty_ldisc_enable(struct tty_struct *tty)
896 {
897         set_bit(TTY_LDISC, &tty->flags);
898         wake_up(&tty_ldisc_wait);
899 }
900         
901 /**
902  *      tty_set_ldisc           -       set line discipline
903  *      @tty: the terminal to set
904  *      @ldisc: the line discipline
905  *
906  *      Set the discipline of a tty line. Must be called from a process
907  *      context.
908  *
909  *      Locking: takes tty_ldisc_lock.
910  *               called functions take termios_mutex
911  */
912  
913 static int tty_set_ldisc(struct tty_struct *tty, int ldisc)
914 {
915         int retval = 0;
916         struct tty_ldisc o_ldisc;
917         char buf[64];
918         int work;
919         unsigned long flags;
920         struct tty_ldisc *ld;
921         struct tty_struct *o_tty;
922
923         if ((ldisc < N_TTY) || (ldisc >= NR_LDISCS))
924                 return -EINVAL;
925
926 restart:
927
928         ld = tty_ldisc_get(ldisc);
929         /* Eduardo Blanco <ejbs@cs.cs.com.uy> */
930         /* Cyrus Durgin <cider@speakeasy.org> */
931         if (ld == NULL) {
932                 request_module("tty-ldisc-%d", ldisc);
933                 ld = tty_ldisc_get(ldisc);
934         }
935         if (ld == NULL)
936                 return -EINVAL;
937
938         /*
939          *      No more input please, we are switching. The new ldisc
940          *      will update this value in the ldisc open function
941          */
942
943         tty->receive_room = 0;
944
945         /*
946          *      Problem: What do we do if this blocks ?
947          */
948
949         tty_wait_until_sent(tty, 0);
950
951         if (tty->ldisc.num == ldisc) {
952                 tty_ldisc_put(ldisc);
953                 return 0;
954         }
955
956         o_ldisc = tty->ldisc;
957         o_tty = tty->link;
958
959         /*
960          *      Make sure we don't change while someone holds a
961          *      reference to the line discipline. The TTY_LDISC bit
962          *      prevents anyone taking a reference once it is clear.
963          *      We need the lock to avoid racing reference takers.
964          */
965
966         spin_lock_irqsave(&tty_ldisc_lock, flags);
967         if (tty->ldisc.refcount || (o_tty && o_tty->ldisc.refcount)) {
968                 if(tty->ldisc.refcount) {
969                         /* Free the new ldisc we grabbed. Must drop the lock
970                            first. */
971                         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
972                         tty_ldisc_put(ldisc);
973                         /*
974                          * There are several reasons we may be busy, including
975                          * random momentary I/O traffic. We must therefore
976                          * retry. We could distinguish between blocking ops
977                          * and retries if we made tty_ldisc_wait() smarter. That
978                          * is up for discussion.
979                          */
980                         if (wait_event_interruptible(tty_ldisc_wait, tty->ldisc.refcount == 0) < 0)
981                                 return -ERESTARTSYS;
982                         goto restart;
983                 }
984                 if(o_tty && o_tty->ldisc.refcount) {
985                         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
986                         tty_ldisc_put(ldisc);
987                         if (wait_event_interruptible(tty_ldisc_wait, o_tty->ldisc.refcount == 0) < 0)
988                                 return -ERESTARTSYS;
989                         goto restart;
990                 }
991         }
992
993         /* if the TTY_LDISC bit is set, then we are racing against another ldisc change */
994
995         if (!test_bit(TTY_LDISC, &tty->flags)) {
996                 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
997                 tty_ldisc_put(ldisc);
998                 ld = tty_ldisc_ref_wait(tty);
999                 tty_ldisc_deref(ld);
1000                 goto restart;
1001         }
1002
1003         clear_bit(TTY_LDISC, &tty->flags);
1004         if (o_tty)
1005                 clear_bit(TTY_LDISC, &o_tty->flags);
1006         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1007
1008         /*
1009          *      From this point on we know nobody has an ldisc
1010          *      usage reference, nor can they obtain one until
1011          *      we say so later on.
1012          */
1013
1014         work = cancel_delayed_work(&tty->buf.work);
1015         /*
1016          * Wait for ->hangup_work and ->buf.work handlers to terminate
1017          */
1018          
1019         flush_scheduled_work();
1020         /* Shutdown the current discipline. */
1021         if (tty->ldisc.close)
1022                 (tty->ldisc.close)(tty);
1023
1024         /* Now set up the new line discipline. */
1025         tty_ldisc_assign(tty, ld);
1026         tty_set_termios_ldisc(tty, ldisc);
1027         if (tty->ldisc.open)
1028                 retval = (tty->ldisc.open)(tty);
1029         if (retval < 0) {
1030                 tty_ldisc_put(ldisc);
1031                 /* There is an outstanding reference here so this is safe */
1032                 tty_ldisc_assign(tty, tty_ldisc_get(o_ldisc.num));
1033                 tty_set_termios_ldisc(tty, tty->ldisc.num);
1034                 if (tty->ldisc.open && (tty->ldisc.open(tty) < 0)) {
1035                         tty_ldisc_put(o_ldisc.num);
1036                         /* This driver is always present */
1037                         tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
1038                         tty_set_termios_ldisc(tty, N_TTY);
1039                         if (tty->ldisc.open) {
1040                                 int r = tty->ldisc.open(tty);
1041
1042                                 if (r < 0)
1043                                         panic("Couldn't open N_TTY ldisc for "
1044                                               "%s --- error %d.",
1045                                               tty_name(tty, buf), r);
1046                         }
1047                 }
1048         }
1049         /* At this point we hold a reference to the new ldisc and a
1050            a reference to the old ldisc. If we ended up flipping back
1051            to the existing ldisc we have two references to it */
1052         
1053         if (tty->ldisc.num != o_ldisc.num && tty->driver->set_ldisc)
1054                 tty->driver->set_ldisc(tty);
1055                 
1056         tty_ldisc_put(o_ldisc.num);
1057         
1058         /*
1059          *      Allow ldisc referencing to occur as soon as the driver
1060          *      ldisc callback completes.
1061          */
1062          
1063         tty_ldisc_enable(tty);
1064         if (o_tty)
1065                 tty_ldisc_enable(o_tty);
1066         
1067         /* Restart it in case no characters kick it off. Safe if
1068            already running */
1069         if (work)
1070                 schedule_delayed_work(&tty->buf.work, 1);
1071         return retval;
1072 }
1073
1074 /**
1075  *      get_tty_driver          -       find device of a tty
1076  *      @dev_t: device identifier
1077  *      @index: returns the index of the tty
1078  *
1079  *      This routine returns a tty driver structure, given a device number
1080  *      and also passes back the index number.
1081  *
1082  *      Locking: caller must hold tty_mutex
1083  */
1084
1085 static struct tty_driver *get_tty_driver(dev_t device, int *index)
1086 {
1087         struct tty_driver *p;
1088
1089         list_for_each_entry(p, &tty_drivers, tty_drivers) {
1090                 dev_t base = MKDEV(p->major, p->minor_start);
1091                 if (device < base || device >= base + p->num)
1092                         continue;
1093                 *index = device - base;
1094                 return p;
1095         }
1096         return NULL;
1097 }
1098
1099 /**
1100  *      tty_check_change        -       check for POSIX terminal changes
1101  *      @tty: tty to check
1102  *
1103  *      If we try to write to, or set the state of, a terminal and we're
1104  *      not in the foreground, send a SIGTTOU.  If the signal is blocked or
1105  *      ignored, go ahead and perform the operation.  (POSIX 7.2)
1106  *
1107  *      Locking: none
1108  */
1109
1110 int tty_check_change(struct tty_struct * tty)
1111 {
1112         if (current->signal->tty != tty)
1113                 return 0;
1114         if (!tty->pgrp) {
1115                 printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n");
1116                 return 0;
1117         }
1118         if (task_pgrp(current) == tty->pgrp)
1119                 return 0;
1120         if (is_ignored(SIGTTOU))
1121                 return 0;
1122         if (is_current_pgrp_orphaned())
1123                 return -EIO;
1124         (void) kill_pgrp(task_pgrp(current), SIGTTOU, 1);
1125         return -ERESTARTSYS;
1126 }
1127
1128 EXPORT_SYMBOL(tty_check_change);
1129
1130 static ssize_t hung_up_tty_read(struct file * file, char __user * buf,
1131                                 size_t count, loff_t *ppos)
1132 {
1133         return 0;
1134 }
1135
1136 static ssize_t hung_up_tty_write(struct file * file, const char __user * buf,
1137                                  size_t count, loff_t *ppos)
1138 {
1139         return -EIO;
1140 }
1141
1142 /* No kernel lock held - none needed ;) */
1143 static unsigned int hung_up_tty_poll(struct file * filp, poll_table * wait)
1144 {
1145         return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
1146 }
1147
1148 static int hung_up_tty_ioctl(struct inode * inode, struct file * file,
1149                              unsigned int cmd, unsigned long arg)
1150 {
1151         return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
1152 }
1153
1154 static const struct file_operations tty_fops = {
1155         .llseek         = no_llseek,
1156         .read           = tty_read,
1157         .write          = tty_write,
1158         .poll           = tty_poll,
1159         .ioctl          = tty_ioctl,
1160         .open           = tty_open,
1161         .release        = tty_release,
1162         .fasync         = tty_fasync,
1163 };
1164
1165 #ifdef CONFIG_UNIX98_PTYS
1166 static const struct file_operations ptmx_fops = {
1167         .llseek         = no_llseek,
1168         .read           = tty_read,
1169         .write          = tty_write,
1170         .poll           = tty_poll,
1171         .ioctl          = tty_ioctl,
1172         .open           = ptmx_open,
1173         .release        = tty_release,
1174         .fasync         = tty_fasync,
1175 };
1176 #endif
1177
1178 static const struct file_operations console_fops = {
1179         .llseek         = no_llseek,
1180         .read           = tty_read,
1181         .write          = redirected_tty_write,
1182         .poll           = tty_poll,
1183         .ioctl          = tty_ioctl,
1184         .open           = tty_open,
1185         .release        = tty_release,
1186         .fasync         = tty_fasync,
1187 };
1188
1189 static const struct file_operations hung_up_tty_fops = {
1190         .llseek         = no_llseek,
1191         .read           = hung_up_tty_read,
1192         .write          = hung_up_tty_write,
1193         .poll           = hung_up_tty_poll,
1194         .ioctl          = hung_up_tty_ioctl,
1195         .release        = tty_release,
1196 };
1197
1198 static DEFINE_SPINLOCK(redirect_lock);
1199 static struct file *redirect;
1200
1201 /**
1202  *      tty_wakeup      -       request more data
1203  *      @tty: terminal
1204  *
1205  *      Internal and external helper for wakeups of tty. This function
1206  *      informs the line discipline if present that the driver is ready
1207  *      to receive more output data.
1208  */
1209  
1210 void tty_wakeup(struct tty_struct *tty)
1211 {
1212         struct tty_ldisc *ld;
1213         
1214         if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
1215                 ld = tty_ldisc_ref(tty);
1216                 if(ld) {
1217                         if(ld->write_wakeup)
1218                                 ld->write_wakeup(tty);
1219                         tty_ldisc_deref(ld);
1220                 }
1221         }
1222         wake_up_interruptible(&tty->write_wait);
1223 }
1224
1225 EXPORT_SYMBOL_GPL(tty_wakeup);
1226
1227 /**
1228  *      tty_ldisc_flush -       flush line discipline queue
1229  *      @tty: tty
1230  *
1231  *      Flush the line discipline queue (if any) for this tty. If there
1232  *      is no line discipline active this is a no-op.
1233  */
1234  
1235 void tty_ldisc_flush(struct tty_struct *tty)
1236 {
1237         struct tty_ldisc *ld = tty_ldisc_ref(tty);
1238         if(ld) {
1239                 if(ld->flush_buffer)
1240                         ld->flush_buffer(tty);
1241                 tty_ldisc_deref(ld);
1242         }
1243 }
1244
1245 EXPORT_SYMBOL_GPL(tty_ldisc_flush);
1246
1247 /**
1248  *      tty_reset_termios       -       reset terminal state
1249  *      @tty: tty to reset
1250  *
1251  *      Restore a terminal to the driver default state
1252  */
1253
1254 static void tty_reset_termios(struct tty_struct *tty)
1255 {
1256         mutex_lock(&tty->termios_mutex);
1257         *tty->termios = tty->driver->init_termios;
1258         tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
1259         tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
1260         mutex_unlock(&tty->termios_mutex);
1261 }
1262         
1263 /**
1264  *      do_tty_hangup           -       actual handler for hangup events
1265  *      @work: tty device
1266  *
1267  *      This can be called by the "eventd" kernel thread.  That is process
1268  *      synchronous but doesn't hold any locks, so we need to make sure we
1269  *      have the appropriate locks for what we're doing.
1270  *
1271  *      The hangup event clears any pending redirections onto the hung up
1272  *      device. It ensures future writes will error and it does the needed
1273  *      line discipline hangup and signal delivery. The tty object itself
1274  *      remains intact.
1275  *
1276  *      Locking:
1277  *              BKL
1278  *                redirect lock for undoing redirection
1279  *                file list lock for manipulating list of ttys
1280  *                tty_ldisc_lock from called functions
1281  *                termios_mutex resetting termios data
1282  *                tasklist_lock to walk task list for hangup event
1283  *                  ->siglock to protect ->signal/->sighand
1284  */
1285 static void do_tty_hangup(struct work_struct *work)
1286 {
1287         struct tty_struct *tty =
1288                 container_of(work, struct tty_struct, hangup_work);
1289         struct file * cons_filp = NULL;
1290         struct file *filp, *f = NULL;
1291         struct task_struct *p;
1292         struct tty_ldisc *ld;
1293         int    closecount = 0, n;
1294
1295         if (!tty)
1296                 return;
1297
1298         /* inuse_filps is protected by the single kernel lock */
1299         lock_kernel();
1300
1301         spin_lock(&redirect_lock);
1302         if (redirect && redirect->private_data == tty) {
1303                 f = redirect;
1304                 redirect = NULL;
1305         }
1306         spin_unlock(&redirect_lock);
1307         
1308         check_tty_count(tty, "do_tty_hangup");
1309         file_list_lock();
1310         /* This breaks for file handles being sent over AF_UNIX sockets ? */
1311         list_for_each_entry(filp, &tty->tty_files, f_u.fu_list) {
1312                 if (filp->f_op->write == redirected_tty_write)
1313                         cons_filp = filp;
1314                 if (filp->f_op->write != tty_write)
1315                         continue;
1316                 closecount++;
1317                 tty_fasync(-1, filp, 0);        /* can't block */
1318                 filp->f_op = &hung_up_tty_fops;
1319         }
1320         file_list_unlock();
1321         
1322         /* FIXME! What are the locking issues here? This may me overdoing things..
1323          * this question is especially important now that we've removed the irqlock. */
1324
1325         ld = tty_ldisc_ref(tty);
1326         if(ld != NULL)  /* We may have no line discipline at this point */
1327         {
1328                 if (ld->flush_buffer)
1329                         ld->flush_buffer(tty);
1330                 if (tty->driver->flush_buffer)
1331                         tty->driver->flush_buffer(tty);
1332                 if ((test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) &&
1333                     ld->write_wakeup)
1334                         ld->write_wakeup(tty);
1335                 if (ld->hangup)
1336                         ld->hangup(tty);
1337         }
1338
1339         /* FIXME: Once we trust the LDISC code better we can wait here for
1340            ldisc completion and fix the driver call race */
1341            
1342         wake_up_interruptible(&tty->write_wait);
1343         wake_up_interruptible(&tty->read_wait);
1344
1345         /*
1346          * Shutdown the current line discipline, and reset it to
1347          * N_TTY.
1348          */
1349         if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1350                 tty_reset_termios(tty);
1351         
1352         /* Defer ldisc switch */
1353         /* tty_deferred_ldisc_switch(N_TTY);
1354         
1355           This should get done automatically when the port closes and
1356           tty_release is called */
1357         
1358         read_lock(&tasklist_lock);
1359         if (tty->session) {
1360                 do_each_pid_task(tty->session, PIDTYPE_SID, p) {
1361                         spin_lock_irq(&p->sighand->siglock);
1362                         if (p->signal->tty == tty)
1363                                 p->signal->tty = NULL;
1364                         if (!p->signal->leader) {
1365                                 spin_unlock_irq(&p->sighand->siglock);
1366                                 continue;
1367                         }
1368                         __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
1369                         __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
1370                         put_pid(p->signal->tty_old_pgrp);  /* A noop */
1371                         if (tty->pgrp)
1372                                 p->signal->tty_old_pgrp = get_pid(tty->pgrp);
1373                         spin_unlock_irq(&p->sighand->siglock);
1374                 } while_each_pid_task(tty->session, PIDTYPE_SID, p);
1375         }
1376         read_unlock(&tasklist_lock);
1377
1378         tty->flags = 0;
1379         put_pid(tty->session);
1380         put_pid(tty->pgrp);
1381         tty->session = NULL;
1382         tty->pgrp = NULL;
1383         tty->ctrl_status = 0;
1384         /*
1385          *      If one of the devices matches a console pointer, we
1386          *      cannot just call hangup() because that will cause
1387          *      tty->count and state->count to go out of sync.
1388          *      So we just call close() the right number of times.
1389          */
1390         if (cons_filp) {
1391                 if (tty->driver->close)
1392                         for (n = 0; n < closecount; n++)
1393                                 tty->driver->close(tty, cons_filp);
1394         } else if (tty->driver->hangup)
1395                 (tty->driver->hangup)(tty);
1396                 
1397         /* We don't want to have driver/ldisc interactions beyond
1398            the ones we did here. The driver layer expects no
1399            calls after ->hangup() from the ldisc side. However we
1400            can't yet guarantee all that */
1401
1402         set_bit(TTY_HUPPED, &tty->flags);
1403         if (ld) {
1404                 tty_ldisc_enable(tty);
1405                 tty_ldisc_deref(ld);
1406         }
1407         unlock_kernel();
1408         if (f)
1409                 fput(f);
1410 }
1411
1412 /**
1413  *      tty_hangup              -       trigger a hangup event
1414  *      @tty: tty to hangup
1415  *
1416  *      A carrier loss (virtual or otherwise) has occurred on this like
1417  *      schedule a hangup sequence to run after this event.
1418  */
1419
1420 void tty_hangup(struct tty_struct * tty)
1421 {
1422 #ifdef TTY_DEBUG_HANGUP
1423         char    buf[64];
1424         
1425         printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
1426 #endif
1427         schedule_work(&tty->hangup_work);
1428 }
1429
1430 EXPORT_SYMBOL(tty_hangup);
1431
1432 /**
1433  *      tty_vhangup             -       process vhangup
1434  *      @tty: tty to hangup
1435  *
1436  *      The user has asked via system call for the terminal to be hung up.
1437  *      We do this synchronously so that when the syscall returns the process
1438  *      is complete. That guarantee is neccessary for security reasons.
1439  */
1440
1441 void tty_vhangup(struct tty_struct * tty)
1442 {
1443 #ifdef TTY_DEBUG_HANGUP
1444         char    buf[64];
1445
1446         printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
1447 #endif
1448         do_tty_hangup(&tty->hangup_work);
1449 }
1450 EXPORT_SYMBOL(tty_vhangup);
1451
1452 /**
1453  *      tty_hung_up_p           -       was tty hung up
1454  *      @filp: file pointer of tty
1455  *
1456  *      Return true if the tty has been subject to a vhangup or a carrier
1457  *      loss
1458  */
1459
1460 int tty_hung_up_p(struct file * filp)
1461 {
1462         return (filp->f_op == &hung_up_tty_fops);
1463 }
1464
1465 EXPORT_SYMBOL(tty_hung_up_p);
1466
1467 static void session_clear_tty(struct pid *session)
1468 {
1469         struct task_struct *p;
1470         do_each_pid_task(session, PIDTYPE_SID, p) {
1471                 proc_clear_tty(p);
1472         } while_each_pid_task(session, PIDTYPE_SID, p);
1473 }
1474
1475 /**
1476  *      disassociate_ctty       -       disconnect controlling tty
1477  *      @on_exit: true if exiting so need to "hang up" the session
1478  *
1479  *      This function is typically called only by the session leader, when
1480  *      it wants to disassociate itself from its controlling tty.
1481  *
1482  *      It performs the following functions:
1483  *      (1)  Sends a SIGHUP and SIGCONT to the foreground process group
1484  *      (2)  Clears the tty from being controlling the session
1485  *      (3)  Clears the controlling tty for all processes in the
1486  *              session group.
1487  *
1488  *      The argument on_exit is set to 1 if called when a process is
1489  *      exiting; it is 0 if called by the ioctl TIOCNOTTY.
1490  *
1491  *      Locking:
1492  *              BKL is taken for hysterical raisins
1493  *                tty_mutex is taken to protect tty
1494  *                ->siglock is taken to protect ->signal/->sighand
1495  *                tasklist_lock is taken to walk process list for sessions
1496  *                  ->siglock is taken to protect ->signal/->sighand
1497  */
1498
1499 void disassociate_ctty(int on_exit)
1500 {
1501         struct tty_struct *tty;
1502         struct pid *tty_pgrp = NULL;
1503
1504         lock_kernel();
1505
1506         mutex_lock(&tty_mutex);
1507         tty = get_current_tty();
1508         if (tty) {
1509                 tty_pgrp = get_pid(tty->pgrp);
1510                 mutex_unlock(&tty_mutex);
1511                 /* XXX: here we race, there is nothing protecting tty */
1512                 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY)
1513                         tty_vhangup(tty);
1514         } else if (on_exit) {
1515                 struct pid *old_pgrp;
1516                 spin_lock_irq(&current->sighand->siglock);
1517                 old_pgrp = current->signal->tty_old_pgrp;
1518                 current->signal->tty_old_pgrp = NULL;
1519                 spin_unlock_irq(&current->sighand->siglock);
1520                 if (old_pgrp) {
1521                         kill_pgrp(old_pgrp, SIGHUP, on_exit);
1522                         kill_pgrp(old_pgrp, SIGCONT, on_exit);
1523                         put_pid(old_pgrp);
1524                 }
1525                 mutex_unlock(&tty_mutex);
1526                 unlock_kernel();        
1527                 return;
1528         }
1529         if (tty_pgrp) {
1530                 kill_pgrp(tty_pgrp, SIGHUP, on_exit);
1531                 if (!on_exit)
1532                         kill_pgrp(tty_pgrp, SIGCONT, on_exit);
1533                 put_pid(tty_pgrp);
1534         }
1535
1536         spin_lock_irq(&current->sighand->siglock);
1537         tty_pgrp = current->signal->tty_old_pgrp;
1538         current->signal->tty_old_pgrp = NULL;
1539         spin_unlock_irq(&current->sighand->siglock);
1540         put_pid(tty_pgrp);
1541
1542         mutex_lock(&tty_mutex);
1543         /* It is possible that do_tty_hangup has free'd this tty */
1544         tty = get_current_tty();
1545         if (tty) {
1546                 put_pid(tty->session);
1547                 put_pid(tty->pgrp);
1548                 tty->session = NULL;
1549                 tty->pgrp = NULL;
1550         } else {
1551 #ifdef TTY_DEBUG_HANGUP
1552                 printk(KERN_DEBUG "error attempted to write to tty [0x%p]"
1553                        " = NULL", tty);
1554 #endif
1555         }
1556         mutex_unlock(&tty_mutex);
1557
1558         /* Now clear signal->tty under the lock */
1559         read_lock(&tasklist_lock);
1560         session_clear_tty(task_session(current));
1561         read_unlock(&tasklist_lock);
1562         unlock_kernel();
1563 }
1564
1565
1566 /**
1567  *      stop_tty        -       propogate flow control
1568  *      @tty: tty to stop
1569  *
1570  *      Perform flow control to the driver. For PTY/TTY pairs we
1571  *      must also propogate the TIOCKPKT status. May be called
1572  *      on an already stopped device and will not re-call the driver
1573  *      method.
1574  *
1575  *      This functionality is used by both the line disciplines for
1576  *      halting incoming flow and by the driver. It may therefore be
1577  *      called from any context, may be under the tty atomic_write_lock
1578  *      but not always.
1579  *
1580  *      Locking:
1581  *              Broken. Relies on BKL which is unsafe here.
1582  */
1583
1584 void stop_tty(struct tty_struct *tty)
1585 {
1586         if (tty->stopped)
1587                 return;
1588         tty->stopped = 1;
1589         if (tty->link && tty->link->packet) {
1590                 tty->ctrl_status &= ~TIOCPKT_START;
1591                 tty->ctrl_status |= TIOCPKT_STOP;
1592                 wake_up_interruptible(&tty->link->read_wait);
1593         }
1594         if (tty->driver->stop)
1595                 (tty->driver->stop)(tty);
1596 }
1597
1598 EXPORT_SYMBOL(stop_tty);
1599
1600 /**
1601  *      start_tty       -       propogate flow control
1602  *      @tty: tty to start
1603  *
1604  *      Start a tty that has been stopped if at all possible. Perform
1605  *      any neccessary wakeups and propogate the TIOCPKT status. If this
1606  *      is the tty was previous stopped and is being started then the
1607  *      driver start method is invoked and the line discipline woken.
1608  *
1609  *      Locking:
1610  *              Broken. Relies on BKL which is unsafe here.
1611  */
1612
1613 void start_tty(struct tty_struct *tty)
1614 {
1615         if (!tty->stopped || tty->flow_stopped)
1616                 return;
1617         tty->stopped = 0;
1618         if (tty->link && tty->link->packet) {
1619                 tty->ctrl_status &= ~TIOCPKT_STOP;
1620                 tty->ctrl_status |= TIOCPKT_START;
1621                 wake_up_interruptible(&tty->link->read_wait);
1622         }
1623         if (tty->driver->start)
1624                 (tty->driver->start)(tty);
1625
1626         /* If we have a running line discipline it may need kicking */
1627         tty_wakeup(tty);
1628 }
1629
1630 EXPORT_SYMBOL(start_tty);
1631
1632 /**
1633  *      tty_read        -       read method for tty device files
1634  *      @file: pointer to tty file
1635  *      @buf: user buffer
1636  *      @count: size of user buffer
1637  *      @ppos: unused
1638  *
1639  *      Perform the read system call function on this terminal device. Checks
1640  *      for hung up devices before calling the line discipline method.
1641  *
1642  *      Locking:
1643  *              Locks the line discipline internally while needed
1644  *              For historical reasons the line discipline read method is
1645  *      invoked under the BKL. This will go away in time so do not rely on it
1646  *      in new code. Multiple read calls may be outstanding in parallel.
1647  */
1648
1649 static ssize_t tty_read(struct file * file, char __user * buf, size_t count, 
1650                         loff_t *ppos)
1651 {
1652         int i;
1653         struct tty_struct * tty;
1654         struct inode *inode;
1655         struct tty_ldisc *ld;
1656
1657         tty = (struct tty_struct *)file->private_data;
1658         inode = file->f_path.dentry->d_inode;
1659         if (tty_paranoia_check(tty, inode, "tty_read"))
1660                 return -EIO;
1661         if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
1662                 return -EIO;
1663
1664         /* We want to wait for the line discipline to sort out in this
1665            situation */
1666         ld = tty_ldisc_ref_wait(tty);
1667         lock_kernel();
1668         if (ld->read)
1669                 i = (ld->read)(tty,file,buf,count);
1670         else
1671                 i = -EIO;
1672         tty_ldisc_deref(ld);
1673         unlock_kernel();
1674         if (i > 0)
1675                 inode->i_atime = current_fs_time(inode->i_sb);
1676         return i;
1677 }
1678
1679 /*
1680  * Split writes up in sane blocksizes to avoid
1681  * denial-of-service type attacks
1682  */
1683 static inline ssize_t do_tty_write(
1684         ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1685         struct tty_struct *tty,
1686         struct file *file,
1687         const char __user *buf,
1688         size_t count)
1689 {
1690         ssize_t ret = 0, written = 0;
1691         unsigned int chunk;
1692         
1693         /* FIXME: O_NDELAY ... */
1694         if (mutex_lock_interruptible(&tty->atomic_write_lock)) {
1695                 return -ERESTARTSYS;
1696         }
1697
1698         /*
1699          * We chunk up writes into a temporary buffer. This
1700          * simplifies low-level drivers immensely, since they
1701          * don't have locking issues and user mode accesses.
1702          *
1703          * But if TTY_NO_WRITE_SPLIT is set, we should use a
1704          * big chunk-size..
1705          *
1706          * The default chunk-size is 2kB, because the NTTY
1707          * layer has problems with bigger chunks. It will
1708          * claim to be able to handle more characters than
1709          * it actually does.
1710          *
1711          * FIXME: This can probably go away now except that 64K chunks
1712          * are too likely to fail unless switched to vmalloc...
1713          */
1714         chunk = 2048;
1715         if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1716                 chunk = 65536;
1717         if (count < chunk)
1718                 chunk = count;
1719
1720         /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1721         if (tty->write_cnt < chunk) {
1722                 unsigned char *buf;
1723
1724                 if (chunk < 1024)
1725                         chunk = 1024;
1726
1727                 buf = kmalloc(chunk, GFP_KERNEL);
1728                 if (!buf) {
1729                         mutex_unlock(&tty->atomic_write_lock);
1730                         return -ENOMEM;
1731                 }
1732                 kfree(tty->write_buf);
1733                 tty->write_cnt = chunk;
1734                 tty->write_buf = buf;
1735         }
1736
1737         /* Do the write .. */
1738         for (;;) {
1739                 size_t size = count;
1740                 if (size > chunk)
1741                         size = chunk;
1742                 ret = -EFAULT;
1743                 if (copy_from_user(tty->write_buf, buf, size))
1744                         break;
1745                 lock_kernel();
1746                 ret = write(tty, file, tty->write_buf, size);
1747                 unlock_kernel();
1748                 if (ret <= 0)
1749                         break;
1750                 written += ret;
1751                 buf += ret;
1752                 count -= ret;
1753                 if (!count)
1754                         break;
1755                 ret = -ERESTARTSYS;
1756                 if (signal_pending(current))
1757                         break;
1758                 cond_resched();
1759         }
1760         if (written) {
1761                 struct inode *inode = file->f_path.dentry->d_inode;
1762                 inode->i_mtime = current_fs_time(inode->i_sb);
1763                 ret = written;
1764         }
1765         mutex_unlock(&tty->atomic_write_lock);
1766         return ret;
1767 }
1768
1769
1770 /**
1771  *      tty_write               -       write method for tty device file
1772  *      @file: tty file pointer
1773  *      @buf: user data to write
1774  *      @count: bytes to write
1775  *      @ppos: unused
1776  *
1777  *      Write data to a tty device via the line discipline.
1778  *
1779  *      Locking:
1780  *              Locks the line discipline as required
1781  *              Writes to the tty driver are serialized by the atomic_write_lock
1782  *      and are then processed in chunks to the device. The line discipline
1783  *      write method will not be involked in parallel for each device
1784  *              The line discipline write method is called under the big
1785  *      kernel lock for historical reasons. New code should not rely on this.
1786  */
1787
1788 static ssize_t tty_write(struct file * file, const char __user * buf, size_t count,
1789                          loff_t *ppos)
1790 {
1791         struct tty_struct * tty;
1792         struct inode *inode = file->f_path.dentry->d_inode;
1793         ssize_t ret;
1794         struct tty_ldisc *ld;
1795         
1796         tty = (struct tty_struct *)file->private_data;
1797         if (tty_paranoia_check(tty, inode, "tty_write"))
1798                 return -EIO;
1799         if (!tty || !tty->driver->write || (test_bit(TTY_IO_ERROR, &tty->flags)))
1800                 return -EIO;
1801
1802         ld = tty_ldisc_ref_wait(tty);           
1803         if (!ld->write)
1804                 ret = -EIO;
1805         else
1806                 ret = do_tty_write(ld->write, tty, file, buf, count);
1807         tty_ldisc_deref(ld);
1808         return ret;
1809 }
1810
1811 ssize_t redirected_tty_write(struct file * file, const char __user * buf, size_t count,
1812                          loff_t *ppos)
1813 {
1814         struct file *p = NULL;
1815
1816         spin_lock(&redirect_lock);
1817         if (redirect) {
1818                 get_file(redirect);
1819                 p = redirect;
1820         }
1821         spin_unlock(&redirect_lock);
1822
1823         if (p) {
1824                 ssize_t res;
1825                 res = vfs_write(p, buf, count, &p->f_pos);
1826                 fput(p);
1827                 return res;
1828         }
1829
1830         return tty_write(file, buf, count, ppos);
1831 }
1832
1833 static char ptychar[] = "pqrstuvwxyzabcde";
1834
1835 /**
1836  *      pty_line_name   -       generate name for a pty
1837  *      @driver: the tty driver in use
1838  *      @index: the minor number
1839  *      @p: output buffer of at least 6 bytes
1840  *
1841  *      Generate a name from a driver reference and write it to the output
1842  *      buffer.
1843  *
1844  *      Locking: None
1845  */
1846 static void pty_line_name(struct tty_driver *driver, int index, char *p)
1847 {
1848         int i = index + driver->name_base;
1849         /* ->name is initialized to "ttyp", but "tty" is expected */
1850         sprintf(p, "%s%c%x",
1851                         driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1852                         ptychar[i >> 4 & 0xf], i & 0xf);
1853 }
1854
1855 /**
1856  *      pty_line_name   -       generate name for a tty
1857  *      @driver: the tty driver in use
1858  *      @index: the minor number
1859  *      @p: output buffer of at least 7 bytes
1860  *
1861  *      Generate a name from a driver reference and write it to the output
1862  *      buffer.
1863  *
1864  *      Locking: None
1865  */
1866 static void tty_line_name(struct tty_driver *driver, int index, char *p)
1867 {
1868         sprintf(p, "%s%d", driver->name, index + driver->name_base);
1869 }
1870
1871 /**
1872  *      init_dev                -       initialise a tty device
1873  *      @driver: tty driver we are opening a device on
1874  *      @idx: device index
1875  *      @tty: returned tty structure
1876  *
1877  *      Prepare a tty device. This may not be a "new" clean device but
1878  *      could also be an active device. The pty drivers require special
1879  *      handling because of this.
1880  *
1881  *      Locking:
1882  *              The function is called under the tty_mutex, which
1883  *      protects us from the tty struct or driver itself going away.
1884  *
1885  *      On exit the tty device has the line discipline attached and
1886  *      a reference count of 1. If a pair was created for pty/tty use
1887  *      and the other was a pty master then it too has a reference count of 1.
1888  *
1889  * WSH 06/09/97: Rewritten to remove races and properly clean up after a
1890  * failed open.  The new code protects the open with a mutex, so it's
1891  * really quite straightforward.  The mutex locking can probably be
1892  * relaxed for the (most common) case of reopening a tty.
1893  */
1894
1895 static int init_dev(struct tty_driver *driver, int idx,
1896         struct tty_struct **ret_tty)
1897 {
1898         struct tty_struct *tty, *o_tty;
1899         struct ktermios *tp, **tp_loc, *o_tp, **o_tp_loc;
1900         struct ktermios *ltp, **ltp_loc, *o_ltp, **o_ltp_loc;
1901         int retval = 0;
1902
1903         /* check whether we're reopening an existing tty */
1904         if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1905                 tty = devpts_get_tty(idx);
1906                 /*
1907                  * If we don't have a tty here on a slave open, it's because
1908                  * the master already started the close process and there's
1909                  * no relation between devpts file and tty anymore.
1910                  */
1911                 if (!tty && driver->subtype == PTY_TYPE_SLAVE) {
1912                         retval = -EIO;
1913                         goto end_init;
1914                 }
1915                 /*
1916                  * It's safe from now on because init_dev() is called with
1917                  * tty_mutex held and release_dev() won't change tty->count
1918                  * or tty->flags without having to grab tty_mutex
1919                  */
1920                 if (tty && driver->subtype == PTY_TYPE_MASTER)
1921                         tty = tty->link;
1922         } else {
1923                 tty = driver->ttys[idx];
1924         }
1925         if (tty) goto fast_track;
1926
1927         /*
1928          * First time open is complex, especially for PTY devices.
1929          * This code guarantees that either everything succeeds and the
1930          * TTY is ready for operation, or else the table slots are vacated
1931          * and the allocated memory released.  (Except that the termios 
1932          * and locked termios may be retained.)
1933          */
1934
1935         if (!try_module_get(driver->owner)) {
1936                 retval = -ENODEV;
1937                 goto end_init;
1938         }
1939
1940         o_tty = NULL;
1941         tp = o_tp = NULL;
1942         ltp = o_ltp = NULL;
1943
1944         tty = alloc_tty_struct();
1945         if(!tty)
1946                 goto fail_no_mem;
1947         initialize_tty_struct(tty);
1948         tty->driver = driver;
1949         tty->index = idx;
1950         tty_line_name(driver, idx, tty->name);
1951
1952         if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1953                 tp_loc = &tty->termios;
1954                 ltp_loc = &tty->termios_locked;
1955         } else {
1956                 tp_loc = &driver->termios[idx];
1957                 ltp_loc = &driver->termios_locked[idx];
1958         }
1959
1960         if (!*tp_loc) {
1961                 tp = (struct ktermios *) kmalloc(sizeof(struct ktermios),
1962                                                 GFP_KERNEL);
1963                 if (!tp)
1964                         goto free_mem_out;
1965                 *tp = driver->init_termios;
1966         }
1967
1968         if (!*ltp_loc) {
1969                 ltp = (struct ktermios *) kmalloc(sizeof(struct ktermios),
1970                                                  GFP_KERNEL);
1971                 if (!ltp)
1972                         goto free_mem_out;
1973                 memset(ltp, 0, sizeof(struct ktermios));
1974         }
1975
1976         if (driver->type == TTY_DRIVER_TYPE_PTY) {
1977                 o_tty = alloc_tty_struct();
1978                 if (!o_tty)
1979                         goto free_mem_out;
1980                 initialize_tty_struct(o_tty);
1981                 o_tty->driver = driver->other;
1982                 o_tty->index = idx;
1983                 tty_line_name(driver->other, idx, o_tty->name);
1984
1985                 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
1986                         o_tp_loc = &o_tty->termios;
1987                         o_ltp_loc = &o_tty->termios_locked;
1988                 } else {
1989                         o_tp_loc = &driver->other->termios[idx];
1990                         o_ltp_loc = &driver->other->termios_locked[idx];
1991                 }
1992
1993                 if (!*o_tp_loc) {
1994                         o_tp = (struct ktermios *)
1995                                 kmalloc(sizeof(struct ktermios), GFP_KERNEL);
1996                         if (!o_tp)
1997                                 goto free_mem_out;
1998                         *o_tp = driver->other->init_termios;
1999                 }
2000
2001                 if (!*o_ltp_loc) {
2002                         o_ltp = (struct ktermios *)
2003                                 kmalloc(sizeof(struct ktermios), GFP_KERNEL);
2004                         if (!o_ltp)
2005                                 goto free_mem_out;
2006                         memset(o_ltp, 0, sizeof(struct ktermios));
2007                 }
2008
2009                 /*
2010                  * Everything allocated ... set up the o_tty structure.
2011                  */
2012                 if (!(driver->other->flags & TTY_DRIVER_DEVPTS_MEM)) {
2013                         driver->other->ttys[idx] = o_tty;
2014                 }
2015                 if (!*o_tp_loc)
2016                         *o_tp_loc = o_tp;
2017                 if (!*o_ltp_loc)
2018                         *o_ltp_loc = o_ltp;
2019                 o_tty->termios = *o_tp_loc;
2020                 o_tty->termios_locked = *o_ltp_loc;
2021                 driver->other->refcount++;
2022                 if (driver->subtype == PTY_TYPE_MASTER)
2023                         o_tty->count++;
2024
2025                 /* Establish the links in both directions */
2026                 tty->link   = o_tty;
2027                 o_tty->link = tty;
2028         }
2029
2030         /* 
2031          * All structures have been allocated, so now we install them.
2032          * Failures after this point use release_tty to clean up, so
2033          * there's no need to null out the local pointers.
2034          */
2035         if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2036                 driver->ttys[idx] = tty;
2037         }
2038         
2039         if (!*tp_loc)
2040                 *tp_loc = tp;
2041         if (!*ltp_loc)
2042                 *ltp_loc = ltp;
2043         tty->termios = *tp_loc;
2044         tty->termios_locked = *ltp_loc;
2045         /* Compatibility until drivers always set this */
2046         tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
2047         tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
2048         driver->refcount++;
2049         tty->count++;
2050
2051         /* 
2052          * Structures all installed ... call the ldisc open routines.
2053          * If we fail here just call release_tty to clean up.  No need
2054          * to decrement the use counts, as release_tty doesn't care.
2055          */
2056
2057         if (tty->ldisc.open) {
2058                 retval = (tty->ldisc.open)(tty);
2059                 if (retval)
2060                         goto release_mem_out;
2061         }
2062         if (o_tty && o_tty->ldisc.open) {
2063                 retval = (o_tty->ldisc.open)(o_tty);
2064                 if (retval) {
2065                         if (tty->ldisc.close)
2066                                 (tty->ldisc.close)(tty);
2067                         goto release_mem_out;
2068                 }
2069                 tty_ldisc_enable(o_tty);
2070         }
2071         tty_ldisc_enable(tty);
2072         goto success;
2073
2074         /*
2075          * This fast open can be used if the tty is already open.
2076          * No memory is allocated, and the only failures are from
2077          * attempting to open a closing tty or attempting multiple
2078          * opens on a pty master.
2079          */
2080 fast_track:
2081         if (test_bit(TTY_CLOSING, &tty->flags)) {
2082                 retval = -EIO;
2083                 goto end_init;
2084         }
2085         if (driver->type == TTY_DRIVER_TYPE_PTY &&
2086             driver->subtype == PTY_TYPE_MASTER) {
2087                 /*
2088                  * special case for PTY masters: only one open permitted, 
2089                  * and the slave side open count is incremented as well.
2090                  */
2091                 if (tty->count) {
2092                         retval = -EIO;
2093                         goto end_init;
2094                 }
2095                 tty->link->count++;
2096         }
2097         tty->count++;
2098         tty->driver = driver; /* N.B. why do this every time?? */
2099
2100         /* FIXME */
2101         if(!test_bit(TTY_LDISC, &tty->flags))
2102                 printk(KERN_ERR "init_dev but no ldisc\n");
2103 success:
2104         *ret_tty = tty;
2105         
2106         /* All paths come through here to release the mutex */
2107 end_init:
2108         return retval;
2109
2110         /* Release locally allocated memory ... nothing placed in slots */
2111 free_mem_out:
2112         kfree(o_tp);
2113         if (o_tty)
2114                 free_tty_struct(o_tty);
2115         kfree(ltp);
2116         kfree(tp);
2117         free_tty_struct(tty);
2118
2119 fail_no_mem:
2120         module_put(driver->owner);
2121         retval = -ENOMEM;
2122         goto end_init;
2123
2124         /* call the tty release_tty routine to clean out this slot */
2125 release_mem_out:
2126         if (printk_ratelimit())
2127                 printk(KERN_INFO "init_dev: ldisc open failed, "
2128                                  "clearing slot %d\n", idx);
2129         release_tty(tty, idx);
2130         goto end_init;
2131 }
2132
2133 /**
2134  *      release_one_tty         -       release tty structure memory
2135  *
2136  *      Releases memory associated with a tty structure, and clears out the
2137  *      driver table slots. This function is called when a device is no longer
2138  *      in use. It also gets called when setup of a device fails.
2139  *
2140  *      Locking:
2141  *              tty_mutex - sometimes only
2142  *              takes the file list lock internally when working on the list
2143  *      of ttys that the driver keeps.
2144  *              FIXME: should we require tty_mutex is held here ??
2145  */
2146 static void release_one_tty(struct tty_struct *tty, int idx)
2147 {
2148         int devpts = tty->driver->flags & TTY_DRIVER_DEVPTS_MEM;
2149         struct ktermios *tp;
2150
2151         if (!devpts)
2152                 tty->driver->ttys[idx] = NULL;
2153
2154         if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
2155                 tp = tty->termios;
2156                 if (!devpts)
2157                         tty->driver->termios[idx] = NULL;
2158                 kfree(tp);
2159
2160                 tp = tty->termios_locked;
2161                 if (!devpts)
2162                         tty->driver->termios_locked[idx] = NULL;
2163                 kfree(tp);
2164         }
2165
2166
2167         tty->magic = 0;
2168         tty->driver->refcount--;
2169
2170         file_list_lock();
2171         list_del_init(&tty->tty_files);
2172         file_list_unlock();
2173
2174         free_tty_struct(tty);
2175 }
2176
2177 /**
2178  *      release_tty             -       release tty structure memory
2179  *
2180  *      Release both @tty and a possible linked partner (think pty pair),
2181  *      and decrement the refcount of the backing module.
2182  *
2183  *      Locking:
2184  *              tty_mutex - sometimes only
2185  *              takes the file list lock internally when working on the list
2186  *      of ttys that the driver keeps.
2187  *              FIXME: should we require tty_mutex is held here ??
2188  */
2189 static void release_tty(struct tty_struct *tty, int idx)
2190 {
2191         struct tty_driver *driver = tty->driver;
2192
2193         if (tty->link)
2194                 release_one_tty(tty->link, idx);
2195         release_one_tty(tty, idx);
2196         module_put(driver->owner);
2197 }
2198
2199 /*
2200  * Even releasing the tty structures is a tricky business.. We have
2201  * to be very careful that the structures are all released at the
2202  * same time, as interrupts might otherwise get the wrong pointers.
2203  *
2204  * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
2205  * lead to double frees or releasing memory still in use.
2206  */
2207 static void release_dev(struct file * filp)
2208 {
2209         struct tty_struct *tty, *o_tty;
2210         int     pty_master, tty_closing, o_tty_closing, do_sleep;
2211         int     devpts;
2212         int     idx;
2213         char    buf[64];
2214         unsigned long flags;
2215         
2216         tty = (struct tty_struct *)filp->private_data;
2217         if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "release_dev"))
2218                 return;
2219
2220         check_tty_count(tty, "release_dev");
2221
2222         tty_fasync(-1, filp, 0);
2223
2224         idx = tty->index;
2225         pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2226                       tty->driver->subtype == PTY_TYPE_MASTER);
2227         devpts = (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) != 0;
2228         o_tty = tty->link;
2229
2230 #ifdef TTY_PARANOIA_CHECK
2231         if (idx < 0 || idx >= tty->driver->num) {
2232                 printk(KERN_DEBUG "release_dev: bad idx when trying to "
2233                                   "free (%s)\n", tty->name);
2234                 return;
2235         }
2236         if (!(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2237                 if (tty != tty->driver->ttys[idx]) {
2238                         printk(KERN_DEBUG "release_dev: driver.table[%d] not tty "
2239                                "for (%s)\n", idx, tty->name);
2240                         return;
2241                 }
2242                 if (tty->termios != tty->driver->termios[idx]) {
2243                         printk(KERN_DEBUG "release_dev: driver.termios[%d] not termios "
2244                                "for (%s)\n",
2245                                idx, tty->name);
2246                         return;
2247                 }
2248                 if (tty->termios_locked != tty->driver->termios_locked[idx]) {
2249                         printk(KERN_DEBUG "release_dev: driver.termios_locked[%d] not "
2250                                "termios_locked for (%s)\n",
2251                                idx, tty->name);
2252                         return;
2253                 }
2254         }
2255 #endif
2256
2257 #ifdef TTY_DEBUG_HANGUP
2258         printk(KERN_DEBUG "release_dev of %s (tty count=%d)...",
2259                tty_name(tty, buf), tty->count);
2260 #endif
2261
2262 #ifdef TTY_PARANOIA_CHECK
2263         if (tty->driver->other &&
2264              !(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2265                 if (o_tty != tty->driver->other->ttys[idx]) {
2266                         printk(KERN_DEBUG "release_dev: other->table[%d] "
2267                                           "not o_tty for (%s)\n",
2268                                idx, tty->name);
2269                         return;
2270                 }
2271                 if (o_tty->termios != tty->driver->other->termios[idx]) {
2272                         printk(KERN_DEBUG "release_dev: other->termios[%d] "
2273                                           "not o_termios for (%s)\n",
2274                                idx, tty->name);
2275                         return;
2276                 }
2277                 if (o_tty->termios_locked != 
2278                       tty->driver->other->termios_locked[idx]) {
2279                         printk(KERN_DEBUG "release_dev: other->termios_locked["
2280                                           "%d] not o_termios_locked for (%s)\n",
2281                                idx, tty->name);
2282                         return;
2283                 }
2284                 if (o_tty->link != tty) {
2285                         printk(KERN_DEBUG "release_dev: bad pty pointers\n");
2286                         return;
2287                 }
2288         }
2289 #endif
2290         if (tty->driver->close)
2291                 tty->driver->close(tty, filp);
2292
2293         /*
2294          * Sanity check: if tty->count is going to zero, there shouldn't be
2295          * any waiters on tty->read_wait or tty->write_wait.  We test the
2296          * wait queues and kick everyone out _before_ actually starting to
2297          * close.  This ensures that we won't block while releasing the tty
2298          * structure.
2299          *
2300          * The test for the o_tty closing is necessary, since the master and
2301          * slave sides may close in any order.  If the slave side closes out
2302          * first, its count will be one, since the master side holds an open.
2303          * Thus this test wouldn't be triggered at the time the slave closes,
2304          * so we do it now.
2305          *
2306          * Note that it's possible for the tty to be opened again while we're
2307          * flushing out waiters.  By recalculating the closing flags before
2308          * each iteration we avoid any problems.
2309          */
2310         while (1) {
2311                 /* Guard against races with tty->count changes elsewhere and
2312                    opens on /dev/tty */
2313                    
2314                 mutex_lock(&tty_mutex);
2315                 tty_closing = tty->count <= 1;
2316                 o_tty_closing = o_tty &&
2317                         (o_tty->count <= (pty_master ? 1 : 0));
2318                 do_sleep = 0;
2319
2320                 if (tty_closing) {
2321                         if (waitqueue_active(&tty->read_wait)) {
2322                                 wake_up(&tty->read_wait);
2323                                 do_sleep++;
2324                         }
2325                         if (waitqueue_active(&tty->write_wait)) {
2326                                 wake_up(&tty->write_wait);
2327                                 do_sleep++;
2328                         }
2329                 }
2330                 if (o_tty_closing) {
2331                         if (waitqueue_active(&o_tty->read_wait)) {
2332                                 wake_up(&o_tty->read_wait);
2333                                 do_sleep++;
2334                         }
2335                         if (waitqueue_active(&o_tty->write_wait)) {
2336                                 wake_up(&o_tty->write_wait);
2337                                 do_sleep++;
2338                         }
2339                 }
2340                 if (!do_sleep)
2341                         break;
2342
2343                 printk(KERN_WARNING "release_dev: %s: read/write wait queue "
2344                                     "active!\n", tty_name(tty, buf));
2345                 mutex_unlock(&tty_mutex);
2346                 schedule();
2347         }       
2348
2349         /*
2350          * The closing flags are now consistent with the open counts on 
2351          * both sides, and we've completed the last operation that could 
2352          * block, so it's safe to proceed with closing.
2353          */
2354         if (pty_master) {
2355                 if (--o_tty->count < 0) {
2356                         printk(KERN_WARNING "release_dev: bad pty slave count "
2357                                             "(%d) for %s\n",
2358                                o_tty->count, tty_name(o_tty, buf));
2359                         o_tty->count = 0;
2360                 }
2361         }
2362         if (--tty->count < 0) {
2363                 printk(KERN_WARNING "release_dev: bad tty->count (%d) for %s\n",
2364                        tty->count, tty_name(tty, buf));
2365                 tty->count = 0;
2366         }
2367         
2368         /*
2369          * We've decremented tty->count, so we need to remove this file
2370          * descriptor off the tty->tty_files list; this serves two
2371          * purposes:
2372          *  - check_tty_count sees the correct number of file descriptors
2373          *    associated with this tty.
2374          *  - do_tty_hangup no longer sees this file descriptor as
2375          *    something that needs to be handled for hangups.
2376          */
2377         file_kill(filp);
2378         filp->private_data = NULL;
2379
2380         /*
2381          * Perform some housekeeping before deciding whether to return.
2382          *
2383          * Set the TTY_CLOSING flag if this was the last open.  In the
2384          * case of a pty we may have to wait around for the other side
2385          * to close, and TTY_CLOSING makes sure we can't be reopened.
2386          */
2387         if(tty_closing)
2388                 set_bit(TTY_CLOSING, &tty->flags);
2389         if(o_tty_closing)
2390                 set_bit(TTY_CLOSING, &o_tty->flags);
2391
2392         /*
2393          * If _either_ side is closing, make sure there aren't any
2394          * processes that still think tty or o_tty is their controlling
2395          * tty.
2396          */
2397         if (tty_closing || o_tty_closing) {
2398                 read_lock(&tasklist_lock);
2399                 session_clear_tty(tty->session);
2400                 if (o_tty)
2401                         session_clear_tty(o_tty->session);
2402                 read_unlock(&tasklist_lock);
2403         }
2404
2405         mutex_unlock(&tty_mutex);
2406
2407         /* check whether both sides are closing ... */
2408         if (!tty_closing || (o_tty && !o_tty_closing))
2409                 return;
2410         
2411 #ifdef TTY_DEBUG_HANGUP
2412         printk(KERN_DEBUG "freeing tty structure...");
2413 #endif
2414         /*
2415          * Prevent flush_to_ldisc() from rescheduling the work for later.  Then
2416          * kill any delayed work. As this is the final close it does not
2417          * race with the set_ldisc code path.
2418          */
2419         clear_bit(TTY_LDISC, &tty->flags);
2420         cancel_delayed_work(&tty->buf.work);
2421
2422         /*
2423          * Wait for ->hangup_work and ->buf.work handlers to terminate
2424          */
2425          
2426         flush_scheduled_work();
2427         
2428         /*
2429          * Wait for any short term users (we know they are just driver
2430          * side waiters as the file is closing so user count on the file
2431          * side is zero.
2432          */
2433         spin_lock_irqsave(&tty_ldisc_lock, flags);
2434         while(tty->ldisc.refcount)
2435         {
2436                 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
2437                 wait_event(tty_ldisc_wait, tty->ldisc.refcount == 0);
2438                 spin_lock_irqsave(&tty_ldisc_lock, flags);
2439         }
2440         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
2441         /*
2442          * Shutdown the current line discipline, and reset it to N_TTY.
2443          * N.B. why reset ldisc when we're releasing the memory??
2444          *
2445          * FIXME: this MUST get fixed for the new reflocking
2446          */
2447         if (tty->ldisc.close)
2448                 (tty->ldisc.close)(tty);
2449         tty_ldisc_put(tty->ldisc.num);
2450         
2451         /*
2452          *      Switch the line discipline back
2453          */
2454         tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
2455         tty_set_termios_ldisc(tty,N_TTY); 
2456         if (o_tty) {
2457                 /* FIXME: could o_tty be in setldisc here ? */
2458                 clear_bit(TTY_LDISC, &o_tty->flags);
2459                 if (o_tty->ldisc.close)
2460                         (o_tty->ldisc.close)(o_tty);
2461                 tty_ldisc_put(o_tty->ldisc.num);
2462                 tty_ldisc_assign(o_tty, tty_ldisc_get(N_TTY));
2463                 tty_set_termios_ldisc(o_tty,N_TTY); 
2464         }
2465         /*
2466          * The release_tty function takes care of the details of clearing
2467          * the slots and preserving the termios structure.
2468          */
2469         release_tty(tty, idx);
2470
2471 #ifdef CONFIG_UNIX98_PTYS
2472         /* Make this pty number available for reallocation */
2473         if (devpts) {
2474                 down(&allocated_ptys_lock);
2475                 idr_remove(&allocated_ptys, idx);
2476                 up(&allocated_ptys_lock);
2477         }
2478 #endif
2479
2480 }
2481
2482 /**
2483  *      tty_open                -       open a tty device
2484  *      @inode: inode of device file
2485  *      @filp: file pointer to tty
2486  *
2487  *      tty_open and tty_release keep up the tty count that contains the
2488  *      number of opens done on a tty. We cannot use the inode-count, as
2489  *      different inodes might point to the same tty.
2490  *
2491  *      Open-counting is needed for pty masters, as well as for keeping
2492  *      track of serial lines: DTR is dropped when the last close happens.
2493  *      (This is not done solely through tty->count, now.  - Ted 1/27/92)
2494  *
2495  *      The termios state of a pty is reset on first open so that
2496  *      settings don't persist across reuse.
2497  *
2498  *      Locking: tty_mutex protects tty, get_tty_driver and init_dev work.
2499  *               tty->count should protect the rest.
2500  *               ->siglock protects ->signal/->sighand
2501  */
2502
2503 static int tty_open(struct inode * inode, struct file * filp)
2504 {
2505         struct tty_struct *tty;
2506         int noctty, retval;
2507         struct tty_driver *driver;
2508         int index;
2509         dev_t device = inode->i_rdev;
2510         unsigned short saved_flags = filp->f_flags;
2511         struct pid *old_pgrp;
2512
2513         nonseekable_open(inode, filp);
2514         
2515 retry_open:
2516         noctty = filp->f_flags & O_NOCTTY;
2517         index  = -1;
2518         retval = 0;
2519         
2520         mutex_lock(&tty_mutex);
2521
2522         if (device == MKDEV(TTYAUX_MAJOR,0)) {
2523                 tty = get_current_tty();
2524                 if (!tty) {
2525                         mutex_unlock(&tty_mutex);
2526                         return -ENXIO;
2527                 }
2528                 driver = tty->driver;
2529                 index = tty->index;
2530                 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
2531                 /* noctty = 1; */
2532                 goto got_driver;
2533         }
2534 #ifdef CONFIG_VT
2535         if (device == MKDEV(TTY_MAJOR,0)) {
2536                 extern struct tty_driver *console_driver;
2537                 driver = console_driver;
2538                 index = fg_console;
2539                 noctty = 1;
2540                 goto got_driver;
2541         }
2542 #endif
2543         if (device == MKDEV(TTYAUX_MAJOR,1)) {
2544                 driver = console_device(&index);
2545                 if (driver) {
2546                         /* Don't let /dev/console block */
2547                         filp->f_flags |= O_NONBLOCK;
2548                         noctty = 1;
2549                         goto got_driver;
2550                 }
2551                 mutex_unlock(&tty_mutex);
2552                 return -ENODEV;
2553         }
2554
2555         driver = get_tty_driver(device, &index);
2556         if (!driver) {
2557                 mutex_unlock(&tty_mutex);
2558                 return -ENODEV;
2559         }
2560 got_driver:
2561         retval = init_dev(driver, index, &tty);
2562         mutex_unlock(&tty_mutex);
2563         if (retval)
2564                 return retval;
2565
2566         filp->private_data = tty;
2567         file_move(filp, &tty->tty_files);
2568         check_tty_count(tty, "tty_open");
2569         if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2570             tty->driver->subtype == PTY_TYPE_MASTER)
2571                 noctty = 1;
2572 #ifdef TTY_DEBUG_HANGUP
2573         printk(KERN_DEBUG "opening %s...", tty->name);
2574 #endif
2575         if (!retval) {
2576                 if (tty->driver->open)
2577                         retval = tty->driver->open(tty, filp);
2578                 else
2579                         retval = -ENODEV;
2580         }
2581         filp->f_flags = saved_flags;
2582
2583         if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN))
2584                 retval = -EBUSY;
2585
2586         if (retval) {
2587 #ifdef TTY_DEBUG_HANGUP
2588                 printk(KERN_DEBUG "error %d in opening %s...", retval,
2589                        tty->name);
2590 #endif
2591                 release_dev(filp);
2592                 if (retval != -ERESTARTSYS)
2593                         return retval;
2594                 if (signal_pending(current))
2595                         return retval;
2596                 schedule();
2597                 /*
2598                  * Need to reset f_op in case a hangup happened.
2599                  */
2600                 if (filp->f_op == &hung_up_tty_fops)
2601                         filp->f_op = &tty_fops;
2602                 goto retry_open;
2603         }
2604
2605         old_pgrp = NULL;
2606         mutex_lock(&tty_mutex);
2607         spin_lock_irq(&current->sighand->siglock);
2608         if (!noctty &&
2609             current->signal->leader &&
2610             !current->signal->tty &&
2611             tty->session == NULL)
2612                 old_pgrp = __proc_set_tty(current, tty);
2613         spin_unlock_irq(&current->sighand->siglock);
2614         mutex_unlock(&tty_mutex);
2615         put_pid(old_pgrp);
2616         return 0;
2617 }
2618
2619 #ifdef CONFIG_UNIX98_PTYS
2620 /**
2621  *      ptmx_open               -       open a unix 98 pty master
2622  *      @inode: inode of device file
2623  *      @filp: file pointer to tty
2624  *
2625  *      Allocate a unix98 pty master device from the ptmx driver.
2626  *
2627  *      Locking: tty_mutex protects theinit_dev work. tty->count should
2628                 protect the rest.
2629  *              allocated_ptys_lock handles the list of free pty numbers
2630  */
2631
2632 static int ptmx_open(struct inode * inode, struct file * filp)
2633 {
2634         struct tty_struct *tty;
2635         int retval;
2636         int index;
2637         int idr_ret;
2638
2639         nonseekable_open(inode, filp);
2640
2641         /* find a device that is not in use. */
2642         down(&allocated_ptys_lock);
2643         if (!idr_pre_get(&allocated_ptys, GFP_KERNEL)) {
2644                 up(&allocated_ptys_lock);
2645                 return -ENOMEM;
2646         }
2647         idr_ret = idr_get_new(&allocated_ptys, NULL, &index);
2648         if (idr_ret < 0) {
2649                 up(&allocated_ptys_lock);
2650                 if (idr_ret == -EAGAIN)
2651                         return -ENOMEM;
2652                 return -EIO;
2653         }
2654         if (index >= pty_limit) {
2655                 idr_remove(&allocated_ptys, index);
2656                 up(&allocated_ptys_lock);
2657                 return -EIO;
2658         }
2659         up(&allocated_ptys_lock);
2660
2661         mutex_lock(&tty_mutex);
2662         retval = init_dev(ptm_driver, index, &tty);
2663         mutex_unlock(&tty_mutex);
2664         
2665         if (retval)
2666                 goto out;
2667
2668         set_bit(TTY_PTY_LOCK, &tty->flags); /* LOCK THE SLAVE */
2669         filp->private_data = tty;
2670         file_move(filp, &tty->tty_files);
2671
2672         retval = -ENOMEM;
2673         if (devpts_pty_new(tty->link))
2674                 goto out1;
2675
2676         check_tty_count(tty, "tty_open");
2677         retval = ptm_driver->open(tty, filp);
2678         if (!retval)
2679                 return 0;
2680 out1:
2681         release_dev(filp);
2682         return retval;
2683 out:
2684         down(&allocated_ptys_lock);
2685         idr_remove(&allocated_ptys, index);
2686         up(&allocated_ptys_lock);
2687         return retval;
2688 }
2689 #endif
2690
2691 /**
2692  *      tty_release             -       vfs callback for close
2693  *      @inode: inode of tty
2694  *      @filp: file pointer for handle to tty
2695  *
2696  *      Called the last time each file handle is closed that references
2697  *      this tty. There may however be several such references.
2698  *
2699  *      Locking:
2700  *              Takes bkl. See release_dev
2701  */
2702
2703 static int tty_release(struct inode * inode, struct file * filp)
2704 {
2705         lock_kernel();
2706         release_dev(filp);
2707         unlock_kernel();
2708         return 0;
2709 }
2710
2711 /**
2712  *      tty_poll        -       check tty status
2713  *      @filp: file being polled
2714  *      @wait: poll wait structures to update
2715  *
2716  *      Call the line discipline polling method to obtain the poll
2717  *      status of the device.
2718  *
2719  *      Locking: locks called line discipline but ldisc poll method
2720  *      may be re-entered freely by other callers.
2721  */
2722
2723 static unsigned int tty_poll(struct file * filp, poll_table * wait)
2724 {
2725         struct tty_struct * tty;
2726         struct tty_ldisc *ld;
2727         int ret = 0;
2728
2729         tty = (struct tty_struct *)filp->private_data;
2730         if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_poll"))
2731                 return 0;
2732                 
2733         ld = tty_ldisc_ref_wait(tty);
2734         if (ld->poll)
2735                 ret = (ld->poll)(tty, filp, wait);
2736         tty_ldisc_deref(ld);
2737         return ret;
2738 }
2739
2740 static int tty_fasync(int fd, struct file * filp, int on)
2741 {
2742         struct tty_struct * tty;
2743         int retval;
2744
2745         tty = (struct tty_struct *)filp->private_data;
2746         if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_fasync"))
2747                 return 0;
2748         
2749         retval = fasync_helper(fd, filp, on, &tty->fasync);
2750         if (retval <= 0)
2751                 return retval;
2752
2753         if (on) {
2754                 enum pid_type type;
2755                 struct pid *pid;
2756                 if (!waitqueue_active(&tty->read_wait))
2757                         tty->minimum_to_wake = 1;
2758                 if (tty->pgrp) {
2759                         pid = tty->pgrp;
2760                         type = PIDTYPE_PGID;
2761                 } else {
2762                         pid = task_pid(current);
2763                         type = PIDTYPE_PID;
2764                 }
2765                 retval = __f_setown(filp, pid, type, 0);
2766                 if (retval)
2767                         return retval;
2768         } else {
2769                 if (!tty->fasync && !waitqueue_active(&tty->read_wait))
2770                         tty->minimum_to_wake = N_TTY_BUF_SIZE;
2771         }
2772         return 0;
2773 }
2774
2775 /**
2776  *      tiocsti                 -       fake input character
2777  *      @tty: tty to fake input into
2778  *      @p: pointer to character
2779  *
2780  *      Fake input to a tty device. Does the neccessary locking and
2781  *      input management.
2782  *
2783  *      FIXME: does not honour flow control ??
2784  *
2785  *      Locking:
2786  *              Called functions take tty_ldisc_lock
2787  *              current->signal->tty check is safe without locks
2788  *
2789  *      FIXME: may race normal receive processing
2790  */
2791
2792 static int tiocsti(struct tty_struct *tty, char __user *p)
2793 {
2794         char ch, mbz = 0;
2795         struct tty_ldisc *ld;
2796         
2797         if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2798                 return -EPERM;
2799         if (get_user(ch, p))
2800                 return -EFAULT;
2801         ld = tty_ldisc_ref_wait(tty);
2802         ld->receive_buf(tty, &ch, &mbz, 1);
2803         tty_ldisc_deref(ld);
2804         return 0;
2805 }
2806
2807 /**
2808  *      tiocgwinsz              -       implement window query ioctl
2809  *      @tty; tty
2810  *      @arg: user buffer for result
2811  *
2812  *      Copies the kernel idea of the window size into the user buffer.
2813  *
2814  *      Locking: tty->termios_mutex is taken to ensure the winsize data
2815  *              is consistent.
2816  */
2817
2818 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user * arg)
2819 {
2820         int err;
2821
2822         mutex_lock(&tty->termios_mutex);
2823         err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2824         mutex_unlock(&tty->termios_mutex);
2825
2826         return err ? -EFAULT: 0;
2827 }
2828
2829 /**
2830  *      tiocswinsz              -       implement window size set ioctl
2831  *      @tty; tty
2832  *      @arg: user buffer for result
2833  *
2834  *      Copies the user idea of the window size to the kernel. Traditionally
2835  *      this is just advisory information but for the Linux console it
2836  *      actually has driver level meaning and triggers a VC resize.
2837  *
2838  *      Locking:
2839  *              Called function use the console_sem is used to ensure we do
2840  *      not try and resize the console twice at once.
2841  *              The tty->termios_mutex is used to ensure we don't double
2842  *      resize and get confused. Lock order - tty->termios_mutex before
2843  *      console sem
2844  */
2845
2846 static int tiocswinsz(struct tty_struct *tty, struct tty_struct *real_tty,
2847         struct winsize __user * arg)
2848 {
2849         struct winsize tmp_ws;
2850
2851         if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2852                 return -EFAULT;
2853
2854         mutex_lock(&tty->termios_mutex);
2855         if (!memcmp(&tmp_ws, &tty->winsize, sizeof(*arg)))
2856                 goto done;
2857
2858 #ifdef CONFIG_VT
2859         if (tty->driver->type == TTY_DRIVER_TYPE_CONSOLE) {
2860                 if (vc_lock_resize(tty->driver_data, tmp_ws.ws_col,
2861                                         tmp_ws.ws_row)) {
2862                         mutex_unlock(&tty->termios_mutex);
2863                         return -ENXIO;
2864                 }
2865         }
2866 #endif
2867         if (tty->pgrp)
2868                 kill_pgrp(tty->pgrp, SIGWINCH, 1);
2869         if ((real_tty->pgrp != tty->pgrp) && real_tty->pgrp)
2870                 kill_pgrp(real_tty->pgrp, SIGWINCH, 1);
2871         tty->winsize = tmp_ws;
2872         real_tty->winsize = tmp_ws;
2873 done:
2874         mutex_unlock(&tty->termios_mutex);
2875         return 0;
2876 }
2877
2878 /**
2879  *      tioccons        -       allow admin to move logical console
2880  *      @file: the file to become console
2881  *
2882  *      Allow the adminstrator to move the redirected console device
2883  *
2884  *      Locking: uses redirect_lock to guard the redirect information
2885  */
2886
2887 static int tioccons(struct file *file)
2888 {
2889         if (!capable(CAP_SYS_ADMIN))
2890                 return -EPERM;
2891         if (file->f_op->write == redirected_tty_write) {
2892                 struct file *f;
2893                 spin_lock(&redirect_lock);
2894                 f = redirect;
2895                 redirect = NULL;
2896                 spin_unlock(&redirect_lock);
2897                 if (f)
2898                         fput(f);
2899                 return 0;
2900         }
2901         spin_lock(&redirect_lock);
2902         if (redirect) {
2903                 spin_unlock(&redirect_lock);
2904                 return -EBUSY;
2905         }
2906         get_file(file);
2907         redirect = file;
2908         spin_unlock(&redirect_lock);
2909         return 0;
2910 }
2911
2912 /**
2913  *      fionbio         -       non blocking ioctl
2914  *      @file: file to set blocking value
2915  *      @p: user parameter
2916  *
2917  *      Historical tty interfaces had a blocking control ioctl before
2918  *      the generic functionality existed. This piece of history is preserved
2919  *      in the expected tty API of posix OS's.
2920  *
2921  *      Locking: none, the open fle handle ensures it won't go away.
2922  */
2923
2924 static int fionbio(struct file *file, int __user *p)
2925 {
2926         int nonblock;
2927
2928         if (get_user(nonblock, p))
2929                 return -EFAULT;
2930
2931         if (nonblock)
2932                 file->f_flags |= O_NONBLOCK;
2933         else
2934                 file->f_flags &= ~O_NONBLOCK;
2935         return 0;
2936 }
2937
2938 /**
2939  *      tiocsctty       -       set controlling tty
2940  *      @tty: tty structure
2941  *      @arg: user argument
2942  *
2943  *      This ioctl is used to manage job control. It permits a session
2944  *      leader to set this tty as the controlling tty for the session.
2945  *
2946  *      Locking:
2947  *              Takes tty_mutex() to protect tty instance
2948  *              Takes tasklist_lock internally to walk sessions
2949  *              Takes ->siglock() when updating signal->tty
2950  */
2951
2952 static int tiocsctty(struct tty_struct *tty, int arg)
2953 {
2954         int ret = 0;
2955         if (current->signal->leader && (task_session(current) == tty->session))
2956                 return ret;
2957
2958         mutex_lock(&tty_mutex);
2959         /*
2960          * The process must be a session leader and
2961          * not have a controlling tty already.
2962          */
2963         if (!current->signal->leader || current->signal->tty) {
2964                 ret = -EPERM;
2965                 goto unlock;
2966         }
2967
2968         if (tty->session) {
2969                 /*
2970                  * This tty is already the controlling
2971                  * tty for another session group!
2972                  */
2973                 if ((arg == 1) && capable(CAP_SYS_ADMIN)) {
2974                         /*
2975                          * Steal it away
2976                          */
2977                         read_lock(&tasklist_lock);
2978                         session_clear_tty(tty->session);
2979                         read_unlock(&tasklist_lock);
2980                 } else {
2981                         ret = -EPERM;
2982                         goto unlock;
2983                 }
2984         }
2985         proc_set_tty(current, tty);
2986 unlock:
2987         mutex_unlock(&tty_mutex);
2988         return ret;
2989 }
2990
2991 /**
2992  *      tiocgpgrp               -       get process group
2993  *      @tty: tty passed by user
2994  *      @real_tty: tty side of the tty pased by the user if a pty else the tty
2995  *      @p: returned pid
2996  *
2997  *      Obtain the process group of the tty. If there is no process group
2998  *      return an error.
2999  *
3000  *      Locking: none. Reference to current->signal->tty is safe.
3001  */
3002
3003 static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3004 {
3005         /*
3006          * (tty == real_tty) is a cheap way of
3007          * testing if the tty is NOT a master pty.
3008          */
3009         if (tty == real_tty && current->signal->tty != real_tty)
3010                 return -ENOTTY;
3011         return put_user(pid_nr(real_tty->pgrp), p);
3012 }
3013
3014 /**
3015  *      tiocspgrp               -       attempt to set process group
3016  *      @tty: tty passed by user
3017  *      @real_tty: tty side device matching tty passed by user
3018  *      @p: pid pointer
3019  *
3020  *      Set the process group of the tty to the session passed. Only
3021  *      permitted where the tty session is our session.
3022  *
3023  *      Locking: None
3024  */
3025
3026 static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3027 {
3028         struct pid *pgrp;
3029         pid_t pgrp_nr;
3030         int retval = tty_check_change(real_tty);
3031
3032         if (retval == -EIO)
3033                 return -ENOTTY;
3034         if (retval)
3035                 return retval;
3036         if (!current->signal->tty ||
3037             (current->signal->tty != real_tty) ||
3038             (real_tty->session != task_session(current)))
3039                 return -ENOTTY;
3040         if (get_user(pgrp_nr, p))
3041                 return -EFAULT;
3042         if (pgrp_nr < 0)
3043                 return -EINVAL;
3044         rcu_read_lock();
3045         pgrp = find_pid(pgrp_nr);
3046         retval = -ESRCH;
3047         if (!pgrp)
3048                 goto out_unlock;
3049         retval = -EPERM;
3050         if (session_of_pgrp(pgrp) != task_session(current))
3051                 goto out_unlock;
3052         retval = 0;
3053         put_pid(real_tty->pgrp);
3054         real_tty->pgrp = get_pid(pgrp);
3055 out_unlock:
3056         rcu_read_unlock();
3057         return retval;
3058 }
3059
3060 /**
3061  *      tiocgsid                -       get session id
3062  *      @tty: tty passed by user
3063  *      @real_tty: tty side of the tty pased by the user if a pty else the tty
3064  *      @p: pointer to returned session id
3065  *
3066  *      Obtain the session id of the tty. If there is no session
3067  *      return an error.
3068  *
3069  *      Locking: none. Reference to current->signal->tty is safe.
3070  */
3071
3072 static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3073 {
3074         /*
3075          * (tty == real_tty) is a cheap way of
3076          * testing if the tty is NOT a master pty.
3077         */
3078         if (tty == real_tty && current->signal->tty != real_tty)
3079                 return -ENOTTY;
3080         if (!real_tty->session)
3081                 return -ENOTTY;
3082         return put_user(pid_nr(real_tty->session), p);
3083 }
3084
3085 /**
3086  *      tiocsetd        -       set line discipline
3087  *      @tty: tty device
3088  *      @p: pointer to user data
3089  *
3090  *      Set the line discipline according to user request.
3091  *
3092  *      Locking: see tty_set_ldisc, this function is just a helper
3093  */
3094
3095 static int tiocsetd(struct tty_struct *tty, int __user *p)
3096 {
3097         int ldisc;
3098
3099         if (get_user(ldisc, p))
3100                 return -EFAULT;
3101         return tty_set_ldisc(tty, ldisc);
3102 }
3103
3104 /**
3105  *      send_break      -       performed time break
3106  *      @tty: device to break on
3107  *      @duration: timeout in mS
3108  *
3109  *      Perform a timed break on hardware that lacks its own driver level
3110  *      timed break functionality.
3111  *
3112  *      Locking:
3113  *              atomic_write_lock serializes
3114  *
3115  */
3116
3117 static int send_break(struct tty_struct *tty, unsigned int duration)
3118 {
3119         if (mutex_lock_interruptible(&tty->atomic_write_lock))
3120                 return -EINTR;
3121         tty->driver->break_ctl(tty, -1);
3122         if (!signal_pending(current)) {
3123                 msleep_interruptible(duration);
3124         }
3125         tty->driver->break_ctl(tty, 0);
3126         mutex_unlock(&tty->atomic_write_lock);
3127         if (signal_pending(current))
3128                 return -EINTR;
3129         return 0;
3130 }
3131
3132 /**
3133  *      tiocmget                -       get modem status
3134  *      @tty: tty device
3135  *      @file: user file pointer
3136  *      @p: pointer to result
3137  *
3138  *      Obtain the modem status bits from the tty driver if the feature
3139  *      is supported. Return -EINVAL if it is not available.
3140  *
3141  *      Locking: none (up to the driver)
3142  */
3143
3144 static int tty_tiocmget(struct tty_struct *tty, struct file *file, int __user *p)
3145 {
3146         int retval = -EINVAL;
3147
3148         if (tty->driver->tiocmget) {
3149                 retval = tty->driver->tiocmget(tty, file);
3150
3151                 if (retval >= 0)
3152                         retval = put_user(retval, p);
3153         }
3154         return retval;
3155 }
3156
3157 /**
3158  *      tiocmset                -       set modem status
3159  *      @tty: tty device
3160  *      @file: user file pointer
3161  *      @cmd: command - clear bits, set bits or set all
3162  *      @p: pointer to desired bits
3163  *
3164  *      Set the modem status bits from the tty driver if the feature
3165  *      is supported. Return -EINVAL if it is not available.
3166  *
3167  *      Locking: none (up to the driver)
3168  */
3169
3170 static int tty_tiocmset(struct tty_struct *tty, struct file *file, unsigned int cmd,
3171              unsigned __user *p)
3172 {
3173         int retval = -EINVAL;
3174
3175         if (tty->driver->tiocmset) {
3176                 unsigned int set, clear, val;
3177
3178                 retval = get_user(val, p);
3179                 if (retval)
3180                         return retval;
3181
3182                 set = clear = 0;
3183                 switch (cmd) {
3184                 case TIOCMBIS:
3185                         set = val;
3186                         break;
3187                 case TIOCMBIC:
3188                         clear = val;
3189                         break;
3190                 case TIOCMSET:
3191                         set = val;
3192                         clear = ~val;
3193                         break;
3194                 }
3195
3196                 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
3197                 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
3198
3199                 retval = tty->driver->tiocmset(tty, file, set, clear);
3200         }
3201         return retval;
3202 }
3203
3204 /*
3205  * Split this up, as gcc can choke on it otherwise..
3206  */
3207 int tty_ioctl(struct inode * inode, struct file * file,
3208               unsigned int cmd, unsigned long arg)
3209 {
3210         struct tty_struct *tty, *real_tty;
3211         void __user *p = (void __user *)arg;
3212         int retval;
3213         struct tty_ldisc *ld;
3214         
3215         tty = (struct tty_struct *)file->private_data;
3216         if (tty_paranoia_check(tty, inode, "tty_ioctl"))
3217                 return -EINVAL;
3218
3219         /* CHECKME: is this safe as one end closes ? */
3220
3221         real_tty = tty;
3222         if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
3223             tty->driver->subtype == PTY_TYPE_MASTER)
3224                 real_tty = tty->link;
3225
3226         /*
3227          * Break handling by driver
3228          */
3229         if (!tty->driver->break_ctl) {
3230                 switch(cmd) {
3231                 case TIOCSBRK:
3232                 case TIOCCBRK:
3233                         if (tty->driver->ioctl)
3234                                 return tty->driver->ioctl(tty, file, cmd, arg);
3235                         return -EINVAL;
3236                         
3237                 /* These two ioctl's always return success; even if */
3238                 /* the driver doesn't support them. */
3239                 case TCSBRK:
3240                 case TCSBRKP:
3241                         if (!tty->driver->ioctl)
3242                                 return 0;
3243                         retval = tty->driver->ioctl(tty, file, cmd, arg);
3244                         if (retval == -ENOIOCTLCMD)
3245                                 retval = 0;
3246                         return retval;
3247                 }
3248         }
3249
3250         /*
3251          * Factor out some common prep work
3252          */
3253         switch (cmd) {
3254         case TIOCSETD:
3255         case TIOCSBRK:
3256         case TIOCCBRK:
3257         case TCSBRK:
3258         case TCSBRKP:                   
3259                 retval = tty_check_change(tty);
3260                 if (retval)
3261                         return retval;
3262                 if (cmd != TIOCCBRK) {
3263                         tty_wait_until_sent(tty, 0);
3264                         if (signal_pending(current))
3265                                 return -EINTR;
3266                 }
3267                 break;
3268         }
3269
3270         switch (cmd) {
3271                 case TIOCSTI:
3272                         return tiocsti(tty, p);
3273                 case TIOCGWINSZ:
3274                         return tiocgwinsz(tty, p);
3275                 case TIOCSWINSZ:
3276                         return tiocswinsz(tty, real_tty, p);
3277                 case TIOCCONS:
3278                         return real_tty!=tty ? -EINVAL : tioccons(file);
3279                 case FIONBIO:
3280                         return fionbio(file, p);
3281                 case TIOCEXCL:
3282                         set_bit(TTY_EXCLUSIVE, &tty->flags);
3283                         return 0;
3284                 case TIOCNXCL:
3285                         clear_bit(TTY_EXCLUSIVE, &tty->flags);
3286                         return 0;
3287                 case TIOCNOTTY:
3288                         if (current->signal->tty != tty)
3289                                 return -ENOTTY;
3290                         if (current->signal->leader)
3291                                 disassociate_ctty(0);
3292                         proc_clear_tty(current);
3293                         return 0;
3294                 case TIOCSCTTY:
3295                         return tiocsctty(tty, arg);
3296                 case TIOCGPGRP:
3297                         return tiocgpgrp(tty, real_tty, p);
3298                 case TIOCSPGRP:
3299                         return tiocspgrp(tty, real_tty, p);
3300                 case TIOCGSID:
3301                         return tiocgsid(tty, real_tty, p);
3302                 case TIOCGETD:
3303                         /* FIXME: check this is ok */
3304                         return put_user(tty->ldisc.num, (int __user *)p);
3305                 case TIOCSETD:
3306                         return tiocsetd(tty, p);
3307 #ifdef CONFIG_VT
3308                 case TIOCLINUX:
3309                         return tioclinux(tty, arg);
3310 #endif
3311                 /*
3312                  * Break handling
3313                  */
3314                 case TIOCSBRK:  /* Turn break on, unconditionally */
3315                         tty->driver->break_ctl(tty, -1);
3316                         return 0;
3317                         
3318                 case TIOCCBRK:  /* Turn break off, unconditionally */
3319                         tty->driver->break_ctl(tty, 0);
3320                         return 0;
3321                 case TCSBRK:   /* SVID version: non-zero arg --> no break */
3322                         /* non-zero arg means wait for all output data
3323                          * to be sent (performed above) but don't send break.
3324                          * This is used by the tcdrain() termios function.
3325                          */
3326                         if (!arg)
3327                                 return send_break(tty, 250);
3328                         return 0;
3329                 case TCSBRKP:   /* support for POSIX tcsendbreak() */   
3330                         return send_break(tty, arg ? arg*100 : 250);
3331
3332                 case TIOCMGET:
3333                         return tty_tiocmget(tty, file, p);
3334
3335                 case TIOCMSET:
3336                 case TIOCMBIC:
3337                 case TIOCMBIS:
3338                         return tty_tiocmset(tty, file, cmd, p);
3339         }
3340         if (tty->driver->ioctl) {
3341                 retval = (tty->driver->ioctl)(tty, file, cmd, arg);
3342                 if (retval != -ENOIOCTLCMD)
3343                         return retval;
3344         }
3345         ld = tty_ldisc_ref_wait(tty);
3346         retval = -EINVAL;
3347         if (ld->ioctl) {
3348                 retval = ld->ioctl(tty, file, cmd, arg);
3349                 if (retval == -ENOIOCTLCMD)
3350                         retval = -EINVAL;
3351         }
3352         tty_ldisc_deref(ld);
3353         return retval;
3354 }
3355
3356
3357 /*
3358  * This implements the "Secure Attention Key" ---  the idea is to
3359  * prevent trojan horses by killing all processes associated with this
3360  * tty when the user hits the "Secure Attention Key".  Required for
3361  * super-paranoid applications --- see the Orange Book for more details.
3362  * 
3363  * This code could be nicer; ideally it should send a HUP, wait a few
3364  * seconds, then send a INT, and then a KILL signal.  But you then
3365  * have to coordinate with the init process, since all processes associated
3366  * with the current tty must be dead before the new getty is allowed
3367  * to spawn.
3368  *
3369  * Now, if it would be correct ;-/ The current code has a nasty hole -
3370  * it doesn't catch files in flight. We may send the descriptor to ourselves
3371  * via AF_UNIX socket, close it and later fetch from socket. FIXME.
3372  *
3373  * Nasty bug: do_SAK is being called in interrupt context.  This can
3374  * deadlock.  We punt it up to process context.  AKPM - 16Mar2001
3375  */
3376 void __do_SAK(struct tty_struct *tty)
3377 {
3378 #ifdef TTY_SOFT_SAK
3379         tty_hangup(tty);
3380 #else
3381         struct task_struct *g, *p;
3382         struct pid *session;
3383         int             i;
3384         struct file     *filp;
3385         struct fdtable *fdt;
3386         
3387         if (!tty)
3388                 return;
3389         session = tty->session;
3390         
3391         tty_ldisc_flush(tty);
3392
3393         if (tty->driver->flush_buffer)
3394                 tty->driver->flush_buffer(tty);
3395         
3396         read_lock(&tasklist_lock);
3397         /* Kill the entire session */
3398         do_each_pid_task(session, PIDTYPE_SID, p) {
3399                 printk(KERN_NOTICE "SAK: killed process %d"
3400                         " (%s): process_session(p)==tty->session\n",
3401                         p->pid, p->comm);
3402                 send_sig(SIGKILL, p, 1);
3403         } while_each_pid_task(session, PIDTYPE_SID, p);
3404         /* Now kill any processes that happen to have the
3405          * tty open.
3406          */
3407         do_each_thread(g, p) {
3408                 if (p->signal->tty == tty) {
3409                         printk(KERN_NOTICE "SAK: killed process %d"
3410                             " (%s): process_session(p)==tty->session\n",
3411                             p->pid, p->comm);
3412                         send_sig(SIGKILL, p, 1);
3413                         continue;
3414                 }
3415                 task_lock(p);
3416                 if (p->files) {
3417                         /*
3418                          * We don't take a ref to the file, so we must
3419                          * hold ->file_lock instead.
3420                          */
3421                         spin_lock(&p->files->file_lock);
3422                         fdt = files_fdtable(p->files);
3423                         for (i=0; i < fdt->max_fds; i++) {
3424                                 filp = fcheck_files(p->files, i);
3425                                 if (!filp)
3426                                         continue;
3427                                 if (filp->f_op->read == tty_read &&
3428                                     filp->private_data == tty) {
3429                                         printk(KERN_NOTICE "SAK: killed process %d"
3430                                             " (%s): fd#%d opened to the tty\n",
3431                                             p->pid, p->comm, i);
3432                                         force_sig(SIGKILL, p);
3433                                         break;
3434                                 }
3435                         }
3436                         spin_unlock(&p->files->file_lock);
3437                 }
3438                 task_unlock(p);
3439         } while_each_thread(g, p);
3440         read_unlock(&tasklist_lock);
3441 #endif
3442 }
3443
3444 static void do_SAK_work(struct work_struct *work)
3445 {
3446         struct tty_struct *tty =
3447                 container_of(work, struct tty_struct, SAK_work);
3448         __do_SAK(tty);
3449 }
3450
3451 /*
3452  * The tq handling here is a little racy - tty->SAK_work may already be queued.
3453  * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3454  * the values which we write to it will be identical to the values which it
3455  * already has. --akpm
3456  */
3457 void do_SAK(struct tty_struct *tty)
3458 {
3459         if (!tty)
3460                 return;
3461         schedule_work(&tty->SAK_work);
3462 }
3463
3464 EXPORT_SYMBOL(do_SAK);
3465
3466 /**
3467  *      flush_to_ldisc
3468  *      @work: tty structure passed from work queue.
3469  *
3470  *      This routine is called out of the software interrupt to flush data
3471  *      from the buffer chain to the line discipline.
3472  *
3473  *      Locking: holds tty->buf.lock to guard buffer list. Drops the lock
3474  *      while invoking the line discipline receive_buf method. The
3475  *      receive_buf method is single threaded for each tty instance.
3476  */
3477  
3478 static void flush_to_ldisc(struct work_struct *work)
3479 {
3480         struct tty_struct *tty =
3481                 container_of(work, struct tty_struct, buf.work.work);
3482         unsigned long   flags;
3483         struct tty_ldisc *disc;
3484         struct tty_buffer *tbuf, *head;
3485         char *char_buf;
3486         unsigned char *flag_buf;
3487
3488         disc = tty_ldisc_ref(tty);
3489         if (disc == NULL)       /*  !TTY_LDISC */
3490                 return;
3491
3492         spin_lock_irqsave(&tty->buf.lock, flags);
3493         head = tty->buf.head;
3494         if (head != NULL) {
3495                 tty->buf.head = NULL;
3496                 for (;;) {
3497                         int count = head->commit - head->read;
3498                         if (!count) {
3499                                 if (head->next == NULL)
3500                                         break;
3501                                 tbuf = head;
3502                                 head = head->next;
3503                                 tty_buffer_free(tty, tbuf);
3504                                 continue;
3505                         }
3506                         if (!tty->receive_room) {
3507                                 schedule_delayed_work(&tty->buf.work, 1);
3508                                 break;
3509                         }
3510                         if (count > tty->receive_room)
3511                                 count = tty->receive_room;
3512                         char_buf = head->char_buf_ptr + head->read;
3513                         flag_buf = head->flag_buf_ptr + head->read;
3514                         head->read += count;
3515                         spin_unlock_irqrestore(&tty->buf.lock, flags);
3516                         disc->receive_buf(tty, char_buf, flag_buf, count);
3517                         spin_lock_irqsave(&tty->buf.lock, flags);
3518                 }
3519                 tty->buf.head = head;
3520         }
3521         spin_unlock_irqrestore(&tty->buf.lock, flags);
3522
3523         tty_ldisc_deref(disc);
3524 }
3525
3526 /**
3527  *      tty_flip_buffer_push    -       terminal
3528  *      @tty: tty to push
3529  *
3530  *      Queue a push of the terminal flip buffers to the line discipline. This
3531  *      function must not be called from IRQ context if tty->low_latency is set.
3532  *
3533  *      In the event of the queue being busy for flipping the work will be
3534  *      held off and retried later.
3535  *
3536  *      Locking: tty buffer lock. Driver locks in low latency mode.
3537  */
3538
3539 void tty_flip_buffer_push(struct tty_struct *tty)
3540 {
3541         unsigned long flags;
3542         spin_lock_irqsave(&tty->buf.lock, flags);
3543         if (tty->buf.tail != NULL)
3544                 tty->buf.tail->commit = tty->buf.tail->used;
3545         spin_unlock_irqrestore(&tty->buf.lock, flags);
3546
3547         if (tty->low_latency)
3548                 flush_to_ldisc(&tty->buf.work.work);
3549         else
3550                 schedule_delayed_work(&tty->buf.work, 1);
3551 }
3552
3553 EXPORT_SYMBOL(tty_flip_buffer_push);
3554
3555
3556 /**
3557  *      initialize_tty_struct
3558  *      @tty: tty to initialize
3559  *
3560  *      This subroutine initializes a tty structure that has been newly
3561  *      allocated.
3562  *
3563  *      Locking: none - tty in question must not be exposed at this point
3564  */
3565
3566 static void initialize_tty_struct(struct tty_struct *tty)
3567 {
3568         memset(tty, 0, sizeof(struct tty_struct));
3569         tty->magic = TTY_MAGIC;
3570         tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
3571         tty->session = NULL;
3572         tty->pgrp = NULL;
3573         tty->overrun_time = jiffies;
3574         tty->buf.head = tty->buf.tail = NULL;
3575         tty_buffer_init(tty);
3576         INIT_DELAYED_WORK(&tty->buf.work, flush_to_ldisc);
3577         init_MUTEX(&tty->buf.pty_sem);
3578         mutex_init(&tty->termios_mutex);
3579         init_waitqueue_head(&tty->write_wait);
3580         init_waitqueue_head(&tty->read_wait);
3581         INIT_WORK(&tty->hangup_work, do_tty_hangup);
3582         mutex_init(&tty->atomic_read_lock);
3583         mutex_init(&tty->atomic_write_lock);
3584         spin_lock_init(&tty->read_lock);
3585         INIT_LIST_HEAD(&tty->tty_files);
3586         INIT_WORK(&tty->SAK_work, do_SAK_work);
3587 }
3588
3589 /*
3590  * The default put_char routine if the driver did not define one.
3591  */
3592
3593 static void tty_default_put_char(struct tty_struct *tty, unsigned char ch)
3594 {
3595         tty->driver->write(tty, &ch, 1);
3596 }
3597
3598 static struct class *tty_class;
3599
3600 /**
3601  *      tty_register_device - register a tty device
3602  *      @driver: the tty driver that describes the tty device
3603  *      @index: the index in the tty driver for this tty device
3604  *      @device: a struct device that is associated with this tty device.
3605  *              This field is optional, if there is no known struct device
3606  *              for this tty device it can be set to NULL safely.
3607  *
3608  *      Returns a pointer to the struct device for this tty device
3609  *      (or ERR_PTR(-EFOO) on error).
3610  *
3611  *      This call is required to be made to register an individual tty device
3612  *      if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set.  If
3613  *      that bit is not set, this function should not be called by a tty
3614  *      driver.
3615  *
3616  *      Locking: ??
3617  */
3618
3619 struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3620                                    struct device *device)
3621 {
3622         char name[64];
3623         dev_t dev = MKDEV(driver->major, driver->minor_start) + index;
3624
3625         if (index >= driver->num) {
3626                 printk(KERN_ERR "Attempt to register invalid tty line number "
3627                        " (%d).\n", index);
3628                 return ERR_PTR(-EINVAL);
3629         }
3630
3631         if (driver->type == TTY_DRIVER_TYPE_PTY)
3632                 pty_line_name(driver, index, name);
3633         else
3634                 tty_line_name(driver, index, name);
3635
3636         return device_create(tty_class, device, dev, name);
3637 }
3638
3639 /**
3640  *      tty_unregister_device - unregister a tty device
3641  *      @driver: the tty driver that describes the tty device
3642  *      @index: the index in the tty driver for this tty device
3643  *
3644  *      If a tty device is registered with a call to tty_register_device() then
3645  *      this function must be called when the tty device is gone.
3646  *
3647  *      Locking: ??
3648  */
3649
3650 void tty_unregister_device(struct tty_driver *driver, unsigned index)
3651 {
3652         device_destroy(tty_class, MKDEV(driver->major, driver->minor_start) + index);
3653 }
3654
3655 EXPORT_SYMBOL(tty_register_device);
3656 EXPORT_SYMBOL(tty_unregister_device);
3657
3658 struct tty_driver *alloc_tty_driver(int lines)
3659 {
3660         struct tty_driver *driver;
3661
3662         driver = kmalloc(sizeof(struct tty_driver), GFP_KERNEL);
3663         if (driver) {
3664                 memset(driver, 0, sizeof(struct tty_driver));
3665                 driver->magic = TTY_DRIVER_MAGIC;
3666                 driver->num = lines;
3667                 /* later we'll move allocation of tables here */
3668         }
3669         return driver;
3670 }
3671
3672 void put_tty_driver(struct tty_driver *driver)
3673 {
3674         kfree(driver);
3675 }
3676
3677 void tty_set_operations(struct tty_driver *driver,
3678                         const struct tty_operations *op)
3679 {
3680         driver->open = op->open;
3681         driver->close = op->close;
3682         driver->write = op->write;
3683         driver->put_char = op->put_char;
3684         driver->flush_chars = op->flush_chars;
3685         driver->write_room = op->write_room;
3686         driver->chars_in_buffer = op->chars_in_buffer;
3687         driver->ioctl = op->ioctl;
3688         driver->set_termios = op->set_termios;
3689         driver->throttle = op->throttle;
3690         driver->unthrottle = op->unthrottle;
3691         driver->stop = op->stop;
3692         driver->start = op->start;
3693         driver->hangup = op->hangup;
3694         driver->break_ctl = op->break_ctl;
3695         driver->flush_buffer = op->flush_buffer;
3696         driver->set_ldisc = op->set_ldisc;
3697         driver->wait_until_sent = op->wait_until_sent;
3698         driver->send_xchar = op->send_xchar;
3699         driver->read_proc = op->read_proc;
3700         driver->write_proc = op->write_proc;
3701         driver->tiocmget = op->tiocmget;
3702         driver->tiocmset = op->tiocmset;
3703 }
3704
3705
3706 EXPORT_SYMBOL(alloc_tty_driver);
3707 EXPORT_SYMBOL(put_tty_driver);
3708 EXPORT_SYMBOL(tty_set_operations);
3709
3710 /*
3711  * Called by a tty driver to register itself.
3712  */
3713 int tty_register_driver(struct tty_driver *driver)
3714 {
3715         int error;
3716         int i;
3717         dev_t dev;
3718         void **p = NULL;
3719
3720         if (driver->flags & TTY_DRIVER_INSTALLED)
3721                 return 0;
3722
3723         if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM) && driver->num) {
3724                 p = kzalloc(driver->num * 3 * sizeof(void *), GFP_KERNEL);
3725                 if (!p)
3726                         return -ENOMEM;
3727         }
3728
3729         if (!driver->major) {
3730                 error = alloc_chrdev_region(&dev, driver->minor_start, driver->num,
3731                                                 driver->name);
3732                 if (!error) {
3733                         driver->major = MAJOR(dev);
3734                         driver->minor_start = MINOR(dev);
3735                 }
3736         } else {
3737                 dev = MKDEV(driver->major, driver->minor_start);
3738                 error = register_chrdev_region(dev, driver->num, driver->name);
3739         }
3740         if (error < 0) {
3741                 kfree(p);
3742                 return error;
3743         }
3744
3745         if (p) {
3746                 driver->ttys = (struct tty_struct **)p;
3747                 driver->termios = (struct ktermios **)(p + driver->num);
3748                 driver->termios_locked = (struct ktermios **)(p + driver->num * 2);
3749         } else {
3750                 driver->ttys = NULL;
3751                 driver->termios = NULL;
3752                 driver->termios_locked = NULL;
3753         }
3754
3755         cdev_init(&driver->cdev, &tty_fops);
3756         driver->cdev.owner = driver->owner;
3757         error = cdev_add(&driver->cdev, dev, driver->num);
3758         if (error) {
3759                 unregister_chrdev_region(dev, driver->num);
3760                 driver->ttys = NULL;
3761                 driver->termios = driver->termios_locked = NULL;
3762                 kfree(p);
3763                 return error;
3764         }
3765
3766         if (!driver->put_char)
3767                 driver->put_char = tty_default_put_char;
3768         
3769         list_add(&driver->tty_drivers, &tty_drivers);
3770         
3771         if ( !(driver->flags & TTY_DRIVER_DYNAMIC_DEV) ) {
3772                 for(i = 0; i < driver->num; i++)
3773                     tty_register_device(driver, i, NULL);
3774         }
3775         proc_tty_register_driver(driver);
3776         return 0;
3777 }
3778
3779 EXPORT_SYMBOL(tty_register_driver);
3780
3781 /*
3782  * Called by a tty driver to unregister itself.
3783  */
3784 int tty_unregister_driver(struct tty_driver *driver)
3785 {
3786         int i;
3787         struct ktermios *tp;
3788         void *p;
3789
3790         if (driver->refcount)
3791                 return -EBUSY;
3792
3793         unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3794                                 driver->num);
3795
3796         list_del(&driver->tty_drivers);
3797
3798         /*
3799          * Free the termios and termios_locked structures because
3800          * we don't want to get memory leaks when modular tty
3801          * drivers are removed from the kernel.
3802          */
3803         for (i = 0; i < driver->num; i++) {
3804                 tp = driver->termios[i];
3805                 if (tp) {
3806                         driver->termios[i] = NULL;
3807                         kfree(tp);
3808                 }
3809                 tp = driver->termios_locked[i];
3810                 if (tp) {
3811                         driver->termios_locked[i] = NULL;
3812                         kfree(tp);
3813                 }
3814                 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3815                         tty_unregister_device(driver, i);
3816         }
3817         p = driver->ttys;
3818         proc_tty_unregister_driver(driver);
3819         driver->ttys = NULL;
3820         driver->termios = driver->termios_locked = NULL;
3821         kfree(p);
3822         cdev_del(&driver->cdev);
3823         return 0;
3824 }
3825 EXPORT_SYMBOL(tty_unregister_driver);
3826
3827 dev_t tty_devnum(struct tty_struct *tty)
3828 {
3829         return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3830 }
3831 EXPORT_SYMBOL(tty_devnum);
3832
3833 void proc_clear_tty(struct task_struct *p)
3834 {
3835         spin_lock_irq(&p->sighand->siglock);
3836         p->signal->tty = NULL;
3837         spin_unlock_irq(&p->sighand->siglock);
3838 }
3839 EXPORT_SYMBOL(proc_clear_tty);
3840
3841 static struct pid *__proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
3842 {
3843         struct pid *old_pgrp;
3844         if (tty) {
3845                 /* We should not have a session or pgrp to here but.... */
3846                 put_pid(tty->session);
3847                 put_pid(tty->pgrp);
3848                 tty->session = get_pid(task_session(tsk));
3849                 tty->pgrp = get_pid(task_pgrp(tsk));
3850         }
3851         old_pgrp = tsk->signal->tty_old_pgrp;
3852         tsk->signal->tty = tty;
3853         tsk->signal->tty_old_pgrp = NULL;
3854         return old_pgrp;
3855 }
3856
3857 void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
3858 {
3859         struct pid *old_pgrp;
3860
3861         spin_lock_irq(&tsk->sighand->siglock);
3862         old_pgrp = __proc_set_tty(tsk, tty);
3863         spin_unlock_irq(&tsk->sighand->siglock);
3864
3865         put_pid(old_pgrp);
3866 }
3867
3868 struct tty_struct *get_current_tty(void)
3869 {
3870         struct tty_struct *tty;
3871         WARN_ON_ONCE(!mutex_is_locked(&tty_mutex));
3872         tty = current->signal->tty;
3873         /*
3874          * session->tty can be changed/cleared from under us, make sure we
3875          * issue the load. The obtained pointer, when not NULL, is valid as
3876          * long as we hold tty_mutex.
3877          */
3878         barrier();
3879         return tty;
3880 }
3881 EXPORT_SYMBOL_GPL(get_current_tty);
3882
3883 /*
3884  * Initialize the console device. This is called *early*, so
3885  * we can't necessarily depend on lots of kernel help here.
3886  * Just do some early initializations, and do the complex setup
3887  * later.
3888  */
3889 void __init console_init(void)
3890 {
3891         initcall_t *call;
3892
3893         /* Setup the default TTY line discipline. */
3894         (void) tty_register_ldisc(N_TTY, &tty_ldisc_N_TTY);
3895
3896         /*
3897          * set up the console device so that later boot sequences can 
3898          * inform about problems etc..
3899          */
3900 #ifdef CONFIG_EARLY_PRINTK
3901         disable_early_printk();
3902 #endif
3903         call = __con_initcall_start;
3904         while (call < __con_initcall_end) {
3905                 (*call)();
3906                 call++;
3907         }
3908 }
3909
3910 #ifdef CONFIG_VT
3911 extern int vty_init(void);
3912 #endif
3913
3914 static int __init tty_class_init(void)
3915 {
3916         tty_class = class_create(THIS_MODULE, "tty");
3917         if (IS_ERR(tty_class))
3918                 return PTR_ERR(tty_class);
3919         return 0;
3920 }
3921
3922 postcore_initcall(tty_class_init);
3923
3924 /* 3/2004 jmc: why do these devices exist? */
3925
3926 static struct cdev tty_cdev, console_cdev;
3927 #ifdef CONFIG_UNIX98_PTYS
3928 static struct cdev ptmx_cdev;
3929 #endif
3930 #ifdef CONFIG_VT
3931 static struct cdev vc0_cdev;
3932 #endif
3933
3934 /*
3935  * Ok, now we can initialize the rest of the tty devices and can count
3936  * on memory allocations, interrupts etc..
3937  */
3938 static int __init tty_init(void)
3939 {
3940         cdev_init(&tty_cdev, &tty_fops);
3941         if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3942             register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3943                 panic("Couldn't register /dev/tty driver\n");
3944         device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), "tty");
3945
3946         cdev_init(&console_cdev, &console_fops);
3947         if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3948             register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3949                 panic("Couldn't register /dev/console driver\n");
3950         device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), "console");
3951
3952 #ifdef CONFIG_UNIX98_PTYS
3953         cdev_init(&ptmx_cdev, &ptmx_fops);
3954         if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) ||
3955             register_chrdev_region(MKDEV(TTYAUX_MAJOR, 2), 1, "/dev/ptmx") < 0)
3956                 panic("Couldn't register /dev/ptmx driver\n");
3957         device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 2), "ptmx");
3958 #endif
3959
3960 #ifdef CONFIG_VT
3961         cdev_init(&vc0_cdev, &console_fops);
3962         if (cdev_add(&vc0_cdev, MKDEV(TTY_MAJOR, 0), 1) ||
3963             register_chrdev_region(MKDEV(TTY_MAJOR, 0), 1, "/dev/vc/0") < 0)
3964                 panic("Couldn't register /dev/tty0 driver\n");
3965         device_create(tty_class, NULL, MKDEV(TTY_MAJOR, 0), "tty0");
3966
3967         vty_init();
3968 #endif
3969         return 0;
3970 }
3971 module_init(tty_init);