1 /*
2 * linux/drivers/char/tty_io.c
3 *
4 * Copyright (C) 1991, 1992 Linus Torvalds
5 */
6
7 /*
8 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
9 * or rs-channels. It also implements echoing, cooked mode etc.
10 *
11 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
12 *
13 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
14 * tty_struct and tty_queue structures. Previously there was an array
15 * of 256 tty_struct's which was statically allocated, and the
16 * tty_queue structures were allocated at boot time. Both are now
17 * dynamically allocated only when the tty is open.
18 *
19 * Also restructured routines so that there is more of a separation
20 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
21 * the low-level tty routines (serial.c, pty.c, console.c). This
22 * makes for cleaner and more compact code. -TYT, 9/17/92
23 *
24 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
25 * which can be dynamically activated and de-activated by the line
26 * discipline handling modules (like SLIP).
27 *
28 * NOTE: pay no attention to the line discipline code (yet); its
29 * interface is still subject to change in this version...
30 * -- TYT, 1/31/92
31 *
32 * Added functionality to the OPOST tty handling. No delays, but all
33 * other bits should be there.
34 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
35 *
36 * Rewrote canonical mode and added more termios flags.
37 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
38 *
39 * Reorganized FASYNC support so mouse code can share it.
40 * -- ctm@ardi.com, 9Sep95
41 *
42 * New TIOCLINUX variants added.
43 * -- mj@k332.feld.cvut.cz, 19-Nov-95
44 *
45 * Restrict vt switching via ioctl()
46 * -- grif@cs.ucr.edu, 5-Dec-95
47 *
48 * Move console and virtual terminal code to more appropriate files,
49 * implement CONFIG_VT and generalize console device interface.
50 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
51 *
52 * Rewrote init_dev and release_dev to eliminate races.
53 * -- Bill Hawes <whawes@star.net>, June 97
54 *
55 * Added devfs support.
56 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
57 *
58 * Added support for a Unix98-style ptmx device.
59 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
60 *
61 * Reduced memory usage for older ARM systems
62 * -- Russell King <rmk@arm.linux.org.uk>
63 *
64 * Move do_SAK() into process context. Less stack use in devfs functions.
65 * alloc_tty_struct() always uses kmalloc()
66 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
67 */
68
69 #include <linux/types.h>
70 #include <linux/major.h>
71 #include <linux/errno.h>
72 #include <linux/signal.h>
73 #include <linux/fcntl.h>
74 #include <linux/sched.h>
75 #include <linux/interrupt.h>
76 #include <linux/tty.h>
77 #include <linux/tty_driver.h>
78 #include <linux/tty_flip.h>
79 #include <linux/devpts_fs.h>
80 #include <linux/file.h>
81 #include <linux/console.h>
82 #include <linux/timer.h>
83 #include <linux/ctype.h>
84 #include <linux/kd.h>
85 #include <linux/mm.h>
86 #include <linux/string.h>
87 #include <linux/slab.h>
88 #include <linux/poll.h>
89 #include <linux/proc_fs.h>
90 #include <linux/init.h>
91 #include <linux/module.h>
92 #include <linux/smp_lock.h>
93 #include <linux/device.h>
94 #include <linux/idr.h>
95 #include <linux/wait.h>
96 #include <linux/bitops.h>
97 #include <linux/delay.h>
98
99 #include <asm/uaccess.h>
100 #include <asm/system.h>
101
102 #include <linux/kbd_kern.h>
103 #include <linux/vt_kern.h>
104 #include <linux/selection.h>
105
106 #include <linux/kmod.h>
107 #include <linux/nsproxy.h>
108
109 #undef TTY_DEBUG_HANGUP
110
111 #define TTY_PARANOIA_CHECK 1
112 #define CHECK_TTY_COUNT 1
113
114 struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
115 .c_iflag = ICRNL | IXON,
116 .c_oflag = OPOST | ONLCR,
117 .c_cflag = B38400 | CS8 | CREAD | HUPCL,
118 .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
119 ECHOCTL | ECHOKE | IEXTEN,
120 .c_cc = INIT_C_CC,
121 .c_ispeed = 38400,
122 .c_ospeed = 38400
123 };
124
125 EXPORT_SYMBOL(tty_std_termios);
126
127 /* This list gets poked at by procfs and various bits of boot up code. This
128 could do with some rationalisation such as pulling the tty proc function
129 into this file */
130
131 LIST_HEAD(tty_drivers); /* linked list of tty drivers */
132
133 /* Mutex to protect creating and releasing a tty. This is shared with
134 vt.c for deeply disgusting hack reasons */
135 DEFINE_MUTEX(tty_mutex);
136 EXPORT_SYMBOL(tty_mutex);
137
138 #ifdef CONFIG_UNIX98_PTYS
139 extern struct tty_driver *ptm_driver; /* Unix98 pty masters; for /dev/ptmx */
140 extern int pty_limit; /* Config limit on Unix98 ptys */
141 static DEFINE_IDR(allocated_ptys);
142 static DEFINE_MUTEX(allocated_ptys_lock);
143 static int ptmx_open(struct inode *, struct file *);
144 #endif
145
146 static void initialize_tty_struct(struct tty_struct *tty);
147
148 static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
149 static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
150 ssize_t redirected_tty_write(struct file *, const char __user *,
151 size_t, loff_t *);
152 static unsigned int tty_poll(struct file *, poll_table *);
153 static int tty_open(struct inode *, struct file *);
154 static int tty_release(struct inode *, struct file *);
155 int tty_ioctl(struct inode *inode, struct file *file,
156 unsigned int cmd, unsigned long arg);
157 #ifdef CONFIG_COMPAT
158 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
159 unsigned long arg);
160 #else
161 #define tty_compat_ioctl NULL
162 #endif
163 static int tty_fasync(int fd, struct file *filp, int on);
164 static void release_tty(struct tty_struct *tty, int idx);
165 static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
166 static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
167
168 /**
169 * alloc_tty_struct - allocate a tty object
170 *
171 * Return a new empty tty structure. The data fields have not
172 * been initialized in any way but has been zeroed
173 *
174 * Locking: none
175 */
176
177 static struct tty_struct *alloc_tty_struct(void)
178 {
179 return kzalloc(sizeof(struct tty_struct), GFP_KERNEL);
180 }
181
182 static void tty_buffer_free_all(struct tty_struct *);
183
184 /**
185 * free_tty_struct - free a disused tty
186 * @tty: tty struct to free
187 *
188 * Free the write buffers, tty queue and tty memory itself.
189 *
190 * Locking: none. Must be called after tty is definitely unused
191 */
192
193 static inline void free_tty_struct(struct tty_struct *tty)
194 {
195 kfree(tty->write_buf);
196 tty_buffer_free_all(tty);
197 kfree(tty);
198 }
199
200 #define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
201
202 /**
203 * tty_name - return tty naming
204 * @tty: tty structure
205 * @buf: buffer for output
206 *
207 * Convert a tty structure into a name. The name reflects the kernel
208 * naming policy and if udev is in use may not reflect user space
209 *
210 * Locking: none
211 */
212
213 char *tty_name(struct tty_struct *tty, char *buf)
214 {
215 if (!tty) /* Hmm. NULL pointer. That's fun. */
216 strcpy(buf, "NULL tty");
217 else
218 strcpy(buf, tty->name);
219 return buf;
220 }
221
222 EXPORT_SYMBOL(tty_name);
223
224 int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
225 const char *routine)
226 {
227 #ifdef TTY_PARANOIA_CHECK
228 if (!tty) {
229 printk(KERN_WARNING
230 "null TTY for (%d:%d) in %s\n",
231 imajor(inode), iminor(inode), routine);
232 return 1;
233 }
234 if (tty->magic != TTY_MAGIC) {
235 printk(KERN_WARNING
236 "bad magic number for tty struct (%d:%d) in %s\n",
237 imajor(inode), iminor(inode), routine);
238 return 1;
239 }
240 #endif
241 return 0;
242 }
243
244 static int check_tty_count(struct tty_struct *tty, const char *routine)
245 {
246 #ifdef CHECK_TTY_COUNT
247 struct file *filp;
248 int count = 0;
249
250 percpu_list_fold(&tty->tty_files);
251 lock_list_for_each_entry(filp, percpu_list_head(&tty->tty_files), f_u.fu_llist)
252 count++;
253
254 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
255 tty->driver->subtype == PTY_TYPE_SLAVE &&
256 tty->link && tty->link->count)
257 count++;
258 if (tty->count != count) {
259 printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
260 "!= #fd's(%d) in %s\n",
261 tty->name, tty->count, count, routine);
262 dump_stack();
263 return count;
264 }
265 #endif
266 return 0;
267 }
268
269 /*
270 * Tty buffer allocation management
271 */
272
273 /**
274 * tty_buffer_free_all - free buffers used by a tty
275 * @tty: tty to free from
276 *
277 * Remove all the buffers pending on a tty whether queued with data
278 * or in the free ring. Must be called when the tty is no longer in use
279 *
280 * Locking: none
281 */
282
283 static void tty_buffer_free_all(struct tty_struct *tty)
284 {
285 struct tty_buffer *thead;
286 while ((thead = tty->buf.head) != NULL) {
287 tty->buf.head = thead->next;
288 kfree(thead);
289 }
290 while ((thead = tty->buf.free) != NULL) {
291 tty->buf.free = thead->next;
292 kfree(thead);
293 }
294 tty->buf.tail = NULL;
295 tty->buf.memory_used = 0;
296 }
297
298 /**
299 * tty_buffer_init - prepare a tty buffer structure
300 * @tty: tty to initialise
301 *
302 * Set up the initial state of the buffer management for a tty device.
303 * Must be called before the other tty buffer functions are used.
304 *
305 * Locking: none
306 */
307
308 static void tty_buffer_init(struct tty_struct *tty)
309 {
310 spin_lock_init(&tty->buf.lock);
311 tty->buf.head = NULL;
312 tty->buf.tail = NULL;
313 tty->buf.free = NULL;
314 tty->buf.memory_used = 0;
315 }
316
317 /**
318 * tty_buffer_alloc - allocate a tty buffer
319 * @tty: tty device
320 * @size: desired size (characters)
321 *
322 * Allocate a new tty buffer to hold the desired number of characters.
323 * Return NULL if out of memory or the allocation would exceed the
324 * per device queue
325 *
326 * Locking: Caller must hold tty->buf.lock
327 */
328
329 static struct tty_buffer *tty_buffer_alloc(struct tty_struct *tty, size_t size)
330 {
331 struct tty_buffer *p;
332
333 if (tty->buf.memory_used + size > 65536)
334 return NULL;
335 p = kmalloc(sizeof(struct tty_buffer) + 2 * size, GFP_ATOMIC);
336 if (p == NULL)
337 return NULL;
338 p->used = 0;
339 p->size = size;
340 p->next = NULL;
341 p->commit = 0;
342 p->read = 0;
343 p->char_buf_ptr = (char *)(p->data);
344 p->flag_buf_ptr = (unsigned char *)p->char_buf_ptr + size;
345 tty->buf.memory_used += size;
346 return p;
347 }
348
349 /**
350 * tty_buffer_free - free a tty buffer
351 * @tty: tty owning the buffer
352 * @b: the buffer to free
353 *
354 * Free a tty buffer, or add it to the free list according to our
355 * internal strategy
356 *
357 * Locking: Caller must hold tty->buf.lock
358 */
359
360 static void tty_buffer_free(struct tty_struct *tty, struct tty_buffer *b)
361 {
362 /* Dumb strategy for now - should keep some stats */
363 tty->buf.memory_used -= b->size;
364 WARN_ON(tty->buf.memory_used < 0);
365
366 if (b->size >= 512)
367 kfree(b);
368 else {
369 b->next = tty->buf.free;
370 tty->buf.free = b;
371 }
372 }
373
374 /**
375 * __tty_buffer_flush - flush full tty buffers
376 * @tty: tty to flush
377 *
378 * flush all the buffers containing receive data. Caller must
379 * hold the buffer lock and must have ensured no parallel flush to
380 * ldisc is running.
381 *
382 * Locking: Caller must hold tty->buf.lock
383 */
384
385 static void __tty_buffer_flush(struct tty_struct *tty)
386 {
387 struct tty_buffer *thead;
388
389 while ((thead = tty->buf.head) != NULL) {
390 tty->buf.head = thead->next;
391 tty_buffer_free(tty, thead);
392 }
393 tty->buf.tail = NULL;
394 }
395
396 /**
397 * tty_buffer_flush - flush full tty buffers
398 * @tty: tty to flush
399 *
400 * flush all the buffers containing receive data. If the buffer is
401 * being processed by flush_to_ldisc then we defer the processing
402 * to that function
403 *
404 * Locking: none
405 */
406
407 static void tty_buffer_flush(struct tty_struct *tty)
408 {
409 unsigned long flags;
410 spin_lock_irqsave(&tty->buf.lock, flags);
411
412 /* If the data is being pushed to the tty layer then we can't
413 process it here. Instead set a flag and the flush_to_ldisc
414 path will process the flush request before it exits */
415 if (test_bit(TTY_FLUSHING, &tty->flags)) {
416 set_bit(TTY_FLUSHPENDING, &tty->flags);
417 spin_unlock_irqrestore(&tty->buf.lock, flags);
418 wait_event(tty->read_wait,
419 test_bit(TTY_FLUSHPENDING, &tty->flags) == 0);
420 return;
421 } else
422 __tty_buffer_flush(tty);
423 spin_unlock_irqrestore(&tty->buf.lock, flags);
424 }
425
426 /**
427 * tty_buffer_find - find a free tty buffer
428 * @tty: tty owning the buffer
429 * @size: characters wanted
430 *
431 * Locate an existing suitable tty buffer or if we are lacking one then
432 * allocate a new one. We round our buffers off in 256 character chunks
433 * to get better allocation behaviour.
434 *
435 * Locking: Caller must hold tty->buf.lock
436 */
437
438 static struct tty_buffer *tty_buffer_find(struct tty_struct *tty, size_t size)
439 {
440 struct tty_buffer **tbh = &tty->buf.free;
441 while ((*tbh) != NULL) {
442 struct tty_buffer *t = *tbh;
443 if (t->size >= size) {
444 *tbh = t->next;
445 t->next = NULL;
446 t->used = 0;
447 t->commit = 0;
448 t->read = 0;
449 tty->buf.memory_used += t->size;
450 return t;
451 }
452 tbh = &((*tbh)->next);
453 }
454 /* Round the buffer size out */
455 size = (size + 0xFF) & ~0xFF;
456 return tty_buffer_alloc(tty, size);
457 /* Should possibly check if this fails for the largest buffer we
458 have queued and recycle that ? */
459 }
460
461 /**
462 * tty_buffer_request_room - grow tty buffer if needed
463 * @tty: tty structure
464 * @size: size desired
465 *
466 * Make at least size bytes of linear space available for the tty
467 * buffer. If we fail return the size we managed to find.
468 *
469 * Locking: Takes tty->buf.lock
470 */
471 int tty_buffer_request_room(struct tty_struct *tty, size_t size)
472 {
473 struct tty_buffer *b, *n;
474 int left;
475 unsigned long flags;
476
477 spin_lock_irqsave(&tty->buf.lock, flags);
478
479 /* OPTIMISATION: We could keep a per tty "zero" sized buffer to
480 remove this conditional if its worth it. This would be invisible
481 to the callers */
482 if ((b = tty->buf.tail) != NULL)
483 left = b->size - b->used;
484 else
485 left = 0;
486
487 if (left < size) {
488 /* This is the slow path - looking for new buffers to use */
489 if ((n = tty_buffer_find(tty, size)) != NULL) {
490 if (b != NULL) {
491 b->next = n;
492 b->commit = b->used;
493 } else
494 tty->buf.head = n;
495 tty->buf.tail = n;
496 } else
497 size = left;
498 }
499
500 spin_unlock_irqrestore(&tty->buf.lock, flags);
501 return size;
502 }
503 EXPORT_SYMBOL_GPL(tty_buffer_request_room);
504
505 /**
506 * tty_insert_flip_string - Add characters to the tty buffer
507 * @tty: tty structure
508 * @chars: characters
509 * @size: size
510 *
511 * Queue a series of bytes to the tty buffering. All the characters
512 * passed are marked as without error. Returns the number added.
513 *
514 * Locking: Called functions may take tty->buf.lock
515 */
516
517 int tty_insert_flip_string(struct tty_struct *tty, const unsigned char *chars,
518 size_t size)
519 {
520 int copied = 0;
521 do {
522 int space = tty_buffer_request_room(tty, size - copied);
523 struct tty_buffer *tb = tty->buf.tail;
524 /* If there is no space then tb may be NULL */
525 if (unlikely(space == 0))
526 break;
527 memcpy(tb->char_buf_ptr + tb->used, chars, space);
528 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
529 tb->used += space;
530 copied += space;
531 chars += space;
532 /* There is a small chance that we need to split the data over
533 several buffers. If this is the case we must loop */
534 } while (unlikely(size > copied));
535 return copied;
536 }
537 EXPORT_SYMBOL(tty_insert_flip_string);
538
539 /**
540 * tty_insert_flip_string_flags - Add characters to the tty buffer
541 * @tty: tty structure
542 * @chars: characters
543 * @flags: flag bytes
544 * @size: size
545 *
546 * Queue a series of bytes to the tty buffering. For each character
547 * the flags array indicates the status of the character. Returns the
548 * number added.
549 *
550 * Locking: Called functions may take tty->buf.lock
551 */
552
553 int tty_insert_flip_string_flags(struct tty_struct *tty,
554 const unsigned char *chars, const char *flags, size_t size)
555 {
556 int copied = 0;
557 do {
558 int space = tty_buffer_request_room(tty, size - copied);
559 struct tty_buffer *tb = tty->buf.tail;
560 /* If there is no space then tb may be NULL */
561 if (unlikely(space == 0))
562 break;
563 memcpy(tb->char_buf_ptr + tb->used, chars, space);
564 memcpy(tb->flag_buf_ptr + tb->used, flags, space);
565 tb->used += space;
566 copied += space;
567 chars += space;
568 flags += space;
569 /* There is a small chance that we need to split the data over
570 several buffers. If this is the case we must loop */
571 } while (unlikely(size > copied));
572 return copied;
573 }
574 EXPORT_SYMBOL(tty_insert_flip_string_flags);
575
576 /**
577 * tty_schedule_flip - push characters to ldisc
578 * @tty: tty to push from
579 *
580 * Takes any pending buffers and transfers their ownership to the
581 * ldisc side of the queue. It then schedules those characters for
582 * processing by the line discipline.
583 *
584 * Locking: Takes tty->buf.lock
585 */
586
587 void tty_schedule_flip(struct tty_struct *tty)
588 {
589 unsigned long flags;
590 spin_lock_irqsave(&tty->buf.lock, flags);
591 if (tty->buf.tail != NULL)
592 tty->buf.tail->commit = tty->buf.tail->used;
593 spin_unlock_irqrestore(&tty->buf.lock, flags);
594 schedule_delayed_work(&tty->buf.work, 1);
595 }
596 EXPORT_SYMBOL(tty_schedule_flip);
597
598 /**
599 * tty_prepare_flip_string - make room for characters
600 * @tty: tty
601 * @chars: return pointer for character write area
602 * @size: desired size
603 *
604 * Prepare a block of space in the buffer for data. Returns the length
605 * available and buffer pointer to the space which is now allocated and
606 * accounted for as ready for normal characters. This is used for drivers
607 * that need their own block copy routines into the buffer. There is no
608 * guarantee the buffer is a DMA target!
609 *
610 * Locking: May call functions taking tty->buf.lock
611 */
612
613 int tty_prepare_flip_string(struct tty_struct *tty, unsigned char **chars,
614 size_t size)
615 {
616 int space = tty_buffer_request_room(tty, size);
617 if (likely(space)) {
618 struct tty_buffer *tb = tty->buf.tail;
619 *chars = tb->char_buf_ptr + tb->used;
620 memset(tb->flag_buf_ptr + tb->used, TTY_NORMAL, space);
621 tb->used += space;
622 }
623 return space;
624 }
625
626 EXPORT_SYMBOL_GPL(tty_prepare_flip_string);
627
628 /**
629 * tty_prepare_flip_string_flags - make room for characters
630 * @tty: tty
631 * @chars: return pointer for character write area
632 * @flags: return pointer for status flag write area
633 * @size: desired size
634 *
635 * Prepare a block of space in the buffer for data. Returns the length
636 * available and buffer pointer to the space which is now allocated and
637 * accounted for as ready for characters. This is used for drivers
638 * that need their own block copy routines into the buffer. There is no
639 * guarantee the buffer is a DMA target!
640 *
641 * Locking: May call functions taking tty->buf.lock
642 */
643
644 int tty_prepare_flip_string_flags(struct tty_struct *tty,
645 unsigned char **chars, char **flags, size_t size)
646 {
647 int space = tty_buffer_request_room(tty, size);
648 if (likely(space)) {
649 struct tty_buffer *tb = tty->buf.tail;
650 *chars = tb->char_buf_ptr + tb->used;
651 *flags = tb->flag_buf_ptr + tb->used;
652 tb->used += space;
653 }
654 return space;
655 }
656
657 EXPORT_SYMBOL_GPL(tty_prepare_flip_string_flags);
658
659
660
661 /**
662 * tty_set_termios_ldisc - set ldisc field
663 * @tty: tty structure
664 * @num: line discipline number
665 *
666 * This is probably overkill for real world processors but
667 * they are not on hot paths so a little discipline won't do
668 * any harm.
669 *
670 * Locking: takes termios_mutex
671 */
672
673 static void tty_set_termios_ldisc(struct tty_struct *tty, int num)
674 {
675 mutex_lock(&tty->termios_mutex);
676 tty->termios->c_line = num;
677 mutex_unlock(&tty->termios_mutex);
678 }
679
680 /*
681 * This guards the refcounted line discipline lists. The lock
682 * must be taken with irqs off because there are hangup path
683 * callers who will do ldisc lookups and cannot sleep.
684 */
685
686 static DEFINE_SPINLOCK(tty_ldisc_lock);
687 static DECLARE_WAIT_QUEUE_HEAD(tty_ldisc_wait);
688 /* Line disc dispatch table */
689 static struct tty_ldisc tty_ldiscs[NR_LDISCS];
690
691 /**
692 * tty_register_ldisc - install a line discipline
693 * @disc: ldisc number
694 * @new_ldisc: pointer to the ldisc object
695 *
696 * Installs a new line discipline into the kernel. The discipline
697 * is set up as unreferenced and then made available to the kernel
698 * from this point onwards.
699 *
700 * Locking:
701 * takes tty_ldisc_lock to guard against ldisc races
702 */
703
704 int tty_register_ldisc(int disc, struct tty_ldisc *new_ldisc)
705 {
706 unsigned long flags;
707 int ret = 0;
708
709 if (disc < N_TTY || disc >= NR_LDISCS)
710 return -EINVAL;
711
712 spin_lock_irqsave(&tty_ldisc_lock, flags);
713 tty_ldiscs[disc] = *new_ldisc;
714 tty_ldiscs[disc].num = disc;
715 tty_ldiscs[disc].flags |= LDISC_FLAG_DEFINED;
716 tty_ldiscs[disc].refcount = 0;
717 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
718
719 return ret;
720 }
721 EXPORT_SYMBOL(tty_register_ldisc);
722
723 /**
724 * tty_unregister_ldisc - unload a line discipline
725 * @disc: ldisc number
726 * @new_ldisc: pointer to the ldisc object
727 *
728 * Remove a line discipline from the kernel providing it is not
729 * currently in use.
730 *
731 * Locking:
732 * takes tty_ldisc_lock to guard against ldisc races
733 */
734
735 int tty_unregister_ldisc(int disc)
736 {
737 unsigned long flags;
738 int ret = 0;
739
740 if (disc < N_TTY || disc >= NR_LDISCS)
741 return -EINVAL;
742
743 spin_lock_irqsave(&tty_ldisc_lock, flags);
744 if (tty_ldiscs[disc].refcount)
745 ret = -EBUSY;
746 else
747 tty_ldiscs[disc].flags &= ~LDISC_FLAG_DEFINED;
748 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
749
750 return ret;
751 }
752 EXPORT_SYMBOL(tty_unregister_ldisc);
753
754 /**
755 * tty_ldisc_get - take a reference to an ldisc
756 * @disc: ldisc number
757 *
758 * Takes a reference to a line discipline. Deals with refcounts and
759 * module locking counts. Returns NULL if the discipline is not available.
760 * Returns a pointer to the discipline and bumps the ref count if it is
761 * available
762 *
763 * Locking:
764 * takes tty_ldisc_lock to guard against ldisc races
765 */
766
767 struct tty_ldisc *tty_ldisc_get(int disc)
768 {
769 unsigned long flags;
770 struct tty_ldisc *ld;
771
772 if (disc < N_TTY || disc >= NR_LDISCS)
773 return NULL;
774
775 spin_lock_irqsave(&tty_ldisc_lock, flags);
776
777 ld = &tty_ldiscs[disc];
778 /* Check the entry is defined */
779 if (ld->flags & LDISC_FLAG_DEFINED) {
780 /* If the module is being unloaded we can't use it */
781 if (!try_module_get(ld->owner))
782 ld = NULL;
783 else /* lock it */
784 ld->refcount++;
785 } else
786 ld = NULL;
787 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
788 return ld;
789 }
790
791 EXPORT_SYMBOL_GPL(tty_ldisc_get);
792
793 /**
794 * tty_ldisc_put - drop ldisc reference
795 * @disc: ldisc number
796 *
797 * Drop a reference to a line discipline. Manage refcounts and
798 * module usage counts
799 *
800 * Locking:
801 * takes tty_ldisc_lock to guard against ldisc races
802 */
803
804 void tty_ldisc_put(int disc)
805 {
806 struct tty_ldisc *ld;
807 unsigned long flags;
808
809 BUG_ON(disc < N_TTY || disc >= NR_LDISCS);
810
811 spin_lock_irqsave(&tty_ldisc_lock, flags);
812 ld = &tty_ldiscs[disc];
813 BUG_ON(ld->refcount == 0);
814 ld->refcount--;
815 module_put(ld->owner);
816 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
817 }
818
819 EXPORT_SYMBOL_GPL(tty_ldisc_put);
820
821 /**
822 * tty_ldisc_assign - set ldisc on a tty
823 * @tty: tty to assign
824 * @ld: line discipline
825 *
826 * Install an instance of a line discipline into a tty structure. The
827 * ldisc must have a reference count above zero to ensure it remains/
828 * The tty instance refcount starts at zero.
829 *
830 * Locking:
831 * Caller must hold references
832 */
833
834 static void tty_ldisc_assign(struct tty_struct *tty, struct tty_ldisc *ld)
835 {
836 tty->ldisc = *ld;
837 tty->ldisc.refcount = 0;
838 }
839
840 /**
841 * tty_ldisc_try - internal helper
842 * @tty: the tty
843 *
844 * Make a single attempt to grab and bump the refcount on
845 * the tty ldisc. Return 0 on failure or 1 on success. This is
846 * used to implement both the waiting and non waiting versions
847 * of tty_ldisc_ref
848 *
849 * Locking: takes tty_ldisc_lock
850 */
851
852 static int tty_ldisc_try(struct tty_struct *tty)
853 {
854 unsigned long flags;
855 struct tty_ldisc *ld;
856 int ret = 0;
857
858 spin_lock_irqsave(&tty_ldisc_lock, flags);
859 ld = &tty->ldisc;
860 if (test_bit(TTY_LDISC, &tty->flags)) {
861 ld->refcount++;
862 ret = 1;
863 }
864 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
865 return ret;
866 }
867
868 /**
869 * tty_ldisc_ref_wait - wait for the tty ldisc
870 * @tty: tty device
871 *
872 * Dereference the line discipline for the terminal and take a
873 * reference to it. If the line discipline is in flux then
874 * wait patiently until it changes.
875 *
876 * Note: Must not be called from an IRQ/timer context. The caller
877 * must also be careful not to hold other locks that will deadlock
878 * against a discipline change, such as an existing ldisc reference
879 * (which we check for)
880 *
881 * Locking: call functions take tty_ldisc_lock
882 */
883
884 struct tty_ldisc *tty_ldisc_ref_wait(struct tty_struct *tty)
885 {
886 /* wait_event is a macro */
887 wait_event(tty_ldisc_wait, tty_ldisc_try(tty));
888 if (tty->ldisc.refcount == 0)
889 printk(KERN_ERR "tty_ldisc_ref_wait\n");
890 return &tty->ldisc;
891 }
892
893 EXPORT_SYMBOL_GPL(tty_ldisc_ref_wait);
894
895 /**
896 * tty_ldisc_ref - get the tty ldisc
897 * @tty: tty device
898 *
899 * Dereference the line discipline for the terminal and take a
900 * reference to it. If the line discipline is in flux then
901 * return NULL. Can be called from IRQ and timer functions.
902 *
903 * Locking: called functions take tty_ldisc_lock
904 */
905
906 struct tty_ldisc *tty_ldisc_ref(struct tty_struct *tty)
907 {
908 if (tty_ldisc_try(tty))
909 return &tty->ldisc;
910 return NULL;
911 }
912
913 EXPORT_SYMBOL_GPL(tty_ldisc_ref);
914
915 /**
916 * tty_ldisc_deref - free a tty ldisc reference
917 * @ld: reference to free up
918 *
919 * Undoes the effect of tty_ldisc_ref or tty_ldisc_ref_wait. May
920 * be called in IRQ context.
921 *
922 * Locking: takes tty_ldisc_lock
923 */
924
925 void tty_ldisc_deref(struct tty_ldisc *ld)
926 {
927 unsigned long flags;
928
929 BUG_ON(ld == NULL);
930
931 spin_lock_irqsave(&tty_ldisc_lock, flags);
932 if (ld->refcount == 0)
933 printk(KERN_ERR "tty_ldisc_deref: no references.\n");
934 else
935 ld->refcount--;
936 if (ld->refcount == 0)
937 wake_up(&tty_ldisc_wait);
938 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
939 }
940
941 EXPORT_SYMBOL_GPL(tty_ldisc_deref);
942
943 /**
944 * tty_ldisc_enable - allow ldisc use
945 * @tty: terminal to activate ldisc on
946 *
947 * Set the TTY_LDISC flag when the line discipline can be called
948 * again. Do necessary wakeups for existing sleepers.
949 *
950 * Note: nobody should set this bit except via this function. Clearing
951 * directly is allowed.
952 */
953
954 static void tty_ldisc_enable(struct tty_struct *tty)
955 {
956 set_bit(TTY_LDISC, &tty->flags);
957 wake_up(&tty_ldisc_wait);
958 }
959
960 /**
961 * tty_set_ldisc - set line discipline
962 * @tty: the terminal to set
963 * @ldisc: the line discipline
964 *
965 * Set the discipline of a tty line. Must be called from a process
966 * context.
967 *
968 * Locking: takes tty_ldisc_lock.
969 * called functions take termios_mutex
970 */
971
972 static int tty_set_ldisc(struct tty_struct *tty, int ldisc)
973 {
974 int retval = 0;
975 struct tty_ldisc o_ldisc;
976 char buf[64];
977 int work;
978 unsigned long flags;
979 struct tty_ldisc *ld;
980 struct tty_struct *o_tty;
981
982 if ((ldisc < N_TTY) || (ldisc >= NR_LDISCS))
983 return -EINVAL;
984
985 restart:
986
987 ld = tty_ldisc_get(ldisc);
988 /* Eduardo Blanco <ejbs@cs.cs.com.uy> */
989 /* Cyrus Durgin <cider@speakeasy.org> */
990 if (ld == NULL) {
991 request_module("tty-ldisc-%d", ldisc);
992 ld = tty_ldisc_get(ldisc);
993 }
994 if (ld == NULL)
995 return -EINVAL;
996
997 /*
998 * Problem: What do we do if this blocks ?
999 */
1000
1001 tty_wait_until_sent(tty, 0);
1002
1003 if (tty->ldisc.num == ldisc) {
1004 tty_ldisc_put(ldisc);
1005 return 0;
1006 }
1007
1008 /*
1009 * No more input please, we are switching. The new ldisc
1010 * will update this value in the ldisc open function
1011 */
1012
1013 tty->receive_room = 0;
1014
1015 o_ldisc = tty->ldisc;
1016 o_tty = tty->link;
1017
1018 /*
1019 * Make sure we don't change while someone holds a
1020 * reference to the line discipline. The TTY_LDISC bit
1021 * prevents anyone taking a reference once it is clear.
1022 * We need the lock to avoid racing reference takers.
1023 */
1024
1025 spin_lock_irqsave(&tty_ldisc_lock, flags);
1026 if (tty->ldisc.refcount || (o_tty && o_tty->ldisc.refcount)) {
1027 if (tty->ldisc.refcount) {
1028 /* Free the new ldisc we grabbed. Must drop the lock
1029 first. */
1030 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1031 tty_ldisc_put(ldisc);
1032 /*
1033 * There are several reasons we may be busy, including
1034 * random momentary I/O traffic. We must therefore
1035 * retry. We could distinguish between blocking ops
1036 * and retries if we made tty_ldisc_wait() smarter.
1037 * That is up for discussion.
1038 */
1039 if (wait_event_interruptible(tty_ldisc_wait, tty->ldisc.refcount == 0) < 0)
1040 return -ERESTARTSYS;
1041 goto restart;
1042 }
1043 if (o_tty && o_tty->ldisc.refcount) {
1044 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1045 tty_ldisc_put(ldisc);
1046 if (wait_event_interruptible(tty_ldisc_wait, o_tty->ldisc.refcount == 0) < 0)
1047 return -ERESTARTSYS;
1048 goto restart;
1049 }
1050 }
1051 /*
1052 * If the TTY_LDISC bit is set, then we are racing against
1053 * another ldisc change
1054 */
1055 if (!test_bit(TTY_LDISC, &tty->flags)) {
1056 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1057 tty_ldisc_put(ldisc);
1058 ld = tty_ldisc_ref_wait(tty);
1059 tty_ldisc_deref(ld);
1060 goto restart;
1061 }
1062
1063 clear_bit(TTY_LDISC, &tty->flags);
1064 if (o_tty)
1065 clear_bit(TTY_LDISC, &o_tty->flags);
1066 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
1067
1068 /*
1069 * From this point on we know nobody has an ldisc
1070 * usage reference, nor can they obtain one until
1071 * we say so later on.
1072 */
1073
1074 work = cancel_delayed_work(&tty->buf.work);
1075 /*
1076 * Wait for ->hangup_work and ->buf.work handlers to terminate
1077 */
1078 flush_scheduled_work();
1079 /* Shutdown the current discipline. */
1080 if (tty->ldisc.close)
1081 (tty->ldisc.close)(tty);
1082
1083 /* Now set up the new line discipline. */
1084 tty_ldisc_assign(tty, ld);
1085 tty_set_termios_ldisc(tty, ldisc);
1086 if (tty->ldisc.open)
1087 retval = (tty->ldisc.open)(tty);
1088 if (retval < 0) {
1089 tty_ldisc_put(ldisc);
1090 /* There is an outstanding reference here so this is safe */
1091 tty_ldisc_assign(tty, tty_ldisc_get(o_ldisc.num));
1092 tty_set_termios_ldisc(tty, tty->ldisc.num);
1093 if (tty->ldisc.open && (tty->ldisc.open(tty) < 0)) {
1094 tty_ldisc_put(o_ldisc.num);
1095 /* This driver is always present */
1096 tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
1097 tty_set_termios_ldisc(tty, N_TTY);
1098 if (tty->ldisc.open) {
1099 int r = tty->ldisc.open(tty);
1100
1101 if (r < 0)
1102 panic("Couldn't open N_TTY ldisc for "
1103 "%s --- error %d.",
1104 tty_name(tty, buf), r);
1105 }
1106 }
1107 }
1108 /* At this point we hold a reference to the new ldisc and a
1109 a reference to the old ldisc. If we ended up flipping back
1110 to the existing ldisc we have two references to it */
1111
1112 if (tty->ldisc.num != o_ldisc.num && tty->driver->set_ldisc)
1113 tty->driver->set_ldisc(tty);
1114
1115 tty_ldisc_put(o_ldisc.num);
1116
1117 /*
1118 * Allow ldisc referencing to occur as soon as the driver
1119 * ldisc callback completes.
1120 */
1121
1122 tty_ldisc_enable(tty);
1123 if (o_tty)
1124 tty_ldisc_enable(o_tty);
1125
1126 /* Restart it in case no characters kick it off. Safe if
1127 already running */
1128 if (work)
1129 schedule_delayed_work(&tty->buf.work, 1);
1130 return retval;
1131 }
1132
1133 /**
1134 * get_tty_driver - find device of a tty
1135 * @dev_t: device identifier
1136 * @index: returns the index of the tty
1137 *
1138 * This routine returns a tty driver structure, given a device number
1139 * and also passes back the index number.
1140 *
1141 * Locking: caller must hold tty_mutex
1142 */
1143
1144 static struct tty_driver *get_tty_driver(dev_t device, int *index)
1145 {
1146 struct tty_driver *p;
1147
1148 list_for_each_entry(p, &tty_drivers, tty_drivers) {
1149 dev_t base = MKDEV(p->major, p->minor_start);
1150 if (device < base || device >= base + p->num)
1151 continue;
1152 *index = device - base;
1153 return p;
1154 }
1155 return NULL;
1156 }
1157
1158 /**
1159 * tty_check_change - check for POSIX terminal changes
1160 * @tty: tty to check
1161 *
1162 * If we try to write to, or set the state of, a terminal and we're
1163 * not in the foreground, send a SIGTTOU. If the signal is blocked or
1164 * ignored, go ahead and perform the operation. (POSIX 7.2)
1165 *
1166 * Locking: none
1167 */
1168
1169 int tty_check_change(struct tty_struct *tty)
1170 {
1171 if (current->signal->tty != tty)
1172 return 0;
1173 if (!tty->pgrp) {
1174 printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n");
1175 return 0;
1176 }
1177 if (task_pgrp(current) == tty->pgrp)
1178 return 0;
1179 if (is_ignored(SIGTTOU))
1180 return 0;
1181 if (is_current_pgrp_orphaned())
1182 return -EIO;
1183 kill_pgrp(task_pgrp(current), SIGTTOU, 1);
1184 set_thread_flag(TIF_SIGPENDING);
1185 return -ERESTARTSYS;
1186 }
1187
1188 EXPORT_SYMBOL(tty_check_change);
1189
1190 static ssize_t hung_up_tty_read(struct file *file, char __user *buf,
1191 size_t count, loff_t *ppos)
1192 {
1193 return 0;
1194 }
1195
1196 static ssize_t hung_up_tty_write(struct file *file, const char __user *buf,
1197 size_t count, loff_t *ppos)
1198 {
1199 return -EIO;
1200 }
1201
1202 /* No kernel lock held - none needed ;) */
1203 static unsigned int hung_up_tty_poll(struct file *filp, poll_table *wait)
1204 {
1205 return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
1206 }
1207
1208 static int hung_up_tty_ioctl(struct inode *inode, struct file *file,
1209 unsigned int cmd, unsigned long arg)
1210 {
1211 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
1212 }
1213
1214 static long hung_up_tty_compat_ioctl(struct file *file,
1215 unsigned int cmd, unsigned long arg)
1216 {
1217 return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
1218 }
1219
1220 static const struct file_operations tty_fops = {
1221 .llseek = no_llseek,
1222 .read = tty_read,
1223 .write = tty_write,
1224 .poll = tty_poll,
1225 .ioctl = tty_ioctl,
1226 .compat_ioctl = tty_compat_ioctl,
1227 .open = tty_open,
1228 .release = tty_release,
1229 .fasync = tty_fasync,
1230 };
1231
1232 #ifdef CONFIG_UNIX98_PTYS
1233 static const struct file_operations ptmx_fops = {
1234 .llseek = no_llseek,
1235 .read = tty_read,
1236 .write = tty_write,
1237 .poll = tty_poll,
1238 .ioctl = tty_ioctl,
1239 .compat_ioctl = tty_compat_ioctl,
1240 .open = ptmx_open,
1241 .release = tty_release,
1242 .fasync = tty_fasync,
1243 };
1244 #endif
1245
1246 static const struct file_operations console_fops = {
1247 .llseek = no_llseek,
1248 .read = tty_read,
1249 .write = redirected_tty_write,
1250 .poll = tty_poll,
1251 .ioctl = tty_ioctl,
1252 .compat_ioctl = tty_compat_ioctl,
1253 .open = tty_open,
1254 .release = tty_release,
1255 .fasync = tty_fasync,
1256 };
1257
1258 static const struct file_operations hung_up_tty_fops = {
1259 .llseek = no_llseek,
1260 .read = hung_up_tty_read,
1261 .write = hung_up_tty_write,
1262 .poll = hung_up_tty_poll,
1263 .ioctl = hung_up_tty_ioctl,
1264 .compat_ioctl = hung_up_tty_compat_ioctl,
1265 .release = tty_release,
1266 };
1267
1268 static DEFINE_SPINLOCK(redirect_lock);
1269 static struct file *redirect;
1270
1271 /**
1272 * tty_wakeup - request more data
1273 * @tty: terminal
1274 *
1275 * Internal and external helper for wakeups of tty. This function
1276 * informs the line discipline if present that the driver is ready
1277 * to receive more output data.
1278 */
1279
1280 void tty_wakeup(struct tty_struct *tty)
1281 {
1282 struct tty_ldisc *ld;
1283
1284 if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
1285 ld = tty_ldisc_ref(tty);
1286 if (ld) {
1287 if (ld->write_wakeup)
1288 ld->write_wakeup(tty);
1289 tty_ldisc_deref(ld);
1290 }
1291 }
1292 wake_up_interruptible(&tty->write_wait);
1293 }
1294
1295 EXPORT_SYMBOL_GPL(tty_wakeup);
1296
1297 /**
1298 * tty_ldisc_flush - flush line discipline queue
1299 * @tty: tty
1300 *
1301 * Flush the line discipline queue (if any) for this tty. If there
1302 * is no line discipline active this is a no-op.
1303 */
1304
1305 void tty_ldisc_flush(struct tty_struct *tty)
1306 {
1307 struct tty_ldisc *ld = tty_ldisc_ref(tty);
1308 if (ld) {
1309 if (ld->flush_buffer)
1310 ld->flush_buffer(tty);
1311 tty_ldisc_deref(ld);
1312 }
1313 tty_buffer_flush(tty);
1314 }
1315
1316 EXPORT_SYMBOL_GPL(tty_ldisc_flush);
1317
1318 /**
1319 * tty_reset_termios - reset terminal state
1320 * @tty: tty to reset
1321 *
1322 * Restore a terminal to the driver default state
1323 */
1324
1325 static void tty_reset_termios(struct tty_struct *tty)
1326 {
1327 mutex_lock(&tty->termios_mutex);
1328 *tty->termios = tty->driver->init_termios;
1329 tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
1330 tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
1331 mutex_unlock(&tty->termios_mutex);
1332 }
1333
1334 /**
1335 * do_tty_hangup - actual handler for hangup events
1336 * @work: tty device
1337 *
1338 * This can be called by the "eventd" kernel thread. That is process
1339 * synchronous but doesn't hold any locks, so we need to make sure we
1340 * have the appropriate locks for what we're doing.
1341 *
1342 * The hangup event clears any pending redirections onto the hung up
1343 * device. It ensures future writes will error and it does the needed
1344 * line discipline hangup and signal delivery. The tty object itself
1345 * remains intact.
1346 *
1347 * Locking:
1348 * BKL
1349 * redirect lock for undoing redirection
1350 * file list lock for manipulating list of ttys
1351 * tty_ldisc_lock from called functions
1352 * termios_mutex resetting termios data
1353 * tasklist_lock to walk task list for hangup event
1354 * ->siglock to protect ->signal/->sighand
1355 */
1356 static void do_tty_hangup(struct work_struct *work)
1357 {
1358 struct tty_struct *tty =
1359 container_of(work, struct tty_struct, hangup_work);
1360 struct file *cons_filp = NULL;
1361 struct file *filp, *f = NULL;
1362 struct task_struct *p;
1363 struct tty_ldisc *ld;
1364 int closecount = 0, n;
1365
1366 if (!tty)
1367 return;
1368
1369 /* inuse_filps is protected by the single kernel lock */
1370 lock_kernel();
1371
1372 spin_lock(&redirect_lock);
1373 if (redirect && redirect->private_data == tty) {
1374 f = redirect;
1375 redirect = NULL;
1376 }
1377 spin_unlock(&redirect_lock);
1378
1379 check_tty_count(tty, "do_tty_hangup");
1380 /* This breaks for file handles being sent over AF_UNIX sockets ? */
1381 lock_list_for_each_entry(filp, percpu_list_head(&tty->tty_files), f_u.fu_llist) {
1382 if (filp->f_op->write == redirected_tty_write)
1383 cons_filp = filp;
1384 if (filp->f_op->write != tty_write)
1385 continue;
1386 closecount++;
1387 tty_fasync(-1, filp, 0); /* can't block */
1388 filp->f_op = &hung_up_tty_fops;
1389 }
1390 /*
1391 * FIXME! What are the locking issues here? This may me overdoing
1392 * things... This question is especially important now that we've
1393 * removed the irqlock.
1394 */
1395 ld = tty_ldisc_ref(tty);
1396 if (ld != NULL) {
1397 /* We may have no line discipline at this point */
1398 if (ld->flush_buffer)
1399 ld->flush_buffer(tty);
1400 if (tty->driver->flush_buffer)
1401 tty->driver->flush_buffer(tty);
1402 if ((test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) &&
1403 ld->write_wakeup)
1404 ld->write_wakeup(tty);
1405 if (ld->hangup)
1406 ld->hangup(tty);
1407 }
1408 /*
1409 * FIXME: Once we trust the LDISC code better we can wait here for
1410 * ldisc completion and fix the driver call race
1411 */
1412 wake_up_interruptible(&tty->write_wait);
1413 wake_up_interruptible(&tty->read_wait);
1414 /*
1415 * Shutdown the current line discipline, and reset it to
1416 * N_TTY.
1417 */
1418 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1419 tty_reset_termios(tty);
1420 /* Defer ldisc switch */
1421 /* tty_deferred_ldisc_switch(N_TTY);
1422
1423 This should get done automatically when the port closes and
1424 tty_release is called */
1425
1426 read_lock(&tasklist_lock);
1427 if (tty->session) {
1428 do_each_pid_task(tty->session, PIDTYPE_SID, p) {
1429 spin_lock_irq(&p->sighand->siglock);
1430 if (p->signal->tty == tty)
1431 p->signal->tty = NULL;
1432 if (!p->signal->leader) {
1433 spin_unlock_irq(&p->sighand->siglock);
1434 continue;
1435 }
1436 __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
1437 __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
1438 put_pid(p->signal->tty_old_pgrp); /* A noop */
1439 if (tty->pgrp)
1440 p->signal->tty_old_pgrp = get_pid(tty->pgrp);
1441 spin_unlock_irq(&p->sighand->siglock);
1442 } while_each_pid_task(tty->session, PIDTYPE_SID, p);
1443 }
1444 read_unlock(&tasklist_lock);
1445
1446 tty->flags = 0;
1447 put_pid(tty->session);
1448 put_pid(tty->pgrp);
1449 tty->session = NULL;
1450 tty->pgrp = NULL;
1451 tty->ctrl_status = 0;
1452 /*
1453 * If one of the devices matches a console pointer, we
1454 * cannot just call hangup() because that will cause
1455 * tty->count and state->count to go out of sync.
1456 * So we just call close() the right number of times.
1457 */
1458 if (cons_filp) {
1459 if (tty->driver->close)
1460 for (n = 0; n < closecount; n++)
1461 tty->driver->close(tty, cons_filp);
1462 } else if (tty->driver->hangup)
1463 (tty->driver->hangup)(tty);
1464 /*
1465 * We don't want to have driver/ldisc interactions beyond
1466 * the ones we did here. The driver layer expects no
1467 * calls after ->hangup() from the ldisc side. However we
1468 * can't yet guarantee all that.
1469 */
1470 set_bit(TTY_HUPPED, &tty->flags);
1471 if (ld) {
1472 tty_ldisc_enable(tty);
1473 tty_ldisc_deref(ld);
1474 }
1475 unlock_kernel();
1476 if (f)
1477 fput(f);
1478 }
1479
1480 /**
1481 * tty_hangup - trigger a hangup event
1482 * @tty: tty to hangup
1483 *
1484 * A carrier loss (virtual or otherwise) has occurred on this like
1485 * schedule a hangup sequence to run after this event.
1486 */
1487
1488 void tty_hangup(struct tty_struct *tty)
1489 {
1490 #ifdef TTY_DEBUG_HANGUP
1491 char buf[64];
1492 printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
1493 #endif
1494 schedule_work(&tty->hangup_work);
1495 }
1496
1497 EXPORT_SYMBOL(tty_hangup);
1498
1499 /**
1500 * tty_vhangup - process vhangup
1501 * @tty: tty to hangup
1502 *
1503 * The user has asked via system call for the terminal to be hung up.
1504 * We do this synchronously so that when the syscall returns the process
1505 * is complete. That guarantee is necessary for security reasons.
1506 */
1507
1508 void tty_vhangup(struct tty_struct *tty)
1509 {
1510 #ifdef TTY_DEBUG_HANGUP
1511 char buf[64];
1512
1513 printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
1514 #endif
1515 do_tty_hangup(&tty->hangup_work);
1516 }
1517
1518 EXPORT_SYMBOL(tty_vhangup);
1519
1520 /**
1521 * tty_hung_up_p - was tty hung up
1522 * @filp: file pointer of tty
1523 *
1524 * Return true if the tty has been subject to a vhangup or a carrier
1525 * loss
1526 */
1527
1528 int tty_hung_up_p(struct file *filp)
1529 {
1530 return (filp->f_op == &hung_up_tty_fops);
1531 }
1532
1533 EXPORT_SYMBOL(tty_hung_up_p);
1534
1535 /**
1536 * is_tty - checker whether file is a TTY
1537 * @filp: file handle that may be a tty
1538 *
1539 * Check if the file handle is a tty handle.
1540 */
1541
1542 int is_tty(struct file *filp)
1543 {
1544 return filp->f_op->read == tty_read
1545 || filp->f_op->read == hung_up_tty_read;
1546 }
1547
1548 static void session_clear_tty(struct pid *session)
1549 {
1550 struct task_struct *p;
1551 do_each_pid_task(session, PIDTYPE_SID, p) {
1552 proc_clear_tty(p);
1553 } while_each_pid_task(session, PIDTYPE_SID, p);
1554 }
1555
1556 /**
1557 * disassociate_ctty - disconnect controlling tty
1558 * @on_exit: true if exiting so need to "hang up" the session
1559 *
1560 * This function is typically called only by the session leader, when
1561 * it wants to disassociate itself from its controlling tty.
1562 *
1563 * It performs the following functions:
1564 * (1) Sends a SIGHUP and SIGCONT to the foreground process group
1565 * (2) Clears the tty from being controlling the session
1566 * (3) Clears the controlling tty for all processes in the
1567 * session group.
1568 *
1569 * The argument on_exit is set to 1 if called when a process is
1570 * exiting; it is 0 if called by the ioctl TIOCNOTTY.
1571 *
1572 * Locking:
1573 * BKL is taken for hysterical raisins
1574 * tty_mutex is taken to protect tty
1575 * ->siglock is taken to protect ->signal/->sighand
1576 * tasklist_lock is taken to walk process list for sessions
1577 * ->siglock is taken to protect ->signal/->sighand
1578 */
1579
1580 void disassociate_ctty(int on_exit)
1581 {
1582 struct tty_struct *tty;
1583 struct pid *tty_pgrp = NULL;
1584
1585 lock_kernel();
1586
1587 mutex_lock(&tty_mutex);
1588 tty = get_current_tty();
1589 if (tty) {
1590 tty_pgrp = get_pid(tty->pgrp);
1591 mutex_unlock(&tty_mutex);
1592 /* XXX: here we race, there is nothing protecting tty */
1593 if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY)
1594 tty_vhangup(tty);
1595 } else if (on_exit) {
1596 struct pid *old_pgrp;
1597 spin_lock_irq(¤t->sighand->siglock);
1598 old_pgrp = current->signal->tty_old_pgrp;
1599 current->signal->tty_old_pgrp = NULL;
1600 spin_unlock_irq(¤t->sighand->siglock);
1601 if (old_pgrp) {
1602 kill_pgrp(old_pgrp, SIGHUP, on_exit);
1603 kill_pgrp(old_pgrp, SIGCONT, on_exit);
1604 put_pid(old_pgrp);
1605 }
1606 mutex_unlock(&tty_mutex);
1607 unlock_kernel();
1608 return;
1609 }
1610 if (tty_pgrp) {
1611 kill_pgrp(tty_pgrp, SIGHUP, on_exit);
1612 if (!on_exit)
1613 kill_pgrp(tty_pgrp, SIGCONT, on_exit);
1614 put_pid(tty_pgrp);
1615 }
1616
1617 spin_lock_irq(¤t->sighand->siglock);
1618 put_pid(current->signal->tty_old_pgrp);
1619 current->signal->tty_old_pgrp = NULL;
1620 spin_unlock_irq(¤t->sighand->siglock);
1621
1622 mutex_lock(&tty_mutex);
1623 /* It is possible that do_tty_hangup has free'd this tty */
1624 tty = get_current_tty();
1625 if (tty) {
1626 put_pid(tty->session);
1627 put_pid(tty->pgrp);
1628 tty->session = NULL;
1629 tty->pgrp = NULL;
1630 } else {
1631 #ifdef TTY_DEBUG_HANGUP
1632 printk(KERN_DEBUG "error attempted to write to tty [0x%p]"
1633 " = NULL", tty);
1634 #endif
1635 }
1636 mutex_unlock(&tty_mutex);
1637
1638 /* Now clear signal->tty under the lock */
1639 read_lock(&tasklist_lock);
1640 session_clear_tty(task_session(current));
1641 read_unlock(&tasklist_lock);
1642 unlock_kernel();
1643 }
1644
1645 /**
1646 *
1647 * no_tty - Ensure the current process does not have a controlling tty
1648 */
1649 void no_tty(void)
1650 {
1651 struct task_struct *tsk = current;
1652 if (tsk->signal->leader)
1653 disassociate_ctty(0);
1654 proc_clear_tty(tsk);
1655 }
1656
1657
1658 /**
1659 * stop_tty - propagate flow control
1660 * @tty: tty to stop
1661 *
1662 * Perform flow control to the driver. For PTY/TTY pairs we
1663 * must also propagate the TIOCKPKT status. May be called
1664 * on an already stopped device and will not re-call the driver
1665 * method.
1666 *
1667 * This functionality is used by both the line disciplines for
1668 * halting incoming flow and by the driver. It may therefore be
1669 * called from any context, may be under the tty atomic_write_lock
1670 * but not always.
1671 *
1672 * Locking:
1673 * Broken. Relies on BKL which is unsafe here.
1674 */
1675
1676 void stop_tty(struct tty_struct *tty)
1677 {
1678 if (tty->stopped)
1679 return;
1680 tty->stopped = 1;
1681 if (tty->link && tty->link->packet) {
1682 tty->ctrl_status &= ~TIOCPKT_START;
1683 tty->ctrl_status |= TIOCPKT_STOP;
1684 wake_up_interruptible(&tty->link->read_wait);
1685 }
1686 if (tty->driver->stop)
1687 (tty->driver->stop)(tty);
1688 }
1689
1690 EXPORT_SYMBOL(stop_tty);
1691
1692 /**
1693 * start_tty - propagate flow control
1694 * @tty: tty to start
1695 *
1696 * Start a tty that has been stopped if at all possible. Perform
1697 * any necessary wakeups and propagate the TIOCPKT status. If this
1698 * is the tty was previous stopped and is being started then the
1699 * driver start method is invoked and the line discipline woken.
1700 *
1701 * Locking:
1702 * Broken. Relies on BKL which is unsafe here.
1703 */
1704
1705 void start_tty(struct tty_struct *tty)
1706 {
1707 if (!tty->stopped || tty->flow_stopped)
1708 return;
1709 tty->stopped = 0;
1710 if (tty->link && tty->link->packet) {
1711 tty->ctrl_status &= ~TIOCPKT_STOP;
1712 tty->ctrl_status |= TIOCPKT_START;
1713 wake_up_interruptible(&tty->link->read_wait);
1714 }
1715 if (tty->driver->start)
1716 (tty->driver->start)(tty);
1717 /* If we have a running line discipline it may need kicking */
1718 tty_wakeup(tty);
1719 }
1720
1721 EXPORT_SYMBOL(start_tty);
1722
1723 /**
1724 * tty_read - read method for tty device files
1725 * @file: pointer to tty file
1726 * @buf: user buffer
1727 * @count: size of user buffer
1728 * @ppos: unused
1729 *
1730 * Perform the read system call function on this terminal device. Checks
1731 * for hung up devices before calling the line discipline method.
1732 *
1733 * Locking:
1734 * Locks the line discipline internally while needed
1735 * For historical reasons the line discipline read method is
1736 * invoked under the BKL. This will go away in time so do not rely on it
1737 * in new code. Multiple read calls may be outstanding in parallel.
1738 */
1739
1740 static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
1741 loff_t *ppos)
1742 {
1743 int i;
1744 struct tty_struct *tty;
1745 struct inode *inode;
1746 struct tty_ldisc *ld;
1747
1748 tty = (struct tty_struct *)file->private_data;
1749 inode = file->f_path.dentry->d_inode;
1750 if (tty_paranoia_check(tty, inode, "tty_read"))
1751 return -EIO;
1752 if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
1753 return -EIO;
1754
1755 /* We want to wait for the line discipline to sort out in this
1756 situation */
1757 ld = tty_ldisc_ref_wait(tty);
1758 lock_kernel();
1759 if (ld->read)
1760 i = (ld->read)(tty, file, buf, count);
1761 else
1762 i = -EIO;
1763 tty_ldisc_deref(ld);
1764 unlock_kernel();
1765 if (i > 0)
1766 inode->i_atime = current_fs_time(inode->i_sb);
1767 return i;
1768 }
1769
1770 void tty_write_unlock(struct tty_struct *tty)
1771 {
1772 mutex_unlock(&tty->atomic_write_lock);
1773 wake_up_interruptible(&tty->write_wait);
1774 }
1775
1776 int tty_write_lock(struct tty_struct *tty, int ndelay)
1777 {
1778 if (!mutex_trylock(&tty->atomic_write_lock)) {
1779 if (ndelay)
1780 return -EAGAIN;
1781 if (mutex_lock_interruptible(&tty->atomic_write_lock))
1782 return -ERESTARTSYS;
1783 }
1784 return 0;
1785 }
1786
1787 /*
1788 * Split writes up in sane blocksizes to avoid
1789 * denial-of-service type attacks
1790 */
1791 static inline ssize_t do_tty_write(
1792 ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1793 struct tty_struct *tty,
1794 struct file *file,
1795 const char __user *buf,
1796 size_t count)
1797 {
1798 ssize_t ret, written = 0;
1799 unsigned int chunk;
1800
1801 ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
1802 if (ret < 0)
1803 return ret;
1804
1805 /*
1806 * We chunk up writes into a temporary buffer. This
1807 * simplifies low-level drivers immensely, since they
1808 * don't have locking issues and user mode accesses.
1809 *
1810 * But if TTY_NO_WRITE_SPLIT is set, we should use a
1811 * big chunk-size..
1812 *
1813 * The default chunk-size is 2kB, because the NTTY
1814 * layer has problems with bigger chunks. It will
1815 * claim to be able to handle more characters than
1816 * it actually does.
1817 *
1818 * FIXME: This can probably go away now except that 64K chunks
1819 * are too likely to fail unless switched to vmalloc...
1820 */
1821 chunk = 2048;
1822 if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1823 chunk = 65536;
1824 if (count < chunk)
1825 chunk = count;
1826
1827 /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1828 if (tty->write_cnt < chunk) {
1829 unsigned char *buf;
1830
1831 if (chunk < 1024)
1832 chunk = 1024;
1833
1834 buf = kmalloc(chunk, GFP_KERNEL);
1835 if (!buf) {
1836 ret = -ENOMEM;
1837 goto out;
1838 }
1839 kfree(tty->write_buf);
1840 tty->write_cnt = chunk;
1841 tty->write_buf = buf;
1842 }
1843
1844 /* Do the write .. */
1845 for (;;) {
1846 size_t size = count;
1847 if (size > chunk)
1848 size = chunk;
1849 ret = -EFAULT;
1850 if (copy_from_user(tty->write_buf, buf, size))
1851 break;
1852 lock_kernel();
1853 ret = write(tty, file, tty->write_buf, size);
1854 unlock_kernel();
1855 if (ret <= 0)
1856 break;
1857 written += ret;
1858 buf += ret;
1859 count -= ret;
1860 if (!count)
1861 break;
1862 ret = -ERESTARTSYS;
1863 if (signal_pending(current))
1864 break;
1865 cond_resched();
1866 }
1867 if (written) {
1868 struct inode *inode = file->f_path.dentry->d_inode;
1869 inode->i_mtime = current_fs_time(inode->i_sb);
1870 ret = written;
1871 }
1872 out:
1873 tty_write_unlock(tty);
1874 return ret;
1875 }
1876
1877
1878 /**
1879 * tty_write - write method for tty device file
1880 * @file: tty file pointer
1881 * @buf: user data to write
1882 * @count: bytes to write
1883 * @ppos: unused
1884 *
1885 * Write data to a tty device via the line discipline.
1886 *
1887 * Locking:
1888 * Locks the line discipline as required
1889 * Writes to the tty driver are serialized by the atomic_write_lock
1890 * and are then processed in chunks to the device. The line discipline
1891 * write method will not be involked in parallel for each device
1892 * The line discipline write method is called under the big
1893 * kernel lock for historical reasons. New code should not rely on this.
1894 */
1895
1896 static ssize_t tty_write(struct file *file, const char __user *buf,
1897 size_t count, loff_t *ppos)
1898 {
1899 struct tty_struct *tty;
1900 struct inode *inode = file->f_path.dentry->d_inode;
1901 ssize_t ret;
1902 struct tty_ldisc *ld;
1903
1904 tty = (struct tty_struct *)file->private_data;
1905 if (tty_paranoia_check(tty, inode, "tty_write"))
1906 return -EIO;
1907 if (!tty || !tty->driver->write ||
1908 (test_bit(TTY_IO_ERROR, &tty->flags)))
1909 return -EIO;
1910
1911 ld = tty_ldisc_ref_wait(tty);
1912 if (!ld->write)
1913 ret = -EIO;
1914 else
1915 ret = do_tty_write(ld->write, tty, file, buf, count);
1916 tty_ldisc_deref(ld);
1917 return ret;
1918 }
1919
1920 ssize_t redirected_tty_write(struct file *file, const char __user *buf,
1921 size_t count, loff_t *ppos)
1922 {
1923 struct file *p = NULL;
1924
1925 spin_lock(&redirect_lock);
1926 if (redirect) {
1927 get_file(redirect);
1928 p = redirect;
1929 }
1930 spin_unlock(&redirect_lock);
1931
1932 if (p) {
1933 ssize_t res;
1934 res = vfs_write(p, buf, count, &p->f_pos);
1935 fput(p);
1936 return res;
1937 }
1938 return tty_write(file, buf, count, ppos);
1939 }
1940
1941 static char ptychar[] = "pqrstuvwxyzabcde";
1942
1943 /**
1944 * pty_line_name - generate name for a pty
1945 * @driver: the tty driver in use
1946 * @index: the minor number
1947 * @p: output buffer of at least 6 bytes
1948 *
1949 * Generate a name from a driver reference and write it to the output
1950 * buffer.
1951 *
1952 * Locking: None
1953 */
1954 static void pty_line_name(struct tty_driver *driver, int index, char *p)
1955 {
1956 int i = index + driver->name_base;
1957 /* ->name is initialized to "ttyp", but "tty" is expected */
1958 sprintf(p, "%s%c%x",
1959 driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1960 ptychar[i >> 4 & 0xf], i & 0xf);
1961 }
1962
1963 /**
1964 * pty_line_name - generate name for a tty
1965 * @driver: the tty driver in use
1966 * @index: the minor number
1967 * @p: output buffer of at least 7 bytes
1968 *
1969 * Generate a name from a driver reference and write it to the output
1970 * buffer.
1971 *
1972 * Locking: None
1973 */
1974 static void tty_line_name(struct tty_driver *driver, int index, char *p)
1975 {
1976 sprintf(p, "%s%d", driver->name, index + driver->name_base);
1977 }
1978
1979 /**
1980 * init_dev - initialise a tty device
1981 * @driver: tty driver we are opening a device on
1982 * @idx: device index
1983 * @tty: returned tty structure
1984 *
1985 * Prepare a tty device. This may not be a "new" clean device but
1986 * could also be an active device. The pty drivers require special
1987 * handling because of this.
1988 *
1989 * Locking:
1990 * The function is called under the tty_mutex, which
1991 * protects us from the tty struct or driver itself going away.
1992 *
1993 * On exit the tty device has the line discipline attached and
1994 * a reference count of 1. If a pair was created for pty/tty use
1995 * and the other was a pty master then it too has a reference count of 1.
1996 *
1997 * WSH 06/09/97: Rewritten to remove races and properly clean up after a
1998 * failed open. The new code protects the open with a mutex, so it's
1999 * really quite straightforward. The mutex locking can probably be
2000 * relaxed for the (most common) case of reopening a tty.
2001 */
2002
2003 static int init_dev(struct tty_driver *driver, int idx,
2004 struct tty_struct **ret_tty)
2005 {
2006 struct tty_struct *tty, *o_tty;
2007 struct ktermios *tp, **tp_loc, *o_tp, **o_tp_loc;
2008 struct ktermios *ltp, **ltp_loc, *o_ltp, **o_ltp_loc;
2009 int retval = 0;
2010
2011 /* check whether we're reopening an existing tty */
2012 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
2013 tty = devpts_get_tty(idx);
2014 /*
2015 * If we don't have a tty here on a slave open, it's because
2016 * the master already started the close process and there's
2017 * no relation between devpts file and tty anymore.
2018 */
2019 if (!tty && driver->subtype == PTY_TYPE_SLAVE) {
2020 retval = -EIO;
2021 goto end_init;
2022 }
2023 /*
2024 * It's safe from now on because init_dev() is called with
2025 * tty_mutex held and release_dev() won't change tty->count
2026 * or tty->flags without having to grab tty_mutex
2027 */
2028 if (tty && driver->subtype == PTY_TYPE_MASTER)
2029 tty = tty->link;
2030 } else {
2031 tty = driver->ttys[idx];
2032 }
2033 if (tty) goto fast_track;
2034
2035 /*
2036 * First time open is complex, especially for PTY devices.
2037 * This code guarantees that either everything succeeds and the
2038 * TTY is ready for operation, or else the table slots are vacated
2039 * and the allocated memory released. (Except that the termios
2040 * and locked termios may be retained.)
2041 */
2042
2043 if (!try_module_get(driver->owner)) {
2044 retval = -ENODEV;
2045 goto end_init;
2046 }
2047
2048 o_tty = NULL;
2049 tp = o_tp = NULL;
2050 ltp = o_ltp = NULL;
2051
2052 tty = alloc_tty_struct();
2053 if (!tty)
2054 goto fail_no_mem;
2055 initialize_tty_struct(tty);
2056 tty->driver = driver;
2057 tty->index = idx;
2058 tty_line_name(driver, idx, tty->name);
2059
2060 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
2061 tp_loc = &tty->termios;
2062 ltp_loc = &tty->termios_locked;
2063 } else {
2064 tp_loc = &driver->termios[idx];
2065 ltp_loc = &driver->termios_locked[idx];
2066 }
2067
2068 if (!*tp_loc) {
2069 tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
2070 if (!tp)
2071 goto free_mem_out;
2072 *tp = driver->init_termios;
2073 }
2074
2075 if (!*ltp_loc) {
2076 ltp = kzalloc(sizeof(struct ktermios), GFP_KERNEL);
2077 if (!ltp)
2078 goto free_mem_out;
2079 }
2080
2081 if (driver->type == TTY_DRIVER_TYPE_PTY) {
2082 o_tty = alloc_tty_struct();
2083 if (!o_tty)
2084 goto free_mem_out;
2085 initialize_tty_struct(o_tty);
2086 o_tty->driver = driver->other;
2087 o_tty->index = idx;
2088 tty_line_name(driver->other, idx, o_tty->name);
2089
2090 if (driver->flags & TTY_DRIVER_DEVPTS_MEM) {
2091 o_tp_loc = &o_tty->termios;
2092 o_ltp_loc = &o_tty->termios_locked;
2093 } else {
2094 o_tp_loc = &driver->other->termios[idx];
2095 o_ltp_loc = &driver->other->termios_locked[idx];
2096 }
2097
2098 if (!*o_tp_loc) {
2099 o_tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
2100 if (!o_tp)
2101 goto free_mem_out;
2102 *o_tp = driver->other->init_termios;
2103 }
2104
2105 if (!*o_ltp_loc) {
2106 o_ltp = kzalloc(sizeof(struct ktermios), GFP_KERNEL);
2107 if (!o_ltp)
2108 goto free_mem_out;
2109 }
2110
2111 /*
2112 * Everything allocated ... set up the o_tty structure.
2113 */
2114 if (!(driver->other->flags & TTY_DRIVER_DEVPTS_MEM))
2115 driver->other->ttys[idx] = o_tty;
2116 if (!*o_tp_loc)
2117 *o_tp_loc = o_tp;
2118 if (!*o_ltp_loc)
2119 *o_ltp_loc = o_ltp;
2120 o_tty->termios = *o_tp_loc;
2121 o_tty->termios_locked = *o_ltp_loc;
2122 driver->other->refcount++;
2123 if (driver->subtype == PTY_TYPE_MASTER)
2124 o_tty->count++;
2125
2126 /* Establish the links in both directions */
2127 tty->link = o_tty;
2128 o_tty->link = tty;
2129 }
2130
2131 /*
2132 * All structures have been allocated, so now we install them.
2133 * Failures after this point use release_tty to clean up, so
2134 * there's no need to null out the local pointers.
2135 */
2136 if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM))
2137 driver->ttys[idx] = tty;
2138
2139 if (!*tp_loc)
2140 *tp_loc = tp;
2141 if (!*ltp_loc)
2142 *ltp_loc = ltp;
2143 tty->termios = *tp_loc;
2144 tty->termios_locked = *ltp_loc;
2145 /* Compatibility until drivers always set this */
2146 tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
2147 tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
2148 driver->refcount++;
2149 tty->count++;
2150
2151 /*
2152 * Structures all installed ... call the ldisc open routines.
2153 * If we fail here just call release_tty to clean up. No need
2154 * to decrement the use counts, as release_tty doesn't care.
2155 */
2156
2157 if (tty->ldisc.open) {
2158 retval = (tty->ldisc.open)(tty);
2159 if (retval)
2160 goto release_mem_out;
2161 }
2162 if (o_tty && o_tty->ldisc.open) {
2163 retval = (o_tty->ldisc.open)(o_tty);
2164 if (retval) {
2165 if (tty->ldisc.close)
2166 (tty->ldisc.close)(tty);
2167 goto release_mem_out;
2168 }
2169 tty_ldisc_enable(o_tty);
2170 }
2171 tty_ldisc_enable(tty);
2172 goto success;
2173
2174 /*
2175 * This fast open can be used if the tty is already open.
2176 * No memory is allocated, and the only failures are from
2177 * attempting to open a closing tty or attempting multiple
2178 * opens on a pty master.
2179 */
2180 fast_track:
2181 if (test_bit(TTY_CLOSING, &tty->flags)) {
2182 retval = -EIO;
2183 goto end_init;
2184 }
2185 if (driver->type == TTY_DRIVER_TYPE_PTY &&
2186 driver->subtype == PTY_TYPE_MASTER) {
2187 /*
2188 * special case for PTY masters: only one open permitted,
2189 * and the slave side open count is incremented as well.
2190 */
2191 if (tty->count) {
2192 retval = -EIO;
2193 goto end_init;
2194 }
2195 tty->link->count++;
2196 }
2197 tty->count++;
2198 tty->driver = driver; /* N.B. why do this every time?? */
2199
2200 /* FIXME */
2201 if (!test_bit(TTY_LDISC, &tty->flags))
2202 printk(KERN_ERR "init_dev but no ldisc\n");
2203 success:
2204 *ret_tty = tty;
2205
2206 /* All paths come through here to release the mutex */
2207 end_init:
2208 return retval;
2209
2210 /* Release locally allocated memory ... nothing placed in slots */
2211 free_mem_out:
2212 kfree(o_tp);
2213 if (o_tty)
2214 free_tty_struct(o_tty);
2215 kfree(ltp);
2216 kfree(tp);
2217 free_tty_struct(tty);
2218
2219 fail_no_mem:
2220 module_put(driver->owner);
2221 retval = -ENOMEM;
2222 goto end_init;
2223
2224 /* call the tty release_tty routine to clean out this slot */
2225 release_mem_out:
2226 if (printk_ratelimit())
2227 printk(KERN_INFO "init_dev: ldisc open failed, "
2228 "clearing slot %d\n", idx);
2229 release_tty(tty, idx);
2230 goto end_init;
2231 }
2232
2233 /**
2234 * release_one_tty - release tty structure memory
2235 *
2236 * Releases memory associated with a tty structure, and clears out the
2237 * driver table slots. This function is called when a device is no longer
2238 * in use. It also gets called when setup of a device fails.
2239 *
2240 * Locking:
2241 * tty_mutex - sometimes only
2242 * takes the file list lock internally when working on the list
2243 * of ttys that the driver keeps.
2244 * FIXME: should we require tty_mutex is held here ??
2245 */
2246 static void release_one_tty(struct tty_struct *tty, int idx)
2247 {
2248 int devpts = tty->driver->flags & TTY_DRIVER_DEVPTS_MEM;
2249 struct ktermios *tp;
2250
2251 if (!devpts)
2252 tty->driver->ttys[idx] = NULL;
2253
2254 if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
2255 tp = tty->termios;
2256 if (!devpts)
2257 tty->driver->termios[idx] = NULL;
2258 kfree(tp);
2259
2260 tp = tty->termios_locked;
2261 if (!devpts)
2262 tty->driver->termios_locked[idx] = NULL;
2263 kfree(tp);
2264 }
2265
2266
2267 tty->magic = 0;
2268 tty->driver->refcount--;
2269
2270 percpu_list_fold(&tty->tty_files);
2271 lock_list_del_init(percpu_list_head(&tty->tty_files));
2272 percpu_list_destroy(&tty->tty_files);
2273
2274 free_tty_struct(tty);
2275 }
2276
2277 /**
2278 * release_tty - release tty structure memory
2279 *
2280 * Release both @tty and a possible linked partner (think pty pair),
2281 * and decrement the refcount of the backing module.
2282 *
2283 * Locking:
2284 * tty_mutex - sometimes only
2285 * takes the file list lock internally when working on the list
2286 * of ttys that the driver keeps.
2287 * FIXME: should we require tty_mutex is held here ??
2288 */
2289 static void release_tty(struct tty_struct *tty, int idx)
2290 {
2291 struct tty_driver *driver = tty->driver;
2292
2293 if (tty->link)
2294 release_one_tty(tty->link, idx);
2295 release_one_tty(tty, idx);
2296 module_put(driver->owner);
2297 }
2298
2299 /*
2300 * Even releasing the tty structures is a tricky business.. We have
2301 * to be very careful that the structures are all released at the
2302 * same time, as interrupts might otherwise get the wrong pointers.
2303 *
2304 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
2305 * lead to double frees or releasing memory still in use.
2306 */
2307 static void release_dev(struct file *filp)
2308 {
2309 struct tty_struct *tty, *o_tty;
2310 int pty_master, tty_closing, o_tty_closing, do_sleep;
2311 int devpts;
2312 int idx;
2313 char buf[64];
2314 unsigned long flags;
2315
2316 tty = (struct tty_struct *)filp->private_data;
2317 if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode,
2318 "release_dev"))
2319 return;
2320
2321 check_tty_count(tty, "release_dev");
2322
2323 tty_fasync(-1, filp, 0);
2324
2325 idx = tty->index;
2326 pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2327 tty->driver->subtype == PTY_TYPE_MASTER);
2328 devpts = (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) != 0;
2329 o_tty = tty->link;
2330
2331 #ifdef TTY_PARANOIA_CHECK
2332 if (idx < 0 || idx >= tty->driver->num) {
2333 printk(KERN_DEBUG "release_dev: bad idx when trying to "
2334 "free (%s)\n", tty->name);
2335 return;
2336 }
2337 if (!(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2338 if (tty != tty->driver->ttys[idx]) {
2339 printk(KERN_DEBUG "release_dev: driver.table[%d] not tty "
2340 "for (%s)\n", idx, tty->name);
2341 return;
2342 }
2343 if (tty->termios != tty->driver->termios[idx]) {
2344 printk(KERN_DEBUG "release_dev: driver.termios[%d] not termios "
2345 "for (%s)\n",
2346 idx, tty->name);
2347 return;
2348 }
2349 if (tty->termios_locked != tty->driver->termios_locked[idx]) {
2350 printk(KERN_DEBUG "release_dev: driver.termios_locked[%d] not "
2351 "termios_locked for (%s)\n",
2352 idx, tty->name);
2353 return;
2354 }
2355 }
2356 #endif
2357
2358 #ifdef TTY_DEBUG_HANGUP
2359 printk(KERN_DEBUG "release_dev of %s (tty count=%d)...",
2360 tty_name(tty, buf), tty->count);
2361 #endif
2362
2363 #ifdef TTY_PARANOIA_CHECK
2364 if (tty->driver->other &&
2365 !(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
2366 if (o_tty != tty->driver->other->ttys[idx]) {
2367 printk(KERN_DEBUG "release_dev: other->table[%d] "
2368 "not o_tty for (%s)\n",
2369 idx, tty->name);
2370 return;
2371 }
2372 if (o_tty->termios != tty->driver->other->termios[idx]) {
2373 printk(KERN_DEBUG "release_dev: other->termios[%d] "
2374 "not o_termios for (%s)\n",
2375 idx, tty->name);
2376 return;
2377 }
2378 if (o_tty->termios_locked !=
2379 tty->driver->other->termios_locked[idx]) {
2380 printk(KERN_DEBUG "release_dev: other->termios_locked["
2381 "%d] not o_termios_locked for (%s)\n",
2382 idx, tty->name);
2383 return;
2384 }
2385 if (o_tty->link != tty) {
2386 printk(KERN_DEBUG "release_dev: bad pty pointers\n");
2387 return;
2388 }
2389 }
2390 #endif
2391 if (tty->driver->close)
2392 tty->driver->close(tty, filp);
2393
2394 /*
2395 * Sanity check: if tty->count is going to zero, there shouldn't be
2396 * any waiters on tty->read_wait or tty->write_wait. We test the
2397 * wait queues and kick everyone out _before_ actually starting to
2398 * close. This ensures that we won't block while releasing the tty
2399 * structure.
2400 *
2401 * The test for the o_tty closing is necessary, since the master and
2402 * slave sides may close in any order. If the slave side closes out
2403 * first, its count will be one, since the master side holds an open.
2404 * Thus this test wouldn't be triggered at the time the slave closes,
2405 * so we do it now.
2406 *
2407 * Note that it's possible for the tty to be opened again while we're
2408 * flushing out waiters. By recalculating the closing flags before
2409 * each iteration we avoid any problems.
2410 */
2411 while (1) {
2412 /* Guard against races with tty->count changes elsewhere and
2413 opens on /dev/tty */
2414
2415 mutex_lock(&tty_mutex);
2416 tty_closing = tty->count <= 1;
2417 o_tty_closing = o_tty &&
2418 (o_tty->count <= (pty_master ? 1 : 0));
2419 do_sleep = 0;
2420
2421 if (tty_closing) {
2422 if (waitqueue_active(&tty->read_wait)) {
2423 wake_up(&tty->read_wait);
2424 do_sleep++;
2425 }
2426 if (waitqueue_active(&tty->write_wait)) {
2427 wake_up(&tty->write_wait);
2428 do_sleep++;
2429 }
2430 }
2431 if (o_tty_closing) {
2432 if (waitqueue_active(&o_tty->read_wait)) {
2433 wake_up(&o_tty->read_wait);
2434 do_sleep++;
2435 }
2436 if (waitqueue_active(&o_tty->write_wait)) {
2437 wake_up(&o_tty->write_wait);
2438 do_sleep++;
2439 }
2440 }
2441 if (!do_sleep)
2442 break;
2443
2444 printk(KERN_WARNING "release_dev: %s: read/write wait queue "
2445 "active!\n", tty_name(tty, buf));
2446 mutex_unlock(&tty_mutex);
2447 schedule();
2448 }
2449
2450 /*
2451 * The closing flags are now consistent with the open counts on
2452 * both sides, and we've completed the last operation that could
2453 * block, so it's safe to proceed with closing.
2454 */
2455 if (pty_master) {
2456 if (--o_tty->count < 0) {
2457 printk(KERN_WARNING "release_dev: bad pty slave count "
2458 "(%d) for %s\n",
2459 o_tty->count, tty_name(o_tty, buf));
2460 o_tty->count = 0;
2461 }
2462 }
2463 if (--tty->count < 0) {
2464 printk(KERN_WARNING "release_dev: bad tty->count (%d) for %s\n",
2465 tty->count, tty_name(tty, buf));
2466 tty->count = 0;
2467 }
2468
2469 /*
2470 * We've decremented tty->count, so we need to remove this file
2471 * descriptor off the tty->tty_files list; this serves two
2472 * purposes:
2473 * - check_tty_count sees the correct number of file descriptors
2474 * associated with this tty.
2475 * - do_tty_hangup no longer sees this file descriptor as
2476 * something that needs to be handled for hangups.
2477 */
2478 file_kill(filp);
2479 filp->private_data = NULL;
2480
2481 /*
2482 * Perform some housekeeping before deciding whether to return.
2483 *
2484 * Set the TTY_CLOSING flag if this was the last open. In the
2485 * case of a pty we may have to wait around for the other side
2486 * to close, and TTY_CLOSING makes sure we can't be reopened.
2487 */
2488 if (tty_closing)
2489 set_bit(TTY_CLOSING, &tty->flags);
2490 if (o_tty_closing)
2491 set_bit(TTY_CLOSING, &o_tty->flags);
2492
2493 /*
2494 * If _either_ side is closing, make sure there aren't any
2495 * processes that still think tty or o_tty is their controlling
2496 * tty.
2497 */
2498 if (tty_closing || o_tty_closing) {
2499 read_lock(&tasklist_lock);
2500 session_clear_tty(tty->session);
2501 if (o_tty)
2502 session_clear_tty(o_tty->session);
2503 read_unlock(&tasklist_lock);
2504 }
2505
2506 mutex_unlock(&tty_mutex);
2507
2508 /* check whether both sides are closing ... */
2509 if (!tty_closing || (o_tty && !o_tty_closing))
2510 return;
2511
2512 #ifdef TTY_DEBUG_HANGUP
2513 printk(KERN_DEBUG "freeing tty structure...");
2514 #endif
2515 /*
2516 * Prevent flush_to_ldisc() from rescheduling the work for later. Then
2517 * kill any delayed work. As this is the final close it does not
2518 * race with the set_ldisc code path.
2519 */
2520 clear_bit(TTY_LDISC, &tty->flags);
2521 cancel_delayed_work(&tty->buf.work);
2522
2523 /*
2524 * Wait for ->hangup_work and ->buf.work handlers to terminate
2525 */
2526
2527 flush_scheduled_work();
2528
2529 /*
2530 * Wait for any short term users (we know they are just driver
2531 * side waiters as the file is closing so user count on the file
2532 * side is zero.
2533 */
2534 spin_lock_irqsave(&tty_ldisc_lock, flags);
2535 while (tty->ldisc.refcount) {
2536 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
2537 wait_event(tty_ldisc_wait, tty->ldisc.refcount == 0);
2538 spin_lock_irqsave(&tty_ldisc_lock, flags);
2539 }
2540 spin_unlock_irqrestore(&tty_ldisc_lock, flags);
2541 /*
2542 * Shutdown the current line discipline, and reset it to N_TTY.
2543 * N.B. why reset ldisc when we're releasing the memory??
2544 *
2545 * FIXME: this MUST get fixed for the new reflocking
2546 */
2547 if (tty->ldisc.close)
2548 (tty->ldisc.close)(tty);
2549 tty_ldisc_put(tty->ldisc.num);
2550
2551 /*
2552 * Switch the line discipline back
2553 */
2554 tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
2555 tty_set_termios_ldisc(tty, N_TTY);
2556 if (o_tty) {
2557 /* FIXME: could o_tty be in setldisc here ? */
2558 clear_bit(TTY_LDISC, &o_tty->flags);
2559 if (o_tty->ldisc.close)
2560 (o_tty->ldisc.close)(o_tty);
2561 tty_ldisc_put(o_tty->ldisc.num);
2562 tty_ldisc_assign(o_tty, tty_ldisc_get(N_TTY));
2563 tty_set_termios_ldisc(o_tty, N_TTY);
2564 }
2565 /*
2566 * The release_tty function takes care of the details of clearing
2567 * the slots and preserving the termios structure.
2568 */
2569 release_tty(tty, idx);
2570
2571 #ifdef CONFIG_UNIX98_PTYS
2572 /* Make this pty number available for reallocation */
2573 if (devpts) {
2574 mutex_lock(&allocated_ptys_lock);
2575 idr_remove(&allocated_ptys, idx);
2576 mutex_unlock(&allocated_ptys_lock);
2577 }
2578 #endif
2579
2580 }
2581
2582 /**
2583 * tty_open - open a tty device
2584 * @inode: inode of device file
2585 * @filp: file pointer to tty
2586 *
2587 * tty_open and tty_release keep up the tty count that contains the
2588 * number of opens done on a tty. We cannot use the inode-count, as
2589 * different inodes might point to the same tty.
2590 *
2591 * Open-counting is needed for pty masters, as well as for keeping
2592 * track of serial lines: DTR is dropped when the last close happens.
2593 * (This is not done solely through tty->count, now. - Ted 1/27/92)
2594 *
2595 * The termios state of a pty is reset on first open so that
2596 * settings don't persist across reuse.
2597 *
2598 * Locking: tty_mutex protects tty, get_tty_driver and init_dev work.
2599 * tty->count should protect the rest.
2600 * ->siglock protects ->signal/->sighand
2601 */
2602
2603 static int tty_open(struct inode *inode, struct file *filp)
2604 {
2605 struct tty_struct *tty;
2606 int noctty, retval;
2607 struct tty_driver *driver;
2608 int index;
2609 dev_t device = inode->i_rdev;
2610 unsigned short saved_flags = filp->f_flags;
2611
2612 nonseekable_open(inode, filp);
2613
2614 retry_open:
2615 noctty = filp->f_flags & O_NOCTTY;
2616 index = -1;
2617 retval = 0;
2618
2619 mutex_lock(&tty_mutex);
2620
2621 if (device == MKDEV(TTYAUX_MAJOR, 0)) {
2622 tty = get_current_tty();
2623 if (!tty) {
2624 mutex_unlock(&tty_mutex);
2625 return -ENXIO;
2626 }
2627 driver = tty->driver;
2628 index = tty->index;
2629 filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
2630 /* noctty = 1; */
2631 goto got_driver;
2632 }
2633 #ifdef CONFIG_VT
2634 if (device == MKDEV(TTY_MAJOR, 0)) {
2635 extern struct tty_driver *console_driver;
2636 driver = console_driver;
2637 index = fg_console;
2638 noctty = 1;
2639 goto got_driver;
2640 }
2641 #endif
2642 if (device == MKDEV(TTYAUX_MAJOR, 1)) {
2643 driver = console_device(&index);
2644 if (driver) {
2645 /* Don't let /dev/console block */
2646 filp->f_flags |= O_NONBLOCK;
2647 noctty = 1;
2648 goto got_driver;
2649 }
2650 mutex_unlock(&tty_mutex);
2651 return -ENODEV;
2652 }
2653
2654 driver = get_tty_driver(device, &index);
2655 if (!driver) {
2656 mutex_unlock(&tty_mutex);
2657 return -ENODEV;
2658 }
2659 got_driver:
2660 retval = init_dev(driver, index, &tty);
2661 mutex_unlock(&tty_mutex);
2662 if (retval)
2663 return retval;
2664
2665 filp->private_data = tty;
2666 file_move(filp, &tty->tty_files);
2667 check_tty_count(tty, "tty_open");
2668 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2669 tty->driver->subtype == PTY_TYPE_MASTER)
2670 noctty = 1;
2671 #ifdef TTY_DEBUG_HANGUP
2672 printk(KERN_DEBUG "opening %s...", tty->name);
2673 #endif
2674 if (!retval) {
2675 if (tty->driver->open)
2676 retval = tty->driver->open(tty, filp);
2677 else
2678 retval = -ENODEV;
2679 }
2680 filp->f_flags = saved_flags;
2681
2682 if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) &&
2683 !capable(CAP_SYS_ADMIN))
2684 retval = -EBUSY;
2685
2686 if (retval) {
2687 #ifdef TTY_DEBUG_HANGUP
2688 printk(KERN_DEBUG "error %d in opening %s...", retval,
2689 tty->name);
2690 #endif
2691 release_dev(filp);
2692 if (retval != -ERESTARTSYS)
2693 return retval;
2694 if (signal_pending(current))
2695 return retval;
2696 schedule();
2697 /*
2698 * Need to reset f_op in case a hangup happened.
2699 */
2700 if (filp->f_op == &hung_up_tty_fops)
2701 filp->f_op = &tty_fops;
2702 goto retry_open;
2703 }
2704
2705 mutex_lock(&tty_mutex);
2706 spin_lock_irq(¤t->sighand->siglock);
2707 if (!noctty &&
2708 current->signal->leader &&
2709 !current->signal->tty &&
2710 tty->session == NULL)
2711 __proc_set_tty(current, tty);
2712 spin_unlock_irq(¤t->sighand->siglock);
2713 mutex_unlock(&tty_mutex);
2714 tty_audit_opening();
2715 return 0;
2716 }
2717
2718 #ifdef CONFIG_UNIX98_PTYS
2719 /**
2720 * ptmx_open - open a unix 98 pty master
2721 * @inode: inode of device file
2722 * @filp: file pointer to tty
2723 *
2724 * Allocate a unix98 pty master device from the ptmx driver.
2725 *
2726 * Locking: tty_mutex protects theinit_dev work. tty->count should
2727 * protect the rest.
2728 * allocated_ptys_lock handles the list of free pty numbers
2729 */
2730
2731 static int ptmx_open(struct inode *inode, struct file *filp)
2732 {
2733 struct tty_struct *tty;
2734 int retval;
2735 int index;
2736 int idr_ret;
2737
2738 nonseekable_open(inode, filp);
2739
2740 /* find a device that is not in use. */
2741 mutex_lock(&allocated_ptys_lock);
2742 if (!idr_pre_get(&allocated_ptys, GFP_KERNEL)) {
2743 mutex_unlock(&allocated_ptys_lock);
2744 return -ENOMEM;
2745 }
2746 idr_ret = idr_get_new(&allocated_ptys, NULL, &index);
2747 if (idr_ret < 0) {
2748 mutex_unlock(&allocated_ptys_lock);
2749 if (idr_ret == -EAGAIN)
2750 return -ENOMEM;
2751 return -EIO;
2752 }
2753 if (index >= pty_limit) {
2754 idr_remove(&allocated_ptys, index);
2755 mutex_unlock(&allocated_ptys_lock);
2756 return -EIO;
2757 }
2758 mutex_unlock(&allocated_ptys_lock);
2759
2760 mutex_lock(&tty_mutex);
2761 retval = init_dev(ptm_driver, index, &tty);
2762 mutex_unlock(&tty_mutex);
2763
2764 if (retval)
2765 goto out;
2766
2767 set_bit(TTY_PTY_LOCK, &tty->flags); /* LOCK THE SLAVE */
2768 filp->private_data = tty;
2769 file_move(filp, &tty->tty_files);
2770
2771 retval = -ENOMEM;
2772 if (devpts_pty_new(tty->link))
2773 goto out1;
2774
2775 check_tty_count(tty, "tty_open");
2776 retval = ptm_driver->open(tty, filp);
2777 if (!retval) {
2778 tty_audit_opening();
2779 return 0;
2780 }
2781 out1:
2782 release_dev(filp);
2783 return retval;
2784 out:
2785 mutex_lock(&allocated_ptys_lock);
2786 idr_remove(&allocated_ptys, index);
2787 mutex_unlock(&allocated_ptys_lock);
2788 return retval;
2789 }
2790 #endif
2791
2792 /**
2793 * tty_release - vfs callback for close
2794 * @inode: inode of tty
2795 * @filp: file pointer for handle to tty
2796 *
2797 * Called the last time each file handle is closed that references
2798 * this tty. There may however be several such references.
2799 *
2800 * Locking:
2801 * Takes bkl. See release_dev
2802 */
2803
2804 static int tty_release(struct inode *inode, struct file *filp)
2805 {
2806 lock_kernel();
2807 release_dev(filp);
2808 unlock_kernel();
2809 return 0;
2810 }
2811
2812 /**
2813 * tty_poll - check tty status
2814 * @filp: file being polled
2815 * @wait: poll wait structures to update
2816 *
2817 * Call the line discipline polling method to obtain the poll
2818 * status of the device.
2819 *
2820 * Locking: locks called line discipline but ldisc poll method
2821 * may be re-entered freely by other callers.
2822 */
2823
2824 static unsigned int tty_poll(struct file *filp, poll_table *wait)
2825 {
2826 struct tty_struct *tty;
2827 struct tty_ldisc *ld;
2828 int ret = 0;
2829
2830 tty = (struct tty_struct *)filp->private_data;
2831 if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_poll"))
2832 return 0;
2833
2834 ld = tty_ldisc_ref_wait(tty);
2835 if (ld->poll)
2836 ret = (ld->poll)(tty, filp, wait);
2837 tty_ldisc_deref(ld);
2838 return ret;
2839 }
2840
2841 static int tty_fasync(int fd, struct file *filp, int on)
2842 {
2843 struct tty_struct *tty;
2844 int retval;
2845
2846 tty = (struct tty_struct *)filp->private_data;
2847 if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_fasync"))
2848 return 0;
2849
2850 retval = fasync_helper(fd, filp, on, &tty->fasync);
2851 if (retval <= 0)
2852 return retval;
2853
2854 if (on) {
2855 enum pid_type type;
2856 struct pid *pid;
2857 if (!waitqueue_active(&tty->read_wait))
2858 tty->minimum_to_wake = 1;
2859 if (tty->pgrp) {
2860 pid = tty->pgrp;
2861 type = PIDTYPE_PGID;
2862 } else {
2863 pid = task_pid(current);
2864 type = PIDTYPE_PID;
2865 }
2866 retval = __f_setown(filp, pid, type, 0);
2867 if (retval)
2868 return retval;
2869 } else {
2870 if (!tty->fasync && !waitqueue_active(&tty->read_wait))
2871 tty->minimum_to_wake = N_TTY_BUF_SIZE;
2872 }
2873 return 0;
2874 }
2875
2876 /**
2877 * tiocsti - fake input character
2878 * @tty: tty to fake input into
2879 * @p: pointer to character
2880 *
2881 * Fake input to a tty device. Does the necessary locking and
2882 * input management.
2883 *
2884 * FIXME: does not honour flow control ??
2885 *
2886 * Locking:
2887 * Called functions take tty_ldisc_lock
2888 * current->signal->tty check is safe without locks
2889 *
2890 * FIXME: may race normal receive processing
2891 */
2892
2893 static int tiocsti(struct tty_struct *tty, char __user *p)
2894 {
2895 char ch, mbz = 0;
2896 struct tty_ldisc *ld;
2897
2898 if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2899 return -EPERM;
2900 if (get_user(ch, p))
2901 return -EFAULT;
2902 ld = tty_ldisc_ref_wait(tty);
2903 ld->receive_buf(tty, &ch, &mbz, 1);
2904 tty_ldisc_deref(ld);
2905 return 0;
2906 }
2907
2908 /**
2909 * tiocgwinsz - implement window query ioctl
2910 * @tty; tty
2911 * @arg: user buffer for result
2912 *
2913 * Copies the kernel idea of the window size into the user buffer.
2914 *
2915 * Locking: tty->termios_mutex is taken to ensure the winsize data
2916 * is consistent.
2917 */
2918
2919 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2920 {
2921 int err;
2922
2923 mutex_lock(&tty->termios_mutex);
2924 err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2925 mutex_unlock(&tty->termios_mutex);
2926
2927 return err ? -EFAULT: 0;
2928 }
2929
2930 /**
2931 * tiocswinsz - implement window size set ioctl
2932 * @tty; tty
2933 * @arg: user buffer for result
2934 *
2935 * Copies the user idea of the window size to the kernel. Traditionally
2936 * this is just advisory information but for the Linux console it
2937 * actually has driver level meaning and triggers a VC resize.
2938 *
2939 * Locking:
2940 * Called function use the console_sem is used to ensure we do
2941 * not try and resize the console twice at once.
2942 * The tty->termios_mutex is used to ensure we don't double
2943 * resize and get confused. Lock order - tty->termios_mutex before
2944 * console sem
2945 */
2946
2947 static int tiocswinsz(struct tty_struct *tty, struct tty_struct *real_tty,
2948 struct winsize __user *arg)
2949 {
2950 struct winsize tmp_ws;
2951
2952 if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2953 return -EFAULT;
2954
2955 mutex_lock(&tty->termios_mutex);
2956 if (!memcmp(&tmp_ws, &tty->winsize, sizeof(*arg)))
2957 goto done;
2958
2959 #ifdef CONFIG_VT
2960 if (tty->driver->type == TTY_DRIVER_TYPE_CONSOLE) {
2961 if (vc_lock_resize(tty->driver_data, tmp_ws.ws_col,
2962 tmp_ws.ws_row)) {
2963 mutex_unlock(&tty->termios_mutex);
2964 return -ENXIO;
2965 }
2966 }
2967 #endif
2968 if (tty->pgrp)
2969 kill_pgrp(tty->pgrp, SIGWINCH, 1);
2970 if ((real_tty->pgrp != tty->pgrp) && real_tty->pgrp)
2971 kill_pgrp(real_tty->pgrp, SIGWINCH, 1);
2972 tty->winsize = tmp_ws;
2973 real_tty->winsize = tmp_ws;
2974 done:
2975 mutex_unlock(&tty->termios_mutex);
2976 return 0;
2977 }
2978
2979 /**
2980 * tioccons - allow admin to move logical console
2981 * @file: the file to become console
2982 *
2983 * Allow the adminstrator to move the redirected console device
2984 *
2985 * Locking: uses redirect_lock to guard the redirect information
2986 */
2987
2988 static int tioccons(struct file *file)
2989 {
2990 if (!capable(CAP_SYS_ADMIN))
2991 return -EPERM;
2992 if (file->f_op->write == redirected_tty_write) {
2993 struct file *f;
2994 spin_lock(&redirect_lock);
2995 f = redirect;
2996 redirect = NULL;
2997 spin_unlock(&redirect_lock);
2998 if (f)
2999 fput(f);
3000 return 0;
3001 }
3002 spin_lock(&redirect_lock);
3003 if (redirect) {
3004 spin_unlock(&redirect_lock);
3005 return -EBUSY;
3006 }
3007 get_file(file);
3008 redirect = file;
3009 spin_unlock(&redirect_lock);
3010 return 0;
3011 }
3012
3013 /**
3014 * fionbio - non blocking ioctl
3015 * @file: file to set blocking value
3016 * @p: user parameter
3017 *
3018 * Historical tty interfaces had a blocking control ioctl before
3019 * the generic functionality existed. This piece of history is preserved
3020 * in the expected tty API of posix OS's.
3021 *
3022 * Locking: none, the open fle handle ensures it won't go away.
3023 */
3024
3025 static int fionbio(struct file *file, int __user *p)
3026 {
3027 int nonblock;
3028
3029 if (get_user(nonblock, p))
3030 return -EFAULT;
3031
3032 if (nonblock)
3033 file->f_flags |= O_NONBLOCK;
3034 else
3035 file->f_flags &= ~O_NONBLOCK;
3036 return 0;
3037 }
3038
3039 /**
3040 * tiocsctty - set controlling tty
3041 * @tty: tty structure
3042 * @arg: user argument
3043 *
3044 * This ioctl is used to manage job control. It permits a session
3045 * leader to set this tty as the controlling tty for the session.
3046 *
3047 * Locking:
3048 * Takes tty_mutex() to protect tty instance
3049 * Takes tasklist_lock internally to walk sessions
3050 * Takes ->siglock() when updating signal->tty
3051 */
3052
3053 static int tiocsctty(struct tty_struct *tty, int arg)
3054 {
3055 int ret = 0;
3056 if (current->signal->leader && (task_session(current) == tty->session))
3057 return ret;
3058
3059 mutex_lock(&tty_mutex);
3060 /*
3061 * The process must be a session leader and
3062 * not have a controlling tty already.
3063 */
3064 if (!current->signal->leader || current->signal->tty) {
3065 ret = -EPERM;
3066 goto unlock;
3067 }
3068
3069 if (tty->session) {
3070 /*
3071 * This tty is already the controlling
3072 * tty for another session group!
3073 */
3074 if (arg == 1 && capable(CAP_SYS_ADMIN)) {
3075 /*
3076 * Steal it away
3077 */
3078 read_lock(&tasklist_lock);
3079 session_clear_tty(tty->session);
3080 read_unlock(&tasklist_lock);
3081 } else {
3082 ret = -EPERM;
3083 goto unlock;
3084 }
3085 }
3086 proc_set_tty(current, tty);
3087 unlock:
3088 mutex_unlock(&tty_mutex);
3089 return ret;
3090 }
3091
3092 /**
3093 * tiocgpgrp - get process group
3094 * @tty: tty passed by user
3095 * @real_tty: tty side of the tty pased by the user if a pty else the tty
3096 * @p: returned pid
3097 *
3098 * Obtain the process group of the tty. If there is no process group
3099 * return an error.
3100 *
3101 * Locking: none. Reference to current->signal->tty is safe.
3102 */
3103
3104 static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3105 {
3106 /*
3107 * (tty == real_tty) is a cheap way of
3108 * testing if the tty is NOT a master pty.
3109 */
3110 if (tty == real_tty && current->signal->tty != real_tty)
3111 return -ENOTTY;
3112 return put_user(pid_vnr(real_tty->pgrp), p);
3113 }
3114
3115 /**
3116 * tiocspgrp - attempt to set process group
3117 * @tty: tty passed by user
3118 * @real_tty: tty side device matching tty passed by user
3119 * @p: pid pointer
3120 *
3121 * Set the process group of the tty to the session passed. Only
3122 * permitted where the tty session is our session.
3123 *
3124 * Locking: None
3125 */
3126
3127 static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3128 {
3129 struct pid *pgrp;
3130 pid_t pgrp_nr;
3131 int retval = tty_check_change(real_tty);
3132
3133 if (retval == -EIO)
3134 return -ENOTTY;
3135 if (retval)
3136 return retval;
3137 if (!current->signal->tty ||
3138 (current->signal->tty != real_tty) ||
3139 (real_tty->session != task_session(current)))
3140 return -ENOTTY;
3141 if (get_user(pgrp_nr, p))
3142 return -EFAULT;
3143 if (pgrp_nr < 0)
3144 return -EINVAL;
3145 rcu_read_lock();
3146 pgrp = find_vpid(pgrp_nr);
3147 retval = -ESRCH;
3148 if (!pgrp)
3149 goto out_unlock;
3150 retval = -EPERM;
3151 if (session_of_pgrp(pgrp) != task_session(current))
3152 goto out_unlock;
3153 retval = 0;
3154 put_pid(real_tty->pgrp);
3155 real_tty->pgrp = get_pid(pgrp);
3156 out_unlock:
3157 rcu_read_unlock();
3158 return retval;
3159 }
3160
3161 /**
3162 * tiocgsid - get session id
3163 * @tty: tty passed by user
3164 * @real_tty: tty side of the tty pased by the user if a pty else the tty
3165 * @p: pointer to returned session id
3166 *
3167 * Obtain the session id of the tty. If there is no session
3168 * return an error.
3169 *
3170 * Locking: none. Reference to current->signal->tty is safe.
3171 */
3172
3173 static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
3174 {
3175 /*
3176 * (tty == real_tty) is a cheap way of
3177 * testing if the tty is NOT a master pty.
3178 */
3179 if (tty == real_tty && current->signal->tty != real_tty)
3180 return -ENOTTY;
3181 if (!real_tty->session)
3182 return -ENOTTY;
3183 return put_user(pid_vnr(real_tty->session), p);
3184 }
3185
3186 /**
3187 * tiocsetd - set line discipline
3188 * @tty: tty device
3189 * @p: pointer to user data
3190 *
3191 * Set the line discipline according to user request.
3192 *
3193 * Locking: see tty_set_ldisc, this function is just a helper
3194 */
3195
3196 static int tiocsetd(struct tty_struct *tty, int __user *p)
3197 {
3198 int ldisc;
3199
3200 if (get_user(ldisc, p))
3201 return -EFAULT;
3202 return tty_set_ldisc(tty, ldisc);
3203 }
3204
3205 /**
3206 * send_break - performed time break
3207 * @tty: device to break on
3208 * @duration: timeout in mS
3209 *
3210 * Perform a timed break on hardware that lacks its own driver level
3211 * timed break functionality.
3212 *
3213 * Locking:
3214 * atomic_write_lock serializes
3215 *
3216 */
3217
3218 static int send_break(struct tty_struct *tty, unsigned int duration)
3219 {
3220 if (tty_write_lock(tty, 0) < 0)
3221 return -EINTR;
3222 tty->driver->break_ctl(tty, -1);
3223 if (!signal_pending(current))
3224 msleep_interruptible(duration);
3225 tty->driver->break_ctl(tty, 0);
3226 tty_write_unlock(tty);
3227 if (signal_pending(current))
3228 return -EINTR;
3229 return 0;
3230 }
3231
3232 /**
3233 * tiocmget - get modem status
3234 * @tty: tty device
3235 * @file: user file pointer
3236 * @p: pointer to result
3237 *
3238 * Obtain the modem status bits from the tty driver if the feature
3239 * is supported. Return -EINVAL if it is not available.
3240 *
3241 * Locking: none (up to the driver)
3242 */
3243
3244 static int tty_tiocmget(struct tty_struct *tty, struct file *file, int __user *p)
3245 {
3246 int retval = -EINVAL;
3247
3248 if (tty->driver->tiocmget) {
3249 retval = tty->driver->tiocmget(tty, file);
3250
3251 if (retval >= 0)
3252 retval = put_user(retval, p);
3253 }
3254 return retval;
3255 }
3256
3257 /**
3258 * tiocmset - set modem status
3259 * @tty: tty device
3260 * @file: user file pointer
3261 * @cmd: command - clear bits, set bits or set all
3262 * @p: pointer to desired bits
3263 *
3264 * Set the modem status bits from the tty driver if the feature
3265 * is supported. Return -EINVAL if it is not available.
3266 *
3267 * Locking: none (up to the driver)
3268 */
3269
3270 static int tty_tiocmset(struct tty_struct *tty, struct file *file, unsigned int cmd,
3271 unsigned __user *p)
3272 {
3273 int retval = -EINVAL;
3274
3275 if (tty->driver->tiocmset) {
3276 unsigned int set, clear, val;
3277
3278 retval = get_user(val, p);
3279 if (retval)
3280 return retval;
3281
3282 set = clear = 0;
3283 switch (cmd) {
3284 case TIOCMBIS:
3285 set = val;
3286 break;
3287 case TIOCMBIC:
3288 clear = val;
3289 break;
3290 case TIOCMSET:
3291 set = val;
3292 clear = ~val;
3293 break;
3294 }
3295
3296 set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
3297 clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
3298
3299 retval = tty->driver->tiocmset(tty, file, set, clear);
3300 }
3301 return retval;
3302 }
3303
3304 /*
3305 * Split this up, as gcc can choke on it otherwise..
3306 */
3307 int tty_ioctl(struct inode *inode, struct file *file,
3308 unsigned int cmd, unsigned long arg)
3309 {
3310 struct tty_struct *tty, *real_tty;
3311 void __user *p = (void __user *)arg;
3312 int retval;
3313 struct tty_ldisc *ld;
3314
3315 tty = (struct tty_struct *)file->private_data;
3316 if (tty_paranoia_check(tty, inode, "tty_ioctl"))
3317 return -EINVAL;
3318
3319 /* CHECKME: is this safe as one end closes ? */
3320
3321 real_tty = tty;
3322 if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
3323 tty->driver->subtype == PTY_TYPE_MASTER)
3324 real_tty = tty->link;
3325
3326 /*
3327 * Break handling by driver
3328 */
3329 if (!tty->driver->break_ctl) {
3330 switch (cmd) {
3331 case TIOCSBRK:
3332 case TIOCCBRK:
3333 if (tty->driver->ioctl)
3334 return tty->driver->ioctl(tty, file, cmd, arg);
3335 return -EINVAL;
3336
3337 /* These two ioctl's always return success; even if */
3338 /* the driver doesn't support them. */
3339 case TCSBRK:
3340 case TCSBRKP:
3341 if (!tty->driver->ioctl)
3342 return 0;
3343 retval = tty->driver->ioctl(tty, file, cmd, arg);
3344 if (retval == -ENOIOCTLCMD)
3345 retval = 0;
3346 return retval;
3347 }
3348 }
3349
3350 /*
3351 * Factor out some common prep work
3352 */
3353 switch (cmd) {
3354 case TIOCSETD:
3355 case TIOCSBRK:
3356 case TIOCCBRK:
3357 case TCSBRK:
3358 case TCSBRKP:
3359 retval = tty_check_change(tty);
3360 if (retval)
3361 return retval;
3362 if (cmd != TIOCCBRK) {
3363 tty_wait_until_sent(tty, 0);
3364 if (signal_pending(current))
3365 return -EINTR;
3366 }
3367 break;
3368 }
3369
3370 switch (cmd) {
3371 case TIOCSTI:
3372 return tiocsti(tty, p);
3373 case TIOCGWINSZ:
3374 return tiocgwinsz(tty, p);
3375 case TIOCSWINSZ:
3376 return tiocswinsz(tty, real_tty, p);
3377 case TIOCCONS:
3378 return real_tty != tty ? -EINVAL : tioccons(file);
3379 case FIONBIO:
3380 return fionbio(file, p);
3381 case TIOCEXCL:
3382 set_bit(TTY_EXCLUSIVE, &tty->flags);
3383 return 0;
3384 case TIOCNXCL:
3385 clear_bit(TTY_EXCLUSIVE, &tty->flags);
3386 return 0;
3387 case TIOCNOTTY:
3388 if (current->signal->tty != tty)
3389 return -ENOTTY;
3390 no_tty();
3391 return 0;
3392 case TIOCSCTTY:
3393 return tiocsctty(tty, arg);
3394 case TIOCGPGRP:
3395 return tiocgpgrp(tty, real_tty, p);
3396 case TIOCSPGRP:
3397 return tiocspgrp(tty, real_tty, p);
3398 case TIOCGSID:
3399 return tiocgsid(tty, real_tty, p);
3400 case TIOCGETD:
3401 /* FIXME: check this is ok */
3402 return put_user(tty->ldisc.num, (int __user *)p);
3403 case TIOCSETD:
3404 return tiocsetd(tty, p);
3405 #ifdef CONFIG_VT
3406 case TIOCLINUX:
3407 return tioclinux(tty, arg);
3408 #endif
3409 /*
3410 * Break handling
3411 */
3412 case TIOCSBRK: /* Turn break on, unconditionally */
3413 tty->driver->break_ctl(tty, -1);
3414 return 0;
3415
3416 case TIOCCBRK: /* Turn break off, unconditionally */
3417 tty->driver->break_ctl(tty, 0);
3418 return 0;
3419 case TCSBRK: /* SVID version: non-zero arg --> no break */
3420 /* non-zero arg means wait for all output data
3421 * to be sent (performed above) but don't send break.
3422 * This is used by the tcdrain() termios function.
3423 */
3424 if (!arg)
3425 return send_break(tty, 250);
3426 return 0;
3427 case TCSBRKP: /* support for POSIX tcsendbreak() */
3428 return send_break(tty, arg ? arg*100 : 250);
3429
3430 case TIOCMGET:
3431 return tty_tiocmget(tty, file, p);
3432 case TIOCMSET:
3433 case TIOCMBIC:
3434 case TIOCMBIS:
3435 return tty_tiocmset(tty, file, cmd, p);
3436 case TCFLSH:
3437 switch (arg) {
3438 case TCIFLUSH:
3439 case TCIOFLUSH:
3440 /* flush tty buffer and allow ldisc to process ioctl */
3441 tty_buffer_flush(tty);
3442 break;
3443 }
3444 break;
3445 }
3446 if (tty->driver->ioctl) {
3447 retval = (tty->driver->ioctl)(tty, file, cmd, arg);
3448 if (retval != -ENOIOCTLCMD)
3449 return retval;
3450 }
3451 ld = tty_ldisc_ref_wait(tty);
3452 retval = -EINVAL;
3453 if (ld->ioctl) {
3454 retval = ld->ioctl(tty, file, cmd, arg);
3455 if (retval == -ENOIOCTLCMD)
3456 retval = -EINVAL;
3457 }
3458 tty_ldisc_deref(ld);
3459 return retval;
3460 }
3461
3462 #ifdef CONFIG_COMPAT
3463 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
3464 unsigned long arg)
3465 {
3466 struct inode *inode = file->f_dentry->d_inode;
3467 struct tty_struct *tty = file->private_data;
3468 struct tty_ldisc *ld;
3469 int retval = -ENOIOCTLCMD;
3470
3471 if (tty_paranoia_check(tty, inode, "tty_ioctl"))
3472 return -EINVAL;
3473
3474 if (tty->driver->compat_ioctl) {
3475 retval = (tty->driver->compat_ioctl)(tty, file, cmd, arg);
3476 if (retval != -ENOIOCTLCMD)
3477 return retval;
3478 }
3479
3480 ld = tty_ldisc_ref_wait(tty);
3481 if (ld->compat_ioctl)
3482 retval = ld->compat_ioctl(tty, file, cmd, arg);
3483 tty_ldisc_deref(ld);
3484
3485 return retval;
3486 }
3487 #endif
3488
3489 /*
3490 * This implements the "Secure Attention Key" --- the idea is to
3491 * prevent trojan horses by killing all processes associated with this
3492 * tty when the user hits the "Secure Attention Key". Required for
3493 * super-paranoid applications --- see the Orange Book for more details.
3494 *
3495 * This code could be nicer; ideally it should send a HUP, wait a few
3496 * seconds, then send a INT, and then a KILL signal. But you then
3497 * have to coordinate with the init process, since all processes associated
3498 * with the current tty must be dead before the new getty is allowed
3499 * to spawn.
3500 *
3501 * Now, if it would be correct ;-/ The current code has a nasty hole -
3502 * it doesn't catch files in flight. We may send the descriptor to ourselves
3503 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
3504 *
3505 * Nasty bug: do_SAK is being called in interrupt context. This can
3506 * deadlock. We punt it up to process context. AKPM - 16Mar2001
3507 */
3508 void __do_SAK(struct tty_struct *tty)
3509 {
3510 #ifdef TTY_SOFT_SAK
3511 tty_hangup(tty);
3512 #else
3513 struct task_struct *g, *p;
3514 struct pid *session;
3515 int i;
3516 struct file *filp;
3517 struct fdtable *fdt;
3518
3519 if (!tty)
3520 return;
3521 session = tty->session;
3522
3523 tty_ldisc_flush(tty);
3524
3525 if (tty->driver->flush_buffer)
3526 tty->driver->flush_buffer(tty);
3527
3528 read_lock(&tasklist_lock);
3529 /* Kill the entire session */
3530 do_each_pid_task(session, PIDTYPE_SID, p) {
3531 printk(KERN_NOTICE "SAK: killed process %d"
3532 " (%s): task_session_nr(p)==tty->session\n",
3533 task_pid_nr(p), p->comm);
3534 send_sig(SIGKILL, p, 1);
3535 } while_each_pid_task(session, PIDTYPE_SID, p);
3536 /* Now kill any processes that happen to have the
3537 * tty open.
3538 */
3539 do_each_thread(g, p) {
3540 if (p->signal->tty == tty) {
3541 printk(KERN_NOTICE "SAK: killed process %d"
3542 " (%s): task_session_nr(p)==tty->session\n",
3543 task_pid_nr(p), p->comm);
3544 send_sig(SIGKILL, p, 1);
3545 continue;
3546 }
3547 task_lock(p);
3548 if (p->files) {
3549 /*
3550 * We don't take a ref to the file, so we must
3551 * hold ->file_lock instead.
3552 */
3553 spin_lock(&p->files->file_lock);
3554 fdt = files_fdtable(p->files);
3555 for (i = 0; i < fdt->max_fds; i++) {
3556 filp = fcheck_files(p->files, i);
3557 if (!filp)
3558 continue;
3559 if (filp->f_op->read == tty_read &&
3560 filp->private_data == tty) {
3561 printk(KERN_NOTICE "SAK: killed process %d"
3562 " (%s): fd#%d opened to the tty\n",
3563 task_pid_nr(p), p->comm, i);
3564 force_sig(SIGKILL, p);
3565 break;
3566 }
3567 }
3568 spin_unlock(&p->files->file_lock);
3569 }
3570 task_unlock(p);
3571 } while_each_thread(g, p);
3572 read_unlock(&tasklist_lock);
3573 #endif
3574 }
3575
3576 static void do_SAK_work(struct work_struct *work)
3577 {
3578 struct tty_struct *tty =
3579 container_of(work, struct tty_struct, SAK_work);
3580 __do_SAK(tty);
3581 }
3582
3583 /*
3584 * The tq handling here is a little racy - tty->SAK_work may already be queued.
3585 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
3586 * the values which we write to it will be identical to the values which it
3587 * already has. --akpm
3588 */
3589 void do_SAK(struct tty_struct *tty)
3590 {
3591 if (!tty)
3592 return;
3593 schedule_work(&tty->SAK_work);
3594 }
3595
3596 EXPORT_SYMBOL(do_SAK);
3597
3598 /**
3599 * flush_to_ldisc
3600 * @work: tty structure passed from work queue.
3601 *
3602 * This routine is called out of the software interrupt to flush data
3603 * from the buffer chain to the line discipline.
3604 *
3605 * Locking: holds tty->buf.lock to guard buffer list. Drops the lock
3606 * while invoking the line discipline receive_buf method. The
3607 * receive_buf method is single threaded for each tty instance.
3608 */
3609
3610 static void flush_to_ldisc(struct work_struct *work)
3611 {
3612 struct tty_struct *tty =
3613 container_of(work, struct tty_struct, buf.work.work);
3614 unsigned long flags;
3615 struct tty_ldisc *disc;
3616 struct tty_buffer *tbuf, *head;
3617 char *char_buf;
3618 unsigned char *flag_buf;
3619
3620 disc = tty_ldisc_ref(tty);
3621 if (disc == NULL) /* !TTY_LDISC */
3622 return;
3623
3624 spin_lock_irqsave(&tty->buf.lock, flags);
3625 /* So we know a flush is running */
3626 set_bit(TTY_FLUSHING, &tty->flags);
3627 head = tty->buf.head;
3628 if (head != NULL) {
3629 tty->buf.head = NULL;
3630 for (;;) {
3631 int count = head->commit - head->read;
3632 if (!count) {
3633 if (head->next == NULL)
3634 break;
3635 tbuf = head;
3636 head = head->next;
3637 tty_buffer_free(tty, tbuf);
3638 continue;
3639 }
3640 /* Ldisc or user is trying to flush the buffers
3641 we are feeding to the ldisc, stop feeding the
3642 line discipline as we want to empty the queue */
3643 if (test_bit(TTY_FLUSHPENDING, &tty->flags))
3644 break;
3645 if (!tty->receive_room) {
3646 schedule_delayed_work(&tty->buf.work, 1);
3647 break;
3648 }
3649 if (count > tty->receive_room)
3650 count = tty->receive_room;
3651 char_buf = head->char_buf_ptr + head->read;
3652 flag_buf = head->flag_buf_ptr + head->read;
3653 head->read += count;
3654 spin_unlock_irqrestore(&tty->buf.lock, flags);
3655 disc->receive_buf(tty, char_buf, flag_buf, count);
3656 spin_lock_irqsave(&tty->buf.lock, flags);
3657 }
3658 /* Restore the queue head */
3659 tty->buf.head = head;
3660 }
3661 /* We may have a deferred request to flush the input buffer,
3662 if so pull the chain under the lock and empty the queue */
3663 if (test_bit(TTY_FLUSHPENDING, &tty->flags)) {
3664 __tty_buffer_flush(tty);
3665 clear_bit(TTY_FLUSHPENDING, &tty->flags);
3666 wake_up(&tty->read_wait);
3667 }
3668 clear_bit(TTY_FLUSHING, &tty->flags);
3669 spin_unlock_irqrestore(&tty->buf.lock, flags);
3670
3671 tty_ldisc_deref(disc);
3672 }
3673
3674 /**
3675 * tty_flip_buffer_push - terminal
3676 * @tty: tty to push
3677 *
3678 * Queue a push of the terminal flip buffers to the line discipline. This
3679 * function must not be called from IRQ context if tty->low_latency is set.
3680 *
3681 * In the event of the queue being busy for flipping the work will be
3682 * held off and retried later.
3683 *
3684 * Locking: tty buffer lock. Driver locks in low latency mode.
3685 */
3686
3687 void tty_flip_buffer_push(struct tty_struct *tty)
3688 {
3689 unsigned long flags;
3690 spin_lock_irqsave(&tty->buf.lock, flags);
3691 if (tty->buf.tail != NULL)
3692 tty->buf.tail->commit = tty->buf.tail->used;
3693 spin_unlock_irqrestore(&tty->buf.lock, flags);
3694
3695 #ifndef CONFIG_PREEMPT_RT
3696 if (tty->low_latency)
3697 flush_to_ldisc(&tty->buf.work.work);
3698 else
3699 schedule_delayed_work(&tty->buf.work, 1);
3700 #else
3701 flush_to_ldisc(&tty->buf.work.work);
3702 #endif
3703 }
3704
3705 EXPORT_SYMBOL(tty_flip_buffer_push);
3706
3707
3708 /**
3709 * initialize_tty_struct
3710 * @tty: tty to initialize
3711 *
3712 * This subroutine initializes a tty structure that has been newly
3713 * allocated.
3714 *
3715 * Locking: none - tty in question must not be exposed at this point
3716 */
3717
3718 static void initialize_tty_struct(struct tty_struct *tty)
3719 {
3720 memset(tty, 0, sizeof(struct tty_struct));
3721 tty->magic = TTY_MAGIC;
3722 tty_ldisc_assign(tty, tty_ldisc_get(N_TTY));
3723 tty->session = NULL;
3724 tty->pgrp = NULL;
3725 tty->overrun_time = jiffies;
3726 tty->buf.head = tty->buf.tail = NULL;
3727 tty_buffer_init(tty);
3728 INIT_DELAYED_WORK(&tty->buf.work, flush_to_ldisc);
3729 mutex_init(&tty->termios_mutex);
3730 init_waitqueue_head(&tty->write_wait);
3731 init_waitqueue_head(&tty->read_wait);
3732 INIT_WORK(&tty->hangup_work, do_tty_hangup);
3733 mutex_init(&tty->atomic_read_lock);
3734 mutex_init(&tty->atomic_write_lock);
3735 spin_lock_init(&tty->read_lock);
3736 percpu_list_init(&tty->tty_files);
3737 INIT_WORK(&tty->SAK_work, do_SAK_work);
3738 }
3739
3740 /*
3741 * The default put_char routine if the driver did not define one.
3742 */
3743
3744 static void tty_default_put_char(struct tty_struct *tty, unsigned char ch)
3745 {
3746 tty->driver->write(tty, &ch, 1);
3747 }
3748
3749 static struct class *tty_class;
3750
3751 /**
3752 * tty_register_device - register a tty device
3753 * @driver: the tty driver that describes the tty device
3754 * @index: the index in the tty driver for this tty device
3755 * @device: a struct device that is associated with this tty device.
3756 * This field is optional, if there is no known struct device
3757 * for this tty device it can be set to NULL safely.
3758 *
3759 * Returns a pointer to the struct device for this tty device
3760 * (or ERR_PTR(-EFOO) on error).
3761 *
3762 * This call is required to be made to register an individual tty device
3763 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3764 * that bit is not set, this function should not be called by a tty
3765 * driver.
3766 *
3767 * Locking: ??
3768 */
3769
3770 struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3771 struct device *device)
3772 {
3773 char name[64];
3774 dev_t dev = MKDEV(driver->major, driver->minor_start) + index;
3775
3776 if (index >= driver->num) {
3777 printk(KERN_ERR "Attempt to register invalid tty line number "
3778 " (%d).\n", index);
3779 return ERR_PTR(-EINVAL);
3780 }
3781
3782 if (driver->type == TTY_DRIVER_TYPE_PTY)
3783 pty_line_name(driver, index, name);
3784 else
3785 tty_line_name(driver, index, name);
3786
3787 return device_create(tty_class, device, dev, name);
3788 }
3789
3790 /**
3791 * tty_unregister_device - unregister a tty device
3792 * @driver: the tty driver that describes the tty device
3793 * @index: the index in the tty driver for this tty device
3794 *
3795 * If a tty device is registered with a call to tty_register_device() then
3796 * this function must be called when the tty device is gone.
3797 *
3798 * Locking: ??
3799 */
3800
3801 void tty_unregister_device(struct tty_driver *driver, unsigned index)
3802 {
3803 device_destroy(tty_class,
3804 MKDEV(driver->major, driver->minor_start) + index);
3805 }
3806
3807 EXPORT_SYMBOL(tty_register_device);
3808 EXPORT_SYMBOL(tty_unregister_device);
3809
3810 struct tty_driver *alloc_tty_driver(int lines)
3811 {
3812 struct tty_driver *driver;
3813
3814 driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL);
3815 if (driver) {
3816 driver->magic = TTY_DRIVER_MAGIC;
3817 driver->num = lines;
3818 /* later we'll move allocation of tables here */
3819 }
3820 return driver;
3821 }
3822
3823 void put_tty_driver(struct tty_driver *driver)
3824 {
3825 kfree(driver);
3826 }
3827
3828 void tty_set_operations(struct tty_driver *driver,
3829 const struct tty_operations *op)
3830 {
3831 driver->open = op->open;
3832 driver->close = op->close;
3833 driver->write = op->write;
3834 driver->put_char = op->put_char;
3835 driver->flush_chars = op->flush_chars;
3836 driver->write_room = op->write_room;
3837 driver->chars_in_buffer = op->chars_in_buffer;
3838 driver->ioctl = op->ioctl;
3839 driver->compat_ioctl = op->compat_ioctl;
3840 driver->set_termios = op->set_termios;
3841 driver->throttle = op->throttle;
3842 driver->unthrottle = op->unthrottle;
3843 driver->stop = op->stop;
3844 driver->start = op->start;
3845 driver->hangup = op->hangup;
3846 driver->break_ctl = op->break_ctl;
3847 driver->flush_buffer = op->flush_buffer;
3848 driver->set_ldisc = op->set_ldisc;
3849 driver->wait_until_sent = op->wait_until_sent;
3850 driver->send_xchar = op->send_xchar;
3851 driver->read_proc = op->read_proc;
3852 driver->write_proc = op->write_proc;
3853 driver->tiocmget = op->tiocmget;
3854 driver->tiocmset = op->tiocmset;
3855 }
3856
3857
3858 EXPORT_SYMBOL(alloc_tty_driver);
3859 EXPORT_SYMBOL(put_tty_driver);
3860 EXPORT_SYMBOL(tty_set_operations);
3861
3862 /*
3863 * Called by a tty driver to register itself.
3864 */
3865 int tty_register_driver(struct tty_driver *driver)
3866 {
3867 int error;
3868 int i;
3869 dev_t dev;
3870 void **p = NULL;
3871
3872 if (driver->flags & TTY_DRIVER_INSTALLED)
3873 return 0;
3874
3875 if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM) && driver->num) {
3876 p = kzalloc(driver->num * 3 * sizeof(void *), GFP_KERNEL);
3877 if (!p)
3878 return -ENOMEM;
3879 }
3880
3881 if (!driver->major) {
3882 error = alloc_chrdev_region(&dev, driver->minor_start,
3883 driver->num, driver->name);
3884 if (!error) {
3885 driver->major = MAJOR(dev);
3886 driver->minor_start = MINOR(dev);
3887 }
3888 } else {
3889 dev = MKDEV(driver->major, driver->minor_start);
3890 error = register_chrdev_region(dev, driver->num, driver->name);
3891 }
3892 if (error < 0) {
3893 kfree(p);
3894 return error;
3895 }
3896
3897 if (p) {
3898 driver->ttys = (struct tty_struct **)p;
3899 driver->termios = (struct ktermios **)(p + driver->num);
3900 driver->termios_locked = (struct ktermios **)
3901 (p + driver->num * 2);
3902 } else {
3903 driver->ttys = NULL;
3904 driver->termios = NULL;
3905 driver->termios_locked = NULL;
3906 }
3907
3908 cdev_init(&driver->cdev, &tty_fops);
3909 driver->cdev.owner = driver->owner;
3910 error = cdev_add(&driver->cdev, dev, driver->num);
3911 if (error) {
3912 unregister_chrdev_region(dev, driver->num);
3913 driver->ttys = NULL;
3914 driver->termios = driver->termios_locked = NULL;
3915 kfree(p);
3916 return error;
3917 }
3918
3919 if (!driver->put_char)
3920 driver->put_char = tty_default_put_char;
3921
3922 mutex_lock(&tty_mutex);
3923 list_add(&driver->tty_drivers, &tty_drivers);
3924 mutex_unlock(&tty_mutex);
3925
3926 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
3927 for (i = 0; i < driver->num; i++)
3928 tty_register_device(driver, i, NULL);
3929 }
3930 proc_tty_register_driver(driver);
3931 return 0;
3932 }
3933
3934 EXPORT_SYMBOL(tty_register_driver);
3935
3936 /*
3937 * Called by a tty driver to unregister itself.
3938 */
3939 int tty_unregister_driver(struct tty_driver *driver)
3940 {
3941 int i;
3942 struct ktermios *tp;
3943 void *p;
3944
3945 if (driver->refcount)
3946 return -EBUSY;
3947
3948 unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3949 driver->num);
3950 mutex_lock(&tty_mutex);
3951 list_del(&driver->tty_drivers);
3952 mutex_unlock(&tty_mutex);
3953
3954 /*
3955 * Free the termios and termios_locked structures because
3956 * we don't want to get memory leaks when modular tty
3957 * drivers are removed from the kernel.
3958 */
3959 for (i = 0; i < driver->num; i++) {
3960 tp = driver->termios[i];
3961 if (tp) {
3962 driver->termios[i] = NULL;
3963 kfree(tp);
3964 }
3965 tp = driver->termios_locked[i];
3966 if (tp) {
3967 driver->termios_locked[i] = NULL;
3968 kfree(tp);
3969 }
3970 if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3971 tty_unregister_device(driver, i);
3972 }
3973 p = driver->ttys;
3974 proc_tty_unregister_driver(driver);
3975 driver->ttys = NULL;
3976 driver->termios = driver->termios_locked = NULL;
3977 kfree(p);
3978 cdev_del(&driver->cdev);
3979 return 0;
3980 }
3981 EXPORT_SYMBOL(tty_unregister_driver);
3982
3983 dev_t tty_devnum(struct tty_struct *tty)
3984 {
3985 return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3986 }
3987 EXPORT_SYMBOL(tty_devnum);
3988
3989 void proc_clear_tty(struct task_struct *p)
3990 {
3991 spin_lock_irq(&p->sighand->siglock);
3992 p->signal->tty = NULL;
3993 spin_unlock_irq(&p->sighand->siglock);
3994 }
3995 EXPORT_SYMBOL(proc_clear_tty);
3996
3997 static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
3998 {
3999 if (tty) {
4000 /* We should not have a session or pgrp to here but.... */
4001 put_pid(tty->session);
4002 put_pid(tty->pgrp);
4003 tty->session = get_pid(task_session(tsk));
4004 tty->pgrp = get_pid(task_pgrp(tsk));
4005 }
4006 put_pid(tsk->signal->tty_old_pgrp);
4007 tsk->signal->tty = tty;
4008 tsk->signal->tty_old_pgrp = NULL;
4009 }
4010
4011 static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
4012 {
4013 spin_lock_irq(&tsk->sighand->siglock);
4014 __proc_set_tty(tsk, tty);
4015 spin_unlock_irq(&tsk->sighand->siglock);
4016 }
4017
4018 struct tty_struct *get_current_tty(void)
4019 {
4020 struct tty_struct *tty;
4021 WARN_ON_ONCE(!mutex_is_locked(&tty_mutex));
4022 tty = current->signal->tty;
4023 /*
4024 * session->tty can be changed/cleared from under us, make sure we
4025 * issue the load. The obtained pointer, when not NULL, is valid as
4026 * long as we hold tty_mutex.
4027 */
4028 barrier();
4029 return tty;
4030 }
4031 EXPORT_SYMBOL_GPL(get_current_tty);
4032
4033 /*
4034 * Initialize the console device. This is called *early*, so
4035 * we can't necessarily depend on lots of kernel help here.
4036 * Just do some early initializations, and do the complex setup
4037 * later.
4038 */
4039 void __init console_init(void)
4040 {
4041 initcall_t *call;
4042
4043 /* Setup the default TTY line discipline. */
4044 (void) tty_register_ldisc(N_TTY, &tty_ldisc_N_TTY);
4045
4046 /*
4047 * set up the console device so that later boot sequences can
4048 * inform about problems etc..
4049 */
4050 call = __con_initcall_start;
4051 while (call < __con_initcall_end) {
4052 (*call)();
4053 call++;
4054 }
4055 }
4056
4057 static int __init tty_class_init(void)
4058 {
4059 tty_class = class_create(THIS_MODULE, "tty");
4060 if (IS_ERR(tty_class))
4061 return PTR_ERR(tty_class);
4062 return 0;
4063 }
4064
4065 postcore_initcall(tty_class_init);
4066
4067 /* 3/2004 jmc: why do these devices exist? */
4068
4069 static struct cdev tty_cdev, console_cdev;
4070 #ifdef CONFIG_UNIX98_PTYS
4071 static struct cdev ptmx_cdev;
4072 #endif
4073 #ifdef CONFIG_VT
4074 static struct cdev vc0_cdev;
4075 #endif
4076
4077 /*
4078 * Ok, now we can initialize the rest of the tty devices and can count
4079 * on memory allocations, interrupts etc..
4080 */
4081 static int __init tty_init(void)
4082 {
4083 cdev_init(&tty_cdev, &tty_fops);
4084 if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
4085 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
4086 panic("Couldn't register /dev/tty driver\n");
4087 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), "tty");
4088
4089 cdev_init(&console_cdev, &console_fops);
4090 if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
4091 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
4092 panic("Couldn't register /dev/console driver\n");
4093 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), "console");
4094
4095 #ifdef CONFIG_UNIX98_PTYS
4096 cdev_init(&ptmx_cdev, &ptmx_fops);
4097 if (cdev_add(&ptmx_cdev, MKDEV(TTYAUX_MAJOR, 2), 1) ||
4098 register_chrdev_region(MKDEV(TTYAUX_MAJOR, 2), 1, "/dev/ptmx") < 0)
4099 panic("Couldn't register /dev/ptmx driver\n");
4100 device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 2), "ptmx");
4101 #endif
4102
4103 #ifdef CONFIG_VT
4104 cdev_init(&vc0_cdev, &console_fops);
4105 if (cdev_add(&vc0_cdev, MKDEV(TTY_MAJOR, 0), 1) ||
4106 register_chrdev_region(MKDEV(TTY_MAJOR, 0), 1, "/dev/vc/0") < 0)
4107 panic("Couldn't register /dev/tty0 driver\n");
4108 device_create(tty_class, NULL, MKDEV(TTY_MAJOR, 0), "tty0");
4109
4110 vty_init();
4111 #endif
4112 return 0;
4113 }
4114 module_init(tty_init);
4115
|
This page was automatically generated by the
LXR engine.
|