Linux kernel & device driver programming

Cross-Referenced Linux and Device Driver Code

[ source navigation ] [ diff markup ] [ identifier search ] [ freetext search ] [ file search ]
Version: [ 2.6.11.8 ] [ 2.6.25 ] [ 2.6.25.8 ] [ 2.6.31.13 ] Architecture: [ i386 ]
  1 /*
  2  *  linux/drivers/char/tty_io.c
  3  *
  4  *  Copyright (C) 1991, 1992  Linus Torvalds
  5  */
  6 
  7 /*
  8  * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
  9  * or rs-channels. It also implements echoing, cooked mode etc.
 10  *
 11  * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
 12  *
 13  * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
 14  * tty_struct and tty_queue structures.  Previously there was an array
 15  * of 256 tty_struct's which was statically allocated, and the
 16  * tty_queue structures were allocated at boot time.  Both are now
 17  * dynamically allocated only when the tty is open.
 18  *
 19  * Also restructured routines so that there is more of a separation
 20  * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
 21  * the low-level tty routines (serial.c, pty.c, console.c).  This
 22  * makes for cleaner and more compact code.  -TYT, 9/17/92
 23  *
 24  * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
 25  * which can be dynamically activated and de-activated by the line
 26  * discipline handling modules (like SLIP).
 27  *
 28  * NOTE: pay no attention to the line discipline code (yet); its
 29  * interface is still subject to change in this version...
 30  * -- TYT, 1/31/92
 31  *
 32  * Added functionality to the OPOST tty handling.  No delays, but all
 33  * other bits should be there.
 34  *      -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
 35  *
 36  * Rewrote canonical mode and added more termios flags.
 37  *      -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
 38  *
 39  * Reorganized FASYNC support so mouse code can share it.
 40  *      -- ctm@ardi.com, 9Sep95
 41  *
 42  * New TIOCLINUX variants added.
 43  *      -- mj@k332.feld.cvut.cz, 19-Nov-95
 44  *
 45  * Restrict vt switching via ioctl()
 46  *      -- grif@cs.ucr.edu, 5-Dec-95
 47  *
 48  * Move console and virtual terminal code to more appropriate files,
 49  * implement CONFIG_VT and generalize console device interface.
 50  *      -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
 51  *
 52  * Rewrote tty_init_dev and tty_release_dev to eliminate races.
 53  *      -- Bill Hawes <whawes@star.net>, June 97
 54  *
 55  * Added devfs support.
 56  *      -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
 57  *
 58  * Added support for a Unix98-style ptmx device.
 59  *      -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
 60  *
 61  * Reduced memory usage for older ARM systems
 62  *      -- Russell King <rmk@arm.linux.org.uk>
 63  *
 64  * Move do_SAK() into process context.  Less stack use in devfs functions.
 65  * alloc_tty_struct() always uses kmalloc()
 66  *                       -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
 67  */
 68 
 69 #include <linux/types.h>
 70 #include <linux/major.h>
 71 #include <linux/errno.h>
 72 #include <linux/signal.h>
 73 #include <linux/fcntl.h>
 74 #include <linux/sched.h>
 75 #include <linux/interrupt.h>
 76 #include <linux/tty.h>
 77 #include <linux/tty_driver.h>
 78 #include <linux/tty_flip.h>
 79 #include <linux/devpts_fs.h>
 80 #include <linux/file.h>
 81 #include <linux/fdtable.h>
 82 #include <linux/console.h>
 83 #include <linux/timer.h>
 84 #include <linux/ctype.h>
 85 #include <linux/kd.h>
 86 #include <linux/mm.h>
 87 #include <linux/string.h>
 88 #include <linux/slab.h>
 89 #include <linux/poll.h>
 90 #include <linux/proc_fs.h>
 91 #include <linux/init.h>
 92 #include <linux/module.h>
 93 #include <linux/smp_lock.h>
 94 #include <linux/device.h>
 95 #include <linux/wait.h>
 96 #include <linux/bitops.h>
 97 #include <linux/delay.h>
 98 #include <linux/seq_file.h>
 99 
100 #include <linux/uaccess.h>
101 #include <asm/system.h>
102 
103 #include <linux/kbd_kern.h>
104 #include <linux/vt_kern.h>
105 #include <linux/selection.h>
106 
107 #include <linux/kmod.h>
108 #include <linux/nsproxy.h>
109 
110 #undef TTY_DEBUG_HANGUP
111 
112 #define TTY_PARANOIA_CHECK 1
113 #define CHECK_TTY_COUNT 1
114 
115 struct ktermios tty_std_termios = {     /* for the benefit of tty drivers  */
116         .c_iflag = ICRNL | IXON,
117         .c_oflag = OPOST | ONLCR,
118         .c_cflag = B38400 | CS8 | CREAD | HUPCL,
119         .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
120                    ECHOCTL | ECHOKE | IEXTEN,
121         .c_cc = INIT_C_CC,
122         .c_ispeed = 38400,
123         .c_ospeed = 38400
124 };
125 
126 EXPORT_SYMBOL(tty_std_termios);
127 
128 /* This list gets poked at by procfs and various bits of boot up code. This
129    could do with some rationalisation such as pulling the tty proc function
130    into this file */
131 
132 LIST_HEAD(tty_drivers);                 /* linked list of tty drivers */
133 
134 /* Mutex to protect creating and releasing a tty. This is shared with
135    vt.c for deeply disgusting hack reasons */
136 DEFINE_MUTEX(tty_mutex);
137 EXPORT_SYMBOL(tty_mutex);
138 
139 static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
140 static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
141 ssize_t redirected_tty_write(struct file *, const char __user *,
142                                                         size_t, loff_t *);
143 static unsigned int tty_poll(struct file *, poll_table *);
144 static int tty_open(struct inode *, struct file *);
145 static int tty_release(struct inode *, struct file *);
146 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
147 #ifdef CONFIG_COMPAT
148 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
149                                 unsigned long arg);
150 #else
151 #define tty_compat_ioctl NULL
152 #endif
153 static int tty_fasync(int fd, struct file *filp, int on);
154 static void release_tty(struct tty_struct *tty, int idx);
155 static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
156 static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
157 
158 /**
159  *      alloc_tty_struct        -       allocate a tty object
160  *
161  *      Return a new empty tty structure. The data fields have not
162  *      been initialized in any way but has been zeroed
163  *
164  *      Locking: none
165  */
166 
167 struct tty_struct *alloc_tty_struct(void)
168 {
169         return kzalloc(sizeof(struct tty_struct), GFP_KERNEL);
170 }
171 
172 /**
173  *      free_tty_struct         -       free a disused tty
174  *      @tty: tty struct to free
175  *
176  *      Free the write buffers, tty queue and tty memory itself.
177  *
178  *      Locking: none. Must be called after tty is definitely unused
179  */
180 
181 void free_tty_struct(struct tty_struct *tty)
182 {
183         kfree(tty->write_buf);
184         tty_buffer_free_all(tty);
185         kfree(tty);
186 }
187 
188 #define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
189 
190 /**
191  *      tty_name        -       return tty naming
192  *      @tty: tty structure
193  *      @buf: buffer for output
194  *
195  *      Convert a tty structure into a name. The name reflects the kernel
196  *      naming policy and if udev is in use may not reflect user space
197  *
198  *      Locking: none
199  */
200 
201 char *tty_name(struct tty_struct *tty, char *buf)
202 {
203         if (!tty) /* Hmm.  NULL pointer.  That's fun. */
204                 strcpy(buf, "NULL tty");
205         else
206                 strcpy(buf, tty->name);
207         return buf;
208 }
209 
210 EXPORT_SYMBOL(tty_name);
211 
212 int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
213                               const char *routine)
214 {
215 #ifdef TTY_PARANOIA_CHECK
216         if (!tty) {
217                 printk(KERN_WARNING
218                         "null TTY for (%d:%d) in %s\n",
219                         imajor(inode), iminor(inode), routine);
220                 return 1;
221         }
222         if (tty->magic != TTY_MAGIC) {
223                 printk(KERN_WARNING
224                         "bad magic number for tty struct (%d:%d) in %s\n",
225                         imajor(inode), iminor(inode), routine);
226                 return 1;
227         }
228 #endif
229         return 0;
230 }
231 
232 static int check_tty_count(struct tty_struct *tty, const char *routine)
233 {
234 #ifdef CHECK_TTY_COUNT
235         struct list_head *p;
236         int count = 0;
237 
238         file_list_lock();
239         list_for_each(p, &tty->tty_files) {
240                 count++;
241         }
242         file_list_unlock();
243         if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
244             tty->driver->subtype == PTY_TYPE_SLAVE &&
245             tty->link && tty->link->count)
246                 count++;
247         if (tty->count != count) {
248                 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
249                                     "!= #fd's(%d) in %s\n",
250                        tty->name, tty->count, count, routine);
251                 return count;
252         }
253 #endif
254         return 0;
255 }
256 
257 /**
258  *      get_tty_driver          -       find device of a tty
259  *      @dev_t: device identifier
260  *      @index: returns the index of the tty
261  *
262  *      This routine returns a tty driver structure, given a device number
263  *      and also passes back the index number.
264  *
265  *      Locking: caller must hold tty_mutex
266  */
267 
268 static struct tty_driver *get_tty_driver(dev_t device, int *index)
269 {
270         struct tty_driver *p;
271 
272         list_for_each_entry(p, &tty_drivers, tty_drivers) {
273                 dev_t base = MKDEV(p->major, p->minor_start);
274                 if (device < base || device >= base + p->num)
275                         continue;
276                 *index = device - base;
277                 return tty_driver_kref_get(p);
278         }
279         return NULL;
280 }
281 
282 #ifdef CONFIG_CONSOLE_POLL
283 
284 /**
285  *      tty_find_polling_driver -       find device of a polled tty
286  *      @name: name string to match
287  *      @line: pointer to resulting tty line nr
288  *
289  *      This routine returns a tty driver structure, given a name
290  *      and the condition that the tty driver is capable of polled
291  *      operation.
292  */
293 struct tty_driver *tty_find_polling_driver(char *name, int *line)
294 {
295         struct tty_driver *p, *res = NULL;
296         int tty_line = 0;
297         int len;
298         char *str, *stp;
299 
300         for (str = name; *str; str++)
301                 if ((*str >= '' && *str <= '9') || *str == ',')
302                         break;
303         if (!*str)
304                 return NULL;
305 
306         len = str - name;
307         tty_line = simple_strtoul(str, &str, 10);
308 
309         mutex_lock(&tty_mutex);
310         /* Search through the tty devices to look for a match */
311         list_for_each_entry(p, &tty_drivers, tty_drivers) {
312                 if (strncmp(name, p->name, len) != 0)
313                         continue;
314                 stp = str;
315                 if (*stp == ',')
316                         stp++;
317                 if (*stp == '\0')
318                         stp = NULL;
319 
320                 if (tty_line >= 0 && tty_line <= p->num && p->ops &&
321                     p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) {
322                         res = tty_driver_kref_get(p);
323                         *line = tty_line;
324                         break;
325                 }
326         }
327         mutex_unlock(&tty_mutex);
328 
329         return res;
330 }
331 EXPORT_SYMBOL_GPL(tty_find_polling_driver);
332 #endif
333 
334 /**
335  *      tty_check_change        -       check for POSIX terminal changes
336  *      @tty: tty to check
337  *
338  *      If we try to write to, or set the state of, a terminal and we're
339  *      not in the foreground, send a SIGTTOU.  If the signal is blocked or
340  *      ignored, go ahead and perform the operation.  (POSIX 7.2)
341  *
342  *      Locking: ctrl_lock
343  */
344 
345 int tty_check_change(struct tty_struct *tty)
346 {
347         unsigned long flags;
348         int ret = 0;
349 
350         if (current->signal->tty != tty)
351                 return 0;
352 
353         spin_lock_irqsave(&tty->ctrl_lock, flags);
354 
355         if (!tty->pgrp) {
356                 printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n");
357                 goto out_unlock;
358         }
359         if (task_pgrp(current) == tty->pgrp)
360                 goto out_unlock;
361         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
362         if (is_ignored(SIGTTOU))
363                 goto out;
364         if (is_current_pgrp_orphaned()) {
365                 ret = -EIO;
366                 goto out;
367         }
368         kill_pgrp(task_pgrp(current), SIGTTOU, 1);
369         set_thread_flag(TIF_SIGPENDING);
370         ret = -ERESTARTSYS;
371 out:
372         return ret;
373 out_unlock:
374         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
375         return ret;
376 }
377 
378 EXPORT_SYMBOL(tty_check_change);
379 
380 static ssize_t hung_up_tty_read(struct file *file, char __user *buf,
381                                 size_t count, loff_t *ppos)
382 {
383         return 0;
384 }
385 
386 static ssize_t hung_up_tty_write(struct file *file, const char __user *buf,
387                                  size_t count, loff_t *ppos)
388 {
389         return -EIO;
390 }
391 
392 /* No kernel lock held - none needed ;) */
393 static unsigned int hung_up_tty_poll(struct file *filp, poll_table *wait)
394 {
395         return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
396 }
397 
398 static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
399                 unsigned long arg)
400 {
401         return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
402 }
403 
404 static long hung_up_tty_compat_ioctl(struct file *file,
405                                      unsigned int cmd, unsigned long arg)
406 {
407         return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
408 }
409 
410 static const struct file_operations tty_fops = {
411         .llseek         = no_llseek,
412         .read           = tty_read,
413         .write          = tty_write,
414         .poll           = tty_poll,
415         .unlocked_ioctl = tty_ioctl,
416         .compat_ioctl   = tty_compat_ioctl,
417         .open           = tty_open,
418         .release        = tty_release,
419         .fasync         = tty_fasync,
420 };
421 
422 static const struct file_operations console_fops = {
423         .llseek         = no_llseek,
424         .read           = tty_read,
425         .write          = redirected_tty_write,
426         .poll           = tty_poll,
427         .unlocked_ioctl = tty_ioctl,
428         .compat_ioctl   = tty_compat_ioctl,
429         .open           = tty_open,
430         .release        = tty_release,
431         .fasync         = tty_fasync,
432 };
433 
434 static const struct file_operations hung_up_tty_fops = {
435         .llseek         = no_llseek,
436         .read           = hung_up_tty_read,
437         .write          = hung_up_tty_write,
438         .poll           = hung_up_tty_poll,
439         .unlocked_ioctl = hung_up_tty_ioctl,
440         .compat_ioctl   = hung_up_tty_compat_ioctl,
441         .release        = tty_release,
442 };
443 
444 static DEFINE_SPINLOCK(redirect_lock);
445 static struct file *redirect;
446 
447 /**
448  *      tty_wakeup      -       request more data
449  *      @tty: terminal
450  *
451  *      Internal and external helper for wakeups of tty. This function
452  *      informs the line discipline if present that the driver is ready
453  *      to receive more output data.
454  */
455 
456 void tty_wakeup(struct tty_struct *tty)
457 {
458         struct tty_ldisc *ld;
459 
460         if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
461                 ld = tty_ldisc_ref(tty);
462                 if (ld) {
463                         if (ld->ops->write_wakeup)
464                                 ld->ops->write_wakeup(tty);
465                         tty_ldisc_deref(ld);
466                 }
467         }
468         wake_up_interruptible_poll(&tty->write_wait, POLLOUT);
469 }
470 
471 EXPORT_SYMBOL_GPL(tty_wakeup);
472 
473 /**
474  *      do_tty_hangup           -       actual handler for hangup events
475  *      @work: tty device
476  *
477  *      This can be called by the "eventd" kernel thread.  That is process
478  *      synchronous but doesn't hold any locks, so we need to make sure we
479  *      have the appropriate locks for what we're doing.
480  *
481  *      The hangup event clears any pending redirections onto the hung up
482  *      device. It ensures future writes will error and it does the needed
483  *      line discipline hangup and signal delivery. The tty object itself
484  *      remains intact.
485  *
486  *      Locking:
487  *              BKL
488  *                redirect lock for undoing redirection
489  *                file list lock for manipulating list of ttys
490  *                tty_ldisc_lock from called functions
491  *                termios_mutex resetting termios data
492  *                tasklist_lock to walk task list for hangup event
493  *                  ->siglock to protect ->signal/->sighand
494  */
495 static void do_tty_hangup(struct work_struct *work)
496 {
497         struct tty_struct *tty =
498                 container_of(work, struct tty_struct, hangup_work);
499         struct file *cons_filp = NULL;
500         struct file *filp, *f = NULL;
501         struct task_struct *p;
502         int    closecount = 0, n;
503         unsigned long flags;
504         int refs = 0;
505 
506         if (!tty)
507                 return;
508 
509         /* inuse_filps is protected by the single kernel lock */
510         lock_kernel();
511 
512         spin_lock(&redirect_lock);
513         if (redirect && redirect->private_data == tty) {
514                 f = redirect;
515                 redirect = NULL;
516         }
517         spin_unlock(&redirect_lock);
518 
519         check_tty_count(tty, "do_tty_hangup");
520         file_list_lock();
521         /* This breaks for file handles being sent over AF_UNIX sockets ? */
522         list_for_each_entry(filp, &tty->tty_files, f_u.fu_list) {
523                 if (filp->f_op->write == redirected_tty_write)
524                         cons_filp = filp;
525                 if (filp->f_op->write != tty_write)
526                         continue;
527                 closecount++;
528                 tty_fasync(-1, filp, 0);        /* can't block */
529                 filp->f_op = &hung_up_tty_fops;
530         }
531         file_list_unlock();
532 
533         tty_ldisc_hangup(tty);
534 
535         read_lock(&tasklist_lock);
536         if (tty->session) {
537                 do_each_pid_task(tty->session, PIDTYPE_SID, p) {
538                         spin_lock_irq(&p->sighand->siglock);
539                         if (p->signal->tty == tty) {
540                                 p->signal->tty = NULL;
541                                 /* We defer the dereferences outside fo
542                                    the tasklist lock */
543                                 refs++;
544                         }
545                         if (!p->signal->leader) {
546                                 spin_unlock_irq(&p->sighand->siglock);
547                                 continue;
548                         }
549                         __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
550                         __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
551                         put_pid(p->signal->tty_old_pgrp);  /* A noop */
552                         spin_lock_irqsave(&tty->ctrl_lock, flags);
553                         if (tty->pgrp)
554                                 p->signal->tty_old_pgrp = get_pid(tty->pgrp);
555                         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
556                         spin_unlock_irq(&p->sighand->siglock);
557                 } while_each_pid_task(tty->session, PIDTYPE_SID, p);
558         }
559         read_unlock(&tasklist_lock);
560 
561         spin_lock_irqsave(&tty->ctrl_lock, flags);
562         clear_bit(TTY_THROTTLED, &tty->flags);
563         clear_bit(TTY_PUSH, &tty->flags);
564         clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
565         put_pid(tty->session);
566         put_pid(tty->pgrp);
567         tty->session = NULL;
568         tty->pgrp = NULL;
569         tty->ctrl_status = 0;
570         set_bit(TTY_HUPPED, &tty->flags);
571         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
572 
573         /* Account for the p->signal references we killed */
574         while (refs--)
575                 tty_kref_put(tty);
576 
577         /*
578          * If one of the devices matches a console pointer, we
579          * cannot just call hangup() because that will cause
580          * tty->count and state->count to go out of sync.
581          * So we just call close() the right number of times.
582          */
583         if (cons_filp) {
584                 if (tty->ops->close)
585                         for (n = 0; n < closecount; n++)
586                                 tty->ops->close(tty, cons_filp);
587         } else if (tty->ops->hangup)
588                 (tty->ops->hangup)(tty);
589         /*
590          * We don't want to have driver/ldisc interactions beyond
591          * the ones we did here. The driver layer expects no
592          * calls after ->hangup() from the ldisc side. However we
593          * can't yet guarantee all that.
594          */
595         set_bit(TTY_HUPPED, &tty->flags);
596         tty_ldisc_enable(tty);
597         unlock_kernel();
598         if (f)
599                 fput(f);
600 }
601 
602 /**
603  *      tty_hangup              -       trigger a hangup event
604  *      @tty: tty to hangup
605  *
606  *      A carrier loss (virtual or otherwise) has occurred on this like
607  *      schedule a hangup sequence to run after this event.
608  */
609 
610 void tty_hangup(struct tty_struct *tty)
611 {
612 #ifdef TTY_DEBUG_HANGUP
613         char    buf[64];
614         printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
615 #endif
616         schedule_work(&tty->hangup_work);
617 }
618 
619 EXPORT_SYMBOL(tty_hangup);
620 
621 /**
622  *      tty_vhangup             -       process vhangup
623  *      @tty: tty to hangup
624  *
625  *      The user has asked via system call for the terminal to be hung up.
626  *      We do this synchronously so that when the syscall returns the process
627  *      is complete. That guarantee is necessary for security reasons.
628  */
629 
630 void tty_vhangup(struct tty_struct *tty)
631 {
632 #ifdef TTY_DEBUG_HANGUP
633         char    buf[64];
634 
635         printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
636 #endif
637         do_tty_hangup(&tty->hangup_work);
638 }
639 
640 EXPORT_SYMBOL(tty_vhangup);
641 
642 /**
643  *      tty_vhangup_self        -       process vhangup for own ctty
644  *
645  *      Perform a vhangup on the current controlling tty
646  */
647 
648 void tty_vhangup_self(void)
649 {
650         struct tty_struct *tty;
651 
652         tty = get_current_tty();
653         if (tty) {
654                 tty_vhangup(tty);
655                 tty_kref_put(tty);
656         }
657 }
658 
659 /**
660  *      tty_hung_up_p           -       was tty hung up
661  *      @filp: file pointer of tty
662  *
663  *      Return true if the tty has been subject to a vhangup or a carrier
664  *      loss
665  */
666 
667 int tty_hung_up_p(struct file *filp)
668 {
669         return (filp->f_op == &hung_up_tty_fops);
670 }
671 
672 EXPORT_SYMBOL(tty_hung_up_p);
673 
674 static void session_clear_tty(struct pid *session)
675 {
676         struct task_struct *p;
677         do_each_pid_task(session, PIDTYPE_SID, p) {
678                 proc_clear_tty(p);
679         } while_each_pid_task(session, PIDTYPE_SID, p);
680 }
681 
682 /**
683  *      disassociate_ctty       -       disconnect controlling tty
684  *      @on_exit: true if exiting so need to "hang up" the session
685  *
686  *      This function is typically called only by the session leader, when
687  *      it wants to disassociate itself from its controlling tty.
688  *
689  *      It performs the following functions:
690  *      (1)  Sends a SIGHUP and SIGCONT to the foreground process group
691  *      (2)  Clears the tty from being controlling the session
692  *      (3)  Clears the controlling tty for all processes in the
693  *              session group.
694  *
695  *      The argument on_exit is set to 1 if called when a process is
696  *      exiting; it is 0 if called by the ioctl TIOCNOTTY.
697  *
698  *      Locking:
699  *              BKL is taken for hysterical raisins
700  *                tty_mutex is taken to protect tty
701  *                ->siglock is taken to protect ->signal/->sighand
702  *                tasklist_lock is taken to walk process list for sessions
703  *                  ->siglock is taken to protect ->signal/->sighand
704  */
705 
706 void disassociate_ctty(int on_exit)
707 {
708         struct tty_struct *tty;
709         struct pid *tty_pgrp = NULL;
710 
711 
712         tty = get_current_tty();
713         if (tty) {
714                 tty_pgrp = get_pid(tty->pgrp);
715                 lock_kernel();
716                 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY)
717                         tty_vhangup(tty);
718                 unlock_kernel();
719                 tty_kref_put(tty);
720         } else if (on_exit) {
721                 struct pid *old_pgrp;
722                 spin_lock_irq(&current->sighand->siglock);
723                 old_pgrp = current->signal->tty_old_pgrp;
724                 current->signal->tty_old_pgrp = NULL;
725                 spin_unlock_irq(&current->sighand->siglock);
726                 if (old_pgrp) {
727                         kill_pgrp(old_pgrp, SIGHUP, on_exit);
728                         kill_pgrp(old_pgrp, SIGCONT, on_exit);
729                         put_pid(old_pgrp);
730                 }
731                 return;
732         }
733         if (tty_pgrp) {
734                 kill_pgrp(tty_pgrp, SIGHUP, on_exit);
735                 if (!on_exit)
736                         kill_pgrp(tty_pgrp, SIGCONT, on_exit);
737                 put_pid(tty_pgrp);
738         }
739 
740         spin_lock_irq(&current->sighand->siglock);
741         put_pid(current->signal->tty_old_pgrp);
742         current->signal->tty_old_pgrp = NULL;
743         spin_unlock_irq(&current->sighand->siglock);
744 
745         tty = get_current_tty();
746         if (tty) {
747                 unsigned long flags;
748                 spin_lock_irqsave(&tty->ctrl_lock, flags);
749                 put_pid(tty->session);
750                 put_pid(tty->pgrp);
751                 tty->session = NULL;
752                 tty->pgrp = NULL;
753                 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
754                 tty_kref_put(tty);
755         } else {
756 #ifdef TTY_DEBUG_HANGUP
757                 printk(KERN_DEBUG "error attempted to write to tty [0x%p]"
758                        " = NULL", tty);
759 #endif
760         }
761 
762         /* Now clear signal->tty under the lock */
763         read_lock(&tasklist_lock);
764         session_clear_tty(task_session(current));
765         read_unlock(&tasklist_lock);
766 }
767 
768 /**
769  *
770  *      no_tty  - Ensure the current process does not have a controlling tty
771  */
772 void no_tty(void)
773 {
774         struct task_struct *tsk = current;
775         lock_kernel();
776         if (tsk->signal->leader)
777                 disassociate_ctty(0);
778         unlock_kernel();
779         proc_clear_tty(tsk);
780 }
781 
782 
783 /**
784  *      stop_tty        -       propagate flow control
785  *      @tty: tty to stop
786  *
787  *      Perform flow control to the driver. For PTY/TTY pairs we
788  *      must also propagate the TIOCKPKT status. May be called
789  *      on an already stopped device and will not re-call the driver
790  *      method.
791  *
792  *      This functionality is used by both the line disciplines for
793  *      halting incoming flow and by the driver. It may therefore be
794  *      called from any context, may be under the tty atomic_write_lock
795  *      but not always.
796  *
797  *      Locking:
798  *              Uses the tty control lock internally
799  */
800 
801 void stop_tty(struct tty_struct *tty)
802 {
803         unsigned long flags;
804         spin_lock_irqsave(&tty->ctrl_lock, flags);
805         if (tty->stopped) {
806                 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
807                 return;
808         }
809         tty->stopped = 1;
810         if (tty->link && tty->link->packet) {
811                 tty->ctrl_status &= ~TIOCPKT_START;
812                 tty->ctrl_status |= TIOCPKT_STOP;
813                 wake_up_interruptible_poll(&tty->link->read_wait, POLLIN);
814         }
815         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
816         if (tty->ops->stop)
817                 (tty->ops->stop)(tty);
818 }
819 
820 EXPORT_SYMBOL(stop_tty);
821 
822 /**
823  *      start_tty       -       propagate flow control
824  *      @tty: tty to start
825  *
826  *      Start a tty that has been stopped if at all possible. Perform
827  *      any necessary wakeups and propagate the TIOCPKT status. If this
828  *      is the tty was previous stopped and is being started then the
829  *      driver start method is invoked and the line discipline woken.
830  *
831  *      Locking:
832  *              ctrl_lock
833  */
834 
835 void start_tty(struct tty_struct *tty)
836 {
837         unsigned long flags;
838         spin_lock_irqsave(&tty->ctrl_lock, flags);
839         if (!tty->stopped || tty->flow_stopped) {
840                 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
841                 return;
842         }
843         tty->stopped = 0;
844         if (tty->link && tty->link->packet) {
845                 tty->ctrl_status &= ~TIOCPKT_STOP;
846                 tty->ctrl_status |= TIOCPKT_START;
847                 wake_up_interruptible_poll(&tty->link->read_wait, POLLIN);
848         }
849         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
850         if (tty->ops->start)
851                 (tty->ops->start)(tty);
852         /* If we have a running line discipline it may need kicking */
853         tty_wakeup(tty);
854 }
855 
856 EXPORT_SYMBOL(start_tty);
857 
858 /**
859  *      tty_read        -       read method for tty device files
860  *      @file: pointer to tty file
861  *      @buf: user buffer
862  *      @count: size of user buffer
863  *      @ppos: unused
864  *
865  *      Perform the read system call function on this terminal device. Checks
866  *      for hung up devices before calling the line discipline method.
867  *
868  *      Locking:
869  *              Locks the line discipline internally while needed. Multiple
870  *      read calls may be outstanding in parallel.
871  */
872 
873 static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
874                         loff_t *ppos)
875 {
876         int i;
877         struct tty_struct *tty;
878         struct inode *inode;
879         struct tty_ldisc *ld;
880 
881         tty = (struct tty_struct *)file->private_data;
882         inode = file->f_path.dentry->d_inode;
883         if (tty_paranoia_check(tty, inode, "tty_read"))
884                 return -EIO;
885         if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
886                 return -EIO;
887 
888         /* We want to wait for the line discipline to sort out in this
889            situation */
890         ld = tty_ldisc_ref_wait(tty);
891         if (ld->ops->read)
892                 i = (ld->ops->read)(tty, file, buf, count);
893         else
894                 i = -EIO;
895         tty_ldisc_deref(ld);
896         if (i > 0)
897                 inode->i_atime = current_fs_time(inode->i_sb);
898         return i;
899 }
900 
901 void tty_write_unlock(struct tty_struct *tty)
902 {
903         mutex_unlock(&tty->atomic_write_lock);
904         wake_up_interruptible_poll(&tty->write_wait, POLLOUT);
905 }
906 
907 int tty_write_lock(struct tty_struct *tty, int ndelay)
908 {
909         if (!mutex_trylock(&tty->atomic_write_lock)) {
910                 if (ndelay)
911                         return -EAGAIN;
912                 if (mutex_lock_interruptible(&tty->atomic_write_lock))
913                         return -ERESTARTSYS;
914         }
915         return 0;
916 }
917 
918 /*
919  * Split writes up in sane blocksizes to avoid
920  * denial-of-service type attacks
921  */
922 static inline ssize_t do_tty_write(
923         ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
924         struct tty_struct *tty,
925         struct file *file,
926         const char __user *buf,
927         size_t count)
928 {
929         ssize_t ret, written = 0;
930         unsigned int chunk;
931 
932         ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
933         if (ret < 0)
934                 return ret;
935 
936         /*
937          * We chunk up writes into a temporary buffer. This
938          * simplifies low-level drivers immensely, since they
939          * don't have locking issues and user mode accesses.
940          *
941          * But if TTY_NO_WRITE_SPLIT is set, we should use a
942          * big chunk-size..
943          *
944          * The default chunk-size is 2kB, because the NTTY
945          * layer has problems with bigger chunks. It will
946          * claim to be able to handle more characters than
947          * it actually does.
948          *
949          * FIXME: This can probably go away now except that 64K chunks
950          * are too likely to fail unless switched to vmalloc...
951          */
952         chunk = 2048;
953         if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
954                 chunk = 65536;
955         if (count < chunk)
956                 chunk = count;
957 
958         /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
959         if (tty->write_cnt < chunk) {
960                 unsigned char *buf_chunk;
961 
962                 if (chunk < 1024)
963                         chunk = 1024;
964 
965                 buf_chunk = kmalloc(chunk, GFP_KERNEL);
966                 if (!buf_chunk) {
967                         ret = -ENOMEM;
968                         goto out;
969                 }
970                 kfree(tty->write_buf);
971                 tty->write_cnt = chunk;
972                 tty->write_buf = buf_chunk;
973         }
974 
975         /* Do the write .. */
976         for (;;) {
977                 size_t size = count;
978                 if (size > chunk)
979                         size = chunk;
980                 ret = -EFAULT;
981                 if (copy_from_user(tty->write_buf, buf, size))
982                         break;
983                 ret = write(tty, file, tty->write_buf, size);
984                 if (ret <= 0)
985                         break;
986                 written += ret;
987                 buf += ret;
988                 count -= ret;
989                 if (!count)
990                         break;
991                 ret = -ERESTARTSYS;
992                 if (signal_pending(current))
993                         break;
994                 cond_resched();
995         }
996         if (written) {
997                 struct inode *inode = file->f_path.dentry->d_inode;
998                 inode->i_mtime = current_fs_time(inode->i_sb);
999                 ret = written;
1000         }
1001 out:
1002         tty_write_unlock(tty);
1003         return ret;
1004 }
1005 
1006 /**
1007  * tty_write_message - write a message to a certain tty, not just the console.
1008  * @tty: the destination tty_struct
1009  * @msg: the message to write
1010  *
1011  * This is used for messages that need to be redirected to a specific tty.
1012  * We don't put it into the syslog queue right now maybe in the future if
1013  * really needed.
1014  *
1015  * We must still hold the BKL and test the CLOSING flag for the moment.
1016  */
1017 
1018 void tty_write_message(struct tty_struct *tty, char *msg)
1019 {
1020         lock_kernel();
1021         if (tty) {
1022                 mutex_lock(&tty->atomic_write_lock);
1023                 if (tty->ops->write && !test_bit(TTY_CLOSING, &tty->flags))
1024                         tty->ops->write(tty, msg, strlen(msg));
1025                 tty_write_unlock(tty);
1026         }
1027         unlock_kernel();
1028         return;
1029 }
1030 
1031 
1032 /**
1033  *      tty_write               -       write method for tty device file
1034  *      @file: tty file pointer
1035  *      @buf: user data to write
1036  *      @count: bytes to write
1037  *      @ppos: unused
1038  *
1039  *      Write data to a tty device via the line discipline.
1040  *
1041  *      Locking:
1042  *              Locks the line discipline as required
1043  *              Writes to the tty driver are serialized by the atomic_write_lock
1044  *      and are then processed in chunks to the device. The line discipline
1045  *      write method will not be invoked in parallel for each device.
1046  */
1047 
1048 static ssize_t tty_write(struct file *file, const char __user *buf,
1049                                                 size_t count, loff_t *ppos)
1050 {
1051         struct tty_struct *tty;
1052         struct inode *inode = file->f_path.dentry->d_inode;
1053         ssize_t ret;
1054         struct tty_ldisc *ld;
1055 
1056         tty = (struct tty_struct *)file->private_data;
1057         if (tty_paranoia_check(tty, inode, "tty_write"))
1058                 return -EIO;
1059         if (!tty || !tty->ops->write ||
1060                 (test_bit(TTY_IO_ERROR, &tty->flags)))
1061                         return -EIO;
1062         /* Short term debug to catch buggy drivers */
1063         if (tty->ops->write_room == NULL)
1064                 printk(KERN_ERR "tty driver %s lacks a write_room method.\n",
1065                         tty->driver->name);
1066         ld = tty_ldisc_ref_wait(tty);
1067         if (!ld->ops->write)
1068                 ret = -EIO;
1069         else
1070                 ret = do_tty_write(ld->ops->write, tty, file, buf, count);
1071         tty_ldisc_deref(ld);
1072         return ret;
1073 }
1074 
1075 ssize_t redirected_tty_write(struct file *file, const char __user *buf,
1076                                                 size_t count, loff_t *ppos)
1077 {
1078         struct file *p = NULL;
1079 
1080         spin_lock(&redirect_lock);
1081         if (redirect) {
1082                 get_file(redirect);
1083                 p = redirect;
1084         }
1085         spin_unlock(&redirect_lock);
1086 
1087         if (p) {
1088                 ssize_t res;
1089                 res = vfs_write(p, buf, count, &p->f_pos);
1090                 fput(p);
1091                 return res;
1092         }
1093         return tty_write(file, buf, count, ppos);
1094 }
1095 
1096 static char ptychar[] = "pqrstuvwxyzabcde";
1097 
1098 /**
1099  *      pty_line_name   -       generate name for a pty
1100  *      @driver: the tty driver in use
1101  *      @index: the minor number
1102  *      @p: output buffer of at least 6 bytes
1103  *
1104  *      Generate a name from a driver reference and write it to the output
1105  *      buffer.
1106  *
1107  *      Locking: None
1108  */
1109 static void pty_line_name(struct tty_driver *driver, int index, char *p)
1110 {
1111         int i = index + driver->name_base;
1112         /* ->name is initialized to "ttyp", but "tty" is expected */
1113         sprintf(p, "%s%c%x",
1114                 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1115                 ptychar[i >> 4 & 0xf], i & 0xf);
1116 }
1117 
1118 /**
1119  *      tty_line_name   -       generate name for a tty
1120  *      @driver: the tty driver in use
1121  *      @index: the minor number
1122  *      @p: output buffer of at least 7 bytes
1123  *
1124  *      Generate a name from a driver reference and write it to the output
1125  *      buffer.
1126  *
1127  *      Locking: None
1128  */
1129 static void tty_line_name(struct tty_driver *driver, int index, char *p)
1130 {
1131         sprintf(p, "%s%d", driver->name, index + driver->name_base);
1132 }
1133 
1134 /**
1135  *      tty_driver_lookup_tty() - find an existing tty, if any
1136  *      @driver: the driver for the tty
1137  *      @idx:    the minor number
1138  *
1139  *      Return the tty, if found or ERR_PTR() otherwise.
1140  *
1141  *      Locking: tty_mutex must be held. If tty is found, the mutex must
1142  *      be held until the 'fast-open' is also done. Will change once we
1143  *      have refcounting in the driver and per driver locking
1144  */
1145 static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver,
1146                 struct inode *inode, int idx)
1147 {
1148         struct tty_struct *tty;
1149 
1150         if (driver->ops->lookup)
1151                 return driver->ops->lookup(driver, inode, idx);
1152 
1153         tty = driver->ttys[idx];
1154         return tty;
1155 }
1156 
1157 /**
1158  *      tty_init_termios        -  helper for termios setup
1159  *      @tty: the tty to set up
1160  *
1161  *      Initialise the termios structures for this tty. Thus runs under
1162  *      the tty_mutex currently so we can be relaxed about ordering.
1163  */
1164 
1165 int tty_init_termios(struct tty_struct *tty)
1166 {
1167         struct ktermios *tp;
1168         int idx = tty->index;
1169 
1170         tp = tty->driver->termios[idx];
1171         if (tp == NULL) {
1172                 tp = kzalloc(sizeof(struct ktermios[2]), GFP_KERNEL);
1173                 if (tp == NULL)
1174                         return -ENOMEM;
1175                 memcpy(tp, &tty->driver->init_termios,
1176                                                 sizeof(struct ktermios));
1177                 tty->driver->termios[idx] = tp;
1178         }
1179         tty->termios = tp;
1180         tty->termios_locked = tp + 1;
1181 
1182         /* Compatibility until drivers always set this */
1183         tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
1184         tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
1185         return 0;
1186 }
1187 EXPORT_SYMBOL_GPL(tty_init_termios);
1188 
1189 /**
1190  *      tty_driver_install_tty() - install a tty entry in the driver
1191  *      @driver: the driver for the tty
1192  *      @tty: the tty
1193  *
1194  *      Install a tty object into the driver tables. The tty->index field
1195  *      will be set by the time this is called. This method is responsible
1196  *      for ensuring any need additional structures are allocated and
1197  *      configured.
1198  *
1199  *      Locking: tty_mutex for now
1200  */
1201 static int tty_driver_install_tty(struct tty_driver *driver,
1202                                                 struct tty_struct *tty)
1203 {
1204         int idx = tty->index;
1205 
1206         if (driver->ops->install)
1207                 return driver->ops->install(driver, tty);
1208 
1209         if (tty_init_termios(tty) == 0) {
1210                 tty_driver_kref_get(driver);
1211                 tty->count++;
1212                 driver->ttys[idx] = tty;
1213                 return 0;
1214         }
1215         return -ENOMEM;
1216 }
1217 
1218 /**
1219  *      tty_driver_remove_tty() - remove a tty from the driver tables
1220  *      @driver: the driver for the tty
1221  *      @idx:    the minor number
1222  *
1223  *      Remvoe a tty object from the driver tables. The tty->index field
1224  *      will be set by the time this is called.
1225  *
1226  *      Locking: tty_mutex for now
1227  */
1228 static void tty_driver_remove_tty(struct tty_driver *driver,
1229                                                 struct tty_struct *tty)
1230 {
1231         if (driver->ops->remove)
1232                 driver->ops->remove(driver, tty);
1233         else
1234                 driver->ttys[tty->index] = NULL;
1235 }
1236 
1237 /*
1238  *      tty_reopen()    - fast re-open of an open tty
1239  *      @tty    - the tty to open
1240  *
1241  *      Return 0 on success, -errno on error.
1242  *
1243  *      Locking: tty_mutex must be held from the time the tty was found
1244  *               till this open completes.
1245  */
1246 static int tty_reopen(struct tty_struct *tty)
1247 {
1248         struct tty_driver *driver = tty->driver;
1249 
1250         if (test_bit(TTY_CLOSING, &tty->flags))
1251                 return -EIO;
1252 
1253         if (driver->type == TTY_DRIVER_TYPE_PTY &&
1254             driver->subtype == PTY_TYPE_MASTER) {
1255                 /*
1256                  * special case for PTY masters: only one open permitted,
1257                  * and the slave side open count is incremented as well.
1258                  */
1259                 if (tty->count)
1260                         return -EIO;
1261 
1262                 tty->link->count++;
1263         }
1264         tty->count++;
1265         tty->driver = driver; /* N.B. why do this every time?? */
1266 
1267         mutex_lock(&tty->ldisc_mutex);
1268         WARN_ON(!test_bit(TTY_LDISC, &tty->flags));
1269         mutex_unlock(&tty->ldisc_mutex);
1270 
1271         return 0;
1272 }
1273 
1274 /**
1275  *      tty_init_dev            -       initialise a tty device
1276  *      @driver: tty driver we are opening a device on
1277  *      @idx: device index
1278  *      @ret_tty: returned tty structure
1279  *      @first_ok: ok to open a new device (used by ptmx)
1280  *
1281  *      Prepare a tty device. This may not be a "new" clean device but
1282  *      could also be an active device. The pty drivers require special
1283  *      handling because of this.
1284  *
1285  *      Locking:
1286  *              The function is called under the tty_mutex, which
1287  *      protects us from the tty struct or driver itself going away.
1288  *
1289  *      On exit the tty device has the line discipline attached and
1290  *      a reference count of 1. If a pair was created for pty/tty use
1291  *      and the other was a pty master then it too has a reference count of 1.
1292  *
1293  * WSH 06/09/97: Rewritten to remove races and properly clean up after a
1294  * failed open.  The new code protects the open with a mutex, so it's
1295  * really quite straightforward.  The mutex locking can probably be
1296  * relaxed for the (most common) case of reopening a tty.
1297  */
1298 
1299 struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx,
1300                                                                 int first_ok)
1301 {
1302         struct tty_struct *tty;
1303         int retval;
1304 
1305         /* Check if pty master is being opened multiple times */
1306         if (driver->subtype == PTY_TYPE_MASTER &&
1307                 (driver->flags & TTY_DRIVER_DEVPTS_MEM) && !first_ok)
1308                 return ERR_PTR(-EIO);
1309 
1310         /*
1311          * First time open is complex, especially for PTY devices.
1312          * This code guarantees that either everything succeeds and the
1313          * TTY is ready for operation, or else the table slots are vacated
1314          * and the allocated memory released.  (Except that the termios
1315          * and locked termios may be retained.)
1316          */
1317 
1318         if (!try_module_get(driver->owner))
1319                 return ERR_PTR(-ENODEV);
1320 
1321         tty = alloc_tty_struct();
1322         if (!tty)
1323                 goto fail_no_mem;
1324         initialize_tty_struct(tty, driver, idx);
1325 
1326         retval = tty_driver_install_tty(driver, tty);
1327         if (retval < 0) {
1328                 free_tty_struct(tty);
1329                 module_put(driver->owner);
1330                 return ERR_PTR(retval);
1331         }
1332 
1333         /*
1334          * Structures all installed ... call the ldisc open routines.
1335          * If we fail here just call release_tty to clean up.  No need
1336          * to decrement the use counts, as release_tty doesn't care.
1337          */
1338 
1339         retval = tty_ldisc_setup(tty, tty->link);
1340         if (retval)
1341                 goto release_mem_out;
1342         return tty;
1343 
1344 fail_no_mem:
1345         module_put(driver->owner);
1346         return ERR_PTR(-ENOMEM);
1347 
1348         /* call the tty release_tty routine to clean out this slot */
1349 release_mem_out:
1350         if (printk_ratelimit())
1351                 printk(KERN_INFO "tty_init_dev: ldisc open failed, "
1352                                  "clearing slot %d\n", idx);
1353         release_tty(tty, idx);
1354         return ERR_PTR(retval);
1355 }
1356 
1357 void tty_free_termios(struct tty_struct *tty)
1358 {
1359         struct ktermios *tp;
1360         int idx = tty->index;
1361         /* Kill this flag and push into drivers for locking etc */
1362         if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
1363                 /* FIXME: Locking on ->termios array */
1364                 tp = tty->termios;
1365                 tty->driver->termios[idx] = NULL;
1366                 kfree(tp);
1367         }
1368 }
1369 EXPORT_SYMBOL(tty_free_termios);
1370 
1371 void tty_shutdown(struct tty_struct *tty)
1372 {
1373         tty_driver_remove_tty(tty->driver, tty);
1374         tty_free_termios(tty);
1375 }
1376 EXPORT_SYMBOL(tty_shutdown);
1377 
1378 /**
1379  *      release_one_tty         -       release tty structure memory
1380  *      @kref: kref of tty we are obliterating
1381  *
1382  *      Releases memory associated with a tty structure, and clears out the
1383  *      driver table slots. This function is called when a device is no longer
1384  *      in use. It also gets called when setup of a device fails.
1385  *
1386  *      Locking:
1387  *              tty_mutex - sometimes only
1388  *              takes the file list lock internally when working on the list
1389  *      of ttys that the driver keeps.
1390  */
1391 static void release_one_tty(struct kref *kref)
1392 {
1393         struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
1394         struct tty_driver *driver = tty->driver;
1395 
1396         if (tty->ops->shutdown)
1397                 tty->ops->shutdown(tty);
1398         else
1399                 tty_shutdown(tty);
1400         tty->magic = 0;
1401         tty_driver_kref_put(driver);
1402         module_put(driver->owner);
1403 
1404         file_list_lock();
1405         list_del_init(&tty->tty_files);
1406         file_list_unlock();
1407 
1408         free_tty_struct(tty);
1409 }
1410 
1411 /**
1412  *      tty_kref_put            -       release a tty kref
1413  *      @tty: tty device
1414  *
1415  *      Release a reference to a tty device and if need be let the kref
1416  *      layer destruct the object for us
1417  */
1418 
1419 void tty_kref_put(struct tty_struct *tty)
1420 {
1421         if (tty)
1422                 kref_put(&tty->kref, release_one_tty);
1423 }
1424 EXPORT_SYMBOL(tty_kref_put);
1425 
1426 /**
1427  *      release_tty             -       release tty structure memory
1428  *
1429  *      Release both @tty and a possible linked partner (think pty pair),
1430  *      and decrement the refcount of the backing module.
1431  *
1432  *      Locking:
1433  *              tty_mutex - sometimes only
1434  *              takes the file list lock internally when working on the list
1435  *      of ttys that the driver keeps.
1436  *              FIXME: should we require tty_mutex is held here ??
1437  *
1438  */
1439 static void release_tty(struct tty_struct *tty, int idx)
1440 {
1441         /* This should always be true but check for the moment */
1442         WARN_ON(tty->index != idx);
1443 
1444         if (tty->link)
1445                 tty_kref_put(tty->link);
1446         tty_kref_put(tty);
1447 }
1448 
1449 /*
1450  * Even releasing the tty structures is a tricky business.. We have
1451  * to be very careful that the structures are all released at the
1452  * same time, as interrupts might otherwise get the wrong pointers.
1453  *
1454  * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1455  * lead to double frees or releasing memory still in use.
1456  */
1457 void tty_release_dev(struct file *filp)
1458 {
1459         struct tty_struct *tty, *o_tty;
1460         int     pty_master, tty_closing, o_tty_closing, do_sleep;
1461         int     devpts;
1462         int     idx;
1463         char    buf[64];
1464         struct  inode *inode;
1465 
1466         inode = filp->f_path.dentry->d_inode;
1467         tty = (struct tty_struct *)filp->private_data;
1468         if (tty_paranoia_check(tty, inode, "tty_release_dev"))
1469                 return;
1470 
1471         check_tty_count(tty, "tty_release_dev");
1472 
1473         tty_fasync(-1, filp, 0);
1474 
1475         idx = tty->index;
1476         pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1477                       tty->driver->subtype == PTY_TYPE_MASTER);
1478         devpts = (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) != 0;
1479         o_tty = tty->link;
1480 
1481 #ifdef TTY_PARANOIA_CHECK
1482         if (idx < 0 || idx >= tty->driver->num) {
1483                 printk(KERN_DEBUG "tty_release_dev: bad idx when trying to "
1484                                   "free (%s)\n", tty->name);
1485                 return;
1486         }
1487         if (!devpts) {
1488                 if (tty != tty->driver->ttys[idx]) {
1489                         printk(KERN_DEBUG "tty_release_dev: driver.table[%d] not tty "
1490                                "for (%s)\n", idx, tty->name);
1491                         return;
1492                 }
1493                 if (tty->termios != tty->driver->termios[idx]) {
1494                         printk(KERN_DEBUG "tty_release_dev: driver.termios[%d] not termios "
1495                                "for (%s)\n",
1496                                idx, tty->name);
1497                         return;
1498                 }
1499         }
1500 #endif
1501 
1502 #ifdef TTY_DEBUG_HANGUP
1503         printk(KERN_DEBUG "tty_release_dev of %s (tty count=%d)...",
1504                tty_name(tty, buf), tty->count);
1505 #endif
1506 
1507 #ifdef TTY_PARANOIA_CHECK
1508         if (tty->driver->other &&
1509              !(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
1510                 if (o_tty != tty->driver->other->ttys[idx]) {
1511                         printk(KERN_DEBUG "tty_release_dev: other->table[%d] "
1512                                           "not o_tty for (%s)\n",
1513                                idx, tty->name);
1514                         return;
1515                 }
1516                 if (o_tty->termios != tty->driver->other->termios[idx]) {
1517                         printk(KERN_DEBUG "tty_release_dev: other->termios[%d] "
1518                                           "not o_termios for (%s)\n",
1519                                idx, tty->name);
1520                         return;
1521                 }
1522                 if (o_tty->link != tty) {
1523                         printk(KERN_DEBUG "tty_release_dev: bad pty pointers\n");
1524                         return;
1525                 }
1526         }
1527 #endif
1528         if (tty->ops->close)
1529                 tty->ops->close(tty, filp);
1530 
1531         /*
1532          * Sanity check: if tty->count is going to zero, there shouldn't be
1533          * any waiters on tty->read_wait or tty->write_wait.  We test the
1534          * wait queues and kick everyone out _before_ actually starting to
1535          * close.  This ensures that we won't block while releasing the tty
1536          * structure.
1537          *
1538          * The test for the o_tty closing is necessary, since the master and
1539          * slave sides may close in any order.  If the slave side closes out
1540          * first, its count will be one, since the master side holds an open.
1541          * Thus this test wouldn't be triggered at the time the slave closes,
1542          * so we do it now.
1543          *
1544          * Note that it's possible for the tty to be opened again while we're
1545          * flushing out waiters.  By recalculating the closing flags before
1546          * each iteration we avoid any problems.
1547          */
1548         while (1) {
1549                 /* Guard against races with tty->count changes elsewhere and
1550                    opens on /dev/tty */
1551 
1552                 mutex_lock(&tty_mutex);
1553                 tty_closing = tty->count <= 1;
1554                 o_tty_closing = o_tty &&
1555                         (o_tty->count <= (pty_master ? 1 : 0));
1556                 do_sleep = 0;
1557 
1558                 if (tty_closing) {
1559                         if (waitqueue_active(&tty->read_wait)) {
1560                                 wake_up_poll(&tty->read_wait, POLLIN);
1561                                 do_sleep++;
1562                         }
1563                         if (waitqueue_active(&tty->write_wait)) {
1564                                 wake_up_poll(&tty->write_wait, POLLOUT);
1565                                 do_sleep++;
1566                         }
1567                 }
1568                 if (o_tty_closing) {
1569                         if (waitqueue_active(&o_tty->read_wait)) {
1570                                 wake_up_poll(&o_tty->read_wait, POLLIN);
1571                                 do_sleep++;
1572                         }
1573                         if (waitqueue_active(&o_tty->write_wait)) {
1574                                 wake_up_poll(&o_tty->write_wait, POLLOUT);
1575                                 do_sleep++;
1576                         }
1577                 }
1578                 if (!do_sleep)
1579                         break;
1580 
1581                 printk(KERN_WARNING "tty_release_dev: %s: read/write wait queue "
1582                                     "active!\n", tty_name(tty, buf));
1583                 mutex_unlock(&tty_mutex);
1584                 schedule();
1585         }
1586 
1587         /*
1588          * The closing flags are now consistent with the open counts on
1589          * both sides, and we've completed the last operation that could
1590          * block, so it's safe to proceed with closing.
1591          */
1592         if (pty_master) {
1593                 if (--o_tty->count < 0) {
1594                         printk(KERN_WARNING "tty_release_dev: bad pty slave count "
1595                                             "(%d) for %s\n",
1596                                o_tty->count, tty_name(o_tty, buf));
1597                         o_tty->count = 0;
1598                 }
1599         }
1600         if (--tty->count < 0) {
1601                 printk(KERN_WARNING "tty_release_dev: bad tty->count (%d) for %s\n",
1602                        tty->count, tty_name(tty, buf));
1603                 tty->count = 0;
1604         }
1605 
1606         /*
1607          * We've decremented tty->count, so we need to remove this file
1608          * descriptor off the tty->tty_files list; this serves two
1609          * purposes:
1610          *  - check_tty_count sees the correct number of file descriptors
1611          *    associated with this tty.
1612          *  - do_tty_hangup no longer sees this file descriptor as
1613          *    something that needs to be handled for hangups.
1614          */
1615         file_kill(filp);
1616         filp->private_data = NULL;
1617 
1618         /*
1619          * Perform some housekeeping before deciding whether to return.
1620          *
1621          * Set the TTY_CLOSING flag if this was the last open.  In the
1622          * case of a pty we may have to wait around for the other side
1623          * to close, and TTY_CLOSING makes sure we can't be reopened.
1624          */
1625         if (tty_closing)
1626                 set_bit(TTY_CLOSING, &tty->flags);
1627         if (o_tty_closing)
1628                 set_bit(TTY_CLOSING, &o_tty->flags);
1629 
1630         /*
1631          * If _either_ side is closing, make sure there aren't any
1632          * processes that still think tty or o_tty is their controlling
1633          * tty.
1634          */
1635         if (tty_closing || o_tty_closing) {
1636                 read_lock(&tasklist_lock);
1637                 session_clear_tty(tty->session);
1638                 if (o_tty)
1639                         session_clear_tty(o_tty->session);
1640                 read_unlock(&tasklist_lock);
1641         }
1642 
1643         mutex_unlock(&tty_mutex);
1644 
1645         /* check whether both sides are closing ... */
1646         if (!tty_closing || (o_tty && !o_tty_closing))
1647                 return;
1648 
1649 #ifdef TTY_DEBUG_HANGUP
1650         printk(KERN_DEBUG "freeing tty structure...");
1651 #endif
1652         /*
1653          * Ask the line discipline code to release its structures
1654          */
1655         tty_ldisc_release(tty, o_tty);
1656         /*
1657          * The release_tty function takes care of the details of clearing
1658          * the slots and preserving the termios structure.
1659          */
1660         release_tty(tty, idx);
1661 
1662         /* Make this pty number available for reallocation */
1663         if (devpts)
1664                 devpts_kill_index(inode, idx);
1665 }
1666 
1667 /**
1668  *      __tty_open              -       open a tty device
1669  *      @inode: inode of device file
1670  *      @filp: file pointer to tty
1671  *
1672  *      tty_open and tty_release keep up the tty count that contains the
1673  *      number of opens done on a tty. We cannot use the inode-count, as
1674  *      different inodes might point to the same tty.
1675  *
1676  *      Open-counting is needed for pty masters, as well as for keeping
1677  *      track of serial lines: DTR is dropped when the last close happens.
1678  *      (This is not done solely through tty->count, now.  - Ted 1/27/92)
1679  *
1680  *      The termios state of a pty is reset on first open so that
1681  *      settings don't persist across reuse.
1682  *
1683  *      Locking: tty_mutex protects tty, get_tty_driver and tty_init_dev work.
1684  *               tty->count should protect the rest.
1685  *               ->siglock protects ->signal/->sighand
1686  */
1687 
1688 static int __tty_open(struct inode *inode, struct file *filp)
1689 {
1690         struct tty_struct *tty = NULL;
1691         int noctty, retval;
1692         struct tty_driver *driver;
1693         int index;
1694         dev_t device = inode->i_rdev;
1695         unsigned saved_flags = filp->f_flags;
1696 
1697         nonseekable_open(inode, filp);
1698 
1699 retry_open:
1700         noctty = filp->f_flags & O_NOCTTY;
1701         index  = -1;
1702         retval = 0;
1703 
1704         mutex_lock(&tty_mutex);
1705 
1706         if (device == MKDEV(TTYAUX_MAJOR, 0)) {
1707                 tty = get_current_tty();
1708                 if (!tty) {
1709                         mutex_unlock(&tty_mutex);
1710                         return -ENXIO;
1711                 }
1712                 driver = tty_driver_kref_get(tty->driver);
1713                 index = tty->index;
1714                 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
1715                 /* noctty = 1; */
1716                 /* FIXME: Should we take a driver reference ? */
1717                 tty_kref_put(tty);
1718                 goto got_driver;
1719         }
1720 #ifdef CONFIG_VT
1721         if (device == MKDEV(TTY_MAJOR, 0)) {
1722                 extern struct tty_driver *console_driver;
1723                 driver = tty_driver_kref_get(console_driver);
1724                 index = fg_console;
1725                 noctty = 1;
1726                 goto got_driver;
1727         }
1728 #endif
1729         if (device == MKDEV(TTYAUX_MAJOR, 1)) {
1730                 struct tty_driver *console_driver = console_device(&index);
1731                 if (console_driver) {
1732                         driver = tty_driver_kref_get(console_driver);
1733                         if (driver) {
1734                                 /* Don't let /dev/console block */
1735                                 filp->f_flags |= O_NONBLOCK;
1736                                 noctty = 1;
1737                                 goto got_driver;
1738                         }
1739                 }
1740                 mutex_unlock(&tty_mutex);
1741                 return -ENODEV;
1742         }
1743 
1744         driver = get_tty_driver(device, &index);
1745         if (!driver) {
1746                 mutex_unlock(&tty_mutex);
1747                 return -ENODEV;
1748         }
1749 got_driver:
1750         if (!tty) {
1751                 /* check whether we're reopening an existing tty */
1752                 tty = tty_driver_lookup_tty(driver, inode, index);
1753 
1754                 if (IS_ERR(tty)) {
1755                         mutex_unlock(&tty_mutex);
1756                         return PTR_ERR(tty);
1757                 }
1758         }
1759 
1760         if (tty) {
1761                 retval = tty_reopen(tty);
1762                 if (retval)
1763                         tty = ERR_PTR(retval);
1764         } else
1765                 tty = tty_init_dev(driver, index, 0);
1766 
1767         mutex_unlock(&tty_mutex);
1768         tty_driver_kref_put(driver);
1769         if (IS_ERR(tty))
1770                 return PTR_ERR(tty);
1771 
1772         filp->private_data = tty;
1773         file_move(filp, &tty->tty_files);
1774         check_tty_count(tty, "tty_open");
1775         if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1776             tty->driver->subtype == PTY_TYPE_MASTER)
1777                 noctty = 1;
1778 #ifdef TTY_DEBUG_HANGUP
1779         printk(KERN_DEBUG "opening %s...", tty->name);
1780 #endif
1781         if (!retval) {
1782                 if (tty->ops->open)
1783                         retval = tty->ops->open(tty, filp);
1784                 else
1785                         retval = -ENODEV;
1786         }
1787         filp->f_flags = saved_flags;
1788 
1789         if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) &&
1790                                                 !capable(CAP_SYS_ADMIN))
1791                 retval = -EBUSY;
1792 
1793         if (retval) {
1794 #ifdef TTY_DEBUG_HANGUP
1795                 printk(KERN_DEBUG "error %d in opening %s...", retval,
1796                        tty->name);
1797 #endif
1798                 tty_release_dev(filp);
1799                 if (retval != -ERESTARTSYS)
1800                         return retval;
1801                 if (signal_pending(current))
1802                         return retval;
1803                 schedule();
1804                 /*
1805                  * Need to reset f_op in case a hangup happened.
1806                  */
1807                 if (filp->f_op == &hung_up_tty_fops)
1808                         filp->f_op = &tty_fops;
1809                 goto retry_open;
1810         }
1811 
1812         mutex_lock(&tty_mutex);
1813         spin_lock_irq(&current->sighand->siglock);
1814         if (!noctty &&
1815             current->signal->leader &&
1816             !current->signal->tty &&
1817             tty->session == NULL)
1818                 __proc_set_tty(current, tty);
1819         spin_unlock_irq(&current->sighand->siglock);
1820         mutex_unlock(&tty_mutex);
1821         return 0;
1822 }
1823 
1824 /* BKL pushdown: scary code avoidance wrapper */
1825 static int tty_open(struct inode *inode, struct file *filp)
1826 {
1827         int ret;
1828 
1829         lock_kernel();
1830         ret = __tty_open(inode, filp);
1831         unlock_kernel();
1832         return ret;
1833 }
1834 
1835 
1836 
1837 
1838 /**
1839  *      tty_release             -       vfs callback for close
1840  *      @inode: inode of tty
1841  *      @filp: file pointer for handle to tty
1842  *
1843  *      Called the last time each file handle is closed that references
1844  *      this tty. There may however be several such references.
1845  *
1846  *      Locking:
1847  *              Takes bkl. See tty_release_dev
1848  */
1849 
1850 static int tty_release(struct inode *inode, struct file *filp)
1851 {
1852         lock_kernel();
1853         tty_release_dev(filp);
1854         unlock_kernel();
1855         return 0;
1856 }
1857 
1858 /**
1859  *      tty_poll        -       check tty status
1860  *      @filp: file being polled
1861  *      @wait: poll wait structures to update
1862  *
1863  *      Call the line discipline polling method to obtain the poll
1864  *      status of the device.
1865  *
1866  *      Locking: locks called line discipline but ldisc poll method
1867  *      may be re-entered freely by other callers.
1868  */
1869 
1870 static unsigned int tty_poll(struct file *filp, poll_table *wait)
1871 {
1872         struct tty_struct *tty;
1873         struct tty_ldisc *ld;
1874         int ret = 0;
1875 
1876         tty = (struct tty_struct *)filp->private_data;
1877         if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_poll"))
1878                 return 0;
1879 
1880         ld = tty_ldisc_ref_wait(tty);
1881         if (ld->ops->poll)
1882                 ret = (ld->ops->poll)(tty, filp, wait);
1883         tty_ldisc_deref(ld);
1884         return ret;
1885 }
1886 
1887 static int tty_fasync(int fd, struct file *filp, int on)
1888 {
1889         struct tty_struct *tty;
1890         unsigned long flags;
1891         int retval = 0;
1892 
1893         lock_kernel();
1894         tty = (struct tty_struct *)filp->private_data;
1895         if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_fasync"))
1896                 goto out;
1897 
1898         retval = fasync_helper(fd, filp, on, &tty->fasync);
1899         if (retval <= 0)
1900                 goto out;
1901 
1902         if (on) {
1903                 enum pid_type type;
1904                 struct pid *pid;
1905                 if (!waitqueue_active(&tty->read_wait))
1906                         tty->minimum_to_wake = 1;
1907                 spin_lock_irqsave(&tty->ctrl_lock, flags);
1908                 if (tty->pgrp) {
1909                         pid = tty->pgrp;
1910                         type = PIDTYPE_PGID;
1911                 } else {
1912                         pid = task_pid(current);
1913                         type = PIDTYPE_PID;
1914                 }
1915                 get_pid(pid);
1916                 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1917                 retval = __f_setown(filp, pid, type, 0);
1918                 put_pid(pid);
1919                 if (retval)
1920                         goto out;
1921         } else {
1922                 if (!tty->fasync && !waitqueue_active(&tty->read_wait))
1923                         tty->minimum_to_wake = N_TTY_BUF_SIZE;
1924         }
1925         retval = 0;
1926 out:
1927         unlock_kernel();
1928         return retval;
1929 }
1930 
1931 /**
1932  *      tiocsti                 -       fake input character
1933  *      @tty: tty to fake input into
1934  *      @p: pointer to character
1935  *
1936  *      Fake input to a tty device. Does the necessary locking and
1937  *      input management.
1938  *
1939  *      FIXME: does not honour flow control ??
1940  *
1941  *      Locking:
1942  *              Called functions take tty_ldisc_lock
1943  *              current->signal->tty check is safe without locks
1944  *
1945  *      FIXME: may race normal receive processing
1946  */
1947 
1948 static int tiocsti(struct tty_struct *tty, char __user *p)
1949 {
1950         char ch, mbz = 0;
1951         struct tty_ldisc *ld;
1952 
1953         if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
1954                 return -EPERM;
1955         if (get_user(ch, p))
1956                 return -EFAULT;
1957         tty_audit_tiocsti(tty, ch);
1958         ld = tty_ldisc_ref_wait(tty);
1959         ld->ops->receive_buf(tty, &ch, &mbz, 1);
1960         tty_ldisc_deref(ld);
1961         return 0;
1962 }
1963 
1964 /**
1965  *      tiocgwinsz              -       implement window query ioctl
1966  *      @tty; tty
1967  *      @arg: user buffer for result
1968  *
1969  *      Copies the kernel idea of the window size into the user buffer.
1970  *
1971  *      Locking: tty->termios_mutex is taken to ensure the winsize data
1972  *              is consistent.
1973  */
1974 
1975 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
1976 {
1977         int err;
1978 
1979         mutex_lock(&tty->termios_mutex);
1980         err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
1981         mutex_unlock(&tty->termios_mutex);
1982 
1983         return err ? -EFAULT: 0;
1984 }
1985 
1986 /**
1987  *      tty_do_resize           -       resize event
1988  *      @tty: tty being resized
1989  *      @rows: rows (character)
1990  *      @cols: cols (character)
1991  *
1992  *      Update the termios variables and send the neccessary signals to
1993  *      peform a terminal resize correctly
1994  */
1995 
1996 int tty_do_resize(struct tty_struct *tty, struct winsize *ws)
1997 {
1998         struct pid *pgrp;
1999         unsigned long flags;
2000 
2001         /* Lock the tty */
2002         mutex_lock(&tty->termios_mutex);
2003         if (!memcmp(ws, &tty->winsize, sizeof(*ws)))
2004                 goto done;
2005         /* Get the PID values and reference them so we can
2006            avoid holding the tty ctrl lock while sending signals */
2007         spin_lock_irqsave(&tty->ctrl_lock, flags);
2008         pgrp = get_pid(tty->pgrp);
2009         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2010 
2011         if (pgrp)
2012                 kill_pgrp(pgrp, SIGWINCH, 1);
2013         put_pid(pgrp);
2014 
2015         tty->winsize = *ws;
2016 done:
2017         mutex_unlock(&tty->termios_mutex);
2018         return 0;
2019 }
2020 
2021 /**
2022  *      tiocswinsz              -       implement window size set ioctl
2023  *      @tty; tty side of tty
2024  *      @arg: user buffer for result
2025  *
2026  *      Copies the user idea of the window size to the kernel. Traditionally
2027  *      this is just advisory information but for the Linux console it
2028  *      actually has driver level meaning and triggers a VC resize.
2029  *
2030  *      Locking:
2031  *              Driver dependant. The default do_resize method takes the
2032  *      tty termios mutex and ctrl_lock. The console takes its own lock
2033  *      then calls into the default method.
2034  */
2035 
2036 static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg)
2037 {
2038         struct winsize tmp_ws;
2039         if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2040                 return -EFAULT;
2041 
2042         if (tty->ops->resize)
2043                 return tty->ops->resize(tty, &tmp_ws);
2044         else
2045                 return tty_do_resize(tty, &tmp_ws);
2046 }
2047 
2048 /**
2049  *      tioccons        -       allow admin to move logical console
2050  *      @file: the file to become console
2051  *
2052  *      Allow the adminstrator to move the redirected console device
2053  *
2054  *      Locking: uses redirect_lock to guard the redirect information
2055  */
2056 
2057 static int tioccons(struct file *file)
2058 {
2059         if (!capable(CAP_SYS_ADMIN))
2060                 return -EPERM;
2061         if (file->f_op->write == redirected_tty_write) {
2062                 struct file *f;
2063                 spin_lock(&redirect_lock);
2064                 f = redirect;
2065                 redirect = NULL;
2066                 spin_unlock(&redirect_lock);
2067                 if (f)
2068                         fput(f);
2069                 return 0;
2070         }
2071         spin_lock(&redirect_lock);
2072         if (redirect) {
2073                 spin_unlock(&redirect_lock);
2074                 return -EBUSY;
2075         }
2076         get_file(file);
2077         redirect = file;
2078         spin_unlock(&redirect_lock);
2079         return 0;
2080 }
2081 
2082 /**
2083  *      fionbio         -       non blocking ioctl
2084  *      @file: file to set blocking value
2085  *      @p: user parameter
2086  *
2087  *      Historical tty interfaces had a blocking control ioctl before
2088  *      the generic functionality existed. This piece of history is preserved
2089  *      in the expected tty API of posix OS's.
2090  *
2091  *      Locking: none, the open fle handle ensures it won't go away.
2092  */
2093 
2094 static int fionbio(struct file *file, int __user *p)
2095 {
2096         int nonblock;
2097 
2098         if (get_user(nonblock, p))
2099                 return -EFAULT;
2100 
2101         spin_lock(&file->f_lock);
2102         if (nonblock)
2103                 file->f_flags |= O_NONBLOCK;
2104         else
2105                 file->f_flags &= ~O_NONBLOCK;
2106         spin_unlock(&file->f_lock);
2107         return 0;
2108 }
2109 
2110 /**
2111  *      tiocsctty       -       set controlling tty
2112  *      @tty: tty structure
2113  *      @arg: user argument
2114  *
2115  *      This ioctl is used to manage job control. It permits a session
2116  *      leader to set this tty as the controlling tty for the session.
2117  *
2118  *      Locking:
2119  *              Takes tty_mutex() to protect tty instance
2120  *              Takes tasklist_lock internally to walk sessions
2121  *              Takes ->siglock() when updating signal->tty
2122  */
2123 
2124 static int tiocsctty(struct tty_struct *tty, int arg)
2125 {
2126         int ret = 0;
2127         if (current->signal->leader && (task_session(current) == tty->session))
2128                 return ret;
2129 
2130         mutex_lock(&tty_mutex);
2131         /*
2132          * The process must be a session leader and
2133          * not have a controlling tty already.
2134          */
2135         if (!current->signal->leader || current->signal->tty) {
2136                 ret = -EPERM;
2137                 goto unlock;
2138         }
2139 
2140         if (tty->session) {
2141                 /*
2142                  * This tty is already the controlling
2143                  * tty for another session group!
2144                  */
2145                 if (arg == 1 && capable(CAP_SYS_ADMIN)) {
2146                         /*
2147                          * Steal it away
2148                          */
2149                         read_lock(&tasklist_lock);
2150                         session_clear_tty(tty->session);
2151                         read_unlock(&tasklist_lock);
2152                 } else {
2153                         ret = -EPERM;
2154                         goto unlock;
2155                 }
2156         }
2157         proc_set_tty(current, tty);
2158 unlock:
2159         mutex_unlock(&tty_mutex);
2160         return ret;
2161 }
2162 
2163 /**
2164  *      tty_get_pgrp    -       return a ref counted pgrp pid
2165  *      @tty: tty to read
2166  *
2167  *      Returns a refcounted instance of the pid struct for the process
2168  *      group controlling the tty.
2169  */
2170 
2171 struct pid *tty_get_pgrp(struct tty_struct *tty)
2172 {
2173         unsigned long flags;
2174         struct pid *pgrp;
2175 
2176         spin_lock_irqsave(&tty->ctrl_lock, flags);
2177         pgrp = get_pid(tty->pgrp);
2178         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2179 
2180         return pgrp;
2181 }
2182 EXPORT_SYMBOL_GPL(tty_get_pgrp);
2183 
2184 /**
2185  *      tiocgpgrp               -       get process group
2186  *      @tty: tty passed by user
2187  *      @real_tty: tty side of the tty pased by the user if a pty else the tty
2188  *      @p: returned pid
2189  *
2190  *      Obtain the process group of the tty. If there is no process group
2191  *      return an error.
2192  *
2193  *      Locking: none. Reference to current->signal->tty is safe.
2194  */
2195 
2196 static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2197 {
2198         struct pid *pid;
2199         int ret;
2200         /*
2201          * (tty == real_tty) is a cheap way of
2202          * testing if the tty is NOT a master pty.
2203          */
2204         if (tty == real_tty && current->signal->tty != real_tty)
2205                 return -ENOTTY;
2206         pid = tty_get_pgrp(real_tty);
2207         ret =  put_user(pid_vnr(pid), p);
2208         put_pid(pid);
2209         return ret;
2210 }
2211 
2212 /**
2213  *      tiocspgrp               -       attempt to set process group
2214  *      @tty: tty passed by user
2215  *      @real_tty: tty side device matching tty passed by user
2216  *      @p: pid pointer
2217  *
2218  *      Set the process group of the tty to the session passed. Only
2219  *      permitted where the tty session is our session.
2220  *
2221  *      Locking: RCU, ctrl lock
2222  */
2223 
2224 static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2225 {
2226         struct pid *pgrp;
2227         pid_t pgrp_nr;
2228         int retval = tty_check_change(real_tty);
2229         unsigned long flags;
2230 
2231         if (retval == -EIO)
2232                 return -ENOTTY;
2233         if (retval)
2234                 return retval;
2235         if (!current->signal->tty ||
2236             (current->signal->tty != real_tty) ||
2237             (real_tty->session != task_session(current)))
2238                 return -ENOTTY;
2239         if (get_user(pgrp_nr, p))
2240                 return -EFAULT;
2241         if (pgrp_nr < 0)
2242                 return -EINVAL;
2243         rcu_read_lock();
2244         pgrp = find_vpid(pgrp_nr);
2245         retval = -ESRCH;
2246         if (!pgrp)
2247                 goto out_unlock;
2248         retval = -EPERM;
2249         if (session_of_pgrp(pgrp) != task_session(current))
2250                 goto out_unlock;
2251         retval = 0;
2252         spin_lock_irqsave(&tty->ctrl_lock, flags);
2253         put_pid(real_tty->pgrp);
2254         real_tty->pgrp = get_pid(pgrp);
2255         spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2256 out_unlock:
2257         rcu_read_unlock();
2258         return retval;
2259 }
2260 
2261 /**
2262  *      tiocgsid                -       get session id
2263  *      @tty: tty passed by user
2264  *      @real_tty: tty side of the tty pased by the user if a pty else the tty
2265  *      @p: pointer to returned session id
2266  *
2267  *      Obtain the session id of the tty. If there is no session
2268  *      return an error.
2269  *
2270  *      Locking: none. Reference to current->signal->tty is safe.
2271  */
2272 
2273 static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2274 {
2275         /*
2276          * (tty == real_tty) is a cheap way of
2277          * testing if the tty is NOT a master pty.
2278         */
2279         if (tty == real_tty && current->signal->tty != real_tty)
2280                 return -ENOTTY;
2281         if (!real_tty->session)
2282                 return -ENOTTY;
2283         return put_user(pid_vnr(real_tty->session), p);
2284 }
2285 
2286 /**
2287  *      tiocsetd        -       set line discipline
2288  *      @tty: tty device
2289  *      @p: pointer to user data
2290  *
2291  *      Set the line discipline according to user request.
2292  *
2293  *      Locking: see tty_set_ldisc, this function is just a helper
2294  */
2295 
2296 static int tiocsetd(struct tty_struct *tty, int __user *p)
2297 {
2298         int ldisc;
2299         int ret;
2300 
2301         if (get_user(ldisc, p))
2302                 return -EFAULT;
2303 
2304         lock_kernel();
2305         ret = tty_set_ldisc(tty, ldisc);
2306         unlock_kernel();
2307 
2308         return ret;
2309 }
2310 
2311 /**
2312  *      send_break      -       performed time break
2313  *      @tty: device to break on
2314  *      @duration: timeout in mS
2315  *
2316  *      Perform a timed break on hardware that lacks its own driver level
2317  *      timed break functionality.
2318  *
2319  *      Locking:
2320  *              atomic_write_lock serializes
2321  *
2322  */
2323 
2324 static int send_break(struct tty_struct *tty, unsigned int duration)
2325 {
2326         int retval;
2327 
2328         if (tty->ops->break_ctl == NULL)
2329                 return 0;
2330 
2331         if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
2332                 retval = tty->ops->break_ctl(tty, duration);
2333         else {
2334                 /* Do the work ourselves */
2335                 if (tty_write_lock(tty, 0) < 0)
2336                         return -EINTR;
2337                 retval = tty->ops->break_ctl(tty, -1);
2338                 if (retval)
2339                         goto out;
2340                 if (!signal_pending(current))
2341                         msleep_interruptible(duration);
2342                 retval = tty->ops->break_ctl(tty, 0);
2343 out:
2344                 tty_write_unlock(tty);
2345                 if (signal_pending(current))
2346                         retval = -EINTR;
2347         }
2348         return retval;
2349 }
2350 
2351 /**
2352  *      tty_tiocmget            -       get modem status
2353  *      @tty: tty device
2354  *      @file: user file pointer
2355  *      @p: pointer to result
2356  *
2357  *      Obtain the modem status bits from the tty driver if the feature
2358  *      is supported. Return -EINVAL if it is not available.
2359  *
2360  *      Locking: none (up to the driver)
2361  */
2362 
2363 static int tty_tiocmget(struct tty_struct *tty, struct file *file, int __user *p)
2364 {
2365         int retval = -EINVAL;
2366 
2367         if (tty->ops->tiocmget) {
2368                 retval = tty->ops->tiocmget(tty, file);
2369 
2370                 if (retval >= 0)
2371                         retval = put_user(retval, p);
2372         }
2373         return retval;
2374 }
2375 
2376 /**
2377  *      tty_tiocmset            -       set modem status
2378  *      @tty: tty device
2379  *      @file: user file pointer
2380  *      @cmd: command - clear bits, set bits or set all
2381  *      @p: pointer to desired bits
2382  *
2383  *      Set the modem status bits from the tty driver if the feature
2384  *      is supported. Return -EINVAL if it is not available.
2385  *
2386  *      Locking: none (up to the driver)
2387  */
2388 
2389 static int tty_tiocmset(struct tty_struct *tty, struct file *file, unsigned int cmd,
2390              unsigned __user *p)
2391 {
2392         int retval;
2393         unsigned int set, clear, val;
2394 
2395         if (tty->ops->tiocmset == NULL)
2396                 return -EINVAL;
2397 
2398         retval = get_user(val, p);
2399         if (retval)
2400                 return retval;
2401         set = clear = 0;
2402         switch (cmd) {
2403         case TIOCMBIS:
2404                 set = val;
2405                 break;
2406         case TIOCMBIC:
2407                 clear = val;
2408                 break;
2409         case TIOCMSET:
2410                 set = val;
2411                 clear = ~val;
2412                 break;
2413         }
2414         set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2415         clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2416         return tty->ops->tiocmset(tty, file, set, clear);
2417 }
2418 
2419 struct tty_struct *tty_pair_get_tty(struct tty_struct *tty)
2420 {
2421         if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2422             tty->driver->subtype == PTY_TYPE_MASTER)
2423                 tty = tty->link;
2424         return tty;
2425 }
2426 EXPORT_SYMBOL(tty_pair_get_tty);
2427 
2428 struct tty_struct *tty_pair_get_pty(struct tty_struct *tty)
2429 {
2430         if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2431             tty->driver->subtype == PTY_TYPE_MASTER)
2432             return tty;
2433         return tty->link;
2434 }
2435 EXPORT_SYMBOL(tty_pair_get_pty);
2436 
2437 /*
2438  * Split this up, as gcc can choke on it otherwise..
2439  */
2440 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2441 {
2442         struct tty_struct *tty, *real_tty;
2443         void __user *p = (void __user *)arg;
2444         int retval;
2445         struct tty_ldisc *ld;
2446         struct inode *inode = file->f_dentry->d_inode;
2447 
2448         tty = (struct tty_struct *)file->private_data;
2449         if (tty_paranoia_check(tty, inode, "tty_ioctl"))
2450                 return -EINVAL;
2451 
2452         real_tty = tty_pair_get_tty(tty);
2453 
2454         /*
2455          * Factor out some common prep work
2456          */
2457         switch (cmd) {
2458         case TIOCSETD:
2459         case TIOCSBRK:
2460         case TIOCCBRK:
2461         case TCSBRK:
2462         case TCSBRKP:
2463                 retval = tty_check_change(tty);
2464                 if (retval)
2465                         return retval;
2466                 if (cmd != TIOCCBRK) {
2467                         tty_wait_until_sent(tty, 0);
2468                         if (signal_pending(current))
2469                                 return -EINTR;
2470                 }
2471                 break;
2472         }
2473 
2474         /*
2475          *      Now do the stuff.
2476          */
2477         switch (cmd) {
2478         case TIOCSTI:
2479                 return tiocsti(tty, p);
2480         case TIOCGWINSZ:
2481                 return tiocgwinsz(real_tty, p);
2482         case TIOCSWINSZ:
2483                 return tiocswinsz(real_tty, p);
2484         case TIOCCONS:
2485                 return real_tty != tty ? -EINVAL : tioccons(file);
2486         case FIONBIO:
2487                 return fionbio(file, p);
2488         case TIOCEXCL:
2489                 set_bit(TTY_EXCLUSIVE, &tty->flags);
2490                 return 0;
2491         case TIOCNXCL:
2492                 clear_bit(TTY_EXCLUSIVE, &tty->flags);
2493                 return 0;
2494         case TIOCNOTTY:
2495                 if (current->signal->tty != tty)
2496                         return -ENOTTY;
2497                 no_tty();
2498                 return 0;
2499         case TIOCSCTTY:
2500                 return tiocsctty(tty, arg);
2501         case TIOCGPGRP:
2502                 return tiocgpgrp(tty, real_tty, p);
2503         case TIOCSPGRP:
2504                 return tiocspgrp(tty, real_tty, p);
2505         case TIOCGSID:
2506                 return tiocgsid(tty, real_tty, p);
2507         case TIOCGETD:
2508                 return put_user(tty->ldisc->ops->num, (int __user *)p);
2509         case TIOCSETD:
2510                 return tiocsetd(tty, p);
2511         /*
2512          * Break handling
2513          */
2514         case TIOCSBRK:  /* Turn break on, unconditionally */
2515                 if (tty->ops->break_ctl)
2516                         return tty->ops->break_ctl(tty, -1);
2517                 return 0;
2518         case TIOCCBRK:  /* Turn break off, unconditionally */
2519                 if (tty->ops->break_ctl)
2520                         return tty->ops->break_ctl(tty, 0);
2521                 return 0;
2522         case TCSBRK:   /* SVID version: non-zero arg --> no break */
2523                 /* non-zero arg means wait for all output data
2524                  * to be sent (performed above) but don't send break.
2525                  * This is used by the tcdrain() termios function.
2526                  */
2527                 if (!arg)
2528                         return send_break(tty, 250);
2529                 return 0;
2530         case TCSBRKP:   /* support for POSIX tcsendbreak() */
2531                 return send_break(tty, arg ? arg*100 : 250);
2532 
2533         case TIOCMGET:
2534                 return tty_tiocmget(tty, file, p);
2535         case TIOCMSET:
2536         case TIOCMBIC:
2537         case TIOCMBIS:
2538                 return tty_tiocmset(tty, file, cmd, p);
2539         case TCFLSH:
2540                 switch (arg) {
2541                 case TCIFLUSH:
2542                 case TCIOFLUSH:
2543                 /* flush tty buffer and allow ldisc to process ioctl */
2544                         tty_buffer_flush(tty);
2545                         break;
2546                 }
2547                 break;
2548         }
2549         if (tty->ops->ioctl) {
2550                 retval = (tty->ops->ioctl)(tty, file, cmd, arg);
2551                 if (retval != -ENOIOCTLCMD)
2552                         return retval;
2553         }
2554         ld = tty_ldisc_ref_wait(tty);
2555         retval = -EINVAL;
2556         if (ld->ops->ioctl) {
2557                 retval = ld->ops->ioctl(tty, file, cmd, arg);
2558                 if (retval == -ENOIOCTLCMD)
2559                         retval = -EINVAL;
2560         }
2561         tty_ldisc_deref(ld);
2562         return retval;
2563 }
2564 
2565 #ifdef CONFIG_COMPAT
2566 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
2567                                 unsigned long arg)
2568 {
2569         struct inode *inode = file->f_dentry->d_inode;
2570         struct tty_struct *tty = file->private_data;
2571         struct tty_ldisc *ld;
2572         int retval = -ENOIOCTLCMD;
2573 
2574         if (tty_paranoia_check(tty, inode, "tty_ioctl"))
2575                 return -EINVAL;
2576 
2577         if (tty->ops->compat_ioctl) {
2578                 retval = (tty->ops->compat_ioctl)(tty, file, cmd, arg);
2579                 if (retval != -ENOIOCTLCMD)
2580                         return retval;
2581         }
2582 
2583         ld = tty_ldisc_ref_wait(tty);
2584         if (ld->ops->compat_ioctl)
2585                 retval = ld->ops->compat_ioctl(tty, file, cmd, arg);
2586         tty_ldisc_deref(ld);
2587 
2588         return retval;
2589 }
2590 #endif
2591 
2592 /*
2593  * This implements the "Secure Attention Key" ---  the idea is to
2594  * prevent trojan horses by killing all processes associated with this
2595  * tty when the user hits the "Secure Attention Key".  Required for
2596  * super-paranoid applications --- see the Orange Book for more details.
2597  *
2598  * This code could be nicer; ideally it should send a HUP, wait a few
2599  * seconds, then send a INT, and then a KILL signal.  But you then
2600  * have to coordinate with the init process, since all processes associated
2601  * with the current tty must be dead before the new getty is allowed
2602  * to spawn.
2603  *
2604  * Now, if it would be correct ;-/ The current code has a nasty hole -
2605  * it doesn't catch files in flight. We may send the descriptor to ourselves
2606  * via AF_UNIX socket, close it and later fetch from socket. FIXME.
2607  *
2608  * Nasty bug: do_SAK is being called in interrupt context.  This can
2609  * deadlock.  We punt it up to process context.  AKPM - 16Mar2001
2610  */
2611 void __do_SAK(struct tty_struct *tty)
2612 {
2613 #ifdef TTY_SOFT_SAK
2614         tty_hangup(tty);
2615 #else
2616         struct task_struct *g, *p;
2617         struct pid *session;
2618         int             i;
2619         struct file     *filp;
2620         struct fdtable *fdt;
2621 
2622         if (!tty)
2623                 return;
2624         session = tty->session;
2625 
2626         tty_ldisc_flush(tty);
2627 
2628         tty_driver_flush_buffer(tty);
2629 
2630         read_lock(&tasklist_lock);
2631         /* Kill the entire session */
2632         do_each_pid_task(session, PIDTYPE_SID, p) {
2633                 printk(KERN_NOTICE "SAK: killed process %d"
2634                         " (%s): task_session(p)==tty->session\n",
2635                         task_pid_nr(p), p->comm);
2636                 send_sig(SIGKILL, p, 1);
2637         } while_each_pid_task(session, PIDTYPE_SID, p);
2638         /* Now kill any processes that happen to have the
2639          * tty open.
2640          */
2641         do_each_thread(g, p) {
2642                 if (p->signal->tty == tty) {
2643                         printk(KERN_NOTICE "SAK: killed process %d"
2644                             " (%s): task_session(p)==tty->session\n",
2645                             task_pid_nr(p), p->comm);
2646                         send_sig(SIGKILL, p, 1);
2647                         continue;
2648                 }
2649                 task_lock(p);
2650                 if (p->files) {
2651                         /*
2652                          * We don't take a ref to the file, so we must
2653                          * hold ->file_lock instead.
2654                          */
2655                         spin_lock(&p->files->file_lock);
2656                         fdt = files_fdtable(p->files);
2657                         for (i = 0; i < fdt->max_fds; i++) {
2658                                 filp = fcheck_files(p->files, i);
2659                                 if (!filp)
2660                                         continue;
2661                                 if (filp->f_op->read == tty_read &&
2662                                     filp->private_data == tty) {
2663                                         printk(KERN_NOTICE "SAK: killed process %d"
2664                                             " (%s): fd#%d opened to the tty\n",
2665                                             task_pid_nr(p), p->comm, i);
2666                                         force_sig(SIGKILL, p);
2667                                         break;
2668                                 }
2669                         }
2670                         spin_unlock(&p->files->file_lock);
2671                 }
2672                 task_unlock(p);
2673         } while_each_thread(g, p);
2674         read_unlock(&tasklist_lock);
2675 #endif
2676 }
2677 
2678 static void do_SAK_work(struct work_struct *work)
2679 {
2680         struct tty_struct *tty =
2681                 container_of(work, struct tty_struct, SAK_work);
2682         __do_SAK(tty);
2683 }
2684 
2685 /*
2686  * The tq handling here is a little racy - tty->SAK_work may already be queued.
2687  * Fortunately we don't need to worry, because if ->SAK_work is already queued,
2688  * the values which we write to it will be identical to the values which it
2689  * already has. --akpm
2690  */
2691 void do_SAK(struct tty_struct *tty)
2692 {
2693         if (!tty)
2694                 return;
2695         schedule_work(&tty->SAK_work);
2696 }
2697 
2698 EXPORT_SYMBOL(do_SAK);
2699 
2700 /**
2701  *      initialize_tty_struct
2702  *      @tty: tty to initialize
2703  *
2704  *      This subroutine initializes a tty structure that has been newly
2705  *      allocated.
2706  *
2707  *      Locking: none - tty in question must not be exposed at this point
2708  */
2709 
2710 void initialize_tty_struct(struct tty_struct *tty,
2711                 struct tty_driver *driver, int idx)
2712 {
2713         memset(tty, 0, sizeof(struct tty_struct));
2714         kref_init(&tty->kref);
2715         tty->magic = TTY_MAGIC;
2716         tty_ldisc_init(tty);
2717         tty->session = NULL;
2718         tty->pgrp = NULL;
2719         tty->overrun_time = jiffies;
2720         tty->buf.head = tty->buf.tail = NULL;
2721         tty_buffer_init(tty);
2722         mutex_init(&tty->termios_mutex);
2723         mutex_init(&tty->ldisc_mutex);
2724         init_waitqueue_head(&tty->write_wait);
2725         init_waitqueue_head(&tty->read_wait);
2726         INIT_WORK(&tty->hangup_work, do_tty_hangup);
2727         mutex_init(&tty->atomic_read_lock);
2728         mutex_init(&tty->atomic_write_lock);
2729         mutex_init(&tty->output_lock);
2730         mutex_init(&tty->echo_lock);
2731         spin_lock_init(&tty->read_lock);
2732         spin_lock_init(&tty->ctrl_lock);
2733         INIT_LIST_HEAD(&tty->tty_files);
2734         INIT_WORK(&tty->SAK_work, do_SAK_work);
2735 
2736         tty->driver = driver;
2737         tty->ops = driver->ops;
2738         tty->index = idx;
2739         tty_line_name(driver, idx, tty->name);
2740 }
2741 
2742 /**
2743  *      tty_put_char    -       write one character to a tty
2744  *      @tty: tty
2745  *      @ch: character
2746  *
2747  *      Write one byte to the tty using the provided put_char method
2748  *      if present. Returns the number of characters successfully output.
2749  *
2750  *      Note: the specific put_char operation in the driver layer may go
2751  *      away soon. Don't call it directly, use this method
2752  */
2753 
2754 int tty_put_char(struct tty_struct *tty, unsigned char ch)
2755 {
2756         if (tty->ops->put_char)
2757                 return tty->ops->put_char(tty, ch);
2758         return tty->ops->write(tty, &ch, 1);
2759 }
2760 EXPORT_SYMBOL_GPL(tty_put_char);
2761 
2762 struct class *tty_class;
2763 
2764 /**
2765  *      tty_register_device - register a tty device
2766  *      @driver: the tty driver that describes the tty device
2767  *      @index: the index in the tty driver for this tty device
2768  *      @device: a struct device that is associated with this tty device.
2769  *              This field is optional, if there is no known struct device
2770  *              for this tty device it can be set to NULL safely.
2771  *
2772  *      Returns a pointer to the struct device for this tty device
2773  *      (or ERR_PTR(-EFOO) on error).
2774  *
2775  *      This call is required to be made to register an individual tty device
2776  *      if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set.  If
2777  *      that bit is not set, this function should not be called by a tty
2778  *      driver.
2779  *
2780  *      Locking: ??
2781  */
2782 
2783 struct device *tty_register_device(struct tty_driver *driver, unsigned index,
2784                                    struct device *device)
2785 {
2786         char name[64];
2787         dev_t dev = MKDEV(driver->major, driver->minor_start) + index;
2788 
2789         if (index >= driver->num) {
2790                 printk(KERN_ERR "Attempt to register invalid tty line number "
2791                        " (%d).\n", index);
2792                 return ERR_PTR(-EINVAL);
2793         }
2794 
2795         if (driver->type == TTY_DRIVER_TYPE_PTY)
2796                 pty_line_name(driver, index, name);
2797         else
2798                 tty_line_name(driver, index, name);
2799 
2800         return device_create(tty_class, device, dev, NULL, name);
2801 }
2802 EXPORT_SYMBOL(tty_register_device);
2803 
2804 /**
2805  *      tty_unregister_device - unregister a tty device
2806  *      @driver: the tty driver that describes the tty device
2807  *      @index: the index in the tty driver for this tty device
2808  *
2809  *      If a tty device is registered with a call to tty_register_device() then
2810  *      this function must be called when the tty device is gone.
2811  *
2812  *      Locking: ??
2813  */
2814 
2815 void tty_unregister_device(struct tty_driver *driver, unsigned index)
2816 {
2817         device_destroy(tty_class,
2818                 MKDEV(driver->major, driver->minor_start) + index);
2819 }
2820 EXPORT_SYMBOL(tty_unregister_device);
2821 
2822 struct tty_driver *alloc_tty_driver(int lines)
2823 {
2824         struct tty_driver *driver;
2825 
2826         driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL);
2827         if (driver) {
2828                 kref_init(&driver->kref);
2829                 driver->magic = TTY_DRIVER_MAGIC;
2830                 driver->num = lines;
2831                 /* later we'll move allocation of tables here */
2832         }
2833         return driver;
2834 }
2835 EXPORT_SYMBOL(alloc_tty_driver);
2836 
2837 static void destruct_tty_driver(struct kref *kref)
2838 {
2839         struct tty_driver *driver = container_of(kref, struct tty_driver, kref);
2840         int i;
2841         struct ktermios *tp;
2842         void *p;
2843 
2844         if (driver->flags & TTY_DRIVER_INSTALLED) {
2845                 /*
2846                  * Free the termios and termios_locked structures because
2847                  * we don't want to get memory leaks when modular tty
2848                  * drivers are removed from the kernel.
2849                  */
2850                 for (i = 0; i < driver->num; i++) {
2851                         tp = driver->termios[i];
2852                         if (tp) {
2853                                 driver->termios[i] = NULL;
2854                                 kfree(tp);
2855                         }
2856                         if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
2857                                 tty_unregister_device(driver, i);
2858                 }
2859                 p = driver->ttys;
2860                 proc_tty_unregister_driver(driver);
2861                 driver->ttys = NULL;
2862                 driver->termios = NULL;
2863                 kfree(p);
2864                 cdev_del(&driver->cdev);
2865         }
2866         kfree(driver);
2867 }
2868 
2869 void tty_driver_kref_put(struct tty_driver *driver)
2870 {
2871         kref_put(&driver->kref, destruct_tty_driver);
2872 }
2873 EXPORT_SYMBOL(tty_driver_kref_put);
2874 
2875 void tty_set_operations(struct tty_driver *driver,
2876                         const struct tty_operations *op)
2877 {
2878         driver->ops = op;
2879 };
2880 EXPORT_SYMBOL(tty_set_operations);
2881 
2882 void put_tty_driver(struct tty_driver *d)
2883 {
2884         tty_driver_kref_put(d);
2885 }
2886 EXPORT_SYMBOL(put_tty_driver);
2887 
2888 /*
2889  * Called by a tty driver to register itself.
2890  */
2891 int tty_register_driver(struct tty_driver *driver)
2892 {
2893         int error;
2894         int i;
2895         dev_t dev;
2896         void **p = NULL;
2897 
2898         if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM) && driver->num) {
2899                 p = kzalloc(driver->num * 2 * sizeof(void *), GFP_KERNEL);
2900                 if (!p)
2901                         return -ENOMEM;
2902         }
2903 
2904         if (!driver->major) {
2905                 error = alloc_chrdev_region(&dev, driver->minor_start,
2906                                                 driver->num, driver->name);
2907                 if (!error) {
2908                         driver->major = MAJOR(dev);
2909                         driver->minor_start = MINOR(dev);
2910                 }
2911         } else {
2912                 dev = MKDEV(driver->major, driver->minor_start);
2913                 error = register_chrdev_region(dev, driver->num, driver->name);
2914         }
2915         if (error < 0) {
2916                 kfree(p);
2917                 return error;
2918         }
2919 
2920         if (p) {
2921                 driver->ttys = (struct tty_struct **)p;
2922                 driver->termios = (struct ktermios **)(p + driver->num);
2923         } else {
2924                 driver->ttys = NULL;
2925                 driver->termios = NULL;
2926         }
2927 
2928         cdev_init(&driver->cdev, &tty_fops);
2929         driver->cdev.owner = driver->owner;
2930         error = cdev_add(&driver->cdev, dev, driver->num);
2931         if (error) {
2932                 unregister_chrdev_region(dev, driver->num);
2933                 driver->ttys = NULL;
2934                 driver->termios = NULL;
2935                 kfree(p);
2936                 return error;
2937         }
2938 
2939         mutex_lock(&tty_mutex);
2940         list_add(&driver->tty_drivers, &tty_drivers);
2941         mutex_unlock(&tty_mutex);
2942 
2943         if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
2944                 for (i = 0; i < driver->num; i++)
2945                     tty_register_device(driver, i, NULL);
2946         }
2947         proc_tty_register_driver(driver);
2948         driver->flags |= TTY_DRIVER_INSTALLED;
2949         return 0;
2950 }
2951 
2952 EXPORT_SYMBOL(tty_register_driver);
2953 
2954 /*
2955  * Called by a tty driver to unregister itself.
2956  */
2957 int tty_unregister_driver(struct tty_driver *driver)
2958 {
2959 #if 0
2960         /* FIXME */
2961         if (driver->refcount)
2962                 return -EBUSY;
2963 #endif
2964         unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
2965                                 driver->num);
2966         mutex_lock(&tty_mutex);
2967         list_del(&driver->tty_drivers);
2968         mutex_unlock(&tty_mutex);
2969         return 0;
2970 }
2971 
2972 EXPORT_SYMBOL(tty_unregister_driver);
2973 
2974 dev_t tty_devnum(struct tty_struct *tty)
2975 {
2976         return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
2977 }
2978 EXPORT_SYMBOL(tty_devnum);
2979 
2980 void proc_clear_tty(struct task_struct *p)
2981 {
2982         unsigned long flags;
2983         struct tty_struct *tty;
2984         spin_lock_irqsave(&p->sighand->siglock, flags);
2985         tty = p->signal->tty;
2986         p->signal->tty = NULL;
2987         spin_unlock_irqrestore(&p->sighand->siglock, flags);
2988         tty_kref_put(tty);
2989 }
2990 
2991 /* Called under the sighand lock */
2992 
2993 static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
2994 {
2995         if (tty) {
2996                 unsigned long flags;
2997                 /* We should not have a session or pgrp to put here but.... */
2998                 spin_lock_irqsave(&tty->ctrl_lock, flags);
2999                 put_pid(tty->session);
3000                 put_pid(tty->pgrp);
3001                 tty->pgrp = get_pid(task_pgrp(tsk));
3002                 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
3003                 tty->session = get_pid(task_session(tsk));
3004                 if (tsk->signal->tty) {
3005                         printk(KERN_DEBUG "tty not NULL!!\n");
3006                         tty_kref_put(tsk->signal->tty);
3007                 }
3008         }
3009         put_pid(tsk->signal->tty_old_pgrp);
3010         tsk->signal->tty = tty_kref_get(tty);
3011         tsk->signal->tty_old_pgrp = NULL;
3012 }
3013 
3014 static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
3015 {
3016         spin_lock_irq(&tsk->sighand->siglock);
3017         __proc_set_tty(tsk, tty);
3018         spin_unlock_irq(&tsk->sighand->siglock);
3019 }
3020 
3021 struct tty_struct *get_current_tty(void)
3022 {
3023         struct tty_struct *tty;
3024         unsigned long flags;
3025 
3026         spin_lock_irqsave(&current->sighand->siglock, flags);
3027         tty = tty_kref_get(current->signal->tty);
3028         spin_unlock_irqrestore(&current->sighand->siglock, flags);
3029         return tty;
3030 }
3031 EXPORT_SYMBOL_GPL(get_current_tty);
3032 
3033 void tty_default_fops(struct file_operations *fops)
3034 {
3035         *fops = tty_fops;
3036 }
3037 
3038 /*
3039  * Initialize the console device. This is called *early*, so
3040  * we can't necessarily depend on lots of kernel help here.
3041  * Just do some early initializations, and do the complex setup
3042  * later.
3043  */
3044 void __init console_init(void)
3045 {
3046         initcall_t *call;
3047 
3048         /* Setup the default TTY line discipline. */
3049         tty_ldisc_begin();
3050 
3051         /*
3052          * set up the console device so that later boot sequences can
3053          * inform about problems etc..
3054          */
3055         call = __con_initcall_start;
3056         while (call < __con_initcall_end) {
3057                 (*call)();
3058                 call++;
3059         }
3060 }
3061 
3062 static int __init tty_class_init(void)
3063 {
3064         tty_class = class_create(THIS_MODULE, "tty");
3065         if (IS_ERR(tty_class))
3066                 return PTR_ERR(tty_class);
3067         return 0;
3068 }
3069 
3070 postcore_initcall(tty_class_init);
3071 
3072 /* 3/2004 jmc: why do these devices exist? */
3073 
3074 static struct cdev tty_cdev, console_cdev;
3075 
3076 /*
3077  * Ok, now we can initialize the rest of the tty devices and can count
3078  * on memory allocations, interrupts etc..
3079  */
3080 static int __init tty_init(void)
3081 {
3082         cdev_init(&tty_cdev, &tty_fops);
3083         if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3084             register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3085                 panic("Couldn't register /dev/tty driver\n");
3086         device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL,
3087                               "tty");
3088 
3089         cdev_init(&console_cdev, &console_fops);
3090         if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3091             register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3092                 panic("Couldn't register /dev/console driver\n");
3093         device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), NULL,
3094                               "console");
3095 
3096 #ifdef CONFIG_VT
3097         vty_init(&console_fops);
3098 #endif
3099         return 0;
3100 }
3101 module_init(tty_init);
3102 
  This page was automatically generated by the LXR engine.