Root/drivers/tty/tty_io.c

1/*
2 * Copyright (C) 1991, 1992 Linus Torvalds
3 */
4
5/*
6 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
7 * or rs-channels. It also implements echoing, cooked mode etc.
8 *
9 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
10 *
11 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
12 * tty_struct and tty_queue structures. Previously there was an array
13 * of 256 tty_struct's which was statically allocated, and the
14 * tty_queue structures were allocated at boot time. Both are now
15 * dynamically allocated only when the tty is open.
16 *
17 * Also restructured routines so that there is more of a separation
18 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
19 * the low-level tty routines (serial.c, pty.c, console.c). This
20 * makes for cleaner and more compact code. -TYT, 9/17/92
21 *
22 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
23 * which can be dynamically activated and de-activated by the line
24 * discipline handling modules (like SLIP).
25 *
26 * NOTE: pay no attention to the line discipline code (yet); its
27 * interface is still subject to change in this version...
28 * -- TYT, 1/31/92
29 *
30 * Added functionality to the OPOST tty handling. No delays, but all
31 * other bits should be there.
32 * -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
33 *
34 * Rewrote canonical mode and added more termios flags.
35 * -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
36 *
37 * Reorganized FASYNC support so mouse code can share it.
38 * -- ctm@ardi.com, 9Sep95
39 *
40 * New TIOCLINUX variants added.
41 * -- mj@k332.feld.cvut.cz, 19-Nov-95
42 *
43 * Restrict vt switching via ioctl()
44 * -- grif@cs.ucr.edu, 5-Dec-95
45 *
46 * Move console and virtual terminal code to more appropriate files,
47 * implement CONFIG_VT and generalize console device interface.
48 * -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
49 *
50 * Rewrote tty_init_dev and tty_release_dev to eliminate races.
51 * -- Bill Hawes <whawes@star.net>, June 97
52 *
53 * Added devfs support.
54 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
55 *
56 * Added support for a Unix98-style ptmx device.
57 * -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
58 *
59 * Reduced memory usage for older ARM systems
60 * -- Russell King <rmk@arm.linux.org.uk>
61 *
62 * Move do_SAK() into process context. Less stack use in devfs functions.
63 * alloc_tty_struct() always uses kmalloc()
64 * -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
65 */
66
67#include <linux/types.h>
68#include <linux/major.h>
69#include <linux/errno.h>
70#include <linux/signal.h>
71#include <linux/fcntl.h>
72#include <linux/sched.h>
73#include <linux/interrupt.h>
74#include <linux/tty.h>
75#include <linux/tty_driver.h>
76#include <linux/tty_flip.h>
77#include <linux/devpts_fs.h>
78#include <linux/file.h>
79#include <linux/fdtable.h>
80#include <linux/console.h>
81#include <linux/timer.h>
82#include <linux/ctype.h>
83#include <linux/kd.h>
84#include <linux/mm.h>
85#include <linux/string.h>
86#include <linux/slab.h>
87#include <linux/poll.h>
88#include <linux/proc_fs.h>
89#include <linux/init.h>
90#include <linux/module.h>
91#include <linux/device.h>
92#include <linux/wait.h>
93#include <linux/bitops.h>
94#include <linux/delay.h>
95#include <linux/seq_file.h>
96#include <linux/serial.h>
97#include <linux/ratelimit.h>
98
99#include <linux/uaccess.h>
100
101#include <linux/kbd_kern.h>
102#include <linux/vt_kern.h>
103#include <linux/selection.h>
104
105#include <linux/kmod.h>
106#include <linux/nsproxy.h>
107
108#undef TTY_DEBUG_HANGUP
109
110#define TTY_PARANOIA_CHECK 1
111#define CHECK_TTY_COUNT 1
112
113struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
114    .c_iflag = ICRNL | IXON,
115    .c_oflag = OPOST | ONLCR,
116    .c_cflag = B38400 | CS8 | CREAD | HUPCL,
117    .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
118           ECHOCTL | ECHOKE | IEXTEN,
119    .c_cc = INIT_C_CC,
120    .c_ispeed = 38400,
121    .c_ospeed = 38400
122};
123
124EXPORT_SYMBOL(tty_std_termios);
125
126/* This list gets poked at by procfs and various bits of boot up code. This
127   could do with some rationalisation such as pulling the tty proc function
128   into this file */
129
130LIST_HEAD(tty_drivers); /* linked list of tty drivers */
131
132/* Mutex to protect creating and releasing a tty. This is shared with
133   vt.c for deeply disgusting hack reasons */
134DEFINE_MUTEX(tty_mutex);
135EXPORT_SYMBOL(tty_mutex);
136
137/* Spinlock to protect the tty->tty_files list */
138DEFINE_SPINLOCK(tty_files_lock);
139
140static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
141static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
142ssize_t redirected_tty_write(struct file *, const char __user *,
143                            size_t, loff_t *);
144static unsigned int tty_poll(struct file *, poll_table *);
145static int tty_open(struct inode *, struct file *);
146long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
147#ifdef CONFIG_COMPAT
148static long tty_compat_ioctl(struct file *file, unsigned int cmd,
149                unsigned long arg);
150#else
151#define tty_compat_ioctl NULL
152#endif
153static int __tty_fasync(int fd, struct file *filp, int on);
154static int tty_fasync(int fd, struct file *filp, int on);
155static void release_tty(struct tty_struct *tty, int idx);
156static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
157static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
158
159/**
160 * alloc_tty_struct - allocate a tty object
161 *
162 * Return a new empty tty structure. The data fields have not
163 * been initialized in any way but has been zeroed
164 *
165 * Locking: none
166 */
167
168struct tty_struct *alloc_tty_struct(void)
169{
170    return kzalloc(sizeof(struct tty_struct), GFP_KERNEL);
171}
172
173/**
174 * free_tty_struct - free a disused tty
175 * @tty: tty struct to free
176 *
177 * Free the write buffers, tty queue and tty memory itself.
178 *
179 * Locking: none. Must be called after tty is definitely unused
180 */
181
182void free_tty_struct(struct tty_struct *tty)
183{
184    if (!tty)
185        return;
186    if (tty->dev)
187        put_device(tty->dev);
188    kfree(tty->write_buf);
189    tty->magic = 0xDEADDEAD;
190    kfree(tty);
191}
192
193static inline struct tty_struct *file_tty(struct file *file)
194{
195    return ((struct tty_file_private *)file->private_data)->tty;
196}
197
198int tty_alloc_file(struct file *file)
199{
200    struct tty_file_private *priv;
201
202    priv = kmalloc(sizeof(*priv), GFP_KERNEL);
203    if (!priv)
204        return -ENOMEM;
205
206    file->private_data = priv;
207
208    return 0;
209}
210
211/* Associate a new file with the tty structure */
212void tty_add_file(struct tty_struct *tty, struct file *file)
213{
214    struct tty_file_private *priv = file->private_data;
215
216    priv->tty = tty;
217    priv->file = file;
218
219    spin_lock(&tty_files_lock);
220    list_add(&priv->list, &tty->tty_files);
221    spin_unlock(&tty_files_lock);
222}
223
224/**
225 * tty_free_file - free file->private_data
226 *
227 * This shall be used only for fail path handling when tty_add_file was not
228 * called yet.
229 */
230void tty_free_file(struct file *file)
231{
232    struct tty_file_private *priv = file->private_data;
233
234    file->private_data = NULL;
235    kfree(priv);
236}
237
238/* Delete file from its tty */
239static void tty_del_file(struct file *file)
240{
241    struct tty_file_private *priv = file->private_data;
242
243    spin_lock(&tty_files_lock);
244    list_del(&priv->list);
245    spin_unlock(&tty_files_lock);
246    tty_free_file(file);
247}
248
249
250#define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
251
252/**
253 * tty_name - return tty naming
254 * @tty: tty structure
255 * @buf: buffer for output
256 *
257 * Convert a tty structure into a name. The name reflects the kernel
258 * naming policy and if udev is in use may not reflect user space
259 *
260 * Locking: none
261 */
262
263char *tty_name(struct tty_struct *tty, char *buf)
264{
265    if (!tty) /* Hmm. NULL pointer. That's fun. */
266        strcpy(buf, "NULL tty");
267    else
268        strcpy(buf, tty->name);
269    return buf;
270}
271
272EXPORT_SYMBOL(tty_name);
273
274int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
275                  const char *routine)
276{
277#ifdef TTY_PARANOIA_CHECK
278    if (!tty) {
279        printk(KERN_WARNING
280            "null TTY for (%d:%d) in %s\n",
281            imajor(inode), iminor(inode), routine);
282        return 1;
283    }
284    if (tty->magic != TTY_MAGIC) {
285        printk(KERN_WARNING
286            "bad magic number for tty struct (%d:%d) in %s\n",
287            imajor(inode), iminor(inode), routine);
288        return 1;
289    }
290#endif
291    return 0;
292}
293
294static int check_tty_count(struct tty_struct *tty, const char *routine)
295{
296#ifdef CHECK_TTY_COUNT
297    struct list_head *p;
298    int count = 0;
299
300    spin_lock(&tty_files_lock);
301    list_for_each(p, &tty->tty_files) {
302        count++;
303    }
304    spin_unlock(&tty_files_lock);
305    if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
306        tty->driver->subtype == PTY_TYPE_SLAVE &&
307        tty->link && tty->link->count)
308        count++;
309    if (tty->count != count) {
310        printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
311                    "!= #fd's(%d) in %s\n",
312               tty->name, tty->count, count, routine);
313        return count;
314    }
315#endif
316    return 0;
317}
318
319/**
320 * get_tty_driver - find device of a tty
321 * @dev_t: device identifier
322 * @index: returns the index of the tty
323 *
324 * This routine returns a tty driver structure, given a device number
325 * and also passes back the index number.
326 *
327 * Locking: caller must hold tty_mutex
328 */
329
330static struct tty_driver *get_tty_driver(dev_t device, int *index)
331{
332    struct tty_driver *p;
333
334    list_for_each_entry(p, &tty_drivers, tty_drivers) {
335        dev_t base = MKDEV(p->major, p->minor_start);
336        if (device < base || device >= base + p->num)
337            continue;
338        *index = device - base;
339        return tty_driver_kref_get(p);
340    }
341    return NULL;
342}
343
344#ifdef CONFIG_CONSOLE_POLL
345
346/**
347 * tty_find_polling_driver - find device of a polled tty
348 * @name: name string to match
349 * @line: pointer to resulting tty line nr
350 *
351 * This routine returns a tty driver structure, given a name
352 * and the condition that the tty driver is capable of polled
353 * operation.
354 */
355struct tty_driver *tty_find_polling_driver(char *name, int *line)
356{
357    struct tty_driver *p, *res = NULL;
358    int tty_line = 0;
359    int len;
360    char *str, *stp;
361
362    for (str = name; *str; str++)
363        if ((*str >= '0' && *str <= '9') || *str == ',')
364            break;
365    if (!*str)
366        return NULL;
367
368    len = str - name;
369    tty_line = simple_strtoul(str, &str, 10);
370
371    mutex_lock(&tty_mutex);
372    /* Search through the tty devices to look for a match */
373    list_for_each_entry(p, &tty_drivers, tty_drivers) {
374        if (strncmp(name, p->name, len) != 0)
375            continue;
376        stp = str;
377        if (*stp == ',')
378            stp++;
379        if (*stp == '\0')
380            stp = NULL;
381
382        if (tty_line >= 0 && tty_line < p->num && p->ops &&
383            p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) {
384            res = tty_driver_kref_get(p);
385            *line = tty_line;
386            break;
387        }
388    }
389    mutex_unlock(&tty_mutex);
390
391    return res;
392}
393EXPORT_SYMBOL_GPL(tty_find_polling_driver);
394#endif
395
396/**
397 * tty_check_change - check for POSIX terminal changes
398 * @tty: tty to check
399 *
400 * If we try to write to, or set the state of, a terminal and we're
401 * not in the foreground, send a SIGTTOU. If the signal is blocked or
402 * ignored, go ahead and perform the operation. (POSIX 7.2)
403 *
404 * Locking: ctrl_lock
405 */
406
407int tty_check_change(struct tty_struct *tty)
408{
409    unsigned long flags;
410    int ret = 0;
411
412    if (current->signal->tty != tty)
413        return 0;
414
415    spin_lock_irqsave(&tty->ctrl_lock, flags);
416
417    if (!tty->pgrp) {
418        printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n");
419        goto out_unlock;
420    }
421    if (task_pgrp(current) == tty->pgrp)
422        goto out_unlock;
423    spin_unlock_irqrestore(&tty->ctrl_lock, flags);
424    if (is_ignored(SIGTTOU))
425        goto out;
426    if (is_current_pgrp_orphaned()) {
427        ret = -EIO;
428        goto out;
429    }
430    kill_pgrp(task_pgrp(current), SIGTTOU, 1);
431    set_thread_flag(TIF_SIGPENDING);
432    ret = -ERESTARTSYS;
433out:
434    return ret;
435out_unlock:
436    spin_unlock_irqrestore(&tty->ctrl_lock, flags);
437    return ret;
438}
439
440EXPORT_SYMBOL(tty_check_change);
441
442static ssize_t hung_up_tty_read(struct file *file, char __user *buf,
443                size_t count, loff_t *ppos)
444{
445    return 0;
446}
447
448static ssize_t hung_up_tty_write(struct file *file, const char __user *buf,
449                 size_t count, loff_t *ppos)
450{
451    return -EIO;
452}
453
454/* No kernel lock held - none needed ;) */
455static unsigned int hung_up_tty_poll(struct file *filp, poll_table *wait)
456{
457    return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
458}
459
460static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
461        unsigned long arg)
462{
463    return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
464}
465
466static long hung_up_tty_compat_ioctl(struct file *file,
467                     unsigned int cmd, unsigned long arg)
468{
469    return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
470}
471
472static const struct file_operations tty_fops = {
473    .llseek = no_llseek,
474    .read = tty_read,
475    .write = tty_write,
476    .poll = tty_poll,
477    .unlocked_ioctl = tty_ioctl,
478    .compat_ioctl = tty_compat_ioctl,
479    .open = tty_open,
480    .release = tty_release,
481    .fasync = tty_fasync,
482};
483
484static const struct file_operations console_fops = {
485    .llseek = no_llseek,
486    .read = tty_read,
487    .write = redirected_tty_write,
488    .poll = tty_poll,
489    .unlocked_ioctl = tty_ioctl,
490    .compat_ioctl = tty_compat_ioctl,
491    .open = tty_open,
492    .release = tty_release,
493    .fasync = tty_fasync,
494};
495
496static const struct file_operations hung_up_tty_fops = {
497    .llseek = no_llseek,
498    .read = hung_up_tty_read,
499    .write = hung_up_tty_write,
500    .poll = hung_up_tty_poll,
501    .unlocked_ioctl = hung_up_tty_ioctl,
502    .compat_ioctl = hung_up_tty_compat_ioctl,
503    .release = tty_release,
504};
505
506static DEFINE_SPINLOCK(redirect_lock);
507static struct file *redirect;
508
509/**
510 * tty_wakeup - request more data
511 * @tty: terminal
512 *
513 * Internal and external helper for wakeups of tty. This function
514 * informs the line discipline if present that the driver is ready
515 * to receive more output data.
516 */
517
518void tty_wakeup(struct tty_struct *tty)
519{
520    struct tty_ldisc *ld;
521
522    if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
523        ld = tty_ldisc_ref(tty);
524        if (ld) {
525            if (ld->ops->write_wakeup)
526                ld->ops->write_wakeup(tty);
527            tty_ldisc_deref(ld);
528        }
529    }
530    wake_up_interruptible_poll(&tty->write_wait, POLLOUT);
531}
532
533EXPORT_SYMBOL_GPL(tty_wakeup);
534
535/**
536 * __tty_hangup - actual handler for hangup events
537 * @work: tty device
538 *
539 * This can be called by a "kworker" kernel thread. That is process
540 * synchronous but doesn't hold any locks, so we need to make sure we
541 * have the appropriate locks for what we're doing.
542 *
543 * The hangup event clears any pending redirections onto the hung up
544 * device. It ensures future writes will error and it does the needed
545 * line discipline hangup and signal delivery. The tty object itself
546 * remains intact.
547 *
548 * Locking:
549 * BTM
550 * redirect lock for undoing redirection
551 * file list lock for manipulating list of ttys
552 * tty_ldisc_lock from called functions
553 * termios_mutex resetting termios data
554 * tasklist_lock to walk task list for hangup event
555 * ->siglock to protect ->signal/->sighand
556 */
557static void __tty_hangup(struct tty_struct *tty)
558{
559    struct file *cons_filp = NULL;
560    struct file *filp, *f = NULL;
561    struct task_struct *p;
562    struct tty_file_private *priv;
563    int closecount = 0, n;
564    unsigned long flags;
565    int refs = 0;
566
567    if (!tty)
568        return;
569
570
571    spin_lock(&redirect_lock);
572    if (redirect && file_tty(redirect) == tty) {
573        f = redirect;
574        redirect = NULL;
575    }
576    spin_unlock(&redirect_lock);
577
578    tty_lock(tty);
579
580    /* some functions below drop BTM, so we need this bit */
581    set_bit(TTY_HUPPING, &tty->flags);
582
583    /* inuse_filps is protected by the single tty lock,
584       this really needs to change if we want to flush the
585       workqueue with the lock held */
586    check_tty_count(tty, "tty_hangup");
587
588    spin_lock(&tty_files_lock);
589    /* This breaks for file handles being sent over AF_UNIX sockets ? */
590    list_for_each_entry(priv, &tty->tty_files, list) {
591        filp = priv->file;
592        if (filp->f_op->write == redirected_tty_write)
593            cons_filp = filp;
594        if (filp->f_op->write != tty_write)
595            continue;
596        closecount++;
597        __tty_fasync(-1, filp, 0); /* can't block */
598        filp->f_op = &hung_up_tty_fops;
599    }
600    spin_unlock(&tty_files_lock);
601
602    /*
603     * it drops BTM and thus races with reopen
604     * we protect the race by TTY_HUPPING
605     */
606    tty_ldisc_hangup(tty);
607
608    read_lock(&tasklist_lock);
609    if (tty->session) {
610        do_each_pid_task(tty->session, PIDTYPE_SID, p) {
611            spin_lock_irq(&p->sighand->siglock);
612            if (p->signal->tty == tty) {
613                p->signal->tty = NULL;
614                /* We defer the dereferences outside fo
615                   the tasklist lock */
616                refs++;
617            }
618            if (!p->signal->leader) {
619                spin_unlock_irq(&p->sighand->siglock);
620                continue;
621            }
622            __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
623            __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
624            put_pid(p->signal->tty_old_pgrp); /* A noop */
625            spin_lock_irqsave(&tty->ctrl_lock, flags);
626            if (tty->pgrp)
627                p->signal->tty_old_pgrp = get_pid(tty->pgrp);
628            spin_unlock_irqrestore(&tty->ctrl_lock, flags);
629            spin_unlock_irq(&p->sighand->siglock);
630        } while_each_pid_task(tty->session, PIDTYPE_SID, p);
631    }
632    read_unlock(&tasklist_lock);
633
634    spin_lock_irqsave(&tty->ctrl_lock, flags);
635    clear_bit(TTY_THROTTLED, &tty->flags);
636    clear_bit(TTY_PUSH, &tty->flags);
637    clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
638    put_pid(tty->session);
639    put_pid(tty->pgrp);
640    tty->session = NULL;
641    tty->pgrp = NULL;
642    tty->ctrl_status = 0;
643    spin_unlock_irqrestore(&tty->ctrl_lock, flags);
644
645    /* Account for the p->signal references we killed */
646    while (refs--)
647        tty_kref_put(tty);
648
649    /*
650     * If one of the devices matches a console pointer, we
651     * cannot just call hangup() because that will cause
652     * tty->count and state->count to go out of sync.
653     * So we just call close() the right number of times.
654     */
655    if (cons_filp) {
656        if (tty->ops->close)
657            for (n = 0; n < closecount; n++)
658                tty->ops->close(tty, cons_filp);
659    } else if (tty->ops->hangup)
660        (tty->ops->hangup)(tty);
661    /*
662     * We don't want to have driver/ldisc interactions beyond
663     * the ones we did here. The driver layer expects no
664     * calls after ->hangup() from the ldisc side. However we
665     * can't yet guarantee all that.
666     */
667    set_bit(TTY_HUPPED, &tty->flags);
668    clear_bit(TTY_HUPPING, &tty->flags);
669    tty_ldisc_enable(tty);
670
671    tty_unlock(tty);
672
673    if (f)
674        fput(f);
675}
676
677static void do_tty_hangup(struct work_struct *work)
678{
679    struct tty_struct *tty =
680        container_of(work, struct tty_struct, hangup_work);
681
682    __tty_hangup(tty);
683}
684
685/**
686 * tty_hangup - trigger a hangup event
687 * @tty: tty to hangup
688 *
689 * A carrier loss (virtual or otherwise) has occurred on this like
690 * schedule a hangup sequence to run after this event.
691 */
692
693void tty_hangup(struct tty_struct *tty)
694{
695#ifdef TTY_DEBUG_HANGUP
696    char buf[64];
697    printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
698#endif
699    schedule_work(&tty->hangup_work);
700}
701
702EXPORT_SYMBOL(tty_hangup);
703
704/**
705 * tty_vhangup - process vhangup
706 * @tty: tty to hangup
707 *
708 * The user has asked via system call for the terminal to be hung up.
709 * We do this synchronously so that when the syscall returns the process
710 * is complete. That guarantee is necessary for security reasons.
711 */
712
713void tty_vhangup(struct tty_struct *tty)
714{
715#ifdef TTY_DEBUG_HANGUP
716    char buf[64];
717
718    printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
719#endif
720    __tty_hangup(tty);
721}
722
723EXPORT_SYMBOL(tty_vhangup);
724
725
726/**
727 * tty_vhangup_self - process vhangup for own ctty
728 *
729 * Perform a vhangup on the current controlling tty
730 */
731
732void tty_vhangup_self(void)
733{
734    struct tty_struct *tty;
735
736    tty = get_current_tty();
737    if (tty) {
738        tty_vhangup(tty);
739        tty_kref_put(tty);
740    }
741}
742
743/**
744 * tty_hung_up_p - was tty hung up
745 * @filp: file pointer of tty
746 *
747 * Return true if the tty has been subject to a vhangup or a carrier
748 * loss
749 */
750
751int tty_hung_up_p(struct file *filp)
752{
753    return (filp->f_op == &hung_up_tty_fops);
754}
755
756EXPORT_SYMBOL(tty_hung_up_p);
757
758static void session_clear_tty(struct pid *session)
759{
760    struct task_struct *p;
761    do_each_pid_task(session, PIDTYPE_SID, p) {
762        proc_clear_tty(p);
763    } while_each_pid_task(session, PIDTYPE_SID, p);
764}
765
766/**
767 * disassociate_ctty - disconnect controlling tty
768 * @on_exit: true if exiting so need to "hang up" the session
769 *
770 * This function is typically called only by the session leader, when
771 * it wants to disassociate itself from its controlling tty.
772 *
773 * It performs the following functions:
774 * (1) Sends a SIGHUP and SIGCONT to the foreground process group
775 * (2) Clears the tty from being controlling the session
776 * (3) Clears the controlling tty for all processes in the
777 * session group.
778 *
779 * The argument on_exit is set to 1 if called when a process is
780 * exiting; it is 0 if called by the ioctl TIOCNOTTY.
781 *
782 * Locking:
783 * BTM is taken for hysterical raisins, and held when
784 * called from no_tty().
785 * tty_mutex is taken to protect tty
786 * ->siglock is taken to protect ->signal/->sighand
787 * tasklist_lock is taken to walk process list for sessions
788 * ->siglock is taken to protect ->signal/->sighand
789 */
790
791void disassociate_ctty(int on_exit)
792{
793    struct tty_struct *tty;
794
795    if (!current->signal->leader)
796        return;
797
798    tty = get_current_tty();
799    if (tty) {
800        struct pid *tty_pgrp = get_pid(tty->pgrp);
801        if (on_exit) {
802            if (tty->driver->type != TTY_DRIVER_TYPE_PTY)
803                tty_vhangup(tty);
804        }
805        tty_kref_put(tty);
806        if (tty_pgrp) {
807            kill_pgrp(tty_pgrp, SIGHUP, on_exit);
808            if (!on_exit)
809                kill_pgrp(tty_pgrp, SIGCONT, on_exit);
810            put_pid(tty_pgrp);
811        }
812    } else if (on_exit) {
813        struct pid *old_pgrp;
814        spin_lock_irq(&current->sighand->siglock);
815        old_pgrp = current->signal->tty_old_pgrp;
816        current->signal->tty_old_pgrp = NULL;
817        spin_unlock_irq(&current->sighand->siglock);
818        if (old_pgrp) {
819            kill_pgrp(old_pgrp, SIGHUP, on_exit);
820            kill_pgrp(old_pgrp, SIGCONT, on_exit);
821            put_pid(old_pgrp);
822        }
823        return;
824    }
825
826    spin_lock_irq(&current->sighand->siglock);
827    put_pid(current->signal->tty_old_pgrp);
828    current->signal->tty_old_pgrp = NULL;
829    spin_unlock_irq(&current->sighand->siglock);
830
831    tty = get_current_tty();
832    if (tty) {
833        unsigned long flags;
834        spin_lock_irqsave(&tty->ctrl_lock, flags);
835        put_pid(tty->session);
836        put_pid(tty->pgrp);
837        tty->session = NULL;
838        tty->pgrp = NULL;
839        spin_unlock_irqrestore(&tty->ctrl_lock, flags);
840        tty_kref_put(tty);
841    } else {
842#ifdef TTY_DEBUG_HANGUP
843        printk(KERN_DEBUG "error attempted to write to tty [0x%p]"
844               " = NULL", tty);
845#endif
846    }
847
848    /* Now clear signal->tty under the lock */
849    read_lock(&tasklist_lock);
850    session_clear_tty(task_session(current));
851    read_unlock(&tasklist_lock);
852}
853
854/**
855 *
856 * no_tty - Ensure the current process does not have a controlling tty
857 */
858void no_tty(void)
859{
860    /* FIXME: Review locking here. The tty_lock never covered any race
861       between a new association and proc_clear_tty but possible we need
862       to protect against this anyway */
863    struct task_struct *tsk = current;
864    disassociate_ctty(0);
865    proc_clear_tty(tsk);
866}
867
868
869/**
870 * stop_tty - propagate flow control
871 * @tty: tty to stop
872 *
873 * Perform flow control to the driver. For PTY/TTY pairs we
874 * must also propagate the TIOCKPKT status. May be called
875 * on an already stopped device and will not re-call the driver
876 * method.
877 *
878 * This functionality is used by both the line disciplines for
879 * halting incoming flow and by the driver. It may therefore be
880 * called from any context, may be under the tty atomic_write_lock
881 * but not always.
882 *
883 * Locking:
884 * Uses the tty control lock internally
885 */
886
887void stop_tty(struct tty_struct *tty)
888{
889    unsigned long flags;
890    spin_lock_irqsave(&tty->ctrl_lock, flags);
891    if (tty->stopped) {
892        spin_unlock_irqrestore(&tty->ctrl_lock, flags);
893        return;
894    }
895    tty->stopped = 1;
896    if (tty->link && tty->link->packet) {
897        tty->ctrl_status &= ~TIOCPKT_START;
898        tty->ctrl_status |= TIOCPKT_STOP;
899        wake_up_interruptible_poll(&tty->link->read_wait, POLLIN);
900    }
901    spin_unlock_irqrestore(&tty->ctrl_lock, flags);
902    if (tty->ops->stop)
903        (tty->ops->stop)(tty);
904}
905
906EXPORT_SYMBOL(stop_tty);
907
908/**
909 * start_tty - propagate flow control
910 * @tty: tty to start
911 *
912 * Start a tty that has been stopped if at all possible. Perform
913 * any necessary wakeups and propagate the TIOCPKT status. If this
914 * is the tty was previous stopped and is being started then the
915 * driver start method is invoked and the line discipline woken.
916 *
917 * Locking:
918 * ctrl_lock
919 */
920
921void start_tty(struct tty_struct *tty)
922{
923    unsigned long flags;
924    spin_lock_irqsave(&tty->ctrl_lock, flags);
925    if (!tty->stopped || tty->flow_stopped) {
926        spin_unlock_irqrestore(&tty->ctrl_lock, flags);
927        return;
928    }
929    tty->stopped = 0;
930    if (tty->link && tty->link->packet) {
931        tty->ctrl_status &= ~TIOCPKT_STOP;
932        tty->ctrl_status |= TIOCPKT_START;
933        wake_up_interruptible_poll(&tty->link->read_wait, POLLIN);
934    }
935    spin_unlock_irqrestore(&tty->ctrl_lock, flags);
936    if (tty->ops->start)
937        (tty->ops->start)(tty);
938    /* If we have a running line discipline it may need kicking */
939    tty_wakeup(tty);
940}
941
942EXPORT_SYMBOL(start_tty);
943
944static void tty_update_time(struct timespec *time)
945{
946    unsigned long sec = get_seconds();
947    sec -= sec % 60;
948    if ((long)(sec - time->tv_sec) > 0)
949        time->tv_sec = sec;
950}
951
952/**
953 * tty_read - read method for tty device files
954 * @file: pointer to tty file
955 * @buf: user buffer
956 * @count: size of user buffer
957 * @ppos: unused
958 *
959 * Perform the read system call function on this terminal device. Checks
960 * for hung up devices before calling the line discipline method.
961 *
962 * Locking:
963 * Locks the line discipline internally while needed. Multiple
964 * read calls may be outstanding in parallel.
965 */
966
967static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
968            loff_t *ppos)
969{
970    int i;
971    struct inode *inode = file_inode(file);
972    struct tty_struct *tty = file_tty(file);
973    struct tty_ldisc *ld;
974
975    if (tty_paranoia_check(tty, inode, "tty_read"))
976        return -EIO;
977    if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
978        return -EIO;
979
980    /* We want to wait for the line discipline to sort out in this
981       situation */
982    ld = tty_ldisc_ref_wait(tty);
983    if (ld->ops->read)
984        i = (ld->ops->read)(tty, file, buf, count);
985    else
986        i = -EIO;
987    tty_ldisc_deref(ld);
988
989    if (i > 0)
990        tty_update_time(&inode->i_atime);
991
992    return i;
993}
994
995void tty_write_unlock(struct tty_struct *tty)
996    __releases(&tty->atomic_write_lock)
997{
998    mutex_unlock(&tty->atomic_write_lock);
999    wake_up_interruptible_poll(&tty->write_wait, POLLOUT);
1000}
1001
1002int tty_write_lock(struct tty_struct *tty, int ndelay)
1003    __acquires(&tty->atomic_write_lock)
1004{
1005    if (!mutex_trylock(&tty->atomic_write_lock)) {
1006        if (ndelay)
1007            return -EAGAIN;
1008        if (mutex_lock_interruptible(&tty->atomic_write_lock))
1009            return -ERESTARTSYS;
1010    }
1011    return 0;
1012}
1013
1014/*
1015 * Split writes up in sane blocksizes to avoid
1016 * denial-of-service type attacks
1017 */
1018static inline ssize_t do_tty_write(
1019    ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1020    struct tty_struct *tty,
1021    struct file *file,
1022    const char __user *buf,
1023    size_t count)
1024{
1025    ssize_t ret, written = 0;
1026    unsigned int chunk;
1027
1028    ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
1029    if (ret < 0)
1030        return ret;
1031
1032    /*
1033     * We chunk up writes into a temporary buffer. This
1034     * simplifies low-level drivers immensely, since they
1035     * don't have locking issues and user mode accesses.
1036     *
1037     * But if TTY_NO_WRITE_SPLIT is set, we should use a
1038     * big chunk-size..
1039     *
1040     * The default chunk-size is 2kB, because the NTTY
1041     * layer has problems with bigger chunks. It will
1042     * claim to be able to handle more characters than
1043     * it actually does.
1044     *
1045     * FIXME: This can probably go away now except that 64K chunks
1046     * are too likely to fail unless switched to vmalloc...
1047     */
1048    chunk = 2048;
1049    if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1050        chunk = 65536;
1051    if (count < chunk)
1052        chunk = count;
1053
1054    /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1055    if (tty->write_cnt < chunk) {
1056        unsigned char *buf_chunk;
1057
1058        if (chunk < 1024)
1059            chunk = 1024;
1060
1061        buf_chunk = kmalloc(chunk, GFP_KERNEL);
1062        if (!buf_chunk) {
1063            ret = -ENOMEM;
1064            goto out;
1065        }
1066        kfree(tty->write_buf);
1067        tty->write_cnt = chunk;
1068        tty->write_buf = buf_chunk;
1069    }
1070
1071    /* Do the write .. */
1072    for (;;) {
1073        size_t size = count;
1074        if (size > chunk)
1075            size = chunk;
1076        ret = -EFAULT;
1077        if (copy_from_user(tty->write_buf, buf, size))
1078            break;
1079        ret = write(tty, file, tty->write_buf, size);
1080        if (ret <= 0)
1081            break;
1082        written += ret;
1083        buf += ret;
1084        count -= ret;
1085        if (!count)
1086            break;
1087        ret = -ERESTARTSYS;
1088        if (signal_pending(current))
1089            break;
1090        cond_resched();
1091    }
1092    if (written) {
1093        tty_update_time(&file_inode(file)->i_mtime);
1094        ret = written;
1095    }
1096out:
1097    tty_write_unlock(tty);
1098    return ret;
1099}
1100
1101/**
1102 * tty_write_message - write a message to a certain tty, not just the console.
1103 * @tty: the destination tty_struct
1104 * @msg: the message to write
1105 *
1106 * This is used for messages that need to be redirected to a specific tty.
1107 * We don't put it into the syslog queue right now maybe in the future if
1108 * really needed.
1109 *
1110 * We must still hold the BTM and test the CLOSING flag for the moment.
1111 */
1112
1113void tty_write_message(struct tty_struct *tty, char *msg)
1114{
1115    if (tty) {
1116        mutex_lock(&tty->atomic_write_lock);
1117        tty_lock(tty);
1118        if (tty->ops->write && !test_bit(TTY_CLOSING, &tty->flags)) {
1119            tty_unlock(tty);
1120            tty->ops->write(tty, msg, strlen(msg));
1121        } else
1122            tty_unlock(tty);
1123        tty_write_unlock(tty);
1124    }
1125    return;
1126}
1127
1128
1129/**
1130 * tty_write - write method for tty device file
1131 * @file: tty file pointer
1132 * @buf: user data to write
1133 * @count: bytes to write
1134 * @ppos: unused
1135 *
1136 * Write data to a tty device via the line discipline.
1137 *
1138 * Locking:
1139 * Locks the line discipline as required
1140 * Writes to the tty driver are serialized by the atomic_write_lock
1141 * and are then processed in chunks to the device. The line discipline
1142 * write method will not be invoked in parallel for each device.
1143 */
1144
1145static ssize_t tty_write(struct file *file, const char __user *buf,
1146                        size_t count, loff_t *ppos)
1147{
1148    struct tty_struct *tty = file_tty(file);
1149     struct tty_ldisc *ld;
1150    ssize_t ret;
1151
1152    if (tty_paranoia_check(tty, file_inode(file), "tty_write"))
1153        return -EIO;
1154    if (!tty || !tty->ops->write ||
1155        (test_bit(TTY_IO_ERROR, &tty->flags)))
1156            return -EIO;
1157    /* Short term debug to catch buggy drivers */
1158    if (tty->ops->write_room == NULL)
1159        printk(KERN_ERR "tty driver %s lacks a write_room method.\n",
1160            tty->driver->name);
1161    ld = tty_ldisc_ref_wait(tty);
1162    if (!ld->ops->write)
1163        ret = -EIO;
1164    else
1165        ret = do_tty_write(ld->ops->write, tty, file, buf, count);
1166    tty_ldisc_deref(ld);
1167    return ret;
1168}
1169
1170ssize_t redirected_tty_write(struct file *file, const char __user *buf,
1171                        size_t count, loff_t *ppos)
1172{
1173    struct file *p = NULL;
1174
1175    spin_lock(&redirect_lock);
1176    if (redirect)
1177        p = get_file(redirect);
1178    spin_unlock(&redirect_lock);
1179
1180    if (p) {
1181        ssize_t res;
1182        res = vfs_write(p, buf, count, &p->f_pos);
1183        fput(p);
1184        return res;
1185    }
1186    return tty_write(file, buf, count, ppos);
1187}
1188
1189static char ptychar[] = "pqrstuvwxyzabcde";
1190
1191/**
1192 * pty_line_name - generate name for a pty
1193 * @driver: the tty driver in use
1194 * @index: the minor number
1195 * @p: output buffer of at least 6 bytes
1196 *
1197 * Generate a name from a driver reference and write it to the output
1198 * buffer.
1199 *
1200 * Locking: None
1201 */
1202static void pty_line_name(struct tty_driver *driver, int index, char *p)
1203{
1204    int i = index + driver->name_base;
1205    /* ->name is initialized to "ttyp", but "tty" is expected */
1206    sprintf(p, "%s%c%x",
1207        driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1208        ptychar[i >> 4 & 0xf], i & 0xf);
1209}
1210
1211/**
1212 * tty_line_name - generate name for a tty
1213 * @driver: the tty driver in use
1214 * @index: the minor number
1215 * @p: output buffer of at least 7 bytes
1216 *
1217 * Generate a name from a driver reference and write it to the output
1218 * buffer.
1219 *
1220 * Locking: None
1221 */
1222static void tty_line_name(struct tty_driver *driver, int index, char *p)
1223{
1224    if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE)
1225        strcpy(p, driver->name);
1226    else
1227        sprintf(p, "%s%d", driver->name, index + driver->name_base);
1228}
1229
1230/**
1231 * tty_driver_lookup_tty() - find an existing tty, if any
1232 * @driver: the driver for the tty
1233 * @idx: the minor number
1234 *
1235 * Return the tty, if found or ERR_PTR() otherwise.
1236 *
1237 * Locking: tty_mutex must be held. If tty is found, the mutex must
1238 * be held until the 'fast-open' is also done. Will change once we
1239 * have refcounting in the driver and per driver locking
1240 */
1241static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver,
1242        struct inode *inode, int idx)
1243{
1244    if (driver->ops->lookup)
1245        return driver->ops->lookup(driver, inode, idx);
1246
1247    return driver->ttys[idx];
1248}
1249
1250/**
1251 * tty_init_termios - helper for termios setup
1252 * @tty: the tty to set up
1253 *
1254 * Initialise the termios structures for this tty. Thus runs under
1255 * the tty_mutex currently so we can be relaxed about ordering.
1256 */
1257
1258int tty_init_termios(struct tty_struct *tty)
1259{
1260    struct ktermios *tp;
1261    int idx = tty->index;
1262
1263    if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1264        tty->termios = tty->driver->init_termios;
1265    else {
1266        /* Check for lazy saved data */
1267        tp = tty->driver->termios[idx];
1268        if (tp != NULL)
1269            tty->termios = *tp;
1270        else
1271            tty->termios = tty->driver->init_termios;
1272    }
1273    /* Compatibility until drivers always set this */
1274    tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios);
1275    tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios);
1276    return 0;
1277}
1278EXPORT_SYMBOL_GPL(tty_init_termios);
1279
1280int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty)
1281{
1282    int ret = tty_init_termios(tty);
1283    if (ret)
1284        return ret;
1285
1286    tty_driver_kref_get(driver);
1287    tty->count++;
1288    driver->ttys[tty->index] = tty;
1289    return 0;
1290}
1291EXPORT_SYMBOL_GPL(tty_standard_install);
1292
1293/**
1294 * tty_driver_install_tty() - install a tty entry in the driver
1295 * @driver: the driver for the tty
1296 * @tty: the tty
1297 *
1298 * Install a tty object into the driver tables. The tty->index field
1299 * will be set by the time this is called. This method is responsible
1300 * for ensuring any need additional structures are allocated and
1301 * configured.
1302 *
1303 * Locking: tty_mutex for now
1304 */
1305static int tty_driver_install_tty(struct tty_driver *driver,
1306                        struct tty_struct *tty)
1307{
1308    return driver->ops->install ? driver->ops->install(driver, tty) :
1309        tty_standard_install(driver, tty);
1310}
1311
1312/**
1313 * tty_driver_remove_tty() - remove a tty from the driver tables
1314 * @driver: the driver for the tty
1315 * @idx: the minor number
1316 *
1317 * Remvoe a tty object from the driver tables. The tty->index field
1318 * will be set by the time this is called.
1319 *
1320 * Locking: tty_mutex for now
1321 */
1322void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty)
1323{
1324    if (driver->ops->remove)
1325        driver->ops->remove(driver, tty);
1326    else
1327        driver->ttys[tty->index] = NULL;
1328}
1329
1330/*
1331 * tty_reopen() - fast re-open of an open tty
1332 * @tty - the tty to open
1333 *
1334 * Return 0 on success, -errno on error.
1335 *
1336 * Locking: tty_mutex must be held from the time the tty was found
1337 * till this open completes.
1338 */
1339static int tty_reopen(struct tty_struct *tty)
1340{
1341    struct tty_driver *driver = tty->driver;
1342
1343    if (test_bit(TTY_CLOSING, &tty->flags) ||
1344            test_bit(TTY_HUPPING, &tty->flags) ||
1345            test_bit(TTY_LDISC_CHANGING, &tty->flags))
1346        return -EIO;
1347
1348    if (driver->type == TTY_DRIVER_TYPE_PTY &&
1349        driver->subtype == PTY_TYPE_MASTER) {
1350        /*
1351         * special case for PTY masters: only one open permitted,
1352         * and the slave side open count is incremented as well.
1353         */
1354        if (tty->count)
1355            return -EIO;
1356
1357        tty->link->count++;
1358    }
1359    tty->count++;
1360
1361    mutex_lock(&tty->ldisc_mutex);
1362    WARN_ON(!test_bit(TTY_LDISC, &tty->flags));
1363    mutex_unlock(&tty->ldisc_mutex);
1364
1365    return 0;
1366}
1367
1368/**
1369 * tty_init_dev - initialise a tty device
1370 * @driver: tty driver we are opening a device on
1371 * @idx: device index
1372 * @ret_tty: returned tty structure
1373 *
1374 * Prepare a tty device. This may not be a "new" clean device but
1375 * could also be an active device. The pty drivers require special
1376 * handling because of this.
1377 *
1378 * Locking:
1379 * The function is called under the tty_mutex, which
1380 * protects us from the tty struct or driver itself going away.
1381 *
1382 * On exit the tty device has the line discipline attached and
1383 * a reference count of 1. If a pair was created for pty/tty use
1384 * and the other was a pty master then it too has a reference count of 1.
1385 *
1386 * WSH 06/09/97: Rewritten to remove races and properly clean up after a
1387 * failed open. The new code protects the open with a mutex, so it's
1388 * really quite straightforward. The mutex locking can probably be
1389 * relaxed for the (most common) case of reopening a tty.
1390 */
1391
1392struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx)
1393{
1394    struct tty_struct *tty;
1395    int retval;
1396
1397    /*
1398     * First time open is complex, especially for PTY devices.
1399     * This code guarantees that either everything succeeds and the
1400     * TTY is ready for operation, or else the table slots are vacated
1401     * and the allocated memory released. (Except that the termios
1402     * and locked termios may be retained.)
1403     */
1404
1405    if (!try_module_get(driver->owner))
1406        return ERR_PTR(-ENODEV);
1407
1408    tty = alloc_tty_struct();
1409    if (!tty) {
1410        retval = -ENOMEM;
1411        goto err_module_put;
1412    }
1413    initialize_tty_struct(tty, driver, idx);
1414
1415    tty_lock(tty);
1416    retval = tty_driver_install_tty(driver, tty);
1417    if (retval < 0)
1418        goto err_deinit_tty;
1419
1420    if (!tty->port)
1421        tty->port = driver->ports[idx];
1422
1423    WARN_RATELIMIT(!tty->port,
1424            "%s: %s driver does not set tty->port. This will crash the kernel later. Fix the driver!\n",
1425            __func__, tty->driver->name);
1426
1427    tty->port->itty = tty;
1428
1429    /*
1430     * Structures all installed ... call the ldisc open routines.
1431     * If we fail here just call release_tty to clean up. No need
1432     * to decrement the use counts, as release_tty doesn't care.
1433     */
1434    retval = tty_ldisc_setup(tty, tty->link);
1435    if (retval)
1436        goto err_release_tty;
1437    /* Return the tty locked so that it cannot vanish under the caller */
1438    return tty;
1439
1440err_deinit_tty:
1441    tty_unlock(tty);
1442    deinitialize_tty_struct(tty);
1443    free_tty_struct(tty);
1444err_module_put:
1445    module_put(driver->owner);
1446    return ERR_PTR(retval);
1447
1448    /* call the tty release_tty routine to clean out this slot */
1449err_release_tty:
1450    tty_unlock(tty);
1451    printk_ratelimited(KERN_INFO "tty_init_dev: ldisc open failed, "
1452                 "clearing slot %d\n", idx);
1453    release_tty(tty, idx);
1454    return ERR_PTR(retval);
1455}
1456
1457void tty_free_termios(struct tty_struct *tty)
1458{
1459    struct ktermios *tp;
1460    int idx = tty->index;
1461
1462    /* If the port is going to reset then it has no termios to save */
1463    if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1464        return;
1465
1466    /* Stash the termios data */
1467    tp = tty->driver->termios[idx];
1468    if (tp == NULL) {
1469        tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
1470        if (tp == NULL) {
1471            pr_warn("tty: no memory to save termios state.\n");
1472            return;
1473        }
1474        tty->driver->termios[idx] = tp;
1475    }
1476    *tp = tty->termios;
1477}
1478EXPORT_SYMBOL(tty_free_termios);
1479
1480
1481/**
1482 * release_one_tty - release tty structure memory
1483 * @kref: kref of tty we are obliterating
1484 *
1485 * Releases memory associated with a tty structure, and clears out the
1486 * driver table slots. This function is called when a device is no longer
1487 * in use. It also gets called when setup of a device fails.
1488 *
1489 * Locking:
1490 * takes the file list lock internally when working on the list
1491 * of ttys that the driver keeps.
1492 *
1493 * This method gets called from a work queue so that the driver private
1494 * cleanup ops can sleep (needed for USB at least)
1495 */
1496static void release_one_tty(struct work_struct *work)
1497{
1498    struct tty_struct *tty =
1499        container_of(work, struct tty_struct, hangup_work);
1500    struct tty_driver *driver = tty->driver;
1501
1502    if (tty->ops->cleanup)
1503        tty->ops->cleanup(tty);
1504
1505    tty->magic = 0;
1506    tty_driver_kref_put(driver);
1507    module_put(driver->owner);
1508
1509    spin_lock(&tty_files_lock);
1510    list_del_init(&tty->tty_files);
1511    spin_unlock(&tty_files_lock);
1512
1513    put_pid(tty->pgrp);
1514    put_pid(tty->session);
1515    free_tty_struct(tty);
1516}
1517
1518static void queue_release_one_tty(struct kref *kref)
1519{
1520    struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
1521
1522    /* The hangup queue is now free so we can reuse it rather than
1523       waste a chunk of memory for each port */
1524    INIT_WORK(&tty->hangup_work, release_one_tty);
1525    schedule_work(&tty->hangup_work);
1526}
1527
1528/**
1529 * tty_kref_put - release a tty kref
1530 * @tty: tty device
1531 *
1532 * Release a reference to a tty device and if need be let the kref
1533 * layer destruct the object for us
1534 */
1535
1536void tty_kref_put(struct tty_struct *tty)
1537{
1538    if (tty)
1539        kref_put(&tty->kref, queue_release_one_tty);
1540}
1541EXPORT_SYMBOL(tty_kref_put);
1542
1543/**
1544 * release_tty - release tty structure memory
1545 *
1546 * Release both @tty and a possible linked partner (think pty pair),
1547 * and decrement the refcount of the backing module.
1548 *
1549 * Locking:
1550 * tty_mutex
1551 * takes the file list lock internally when working on the list
1552 * of ttys that the driver keeps.
1553 *
1554 */
1555static void release_tty(struct tty_struct *tty, int idx)
1556{
1557    /* This should always be true but check for the moment */
1558    WARN_ON(tty->index != idx);
1559    WARN_ON(!mutex_is_locked(&tty_mutex));
1560    if (tty->ops->shutdown)
1561        tty->ops->shutdown(tty);
1562    tty_free_termios(tty);
1563    tty_driver_remove_tty(tty->driver, tty);
1564    tty->port->itty = NULL;
1565
1566    if (tty->link)
1567        tty_kref_put(tty->link);
1568    tty_kref_put(tty);
1569}
1570
1571/**
1572 * tty_release_checks - check a tty before real release
1573 * @tty: tty to check
1574 * @o_tty: link of @tty (if any)
1575 * @idx: index of the tty
1576 *
1577 * Performs some paranoid checking before true release of the @tty.
1578 * This is a no-op unless TTY_PARANOIA_CHECK is defined.
1579 */
1580static int tty_release_checks(struct tty_struct *tty, struct tty_struct *o_tty,
1581        int idx)
1582{
1583#ifdef TTY_PARANOIA_CHECK
1584    if (idx < 0 || idx >= tty->driver->num) {
1585        printk(KERN_DEBUG "%s: bad idx when trying to free (%s)\n",
1586                __func__, tty->name);
1587        return -1;
1588    }
1589
1590    /* not much to check for devpts */
1591    if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)
1592        return 0;
1593
1594    if (tty != tty->driver->ttys[idx]) {
1595        printk(KERN_DEBUG "%s: driver.table[%d] not tty for (%s)\n",
1596                __func__, idx, tty->name);
1597        return -1;
1598    }
1599    if (tty->driver->other) {
1600        if (o_tty != tty->driver->other->ttys[idx]) {
1601            printk(KERN_DEBUG "%s: other->table[%d] not o_tty for (%s)\n",
1602                    __func__, idx, tty->name);
1603            return -1;
1604        }
1605        if (o_tty->link != tty) {
1606            printk(KERN_DEBUG "%s: bad pty pointers\n", __func__);
1607            return -1;
1608        }
1609    }
1610#endif
1611    return 0;
1612}
1613
1614/**
1615 * tty_release - vfs callback for close
1616 * @inode: inode of tty
1617 * @filp: file pointer for handle to tty
1618 *
1619 * Called the last time each file handle is closed that references
1620 * this tty. There may however be several such references.
1621 *
1622 * Locking:
1623 * Takes bkl. See tty_release_dev
1624 *
1625 * Even releasing the tty structures is a tricky business.. We have
1626 * to be very careful that the structures are all released at the
1627 * same time, as interrupts might otherwise get the wrong pointers.
1628 *
1629 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1630 * lead to double frees or releasing memory still in use.
1631 */
1632
1633int tty_release(struct inode *inode, struct file *filp)
1634{
1635    struct tty_struct *tty = file_tty(filp);
1636    struct tty_struct *o_tty;
1637    int pty_master, tty_closing, o_tty_closing, do_sleep;
1638    int idx;
1639    char buf[64];
1640
1641    if (tty_paranoia_check(tty, inode, __func__))
1642        return 0;
1643
1644    tty_lock(tty);
1645    check_tty_count(tty, __func__);
1646
1647    __tty_fasync(-1, filp, 0);
1648
1649    idx = tty->index;
1650    pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1651              tty->driver->subtype == PTY_TYPE_MASTER);
1652    /* Review: parallel close */
1653    o_tty = tty->link;
1654
1655    if (tty_release_checks(tty, o_tty, idx)) {
1656        tty_unlock(tty);
1657        return 0;
1658    }
1659
1660#ifdef TTY_DEBUG_HANGUP
1661    printk(KERN_DEBUG "%s: %s (tty count=%d)...\n", __func__,
1662            tty_name(tty, buf), tty->count);
1663#endif
1664
1665    if (tty->ops->close)
1666        tty->ops->close(tty, filp);
1667
1668    tty_unlock(tty);
1669    /*
1670     * Sanity check: if tty->count is going to zero, there shouldn't be
1671     * any waiters on tty->read_wait or tty->write_wait. We test the
1672     * wait queues and kick everyone out _before_ actually starting to
1673     * close. This ensures that we won't block while releasing the tty
1674     * structure.
1675     *
1676     * The test for the o_tty closing is necessary, since the master and
1677     * slave sides may close in any order. If the slave side closes out
1678     * first, its count will be one, since the master side holds an open.
1679     * Thus this test wouldn't be triggered at the time the slave closes,
1680     * so we do it now.
1681     *
1682     * Note that it's possible for the tty to be opened again while we're
1683     * flushing out waiters. By recalculating the closing flags before
1684     * each iteration we avoid any problems.
1685     */
1686    while (1) {
1687        /* Guard against races with tty->count changes elsewhere and
1688           opens on /dev/tty */
1689
1690        mutex_lock(&tty_mutex);
1691        tty_lock_pair(tty, o_tty);
1692        tty_closing = tty->count <= 1;
1693        o_tty_closing = o_tty &&
1694            (o_tty->count <= (pty_master ? 1 : 0));
1695        do_sleep = 0;
1696
1697        if (tty_closing) {
1698            if (waitqueue_active(&tty->read_wait)) {
1699                wake_up_poll(&tty->read_wait, POLLIN);
1700                do_sleep++;
1701            }
1702            if (waitqueue_active(&tty->write_wait)) {
1703                wake_up_poll(&tty->write_wait, POLLOUT);
1704                do_sleep++;
1705            }
1706        }
1707        if (o_tty_closing) {
1708            if (waitqueue_active(&o_tty->read_wait)) {
1709                wake_up_poll(&o_tty->read_wait, POLLIN);
1710                do_sleep++;
1711            }
1712            if (waitqueue_active(&o_tty->write_wait)) {
1713                wake_up_poll(&o_tty->write_wait, POLLOUT);
1714                do_sleep++;
1715            }
1716        }
1717        if (!do_sleep)
1718            break;
1719
1720        printk(KERN_WARNING "%s: %s: read/write wait queue active!\n",
1721                __func__, tty_name(tty, buf));
1722        tty_unlock_pair(tty, o_tty);
1723        mutex_unlock(&tty_mutex);
1724        schedule();
1725    }
1726
1727    /*
1728     * The closing flags are now consistent with the open counts on
1729     * both sides, and we've completed the last operation that could
1730     * block, so it's safe to proceed with closing.
1731     *
1732     * We must *not* drop the tty_mutex until we ensure that a further
1733     * entry into tty_open can not pick up this tty.
1734     */
1735    if (pty_master) {
1736        if (--o_tty->count < 0) {
1737            printk(KERN_WARNING "%s: bad pty slave count (%d) for %s\n",
1738                __func__, o_tty->count, tty_name(o_tty, buf));
1739            o_tty->count = 0;
1740        }
1741    }
1742    if (--tty->count < 0) {
1743        printk(KERN_WARNING "%s: bad tty->count (%d) for %s\n",
1744                __func__, tty->count, tty_name(tty, buf));
1745        tty->count = 0;
1746    }
1747
1748    /*
1749     * We've decremented tty->count, so we need to remove this file
1750     * descriptor off the tty->tty_files list; this serves two
1751     * purposes:
1752     * - check_tty_count sees the correct number of file descriptors
1753     * associated with this tty.
1754     * - do_tty_hangup no longer sees this file descriptor as
1755     * something that needs to be handled for hangups.
1756     */
1757    tty_del_file(filp);
1758
1759    /*
1760     * Perform some housekeeping before deciding whether to return.
1761     *
1762     * Set the TTY_CLOSING flag if this was the last open. In the
1763     * case of a pty we may have to wait around for the other side
1764     * to close, and TTY_CLOSING makes sure we can't be reopened.
1765     */
1766    if (tty_closing)
1767        set_bit(TTY_CLOSING, &tty->flags);
1768    if (o_tty_closing)
1769        set_bit(TTY_CLOSING, &o_tty->flags);
1770
1771    /*
1772     * If _either_ side is closing, make sure there aren't any
1773     * processes that still think tty or o_tty is their controlling
1774     * tty.
1775     */
1776    if (tty_closing || o_tty_closing) {
1777        read_lock(&tasklist_lock);
1778        session_clear_tty(tty->session);
1779        if (o_tty)
1780            session_clear_tty(o_tty->session);
1781        read_unlock(&tasklist_lock);
1782    }
1783
1784    mutex_unlock(&tty_mutex);
1785    tty_unlock_pair(tty, o_tty);
1786    /* At this point the TTY_CLOSING flag should ensure a dead tty
1787       cannot be re-opened by a racing opener */
1788
1789    /* check whether both sides are closing ... */
1790    if (!tty_closing || (o_tty && !o_tty_closing))
1791        return 0;
1792
1793#ifdef TTY_DEBUG_HANGUP
1794    printk(KERN_DEBUG "%s: freeing tty structure...\n", __func__);
1795#endif
1796    /*
1797     * Ask the line discipline code to release its structures
1798     */
1799    tty_ldisc_release(tty, o_tty);
1800    /*
1801     * The release_tty function takes care of the details of clearing
1802     * the slots and preserving the termios structure. The tty_unlock_pair
1803     * should be safe as we keep a kref while the tty is locked (so the
1804     * unlock never unlocks a freed tty).
1805     */
1806    mutex_lock(&tty_mutex);
1807    release_tty(tty, idx);
1808    mutex_unlock(&tty_mutex);
1809
1810    return 0;
1811}
1812
1813/**
1814 * tty_open_current_tty - get tty of current task for open
1815 * @device: device number
1816 * @filp: file pointer to tty
1817 * @return: tty of the current task iff @device is /dev/tty
1818 *
1819 * We cannot return driver and index like for the other nodes because
1820 * devpts will not work then. It expects inodes to be from devpts FS.
1821 *
1822 * We need to move to returning a refcounted object from all the lookup
1823 * paths including this one.
1824 */
1825static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp)
1826{
1827    struct tty_struct *tty;
1828
1829    if (device != MKDEV(TTYAUX_MAJOR, 0))
1830        return NULL;
1831
1832    tty = get_current_tty();
1833    if (!tty)
1834        return ERR_PTR(-ENXIO);
1835
1836    filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
1837    /* noctty = 1; */
1838    tty_kref_put(tty);
1839    /* FIXME: we put a reference and return a TTY! */
1840    /* This is only safe because the caller holds tty_mutex */
1841    return tty;
1842}
1843
1844/**
1845 * tty_lookup_driver - lookup a tty driver for a given device file
1846 * @device: device number
1847 * @filp: file pointer to tty
1848 * @noctty: set if the device should not become a controlling tty
1849 * @index: index for the device in the @return driver
1850 * @return: driver for this inode (with increased refcount)
1851 *
1852 * If @return is not erroneous, the caller is responsible to decrement the
1853 * refcount by tty_driver_kref_put.
1854 *
1855 * Locking: tty_mutex protects get_tty_driver
1856 */
1857static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp,
1858        int *noctty, int *index)
1859{
1860    struct tty_driver *driver;
1861
1862    switch (device) {
1863#ifdef CONFIG_VT
1864    case MKDEV(TTY_MAJOR, 0): {
1865        extern struct tty_driver *console_driver;
1866        driver = tty_driver_kref_get(console_driver);
1867        *index = fg_console;
1868        *noctty = 1;
1869        break;
1870    }
1871#endif
1872    case MKDEV(TTYAUX_MAJOR, 1): {
1873        struct tty_driver *console_driver = console_device(index);
1874        if (console_driver) {
1875            driver = tty_driver_kref_get(console_driver);
1876            if (driver) {
1877                /* Don't let /dev/console block */
1878                filp->f_flags |= O_NONBLOCK;
1879                *noctty = 1;
1880                break;
1881            }
1882        }
1883        return ERR_PTR(-ENODEV);
1884    }
1885    default:
1886        driver = get_tty_driver(device, index);
1887        if (!driver)
1888            return ERR_PTR(-ENODEV);
1889        break;
1890    }
1891    return driver;
1892}
1893
1894/**
1895 * tty_open - open a tty device
1896 * @inode: inode of device file
1897 * @filp: file pointer to tty
1898 *
1899 * tty_open and tty_release keep up the tty count that contains the
1900 * number of opens done on a tty. We cannot use the inode-count, as
1901 * different inodes might point to the same tty.
1902 *
1903 * Open-counting is needed for pty masters, as well as for keeping
1904 * track of serial lines: DTR is dropped when the last close happens.
1905 * (This is not done solely through tty->count, now. - Ted 1/27/92)
1906 *
1907 * The termios state of a pty is reset on first open so that
1908 * settings don't persist across reuse.
1909 *
1910 * Locking: tty_mutex protects tty, tty_lookup_driver and tty_init_dev.
1911 * tty->count should protect the rest.
1912 * ->siglock protects ->signal/->sighand
1913 *
1914 * Note: the tty_unlock/lock cases without a ref are only safe due to
1915 * tty_mutex
1916 */
1917
1918static int tty_open(struct inode *inode, struct file *filp)
1919{
1920    struct tty_struct *tty;
1921    int noctty, retval;
1922    struct tty_driver *driver = NULL;
1923    int index;
1924    dev_t device = inode->i_rdev;
1925    unsigned saved_flags = filp->f_flags;
1926
1927    nonseekable_open(inode, filp);
1928
1929retry_open:
1930    retval = tty_alloc_file(filp);
1931    if (retval)
1932        return -ENOMEM;
1933
1934    noctty = filp->f_flags & O_NOCTTY;
1935    index = -1;
1936    retval = 0;
1937
1938    mutex_lock(&tty_mutex);
1939    /* This is protected by the tty_mutex */
1940    tty = tty_open_current_tty(device, filp);
1941    if (IS_ERR(tty)) {
1942        retval = PTR_ERR(tty);
1943        goto err_unlock;
1944    } else if (!tty) {
1945        driver = tty_lookup_driver(device, filp, &noctty, &index);
1946        if (IS_ERR(driver)) {
1947            retval = PTR_ERR(driver);
1948            goto err_unlock;
1949        }
1950
1951        /* check whether we're reopening an existing tty */
1952        tty = tty_driver_lookup_tty(driver, inode, index);
1953        if (IS_ERR(tty)) {
1954            retval = PTR_ERR(tty);
1955            goto err_unlock;
1956        }
1957    }
1958
1959    if (tty) {
1960        tty_lock(tty);
1961        retval = tty_reopen(tty);
1962        if (retval < 0) {
1963            tty_unlock(tty);
1964            tty = ERR_PTR(retval);
1965        }
1966    } else /* Returns with the tty_lock held for now */
1967        tty = tty_init_dev(driver, index);
1968
1969    mutex_unlock(&tty_mutex);
1970    if (driver)
1971        tty_driver_kref_put(driver);
1972    if (IS_ERR(tty)) {
1973        retval = PTR_ERR(tty);
1974        goto err_file;
1975    }
1976
1977    tty_add_file(tty, filp);
1978
1979    check_tty_count(tty, __func__);
1980    if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1981        tty->driver->subtype == PTY_TYPE_MASTER)
1982        noctty = 1;
1983#ifdef TTY_DEBUG_HANGUP
1984    printk(KERN_DEBUG "%s: opening %s...\n", __func__, tty->name);
1985#endif
1986    if (tty->ops->open)
1987        retval = tty->ops->open(tty, filp);
1988    else
1989        retval = -ENODEV;
1990    filp->f_flags = saved_flags;
1991
1992    if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) &&
1993                        !capable(CAP_SYS_ADMIN))
1994        retval = -EBUSY;
1995
1996    if (retval) {
1997#ifdef TTY_DEBUG_HANGUP
1998        printk(KERN_DEBUG "%s: error %d in opening %s...\n", __func__,
1999                retval, tty->name);
2000#endif
2001        tty_unlock(tty); /* need to call tty_release without BTM */
2002        tty_release(inode, filp);
2003        if (retval != -ERESTARTSYS)
2004            return retval;
2005
2006        if (signal_pending(current))
2007            return retval;
2008
2009        schedule();
2010        /*
2011         * Need to reset f_op in case a hangup happened.
2012         */
2013        if (filp->f_op == &hung_up_tty_fops)
2014            filp->f_op = &tty_fops;
2015        goto retry_open;
2016    }
2017    tty_unlock(tty);
2018
2019
2020    mutex_lock(&tty_mutex);
2021    tty_lock(tty);
2022    spin_lock_irq(&current->sighand->siglock);
2023    if (!noctty &&
2024        current->signal->leader &&
2025        !current->signal->tty &&
2026        tty->session == NULL)
2027        __proc_set_tty(current, tty);
2028    spin_unlock_irq(&current->sighand->siglock);
2029    tty_unlock(tty);
2030    mutex_unlock(&tty_mutex);
2031    return 0;
2032err_unlock:
2033    mutex_unlock(&tty_mutex);
2034    /* after locks to avoid deadlock */
2035    if (!IS_ERR_OR_NULL(driver))
2036        tty_driver_kref_put(driver);
2037err_file:
2038    tty_free_file(filp);
2039    return retval;
2040}
2041
2042
2043
2044/**
2045 * tty_poll - check tty status
2046 * @filp: file being polled
2047 * @wait: poll wait structures to update
2048 *
2049 * Call the line discipline polling method to obtain the poll
2050 * status of the device.
2051 *
2052 * Locking: locks called line discipline but ldisc poll method
2053 * may be re-entered freely by other callers.
2054 */
2055
2056static unsigned int tty_poll(struct file *filp, poll_table *wait)
2057{
2058    struct tty_struct *tty = file_tty(filp);
2059    struct tty_ldisc *ld;
2060    int ret = 0;
2061
2062    if (tty_paranoia_check(tty, file_inode(filp), "tty_poll"))
2063        return 0;
2064
2065    ld = tty_ldisc_ref_wait(tty);
2066    if (ld->ops->poll)
2067        ret = (ld->ops->poll)(tty, filp, wait);
2068    tty_ldisc_deref(ld);
2069    return ret;
2070}
2071
2072static int __tty_fasync(int fd, struct file *filp, int on)
2073{
2074    struct tty_struct *tty = file_tty(filp);
2075    unsigned long flags;
2076    int retval = 0;
2077
2078    if (tty_paranoia_check(tty, file_inode(filp), "tty_fasync"))
2079        goto out;
2080
2081    retval = fasync_helper(fd, filp, on, &tty->fasync);
2082    if (retval <= 0)
2083        goto out;
2084
2085    if (on) {
2086        enum pid_type type;
2087        struct pid *pid;
2088        if (!waitqueue_active(&tty->read_wait))
2089            tty->minimum_to_wake = 1;
2090        spin_lock_irqsave(&tty->ctrl_lock, flags);
2091        if (tty->pgrp) {
2092            pid = tty->pgrp;
2093            type = PIDTYPE_PGID;
2094        } else {
2095            pid = task_pid(current);
2096            type = PIDTYPE_PID;
2097        }
2098        get_pid(pid);
2099        spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2100        retval = __f_setown(filp, pid, type, 0);
2101        put_pid(pid);
2102        if (retval)
2103            goto out;
2104    } else {
2105        if (!tty->fasync && !waitqueue_active(&tty->read_wait))
2106            tty->minimum_to_wake = N_TTY_BUF_SIZE;
2107    }
2108    retval = 0;
2109out:
2110    return retval;
2111}
2112
2113static int tty_fasync(int fd, struct file *filp, int on)
2114{
2115    struct tty_struct *tty = file_tty(filp);
2116    int retval;
2117
2118    tty_lock(tty);
2119    retval = __tty_fasync(fd, filp, on);
2120    tty_unlock(tty);
2121
2122    return retval;
2123}
2124
2125/**
2126 * tiocsti - fake input character
2127 * @tty: tty to fake input into
2128 * @p: pointer to character
2129 *
2130 * Fake input to a tty device. Does the necessary locking and
2131 * input management.
2132 *
2133 * FIXME: does not honour flow control ??
2134 *
2135 * Locking:
2136 * Called functions take tty_ldisc_lock
2137 * current->signal->tty check is safe without locks
2138 *
2139 * FIXME: may race normal receive processing
2140 */
2141
2142static int tiocsti(struct tty_struct *tty, char __user *p)
2143{
2144    char ch, mbz = 0;
2145    struct tty_ldisc *ld;
2146
2147    if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2148        return -EPERM;
2149    if (get_user(ch, p))
2150        return -EFAULT;
2151    tty_audit_tiocsti(tty, ch);
2152    ld = tty_ldisc_ref_wait(tty);
2153    ld->ops->receive_buf(tty, &ch, &mbz, 1);
2154    tty_ldisc_deref(ld);
2155    return 0;
2156}
2157
2158/**
2159 * tiocgwinsz - implement window query ioctl
2160 * @tty; tty
2161 * @arg: user buffer for result
2162 *
2163 * Copies the kernel idea of the window size into the user buffer.
2164 *
2165 * Locking: tty->termios_mutex is taken to ensure the winsize data
2166 * is consistent.
2167 */
2168
2169static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2170{
2171    int err;
2172
2173    mutex_lock(&tty->termios_mutex);
2174    err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2175    mutex_unlock(&tty->termios_mutex);
2176
2177    return err ? -EFAULT: 0;
2178}
2179
2180/**
2181 * tty_do_resize - resize event
2182 * @tty: tty being resized
2183 * @rows: rows (character)
2184 * @cols: cols (character)
2185 *
2186 * Update the termios variables and send the necessary signals to
2187 * peform a terminal resize correctly
2188 */
2189
2190int tty_do_resize(struct tty_struct *tty, struct winsize *ws)
2191{
2192    struct pid *pgrp;
2193    unsigned long flags;
2194
2195    /* Lock the tty */
2196    mutex_lock(&tty->termios_mutex);
2197    if (!memcmp(ws, &tty->winsize, sizeof(*ws)))
2198        goto done;
2199    /* Get the PID values and reference them so we can
2200       avoid holding the tty ctrl lock while sending signals */
2201    spin_lock_irqsave(&tty->ctrl_lock, flags);
2202    pgrp = get_pid(tty->pgrp);
2203    spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2204
2205    if (pgrp)
2206        kill_pgrp(pgrp, SIGWINCH, 1);
2207    put_pid(pgrp);
2208
2209    tty->winsize = *ws;
2210done:
2211    mutex_unlock(&tty->termios_mutex);
2212    return 0;
2213}
2214EXPORT_SYMBOL(tty_do_resize);
2215
2216/**
2217 * tiocswinsz - implement window size set ioctl
2218 * @tty; tty side of tty
2219 * @arg: user buffer for result
2220 *
2221 * Copies the user idea of the window size to the kernel. Traditionally
2222 * this is just advisory information but for the Linux console it
2223 * actually has driver level meaning and triggers a VC resize.
2224 *
2225 * Locking:
2226 * Driver dependent. The default do_resize method takes the
2227 * tty termios mutex and ctrl_lock. The console takes its own lock
2228 * then calls into the default method.
2229 */
2230
2231static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg)
2232{
2233    struct winsize tmp_ws;
2234    if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2235        return -EFAULT;
2236
2237    if (tty->ops->resize)
2238        return tty->ops->resize(tty, &tmp_ws);
2239    else
2240        return tty_do_resize(tty, &tmp_ws);
2241}
2242
2243/**
2244 * tioccons - allow admin to move logical console
2245 * @file: the file to become console
2246 *
2247 * Allow the administrator to move the redirected console device
2248 *
2249 * Locking: uses redirect_lock to guard the redirect information
2250 */
2251
2252static int tioccons(struct file *file)
2253{
2254    if (!capable(CAP_SYS_ADMIN))
2255        return -EPERM;
2256    if (file->f_op->write == redirected_tty_write) {
2257        struct file *f;
2258        spin_lock(&redirect_lock);
2259        f = redirect;
2260        redirect = NULL;
2261        spin_unlock(&redirect_lock);
2262        if (f)
2263            fput(f);
2264        return 0;
2265    }
2266    spin_lock(&redirect_lock);
2267    if (redirect) {
2268        spin_unlock(&redirect_lock);
2269        return -EBUSY;
2270    }
2271    redirect = get_file(file);
2272    spin_unlock(&redirect_lock);
2273    return 0;
2274}
2275
2276/**
2277 * fionbio - non blocking ioctl
2278 * @file: file to set blocking value
2279 * @p: user parameter
2280 *
2281 * Historical tty interfaces had a blocking control ioctl before
2282 * the generic functionality existed. This piece of history is preserved
2283 * in the expected tty API of posix OS's.
2284 *
2285 * Locking: none, the open file handle ensures it won't go away.
2286 */
2287
2288static int fionbio(struct file *file, int __user *p)
2289{
2290    int nonblock;
2291
2292    if (get_user(nonblock, p))
2293        return -EFAULT;
2294
2295    spin_lock(&file->f_lock);
2296    if (nonblock)
2297        file->f_flags |= O_NONBLOCK;
2298    else
2299        file->f_flags &= ~O_NONBLOCK;
2300    spin_unlock(&file->f_lock);
2301    return 0;
2302}
2303
2304/**
2305 * tiocsctty - set controlling tty
2306 * @tty: tty structure
2307 * @arg: user argument
2308 *
2309 * This ioctl is used to manage job control. It permits a session
2310 * leader to set this tty as the controlling tty for the session.
2311 *
2312 * Locking:
2313 * Takes tty_mutex() to protect tty instance
2314 * Takes tasklist_lock internally to walk sessions
2315 * Takes ->siglock() when updating signal->tty
2316 */
2317
2318static int tiocsctty(struct tty_struct *tty, int arg)
2319{
2320    int ret = 0;
2321    if (current->signal->leader && (task_session(current) == tty->session))
2322        return ret;
2323
2324    mutex_lock(&tty_mutex);
2325    /*
2326     * The process must be a session leader and
2327     * not have a controlling tty already.
2328     */
2329    if (!current->signal->leader || current->signal->tty) {
2330        ret = -EPERM;
2331        goto unlock;
2332    }
2333
2334    if (tty->session) {
2335        /*
2336         * This tty is already the controlling
2337         * tty for another session group!
2338         */
2339        if (arg == 1 && capable(CAP_SYS_ADMIN)) {
2340            /*
2341             * Steal it away
2342             */
2343            read_lock(&tasklist_lock);
2344            session_clear_tty(tty->session);
2345            read_unlock(&tasklist_lock);
2346        } else {
2347            ret = -EPERM;
2348            goto unlock;
2349        }
2350    }
2351    proc_set_tty(current, tty);
2352unlock:
2353    mutex_unlock(&tty_mutex);
2354    return ret;
2355}
2356
2357/**
2358 * tty_get_pgrp - return a ref counted pgrp pid
2359 * @tty: tty to read
2360 *
2361 * Returns a refcounted instance of the pid struct for the process
2362 * group controlling the tty.
2363 */
2364
2365struct pid *tty_get_pgrp(struct tty_struct *tty)
2366{
2367    unsigned long flags;
2368    struct pid *pgrp;
2369
2370    spin_lock_irqsave(&tty->ctrl_lock, flags);
2371    pgrp = get_pid(tty->pgrp);
2372    spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2373
2374    return pgrp;
2375}
2376EXPORT_SYMBOL_GPL(tty_get_pgrp);
2377
2378/**
2379 * tiocgpgrp - get process group
2380 * @tty: tty passed by user
2381 * @real_tty: tty side of the tty passed by the user if a pty else the tty
2382 * @p: returned pid
2383 *
2384 * Obtain the process group of the tty. If there is no process group
2385 * return an error.
2386 *
2387 * Locking: none. Reference to current->signal->tty is safe.
2388 */
2389
2390static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2391{
2392    struct pid *pid;
2393    int ret;
2394    /*
2395     * (tty == real_tty) is a cheap way of
2396     * testing if the tty is NOT a master pty.
2397     */
2398    if (tty == real_tty && current->signal->tty != real_tty)
2399        return -ENOTTY;
2400    pid = tty_get_pgrp(real_tty);
2401    ret = put_user(pid_vnr(pid), p);
2402    put_pid(pid);
2403    return ret;
2404}
2405
2406/**
2407 * tiocspgrp - attempt to set process group
2408 * @tty: tty passed by user
2409 * @real_tty: tty side device matching tty passed by user
2410 * @p: pid pointer
2411 *
2412 * Set the process group of the tty to the session passed. Only
2413 * permitted where the tty session is our session.
2414 *
2415 * Locking: RCU, ctrl lock
2416 */
2417
2418static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2419{
2420    struct pid *pgrp;
2421    pid_t pgrp_nr;
2422    int retval = tty_check_change(real_tty);
2423    unsigned long flags;
2424
2425    if (retval == -EIO)
2426        return -ENOTTY;
2427    if (retval)
2428        return retval;
2429    if (!current->signal->tty ||
2430        (current->signal->tty != real_tty) ||
2431        (real_tty->session != task_session(current)))
2432        return -ENOTTY;
2433    if (get_user(pgrp_nr, p))
2434        return -EFAULT;
2435    if (pgrp_nr < 0)
2436        return -EINVAL;
2437    rcu_read_lock();
2438    pgrp = find_vpid(pgrp_nr);
2439    retval = -ESRCH;
2440    if (!pgrp)
2441        goto out_unlock;
2442    retval = -EPERM;
2443    if (session_of_pgrp(pgrp) != task_session(current))
2444        goto out_unlock;
2445    retval = 0;
2446    spin_lock_irqsave(&tty->ctrl_lock, flags);
2447    put_pid(real_tty->pgrp);
2448    real_tty->pgrp = get_pid(pgrp);
2449    spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2450out_unlock:
2451    rcu_read_unlock();
2452    return retval;
2453}
2454
2455/**
2456 * tiocgsid - get session id
2457 * @tty: tty passed by user
2458 * @real_tty: tty side of the tty passed by the user if a pty else the tty
2459 * @p: pointer to returned session id
2460 *
2461 * Obtain the session id of the tty. If there is no session
2462 * return an error.
2463 *
2464 * Locking: none. Reference to current->signal->tty is safe.
2465 */
2466
2467static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2468{
2469    /*
2470     * (tty == real_tty) is a cheap way of
2471     * testing if the tty is NOT a master pty.
2472    */
2473    if (tty == real_tty && current->signal->tty != real_tty)
2474        return -ENOTTY;
2475    if (!real_tty->session)
2476        return -ENOTTY;
2477    return put_user(pid_vnr(real_tty->session), p);
2478}
2479
2480/**
2481 * tiocsetd - set line discipline
2482 * @tty: tty device
2483 * @p: pointer to user data
2484 *
2485 * Set the line discipline according to user request.
2486 *
2487 * Locking: see tty_set_ldisc, this function is just a helper
2488 */
2489
2490static int tiocsetd(struct tty_struct *tty, int __user *p)
2491{
2492    int ldisc;
2493    int ret;
2494
2495    if (get_user(ldisc, p))
2496        return -EFAULT;
2497
2498    ret = tty_set_ldisc(tty, ldisc);
2499
2500    return ret;
2501}
2502
2503/**
2504 * send_break - performed time break
2505 * @tty: device to break on
2506 * @duration: timeout in mS
2507 *
2508 * Perform a timed break on hardware that lacks its own driver level
2509 * timed break functionality.
2510 *
2511 * Locking:
2512 * atomic_write_lock serializes
2513 *
2514 */
2515
2516static int send_break(struct tty_struct *tty, unsigned int duration)
2517{
2518    int retval;
2519
2520    if (tty->ops->break_ctl == NULL)
2521        return 0;
2522
2523    if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
2524        retval = tty->ops->break_ctl(tty, duration);
2525    else {
2526        /* Do the work ourselves */
2527        if (tty_write_lock(tty, 0) < 0)
2528            return -EINTR;
2529        retval = tty->ops->break_ctl(tty, -1);
2530        if (retval)
2531            goto out;
2532        if (!signal_pending(current))
2533            msleep_interruptible(duration);
2534        retval = tty->ops->break_ctl(tty, 0);
2535out:
2536        tty_write_unlock(tty);
2537        if (signal_pending(current))
2538            retval = -EINTR;
2539    }
2540    return retval;
2541}
2542
2543/**
2544 * tty_tiocmget - get modem status
2545 * @tty: tty device
2546 * @file: user file pointer
2547 * @p: pointer to result
2548 *
2549 * Obtain the modem status bits from the tty driver if the feature
2550 * is supported. Return -EINVAL if it is not available.
2551 *
2552 * Locking: none (up to the driver)
2553 */
2554
2555static int tty_tiocmget(struct tty_struct *tty, int __user *p)
2556{
2557    int retval = -EINVAL;
2558
2559    if (tty->ops->tiocmget) {
2560        retval = tty->ops->tiocmget(tty);
2561
2562        if (retval >= 0)
2563            retval = put_user(retval, p);
2564    }
2565    return retval;
2566}
2567
2568/**
2569 * tty_tiocmset - set modem status
2570 * @tty: tty device
2571 * @cmd: command - clear bits, set bits or set all
2572 * @p: pointer to desired bits
2573 *
2574 * Set the modem status bits from the tty driver if the feature
2575 * is supported. Return -EINVAL if it is not available.
2576 *
2577 * Locking: none (up to the driver)
2578 */
2579
2580static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd,
2581         unsigned __user *p)
2582{
2583    int retval;
2584    unsigned int set, clear, val;
2585
2586    if (tty->ops->tiocmset == NULL)
2587        return -EINVAL;
2588
2589    retval = get_user(val, p);
2590    if (retval)
2591        return retval;
2592    set = clear = 0;
2593    switch (cmd) {
2594    case TIOCMBIS:
2595        set = val;
2596        break;
2597    case TIOCMBIC:
2598        clear = val;
2599        break;
2600    case TIOCMSET:
2601        set = val;
2602        clear = ~val;
2603        break;
2604    }
2605    set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2606    clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2607    return tty->ops->tiocmset(tty, set, clear);
2608}
2609
2610static int tty_tiocgicount(struct tty_struct *tty, void __user *arg)
2611{
2612    int retval = -EINVAL;
2613    struct serial_icounter_struct icount;
2614    memset(&icount, 0, sizeof(icount));
2615    if (tty->ops->get_icount)
2616        retval = tty->ops->get_icount(tty, &icount);
2617    if (retval != 0)
2618        return retval;
2619    if (copy_to_user(arg, &icount, sizeof(icount)))
2620        return -EFAULT;
2621    return 0;
2622}
2623
2624struct tty_struct *tty_pair_get_tty(struct tty_struct *tty)
2625{
2626    if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2627        tty->driver->subtype == PTY_TYPE_MASTER)
2628        tty = tty->link;
2629    return tty;
2630}
2631EXPORT_SYMBOL(tty_pair_get_tty);
2632
2633struct tty_struct *tty_pair_get_pty(struct tty_struct *tty)
2634{
2635    if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2636        tty->driver->subtype == PTY_TYPE_MASTER)
2637        return tty;
2638    return tty->link;
2639}
2640EXPORT_SYMBOL(tty_pair_get_pty);
2641
2642/*
2643 * Split this up, as gcc can choke on it otherwise..
2644 */
2645long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2646{
2647    struct tty_struct *tty = file_tty(file);
2648    struct tty_struct *real_tty;
2649    void __user *p = (void __user *)arg;
2650    int retval;
2651    struct tty_ldisc *ld;
2652
2653    if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2654        return -EINVAL;
2655
2656    real_tty = tty_pair_get_tty(tty);
2657
2658    /*
2659     * Factor out some common prep work
2660     */
2661    switch (cmd) {
2662    case TIOCSETD:
2663    case TIOCSBRK:
2664    case TIOCCBRK:
2665    case TCSBRK:
2666    case TCSBRKP:
2667        retval = tty_check_change(tty);
2668        if (retval)
2669            return retval;
2670        if (cmd != TIOCCBRK) {
2671            tty_wait_until_sent(tty, 0);
2672            if (signal_pending(current))
2673                return -EINTR;
2674        }
2675        break;
2676    }
2677
2678    /*
2679     * Now do the stuff.
2680     */
2681    switch (cmd) {
2682    case TIOCSTI:
2683        return tiocsti(tty, p);
2684    case TIOCGWINSZ:
2685        return tiocgwinsz(real_tty, p);
2686    case TIOCSWINSZ:
2687        return tiocswinsz(real_tty, p);
2688    case TIOCCONS:
2689        return real_tty != tty ? -EINVAL : tioccons(file);
2690    case FIONBIO:
2691        return fionbio(file, p);
2692    case TIOCEXCL:
2693        set_bit(TTY_EXCLUSIVE, &tty->flags);
2694        return 0;
2695    case TIOCNXCL:
2696        clear_bit(TTY_EXCLUSIVE, &tty->flags);
2697        return 0;
2698    case TIOCGEXCL:
2699    {
2700        int excl = test_bit(TTY_EXCLUSIVE, &tty->flags);
2701        return put_user(excl, (int __user *)p);
2702    }
2703    case TIOCNOTTY:
2704        if (current->signal->tty != tty)
2705            return -ENOTTY;
2706        no_tty();
2707        return 0;
2708    case TIOCSCTTY:
2709        return tiocsctty(tty, arg);
2710    case TIOCGPGRP:
2711        return tiocgpgrp(tty, real_tty, p);
2712    case TIOCSPGRP:
2713        return tiocspgrp(tty, real_tty, p);
2714    case TIOCGSID:
2715        return tiocgsid(tty, real_tty, p);
2716    case TIOCGETD:
2717        return put_user(tty->ldisc->ops->num, (int __user *)p);
2718    case TIOCSETD:
2719        return tiocsetd(tty, p);
2720    case TIOCVHANGUP:
2721        if (!capable(CAP_SYS_ADMIN))
2722            return -EPERM;
2723        tty_vhangup(tty);
2724        return 0;
2725    case TIOCGDEV:
2726    {
2727        unsigned int ret = new_encode_dev(tty_devnum(real_tty));
2728        return put_user(ret, (unsigned int __user *)p);
2729    }
2730    /*
2731     * Break handling
2732     */
2733    case TIOCSBRK: /* Turn break on, unconditionally */
2734        if (tty->ops->break_ctl)
2735            return tty->ops->break_ctl(tty, -1);
2736        return 0;
2737    case TIOCCBRK: /* Turn break off, unconditionally */
2738        if (tty->ops->break_ctl)
2739            return tty->ops->break_ctl(tty, 0);
2740        return 0;
2741    case TCSBRK: /* SVID version: non-zero arg --> no break */
2742        /* non-zero arg means wait for all output data
2743         * to be sent (performed above) but don't send break.
2744         * This is used by the tcdrain() termios function.
2745         */
2746        if (!arg)
2747            return send_break(tty, 250);
2748        return 0;
2749    case TCSBRKP: /* support for POSIX tcsendbreak() */
2750        return send_break(tty, arg ? arg*100 : 250);
2751
2752    case TIOCMGET:
2753        return tty_tiocmget(tty, p);
2754    case TIOCMSET:
2755    case TIOCMBIC:
2756    case TIOCMBIS:
2757        return tty_tiocmset(tty, cmd, p);
2758    case TIOCGICOUNT:
2759        retval = tty_tiocgicount(tty, p);
2760        /* For the moment allow fall through to the old method */
2761            if (retval != -EINVAL)
2762            return retval;
2763        break;
2764    case TCFLSH:
2765        switch (arg) {
2766        case TCIFLUSH:
2767        case TCIOFLUSH:
2768        /* flush tty buffer and allow ldisc to process ioctl */
2769            tty_buffer_flush(tty);
2770            break;
2771        }
2772        break;
2773    }
2774    if (tty->ops->ioctl) {
2775        retval = (tty->ops->ioctl)(tty, cmd, arg);
2776        if (retval != -ENOIOCTLCMD)
2777            return retval;
2778    }
2779    ld = tty_ldisc_ref_wait(tty);
2780    retval = -EINVAL;
2781    if (ld->ops->ioctl) {
2782        retval = ld->ops->ioctl(tty, file, cmd, arg);
2783        if (retval == -ENOIOCTLCMD)
2784            retval = -ENOTTY;
2785    }
2786    tty_ldisc_deref(ld);
2787    return retval;
2788}
2789
2790#ifdef CONFIG_COMPAT
2791static long tty_compat_ioctl(struct file *file, unsigned int cmd,
2792                unsigned long arg)
2793{
2794    struct tty_struct *tty = file_tty(file);
2795    struct tty_ldisc *ld;
2796    int retval = -ENOIOCTLCMD;
2797
2798    if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2799        return -EINVAL;
2800
2801    if (tty->ops->compat_ioctl) {
2802        retval = (tty->ops->compat_ioctl)(tty, cmd, arg);
2803        if (retval != -ENOIOCTLCMD)
2804            return retval;
2805    }
2806
2807    ld = tty_ldisc_ref_wait(tty);
2808    if (ld->ops->compat_ioctl)
2809        retval = ld->ops->compat_ioctl(tty, file, cmd, arg);
2810    else
2811        retval = n_tty_compat_ioctl_helper(tty, file, cmd, arg);
2812    tty_ldisc_deref(ld);
2813
2814    return retval;
2815}
2816#endif
2817
2818static int this_tty(const void *t, struct file *file, unsigned fd)
2819{
2820    if (likely(file->f_op->read != tty_read))
2821        return 0;
2822    return file_tty(file) != t ? 0 : fd + 1;
2823}
2824    
2825/*
2826 * This implements the "Secure Attention Key" --- the idea is to
2827 * prevent trojan horses by killing all processes associated with this
2828 * tty when the user hits the "Secure Attention Key". Required for
2829 * super-paranoid applications --- see the Orange Book for more details.
2830 *
2831 * This code could be nicer; ideally it should send a HUP, wait a few
2832 * seconds, then send a INT, and then a KILL signal. But you then
2833 * have to coordinate with the init process, since all processes associated
2834 * with the current tty must be dead before the new getty is allowed
2835 * to spawn.
2836 *
2837 * Now, if it would be correct ;-/ The current code has a nasty hole -
2838 * it doesn't catch files in flight. We may send the descriptor to ourselves
2839 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
2840 *
2841 * Nasty bug: do_SAK is being called in interrupt context. This can
2842 * deadlock. We punt it up to process context. AKPM - 16Mar2001
2843 */
2844void __do_SAK(struct tty_struct *tty)
2845{
2846#ifdef TTY_SOFT_SAK
2847    tty_hangup(tty);
2848#else
2849    struct task_struct *g, *p;
2850    struct pid *session;
2851    int i;
2852
2853    if (!tty)
2854        return;
2855    session = tty->session;
2856
2857    tty_ldisc_flush(tty);
2858
2859    tty_driver_flush_buffer(tty);
2860
2861    read_lock(&tasklist_lock);
2862    /* Kill the entire session */
2863    do_each_pid_task(session, PIDTYPE_SID, p) {
2864        printk(KERN_NOTICE "SAK: killed process %d"
2865            " (%s): task_session(p)==tty->session\n",
2866            task_pid_nr(p), p->comm);
2867        send_sig(SIGKILL, p, 1);
2868    } while_each_pid_task(session, PIDTYPE_SID, p);
2869    /* Now kill any processes that happen to have the
2870     * tty open.
2871     */
2872    do_each_thread(g, p) {
2873        if (p->signal->tty == tty) {
2874            printk(KERN_NOTICE "SAK: killed process %d"
2875                " (%s): task_session(p)==tty->session\n",
2876                task_pid_nr(p), p->comm);
2877            send_sig(SIGKILL, p, 1);
2878            continue;
2879        }
2880        task_lock(p);
2881        i = iterate_fd(p->files, 0, this_tty, tty);
2882        if (i != 0) {
2883            printk(KERN_NOTICE "SAK: killed process %d"
2884                " (%s): fd#%d opened to the tty\n",
2885                    task_pid_nr(p), p->comm, i - 1);
2886            force_sig(SIGKILL, p);
2887        }
2888        task_unlock(p);
2889    } while_each_thread(g, p);
2890    read_unlock(&tasklist_lock);
2891#endif
2892}
2893
2894static void do_SAK_work(struct work_struct *work)
2895{
2896    struct tty_struct *tty =
2897        container_of(work, struct tty_struct, SAK_work);
2898    __do_SAK(tty);
2899}
2900
2901/*
2902 * The tq handling here is a little racy - tty->SAK_work may already be queued.
2903 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
2904 * the values which we write to it will be identical to the values which it
2905 * already has. --akpm
2906 */
2907void do_SAK(struct tty_struct *tty)
2908{
2909    if (!tty)
2910        return;
2911    schedule_work(&tty->SAK_work);
2912}
2913
2914EXPORT_SYMBOL(do_SAK);
2915
2916static int dev_match_devt(struct device *dev, const void *data)
2917{
2918    const dev_t *devt = data;
2919    return dev->devt == *devt;
2920}
2921
2922/* Must put_device() after it's unused! */
2923static struct device *tty_get_device(struct tty_struct *tty)
2924{
2925    dev_t devt = tty_devnum(tty);
2926    return class_find_device(tty_class, NULL, &devt, dev_match_devt);
2927}
2928
2929
2930/**
2931 * initialize_tty_struct
2932 * @tty: tty to initialize
2933 *
2934 * This subroutine initializes a tty structure that has been newly
2935 * allocated.
2936 *
2937 * Locking: none - tty in question must not be exposed at this point
2938 */
2939
2940void initialize_tty_struct(struct tty_struct *tty,
2941        struct tty_driver *driver, int idx)
2942{
2943    memset(tty, 0, sizeof(struct tty_struct));
2944    kref_init(&tty->kref);
2945    tty->magic = TTY_MAGIC;
2946    tty_ldisc_init(tty);
2947    tty->session = NULL;
2948    tty->pgrp = NULL;
2949    mutex_init(&tty->legacy_mutex);
2950    mutex_init(&tty->termios_mutex);
2951    mutex_init(&tty->ldisc_mutex);
2952    init_waitqueue_head(&tty->write_wait);
2953    init_waitqueue_head(&tty->read_wait);
2954    INIT_WORK(&tty->hangup_work, do_tty_hangup);
2955    mutex_init(&tty->atomic_write_lock);
2956    spin_lock_init(&tty->ctrl_lock);
2957    INIT_LIST_HEAD(&tty->tty_files);
2958    INIT_WORK(&tty->SAK_work, do_SAK_work);
2959
2960    tty->driver = driver;
2961    tty->ops = driver->ops;
2962    tty->index = idx;
2963    tty_line_name(driver, idx, tty->name);
2964    tty->dev = tty_get_device(tty);
2965}
2966
2967/**
2968 * deinitialize_tty_struct
2969 * @tty: tty to deinitialize
2970 *
2971 * This subroutine deinitializes a tty structure that has been newly
2972 * allocated but tty_release cannot be called on that yet.
2973 *
2974 * Locking: none - tty in question must not be exposed at this point
2975 */
2976void deinitialize_tty_struct(struct tty_struct *tty)
2977{
2978    tty_ldisc_deinit(tty);
2979}
2980
2981/**
2982 * tty_put_char - write one character to a tty
2983 * @tty: tty
2984 * @ch: character
2985 *
2986 * Write one byte to the tty using the provided put_char method
2987 * if present. Returns the number of characters successfully output.
2988 *
2989 * Note: the specific put_char operation in the driver layer may go
2990 * away soon. Don't call it directly, use this method
2991 */
2992
2993int tty_put_char(struct tty_struct *tty, unsigned char ch)
2994{
2995    if (tty->ops->put_char)
2996        return tty->ops->put_char(tty, ch);
2997    return tty->ops->write(tty, &ch, 1);
2998}
2999EXPORT_SYMBOL_GPL(tty_put_char);
3000
3001struct class *tty_class;
3002
3003static int tty_cdev_add(struct tty_driver *driver, dev_t dev,
3004        unsigned int index, unsigned int count)
3005{
3006    /* init here, since reused cdevs cause crashes */
3007    cdev_init(&driver->cdevs[index], &tty_fops);
3008    driver->cdevs[index].owner = driver->owner;
3009    return cdev_add(&driver->cdevs[index], dev, count);
3010}
3011
3012/**
3013 * tty_register_device - register a tty device
3014 * @driver: the tty driver that describes the tty device
3015 * @index: the index in the tty driver for this tty device
3016 * @device: a struct device that is associated with this tty device.
3017 * This field is optional, if there is no known struct device
3018 * for this tty device it can be set to NULL safely.
3019 *
3020 * Returns a pointer to the struct device for this tty device
3021 * (or ERR_PTR(-EFOO) on error).
3022 *
3023 * This call is required to be made to register an individual tty device
3024 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3025 * that bit is not set, this function should not be called by a tty
3026 * driver.
3027 *
3028 * Locking: ??
3029 */
3030
3031struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3032                   struct device *device)
3033{
3034    return tty_register_device_attr(driver, index, device, NULL, NULL);
3035}
3036EXPORT_SYMBOL(tty_register_device);
3037
3038static void tty_device_create_release(struct device *dev)
3039{
3040    pr_debug("device: '%s': %s\n", dev_name(dev), __func__);
3041    kfree(dev);
3042}
3043
3044/**
3045 * tty_register_device_attr - register a tty device
3046 * @driver: the tty driver that describes the tty device
3047 * @index: the index in the tty driver for this tty device
3048 * @device: a struct device that is associated with this tty device.
3049 * This field is optional, if there is no known struct device
3050 * for this tty device it can be set to NULL safely.
3051 * @drvdata: Driver data to be set to device.
3052 * @attr_grp: Attribute group to be set on device.
3053 *
3054 * Returns a pointer to the struct device for this tty device
3055 * (or ERR_PTR(-EFOO) on error).
3056 *
3057 * This call is required to be made to register an individual tty device
3058 * if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3059 * that bit is not set, this function should not be called by a tty
3060 * driver.
3061 *
3062 * Locking: ??
3063 */
3064struct device *tty_register_device_attr(struct tty_driver *driver,
3065                   unsigned index, struct device *device,
3066                   void *drvdata,
3067                   const struct attribute_group **attr_grp)
3068{
3069    char name[64];
3070    dev_t devt = MKDEV(driver->major, driver->minor_start) + index;
3071    struct device *dev = NULL;
3072    int retval = -ENODEV;
3073    bool cdev = false;
3074
3075    if (index >= driver->num) {
3076        printk(KERN_ERR "Attempt to register invalid tty line number "
3077               " (%d).\n", index);
3078        return ERR_PTR(-EINVAL);
3079    }
3080
3081    if (driver->type == TTY_DRIVER_TYPE_PTY)
3082        pty_line_name(driver, index, name);
3083    else
3084        tty_line_name(driver, index, name);
3085
3086    if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3087        retval = tty_cdev_add(driver, devt, index, 1);
3088        if (retval)
3089            goto error;
3090        cdev = true;
3091    }
3092
3093    dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3094    if (!dev) {
3095        retval = -ENOMEM;
3096        goto error;
3097    }
3098
3099    dev->devt = devt;
3100    dev->class = tty_class;
3101    dev->parent = device;
3102    dev->release = tty_device_create_release;
3103    dev_set_name(dev, "%s", name);
3104    dev->groups = attr_grp;
3105    dev_set_drvdata(dev, drvdata);
3106
3107    retval = device_register(dev);
3108    if (retval)
3109        goto error;
3110
3111    return dev;
3112
3113error:
3114    put_device(dev);
3115    if (cdev)
3116        cdev_del(&driver->cdevs[index]);
3117    return ERR_PTR(retval);
3118}
3119EXPORT_SYMBOL_GPL(tty_register_device_attr);
3120
3121/**
3122 * tty_unregister_device - unregister a tty device
3123 * @driver: the tty driver that describes the tty device
3124 * @index: the index in the tty driver for this tty device
3125 *
3126 * If a tty device is registered with a call to tty_register_device() then
3127 * this function must be called when the tty device is gone.
3128 *
3129 * Locking: ??
3130 */
3131
3132void tty_unregister_device(struct tty_driver *driver, unsigned index)
3133{
3134    device_destroy(tty_class,
3135        MKDEV(driver->major, driver->minor_start) + index);
3136    if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC))
3137        cdev_del(&driver->cdevs[index]);
3138}
3139EXPORT_SYMBOL(tty_unregister_device);
3140
3141/**
3142 * __tty_alloc_driver -- allocate tty driver
3143 * @lines: count of lines this driver can handle at most
3144 * @owner: module which is repsonsible for this driver
3145 * @flags: some of TTY_DRIVER_* flags, will be set in driver->flags
3146 *
3147 * This should not be called directly, some of the provided macros should be
3148 * used instead. Use IS_ERR and friends on @retval.
3149 */
3150struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner,
3151        unsigned long flags)
3152{
3153    struct tty_driver *driver;
3154    unsigned int cdevs = 1;
3155    int err;
3156
3157    if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1))
3158        return ERR_PTR(-EINVAL);
3159
3160    driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL);
3161    if (!driver)
3162        return ERR_PTR(-ENOMEM);
3163
3164    kref_init(&driver->kref);
3165    driver->magic = TTY_DRIVER_MAGIC;
3166    driver->num = lines;
3167    driver->owner = owner;
3168    driver->flags = flags;
3169
3170    if (!(flags & TTY_DRIVER_DEVPTS_MEM)) {
3171        driver->ttys = kcalloc(lines, sizeof(*driver->ttys),
3172                GFP_KERNEL);
3173        driver->termios = kcalloc(lines, sizeof(*driver->termios),
3174                GFP_KERNEL);
3175        if (!driver->ttys || !driver->termios) {
3176            err = -ENOMEM;
3177            goto err_free_all;
3178        }
3179    }
3180
3181    if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3182        driver->ports = kcalloc(lines, sizeof(*driver->ports),
3183                GFP_KERNEL);
3184        if (!driver->ports) {
3185            err = -ENOMEM;
3186            goto err_free_all;
3187        }
3188        cdevs = lines;
3189    }
3190
3191    driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL);
3192    if (!driver->cdevs) {
3193        err = -ENOMEM;
3194        goto err_free_all;
3195    }
3196
3197    return driver;
3198err_free_all:
3199    kfree(driver->ports);
3200    kfree(driver->ttys);
3201    kfree(driver->termios);
3202    kfree(driver);
3203    return ERR_PTR(err);
3204}
3205EXPORT_SYMBOL(__tty_alloc_driver);
3206
3207static void destruct_tty_driver(struct kref *kref)
3208{
3209    struct tty_driver *driver = container_of(kref, struct tty_driver, kref);
3210    int i;
3211    struct ktermios *tp;
3212
3213    if (driver->flags & TTY_DRIVER_INSTALLED) {
3214        /*
3215         * Free the termios and termios_locked structures because
3216         * we don't want to get memory leaks when modular tty
3217         * drivers are removed from the kernel.
3218         */
3219        for (i = 0; i < driver->num; i++) {
3220            tp = driver->termios[i];
3221            if (tp) {
3222                driver->termios[i] = NULL;
3223                kfree(tp);
3224            }
3225            if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3226                tty_unregister_device(driver, i);
3227        }
3228        proc_tty_unregister_driver(driver);
3229        if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)
3230            cdev_del(&driver->cdevs[0]);
3231    }
3232    kfree(driver->cdevs);
3233    kfree(driver->ports);
3234    kfree(driver->termios);
3235    kfree(driver->ttys);
3236    kfree(driver);
3237}
3238
3239void tty_driver_kref_put(struct tty_driver *driver)
3240{
3241    kref_put(&driver->kref, destruct_tty_driver);
3242}
3243EXPORT_SYMBOL(tty_driver_kref_put);
3244
3245void tty_set_operations(struct tty_driver *driver,
3246            const struct tty_operations *op)
3247{
3248    driver->ops = op;
3249};
3250EXPORT_SYMBOL(tty_set_operations);
3251
3252void put_tty_driver(struct tty_driver *d)
3253{
3254    tty_driver_kref_put(d);
3255}
3256EXPORT_SYMBOL(put_tty_driver);
3257
3258/*
3259 * Called by a tty driver to register itself.
3260 */
3261int tty_register_driver(struct tty_driver *driver)
3262{
3263    int error;
3264    int i;
3265    dev_t dev;
3266    struct device *d;
3267
3268    if (!driver->major) {
3269        error = alloc_chrdev_region(&dev, driver->minor_start,
3270                        driver->num, driver->name);
3271        if (!error) {
3272            driver->major = MAJOR(dev);
3273            driver->minor_start = MINOR(dev);
3274        }
3275    } else {
3276        dev = MKDEV(driver->major, driver->minor_start);
3277        error = register_chrdev_region(dev, driver->num, driver->name);
3278    }
3279    if (error < 0)
3280        goto err;
3281
3282    if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) {
3283        error = tty_cdev_add(driver, dev, 0, driver->num);
3284        if (error)
3285            goto err_unreg_char;
3286    }
3287
3288    mutex_lock(&tty_mutex);
3289    list_add(&driver->tty_drivers, &tty_drivers);
3290    mutex_unlock(&tty_mutex);
3291
3292    if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
3293        for (i = 0; i < driver->num; i++) {
3294            d = tty_register_device(driver, i, NULL);
3295            if (IS_ERR(d)) {
3296                error = PTR_ERR(d);
3297                goto err_unreg_devs;
3298            }
3299        }
3300    }
3301    proc_tty_register_driver(driver);
3302    driver->flags |= TTY_DRIVER_INSTALLED;
3303    return 0;
3304
3305err_unreg_devs:
3306    for (i--; i >= 0; i--)
3307        tty_unregister_device(driver, i);
3308
3309    mutex_lock(&tty_mutex);
3310    list_del(&driver->tty_drivers);
3311    mutex_unlock(&tty_mutex);
3312
3313err_unreg_char:
3314    unregister_chrdev_region(dev, driver->num);
3315err:
3316    return error;
3317}
3318EXPORT_SYMBOL(tty_register_driver);
3319
3320/*
3321 * Called by a tty driver to unregister itself.
3322 */
3323int tty_unregister_driver(struct tty_driver *driver)
3324{
3325#if 0
3326    /* FIXME */
3327    if (driver->refcount)
3328        return -EBUSY;
3329#endif
3330    unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3331                driver->num);
3332    mutex_lock(&tty_mutex);
3333    list_del(&driver->tty_drivers);
3334    mutex_unlock(&tty_mutex);
3335    return 0;
3336}
3337
3338EXPORT_SYMBOL(tty_unregister_driver);
3339
3340dev_t tty_devnum(struct tty_struct *tty)
3341{
3342    return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3343}
3344EXPORT_SYMBOL(tty_devnum);
3345
3346void proc_clear_tty(struct task_struct *p)
3347{
3348    unsigned long flags;
3349    struct tty_struct *tty;
3350    spin_lock_irqsave(&p->sighand->siglock, flags);
3351    tty = p->signal->tty;
3352    p->signal->tty = NULL;
3353    spin_unlock_irqrestore(&p->sighand->siglock, flags);
3354    tty_kref_put(tty);
3355}
3356
3357/* Called under the sighand lock */
3358
3359static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
3360{
3361    if (tty) {
3362        unsigned long flags;
3363        /* We should not have a session or pgrp to put here but.... */
3364        spin_lock_irqsave(&tty->ctrl_lock, flags);
3365        put_pid(tty->session);
3366        put_pid(tty->pgrp);
3367        tty->pgrp = get_pid(task_pgrp(tsk));
3368        spin_unlock_irqrestore(&tty->ctrl_lock, flags);
3369        tty->session = get_pid(task_session(tsk));
3370        if (tsk->signal->tty) {
3371            printk(KERN_DEBUG "tty not NULL!!\n");
3372            tty_kref_put(tsk->signal->tty);
3373        }
3374    }
3375    put_pid(tsk->signal->tty_old_pgrp);
3376    tsk->signal->tty = tty_kref_get(tty);
3377    tsk->signal->tty_old_pgrp = NULL;
3378}
3379
3380static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
3381{
3382    spin_lock_irq(&tsk->sighand->siglock);
3383    __proc_set_tty(tsk, tty);
3384    spin_unlock_irq(&tsk->sighand->siglock);
3385}
3386
3387struct tty_struct *get_current_tty(void)
3388{
3389    struct tty_struct *tty;
3390    unsigned long flags;
3391
3392    spin_lock_irqsave(&current->sighand->siglock, flags);
3393    tty = tty_kref_get(current->signal->tty);
3394    spin_unlock_irqrestore(&current->sighand->siglock, flags);
3395    return tty;
3396}
3397EXPORT_SYMBOL_GPL(get_current_tty);
3398
3399void tty_default_fops(struct file_operations *fops)
3400{
3401    *fops = tty_fops;
3402}
3403
3404/*
3405 * Initialize the console device. This is called *early*, so
3406 * we can't necessarily depend on lots of kernel help here.
3407 * Just do some early initializations, and do the complex setup
3408 * later.
3409 */
3410void __init console_init(void)
3411{
3412    initcall_t *call;
3413
3414    /* Setup the default TTY line discipline. */
3415    tty_ldisc_begin();
3416
3417    /*
3418     * set up the console device so that later boot sequences can
3419     * inform about problems etc..
3420     */
3421    call = __con_initcall_start;
3422    while (call < __con_initcall_end) {
3423        (*call)();
3424        call++;
3425    }
3426}
3427
3428static char *tty_devnode(struct device *dev, umode_t *mode)
3429{
3430    if (!mode)
3431        return NULL;
3432    if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) ||
3433        dev->devt == MKDEV(TTYAUX_MAJOR, 2))
3434        *mode = 0666;
3435    return NULL;
3436}
3437
3438static int __init tty_class_init(void)
3439{
3440    tty_class = class_create(THIS_MODULE, "tty");
3441    if (IS_ERR(tty_class))
3442        return PTR_ERR(tty_class);
3443    tty_class->devnode = tty_devnode;
3444    return 0;
3445}
3446
3447postcore_initcall(tty_class_init);
3448
3449/* 3/2004 jmc: why do these devices exist? */
3450static struct cdev tty_cdev, console_cdev;
3451
3452static ssize_t show_cons_active(struct device *dev,
3453                struct device_attribute *attr, char *buf)
3454{
3455    struct console *cs[16];
3456    int i = 0;
3457    struct console *c;
3458    ssize_t count = 0;
3459
3460    console_lock();
3461    for_each_console(c) {
3462        if (!c->device)
3463            continue;
3464        if (!c->write)
3465            continue;
3466        if ((c->flags & CON_ENABLED) == 0)
3467            continue;
3468        cs[i++] = c;
3469        if (i >= ARRAY_SIZE(cs))
3470            break;
3471    }
3472    while (i--)
3473        count += sprintf(buf + count, "%s%d%c",
3474                 cs[i]->name, cs[i]->index, i ? ' ':'\n');
3475    console_unlock();
3476
3477    return count;
3478}
3479static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL);
3480
3481static struct device *consdev;
3482
3483void console_sysfs_notify(void)
3484{
3485    if (consdev)
3486        sysfs_notify(&consdev->kobj, NULL, "active");
3487}
3488
3489/*
3490 * Ok, now we can initialize the rest of the tty devices and can count
3491 * on memory allocations, interrupts etc..
3492 */
3493int __init tty_init(void)
3494{
3495    cdev_init(&tty_cdev, &tty_fops);
3496    if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3497        register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3498        panic("Couldn't register /dev/tty driver\n");
3499    device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty");
3500
3501    cdev_init(&console_cdev, &console_fops);
3502    if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3503        register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3504        panic("Couldn't register /dev/console driver\n");
3505    consdev = device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), NULL,
3506                  "console");
3507    if (IS_ERR(consdev))
3508        consdev = NULL;
3509    else
3510        WARN_ON(device_create_file(consdev, &dev_attr_active) < 0);
3511
3512#ifdef CONFIG_VT
3513    vty_init(&console_fops);
3514#endif
3515    return 0;
3516}
3517
3518

Archive Download this file



interactive