047a17339f835f1891dbd3db58371a9e25975f91
[linux-3.10.git] / drivers / char / tty_io.c
1 /*
2  *  linux/drivers/char/tty_io.c
3  *
4  *  Copyright (C) 1991, 1992  Linus Torvalds
5  */
6
7 /*
8  * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
9  * or rs-channels. It also implements echoing, cooked mode etc.
10  *
11  * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
12  *
13  * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
14  * tty_struct and tty_queue structures.  Previously there was an array
15  * of 256 tty_struct's which was statically allocated, and the
16  * tty_queue structures were allocated at boot time.  Both are now
17  * dynamically allocated only when the tty is open.
18  *
19  * Also restructured routines so that there is more of a separation
20  * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
21  * the low-level tty routines (serial.c, pty.c, console.c).  This
22  * makes for cleaner and more compact code.  -TYT, 9/17/92
23  *
24  * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
25  * which can be dynamically activated and de-activated by the line
26  * discipline handling modules (like SLIP).
27  *
28  * NOTE: pay no attention to the line discipline code (yet); its
29  * interface is still subject to change in this version...
30  * -- TYT, 1/31/92
31  *
32  * Added functionality to the OPOST tty handling.  No delays, but all
33  * other bits should be there.
34  *      -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
35  *
36  * Rewrote canonical mode and added more termios flags.
37  *      -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
38  *
39  * Reorganized FASYNC support so mouse code can share it.
40  *      -- ctm@ardi.com, 9Sep95
41  *
42  * New TIOCLINUX variants added.
43  *      -- mj@k332.feld.cvut.cz, 19-Nov-95
44  *
45  * Restrict vt switching via ioctl()
46  *      -- grif@cs.ucr.edu, 5-Dec-95
47  *
48  * Move console and virtual terminal code to more appropriate files,
49  * implement CONFIG_VT and generalize console device interface.
50  *      -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
51  *
52  * Rewrote init_dev and release_dev to eliminate races.
53  *      -- Bill Hawes <whawes@star.net>, June 97
54  *
55  * Added devfs support.
56  *      -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
57  *
58  * Added support for a Unix98-style ptmx device.
59  *      -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
60  *
61  * Reduced memory usage for older ARM systems
62  *      -- Russell King <rmk@arm.linux.org.uk>
63  *
64  * Move do_SAK() into process context.  Less stack use in devfs functions.
65  * alloc_tty_struct() always uses kmalloc()
66  *                       -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
67  */
68
69 #include <linux/types.h>
70 #include <linux/major.h>
71 #include <linux/errno.h>
72 #include <linux/signal.h>
73 #include <linux/fcntl.h>
74 #include <linux/sched.h>
75 #include <linux/interrupt.h>
76 #include <linux/tty.h>
77 #include <linux/tty_driver.h>
78 #include <linux/tty_flip.h>
79 #include <linux/devpts_fs.h>
80 #include <linux/file.h>
81 #include <linux/fdtable.h>
82 #include <linux/console.h>
83 #include <linux/timer.h>
84 #include <linux/ctype.h>
85 #include <linux/kd.h>
86 #include <linux/mm.h>
87 #include <linux/string.h>
88 #include <linux/slab.h>
89 #include <linux/poll.h>
90 #include <linux/proc_fs.h>
91 #include <linux/init.h>
92 #include <linux/module.h>
93 #include <linux/smp_lock.h>
94 #include <linux/device.h>
95 #include <linux/wait.h>
96 #include <linux/bitops.h>
97 #include <linux/delay.h>
98
99 #include <asm/uaccess.h>
100 #include <asm/system.h>
101
102 #include <linux/kbd_kern.h>
103 #include <linux/vt_kern.h>
104 #include <linux/selection.h>
105
106 #include <linux/kmod.h>
107 #include <linux/nsproxy.h>
108
109 #undef TTY_DEBUG_HANGUP
110
111 #define TTY_PARANOIA_CHECK 1
112 #define CHECK_TTY_COUNT 1
113
114 struct ktermios tty_std_termios = {     /* for the benefit of tty drivers  */
115         .c_iflag = ICRNL | IXON,
116         .c_oflag = OPOST | ONLCR,
117         .c_cflag = B38400 | CS8 | CREAD | HUPCL,
118         .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
119                    ECHOCTL | ECHOKE | IEXTEN,
120         .c_cc = INIT_C_CC,
121         .c_ispeed = 38400,
122         .c_ospeed = 38400
123 };
124
125 EXPORT_SYMBOL(tty_std_termios);
126
127 /* This list gets poked at by procfs and various bits of boot up code. This
128    could do with some rationalisation such as pulling the tty proc function
129    into this file */
130
131 LIST_HEAD(tty_drivers);                 /* linked list of tty drivers */
132
133 /* Mutex to protect creating and releasing a tty. This is shared with
134    vt.c for deeply disgusting hack reasons */
135 DEFINE_MUTEX(tty_mutex);
136 EXPORT_SYMBOL(tty_mutex);
137
138 #ifdef CONFIG_UNIX98_PTYS
139 extern struct tty_driver *ptm_driver;   /* Unix98 pty masters; for /dev/ptmx */
140 static int ptmx_open(struct inode *, struct file *);
141 #endif
142
143 static void initialize_tty_struct(struct tty_struct *tty);
144
145 static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
146 static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
147 ssize_t redirected_tty_write(struct file *, const char __user *,
148                                                         size_t, loff_t *);
149 static unsigned int tty_poll(struct file *, poll_table *);
150 static int tty_open(struct inode *, struct file *);
151 static int tty_release(struct inode *, struct file *);
152 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
153 #ifdef CONFIG_COMPAT
154 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
155                                 unsigned long arg);
156 #else
157 #define tty_compat_ioctl NULL
158 #endif
159 static int tty_fasync(int fd, struct file *filp, int on);
160 static void release_tty(struct tty_struct *tty, int idx);
161 static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
162 static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
163
164 /**
165  *      alloc_tty_struct        -       allocate a tty object
166  *
167  *      Return a new empty tty structure. The data fields have not
168  *      been initialized in any way but has been zeroed
169  *
170  *      Locking: none
171  */
172
173 static struct tty_struct *alloc_tty_struct(void)
174 {
175         return kzalloc(sizeof(struct tty_struct), GFP_KERNEL);
176 }
177
178 static void tty_buffer_free_all(struct tty_struct *);
179
180 /**
181  *      free_tty_struct         -       free a disused tty
182  *      @tty: tty struct to free
183  *
184  *      Free the write buffers, tty queue and tty memory itself.
185  *
186  *      Locking: none. Must be called after tty is definitely unused
187  */
188
189 static inline void free_tty_struct(struct tty_struct *tty)
190 {
191         kfree(tty->write_buf);
192         tty_buffer_free_all(tty);
193         kfree(tty);
194 }
195
196 #define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
197
198 /**
199  *      tty_name        -       return tty naming
200  *      @tty: tty structure
201  *      @buf: buffer for output
202  *
203  *      Convert a tty structure into a name. The name reflects the kernel
204  *      naming policy and if udev is in use may not reflect user space
205  *
206  *      Locking: none
207  */
208
209 char *tty_name(struct tty_struct *tty, char *buf)
210 {
211         if (!tty) /* Hmm.  NULL pointer.  That's fun. */
212                 strcpy(buf, "NULL tty");
213         else
214                 strcpy(buf, tty->name);
215         return buf;
216 }
217
218 EXPORT_SYMBOL(tty_name);
219
220 int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
221                               const char *routine)
222 {
223 #ifdef TTY_PARANOIA_CHECK
224         if (!tty) {
225                 printk(KERN_WARNING
226                         "null TTY for (%d:%d) in %s\n",
227                         imajor(inode), iminor(inode), routine);
228                 return 1;
229         }
230         if (tty->magic != TTY_MAGIC) {
231                 printk(KERN_WARNING
232                         "bad magic number for tty struct (%d:%d) in %s\n",
233                         imajor(inode), iminor(inode), routine);
234                 return 1;
235         }
236 #endif
237         return 0;
238 }
239
240 static int check_tty_count(struct tty_struct *tty, const char *routine)
241 {
242 #ifdef CHECK_TTY_COUNT
243         struct list_head *p;
244         int count = 0;
245
246         file_list_lock();
247         list_for_each(p, &tty->tty_files) {
248                 count++;
249         }
250         file_list_unlock();
251         if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
252             tty->driver->subtype == PTY_TYPE_SLAVE &&
253             tty->link && tty->link->count)
254                 count++;
255         if (tty->count != count) {
256                 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
257                                     "!= #fd's(%d) in %s\n",
258                        tty->name, tty->count, count, routine);
259                 return count;
260         }
261 #endif
262         return 0;
263 }
264
265 /*
266  * Tty buffer allocation management
267  */
268
269 /**
270  *      tty_buffer_free_all             -       free buffers used by a tty
271  *      @tty: tty to free from
272  *
273  *      Remove all the buffers pending on a tty whether queued with data
274  *      or in the free ring. Must be called when the tty is no longer in use
275  *
276  *      Locking: none
277  */
278
279 static void tty_buffer_free_all(struct tty_struct *tty)
280 {
281         struct tty_buffer *thead;
282         while ((thead = tty->buf.head) != NULL) {
283                 tty->buf.head = thead->next;
284                 kfree(thead);
285         }
286         while ((thead = tty->buf.free) != NULL) {
287                 tty->buf.free = thead->next;
288                 kfree(thead);
289         }
290         tty->buf.tail = NULL;
291         tty->buf.memory_used = 0;
292 }
293
294 /**
295  *      tty_buffer_init         -       prepare a tty buffer structure
296  *      @tty: tty to initialise
297  *
298  *      Set up the initial state of the buffer management for a tty device.
299  *      Must be called before the other tty buffer functions are used.
300  *
301  *      Locking: none
302  */
303
304 static void tty_buffer_init(struct tty_struct *tty)
305 {
306         spin_lock_init(&tty->buf.lock);
307         tty->buf.head = NULL;
308         tty->buf.tail = NULL;
309         tty->buf.free = NULL;
310         tty->buf.memory_used = 0;
311 }
312
313 /**
314  *      tty_buffer_alloc        -       allocate a tty buffer
315  *      @tty: tty device
316  *      @size: desired size (characters)
317  *
318  *      Allocate a new tty buffer to hold the desired number of characters.
319  *      Return NULL if out of memory or the allocation would exceed the
320  *      per device queue
321  *
322  *      Locking: Caller must hold tty->buf.lock
323  */
324
325 static struct tty_buffer *tty_buffer_alloc(struct tty_struct *tty, size_t size)
326 {
327         struct tty_buffer *p;
328
329         if (tty->buf.memory_used + size > 65536)
330                 return NULL;
331         p = kmalloc(sizeof(struct tty_buffer) + 2 * size, GFP_ATOMIC);
332         if (p == NULL)
333                 return NULL;
334         p->used = 0;
335         p->size = size;
336         p->next = NULL;
337         p->commit = 0;
338         p->read = 0;
339         p->char_buf_ptr = (char *)(p->data);
340         p->flag_buf_ptr = (unsigned char *)p->char_buf_ptr + size;
341         tty->buf.memory_used += size;
342         return p;
343 }
344
345 /**
346  *      tty_buffer_free         -       free a tty buffer
347  *      @tty: tty owning the buffer
348  *      @b: the buffer to free
349  *
350  *      Free a tty buffer, or add it to the free list according to our
351  *      internal strategy
352  *
353  *      Locking: Caller must hold tty->buf.lock
354  */
355
356 static void tty_buffer_free(struct tty_struct *tty, struct tty_buffer *b)
357 {
358         /* Dumb strategy for now - should keep some stats */
359         tty->buf.memory_used -= b->size;
360         WARN_ON(tty->buf.memory_used < 0);
361
362         if (b->size >= 512)
363                 kfree(b);
364         else {
365                 b->next = tty->buf.free;
366                 tty->buf.free = b;
367         }
368 }
369
370 /**
371  *      __tty_buffer_flush              -       flush full tty buffers
372  *      @tty: tty to flush
373  *
374  *      flush all the buffers containing receive data. Caller must
375  *      hold the buffer lock and must have ensured no parallel flush to
376  *      ldisc is running.
377  *
378  *      Locking: Caller must hold tty->buf.lock
379  */
380
381 static void __tty_buffer_flush(struct tty_struct *tty)
382 {
383         struct tty_buffer *thead;
384
385         while ((thead = tty->buf.head) != NULL) {
386                 tty->buf.head = thead->next;
387                 tty_buffer_free(tty, thead);
388         }
389         tty->buf.tail = NULL;
390 }
391
392 /**
393  *      tty_buffer_flush                -       flush full tty buffers
394  *      @tty: tty to flush
395  *
396  *      flush all the buffers containing receive data. If the buffer is
397  *      being processed by flush_to_ldisc then we defer the processing
398  *      to that function
399  *
400  *      Locking: none
401  */
402
403 static void tty_buffer_flush(struct tty_struct *tty)
404 {
405         unsigned long flags;
406         spin_lock_irqsave(&tty->buf.lock, flags);
407
408         /* If the data is being pushed to the tty layer then we can't
409            process it here. Instead set a flag and the flush_to_ldisc
410            path will process the flush request before it exits */
411         if (test_bit(TTY_FLUSHING, &tty->flags)) {
412                 set_bit(TTY_FLUSHPENDING, &tty->flags);
413                 spin_unlock_irqrestore(&tty->buf.lock, flags);
414                 wait_event(tty->read_wait,
415                                 test_bit(TTY_FLUSHPENDING, &tty->flags) == 0);
416                 return;
417         } else
418                 __tty_buffer_flush(tty);
419         spin_unlock_irqrestore(&tty->buf.lock, flags);
420 }
421
422 /**
423  *      tty_buffer_find         -       find a free tty buffer
424  *      @tty: tty owning the buffer
425  *      @size: characters wanted
426  *
427  *      Locate an existing suitable tty buffer or if we are lacking one then
428  *      allocate a new one. We round our buffers off in 256 character chunks
429  *      to get better allocation behaviour.
430  *
431  *      Locking: Caller must hold tty->buf.lock
432  */
433
434 static struct tty_buffer *tty_buffer_find(struct tty_struct *tty, size_t size)
435 {
436         struct tty_buffer **tbh = &tty->buf.free;
437         while ((*tbh) != NULL) {
438                 struct tty_buffer *t = *tbh;
439                 if (t->size >= size) {
440                         *tbh = t->next;
441                         t->next = NULL;
442                         t->used = 0;
443                         t->commit = 0;
444                         t->read = 0;
445                         tty->buf.memory_used += t->size;
446                         return t;
447                 }
448                 tbh = &((*tbh)->next);
449         }
450         /* Round the buffer size out */
451         size = (size + 0xFF) & ~0xFF;
452         return tty_buffer_alloc(tty, size);
453         /* Should possibly check if this fails for the largest buffer we
454            have queued and recycle that ? */
455 }
456
457 /**
458  *      tty_buffer_request_room         -       grow tty buffer if needed
459  *      @tty: tty structure
460  *      @size: size desired
461  *
462  *      Make at least size bytes of linear space available for the tty
463  *      buffer. If we fail return the size we managed to find.
464  *
465  *      Locking: Takes tty->buf.lock
466  */
467 int tty_buffer_request_room(struct tty_struct *tty, size_t size)
468 {
469         struct tty_buffer *b, *n;
470         int left;
471         unsigned long flags;
472
473         spin_lock_irqsave(&tty->buf.lock, flags);
474
475         /* OPTIMISATION: We could keep a per tty "zero" sized buffer to
476            remove this conditional if its worth it. This would be invisible
477            to the callers */
478         if ((b = tty->buf.tail) != NULL)
479                 left = b->size - b->used;
480         else
481                 left = 0;
482
483         if (left < size) {
484                 /* This is the slow path - looking for new buffers to use */
485                 if ((n = tty_buffer_find(tty, size)) != NULL) {
486                         if (b != NULL) {
487                                 b->next = n;
488                                 b->commit = b->used;
489                         } else
490                                 tty->buf.head = n;
491                         tty->buf.tail = n;
492                 } else
493                         size = left;
494         }
495
496         spin_unlock_irqrestore(&tty->buf.lock, flags);
497         return size;
498 }
499 EXPORT_SYMBOL_GPL(tty_buffer_request_room);
500
501 /**
502  *      tty_insert_flip_string  -       Add characters to the tty buffer
503  *      @tty: tty structure
504  *      @chars: characters
505  *      @size: size
506  *
507  *      Queue a series of bytes to the tty buffering. All the characters
508  *      passed are marked as without error. Returns the number added.
509  *
510  *      Locking: Called functions may take tty->buf.lock
511  */
512
513 int tty_insert_flip_string(struct tty_struct *tty, const unsigned char *chars,
514                                 size_t size)
515 {
516         int copied = 0;
517         do {
518                 int space = tty_buffer_request_room(tty, size - copied);
519                 struct tty_buffer *tb = tty->buf.tail;
520                 /* If there is no space then tb may be NULL */
521                 if (unlikely(space == 0))
522                         break;
523                 memcpy(tb->char_buf_ptr + tb->used, chars, space);
524                 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
525                 tb->used += space;
526                 copied += space;
527                 chars += space;
528                 /* There is a small chance that we need to split the data over
529                    several buffers. If this is the case we must loop */
530         } while (unlikely(size > copied));
531         return copied;
532 }
533 EXPORT_SYMBOL(tty_insert_flip_string);
534
535 /**
536  *      tty_insert_flip_string_flags    -       Add characters to the tty buffer
537  *      @tty: tty structure
538  *      @chars: characters
539  *      @flags: flag bytes
540  *      @size: size
541  *
542  *      Queue a series of bytes to the tty buffering. For each character
543  *      the flags array indicates the status of the character. Returns the
544  *      number added.
545  *
546  *      Locking: Called functions may take tty->buf.lock
547  */
548
549 int tty_insert_flip_string_flags(struct tty_struct *tty,
550                 const unsigned char *chars, const char *flags, size_t size)
551 {
552         int copied = 0;
553         do {
554                 int space = tty_buffer_request_room(tty, size - copied);
555                 struct tty_buffer *tb = tty->buf.tail;
556                 /* If there is no space then tb may be NULL */
557                 if (unlikely(space == 0))
558                         break;
559                 memcpy(tb->char_buf_ptr + tb->used, chars, space);
560                 memcpy(tb->flag_buf_ptr + tb->used, flags, space);
561                 tb->used += space;
562                 copied += space;
563                 chars += space;
564                 flags += space;
565                 /* There is a small chance that we need to split the data over
566                    several buffers. If this is the case we must loop */
567         } while (unlikely(size > copied));
568         return copied;
569 }
570 EXPORT_SYMBOL(tty_insert_flip_string_flags);
571
572 /**
573  *      tty_schedule_flip       -       push characters to ldisc
574  *      @tty: tty to push from
575  *
576  *      Takes any pending buffers and transfers their ownership to the
577  *      ldisc side of the queue. It then schedules those characters for
578  *      processing by the line discipline.
579  *
580  *      Locking: Takes tty->buf.lock
581  */
582
583 void tty_schedule_flip(struct tty_struct *tty)
584 {
585         unsigned long flags;
586         spin_lock_irqsave(&tty->buf.lock, flags);
587         if (tty->buf.tail != NULL)
588                 tty->buf.tail->commit = tty->buf.tail->used;
589         spin_unlock_irqrestore(&tty->buf.lock, flags);
590         schedule_delayed_work(&tty->buf.work, 1);
591 }
592 EXPORT_SYMBOL(tty_schedule_flip);
593
594 /**
595  *      tty_prepare_flip_string         -       make room for characters
596  *      @tty: tty
597  *      @chars: return pointer for character write area
598  *      @size: desired size
599  *
600  *      Prepare a block of space in the buffer for data. Returns the length
601  *      available and buffer pointer to the space which is now allocated and
602  *      accounted for as ready for normal characters. This is used for drivers
603  *      that need their own block copy routines into the buffer. There is no
604  *      guarantee the buffer is a DMA target!
605  *
606  *      Locking: May call functions taking tty->buf.lock
607  */
608
609 int tty_prepare_flip_string(struct tty_struct *tty, unsigned char **chars,
610                                                                 size_t size)
611 {
612         int space = tty_buffer_request_room(tty, size);
613         if (likely(space)) {
614                 struct tty_buffer *tb = tty->buf.tail;
615                 *chars = tb->char_buf_ptr + tb->used;
616                 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
617                 tb->used += space;
618         }
619         return space;
620 }
621
622 EXPORT_SYMBOL_GPL(tty_prepare_flip_string);
623
624 /**
625  *      tty_prepare_flip_string_flags   -       make room for characters
626  *      @tty: tty
627  *      @chars: return pointer for character write area
628  *      @flags: return pointer for status flag write area
629  *      @size: desired size
630  *
631  *      Prepare a block of space in the buffer for data. Returns the length
632  *      available and buffer pointer to the space which is now allocated and
633  *      accounted for as ready for characters. This is used for drivers
634  *      that need their own block copy routines into the buffer. There is no
635  *      guarantee the buffer is a DMA target!
636  *
637  *      Locking: May call functions taking tty->buf.lock
638  */
639
640 int tty_prepare_flip_string_flags(struct tty_struct *tty,
641                         unsigned char **chars, char **flags, size_t size)
642 {
643         int space = tty_buffer_request_room(tty, size);
644         if (likely(space)) {
645                 struct tty_buffer *tb = tty->buf.tail;
646                 *chars = tb->char_buf_ptr + tb->used;
647                 *flags = tb->flag_buf_ptr + tb->used;
648                 tb->used += space;
649         }
650         return space;
651 }
652
653 EXPORT_SYMBOL_GPL(tty_prepare_flip_string_flags);
654
655
656
657 /**
658  *      tty_set_termios_ldisc           -       set ldisc field
659  *      @tty: tty structure
660  *      @num: line discipline number
661  *
662  *      This is probably overkill for real world processors but
663  *      they are not on hot paths so a little discipline won't do
664  *      any harm.
665  *
666  *      Locking: takes termios_mutex
667  */
668
669 static void tty_set_termios_ldisc(struct tty_struct *tty, int num)
670 {
671         mutex_lock(&tty->termios_mutex);
672         tty->termios->c_line = num;
673         mutex_unlock(&tty->termios_mutex);
674 }
675
676 /*
677  *      This guards the refcounted line discipline lists. The lock
678  *      must be taken with irqs off because there are hangup path
679  *      callers who will do ldisc lookups and cannot sleep.
680  */
681
682 static DEFINE_SPINLOCK(tty_ldisc_lock);
683 static DECLARE_WAIT_QUEUE_HEAD(tty_ldisc_wait);
684 /* Line disc dispatch table */
685 static struct tty_ldisc tty_ldiscs[NR_LDISCS];
686
687 /**
688  *      tty_register_ldisc      -       install a line discipline
689  *      @disc: ldisc number
690  *      @new_ldisc: pointer to the ldisc object
691  *
692  *      Installs a new line discipline into the kernel. The discipline
693  *      is set up as unreferenced and then made available to the kernel
694  *      from this point onwards.
695  *
696  *      Locking:
697  *              takes tty_ldisc_lock to guard against ldisc races
698  */
699
700 int tty_register_ldisc(int disc, struct tty_ldisc *new_ldisc)
701 {
702         unsigned long flags;
703         int ret = 0;
704
705         if (disc < N_TTY || disc >= NR_LDISCS)
706                 return -EINVAL;
707
708         spin_lock_irqsave(&tty_ldisc_lock, flags);
709         tty_ldiscs[disc] = *new_ldisc;
710         tty_ldiscs[disc].num = disc;
711         tty_ldiscs[disc].flags |= LDISC_FLAG_DEFINED;
712         tty_ldiscs[disc].refcount = 0;
713         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
714
715         return ret;
716 }
717 EXPORT_SYMBOL(tty_register_ldisc);
718
719 /**
720  *      tty_unregister_ldisc    -       unload a line discipline
721  *      @disc: ldisc number
722  *      @new_ldisc: pointer to the ldisc object
723  *
724  *      Remove a line discipline from the kernel providing it is not
725  *      currently in use.
726  *
727  *      Locking:
728  *              takes tty_ldisc_lock to guard against ldisc races
729  */
730
731 int tty_unregister_ldisc(int disc)
732 {
733         unsigned long flags;
734         int ret = 0;
735
736         if (disc < N_TTY || disc >= NR_LDISCS)
737                 return -EINVAL;
738
739         spin_lock_irqsave(&tty_ldisc_lock, flags);
740         if (tty_ldiscs[disc].refcount)
741                 ret = -EBUSY;
742         else
743                 tty_ldiscs[disc].flags &= ~LDISC_FLAG_DEFINED;
744         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
745
746         return ret;
747 }
748 EXPORT_SYMBOL(tty_unregister_ldisc);
749
750 /**
751  *      tty_ldisc_get           -       take a reference to an ldisc
752  *      @disc: ldisc number
753  *
754  *      Takes a reference to a line discipline. Deals with refcounts and
755  *      module locking counts. Returns NULL if the discipline is not available.
756  *      Returns a pointer to the discipline and bumps the ref count if it is
757  *      available
758  *
759  *      Locking:
760  *              takes tty_ldisc_lock to guard against ldisc races
761  */
762
763 struct tty_ldisc *tty_ldisc_get(int disc)
764 {
765         unsigned long flags;
766         struct tty_ldisc *ld;
767
768         if (disc < N_TTY || disc >= NR_LDISCS)
769                 return NULL;
770
771         spin_lock_irqsave(&tty_ldisc_lock, flags);
772
773         ld = &tty_ldiscs[disc];
774         /* Check the entry is defined */
775         if (ld->flags & LDISC_FLAG_DEFINED) {
776                 /* If the module is being unloaded we can't use it */
777                 if (!try_module_get(ld->owner))
778                         ld = NULL;
779                 else /* lock it */
780                         ld->refcount++;
781         } else
782                 ld = NULL;
783         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
784         return ld;
785 }
786
787 EXPORT_SYMBOL_GPL(tty_ldisc_get);
788
789 /**
790  *      tty_ldisc_put           -       drop ldisc reference
791  *      @disc: ldisc number
792  *
793  *      Drop a reference to a line discipline. Manage refcounts and
794  *      module usage counts
795  *
796  *      Locking:
797  *              takes tty_ldisc_lock to guard against ldisc races
798  */
799
800 void tty_ldisc_put(int disc)
801 {
802         struct tty_ldisc *ld;
803         unsigned long flags;
804
805         BUG_ON(disc < N_TTY || disc >= NR_LDISCS);
806
807         spin_lock_irqsave(&tty_ldisc_lock, flags);
808         ld = &tty_ldiscs[disc];
809         BUG_ON(ld->refcount == 0);
810         ld->refcount--;
811         module_put(ld->owner);
812         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
813 }
814
815 EXPORT_SYMBOL_GPL(tty_ldisc_put);
816
817 /**
818  *      tty_ldisc_assign        -       set ldisc on a tty
819  *      @tty: tty to assign
820  *      @ld: line discipline
821  *
822  *      Install an instance of a line discipline into a tty structure. The
823  *      ldisc must have a reference count above zero to ensure it remains/
824  *      The tty instance refcount starts at zero.
825  *
826  *      Locking:
827  *              Caller must hold references
828  */
829
830 static void tty_ldisc_assign(struct tty_struct *tty, struct tty_ldisc *ld)
831 {
832         tty->ldisc = *ld;
833         tty->ldisc.refcount = 0;
834 }
835
836 /**
837  *      tty_ldisc_try           -       internal helper
838  *      @tty: the tty
839  *
840  *      Make a single attempt to grab and bump the refcount on
841  *      the tty ldisc. Return 0 on failure or 1 on success. This is
842  *      used to implement both the waiting and non waiting versions
843  *      of tty_ldisc_ref
844  *
845  *      Locking: takes tty_ldisc_lock
846  */
847
848 static int tty_ldisc_try(struct tty_struct *tty)
849 {
850         unsigned long flags;
851         struct tty_ldisc *ld;
852         int ret = 0;
853
854         spin_lock_irqsave(&tty_ldisc_lock, flags);
855         ld = &tty->ldisc;
856         if (test_bit(TTY_LDISC, &tty->flags)) {
857                 ld->refcount++;
858                 ret = 1;
859         }
860         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
861         return ret;
862 }
863
864 /**
865  *      tty_ldisc_ref_wait      -       wait for the tty ldisc
866  *      @tty: tty device
867  *
868  *      Dereference the line discipline for the terminal and take a
869  *      reference to it. If the line discipline is in flux then
870  *      wait patiently until it changes.
871  *
872  *      Note: Must not be called from an IRQ/timer context. The caller
873  *      must also be careful not to hold other locks that will deadlock
874  *      against a discipline change, such as an existing ldisc reference
875  *      (which we check for)
876  *
877  *      Locking: call functions take tty_ldisc_lock
878  */
879
880 struct tty_ldisc *tty_ldisc_ref_wait(struct tty_struct *tty)
881 {
882         /* wait_event is a macro */
883         wait_event(tty_ldisc_wait, tty_ldisc_try(tty));
884         if (tty->ldisc.refcount == 0)
885                 printk(KERN_ERR "tty_ldisc_ref_wait\n");
886         return &tty->ldisc;
887 }
888
889 EXPORT_SYMBOL_GPL(tty_ldisc_ref_wait);
890
891 /**
892  *      tty_ldisc_ref           -       get the tty ldisc
893  *      @tty: tty device
894  *
895  *      Dereference the line discipline for the terminal and take a
896  *      reference to it. If the line discipline is in flux then
897  *      return NULL. Can be called from IRQ and timer functions.
898  *
899  *      Locking: called functions take tty_ldisc_lock
900  */
901
902 struct tty_ldisc *tty_ldisc_ref(struct tty_struct *tty)
903 {
904         if (tty_ldisc_try(tty))
905                 return &tty->ldisc;
906         return NULL;
907 }
908
909 EXPORT_SYMBOL_GPL(tty_ldisc_ref);
910
911 /**
912  *      tty_ldisc_deref         -       free a tty ldisc reference
913  *      @ld: reference to free up
914  *
915  *      Undoes the effect of tty_ldisc_ref or tty_ldisc_ref_wait. May
916  *      be called in IRQ context.
917  *
918  *      Locking: takes tty_ldisc_lock
919  */
920
921 void tty_ldisc_deref(struct tty_ldisc *ld)
922 {
923         unsigned long flags;
924
925         BUG_ON(ld == NULL);
926
927         spin_lock_irqsave(&tty_ldisc_lock, flags);
928         if (ld->refcount == 0)
929                 printk(KERN_ERR "tty_ldisc_deref: no references.\n");
930         else
931                 ld->refcount--;
932         if (ld->refcount == 0)
933                 wake_up(&tty_ldisc_wait);
934         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
935 }
936
937 EXPORT_SYMBOL_GPL(tty_ldisc_deref);
938
939 /**
940  *      tty_ldisc_enable        -       allow ldisc use
941  *      @tty: terminal to activate ldisc on
942  *
943  *      Set the TTY_LDISC flag when the line discipline can be called
944  *      again. Do necessary wakeups for existing sleepers.
945  *
946  *      Note: nobody should set this bit except via this function. Clearing
947  *      directly is allowed.
948  */
949
950 static void tty_ldisc_enable(struct tty_struct *tty)
951 {
952         set_bit(TTY_LDISC, &tty->flags);
953         wake_up(&tty_ldisc_wait);
954 }
955
956 /**
957  *      tty_set_ldisc           -       set line discipline
958  *      @tty: the terminal to set
959  *      @ldisc: the line discipline
960  *
961  *      Set the discipline of a tty line. Must be called from a process
962  *      context.
963  *
964  *      Locking: takes tty_ldisc_lock.
965  *               called functions take termios_mutex
966  */
967
968 static int tty_set_ldisc(struct tty_struct *tty, int ldisc)
969 {
970         int retval = 0;
971         struct tty_ldisc o_ldisc;
972         char buf[64];
973         int work;
974         unsigned long flags;
975         struct tty_ldisc *ld;
976         struct tty_struct *o_tty;
977
978         if ((ldisc < N_TTY) || (ldisc >= NR_LDISCS))
979                 return -EINVAL;
980
981 restart:
982
983         ld = tty_ldisc_get(ldisc);
984         /* Eduardo Blanco <ejbs@cs.cs.com.uy> */
985         /* Cyrus Durgin <cider@speakeasy.org> */
986         if (ld == NULL) {
987                 request_module("tty-ldisc-%d", ldisc);
988                 ld = tty_ldisc_get(ldisc);
989         }
990         if (ld == NULL)
991                 return -EINVAL;
992
993         /*
994          *      Problem: What do we do if this blocks ?
995          */
996
997         tty_wait_until_sent(tty, 0);
998
999         if (tty->ldisc.num == ldisc) {
1000                 tty_ldisc_put(ldisc);
1001                 return 0;
1002         }
1003
1004         /*
1005          *      No more input please, we are switching. The new ldisc
1006          *      will update this value in the ldisc open function
1007          */
1008
1009         tty->receive_room = 0;
1010
1011         o_ldisc = tty->ldisc;
1012         o_tty = tty->link;
1013
1014         /*
1015          *      Make sure we don't change while someone holds a
1016          *      reference to the line discipline. The TTY_LDISC bit
1017          *      prevents anyone taking a reference once it is clear.
1018          *      We need the lock to avoid racing reference takers.
1019          */
1020
1021         spin_lock_irqsave(&tty_ldisc_lock, flags);
1022         if (tty->ldisc.refcount || (o_tty && o_tty->ldisc.refcount)) {
1023                 if (tty->ldisc.refcount) {
1024                         /* Free the new ldisc we grabbed. Must drop the lock
1025                            first. */
1026                         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1027                         tty_ldisc_put(ldisc);
1028                         /*
1029                          * There are several reasons we may be busy, including
1030                          * random momentary I/O traffic. We must therefore
1031                          * retry. We could distinguish between blocking ops
1032                          * and retries if we made tty_ldisc_wait() smarter.
1033                          * That is up for discussion.
1034                          */
1035                         if (wait_event_interruptible(tty_ldisc_wait, tty->ldisc.refcount == 0) < 0)
1036                                 return -ERESTARTSYS;
1037                         goto restart;
1038                 }
1039                 if (o_tty && o_tty->ldisc.refcount) {
1040                         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1041                         tty_ldisc_put(ldisc);
1042                         if (wait_event_interruptible(tty_ldisc_wait, o_tty->ldisc.refcount == 0) < 0)
1043                                 return -ERESTARTSYS;
1044                         goto restart;
1045                 }
1046         }
1047         /*
1048          *      If the TTY_LDISC bit is set, then we are racing against
1049          *      another ldisc change
1050          */
1051         if (!test_bit(TTY_LDISC, &tty->flags)) {
1052                 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1053                 tty_ldisc_put(ldisc);
1054                 ld = tty_ldisc_ref_wait(tty);
1055                 tty_ldisc_deref(ld);
1056                 goto restart;
1057         }
1058
1059         clear_bit(TTY_LDISC, &tty->flags);
1060         if (o_tty)
1061                 clear_bit(TTY_LDISC, &o_tty->flags);
1062         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1063
1064         /*
1065          *      From this point on we know nobody has an ldisc
1066          *      usage reference, nor can they obtain one until
1067          *      we say so later on.
1068          */
1069
1070         work = cancel_delayed_work(&tty->buf.work);
1071         /*
1072          * Wait for ->hangup_work and ->buf.work handlers to terminate
1073          */
1074         flush_scheduled_work();
1075         /* Shutdown the current discipline. */
1076         if (tty->ldisc.close)
1077                 (tty->ldisc.close)(tty);
1078
1079         /* Now set up the new line discipline. */
1080         tty_ldisc_assign(tty, ld);
1081         tty_set_termios_ldisc(tty, ldisc);
1082         if (tty->ldisc.open)
1083                 retval = (tty->ldisc.open)(tty);
1084         if (retval < 0) {
1085                 tty_ldisc_put(ldisc);
1086                 /* There is an outstanding reference here so this is safe */
1087                 tty_ldisc_assign(tty, tty_ldisc_get(o_ldisc.num));
1088                 tty_set_termios_ldisc(tty, tty->ldisc.num);
1089                 if (tty->ldisc.open && (tty->ldisc.open(tty) < 0)) {
1090                         tty_ldisc_put(o_ldisc.num);
1091                         /* This driver is always present */
1092                         tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
1093                         tty_set_termios_ldisc(tty, N_TTY);
1094                         if (tty->ldisc.open) {
1095                                 int r = tty->ldisc.open(tty);
1096
1097                                 if (r < 0)
1098                                         panic("Couldn't open N_TTY ldisc for "
1099                                               "%s --- error %d.",
1100                                               tty_name(tty, buf), r);
1101                         }
1102                 }
1103         }
1104         /* At this point we hold a reference to the new ldisc and a
1105            a reference to the old ldisc. If we ended up flipping back
1106            to the existing ldisc we have two references to it */
1107
1108         if (tty->ldisc.num != o_ldisc.num && tty->ops->set_ldisc)
1109                 tty->ops->set_ldisc(tty);
1110
1111         tty_ldisc_put(o_ldisc.num);
1112
1113         /*
1114          *      Allow ldisc referencing to occur as soon as the driver
1115          *      ldisc callback completes.
1116          */
1117
1118         tty_ldisc_enable(tty);
1119         if (o_tty)
1120                 tty_ldisc_enable(o_tty);
1121
1122         /* Restart it in case no characters kick it off. Safe if
1123            already running */
1124         if (work)
1125                 schedule_delayed_work(&tty->buf.work, 1);
1126         return retval;
1127 }
1128
1129 /**
1130  *      get_tty_driver          -       find device of a tty
1131  *      @dev_t: device identifier
1132  *      @index: returns the index of the tty
1133  *
1134  *      This routine returns a tty driver structure, given a device number
1135  *      and also passes back the index number.
1136  *
1137  *      Locking: caller must hold tty_mutex
1138  */
1139
1140 static struct tty_driver *get_tty_driver(dev_t device, int *index)
1141 {
1142         struct tty_driver *p;
1143
1144         list_for_each_entry(p, &tty_drivers, tty_drivers) {
1145                 dev_t base = MKDEV(p->major, p->minor_start);
1146                 if (device < base || device >= base + p->num)
1147                         continue;
1148                 *index = device - base;
1149                 return p;
1150         }
1151         return NULL;
1152 }
1153
1154 #ifdef CONFIG_CONSOLE_POLL
1155
1156 /**
1157  *      tty_find_polling_driver -       find device of a polled tty
1158  *      @name: name string to match
1159  *      @line: pointer to resulting tty line nr
1160  *
1161  *      This routine returns a tty driver structure, given a name
1162  *      and the condition that the tty driver is capable of polled
1163  *      operation.
1164  */
1165 struct tty_driver *tty_find_polling_driver(char *name, int *line)
1166 {
1167         struct tty_driver *p, *res = NULL;
1168         int tty_line = 0;
1169         char *str;
1170
1171         mutex_lock(&tty_mutex);
1172         /* Search through the tty devices to look for a match */
1173         list_for_each_entry(p, &tty_drivers, tty_drivers) {
1174                 str = name + strlen(p->name);
1175                 tty_line = simple_strtoul(str, &str, 10);
1176                 if (*str == ',')
1177                         str++;
1178                 if (*str == '\0')
1179                         str = NULL;
1180
1181                 if (tty_line >= 0 && tty_line <= p->num && p->ops &&
1182                     p->ops->poll_init && !p->ops->poll_init(p, tty_line, str)) {
1183                         res = p;
1184                         *line = tty_line;
1185                         break;
1186                 }
1187         }
1188         mutex_unlock(&tty_mutex);
1189
1190         return res;
1191 }
1192 EXPORT_SYMBOL_GPL(tty_find_polling_driver);
1193 #endif
1194
1195 /**
1196  *      tty_check_change        -       check for POSIX terminal changes
1197  *      @tty: tty to check
1198  *
1199  *      If we try to write to, or set the state of, a terminal and we're
1200  *      not in the foreground, send a SIGTTOU.  If the signal is blocked or
1201  *      ignored, go ahead and perform the operation.  (POSIX 7.2)
1202  *
1203  *      Locking: ctrl_lock
1204  */
1205
1206 int tty_check_change(struct tty_struct *tty)
1207 {
1208         unsigned long flags;
1209         int ret = 0;
1210
1211         if (current->signal->tty != tty)
1212                 return 0;
1213
1214         spin_lock_irqsave(&tty->ctrl_lock, flags);
1215
1216         if (!tty->pgrp) {
1217                 printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n");
1218                 goto out_unlock;
1219         }
1220         if (task_pgrp(current) == tty->pgrp)
1221                 goto out_unlock;
1222         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1223         if (is_ignored(SIGTTOU))
1224                 goto out;
1225         if (is_current_pgrp_orphaned()) {
1226                 ret = -EIO;
1227                 goto out;
1228         }
1229         kill_pgrp(task_pgrp(current), SIGTTOU, 1);
1230         set_thread_flag(TIF_SIGPENDING);
1231         ret = -ERESTARTSYS;
1232 out:
1233         return ret;
1234 out_unlock:
1235         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1236         return ret;
1237 }
1238
1239 EXPORT_SYMBOL(tty_check_change);
1240
1241 static ssize_t hung_up_tty_read(struct file *file, char __user *buf,
1242                                 size_t count, loff_t *ppos)
1243 {
1244         return 0;
1245 }
1246
1247 static ssize_t hung_up_tty_write(struct file *file, const char __user *buf,
1248                                  size_t count, loff_t *ppos)
1249 {
1250         return -EIO;
1251 }
1252
1253 /* No kernel lock held - none needed ;) */
1254 static unsigned int hung_up_tty_poll(struct file *filp, poll_table *wait)
1255 {
1256         return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
1257 }
1258
1259 static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
1260                 unsigned long arg)
1261 {
1262         return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
1263 }
1264
1265 static long hung_up_tty_compat_ioctl(struct file *file,
1266                                      unsigned int cmd, unsigned long arg)
1267 {
1268         return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
1269 }
1270
1271 static const struct file_operations tty_fops = {
1272         .llseek         = no_llseek,
1273         .read           = tty_read,
1274         .write          = tty_write,
1275         .poll           = tty_poll,
1276         .unlocked_ioctl = tty_ioctl,
1277         .compat_ioctl   = tty_compat_ioctl,
1278         .open           = tty_open,
1279         .release        = tty_release,
1280         .fasync         = tty_fasync,
1281 };
1282
1283 #ifdef CONFIG_UNIX98_PTYS
1284 static const struct file_operations ptmx_fops = {
1285         .llseek         = no_llseek,
1286         .read           = tty_read,
1287         .write          = tty_write,
1288         .poll           = tty_poll,
1289         .unlocked_ioctl = tty_ioctl,
1290         .compat_ioctl   = tty_compat_ioctl,
1291         .open           = ptmx_open,
1292         .release        = tty_release,
1293         .fasync         = tty_fasync,
1294 };
1295 #endif
1296
1297 static const struct file_operations console_fops = {
1298         .llseek         = no_llseek,
1299         .read           = tty_read,
1300         .write          = redirected_tty_write,
1301         .poll           = tty_poll,
1302         .unlocked_ioctl = tty_ioctl,
1303         .compat_ioctl   = tty_compat_ioctl,
1304         .open           = tty_open,
1305         .release        = tty_release,
1306         .fasync         = tty_fasync,
1307 };
1308
1309 static const struct file_operations hung_up_tty_fops = {
1310         .llseek         = no_llseek,
1311         .read           = hung_up_tty_read,
1312         .write          = hung_up_tty_write,
1313         .poll           = hung_up_tty_poll,
1314         .unlocked_ioctl = hung_up_tty_ioctl,
1315         .compat_ioctl   = hung_up_tty_compat_ioctl,
1316         .release        = tty_release,
1317 };
1318
1319 static DEFINE_SPINLOCK(redirect_lock);
1320 static struct file *redirect;
1321
1322 /**
1323  *      tty_wakeup      -       request more data
1324  *      @tty: terminal
1325  *
1326  *      Internal and external helper for wakeups of tty. This function
1327  *      informs the line discipline if present that the driver is ready
1328  *      to receive more output data.
1329  */
1330
1331 void tty_wakeup(struct tty_struct *tty)
1332 {
1333         struct tty_ldisc *ld;
1334
1335         if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
1336                 ld = tty_ldisc_ref(tty);
1337                 if (ld) {
1338                         if (ld->write_wakeup)
1339                                 ld->write_wakeup(tty);
1340                         tty_ldisc_deref(ld);
1341                 }
1342         }
1343         wake_up_interruptible(&tty->write_wait);
1344 }
1345
1346 EXPORT_SYMBOL_GPL(tty_wakeup);
1347
1348 /**
1349  *      tty_ldisc_flush -       flush line discipline queue
1350  *      @tty: tty
1351  *
1352  *      Flush the line discipline queue (if any) for this tty. If there
1353  *      is no line discipline active this is a no-op.
1354  */
1355
1356 void tty_ldisc_flush(struct tty_struct *tty)
1357 {
1358         struct tty_ldisc *ld = tty_ldisc_ref(tty);
1359         if (ld) {
1360                 if (ld->flush_buffer)
1361                         ld->flush_buffer(tty);
1362                 tty_ldisc_deref(ld);
1363         }
1364         tty_buffer_flush(tty);
1365 }
1366
1367 EXPORT_SYMBOL_GPL(tty_ldisc_flush);
1368
1369 /**
1370  *      tty_reset_termios       -       reset terminal state
1371  *      @tty: tty to reset
1372  *
1373  *      Restore a terminal to the driver default state
1374  */
1375
1376 static void tty_reset_termios(struct tty_struct *tty)
1377 {
1378         mutex_lock(&tty->termios_mutex);
1379         *tty->termios = tty->driver->init_termios;
1380         tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
1381         tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
1382         mutex_unlock(&tty->termios_mutex);
1383 }
1384
1385 /**
1386  *      do_tty_hangup           -       actual handler for hangup events
1387  *      @work: tty device
1388  *
1389  *      This can be called by the "eventd" kernel thread.  That is process
1390  *      synchronous but doesn't hold any locks, so we need to make sure we
1391  *      have the appropriate locks for what we're doing.
1392  *
1393  *      The hangup event clears any pending redirections onto the hung up
1394  *      device. It ensures future writes will error and it does the needed
1395  *      line discipline hangup and signal delivery. The tty object itself
1396  *      remains intact.
1397  *
1398  *      Locking:
1399  *              BKL
1400  *                redirect lock for undoing redirection
1401  *                file list lock for manipulating list of ttys
1402  *                tty_ldisc_lock from called functions
1403  *                termios_mutex resetting termios data
1404  *                tasklist_lock to walk task list for hangup event
1405  *                  ->siglock to protect ->signal/->sighand
1406  */
1407 static void do_tty_hangup(struct work_struct *work)
1408 {
1409         struct tty_struct *tty =
1410                 container_of(work, struct tty_struct, hangup_work);
1411         struct file *cons_filp = NULL;
1412         struct file *filp, *f = NULL;
1413         struct task_struct *p;
1414         struct tty_ldisc *ld;
1415         int    closecount = 0, n;
1416         unsigned long flags;
1417
1418         if (!tty)
1419                 return;
1420
1421         /* inuse_filps is protected by the single kernel lock */
1422         lock_kernel();
1423
1424         spin_lock(&redirect_lock);
1425         if (redirect && redirect->private_data == tty) {
1426                 f = redirect;
1427                 redirect = NULL;
1428         }
1429         spin_unlock(&redirect_lock);
1430
1431         check_tty_count(tty, "do_tty_hangup");
1432         file_list_lock();
1433         /* This breaks for file handles being sent over AF_UNIX sockets ? */
1434         list_for_each_entry(filp, &tty->tty_files, f_u.fu_list) {
1435                 if (filp->f_op->write == redirected_tty_write)
1436                         cons_filp = filp;
1437                 if (filp->f_op->write != tty_write)
1438                         continue;
1439                 closecount++;
1440                 tty_fasync(-1, filp, 0);        /* can't block */
1441                 filp->f_op = &hung_up_tty_fops;
1442         }
1443         file_list_unlock();
1444         /*
1445          * FIXME! What are the locking issues here? This may me overdoing
1446          * things... This question is especially important now that we've
1447          * removed the irqlock.
1448          */
1449         ld = tty_ldisc_ref(tty);
1450         if (ld != NULL) {
1451                 /* We may have no line discipline at this point */
1452                 if (ld->flush_buffer)
1453                         ld->flush_buffer(tty);
1454                 tty_driver_flush_buffer(tty);
1455                 if ((test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) &&
1456                     ld->write_wakeup)
1457                         ld->write_wakeup(tty);
1458                 if (ld->hangup)
1459                         ld->hangup(tty);
1460         }
1461         /*
1462          * FIXME: Once we trust the LDISC code better we can wait here for
1463          * ldisc completion and fix the driver call race
1464          */
1465         wake_up_interruptible(&tty->write_wait);
1466         wake_up_interruptible(&tty->read_wait);
1467         /*
1468          * Shutdown the current line discipline, and reset it to
1469          * N_TTY.
1470          */
1471         if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1472                 tty_reset_termios(tty);
1473         /* Defer ldisc switch */
1474         /* tty_deferred_ldisc_switch(N_TTY);
1475
1476           This should get done automatically when the port closes and
1477           tty_release is called */
1478
1479         read_lock(&tasklist_lock);
1480         if (tty->session) {
1481                 do_each_pid_task(tty->session, PIDTYPE_SID, p) {
1482                         spin_lock_irq(&p->sighand->siglock);
1483                         if (p->signal->tty == tty)
1484                                 p->signal->tty = NULL;
1485                         if (!p->signal->leader) {
1486                                 spin_unlock_irq(&p->sighand->siglock);
1487                                 continue;
1488                         }
1489                         __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
1490                         __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
1491                         put_pid(p->signal->tty_old_pgrp);  /* A noop */
1492                         spin_lock_irqsave(&tty->ctrl_lock, flags);
1493                         if (tty->pgrp)
1494                                 p->signal->tty_old_pgrp = get_pid(tty->pgrp);
1495                         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1496                         spin_unlock_irq(&p->sighand->siglock);
1497                 } while_each_pid_task(tty->session, PIDTYPE_SID, p);
1498         }
1499         read_unlock(&tasklist_lock);
1500
1501         spin_lock_irqsave(&tty->ctrl_lock, flags);
1502         tty->flags = 0;
1503         put_pid(tty->session);
1504         put_pid(tty->pgrp);
1505         tty->session = NULL;
1506         tty->pgrp = NULL;
1507         tty->ctrl_status = 0;
1508         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1509
1510         /*
1511          * If one of the devices matches a console pointer, we
1512          * cannot just call hangup() because that will cause
1513          * tty->count and state->count to go out of sync.
1514          * So we just call close() the right number of times.
1515          */
1516         if (cons_filp) {
1517                 if (tty->ops->close)
1518                         for (n = 0; n < closecount; n++)
1519                                 tty->ops->close(tty, cons_filp);
1520         } else if (tty->ops->hangup)
1521                 (tty->ops->hangup)(tty);
1522         /*
1523          * We don't want to have driver/ldisc interactions beyond
1524          * the ones we did here. The driver layer expects no
1525          * calls after ->hangup() from the ldisc side. However we
1526          * can't yet guarantee all that.
1527          */
1528         set_bit(TTY_HUPPED, &tty->flags);
1529         if (ld) {
1530                 tty_ldisc_enable(tty);
1531                 tty_ldisc_deref(ld);
1532         }
1533         unlock_kernel();
1534         if (f)
1535                 fput(f);
1536 }
1537
1538 /**
1539  *      tty_hangup              -       trigger a hangup event
1540  *      @tty: tty to hangup
1541  *
1542  *      A carrier loss (virtual or otherwise) has occurred on this like
1543  *      schedule a hangup sequence to run after this event.
1544  */
1545
1546 void tty_hangup(struct tty_struct *tty)
1547 {
1548 #ifdef TTY_DEBUG_HANGUP
1549         char    buf[64];
1550         printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
1551 #endif
1552         schedule_work(&tty->hangup_work);
1553 }
1554
1555 EXPORT_SYMBOL(tty_hangup);
1556
1557 /**
1558  *      tty_vhangup             -       process vhangup
1559  *      @tty: tty to hangup
1560  *
1561  *      The user has asked via system call for the terminal to be hung up.
1562  *      We do this synchronously so that when the syscall returns the process
1563  *      is complete. That guarantee is necessary for security reasons.
1564  */
1565
1566 void tty_vhangup(struct tty_struct *tty)
1567 {
1568 #ifdef TTY_DEBUG_HANGUP
1569         char    buf[64];
1570
1571         printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
1572 #endif
1573         do_tty_hangup(&tty->hangup_work);
1574 }
1575
1576 EXPORT_SYMBOL(tty_vhangup);
1577
1578 /**
1579  *      tty_hung_up_p           -       was tty hung up
1580  *      @filp: file pointer of tty
1581  *
1582  *      Return true if the tty has been subject to a vhangup or a carrier
1583  *      loss
1584  */
1585
1586 int tty_hung_up_p(struct file *filp)
1587 {
1588         return (filp->f_op == &hung_up_tty_fops);
1589 }
1590
1591 EXPORT_SYMBOL(tty_hung_up_p);
1592
1593 /**
1594  *      is_tty  -       checker whether file is a TTY
1595  *      @filp:          file handle that may be a tty
1596  *
1597  *      Check if the file handle is a tty handle.
1598  */
1599
1600 int is_tty(struct file *filp)
1601 {
1602         return filp->f_op->read == tty_read
1603                 || filp->f_op->read == hung_up_tty_read;
1604 }
1605
1606 static void session_clear_tty(struct pid *session)
1607 {
1608         struct task_struct *p;
1609         do_each_pid_task(session, PIDTYPE_SID, p) {
1610                 proc_clear_tty(p);
1611         } while_each_pid_task(session, PIDTYPE_SID, p);
1612 }
1613
1614 /**
1615  *      disassociate_ctty       -       disconnect controlling tty
1616  *      @on_exit: true if exiting so need to "hang up" the session
1617  *
1618  *      This function is typically called only by the session leader, when
1619  *      it wants to disassociate itself from its controlling tty.
1620  *
1621  *      It performs the following functions:
1622  *      (1)  Sends a SIGHUP and SIGCONT to the foreground process group
1623  *      (2)  Clears the tty from being controlling the session
1624  *      (3)  Clears the controlling tty for all processes in the
1625  *              session group.
1626  *
1627  *      The argument on_exit is set to 1 if called when a process is
1628  *      exiting; it is 0 if called by the ioctl TIOCNOTTY.
1629  *
1630  *      Locking:
1631  *              BKL is taken for hysterical raisins
1632  *                tty_mutex is taken to protect tty
1633  *                ->siglock is taken to protect ->signal/->sighand
1634  *                tasklist_lock is taken to walk process list for sessions
1635  *                  ->siglock is taken to protect ->signal/->sighand
1636  */
1637
1638 void disassociate_ctty(int on_exit)
1639 {
1640         struct tty_struct *tty;
1641         struct pid *tty_pgrp = NULL;
1642
1643
1644         mutex_lock(&tty_mutex);
1645         tty = get_current_tty();
1646         if (tty) {
1647                 tty_pgrp = get_pid(tty->pgrp);
1648                 mutex_unlock(&tty_mutex);
1649                 lock_kernel();
1650                 /* XXX: here we race, there is nothing protecting tty */
1651                 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY)
1652                         tty_vhangup(tty);
1653                 unlock_kernel();
1654         } else if (on_exit) {
1655                 struct pid *old_pgrp;
1656                 spin_lock_irq(&current->sighand->siglock);
1657                 old_pgrp = current->signal->tty_old_pgrp;
1658                 current->signal->tty_old_pgrp = NULL;
1659                 spin_unlock_irq(&current->sighand->siglock);
1660                 if (old_pgrp) {
1661                         kill_pgrp(old_pgrp, SIGHUP, on_exit);
1662                         kill_pgrp(old_pgrp, SIGCONT, on_exit);
1663                         put_pid(old_pgrp);
1664                 }
1665                 mutex_unlock(&tty_mutex);
1666                 return;
1667         }
1668         if (tty_pgrp) {
1669                 kill_pgrp(tty_pgrp, SIGHUP, on_exit);
1670                 if (!on_exit)
1671                         kill_pgrp(tty_pgrp, SIGCONT, on_exit);
1672                 put_pid(tty_pgrp);
1673         }
1674
1675         spin_lock_irq(&current->sighand->siglock);
1676         put_pid(current->signal->tty_old_pgrp);
1677         current->signal->tty_old_pgrp = NULL;
1678         spin_unlock_irq(&current->sighand->siglock);
1679
1680         mutex_lock(&tty_mutex);
1681         /* It is possible that do_tty_hangup has free'd this tty */
1682         tty = get_current_tty();
1683         if (tty) {
1684                 unsigned long flags;
1685                 spin_lock_irqsave(&tty->ctrl_lock, flags);
1686                 put_pid(tty->session);
1687                 put_pid(tty->pgrp);
1688                 tty->session = NULL;
1689                 tty->pgrp = NULL;
1690                 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1691         } else {
1692 #ifdef TTY_DEBUG_HANGUP
1693                 printk(KERN_DEBUG "error attempted to write to tty [0x%p]"
1694                        " = NULL", tty);
1695 #endif
1696         }
1697         mutex_unlock(&tty_mutex);
1698
1699         /* Now clear signal->tty under the lock */
1700         read_lock(&tasklist_lock);
1701         session_clear_tty(task_session(current));
1702         read_unlock(&tasklist_lock);
1703 }
1704
1705 /**
1706  *
1707  *      no_tty  - Ensure the current process does not have a controlling tty
1708  */
1709 void no_tty(void)
1710 {
1711         struct task_struct *tsk = current;
1712         lock_kernel();
1713         if (tsk->signal->leader)
1714                 disassociate_ctty(0);
1715         unlock_kernel();
1716         proc_clear_tty(tsk);
1717 }
1718
1719
1720 /**
1721  *      stop_tty        -       propagate flow control
1722  *      @tty: tty to stop
1723  *
1724  *      Perform flow control to the driver. For PTY/TTY pairs we
1725  *      must also propagate the TIOCKPKT status. May be called
1726  *      on an already stopped device and will not re-call the driver
1727  *      method.
1728  *
1729  *      This functionality is used by both the line disciplines for
1730  *      halting incoming flow and by the driver. It may therefore be
1731  *      called from any context, may be under the tty atomic_write_lock
1732  *      but not always.
1733  *
1734  *      Locking:
1735  *              Uses the tty control lock internally
1736  */
1737
1738 void stop_tty(struct tty_struct *tty)
1739 {
1740         unsigned long flags;
1741         spin_lock_irqsave(&tty->ctrl_lock, flags);
1742         if (tty->stopped) {
1743                 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1744                 return;
1745         }
1746         tty->stopped = 1;
1747         if (tty->link && tty->link->packet) {
1748                 tty->ctrl_status &= ~TIOCPKT_START;
1749                 tty->ctrl_status |= TIOCPKT_STOP;
1750                 wake_up_interruptible(&tty->link->read_wait);
1751         }
1752         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1753         if (tty->ops->stop)
1754                 (tty->ops->stop)(tty);
1755 }
1756
1757 EXPORT_SYMBOL(stop_tty);
1758
1759 /**
1760  *      start_tty       -       propagate flow control
1761  *      @tty: tty to start
1762  *
1763  *      Start a tty that has been stopped if at all possible. Perform
1764  *      any necessary wakeups and propagate the TIOCPKT status. If this
1765  *      is the tty was previous stopped and is being started then the
1766  *      driver start method is invoked and the line discipline woken.
1767  *
1768  *      Locking:
1769  *              ctrl_lock
1770  */
1771
1772 void start_tty(struct tty_struct *tty)
1773 {
1774         unsigned long flags;
1775         spin_lock_irqsave(&tty->ctrl_lock, flags);
1776         if (!tty->stopped || tty->flow_stopped) {
1777                 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1778                 return;
1779         }
1780         tty->stopped = 0;
1781         if (tty->link && tty->link->packet) {
1782                 tty->ctrl_status &= ~TIOCPKT_STOP;
1783                 tty->ctrl_status |= TIOCPKT_START;
1784                 wake_up_interruptible(&tty->link->read_wait);
1785         }
1786         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1787         if (tty->ops->start)
1788                 (tty->ops->start)(tty);
1789         /* If we have a running line discipline it may need kicking */
1790         tty_wakeup(tty);
1791 }
1792
1793 EXPORT_SYMBOL(start_tty);
1794
1795 /**
1796  *      tty_read        -       read method for tty device files
1797  *      @file: pointer to tty file
1798  *      @buf: user buffer
1799  *      @count: size of user buffer
1800  *      @ppos: unused
1801  *
1802  *      Perform the read system call function on this terminal device. Checks
1803  *      for hung up devices before calling the line discipline method.
1804  *
1805  *      Locking:
1806  *              Locks the line discipline internally while needed. Multiple
1807  *      read calls may be outstanding in parallel.
1808  */
1809
1810 static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
1811                         loff_t *ppos)
1812 {
1813         int i;
1814         struct tty_struct *tty;
1815         struct inode *inode;
1816         struct tty_ldisc *ld;
1817
1818         tty = (struct tty_struct *)file->private_data;
1819         inode = file->f_path.dentry->d_inode;
1820         if (tty_paranoia_check(tty, inode, "tty_read"))
1821                 return -EIO;
1822         if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
1823                 return -EIO;
1824
1825         /* We want to wait for the line discipline to sort out in this
1826            situation */
1827         ld = tty_ldisc_ref_wait(tty);
1828         if (ld->read)
1829                 i = (ld->read)(tty, file, buf, count);
1830         else
1831                 i = -EIO;
1832         tty_ldisc_deref(ld);
1833         if (i > 0)
1834                 inode->i_atime = current_fs_time(inode->i_sb);
1835         return i;
1836 }
1837
1838 void tty_write_unlock(struct tty_struct *tty)
1839 {
1840         mutex_unlock(&tty->atomic_write_lock);
1841         wake_up_interruptible(&tty->write_wait);
1842 }
1843
1844 int tty_write_lock(struct tty_struct *tty, int ndelay)
1845 {
1846         if (!mutex_trylock(&tty->atomic_write_lock)) {
1847                 if (ndelay)
1848                         return -EAGAIN;
1849                 if (mutex_lock_interruptible(&tty->atomic_write_lock))
1850                         return -ERESTARTSYS;
1851         }
1852         return 0;
1853 }
1854
1855 /*
1856  * Split writes up in sane blocksizes to avoid
1857  * denial-of-service type attacks
1858  */
1859 static inline ssize_t do_tty_write(
1860         ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1861         struct tty_struct *tty,
1862         struct file *file,
1863         const char __user *buf,
1864         size_t count)
1865 {
1866         ssize_t ret, written = 0;
1867         unsigned int chunk;
1868
1869         ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
1870         if (ret < 0)
1871                 return ret;
1872
1873         /*
1874          * We chunk up writes into a temporary buffer. This
1875          * simplifies low-level drivers immensely, since they
1876          * don't have locking issues and user mode accesses.
1877          *
1878          * But if TTY_NO_WRITE_SPLIT is set, we should use a
1879          * big chunk-size..
1880          *
1881          * The default chunk-size is 2kB, because the NTTY
1882          * layer has problems with bigger chunks. It will
1883          * claim to be able to handle more characters than
1884          * it actually does.
1885          *
1886          * FIXME: This can probably go away now except that 64K chunks
1887          * are too likely to fail unless switched to vmalloc...
1888          */
1889         chunk = 2048;
1890         if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1891                 chunk = 65536;
1892         if (count < chunk)
1893                 chunk = count;
1894
1895         /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1896         if (tty->write_cnt < chunk) {
1897                 unsigned char *buf;
1898
1899                 if (chunk < 1024)
1900                         chunk = 1024;
1901
1902                 buf = kmalloc(chunk, GFP_KERNEL);
1903                 if (!buf) {
1904                         ret = -ENOMEM;
1905                         goto out;
1906                 }
1907                 kfree(tty->write_buf);
1908                 tty->write_cnt = chunk;
1909                 tty->write_buf = buf;
1910         }
1911
1912         /* Do the write .. */
1913         for (;;) {
1914                 size_t size = count;
1915                 if (size > chunk)
1916                         size = chunk;
1917                 ret = -EFAULT;
1918                 if (copy_from_user(tty->write_buf, buf, size))
1919                         break;
1920                 ret = write(tty, file, tty->write_buf, size);
1921                 if (ret <= 0)
1922                         break;
1923                 written += ret;
1924                 buf += ret;
1925                 count -= ret;
1926                 if (!count)
1927                         break;
1928                 ret = -ERESTARTSYS;
1929                 if (signal_pending(current))
1930                         break;
1931                 cond_resched();
1932         }
1933         if (written) {
1934                 struct inode *inode = file->f_path.dentry->d_inode;
1935                 inode->i_mtime = current_fs_time(inode->i_sb);
1936                 ret = written;
1937         }
1938 out:
1939         tty_write_unlock(tty);
1940         return ret;
1941 }
1942
1943
1944 /**
1945  *      tty_write               -       write method for tty device file
1946  *      @file: tty file pointer
1947  *      @buf: user data to write
1948  *      @count: bytes to write
1949  *      @ppos: unused
1950  *
1951  *      Write data to a tty device via the line discipline.
1952  *
1953  *      Locking:
1954  *              Locks the line discipline as required
1955  *              Writes to the tty driver are serialized by the atomic_write_lock
1956  *      and are then processed in chunks to the device. The line discipline
1957  *      write method will not be involked in parallel for each device
1958  *              The line discipline write method is called under the big
1959  *      kernel lock for historical reasons. New code should not rely on this.
1960  */
1961
1962 static ssize_t tty_write(struct file *file, const char __user *buf,
1963                                                 size_t count, loff_t *ppos)
1964 {
1965         struct tty_struct *tty;
1966         struct inode *inode = file->f_path.dentry->d_inode;
1967         ssize_t ret;
1968         struct tty_ldisc *ld;
1969
1970         tty = (struct tty_struct *)file->private_data;
1971         if (tty_paranoia_check(tty, inode, "tty_write"))
1972                 return -EIO;
1973         if (!tty || !tty->ops->write ||
1974                 (test_bit(TTY_IO_ERROR, &tty->flags)))
1975                         return -EIO;
1976         /* Short term debug to catch buggy drivers */
1977         if (tty->ops->write_room == NULL)
1978                 printk(KERN_ERR "tty driver %s lacks a write_room method.\n",
1979                         tty->driver->name);
1980         ld = tty_ldisc_ref_wait(tty);
1981         if (!ld->write)
1982                 ret = -EIO;
1983         else
1984                 ret = do_tty_write(ld->write, tty, file, buf, count);
1985         tty_ldisc_deref(ld);
1986         return ret;
1987 }
1988
1989 ssize_t redirected_tty_write(struct file *file, const char __user *buf,
1990                                                 size_t count, loff_t *ppos)
1991 {
1992         struct file *p = NULL;
1993
1994         spin_lock(&redirect_lock);
1995         if (redirect) {
1996                 get_file(redirect);
1997                 p = redirect;
1998         }
1999         spin_unlock(&redirect_lock);
2000
2001         if (p) {
2002                 ssize_t res;
2003                 res = vfs_write(p, buf, count, &p->f_pos);
2004                 fput(p);
2005                 return res;
2006         }
2007         return tty_write(file, buf, count, ppos);
2008 }
2009
2010 static char ptychar[] = "pqrstuvwxyzabcde";
2011
2012 /**
2013  *      pty_line_name   -       generate name for a pty
2014  *      @driver: the tty driver in use
2015  *      @index: the minor number
2016  *      @p: output buffer of at least 6 bytes
2017  *
2018  *      Generate a name from a driver reference and write it to the output
2019  *      buffer.
2020  *
2021  *      Locking: None
2022  */
2023 static void pty_line_name(struct tty_driver *driver, int index, char *p)
2024 {
2025         int i = index + driver->name_base;
2026         /* ->name is initialized to "ttyp", but "tty" is expected */
2027         sprintf(p, "%s%c%x",
2028                 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
2029                 ptychar[i >> 4 & 0xf], i & 0xf);
2030 }
2031
2032 /**
2033  *      pty_line_name   -       generate name for a tty
2034  *      @driver: the tty driver in use
2035  *      @index: the minor number
2036  *      @p: output buffer of at least 7 bytes
2037  *
2038  *      Generate a name from a driver reference and write it to the output
2039  *      buffer.
2040  *
2041  *      Locking: None
2042  */
2043 static void tty_line_name(struct tty_driver *driver, int index, char *p)
2044 {
2045         sprintf(p, "%s%d", driver->name, index + driver->name_base);
2046 }
2047
2048 /**
2049  *      init_dev                -       initialise a tty device
2050  *      @driver: tty driver we are opening a device on
2051  *      @idx: device index
2052  *      @tty: returned tty structure
2053  *
2054  *      Prepare a tty device. This may not be a "new" clean device but
2055  *      could also be an active device. The pty drivers require special
2056  *      handling because of this.
2057  *
2058  *      Locking:
2059  *              The function is called under the tty_mutex, which
2060  *      protects us from the tty struct or driver itself going away.
2061  *
2062  *      On exit the tty device has the line discipline attached and
2063  *      a reference count of 1. If a pair was created for pty/tty use
2064  *      and the other was a pty master then it too has a reference count of 1.
2065  *
2066  * WSH 06/09/97: Rewritten to remove races and properly clean up after a
2067  * failed open.  The new code protects the open with a mutex, so it's
2068  * really quite straightforward.  The mutex locking can probably be
2069  * relaxed for the (most common) case of reopening a tty.
2070  */
2071
2072 static int init_dev(struct tty_driver *driver, int idx,
2073         struct tty_struct **ret_tty)
2074 {
2075         struct tty_struct *tty, *o_tty;
2076         struct ktermios *tp, **tp_loc, *o_tp, **o_tp_loc;
2077         struct ktermios *ltp, **ltp_loc, *o_ltp, **o_ltp_loc;
2078         int retval = 0;
2079
2080         /* check whether we're reopening an existing tty */
2081         if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
2082                 tty = devpts_get_tty(idx);
2083                 /*
2084                  * If we don't have a tty here on a slave open, it's because
2085                  * the master already started the close process and there's
2086                  * no relation between devpts file and tty anymore.
2087                  */
2088                 if (!tty && driver->subtype == PTY_TYPE_SLAVE) {
2089                         retval = -EIO;
2090                         goto end_init;
2091                 }
2092                 /*
2093                  * It's safe from now on because init_dev() is called with
2094                  * tty_mutex held and release_dev() won't change tty->count
2095                  * or tty->flags without having to grab tty_mutex
2096                  */
2097                 if (tty && driver->subtype == PTY_TYPE_MASTER)
2098                         tty = tty->link;
2099         } else {
2100                 tty = driver->ttys[idx];
2101         }
2102         if (tty) goto fast_track;
2103
2104         /*
2105          * First time open is complex, especially for PTY devices.
2106          * This code guarantees that either everything succeeds and the
2107          * TTY is ready for operation, or else the table slots are vacated
2108          * and the allocated memory released.  (Except that the termios
2109          * and locked termios may be retained.)
2110          */
2111
2112         if (!try_module_get(driver->owner)) {
2113                 retval = -ENODEV;
2114                 goto end_init;
2115         }
2116
2117         o_tty = NULL;
2118         tp = o_tp = NULL;
2119         ltp = o_ltp = NULL;
2120
2121         tty = alloc_tty_struct();
2122         if (!tty)
2123                 goto fail_no_mem;
2124         initialize_tty_struct(tty);
2125         tty->driver = driver;
2126         tty->ops = driver->ops;
2127         tty->index = idx;
2128         tty_line_name(driver, idx, tty->name);
2129
2130         if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
2131                 tp_loc = &tty->termios;
2132                 ltp_loc = &tty->termios_locked;
2133         } else {
2134                 tp_loc = &driver->termios[idx];
2135                 ltp_loc = &driver->termios_locked[idx];
2136         }
2137
2138         if (!*tp_loc) {
2139                 tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
2140                 if (!tp)
2141                         goto free_mem_out;
2142                 *tp = driver->init_termios;
2143         }
2144
2145         if (!*ltp_loc) {
2146                 ltp = kzalloc(sizeof(struct ktermios), GFP_KERNEL);
2147                 if (!ltp)
2148                         goto free_mem_out;
2149         }
2150
2151         if (driver->type == TTY_DRIVER_TYPE_PTY) {
2152                 o_tty = alloc_tty_struct();
2153                 if (!o_tty)
2154                         goto free_mem_out;
2155                 initialize_tty_struct(o_tty);
2156                 o_tty->driver = driver->other;
2157                 o_tty->ops = driver->ops;
2158                 o_tty->index = idx;
2159                 tty_line_name(driver->other, idx, o_tty->name);
2160
2161                 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
2162                         o_tp_loc = &o_tty->termios;
2163                         o_ltp_loc = &o_tty->termios_locked;
2164                 } else {
2165                         o_tp_loc = &driver->other->termios[idx];
2166                         o_ltp_loc = &driver->other->termios_locked[idx];
2167                 }
2168
2169                 if (!*o_tp_loc) {
2170                         o_tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
2171                         if (!o_tp)
2172                                 goto free_mem_out;
2173                         *o_tp = driver->other->init_termios;
2174                 }
2175
2176                 if (!*o_ltp_loc) {
2177                         o_ltp = kzalloc(sizeof(struct ktermios), GFP_KERNEL);
2178                         if (!o_ltp)
2179                                 goto free_mem_out;
2180                 }
2181
2182                 /*
2183                  * Everything allocated ... set up the o_tty structure.
2184                  */
2185                 if (!(driver->other->flags & TTY_DRIVER_DEVPTS_MEM))
2186                         driver->other->ttys[idx] = o_tty;
2187                 if (!*o_tp_loc)
2188                         *o_tp_loc = o_tp;
2189                 if (!*o_ltp_loc)
2190                         *o_ltp_loc = o_ltp;
2191                 o_tty->termios = *o_tp_loc;
2192                 o_tty->termios_locked = *o_ltp_loc;
2193                 driver->other->refcount++;
2194                 if (driver->subtype == PTY_TYPE_MASTER)
2195                         o_tty->count++;
2196
2197                 /* Establish the links in both directions */
2198                 tty->link   = o_tty;
2199                 o_tty->link = tty;
2200         }
2201
2202         /*
2203          * All structures have been allocated, so now we install them.
2204          * Failures after this point use release_tty to clean up, so
2205          * there's no need to null out the local pointers.
2206          */
2207         if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM))
2208                 driver->ttys[idx] = tty;
2209
2210         if (!*tp_loc)
2211                 *tp_loc = tp;
2212         if (!*ltp_loc)
2213                 *ltp_loc = ltp;
2214         tty->termios = *tp_loc;
2215         tty->termios_locked = *ltp_loc;
2216         /* Compatibility until drivers always set this */
2217         tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
2218         tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
2219         driver->refcount++;
2220         tty->count++;
2221
2222         /*
2223          * Structures all installed ... call the ldisc open routines.
2224          * If we fail here just call release_tty to clean up.  No need
2225          * to decrement the use counts, as release_tty doesn't care.
2226          */
2227
2228         if (tty->ldisc.open) {
2229                 retval = (tty->ldisc.open)(tty);
2230                 if (retval)
2231                         goto release_mem_out;
2232         }
2233         if (o_tty && o_tty->ldisc.open) {
2234                 retval = (o_tty->ldisc.open)(o_tty);
2235                 if (retval) {
2236                         if (tty->ldisc.close)
2237                                 (tty->ldisc.close)(tty);
2238                         goto release_mem_out;
2239                 }
2240                 tty_ldisc_enable(o_tty);
2241         }
2242         tty_ldisc_enable(tty);
2243         goto success;
2244
2245         /*
2246          * This fast open can be used if the tty is already open.
2247          * No memory is allocated, and the only failures are from
2248          * attempting to open a closing tty or attempting multiple
2249          * opens on a pty master.
2250          */
2251 fast_track:
2252         if (test_bit(TTY_CLOSING, &tty->flags)) {
2253                 retval = -EIO;
2254                 goto end_init;
2255         }
2256         if (driver->type == TTY_DRIVER_TYPE_PTY &&
2257             driver->subtype == PTY_TYPE_MASTER) {
2258                 /*
2259                  * special case for PTY masters: only one open permitted,
2260                  * and the slave side open count is incremented as well.
2261                  */
2262                 if (tty->count) {
2263                         retval = -EIO;
2264                         goto end_init;
2265                 }
2266                 tty->link->count++;
2267         }
2268         tty->count++;
2269         tty->driver = driver; /* N.B. why do this every time?? */
2270
2271         /* FIXME */
2272         if (!test_bit(TTY_LDISC, &tty->flags))
2273                 printk(KERN_ERR "init_dev but no ldisc\n");
2274 success:
2275         *ret_tty = tty;
2276
2277         /* All paths come through here to release the mutex */
2278 end_init:
2279         return retval;
2280
2281         /* Release locally allocated memory ... nothing placed in slots */
2282 free_mem_out:
2283         kfree(o_tp);
2284         if (o_tty)
2285                 free_tty_struct(o_tty);
2286         kfree(ltp);
2287         kfree(tp);
2288         free_tty_struct(tty);
2289
2290 fail_no_mem:
2291         module_put(driver->owner);
2292         retval = -ENOMEM;
2293         goto end_init;
2294
2295         /* call the tty release_tty routine to clean out this slot */
2296 release_mem_out:
2297         if (printk_ratelimit())
2298                 printk(KERN_INFO "init_dev: ldisc open failed, "
2299                                  "clearing slot %d\n", idx);
2300         release_tty(tty, idx);
2301         goto end_init;
2302 }
2303
2304 /**
2305  *      release_one_tty         -       release tty structure memory
2306  *
2307  *      Releases memory associated with a tty structure, and clears out the
2308  *      driver table slots. This function is called when a device is no longer
2309  *      in use. It also gets called when setup of a device fails.
2310  *
2311  *      Locking:
2312  *              tty_mutex - sometimes only
2313  *              takes the file list lock internally when working on the list
2314  *      of ttys that the driver keeps.
2315  *              FIXME: should we require tty_mutex is held here ??
2316  */
2317 static void release_one_tty(struct tty_struct *tty, int idx)
2318 {
2319         int devpts = tty->driver->flags & TTY_DRIVER_DEVPTS_MEM;
2320         struct ktermios *tp;
2321
2322         if (!devpts)
2323                 tty->driver->ttys[idx] = NULL;
2324
2325         if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
2326                 tp = tty->termios;
2327                 if (!devpts)
2328                         tty->driver->termios[idx] = NULL;
2329                 kfree(tp);
2330
2331                 tp = tty->termios_locked;
2332                 if (!devpts)
2333                         tty->driver->termios_locked[idx] = NULL;
2334                 kfree(tp);
2335         }
2336
2337
2338         tty->magic = 0;
2339         tty->driver->refcount--;
2340
2341         file_list_lock();
2342         list_del_init(&tty->tty_files);
2343         file_list_unlock();
2344
2345         free_tty_struct(tty);
2346 }
2347
2348 /**
2349  *      release_tty             -       release tty structure memory
2350  *
2351  *      Release both @tty and a possible linked partner (think pty pair),
2352  *      and decrement the refcount of the backing module.
2353  *
2354  *      Locking:
2355  *              tty_mutex - sometimes only
2356  *              takes the file list lock internally when working on the list
2357  *      of ttys that the driver keeps.
2358  *              FIXME: should we require tty_mutex is held here ??
2359  */
2360 static void release_tty(struct tty_struct *tty, int idx)
2361 {
2362         struct tty_driver *driver = tty->driver;
2363
2364         if (tty->link)
2365                 release_one_tty(tty->link, idx);
2366         release_one_tty(tty, idx);
2367         module_put(driver->owner);
2368 }
2369
2370 /*
2371  * Even releasing the tty structures is a tricky business.. We have
2372  * to be very careful that the structures are all released at the
2373  * same time, as interrupts might otherwise get the wrong pointers.
2374  *
2375  * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
2376  * lead to double frees or releasing memory still in use.
2377  */
2378 static void release_dev(struct file *filp)
2379 {
2380         struct tty_struct *tty, *o_tty;
2381         int     pty_master, tty_closing, o_tty_closing, do_sleep;
2382         int     devpts;
2383         int     idx;
2384         char    buf[64];
2385         unsigned long flags;
2386
2387         tty = (struct tty_struct *)filp->private_data;
2388         if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode,
2389                                                         "release_dev"))
2390                 return;
2391
2392         check_tty_count(tty, "release_dev");
2393
2394         tty_fasync(-1, filp, 0);
2395
2396         idx = tty->index;
2397         pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2398                       tty->driver->subtype == PTY_TYPE_MASTER);
2399         devpts = (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) != 0;
2400         o_tty = tty->link;
2401
2402 #ifdef TTY_PARANOIA_CHECK
2403         if (idx < 0 || idx >= tty->driver->num) {
2404                 printk(KERN_DEBUG "release_dev: bad idx when trying to "
2405                                   "free (%s)\n", tty->name);
2406                 return;
2407         }
2408         if (!(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2409                 if (tty != tty->driver->ttys[idx]) {
2410                         printk(KERN_DEBUG "release_dev: driver.table[%d] not tty "
2411                                "for (%s)\n", idx, tty->name);
2412                         return;
2413                 }
2414                 if (tty->termios != tty->driver->termios[idx]) {
2415                         printk(KERN_DEBUG "release_dev: driver.termios[%d] not termios "
2416                                "for (%s)\n",
2417                                idx, tty->name);
2418                         return;
2419                 }
2420                 if (tty->termios_locked != tty->driver->termios_locked[idx]) {
2421                         printk(KERN_DEBUG "release_dev: driver.termios_locked[%d] not "
2422                                "termios_locked for (%s)\n",
2423                                idx, tty->name);
2424                         return;
2425                 }
2426         }
2427 #endif
2428
2429 #ifdef TTY_DEBUG_HANGUP
2430         printk(KERN_DEBUG "release_dev of %s (tty count=%d)...",
2431                tty_name(tty, buf), tty->count);
2432 #endif
2433
2434 #ifdef TTY_PARANOIA_CHECK
2435         if (tty->driver->other &&
2436              !(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2437                 if (o_tty != tty->driver->other->ttys[idx]) {
2438                         printk(KERN_DEBUG "release_dev: other->table[%d] "
2439                                           "not o_tty for (%s)\n",
2440                                idx, tty->name);
2441                         return;
2442                 }
2443                 if (o_tty->termios != tty->driver->other->termios[idx]) {
2444                         printk(KERN_DEBUG "release_dev: other->termios[%d] "
2445                                           "not o_termios for (%s)\n",
2446                                idx, tty->name);
2447                         return;
2448                 }
2449                 if (o_tty->termios_locked !=
2450                       tty->driver->other->termios_locked[idx]) {
2451                         printk(KERN_DEBUG "release_dev: other->termios_locked["
2452                                           "%d] not o_termios_locked for (%s)\n",
2453                                idx, tty->name);
2454                         return;
2455                 }
2456                 if (o_tty->link != tty) {
2457                         printk(KERN_DEBUG "release_dev: bad pty pointers\n");
2458                         return;
2459                 }
2460         }
2461 #endif
2462         if (tty->ops->close)
2463                 tty->ops->close(tty, filp);
2464
2465         /*
2466          * Sanity check: if tty->count is going to zero, there shouldn't be
2467          * any waiters on tty->read_wait or tty->write_wait.  We test the
2468          * wait queues and kick everyone out _before_ actually starting to
2469          * close.  This ensures that we won't block while releasing the tty
2470          * structure.
2471          *
2472          * The test for the o_tty closing is necessary, since the master and
2473          * slave sides may close in any order.  If the slave side closes out
2474          * first, its count will be one, since the master side holds an open.
2475          * Thus this test wouldn't be triggered at the time the slave closes,
2476          * so we do it now.
2477          *
2478          * Note that it's possible for the tty to be opened again while we're
2479          * flushing out waiters.  By recalculating the closing flags before
2480          * each iteration we avoid any problems.
2481          */
2482         while (1) {
2483                 /* Guard against races with tty->count changes elsewhere and
2484                    opens on /dev/tty */
2485
2486                 mutex_lock(&tty_mutex);
2487                 tty_closing = tty->count <= 1;
2488                 o_tty_closing = o_tty &&
2489                         (o_tty->count <= (pty_master ? 1 : 0));
2490                 do_sleep = 0;
2491
2492                 if (tty_closing) {
2493                         if (waitqueue_active(&tty->read_wait)) {
2494                                 wake_up(&tty->read_wait);
2495                                 do_sleep++;
2496                         }
2497                         if (waitqueue_active(&tty->write_wait)) {
2498                                 wake_up(&tty->write_wait);
2499                                 do_sleep++;
2500                         }
2501                 }
2502                 if (o_tty_closing) {
2503                         if (waitqueue_active(&o_tty->read_wait)) {
2504                                 wake_up(&o_tty->read_wait);
2505                                 do_sleep++;
2506                         }
2507                         if (waitqueue_active(&o_tty->write_wait)) {
2508                                 wake_up(&o_tty->write_wait);
2509                                 do_sleep++;
2510                         }
2511                 }
2512                 if (!do_sleep)
2513                         break;
2514
2515                 printk(KERN_WARNING "release_dev: %s: read/write wait queue "
2516                                     "active!\n", tty_name(tty, buf));
2517                 mutex_unlock(&tty_mutex);
2518                 schedule();
2519         }
2520
2521         /*
2522          * The closing flags are now consistent with the open counts on
2523          * both sides, and we've completed the last operation that could
2524          * block, so it's safe to proceed with closing.
2525          */
2526         if (pty_master) {
2527                 if (--o_tty->count < 0) {
2528                         printk(KERN_WARNING "release_dev: bad pty slave count "
2529                                             "(%d) for %s\n",
2530                                o_tty->count, tty_name(o_tty, buf));
2531                         o_tty->count = 0;
2532                 }
2533         }
2534         if (--tty->count < 0) {
2535                 printk(KERN_WARNING "release_dev: bad tty->count (%d) for %s\n",
2536                        tty->count, tty_name(tty, buf));
2537                 tty->count = 0;
2538         }
2539
2540         /*
2541          * We've decremented tty->count, so we need to remove this file
2542          * descriptor off the tty->tty_files list; this serves two
2543          * purposes:
2544          *  - check_tty_count sees the correct number of file descriptors
2545          *    associated with this tty.
2546          *  - do_tty_hangup no longer sees this file descriptor as
2547          *    something that needs to be handled for hangups.
2548          */
2549         file_kill(filp);
2550         filp->private_data = NULL;
2551
2552         /*
2553          * Perform some housekeeping before deciding whether to return.
2554          *
2555          * Set the TTY_CLOSING flag if this was the last open.  In the
2556          * case of a pty we may have to wait around for the other side
2557          * to close, and TTY_CLOSING makes sure we can't be reopened.
2558          */
2559         if (tty_closing)
2560                 set_bit(TTY_CLOSING, &tty->flags);
2561         if (o_tty_closing)
2562                 set_bit(TTY_CLOSING, &o_tty->flags);
2563
2564         /*
2565          * If _either_ side is closing, make sure there aren't any
2566          * processes that still think tty or o_tty is their controlling
2567          * tty.
2568          */
2569         if (tty_closing || o_tty_closing) {
2570                 read_lock(&tasklist_lock);
2571                 session_clear_tty(tty->session);
2572                 if (o_tty)
2573                         session_clear_tty(o_tty->session);
2574                 read_unlock(&tasklist_lock);
2575         }
2576
2577         mutex_unlock(&tty_mutex);
2578
2579         /* check whether both sides are closing ... */
2580         if (!tty_closing || (o_tty && !o_tty_closing))
2581                 return;
2582
2583 #ifdef TTY_DEBUG_HANGUP
2584         printk(KERN_DEBUG "freeing tty structure...");
2585 #endif
2586         /*
2587          * Prevent flush_to_ldisc() from rescheduling the work for later.  Then
2588          * kill any delayed work. As this is the final close it does not
2589          * race with the set_ldisc code path.
2590          */
2591         clear_bit(TTY_LDISC, &tty->flags);
2592         cancel_delayed_work(&tty->buf.work);
2593
2594         /*
2595          * Wait for ->hangup_work and ->buf.work handlers to terminate
2596          */
2597
2598         flush_scheduled_work();
2599
2600         /*
2601          * Wait for any short term users (we know they are just driver
2602          * side waiters as the file is closing so user count on the file
2603          * side is zero.
2604          */
2605         spin_lock_irqsave(&tty_ldisc_lock, flags);
2606         while (tty->ldisc.refcount) {
2607                 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
2608                 wait_event(tty_ldisc_wait, tty->ldisc.refcount == 0);
2609                 spin_lock_irqsave(&tty_ldisc_lock, flags);
2610         }
2611         spin_unlock_irqrestore(&tty_ldisc_lock, flags);
2612         /*
2613          * Shutdown the current line discipline, and reset it to N_TTY.
2614          * N.B. why reset ldisc when we're releasing the memory??
2615          *
2616          * FIXME: this MUST get fixed for the new reflocking
2617          */
2618         if (tty->ldisc.close)
2619                 (tty->ldisc.close)(tty);
2620         tty_ldisc_put(tty->ldisc.num);
2621
2622         /*
2623          *      Switch the line discipline back
2624          */
2625         tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
2626         tty_set_termios_ldisc(tty, N_TTY);
2627         if (o_tty) {
2628                 /* FIXME: could o_tty be in setldisc here ? */
2629                 clear_bit(TTY_LDISC, &o_tty->flags);
2630                 if (o_tty->ldisc.close)
2631                         (o_tty->ldisc.close)(o_tty);
2632                 tty_ldisc_put(o_tty->ldisc.num);
2633                 tty_ldisc_assign(o_tty, tty_ldisc_get(N_TTY));
2634                 tty_set_termios_ldisc(o_tty, N_TTY);
2635         }
2636         /*
2637          * The release_tty function takes care of the details of clearing
2638          * the slots and preserving the termios structure.
2639          */
2640         release_tty(tty, idx);
2641
2642         /* Make this pty number available for reallocation */
2643         if (devpts)
2644                 devpts_kill_index(idx);
2645 }
2646
2647 /**
2648  *      tty_open                -       open a tty device
2649  *      @inode: inode of device file
2650  *      @filp: file pointer to tty
2651  *
2652  *      tty_open and tty_release keep up the tty count that contains the
2653  *      number of opens done on a tty. We cannot use the inode-count, as
2654  *      different inodes might point to the same tty.
2655  *
2656  *      Open-counting is needed for pty masters, as well as for keeping
2657  *      track of serial lines: DTR is dropped when the last close happens.
2658  *      (This is not done solely through tty->count, now.  - Ted 1/27/92)
2659  *
2660  *      The termios state of a pty is reset on first open so that
2661  *      settings don't persist across reuse.
2662  *
2663  *      Locking: tty_mutex protects tty, get_tty_driver and init_dev work.
2664  *               tty->count should protect the rest.
2665  *               ->siglock protects ->signal/->sighand
2666  */
2667
2668 static int __tty_open(struct inode *inode, struct file *filp)
2669 {
2670         struct tty_struct *tty;
2671         int noctty, retval;
2672         struct tty_driver *driver;
2673         int index;
2674         dev_t device = inode->i_rdev;
2675         unsigned short saved_flags = filp->f_flags;
2676
2677         nonseekable_open(inode, filp);
2678
2679 retry_open:
2680         noctty = filp->f_flags & O_NOCTTY;
2681         index  = -1;
2682         retval = 0;
2683
2684         mutex_lock(&tty_mutex);
2685
2686         if (device == MKDEV(TTYAUX_MAJOR, 0)) {
2687                 tty = get_current_tty();
2688                 if (!tty) {
2689                         mutex_unlock(&tty_mutex);
2690                         return -ENXIO;
2691                 }
2692                 driver = tty->driver;
2693                 index = tty->index;
2694                 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
2695                 /* noctty = 1; */
2696                 goto got_driver;
2697         }
2698 #ifdef CONFIG_VT
2699         if (device == MKDEV(TTY_MAJOR, 0)) {
2700                 extern struct tty_driver *console_driver;
2701                 driver = console_driver;
2702                 index = fg_console;
2703                 noctty = 1;
2704                 goto got_driver;
2705         }
2706 #endif
2707         if (device == MKDEV(TTYAUX_MAJOR, 1)) {
2708                 driver = console_device(&index);
2709                 if (driver) {
2710                         /* Don't let /dev/console block */
2711                         filp->f_flags |= O_NONBLOCK;
2712                         noctty = 1;
2713                         goto got_driver;
2714                 }
2715                 mutex_unlock(&tty_mutex);
2716                 return -ENODEV;
2717         }
2718
2719         driver = get_tty_driver(device, &index);
2720         if (!driver) {
2721                 mutex_unlock(&tty_mutex);
2722                 return -ENODEV;
2723         }
2724 got_driver:
2725         retval = init_dev(driver, index, &tty);
2726         mutex_unlock(&tty_mutex);
2727         if (retval)
2728                 return retval;
2729
2730         filp->private_data = tty;
2731         file_move(filp, &tty->tty_files);
2732         check_tty_count(tty, "tty_open");
2733         if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2734             tty->driver->subtype == PTY_TYPE_MASTER)
2735                 noctty = 1;
2736 #ifdef TTY_DEBUG_HANGUP
2737         printk(KERN_DEBUG "opening %s...", tty->name);
2738 #endif
2739         if (!retval) {
2740                 if (tty->ops->open)
2741                         retval = tty->ops->open(tty, filp);
2742                 else
2743                         retval = -ENODEV;
2744         }
2745         filp->f_flags = saved_flags;
2746
2747         if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) &&
2748                                                 !capable(CAP_SYS_ADMIN))
2749                 retval = -EBUSY;
2750
2751         if (retval) {
2752 #ifdef TTY_DEBUG_HANGUP
2753                 printk(KERN_DEBUG "error %d in opening %s...", retval,
2754                        tty->name);
2755 #endif
2756                 release_dev(filp);
2757                 if (retval != -ERESTARTSYS)
2758                         return retval;
2759                 if (signal_pending(current))
2760                         return retval;
2761                 schedule();
2762                 /*
2763                  * Need to reset f_op in case a hangup happened.
2764                  */
2765                 if (filp->f_op == &hung_up_tty_fops)
2766                         filp->f_op = &tty_fops;
2767                 goto retry_open;
2768         }
2769
2770         mutex_lock(&tty_mutex);
2771         spin_lock_irq(&current->sighand->siglock);
2772         if (!noctty &&
2773             current->signal->leader &&
2774             !current->signal->tty &&
2775             tty->session == NULL)
2776                 __proc_set_tty(current, tty);
2777         spin_unlock_irq(&current->sighand->siglock);
2778         mutex_unlock(&tty_mutex);
2779         return 0;
2780 }
2781
2782 /* BKL pushdown: scary code avoidance wrapper */
2783 static int tty_open(struct inode *inode, struct file *filp)
2784 {
2785         int ret;
2786
2787         lock_kernel();
2788         ret = __tty_open(inode, filp);
2789         unlock_kernel();
2790         return ret;
2791 }
2792
2793
2794
2795 #ifdef CONFIG_UNIX98_PTYS
2796 /**
2797  *      ptmx_open               -       open a unix 98 pty master
2798  *      @inode: inode of device file
2799  *      @filp: file pointer to tty
2800  *
2801  *      Allocate a unix98 pty master device from the ptmx driver.
2802  *
2803  *      Locking: tty_mutex protects theinit_dev work. tty->count should
2804  *              protect the rest.
2805  *              allocated_ptys_lock handles the list of free pty numbers
2806  */
2807
2808 static int __ptmx_open(struct inode *inode, struct file *filp)
2809 {
2810         struct tty_struct *tty;
2811         int retval;
2812         int index;
2813
2814         nonseekable_open(inode, filp);
2815
2816         /* find a device that is not in use. */
2817         index = devpts_new_index();
2818         if (index < 0)
2819                 return index;
2820
2821         mutex_lock(&tty_mutex);
2822         retval = init_dev(ptm_driver, index, &tty);
2823         mutex_unlock(&tty_mutex);
2824
2825         if (retval)
2826                 goto out;
2827
2828         set_bit(TTY_PTY_LOCK, &tty->flags); /* LOCK THE SLAVE */
2829         filp->private_data = tty;
2830         file_move(filp, &tty->tty_files);
2831
2832         retval = devpts_pty_new(tty->link);
2833         if (retval)
2834                 goto out1;
2835
2836         check_tty_count(tty, "ptmx_open");
2837         retval = ptm_driver->ops->open(tty, filp);
2838         if (!retval)
2839                 return 0;
2840 out1:
2841         release_dev(filp);
2842         return retval;
2843 out:
2844         devpts_kill_index(index);
2845         return retval;
2846 }
2847
2848 static int ptmx_open(struct inode *inode, struct file *filp)
2849 {
2850         int ret;
2851
2852         lock_kernel();
2853         ret = __ptmx_open(inode, filp);
2854         unlock_kernel();
2855         return ret;
2856 }
2857 #endif
2858
2859 /**
2860  *      tty_release             -       vfs callback for close
2861  *      @inode: inode of tty
2862  *      @filp: file pointer for handle to tty
2863  *
2864  *      Called the last time each file handle is closed that references
2865  *      this tty. There may however be several such references.
2866  *
2867  *      Locking:
2868  *              Takes bkl. See release_dev
2869  */
2870
2871 static int tty_release(struct inode *inode, struct file *filp)
2872 {
2873         lock_kernel();
2874         release_dev(filp);
2875         unlock_kernel();
2876         return 0;
2877 }
2878
2879 /**
2880  *      tty_poll        -       check tty status
2881  *      @filp: file being polled
2882  *      @wait: poll wait structures to update
2883  *
2884  *      Call the line discipline polling method to obtain the poll
2885  *      status of the device.
2886  *
2887  *      Locking: locks called line discipline but ldisc poll method
2888  *      may be re-entered freely by other callers.
2889  */
2890
2891 static unsigned int tty_poll(struct file *filp, poll_table *wait)
2892 {
2893         struct tty_struct *tty;
2894         struct tty_ldisc *ld;
2895         int ret = 0;
2896
2897         tty = (struct tty_struct *)filp->private_data;
2898         if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_poll"))
2899                 return 0;
2900
2901         ld = tty_ldisc_ref_wait(tty);
2902         if (ld->poll)
2903                 ret = (ld->poll)(tty, filp, wait);
2904         tty_ldisc_deref(ld);
2905         return ret;
2906 }
2907
2908 static int tty_fasync(int fd, struct file *filp, int on)
2909 {
2910         struct tty_struct *tty;
2911         unsigned long flags;
2912         int retval = 0;
2913
2914         lock_kernel();
2915         tty = (struct tty_struct *)filp->private_data;
2916         if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_fasync"))
2917                 goto out;
2918
2919         retval = fasync_helper(fd, filp, on, &tty->fasync);
2920         if (retval <= 0)
2921                 goto out;
2922
2923         if (on) {
2924                 enum pid_type type;
2925                 struct pid *pid;
2926                 if (!waitqueue_active(&tty->read_wait))
2927                         tty->minimum_to_wake = 1;
2928                 spin_lock_irqsave(&tty->ctrl_lock, flags);
2929                 if (tty->pgrp) {
2930                         pid = tty->pgrp;
2931                         type = PIDTYPE_PGID;
2932                 } else {
2933                         pid = task_pid(current);
2934                         type = PIDTYPE_PID;
2935                 }
2936                 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2937                 retval = __f_setown(filp, pid, type, 0);
2938                 if (retval)
2939                         goto out;
2940         } else {
2941                 if (!tty->fasync && !waitqueue_active(&tty->read_wait))
2942                         tty->minimum_to_wake = N_TTY_BUF_SIZE;
2943         }
2944         retval = 0;
2945 out:
2946         unlock_kernel();
2947         return retval;
2948 }
2949
2950 /**
2951  *      tiocsti                 -       fake input character
2952  *      @tty: tty to fake input into
2953  *      @p: pointer to character
2954  *
2955  *      Fake input to a tty device. Does the necessary locking and
2956  *      input management.
2957  *
2958  *      FIXME: does not honour flow control ??
2959  *
2960  *      Locking:
2961  *              Called functions take tty_ldisc_lock
2962  *              current->signal->tty check is safe without locks
2963  *
2964  *      FIXME: may race normal receive processing
2965  */
2966
2967 static int tiocsti(struct tty_struct *tty, char __user *p)
2968 {
2969         char ch, mbz = 0;
2970         struct tty_ldisc *ld;
2971
2972         if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2973                 return -EPERM;
2974         if (get_user(ch, p))
2975                 return -EFAULT;
2976         ld = tty_ldisc_ref_wait(tty);
2977         ld->receive_buf(tty, &ch, &mbz, 1);
2978         tty_ldisc_deref(ld);
2979         return 0;
2980 }
2981
2982 /**
2983  *      tiocgwinsz              -       implement window query ioctl
2984  *      @tty; tty
2985  *      @arg: user buffer for result
2986  *
2987  *      Copies the kernel idea of the window size into the user buffer.
2988  *
2989  *      Locking: tty->termios_mutex is taken to ensure the winsize data
2990  *              is consistent.
2991  */
2992
2993 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2994 {
2995         int err;
2996
2997         mutex_lock(&tty->termios_mutex);
2998         err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2999         mutex_unlock(&tty->termios_mutex);
3000
3001         return err ? -EFAULT: 0;
3002 }
3003
3004 /**
3005  *      tiocswinsz              -       implement window size set ioctl
3006  *      @tty; tty
3007  *      @arg: user buffer for result
3008  *
3009  *      Copies the user idea of the window size to the kernel. Traditionally
3010  *      this is just advisory information but for the Linux console it
3011  *      actually has driver level meaning and triggers a VC resize.
3012  *
3013  *      Locking:
3014  *              Called function use the console_sem is used to ensure we do
3015  *      not try and resize the console twice at once.
3016  *              The tty->termios_mutex is used to ensure we don't double
3017  *      resize and get confused. Lock order - tty->termios_mutex before
3018  *      console sem
3019  */
3020
3021 static int tiocswinsz(struct tty_struct *tty, struct tty_struct *real_tty,
3022         struct winsize __user *arg)
3023 {
3024         struct winsize tmp_ws;
3025         struct pid *pgrp, *rpgrp;
3026         unsigned long flags;
3027
3028         if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
3029                 return -EFAULT;
3030
3031         mutex_lock(&tty->termios_mutex);
3032         if (!memcmp(&tmp_ws, &tty->winsize, sizeof(*arg)))
3033                 goto done;
3034
3035 #ifdef CONFIG_VT
3036         if (tty->driver->type == TTY_DRIVER_TYPE_CONSOLE) {
3037                 if (vc_lock_resize(tty->driver_data, tmp_ws.ws_col,
3038                                         tmp_ws.ws_row)) {
3039                         mutex_unlock(&tty->termios_mutex);
3040                         return -ENXIO;
3041                 }
3042         }
3043 #endif
3044         /* Get the PID values and reference them so we can
3045            avoid holding the tty ctrl lock while sending signals */
3046         spin_lock_irqsave(&tty->ctrl_lock, flags);
3047         pgrp = get_pid(tty->pgrp);
3048         rpgrp = get_pid(real_tty->pgrp);
3049         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
3050
3051         if (pgrp)
3052                 kill_pgrp(pgrp, SIGWINCH, 1);
3053         if (rpgrp != pgrp && rpgrp)
3054                 kill_pgrp(rpgrp, SIGWINCH, 1);
3055
3056         put_pid(pgrp);
3057         put_pid(rpgrp);
3058
3059         tty->winsize = tmp_ws;
3060         real_tty->winsize = tmp_ws;
3061 done:
3062         mutex_unlock(&tty->termios_mutex);
3063         return 0;
3064 }
3065
3066 /**
3067  *      tioccons        -       allow admin to move logical console
3068  *      @file: the file to become console
3069  *
3070  *      Allow the adminstrator to move the redirected console device
3071  *
3072  *      Locking: uses redirect_lock to guard the redirect information
3073  */
3074
3075 static int tioccons(struct file *file)
3076 {
3077         if (!capable(CAP_SYS_ADMIN))
3078                 return -EPERM;
3079         if (file->f_op->write == redirected_tty_write) {
3080                 struct file *f;
3081                 spin_lock(&redirect_lock);
3082                 f = redirect;
3083                 redirect = NULL;
3084                 spin_unlock(&redirect_lock);
3085                 if (f)
3086                         fput(f);
3087                 return 0;
3088         }
3089         spin_lock(&redirect_lock);
3090         if (redirect) {
3091                 spin_unlock(&redirect_lock);
3092                 return -EBUSY;
3093         }
3094         get_file(file);
3095         redirect = file;
3096         spin_unlock(&redirect_lock);
3097         return 0;
3098 }
3099
3100 /**
3101  *      fionbio         -       non blocking ioctl
3102  *      @file: file to set blocking value
3103  *      @p: user parameter
3104  *
3105  *      Historical tty interfaces had a blocking control ioctl before
3106  *      the generic functionality existed. This piece of history is preserved
3107  *      in the expected tty API of posix OS's.
3108  *
3109  *      Locking: none, the open fle handle ensures it won't go away.
3110  */
3111
3112 static int fionbio(struct file *file, int __user *p)
3113 {
3114         int nonblock;
3115
3116         if (get_user(nonblock, p))
3117                 return -EFAULT;
3118
3119         /* file->f_flags is still BKL protected in the fs layer - vomit */
3120         lock_kernel();
3121         if (nonblock)
3122                 file->f_flags |= O_NONBLOCK;
3123         else
3124                 file->f_flags &= ~O_NONBLOCK;
3125         unlock_kernel();
3126         return 0;
3127 }
3128
3129 /**
3130  *      tiocsctty       -       set controlling tty
3131  *      @tty: tty structure
3132  *      @arg: user argument
3133  *
3134  *      This ioctl is used to manage job control. It permits a session
3135  *      leader to set this tty as the controlling tty for the session.
3136  *
3137  *      Locking:
3138  *              Takes tty_mutex() to protect tty instance
3139  *              Takes tasklist_lock internally to walk sessions
3140  *              Takes ->siglock() when updating signal->tty
3141  */
3142
3143 static int tiocsctty(struct tty_struct *tty, int arg)
3144 {
3145         int ret = 0;
3146         if (current->signal->leader && (task_session(current) == tty->session))
3147                 return ret;
3148
3149         mutex_lock(&tty_mutex);
3150         /*
3151          * The process must be a session leader and
3152          * not have a controlling tty already.
3153          */
3154         if (!current->signal->leader || current->signal->tty) {
3155                 ret = -EPERM;
3156                 goto unlock;
3157         }
3158
3159         if (tty->session) {
3160                 /*
3161                  * This tty is already the controlling
3162                  * tty for another session group!
3163                  */
3164                 if (arg == 1 && capable(CAP_SYS_ADMIN)) {
3165                         /*
3166                          * Steal it away
3167                          */
3168                         read_lock(&tasklist_lock);
3169                         session_clear_tty(tty->session);
3170                         read_unlock(&tasklist_lock);
3171                 } else {
3172                         ret = -EPERM;
3173                         goto unlock;
3174                 }
3175         }
3176         proc_set_tty(current, tty);
3177 unlock:
3178         mutex_unlock(&tty_mutex);
3179         return ret;
3180 }
3181
3182 /**
3183  *      tty_get_pgrp    -       return a ref counted pgrp pid
3184  *      @tty: tty to read
3185  *
3186  *      Returns a refcounted instance of the pid struct for the process
3187  *      group controlling the tty.
3188  */
3189
3190 struct pid *tty_get_pgrp(struct tty_struct *tty)
3191 {
3192         unsigned long flags;
3193         struct pid *pgrp;
3194
3195         spin_lock_irqsave(&tty->ctrl_lock, flags);
3196         pgrp = get_pid(tty->pgrp);
3197         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
3198
3199         return pgrp;
3200 }
3201 EXPORT_SYMBOL_GPL(tty_get_pgrp);
3202
3203 /**
3204  *      tiocgpgrp               -       get process group
3205  *      @tty: tty passed by user
3206  *      @real_tty: tty side of the tty pased by the user if a pty else the tty
3207  *      @p: returned pid
3208  *
3209  *      Obtain the process group of the tty. If there is no process group
3210  *      return an error.
3211  *
3212  *      Locking: none. Reference to current->signal->tty is safe.
3213  */
3214
3215 static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3216 {
3217         struct pid *pid;
3218         int ret;
3219         /*
3220          * (tty == real_tty) is a cheap way of
3221          * testing if the tty is NOT a master pty.
3222          */
3223         if (tty == real_tty && current->signal->tty != real_tty)
3224                 return -ENOTTY;
3225         pid = tty_get_pgrp(real_tty);
3226         ret =  put_user(pid_vnr(pid), p);
3227         put_pid(pid);
3228         return ret;
3229 }
3230
3231 /**
3232  *      tiocspgrp               -       attempt to set process group
3233  *      @tty: tty passed by user
3234  *      @real_tty: tty side device matching tty passed by user
3235  *      @p: pid pointer
3236  *
3237  *      Set the process group of the tty to the session passed. Only
3238  *      permitted where the tty session is our session.
3239  *
3240  *      Locking: RCU, ctrl lock
3241  */
3242
3243 static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3244 {
3245         struct pid *pgrp;
3246         pid_t pgrp_nr;
3247         int retval = tty_check_change(real_tty);
3248         unsigned long flags;
3249
3250         if (retval == -EIO)
3251                 return -ENOTTY;
3252         if (retval)
3253                 return retval;
3254         if (!current->signal->tty ||
3255             (current->signal->tty != real_tty) ||
3256             (real_tty->session != task_session(current)))
3257                 return -ENOTTY;
3258         if (get_user(pgrp_nr, p))
3259                 return -EFAULT;
3260         if (pgrp_nr < 0)
3261                 return -EINVAL;
3262         rcu_read_lock();
3263         pgrp = find_vpid(pgrp_nr);
3264         retval = -ESRCH;
3265         if (!pgrp)
3266                 goto out_unlock;
3267         retval = -EPERM;
3268         if (session_of_pgrp(pgrp) != task_session(current))
3269                 goto out_unlock;
3270         retval = 0;
3271         spin_lock_irqsave(&tty->ctrl_lock, flags);
3272         put_pid(real_tty->pgrp);
3273         real_tty->pgrp = get_pid(pgrp);
3274         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
3275 out_unlock:
3276         rcu_read_unlock();
3277         return retval;
3278 }
3279
3280 /**
3281  *      tiocgsid                -       get session id
3282  *      @tty: tty passed by user
3283  *      @real_tty: tty side of the tty pased by the user if a pty else the tty
3284  *      @p: pointer to returned session id
3285  *
3286  *      Obtain the session id of the tty. If there is no session
3287  *      return an error.
3288  *
3289  *      Locking: none. Reference to current->signal->tty is safe.
3290  */
3291
3292 static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3293 {
3294         /*
3295          * (tty == real_tty) is a cheap way of
3296          * testing if the tty is NOT a master pty.
3297         */
3298         if (tty == real_tty && current->signal->tty != real_tty)
3299                 return -ENOTTY;
3300         if (!real_tty->session)
3301                 return -ENOTTY;
3302         return put_user(pid_vnr(real_tty->session), p);
3303 }
3304
3305 /**
3306  *      tiocsetd        -       set line discipline
3307  *      @tty: tty device
3308  *      @p: pointer to user data
3309  *
3310  *      Set the line discipline according to user request.
3311  *
3312  *      Locking: see tty_set_ldisc, this function is just a helper
3313  */
3314
3315 static int tiocsetd(struct tty_struct *tty, int __user *p)
3316 {
3317         int ldisc;
3318         int ret;
3319
3320         if (get_user(ldisc, p))
3321                 return -EFAULT;
3322
3323         lock_kernel();
3324         ret = tty_set_ldisc(tty, ldisc);
3325         unlock_kernel();
3326
3327         return ret;
3328 }
3329
3330 /**
3331  *      send_break      -       performed time break
3332  *      @tty: device to break on
3333  *      @duration: timeout in mS
3334  *
3335  *      Perform a timed break on hardware that lacks its own driver level
3336  *      timed break functionality.
3337  *
3338  *      Locking:
3339  *              atomic_write_lock serializes
3340  *
3341  */
3342
3343 static int send_break(struct tty_struct *tty, unsigned int duration)
3344 {
3345         if (tty_write_lock(tty, 0) < 0)
3346                 return -EINTR;
3347         tty->ops->break_ctl(tty, -1);
3348         if (!signal_pending(current))
3349                 msleep_interruptible(duration);
3350         tty->ops->break_ctl(tty, 0);
3351         tty_write_unlock(tty);
3352         if (signal_pending(current))
3353                 return -EINTR;
3354         return 0;
3355 }
3356
3357 /**
3358  *      tty_tiocmget            -       get modem status
3359  *      @tty: tty device
3360  *      @file: user file pointer
3361  *      @p: pointer to result
3362  *
3363  *      Obtain the modem status bits from the tty driver if the feature
3364  *      is supported. Return -EINVAL if it is not available.
3365  *
3366  *      Locking: none (up to the driver)
3367  */
3368
3369 static int tty_tiocmget(struct tty_struct *tty, struct file *file, int __user *p)
3370 {
3371         int retval = -EINVAL;
3372
3373         if (tty->ops->tiocmget) {
3374                 retval = tty->ops->tiocmget(tty, file);
3375
3376                 if (retval >= 0)
3377                         retval = put_user(retval, p);
3378         }
3379         return retval;
3380 }
3381
3382 /**
3383  *      tty_tiocmset            -       set modem status
3384  *      @tty: tty device
3385  *      @file: user file pointer
3386  *      @cmd: command - clear bits, set bits or set all
3387  *      @p: pointer to desired bits
3388  *
3389  *      Set the modem status bits from the tty driver if the feature
3390  *      is supported. Return -EINVAL if it is not available.
3391  *
3392  *      Locking: none (up to the driver)
3393  */
3394
3395 static int tty_tiocmset(struct tty_struct *tty, struct file *file, unsigned int cmd,
3396              unsigned __user *p)
3397 {
3398         int retval = -EINVAL;
3399
3400         if (tty->ops->tiocmset) {
3401                 unsigned int set, clear, val;
3402
3403                 retval = get_user(val, p);
3404                 if (retval)
3405                         return retval;
3406
3407                 set = clear = 0;
3408                 switch (cmd) {
3409                 case TIOCMBIS:
3410                         set = val;
3411                         break;
3412                 case TIOCMBIC:
3413                         clear = val;
3414                         break;
3415                 case TIOCMSET:
3416                         set = val;
3417                         clear = ~val;
3418                         break;
3419                 }
3420
3421                 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
3422                 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
3423
3424                 retval = tty->ops->tiocmset(tty, file, set, clear);
3425         }
3426         return retval;
3427 }
3428
3429 /*
3430  * Split this up, as gcc can choke on it otherwise..
3431  */
3432 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
3433 {
3434         struct tty_struct *tty, *real_tty;
3435         void __user *p = (void __user *)arg;
3436         int retval;
3437         struct tty_ldisc *ld;
3438         struct inode *inode = file->f_dentry->d_inode;
3439
3440         tty = (struct tty_struct *)file->private_data;
3441         if (tty_paranoia_check(tty, inode, "tty_ioctl"))
3442                 return -EINVAL;
3443
3444         real_tty = tty;
3445         if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
3446             tty->driver->subtype == PTY_TYPE_MASTER)
3447                 real_tty = tty->link;
3448
3449         /*
3450          * Break handling by driver
3451          */
3452
3453         retval = -EINVAL;
3454
3455         if (!tty->ops->break_ctl) {
3456                 switch (cmd) {
3457                 case TIOCSBRK:
3458                 case TIOCCBRK:
3459                         if (tty->ops->ioctl)
3460                                 retval = tty->ops->ioctl(tty, file, cmd, arg);
3461                         if (retval != -EINVAL && retval != -ENOIOCTLCMD)
3462                                 printk(KERN_WARNING "tty: driver %s needs updating to use break_ctl\n", tty->driver->name);
3463                         return retval;
3464
3465                 /* These two ioctl's always return success; even if */
3466                 /* the driver doesn't support them. */
3467                 case TCSBRK:
3468                 case TCSBRKP:
3469                         if (!tty->ops->ioctl)
3470                                 return 0;
3471                         retval = tty->ops->ioctl(tty, file, cmd, arg);
3472                         if (retval != -EINVAL && retval != -ENOIOCTLCMD)
3473                                 printk(KERN_WARNING "tty: driver %s needs updating to use break_ctl\n", tty->driver->name);
3474                         if (retval == -ENOIOCTLCMD)
3475                                 retval = 0;
3476                         return retval;
3477                 }
3478         }
3479
3480         /*
3481          * Factor out some common prep work
3482          */
3483         switch (cmd) {
3484         case TIOCSETD:
3485         case TIOCSBRK:
3486         case TIOCCBRK:
3487         case TCSBRK:
3488         case TCSBRKP:
3489                 retval = tty_check_change(tty);
3490                 if (retval)
3491                         return retval;
3492                 if (cmd != TIOCCBRK) {
3493                         tty_wait_until_sent(tty, 0);
3494                         if (signal_pending(current))
3495                                 return -EINTR;
3496                 }
3497                 break;
3498         }
3499
3500         switch (cmd) {
3501         case TIOCSTI:
3502                 return tiocsti(tty, p);
3503         case TIOCGWINSZ:
3504                 return tiocgwinsz(tty, p);
3505         case TIOCSWINSZ:
3506                 return tiocswinsz(tty, real_tty, p);
3507         case TIOCCONS:
3508                 return real_tty != tty ? -EINVAL : tioccons(file);
3509         case FIONBIO:
3510                 return fionbio(file, p);
3511         case TIOCEXCL:
3512                 set_bit(TTY_EXCLUSIVE, &tty->flags);
3513                 return 0;
3514         case TIOCNXCL:
3515                 clear_bit(TTY_EXCLUSIVE, &tty->flags);
3516                 return 0;
3517         case TIOCNOTTY:
3518                 if (current->signal->tty != tty)
3519                         return -ENOTTY;
3520                 no_tty();
3521                 return 0;
3522         case TIOCSCTTY:
3523                 return tiocsctty(tty, arg);
3524         case TIOCGPGRP:
3525                 return tiocgpgrp(tty, real_tty, p);
3526         case TIOCSPGRP:
3527                 return tiocspgrp(tty, real_tty, p);
3528         case TIOCGSID:
3529                 return tiocgsid(tty, real_tty, p);
3530         case TIOCGETD:
3531                 return put_user(tty->ldisc.num, (int __user *)p);
3532         case TIOCSETD:
3533                 return tiocsetd(tty, p);
3534 #ifdef CONFIG_VT
3535         case TIOCLINUX:
3536                 return tioclinux(tty, arg);
3537 #endif
3538         /*
3539          * Break handling
3540          */
3541         case TIOCSBRK:  /* Turn break on, unconditionally */
3542                 if (tty->ops->break_ctl)
3543                         tty->ops->break_ctl(tty, -1);
3544                 return 0;
3545
3546         case TIOCCBRK:  /* Turn break off, unconditionally */
3547                 if (tty->ops->break_ctl)
3548                         tty->ops->break_ctl(tty, 0);
3549                 return 0;
3550         case TCSBRK:   /* SVID version: non-zero arg --> no break */
3551                 /* non-zero arg means wait for all output data
3552                  * to be sent (performed above) but don't send break.
3553                  * This is used by the tcdrain() termios function.
3554                  */
3555                 if (!arg)
3556                         return send_break(tty, 250);
3557                 return 0;
3558         case TCSBRKP:   /* support for POSIX tcsendbreak() */
3559                 return send_break(tty, arg ? arg*100 : 250);
3560
3561         case TIOCMGET:
3562                 return tty_tiocmget(tty, file, p);
3563         case TIOCMSET:
3564         case TIOCMBIC:
3565         case TIOCMBIS:
3566                 return tty_tiocmset(tty, file, cmd, p);
3567         case TCFLSH:
3568                 switch (arg) {
3569                 case TCIFLUSH:
3570                 case TCIOFLUSH:
3571                 /* flush tty buffer and allow ldisc to process ioctl */
3572                         tty_buffer_flush(tty);
3573                         break;
3574                 }
3575                 break;
3576         }
3577         if (tty->ops->ioctl) {
3578                 retval = (tty->ops->ioctl)(tty, file, cmd, arg);
3579                 if (retval != -ENOIOCTLCMD)
3580                         return retval;
3581         }
3582         ld = tty_ldisc_ref_wait(tty);
3583         retval = -EINVAL;
3584         if (ld->ioctl) {
3585                 retval = ld->ioctl(tty, file, cmd, arg);
3586                 if (retval == -ENOIOCTLCMD)
3587                         retval = -EINVAL;
3588         }
3589         tty_ldisc_deref(ld);
3590         return retval;
3591 }
3592
3593 #ifdef CONFIG_COMPAT
3594 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
3595                                 unsigned long arg)
3596 {
3597         struct inode *inode = file->f_dentry->d_inode;
3598         struct tty_struct *tty = file->private_data;
3599         struct tty_ldisc *ld;
3600         int retval = -ENOIOCTLCMD;
3601
3602         if (tty_paranoia_check(tty, inode, "tty_ioctl"))
3603                 return -EINVAL;
3604
3605         if (tty->ops->compat_ioctl) {
3606                 retval = (tty->ops->compat_ioctl)(tty, file, cmd, arg);
3607                 if (retval != -ENOIOCTLCMD)
3608                         return retval;
3609         }
3610
3611         ld = tty_ldisc_ref_wait(tty);
3612         if (ld->compat_ioctl)
3613                 retval = ld->compat_ioctl(tty, file, cmd, arg);
3614         tty_ldisc_deref(ld);
3615
3616         return retval;
3617 }
3618 #endif
3619
3620 /*
3621  * This implements the "Secure Attention Key" ---  the idea is to
3622  * prevent trojan horses by killing all processes associated with this
3623  * tty when the user hits the "Secure Attention Key".  Required for
3624  * super-paranoid applications --- see the Orange Book for more details.
3625  *
3626  * This code could be nicer; ideally it should send a HUP, wait a few
3627  * seconds, then send a INT, and then a KILL signal.  But you then
3628  * have to coordinate with the init process, since all processes associated
3629  * with the current tty must be dead before the new getty is allowed
3630  * to spawn.
3631  *
3632  * Now, if it would be correct ;-/ The current code has a nasty hole -
3633  * it doesn't catch files in flight. We may send the descriptor to ourselves
3634  * via AF_UNIX socket, close it and later fetch from socket. FIXME.
3635  *
3636  * Nasty bug: do_SAK is being called in interrupt context.  This can
3637  * deadlock.  We punt it up to process context.  AKPM - 16Mar2001
3638  */
3639 void __do_SAK(struct tty_struct *tty)
3640 {
3641 #ifdef TTY_SOFT_SAK
3642         tty_hangup(tty);
3643 #else
3644         struct task_struct *g, *p;
3645         struct pid *session;
3646         int             i;
3647         struct file     *filp;
3648         struct fdtable *fdt;
3649
3650         if (!tty)
3651                 return;
3652         session = tty->session;
3653
3654         tty_ldisc_flush(tty);
3655
3656         tty_driver_flush_buffer(tty);
3657
3658         read_lock(&tasklist_lock);
3659         /* Kill the entire session */
3660         do_each_pid_task(session, PIDTYPE_SID, p) {
3661                 printk(KERN_NOTICE "SAK: killed process %d"
3662                         " (%s): task_session_nr(p)==tty->session\n",
3663                         task_pid_nr(p), p->comm);
3664                 send_sig(SIGKILL, p, 1);
3665         } while_each_pid_task(session, PIDTYPE_SID, p);
3666         /* Now kill any processes that happen to have the
3667          * tty open.
3668          */
3669         do_each_thread(g, p) {
3670                 if (p->signal->tty == tty) {
3671                         printk(KERN_NOTICE "SAK: killed process %d"
3672                             " (%s): task_session_nr(p)==tty->session\n",
3673                             task_pid_nr(p), p->comm);
3674                         send_sig(SIGKILL, p, 1);
3675                         continue;
3676                 }
3677                 task_lock(p);
3678                 if (p->files) {
3679                         /*
3680                          * We don't take a ref to the file, so we must
3681                          * hold ->file_lock instead.
3682                          */
3683                         spin_lock(&p->files->file_lock);
3684                         fdt = files_fdtable(p->files);
3685                         for (i = 0; i < fdt->max_fds; i++) {
3686                                 filp = fcheck_files(p->files, i);
3687                                 if (!filp)
3688                                         continue;
3689                                 if (filp->f_op->read == tty_read &&
3690                                     filp->private_data == tty) {
3691                                         printk(KERN_NOTICE "SAK: killed process %d"
3692                                             " (%s): fd#%d opened to the tty\n",
3693                                             task_pid_nr(p), p->comm, i);
3694                                         force_sig(SIGKILL, p);
3695                                         break;
3696                                 }
3697                         }
3698                         spin_unlock(&p->files->file_lock);
3699                 }
3700                 task_unlock(p);
3701         } while_each_thread(g, p);
3702         read_unlock(&tasklist_lock);
3703 #endif
3704 }
3705
3706 static void do_SAK_work(struct work_struct *work)
3707 {
3708         struct tty_struct *tty =
3709                 container_of(work, struct tty_struct, SAK_work);
3710         __do_SAK(tty);
3711 }
3712
3713 /*
3714  * The tq handling here is a little racy - tty->SAK_work may already be queued.
3715  * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3716  * the values which we write to it will be identical to the values which it
3717  * already has. --akpm
3718  */
3719 void do_SAK(struct tty_struct *tty)
3720 {
3721         if (!tty)
3722                 return;
3723         schedule_work(&tty->SAK_work);
3724 }
3725
3726 EXPORT_SYMBOL(do_SAK);
3727
3728 /**
3729  *      flush_to_ldisc
3730  *      @work: tty structure passed from work queue.
3731  *
3732  *      This routine is called out of the software interrupt to flush data
3733  *      from the buffer chain to the line discipline.
3734  *
3735  *      Locking: holds tty->buf.lock to guard buffer list. Drops the lock
3736  *      while invoking the line discipline receive_buf method. The
3737  *      receive_buf method is single threaded for each tty instance.
3738  */
3739
3740 static void flush_to_ldisc(struct work_struct *work)
3741 {
3742         struct tty_struct *tty =
3743                 container_of(work, struct tty_struct, buf.work.work);
3744         unsigned long   flags;
3745         struct tty_ldisc *disc;
3746         struct tty_buffer *tbuf, *head;
3747         char *char_buf;
3748         unsigned char *flag_buf;
3749
3750         disc = tty_ldisc_ref(tty);
3751         if (disc == NULL)       /*  !TTY_LDISC */
3752                 return;
3753
3754         spin_lock_irqsave(&tty->buf.lock, flags);
3755         /* So we know a flush is running */
3756         set_bit(TTY_FLUSHING, &tty->flags);
3757         head = tty->buf.head;
3758         if (head != NULL) {
3759                 tty->buf.head = NULL;
3760                 for (;;) {
3761                         int count = head->commit - head->read;
3762                         if (!count) {
3763                                 if (head->next == NULL)
3764                                         break;
3765                                 tbuf = head;
3766                                 head = head->next;
3767                                 tty_buffer_free(tty, tbuf);
3768                                 continue;
3769                         }
3770                         /* Ldisc or user is trying to flush the buffers
3771                            we are feeding to the ldisc, stop feeding the
3772                            line discipline as we want to empty the queue */
3773                         if (test_bit(TTY_FLUSHPENDING, &tty->flags))
3774                                 break;
3775                         if (!tty->receive_room) {
3776                                 schedule_delayed_work(&tty->buf.work, 1);
3777                                 break;
3778                         }
3779                         if (count > tty->receive_room)
3780                                 count = tty->receive_room;
3781                         char_buf = head->char_buf_ptr + head->read;
3782                         flag_buf = head->flag_buf_ptr + head->read;
3783                         head->read += count;
3784                         spin_unlock_irqrestore(&tty->buf.lock, flags);
3785                         disc->receive_buf(tty, char_buf, flag_buf, count);
3786                         spin_lock_irqsave(&tty->buf.lock, flags);
3787                 }
3788                 /* Restore the queue head */
3789                 tty->buf.head = head;
3790         }
3791         /* We may have a deferred request to flush the input buffer,
3792            if so pull the chain under the lock and empty the queue */
3793         if (test_bit(TTY_FLUSHPENDING, &tty->flags)) {
3794                 __tty_buffer_flush(tty);
3795                 clear_bit(TTY_FLUSHPENDING, &tty->flags);
3796                 wake_up(&tty->read_wait);
3797         }
3798         clear_bit(TTY_FLUSHING, &tty->flags);
3799         spin_unlock_irqrestore(&tty->buf.lock, flags);
3800
3801         tty_ldisc_deref(disc);
3802 }
3803
3804 /**
3805  *      tty_flip_buffer_push    -       terminal
3806  *      @tty: tty to push
3807  *
3808  *      Queue a push of the terminal flip buffers to the line discipline. This
3809  *      function must not be called from IRQ context if tty->low_latency is set.
3810  *
3811  *      In the event of the queue being busy for flipping the work will be
3812  *      held off and retried later.
3813  *
3814  *      Locking: tty buffer lock. Driver locks in low latency mode.
3815  */
3816
3817 void tty_flip_buffer_push(struct tty_struct *tty)
3818 {
3819         unsigned long flags;
3820         spin_lock_irqsave(&tty->buf.lock, flags);
3821         if (tty->buf.tail != NULL)
3822                 tty->buf.tail->commit = tty->buf.tail->used;
3823         spin_unlock_irqrestore(&tty->buf.lock, flags);
3824
3825         if (tty->low_latency)
3826                 flush_to_ldisc(&tty->buf.work.work);
3827         else
3828                 schedule_delayed_work(&tty->buf.work, 1);
3829 }
3830
3831 EXPORT_SYMBOL(tty_flip_buffer_push);
3832
3833
3834 /**
3835  *      initialize_tty_struct
3836  *      @tty: tty to initialize
3837  *
3838  *      This subroutine initializes a tty structure that has been newly
3839  *      allocated.
3840  *
3841  *      Locking: none - tty in question must not be exposed at this point
3842  */
3843
3844 static void initialize_tty_struct(struct tty_struct *tty)
3845 {
3846         memset(tty, 0, sizeof(struct tty_struct));
3847         tty->magic = TTY_MAGIC;
3848         tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
3849         tty->session = NULL;
3850         tty->pgrp = NULL;
3851         tty->overrun_time = jiffies;
3852         tty->buf.head = tty->buf.tail = NULL;
3853         tty_buffer_init(tty);
3854         INIT_DELAYED_WORK(&tty->buf.work, flush_to_ldisc);
3855         mutex_init(&tty->termios_mutex);
3856         init_waitqueue_head(&tty->write_wait);
3857         init_waitqueue_head(&tty->read_wait);
3858         INIT_WORK(&tty->hangup_work, do_tty_hangup);
3859         mutex_init(&tty->atomic_read_lock);
3860         mutex_init(&tty->atomic_write_lock);
3861         spin_lock_init(&tty->read_lock);
3862         spin_lock_init(&tty->ctrl_lock);
3863         INIT_LIST_HEAD(&tty->tty_files);
3864         INIT_WORK(&tty->SAK_work, do_SAK_work);
3865 }
3866
3867 /**
3868  *      tty_put_char    -       write one character to a tty
3869  *      @tty: tty
3870  *      @ch: character
3871  *
3872  *      Write one byte to the tty using the provided put_char method
3873  *      if present. Returns the number of characters successfully output.
3874  *
3875  *      Note: the specific put_char operation in the driver layer may go
3876  *      away soon. Don't call it directly, use this method
3877  */
3878
3879 int tty_put_char(struct tty_struct *tty, unsigned char ch)
3880 {
3881         if (tty->ops->put_char)
3882                 return tty->ops->put_char(tty, ch);
3883         return tty->ops->write(tty, &ch, 1);
3884 }
3885
3886 EXPORT_SYMBOL_GPL(tty_put_char);
3887
3888 static struct class *tty_class;
3889
3890 /**
3891  *      tty_register_device - register a tty device
3892  *      @driver: the tty driver that describes the tty device
3893  *      @index: the index in the tty driver for this tty device
3894  *      @device: a struct device that is associated with this tty device.
3895  *              This field is optional, if there is no known struct device
3896  *              for this tty device it can be set to NULL safely.
3897  *
3898  *      Returns a pointer to the struct device for this tty device
3899  *      (or ERR_PTR(-EFOO) on error).
3900  *
3901  *      This call is required to be made to register an individual tty device
3902  *      if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set.  If
3903  *      that bit is not set, this function should not be called by a tty
3904  *      driver.
3905  *
3906  *      Locking: ??
3907  */
3908
3909 struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3910                                    struct device *device)
3911 {
3912         char name[64];
3913         dev_t dev = MKDEV(driver->major, driver->minor_start) + index;
3914
3915         if (index >= driver->num) {
3916                 printk(KERN_ERR "Attempt to register invalid tty line number "
3917                        " (%d).\n", index);
3918                 return ERR_PTR(-EINVAL);
3919         }
3920
3921         if (driver->type == TTY_DRIVER_TYPE_PTY)
3922                 pty_line_name(driver, index, name);
3923         else
3924                 tty_line_name(driver, index, name);
3925
3926         return device_create(tty_class, device, dev, name);
3927 }
3928
3929 /**
3930  *      tty_unregister_device - unregister a tty device
3931  *      @driver: the tty driver that describes the tty device
3932  *      @index: the index in the tty driver for this tty device
3933  *
3934  *      If a tty device is registered with a call to tty_register_device() then
3935  *      this function must be called when the tty device is gone.
3936  *
3937  *      Locking: ??
3938  */
3939
3940 void tty_unregister_device(struct tty_driver *driver, unsigned index)
3941 {
3942         device_destroy(tty_class,
3943                 MKDEV(driver->major, driver->minor_start) + index);
3944 }
3945
3946 EXPORT_SYMBOL(tty_register_device);
3947 EXPORT_SYMBOL(tty_unregister_device);
3948
3949 struct tty_driver *alloc_tty_driver(int lines)
3950 {
3951         struct tty_driver *driver;
3952
3953         driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL);
3954         if (driver) {
3955                 driver->magic = TTY_DRIVER_MAGIC;
3956                 driver->num = lines;
3957                 /* later we'll move allocation of tables here */
3958         }
3959         return driver;
3960 }
3961
3962 void put_tty_driver(struct tty_driver *driver)
3963 {
3964         kfree(driver);
3965 }
3966
3967 void tty_set_operations(struct tty_driver *driver,
3968                         const struct tty_operations *op)
3969 {
3970         driver->ops = op;
3971 };
3972
3973 EXPORT_SYMBOL(alloc_tty_driver);
3974 EXPORT_SYMBOL(put_tty_driver);
3975 EXPORT_SYMBOL(tty_set_operations);
3976
3977 /*
3978  * Called by a tty driver to register itself.
3979  */
3980 int tty_register_driver(struct tty_driver *driver)
3981 {
3982         int error;
3983         int i;
3984         dev_t dev;
3985         void **p = NULL;
3986
3987         if (driver->flags & TTY_DRIVER_INSTALLED)
3988                 return 0;
3989
3990         if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM) && driver->num) {
3991                 p = kzalloc(driver->num * 3 * sizeof(void *), GFP_KERNEL);
3992                 if (!p)
3993                         return -ENOMEM;
3994         }
3995
3996         if (!driver->major) {
3997                 error = alloc_chrdev_region(&dev, driver->minor_start,
3998                                                 driver->num, driver->name);
3999                 if (!error) {
4000                         driver->major = MAJOR(dev);
4001                         driver->minor_start = MINOR(dev);
4002                 }
4003         } else {
4004                 dev = MKDEV(driver->major, driver->minor_start);
4005                 error = register_chrdev_region(dev, driver->num, driver->name);
4006         }
4007         if (error < 0) {
4008                 kfree(p);
4009                 return error;
4010         }
4011
4012         if (p) {
4013                 driver->ttys = (struct tty_struct **)p;
4014                 driver->termios = (struct ktermios **)(p + driver->num);
4015                 driver->termios_locked = (struct ktermios **)
4016                                                         (p + driver->num * 2);
4017         } else {
4018                 driver->ttys = NULL;
4019                 driver->termios = NULL;
4020                 driver->termios_locked = NULL;
4021         }
4022
4023         cdev_init(&driver->cdev, &tty_fops);
4024         driver->cdev.owner = driver->owner;
4025         error = cdev_add(&driver->cdev, dev, driver->num);
4026         if (error) {
4027                 unregister_chrdev_region(dev, driver->num);
4028                 driver->ttys = NULL;
4029                 driver->termios = driver->termios_locked = NULL;
4030                 kfree(p);
4031                 return error;
4032         }
4033
4034         mutex_lock(&tty_mutex);
4035         list_add(&driver->tty_drivers, &tty_drivers);
4036         mutex_unlock(&tty_mutex);
4037
4038         if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
4039                 for (i = 0; i < driver->num; i++)
4040                     tty_register_device(driver, i, NULL);
4041         }
4042         proc_tty_register_driver(driver);
4043         return 0;
4044 }
4045
4046 EXPORT_SYMBOL(tty_register_driver);
4047
4048 /*
4049  * Called by a tty driver to unregister itself.
4050  */
4051 int tty_unregister_driver(struct tty_driver *driver)
4052 {
4053         int i;
4054         struct ktermios *tp;
4055         void *p;
4056
4057         if (driver->refcount)
4058                 return -EBUSY;
4059
4060         unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
4061                                 driver->num);
4062         mutex_lock(&tty_mutex);
4063         list_del(&driver->tty_drivers);
4064         mutex_unlock(&tty_mutex);
4065
4066         /*
4067          * Free the termios and termios_locked structures because
4068          * we don't want to get memory leaks when modular tty
4069          * drivers are removed from the kernel.
4070          */
4071         for (i = 0; i < driver->num; i++) {
4072                 tp = driver->termios[i];
4073                 if (tp) {
4074                         driver->termios[i] = NULL;
4075                         kfree(tp);
4076                 }
4077                 tp = driver->termios_locked[i];
4078                 if (tp) {
4079                         driver->termios_locked[i] = NULL;
4080                         kfree(tp);
4081                 }
4082                 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
4083                         tty_unregister_device(driver, i);
4084         }
4085         p = driver->ttys;
4086         proc_tty_unregister_driver(driver);
4087         driver->ttys = NULL;
4088         driver->termios = driver->termios_locked = NULL;
4089         kfree(p);
4090         cdev_del(&driver->cdev);
4091         return 0;
4092 }
4093 EXPORT_SYMBOL(tty_unregister_driver);
4094
4095 dev_t tty_devnum(struct tty_struct *tty)
4096 {
4097         return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
4098 }
4099 EXPORT_SYMBOL(tty_devnum);
4100
4101 void proc_clear_tty(struct task_struct *p)
4102 {
4103         spin_lock_irq(&p->sighand->siglock);
4104         p->signal->tty = NULL;
4105         spin_unlock_irq(&p->sighand->siglock);
4106 }
4107 EXPORT_SYMBOL(proc_clear_tty);
4108
4109 /* Called under the sighand lock */
4110
4111 static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
4112 {
4113         if (tty) {
4114                 unsigned long flags;
4115                 /* We should not have a session or pgrp to put here but.... */
4116                 spin_lock_irqsave(&tty->ctrl_lock, flags);
4117                 put_pid(tty->session);
4118                 put_pid(tty->pgrp);
4119                 tty->pgrp = get_pid(task_pgrp(tsk));
4120                 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
4121                 tty->session = get_pid(task_session(tsk));
4122         }
4123         put_pid(tsk->signal->tty_old_pgrp);
4124         tsk->signal->tty = tty;
4125         tsk->signal->tty_old_pgrp = NULL;
4126 }
4127
4128 static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
4129 {
4130         spin_lock_irq(&tsk->sighand->siglock);
4131         __proc_set_tty(tsk, tty);
4132         spin_unlock_irq(&tsk->sighand->siglock);
4133 }
4134
4135 struct tty_struct *get_current_tty(void)
4136 {
4137         struct tty_struct *tty;
4138         WARN_ON_ONCE(!mutex_is_locked(&tty_mutex));
4139         tty = current->signal->tty;
4140         /*
4141          * session->tty can be changed/cleared from under us, make sure we
4142          * issue the load. The obtained pointer, when not NULL, is valid as
4143          * long as we hold tty_mutex.
4144          */
4145         barrier();
4146         return tty;
4147 }
4148 EXPORT_SYMBOL_GPL(get_current_tty);
4149
4150 /*
4151  * Initialize the console device. This is called *early*, so
4152  * we can't necessarily depend on lots of kernel help here.
4153  * Just do some early initializations, and do the complex setup
4154  * later.
4155  */
4156 void __init console_init(void)
4157 {
4158         initcall_t *call;
4159
4160         /* Setup the default TTY line discipline. */
4161         (void) tty_register_ldisc(N_TTY, &tty_ldisc_N_TTY);
4162
4163         /*
4164          * set up the console device so that later boot sequences can
4165          * inform about problems etc..
4166          */
4167         call = __con_initcall_start;
4168         while (call < __con_initcall_end) {
4169                 (*call)();
4170                 call++;
4171         }
4172 }
4173
4174 static int __init tty_class_init(void)
4175 {
4176         tty_class = class_create(THIS_MODULE, "tty");
4177         if (IS_ERR(tty_class))
4178                 return PTR_ERR(tty_class);
4179         return 0;
4180 }
4181
4182 postcore_initcall(tty_class_init);
4183
4184 /* 3/2004 jmc: why do these devices exist? */
4185
4186 static struct cdev tty_cdev, console_cdev;
4187 #ifdef CONFIG_UNIX98_PTYS
4188 static struct cdev ptmx_cdev;
4189 #endif
4190 #ifdef CONFIG_VT
4191 static struct cdev vc0_cdev;
4192 #endif
4193
4194 /*
4195  * Ok, now we can initialize the rest of the tty devices and can count
4196  * on memory allocations, interrupts etc..
4197  */
4198 static int __init tty_init(void)
4199 {
4200         cdev_init(&tty_cdev, &tty_fops);
4201         if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
4202             register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
4203                 panic("Couldn't register /dev/tty driver\n");
4204         device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), "tty");
4205
4206         cdev_init(&console_cdev, &console_fops);
4207         if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
4208             register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
4209                 panic("Couldn't register /dev/console driver\n");
4210         device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), "console");
4211
4212 #ifdef CONFIG_UNIX98_PTYS
4213         cdev_init(&ptmx_cdev, &ptmx_fops);
4214         if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) ||
4215             register_chrdev_region(MKDEV(TTYAUX_MAJOR, 2), 1, "/dev/ptmx") < 0)
4216                 panic("Couldn't register /dev/ptmx driver\n");
4217         device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 2), "ptmx");
4218 #endif
4219
4220 #ifdef CONFIG_VT
4221         cdev_init(&vc0_cdev, &console_fops);
4222         if (cdev_add(&vc0_cdev, MKDEV(TTY_MAJOR, 0), 1) ||
4223             register_chrdev_region(MKDEV(TTY_MAJOR, 0), 1, "/dev/vc/0") < 0)
4224                 panic("Couldn't register /dev/tty0 driver\n");
4225         device_create(tty_class, NULL, MKDEV(TTY_MAJOR, 0), "tty0");
4226
4227         vty_init();
4228 #endif
4229         return 0;
4230 }
4231 module_init(tty_init);