Kernel

Kernel Git Source Tree

Root/drivers/tty/tty_io.c

1	/*
2	* Copyright (C) 1991, 1992 Linus Torvalds
3	*/
4
5	/*
6	* 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
7	* or rs-channels. It also implements echoing, cooked mode etc.
8	*
9	* Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
10	*
11	* Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
12	* tty_struct and tty_queue structures. Previously there was an array
13	* of 256 tty_struct's which was statically allocated, and the
14	* tty_queue structures were allocated at boot time. Both are now
15	* dynamically allocated only when the tty is open.
16	*
17	* Also restructured routines so that there is more of a separation
18	* between the high-level tty routines (tty_io.c and tty_ioctl.c) and
19	* the low-level tty routines (serial.c, pty.c, console.c). This
20	* makes for cleaner and more compact code. -TYT, 9/17/92
21	*
22	* Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
23	* which can be dynamically activated and de-activated by the line
24	* discipline handling modules (like SLIP).
25	*
26	* NOTE: pay no attention to the line discipline code (yet); its
27	* interface is still subject to change in this version...
28	* -- TYT, 1/31/92
29	*
30	* Added functionality to the OPOST tty handling. No delays, but all
31	* other bits should be there.
32	* -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
33	*
34	* Rewrote canonical mode and added more termios flags.
35	* -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
36	*
37	* Reorganized FASYNC support so mouse code can share it.
38	* -- ctm@ardi.com, 9Sep95
39	*
40	* New TIOCLINUX variants added.
41	* -- mj@k332.feld.cvut.cz, 19-Nov-95
42	*
43	* Restrict vt switching via ioctl()
44	* -- grif@cs.ucr.edu, 5-Dec-95
45	*
46	* Move console and virtual terminal code to more appropriate files,
47	* implement CONFIG_VT and generalize console device interface.
48	* -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
49	*
50	* Rewrote tty_init_dev and tty_release_dev to eliminate races.
51	* -- Bill Hawes <whawes@star.net>, June 97
52	*
53	* Added devfs support.
54	* -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
55	*
56	* Added support for a Unix98-style ptmx device.
57	* -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
58	*
59	* Reduced memory usage for older ARM systems
60	* -- Russell King <rmk@arm.linux.org.uk>
61	*
62	* Move do_SAK() into process context. Less stack use in devfs functions.
63	* alloc_tty_struct() always uses kmalloc()
64	* -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
65	*/
66
67	#include <linux/types.h>
68	#include <linux/major.h>
69	#include <linux/errno.h>
70	#include <linux/signal.h>
71	#include <linux/fcntl.h>
72	#include <linux/sched.h>
73	#include <linux/interrupt.h>
74	#include <linux/tty.h>
75	#include <linux/tty_driver.h>
76	#include <linux/tty_flip.h>
77	#include <linux/devpts_fs.h>
78	#include <linux/file.h>
79	#include <linux/fdtable.h>
80	#include <linux/console.h>
81	#include <linux/timer.h>
82	#include <linux/ctype.h>
83	#include <linux/kd.h>
84	#include <linux/mm.h>
85	#include <linux/string.h>
86	#include <linux/slab.h>
87	#include <linux/poll.h>
88	#include <linux/proc_fs.h>
89	#include <linux/init.h>
90	#include <linux/module.h>
91	#include <linux/device.h>
92	#include <linux/wait.h>
93	#include <linux/bitops.h>
94	#include <linux/delay.h>
95	#include <linux/seq_file.h>
96	#include <linux/serial.h>
97	#include <linux/ratelimit.h>
98
99	#include <linux/uaccess.h>
100
101	#include <linux/kbd_kern.h>
102	#include <linux/vt_kern.h>
103	#include <linux/selection.h>
104
105	#include <linux/kmod.h>
106	#include <linux/nsproxy.h>
107
108	#undef TTY_DEBUG_HANGUP
109
110	#define TTY_PARANOIA_CHECK 1
111	#define CHECK_TTY_COUNT 1
112
113	struct ktermios tty_std_termios = { /* for the benefit of tty drivers */
114	.c_iflag = ICRNL \| IXON,
115	.c_oflag = OPOST \| ONLCR,
116	.c_cflag = B38400 \| CS8 \| CREAD \| HUPCL,
117	.c_lflag = ISIG \| ICANON \| ECHO \| ECHOE \| ECHOK \|
118	ECHOCTL \| ECHOKE \| IEXTEN,
119	.c_cc = INIT_C_CC,
120	.c_ispeed = 38400,
121	.c_ospeed = 38400
122	};
123
124	EXPORT_SYMBOL(tty_std_termios);
125
126	/* This list gets poked at by procfs and various bits of boot up code. This
127	could do with some rationalisation such as pulling the tty proc function
128	into this file */
129
130	LIST_HEAD(tty_drivers); /* linked list of tty drivers */
131
132	/* Mutex to protect creating and releasing a tty. This is shared with
133	vt.c for deeply disgusting hack reasons */
134	DEFINE_MUTEX(tty_mutex);
135	EXPORT_SYMBOL(tty_mutex);
136
137	/* Spinlock to protect the tty->tty_files list */
138	DEFINE_SPINLOCK(tty_files_lock);
139
140	static ssize_t tty_read(struct file , char __user , size_t, loff_t *);
141	static ssize_t tty_write(struct file , const char __user , size_t, loff_t *);
142	ssize_t redirected_tty_write(struct file , const char __user ,
143	size_t, loff_t *);
144	static unsigned int tty_poll(struct file , poll_table );
145	static int tty_open(struct inode , struct file );
146	long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
147	#ifdef CONFIG_COMPAT
148	static long tty_compat_ioctl(struct file *file, unsigned int cmd,
149	unsigned long arg);
150	#else
151	#define tty_compat_ioctl NULL
152	#endif
153	static int __tty_fasync(int fd, struct file *filp, int on);
154	static int tty_fasync(int fd, struct file *filp, int on);
155	static void release_tty(struct tty_struct *tty, int idx);
156	static void __proc_set_tty(struct task_struct tsk, struct tty_struct tty);
157	static void proc_set_tty(struct task_struct tsk, struct tty_struct tty);
158
159	/**
160	* alloc_tty_struct - allocate a tty object
161	*
162	* Return a new empty tty structure. The data fields have not
163	* been initialized in any way but has been zeroed
164	*
165	* Locking: none
166	*/
167
168	struct tty_struct *alloc_tty_struct(void)
169	{
170	return kzalloc(sizeof(struct tty_struct), GFP_KERNEL);
171	}
172
173	/**
174	* free_tty_struct - free a disused tty
175	* @tty: tty struct to free
176	*
177	* Free the write buffers, tty queue and tty memory itself.
178	*
179	* Locking: none. Must be called after tty is definitely unused
180	*/
181
182	void free_tty_struct(struct tty_struct *tty)
183	{
184	if (!tty)
185	return;
186	if (tty->dev)
187	put_device(tty->dev);
188	kfree(tty->write_buf);
189	tty->magic = 0xDEADDEAD;
190	kfree(tty);
191	}
192
193	static inline struct tty_struct file_tty(struct file file)
194	{
195	return ((struct tty_file_private *)file->private_data)->tty;
196	}
197
198	int tty_alloc_file(struct file *file)
199	{
200	struct tty_file_private *priv;
201
202	priv = kmalloc(sizeof(*priv), GFP_KERNEL);
203	if (!priv)
204	return -ENOMEM;
205
206	file->private_data = priv;
207
208	return 0;
209	}
210
211	/* Associate a new file with the tty structure */
212	void tty_add_file(struct tty_struct tty, struct file file)
213	{
214	struct tty_file_private *priv = file->private_data;
215
216	priv->tty = tty;
217	priv->file = file;
218
219	spin_lock(&tty_files_lock);
220	list_add(&priv->list, &tty->tty_files);
221	spin_unlock(&tty_files_lock);
222	}
223
224	/**
225	* tty_free_file - free file->private_data
226	*
227	* This shall be used only for fail path handling when tty_add_file was not
228	* called yet.
229	*/
230	void tty_free_file(struct file *file)
231	{
232	struct tty_file_private *priv = file->private_data;
233
234	file->private_data = NULL;
235	kfree(priv);
236	}
237
238	/* Delete file from its tty */
239	static void tty_del_file(struct file *file)
240	{
241	struct tty_file_private *priv = file->private_data;
242
243	spin_lock(&tty_files_lock);
244	list_del(&priv->list);
245	spin_unlock(&tty_files_lock);
246	tty_free_file(file);
247	}
248
249
250	#define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
251
252	/**
253	* tty_name - return tty naming
254	* @tty: tty structure
255	* @buf: buffer for output
256	*
257	* Convert a tty structure into a name. The name reflects the kernel
258	* naming policy and if udev is in use may not reflect user space
259	*
260	* Locking: none
261	*/
262
263	char tty_name(struct tty_struct tty, char *buf)
264	{
265	if (!tty) /* Hmm. NULL pointer. That's fun. */
266	strcpy(buf, "NULL tty");
267	else
268	strcpy(buf, tty->name);
269	return buf;
270	}
271
272	EXPORT_SYMBOL(tty_name);
273
274	int tty_paranoia_check(struct tty_struct tty, struct inode inode,
275	const char *routine)
276	{
277	#ifdef TTY_PARANOIA_CHECK
278	if (!tty) {
279	printk(KERN_WARNING
280	"null TTY for (%d:%d) in %s\n",
281	imajor(inode), iminor(inode), routine);
282	return 1;
283	}
284	if (tty->magic != TTY_MAGIC) {
285	printk(KERN_WARNING
286	"bad magic number for tty struct (%d:%d) in %s\n",
287	imajor(inode), iminor(inode), routine);
288	return 1;
289	}
290	#endif
291	return 0;
292	}
293
294	static int check_tty_count(struct tty_struct tty, const char routine)
295	{
296	#ifdef CHECK_TTY_COUNT
297	struct list_head *p;
298	int count = 0;
299
300	spin_lock(&tty_files_lock);
301	list_for_each(p, &tty->tty_files) {
302	count++;
303	}
304	spin_unlock(&tty_files_lock);
305	if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
306	tty->driver->subtype == PTY_TYPE_SLAVE &&
307	tty->link && tty->link->count)
308	count++;
309	if (tty->count != count) {
310	printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
311	"!= #fd's(%d) in %s\n",
312	tty->name, tty->count, count, routine);
313	return count;
314	}
315	#endif
316	return 0;
317	}
318
319	/**
320	* get_tty_driver - find device of a tty
321	* @dev_t: device identifier
322	* @index: returns the index of the tty
323	*
324	* This routine returns a tty driver structure, given a device number
325	* and also passes back the index number.
326	*
327	* Locking: caller must hold tty_mutex
328	*/
329
330	static struct tty_driver get_tty_driver(dev_t device, int index)
331	{
332	struct tty_driver *p;
333
334	list_for_each_entry(p, &tty_drivers, tty_drivers) {
335	dev_t base = MKDEV(p->major, p->minor_start);
336	if (device < base \|\| device >= base + p->num)
337	continue;
338	*index = device - base;
339	return tty_driver_kref_get(p);
340	}
341	return NULL;
342	}
343
344	#ifdef CONFIG_CONSOLE_POLL
345
346	/**
347	* tty_find_polling_driver - find device of a polled tty
348	* @name: name string to match
349	* @line: pointer to resulting tty line nr
350	*
351	* This routine returns a tty driver structure, given a name
352	* and the condition that the tty driver is capable of polled
353	* operation.
354	*/
355	struct tty_driver tty_find_polling_driver(char name, int *line)
356	{
357	struct tty_driver p, res = NULL;
358	int tty_line = 0;
359	int len;
360	char str, stp;
361
362	for (str = name; *str; str++)
363	if ((str >= '0' && str <= '9') \|\| *str == ',')
364	break;
365	if (!*str)
366	return NULL;
367
368	len = str - name;
369	tty_line = simple_strtoul(str, &str, 10);
370
371	mutex_lock(&tty_mutex);
372	/* Search through the tty devices to look for a match */
373	list_for_each_entry(p, &tty_drivers, tty_drivers) {
374	if (strncmp(name, p->name, len) != 0)
375	continue;
376	stp = str;
377	if (*stp == ',')
378	stp++;
379	if (*stp == '\0')
380	stp = NULL;
381
382	if (tty_line >= 0 && tty_line < p->num && p->ops &&
383	p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) {
384	res = tty_driver_kref_get(p);
385	*line = tty_line;
386	break;
387	}
388	}
389	mutex_unlock(&tty_mutex);
390
391	return res;
392	}
393	EXPORT_SYMBOL_GPL(tty_find_polling_driver);
394	#endif
395
396	/**
397	* tty_check_change - check for POSIX terminal changes
398	* @tty: tty to check
399	*
400	* If we try to write to, or set the state of, a terminal and we're
401	* not in the foreground, send a SIGTTOU. If the signal is blocked or
402	* ignored, go ahead and perform the operation. (POSIX 7.2)
403	*
404	* Locking: ctrl_lock
405	*/
406
407	int tty_check_change(struct tty_struct *tty)
408	{
409	unsigned long flags;
410	int ret = 0;
411
412	if (current->signal->tty != tty)
413	return 0;
414
415	spin_lock_irqsave(&tty->ctrl_lock, flags);
416
417	if (!tty->pgrp) {
418	printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n");
419	goto out_unlock;
420	}
421	if (task_pgrp(current) == tty->pgrp)
422	goto out_unlock;
423	spin_unlock_irqrestore(&tty->ctrl_lock, flags);
424	if (is_ignored(SIGTTOU))
425	goto out;
426	if (is_current_pgrp_orphaned()) {
427	ret = -EIO;
428	goto out;
429	}
430	kill_pgrp(task_pgrp(current), SIGTTOU, 1);
431	set_thread_flag(TIF_SIGPENDING);
432	ret = -ERESTARTSYS;
433	out:
434	return ret;
435	out_unlock:
436	spin_unlock_irqrestore(&tty->ctrl_lock, flags);
437	return ret;
438	}
439
440	EXPORT_SYMBOL(tty_check_change);
441
442	static ssize_t hung_up_tty_read(struct file file, char __user buf,
443	size_t count, loff_t *ppos)
444	{
445	return 0;
446	}
447
448	static ssize_t hung_up_tty_write(struct file file, const char __user buf,
449	size_t count, loff_t *ppos)
450	{
451	return -EIO;
452	}
453
454	/* No kernel lock held - none needed ;) */
455	static unsigned int hung_up_tty_poll(struct file filp, poll_table wait)
456	{
457	return POLLIN \| POLLOUT \| POLLERR \| POLLHUP \| POLLRDNORM \| POLLWRNORM;
458	}
459
460	static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
461	unsigned long arg)
462	{
463	return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
464	}
465
466	static long hung_up_tty_compat_ioctl(struct file *file,
467	unsigned int cmd, unsigned long arg)
468	{
469	return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
470	}
471
472	static const struct file_operations tty_fops = {
473	.llseek = no_llseek,
474	.read = tty_read,
475	.write = tty_write,
476	.poll = tty_poll,
477	.unlocked_ioctl = tty_ioctl,
478	.compat_ioctl = tty_compat_ioctl,
479	.open = tty_open,
480	.release = tty_release,
481	.fasync = tty_fasync,
482	};
483
484	static const struct file_operations console_fops = {
485	.llseek = no_llseek,
486	.read = tty_read,
487	.write = redirected_tty_write,
488	.poll = tty_poll,
489	.unlocked_ioctl = tty_ioctl,
490	.compat_ioctl = tty_compat_ioctl,
491	.open = tty_open,
492	.release = tty_release,
493	.fasync = tty_fasync,
494	};
495
496	static const struct file_operations hung_up_tty_fops = {
497	.llseek = no_llseek,
498	.read = hung_up_tty_read,
499	.write = hung_up_tty_write,
500	.poll = hung_up_tty_poll,
501	.unlocked_ioctl = hung_up_tty_ioctl,
502	.compat_ioctl = hung_up_tty_compat_ioctl,
503	.release = tty_release,
504	};
505
506	static DEFINE_SPINLOCK(redirect_lock);
507	static struct file *redirect;
508
509	/**
510	* tty_wakeup - request more data
511	* @tty: terminal
512	*
513	* Internal and external helper for wakeups of tty. This function
514	* informs the line discipline if present that the driver is ready
515	* to receive more output data.
516	*/
517
518	void tty_wakeup(struct tty_struct *tty)
519	{
520	struct tty_ldisc *ld;
521
522	if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
523	ld = tty_ldisc_ref(tty);
524	if (ld) {
525	if (ld->ops->write_wakeup)
526	ld->ops->write_wakeup(tty);
527	tty_ldisc_deref(ld);
528	}
529	}
530	wake_up_interruptible_poll(&tty->write_wait, POLLOUT);
531	}
532
533	EXPORT_SYMBOL_GPL(tty_wakeup);
534
535	/**
536	* __tty_hangup - actual handler for hangup events
537	* @work: tty device
538	*
539	* This can be called by a "kworker" kernel thread. That is process
540	* synchronous but doesn't hold any locks, so we need to make sure we
541	* have the appropriate locks for what we're doing.
542	*
543	* The hangup event clears any pending redirections onto the hung up
544	* device. It ensures future writes will error and it does the needed
545	* line discipline hangup and signal delivery. The tty object itself
546	* remains intact.
547	*
548	* Locking:
549	* BTM
550	* redirect lock for undoing redirection
551	* file list lock for manipulating list of ttys
552	* tty_ldisc_lock from called functions
553	* termios_mutex resetting termios data
554	* tasklist_lock to walk task list for hangup event
555	* ->siglock to protect ->signal/->sighand
556	*/
557	static void __tty_hangup(struct tty_struct *tty)
558	{
559	struct file *cons_filp = NULL;
560	struct file filp, f = NULL;
561	struct task_struct *p;
562	struct tty_file_private *priv;
563	int closecount = 0, n;
564	unsigned long flags;
565	int refs = 0;
566
567	if (!tty)
568	return;
569
570
571	spin_lock(&redirect_lock);
572	if (redirect && file_tty(redirect) == tty) {
573	f = redirect;
574	redirect = NULL;
575	}
576	spin_unlock(&redirect_lock);
577
578	tty_lock(tty);
579
580	/* some functions below drop BTM, so we need this bit */
581	set_bit(TTY_HUPPING, &tty->flags);
582
583	/* inuse_filps is protected by the single tty lock,
584	this really needs to change if we want to flush the
585	workqueue with the lock held */
586	check_tty_count(tty, "tty_hangup");
587
588	spin_lock(&tty_files_lock);
589	/* This breaks for file handles being sent over AF_UNIX sockets ? */
590	list_for_each_entry(priv, &tty->tty_files, list) {
591	filp = priv->file;
592	if (filp->f_op->write == redirected_tty_write)
593	cons_filp = filp;
594	if (filp->f_op->write != tty_write)
595	continue;
596	closecount++;
597	__tty_fasync(-1, filp, 0); /* can't block */
598	filp->f_op = &hung_up_tty_fops;
599	}
600	spin_unlock(&tty_files_lock);
601
602	/*
603	* it drops BTM and thus races with reopen
604	* we protect the race by TTY_HUPPING
605	*/
606	tty_ldisc_hangup(tty);
607
608	read_lock(&tasklist_lock);
609	if (tty->session) {
610	do_each_pid_task(tty->session, PIDTYPE_SID, p) {
611	spin_lock_irq(&p->sighand->siglock);
612	if (p->signal->tty == tty) {
613	p->signal->tty = NULL;
614	/* We defer the dereferences outside fo
615	the tasklist lock */
616	refs++;
617	}
618	if (!p->signal->leader) {
619	spin_unlock_irq(&p->sighand->siglock);
620	continue;
621	}
622	__group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
623	__group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
624	put_pid(p->signal->tty_old_pgrp); /* A noop */
625	spin_lock_irqsave(&tty->ctrl_lock, flags);
626	if (tty->pgrp)
627	p->signal->tty_old_pgrp = get_pid(tty->pgrp);
628	spin_unlock_irqrestore(&tty->ctrl_lock, flags);
629	spin_unlock_irq(&p->sighand->siglock);
630	} while_each_pid_task(tty->session, PIDTYPE_SID, p);
631	}
632	read_unlock(&tasklist_lock);
633
634	spin_lock_irqsave(&tty->ctrl_lock, flags);
635	clear_bit(TTY_THROTTLED, &tty->flags);
636	clear_bit(TTY_PUSH, &tty->flags);
637	clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
638	put_pid(tty->session);
639	put_pid(tty->pgrp);
640	tty->session = NULL;
641	tty->pgrp = NULL;
642	tty->ctrl_status = 0;
643	spin_unlock_irqrestore(&tty->ctrl_lock, flags);
644
645	/* Account for the p->signal references we killed */
646	while (refs--)
647	tty_kref_put(tty);
648
649	/*
650	* If one of the devices matches a console pointer, we
651	* cannot just call hangup() because that will cause
652	* tty->count and state->count to go out of sync.
653	* So we just call close() the right number of times.
654	*/
655	if (cons_filp) {
656	if (tty->ops->close)
657	for (n = 0; n < closecount; n++)
658	tty->ops->close(tty, cons_filp);
659	} else if (tty->ops->hangup)
660	(tty->ops->hangup)(tty);
661	/*
662	* We don't want to have driver/ldisc interactions beyond
663	* the ones we did here. The driver layer expects no
664	* calls after ->hangup() from the ldisc side. However we
665	* can't yet guarantee all that.
666	*/
667	set_bit(TTY_HUPPED, &tty->flags);
668	clear_bit(TTY_HUPPING, &tty->flags);
669	tty_ldisc_enable(tty);
670
671	tty_unlock(tty);
672
673	if (f)
674	fput(f);
675	}
676
677	static void do_tty_hangup(struct work_struct *work)
678	{
679	struct tty_struct *tty =
680	container_of(work, struct tty_struct, hangup_work);
681
682	__tty_hangup(tty);
683	}
684
685	/**
686	* tty_hangup - trigger a hangup event
687	* @tty: tty to hangup
688	*
689	* A carrier loss (virtual or otherwise) has occurred on this like
690	* schedule a hangup sequence to run after this event.
691	*/
692
693	void tty_hangup(struct tty_struct *tty)
694	{
695	#ifdef TTY_DEBUG_HANGUP
696	char buf[64];
697	printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
698	#endif
699	schedule_work(&tty->hangup_work);
700	}
701
702	EXPORT_SYMBOL(tty_hangup);
703
704	/**
705	* tty_vhangup - process vhangup
706	* @tty: tty to hangup
707	*
708	* The user has asked via system call for the terminal to be hung up.
709	* We do this synchronously so that when the syscall returns the process
710	* is complete. That guarantee is necessary for security reasons.
711	*/
712
713	void tty_vhangup(struct tty_struct *tty)
714	{
715	#ifdef TTY_DEBUG_HANGUP
716	char buf[64];
717
718	printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
719	#endif
720	__tty_hangup(tty);
721	}
722
723	EXPORT_SYMBOL(tty_vhangup);
724
725
726	/**
727	* tty_vhangup_self - process vhangup for own ctty
728	*
729	* Perform a vhangup on the current controlling tty
730	*/
731
732	void tty_vhangup_self(void)
733	{
734	struct tty_struct *tty;
735
736	tty = get_current_tty();
737	if (tty) {
738	tty_vhangup(tty);
739	tty_kref_put(tty);
740	}
741	}
742
743	/**
744	* tty_hung_up_p - was tty hung up
745	* @filp: file pointer of tty
746	*
747	* Return true if the tty has been subject to a vhangup or a carrier
748	* loss
749	*/
750
751	int tty_hung_up_p(struct file *filp)
752	{
753	return (filp->f_op == &hung_up_tty_fops);
754	}
755
756	EXPORT_SYMBOL(tty_hung_up_p);
757
758	static void session_clear_tty(struct pid *session)
759	{
760	struct task_struct *p;
761	do_each_pid_task(session, PIDTYPE_SID, p) {
762	proc_clear_tty(p);
763	} while_each_pid_task(session, PIDTYPE_SID, p);
764	}
765
766	/**
767	* disassociate_ctty - disconnect controlling tty
768	* @on_exit: true if exiting so need to "hang up" the session
769	*
770	* This function is typically called only by the session leader, when
771	* it wants to disassociate itself from its controlling tty.
772	*
773	* It performs the following functions:
774	* (1) Sends a SIGHUP and SIGCONT to the foreground process group
775	* (2) Clears the tty from being controlling the session
776	* (3) Clears the controlling tty for all processes in the
777	* session group.
778	*
779	* The argument on_exit is set to 1 if called when a process is
780	* exiting; it is 0 if called by the ioctl TIOCNOTTY.
781	*
782	* Locking:
783	* BTM is taken for hysterical raisins, and held when
784	* called from no_tty().
785	* tty_mutex is taken to protect tty
786	* ->siglock is taken to protect ->signal/->sighand
787	* tasklist_lock is taken to walk process list for sessions
788	* ->siglock is taken to protect ->signal/->sighand
789	*/
790
791	void disassociate_ctty(int on_exit)
792	{
793	struct tty_struct *tty;
794
795	if (!current->signal->leader)
796	return;
797
798	tty = get_current_tty();
799	if (tty) {
800	struct pid *tty_pgrp = get_pid(tty->pgrp);
801	if (on_exit) {
802	if (tty->driver->type != TTY_DRIVER_TYPE_PTY)
803	tty_vhangup(tty);
804	}
805	tty_kref_put(tty);
806	if (tty_pgrp) {
807	kill_pgrp(tty_pgrp, SIGHUP, on_exit);
808	if (!on_exit)
809	kill_pgrp(tty_pgrp, SIGCONT, on_exit);
810	put_pid(tty_pgrp);
811	}
812	} else if (on_exit) {
813	struct pid *old_pgrp;
814	spin_lock_irq(&current->sighand->siglock);
815	old_pgrp = current->signal->tty_old_pgrp;
816	current->signal->tty_old_pgrp = NULL;
817	spin_unlock_irq(&current->sighand->siglock);
818	if (old_pgrp) {
819	kill_pgrp(old_pgrp, SIGHUP, on_exit);
820	kill_pgrp(old_pgrp, SIGCONT, on_exit);
821	put_pid(old_pgrp);
822	}
823	return;
824	}
825
826	spin_lock_irq(&current->sighand->siglock);
827	put_pid(current->signal->tty_old_pgrp);
828	current->signal->tty_old_pgrp = NULL;
829	spin_unlock_irq(&current->sighand->siglock);
830
831	tty = get_current_tty();
832	if (tty) {
833	unsigned long flags;
834	spin_lock_irqsave(&tty->ctrl_lock, flags);
835	put_pid(tty->session);
836	put_pid(tty->pgrp);
837	tty->session = NULL;
838	tty->pgrp = NULL;
839	spin_unlock_irqrestore(&tty->ctrl_lock, flags);
840	tty_kref_put(tty);
841	} else {
842	#ifdef TTY_DEBUG_HANGUP
843	printk(KERN_DEBUG "error attempted to write to tty [0x%p]"
844	" = NULL", tty);
845	#endif
846	}
847
848	/* Now clear signal->tty under the lock */
849	read_lock(&tasklist_lock);
850	session_clear_tty(task_session(current));
851	read_unlock(&tasklist_lock);
852	}
853
854	/**
855	*
856	* no_tty - Ensure the current process does not have a controlling tty
857	*/
858	void no_tty(void)
859	{
860	/* FIXME: Review locking here. The tty_lock never covered any race
861	between a new association and proc_clear_tty but possible we need
862	to protect against this anyway */
863	struct task_struct *tsk = current;
864	disassociate_ctty(0);
865	proc_clear_tty(tsk);
866	}
867
868
869	/**
870	* stop_tty - propagate flow control
871	* @tty: tty to stop
872	*
873	* Perform flow control to the driver. For PTY/TTY pairs we
874	* must also propagate the TIOCKPKT status. May be called
875	* on an already stopped device and will not re-call the driver
876	* method.
877	*
878	* This functionality is used by both the line disciplines for
879	* halting incoming flow and by the driver. It may therefore be
880	* called from any context, may be under the tty atomic_write_lock
881	* but not always.
882	*
883	* Locking:
884	* Uses the tty control lock internally
885	*/
886
887	void stop_tty(struct tty_struct *tty)
888	{
889	unsigned long flags;
890	spin_lock_irqsave(&tty->ctrl_lock, flags);
891	if (tty->stopped) {
892	spin_unlock_irqrestore(&tty->ctrl_lock, flags);
893	return;
894	}
895	tty->stopped = 1;
896	if (tty->link && tty->link->packet) {
897	tty->ctrl_status &= ~TIOCPKT_START;
898	tty->ctrl_status \|= TIOCPKT_STOP;
899	wake_up_interruptible_poll(&tty->link->read_wait, POLLIN);
900	}
901	spin_unlock_irqrestore(&tty->ctrl_lock, flags);
902	if (tty->ops->stop)
903	(tty->ops->stop)(tty);
904	}
905
906	EXPORT_SYMBOL(stop_tty);
907
908	/**
909	* start_tty - propagate flow control
910	* @tty: tty to start
911	*
912	* Start a tty that has been stopped if at all possible. Perform
913	* any necessary wakeups and propagate the TIOCPKT status. If this
914	* is the tty was previous stopped and is being started then the
915	* driver start method is invoked and the line discipline woken.
916	*
917	* Locking:
918	* ctrl_lock
919	*/
920
921	void start_tty(struct tty_struct *tty)
922	{
923	unsigned long flags;
924	spin_lock_irqsave(&tty->ctrl_lock, flags);
925	if (!tty->stopped \|\| tty->flow_stopped) {
926	spin_unlock_irqrestore(&tty->ctrl_lock, flags);
927	return;
928	}
929	tty->stopped = 0;
930	if (tty->link && tty->link->packet) {
931	tty->ctrl_status &= ~TIOCPKT_STOP;
932	tty->ctrl_status \|= TIOCPKT_START;
933	wake_up_interruptible_poll(&tty->link->read_wait, POLLIN);
934	}
935	spin_unlock_irqrestore(&tty->ctrl_lock, flags);
936	if (tty->ops->start)
937	(tty->ops->start)(tty);
938	/* If we have a running line discipline it may need kicking */
939	tty_wakeup(tty);
940	}
941
942	EXPORT_SYMBOL(start_tty);
943
944	static void tty_update_time(struct timespec *time)
945	{
946	unsigned long sec = get_seconds();
947	sec -= sec % 60;
948	if ((long)(sec - time->tv_sec) > 0)
949	time->tv_sec = sec;
950	}
951
952	/**
953	* tty_read - read method for tty device files
954	* @file: pointer to tty file
955	* @buf: user buffer
956	* @count: size of user buffer
957	* @ppos: unused
958	*
959	* Perform the read system call function on this terminal device. Checks
960	* for hung up devices before calling the line discipline method.
961	*
962	* Locking:
963	* Locks the line discipline internally while needed. Multiple
964	* read calls may be outstanding in parallel.
965	*/
966
967	static ssize_t tty_read(struct file file, char __user buf, size_t count,
968	loff_t *ppos)
969	{
970	int i;
971	struct inode *inode = file_inode(file);
972	struct tty_struct *tty = file_tty(file);
973	struct tty_ldisc *ld;
974
975	if (tty_paranoia_check(tty, inode, "tty_read"))
976	return -EIO;
977	if (!tty \|\| (test_bit(TTY_IO_ERROR, &tty->flags)))
978	return -EIO;
979
980	/* We want to wait for the line discipline to sort out in this
981	situation */
982	ld = tty_ldisc_ref_wait(tty);
983	if (ld->ops->read)
984	i = (ld->ops->read)(tty, file, buf, count);
985	else
986	i = -EIO;
987	tty_ldisc_deref(ld);
988
989	if (i > 0)
990	tty_update_time(&inode->i_atime);
991
992	return i;
993	}
994
995	void tty_write_unlock(struct tty_struct *tty)
996	__releases(&tty->atomic_write_lock)
997	{
998	mutex_unlock(&tty->atomic_write_lock);
999	wake_up_interruptible_poll(&tty->write_wait, POLLOUT);
1000	}
1001
1002	int tty_write_lock(struct tty_struct *tty, int ndelay)
1003	__acquires(&tty->atomic_write_lock)
1004	{
1005	if (!mutex_trylock(&tty->atomic_write_lock)) {
1006	if (ndelay)
1007	return -EAGAIN;
1008	if (mutex_lock_interruptible(&tty->atomic_write_lock))
1009	return -ERESTARTSYS;
1010	}
1011	return 0;
1012	}
1013
1014	/*
1015	* Split writes up in sane blocksizes to avoid
1016	* denial-of-service type attacks
1017	*/
1018	static inline ssize_t do_tty_write(
1019	ssize_t (write)(struct tty_struct , struct file , const unsigned char , size_t),
1020	struct tty_struct *tty,
1021	struct file *file,
1022	const char __user *buf,
1023	size_t count)
1024	{
1025	ssize_t ret, written = 0;
1026	unsigned int chunk;
1027
1028	ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
1029	if (ret < 0)
1030	return ret;
1031
1032	/*
1033	* We chunk up writes into a temporary buffer. This
1034	* simplifies low-level drivers immensely, since they
1035	* don't have locking issues and user mode accesses.
1036	*
1037	* But if TTY_NO_WRITE_SPLIT is set, we should use a
1038	* big chunk-size..
1039	*
1040	* The default chunk-size is 2kB, because the NTTY
1041	* layer has problems with bigger chunks. It will
1042	* claim to be able to handle more characters than
1043	* it actually does.
1044	*
1045	* FIXME: This can probably go away now except that 64K chunks
1046	* are too likely to fail unless switched to vmalloc...
1047	*/
1048	chunk = 2048;
1049	if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1050	chunk = 65536;
1051	if (count < chunk)
1052	chunk = count;
1053
1054	/* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1055	if (tty->write_cnt < chunk) {
1056	unsigned char *buf_chunk;
1057
1058	if (chunk < 1024)
1059	chunk = 1024;
1060
1061	buf_chunk = kmalloc(chunk, GFP_KERNEL);
1062	if (!buf_chunk) {
1063	ret = -ENOMEM;
1064	goto out;
1065	}
1066	kfree(tty->write_buf);
1067	tty->write_cnt = chunk;
1068	tty->write_buf = buf_chunk;
1069	}
1070
1071	/* Do the write .. */
1072	for (;;) {
1073	size_t size = count;
1074	if (size > chunk)
1075	size = chunk;
1076	ret = -EFAULT;
1077	if (copy_from_user(tty->write_buf, buf, size))
1078	break;
1079	ret = write(tty, file, tty->write_buf, size);
1080	if (ret <= 0)
1081	break;
1082	written += ret;
1083	buf += ret;
1084	count -= ret;
1085	if (!count)
1086	break;
1087	ret = -ERESTARTSYS;
1088	if (signal_pending(current))
1089	break;
1090	cond_resched();
1091	}
1092	if (written) {
1093	tty_update_time(&file_inode(file)->i_mtime);
1094	ret = written;
1095	}
1096	out:
1097	tty_write_unlock(tty);
1098	return ret;
1099	}
1100
1101	/**
1102	* tty_write_message - write a message to a certain tty, not just the console.
1103	* @tty: the destination tty_struct
1104	* @msg: the message to write
1105	*
1106	* This is used for messages that need to be redirected to a specific tty.
1107	* We don't put it into the syslog queue right now maybe in the future if
1108	* really needed.
1109	*
1110	* We must still hold the BTM and test the CLOSING flag for the moment.
1111	*/
1112
1113	void tty_write_message(struct tty_struct tty, char msg)
1114	{
1115	if (tty) {
1116	mutex_lock(&tty->atomic_write_lock);
1117	tty_lock(tty);
1118	if (tty->ops->write && !test_bit(TTY_CLOSING, &tty->flags)) {
1119	tty_unlock(tty);
1120	tty->ops->write(tty, msg, strlen(msg));
1121	} else
1122	tty_unlock(tty);
1123	tty_write_unlock(tty);
1124	}
1125	return;
1126	}
1127
1128
1129	/**
1130	* tty_write - write method for tty device file
1131	* @file: tty file pointer
1132	* @buf: user data to write
1133	* @count: bytes to write
1134	* @ppos: unused
1135	*
1136	* Write data to a tty device via the line discipline.
1137	*
1138	* Locking:
1139	* Locks the line discipline as required
1140	* Writes to the tty driver are serialized by the atomic_write_lock
1141	* and are then processed in chunks to the device. The line discipline
1142	* write method will not be invoked in parallel for each device.
1143	*/
1144
1145	static ssize_t tty_write(struct file file, const char __user buf,
1146	size_t count, loff_t *ppos)
1147	{
1148	struct tty_struct *tty = file_tty(file);
1149	struct tty_ldisc *ld;
1150	ssize_t ret;
1151
1152	if (tty_paranoia_check(tty, file_inode(file), "tty_write"))
1153	return -EIO;
1154	if (!tty \|\| !tty->ops->write \|\|
1155	(test_bit(TTY_IO_ERROR, &tty->flags)))
1156	return -EIO;
1157	/* Short term debug to catch buggy drivers */
1158	if (tty->ops->write_room == NULL)
1159	printk(KERN_ERR "tty driver %s lacks a write_room method.\n",
1160	tty->driver->name);
1161	ld = tty_ldisc_ref_wait(tty);
1162	if (!ld->ops->write)
1163	ret = -EIO;
1164	else
1165	ret = do_tty_write(ld->ops->write, tty, file, buf, count);
1166	tty_ldisc_deref(ld);
1167	return ret;
1168	}
1169
1170	ssize_t redirected_tty_write(struct file file, const char __user buf,
1171	size_t count, loff_t *ppos)
1172	{
1173	struct file *p = NULL;
1174
1175	spin_lock(&redirect_lock);
1176	if (redirect)
1177	p = get_file(redirect);
1178	spin_unlock(&redirect_lock);
1179
1180	if (p) {
1181	ssize_t res;
1182	res = vfs_write(p, buf, count, &p->f_pos);
1183	fput(p);
1184	return res;
1185	}
1186	return tty_write(file, buf, count, ppos);
1187	}
1188
1189	static char ptychar[] = "pqrstuvwxyzabcde";
1190
1191	/**
1192	* pty_line_name - generate name for a pty
1193	* @driver: the tty driver in use
1194	* @index: the minor number
1195	* @p: output buffer of at least 6 bytes
1196	*
1197	* Generate a name from a driver reference and write it to the output
1198	* buffer.
1199	*
1200	* Locking: None
1201	*/
1202	static void pty_line_name(struct tty_driver driver, int index, char p)
1203	{
1204	int i = index + driver->name_base;
1205	/* ->name is initialized to "ttyp", but "tty" is expected */
1206	sprintf(p, "%s%c%x",
1207	driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1208	ptychar[i >> 4 & 0xf], i & 0xf);
1209	}
1210
1211	/**
1212	* tty_line_name - generate name for a tty
1213	* @driver: the tty driver in use
1214	* @index: the minor number
1215	* @p: output buffer of at least 7 bytes
1216	*
1217	* Generate a name from a driver reference and write it to the output
1218	* buffer.
1219	*
1220	* Locking: None
1221	*/
1222	static void tty_line_name(struct tty_driver driver, int index, char p)
1223	{
1224	if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE)
1225	strcpy(p, driver->name);
1226	else
1227	sprintf(p, "%s%d", driver->name, index + driver->name_base);
1228	}
1229
1230	/**
1231	* tty_driver_lookup_tty() - find an existing tty, if any
1232	* @driver: the driver for the tty
1233	* @idx: the minor number
1234	*
1235	* Return the tty, if found or ERR_PTR() otherwise.
1236	*
1237	* Locking: tty_mutex must be held. If tty is found, the mutex must
1238	* be held until the 'fast-open' is also done. Will change once we
1239	* have refcounting in the driver and per driver locking
1240	*/
1241	static struct tty_struct tty_driver_lookup_tty(struct tty_driver driver,
1242	struct inode *inode, int idx)
1243	{
1244	if (driver->ops->lookup)
1245	return driver->ops->lookup(driver, inode, idx);
1246
1247	return driver->ttys[idx];
1248	}
1249
1250	/**
1251	* tty_init_termios - helper for termios setup
1252	* @tty: the tty to set up
1253	*
1254	* Initialise the termios structures for this tty. Thus runs under
1255	* the tty_mutex currently so we can be relaxed about ordering.
1256	*/
1257
1258	int tty_init_termios(struct tty_struct *tty)
1259	{
1260	struct ktermios *tp;
1261	int idx = tty->index;
1262
1263	if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1264	tty->termios = tty->driver->init_termios;
1265	else {
1266	/* Check for lazy saved data */
1267	tp = tty->driver->termios[idx];
1268	if (tp != NULL)
1269	tty->termios = *tp;
1270	else
1271	tty->termios = tty->driver->init_termios;
1272	}
1273	/* Compatibility until drivers always set this */
1274	tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios);
1275	tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios);
1276	return 0;
1277	}
1278	EXPORT_SYMBOL_GPL(tty_init_termios);
1279
1280	int tty_standard_install(struct tty_driver driver, struct tty_struct tty)
1281	{
1282	int ret = tty_init_termios(tty);
1283	if (ret)
1284	return ret;
1285
1286	tty_driver_kref_get(driver);
1287	tty->count++;
1288	driver->ttys[tty->index] = tty;
1289	return 0;
1290	}
1291	EXPORT_SYMBOL_GPL(tty_standard_install);
1292
1293	/**
1294	* tty_driver_install_tty() - install a tty entry in the driver
1295	* @driver: the driver for the tty
1296	* @tty: the tty
1297	*
1298	* Install a tty object into the driver tables. The tty->index field
1299	* will be set by the time this is called. This method is responsible
1300	* for ensuring any need additional structures are allocated and
1301	* configured.
1302	*
1303	* Locking: tty_mutex for now
1304	*/
1305	static int tty_driver_install_tty(struct tty_driver *driver,
1306	struct tty_struct *tty)
1307	{
1308	return driver->ops->install ? driver->ops->install(driver, tty) :
1309	tty_standard_install(driver, tty);
1310	}
1311
1312	/**
1313	* tty_driver_remove_tty() - remove a tty from the driver tables
1314	* @driver: the driver for the tty
1315	* @idx: the minor number
1316	*
1317	* Remvoe a tty object from the driver tables. The tty->index field
1318	* will be set by the time this is called.
1319	*
1320	* Locking: tty_mutex for now
1321	*/
1322	void tty_driver_remove_tty(struct tty_driver driver, struct tty_struct tty)
1323	{
1324	if (driver->ops->remove)
1325	driver->ops->remove(driver, tty);
1326	else
1327	driver->ttys[tty->index] = NULL;
1328	}
1329
1330	/*
1331	* tty_reopen() - fast re-open of an open tty
1332	* @tty - the tty to open
1333	*
1334	* Return 0 on success, -errno on error.
1335	*
1336	* Locking: tty_mutex must be held from the time the tty was found
1337	* till this open completes.
1338	*/
1339	static int tty_reopen(struct tty_struct *tty)
1340	{
1341	struct tty_driver *driver = tty->driver;
1342
1343	if (test_bit(TTY_CLOSING, &tty->flags) \|\|
1344	test_bit(TTY_HUPPING, &tty->flags) \|\|
1345	test_bit(TTY_LDISC_CHANGING, &tty->flags))
1346	return -EIO;
1347
1348	if (driver->type == TTY_DRIVER_TYPE_PTY &&
1349	driver->subtype == PTY_TYPE_MASTER) {
1350	/*
1351	* special case for PTY masters: only one open permitted,
1352	* and the slave side open count is incremented as well.
1353	*/
1354	if (tty->count)
1355	return -EIO;
1356
1357	tty->link->count++;
1358	}
1359	tty->count++;
1360
1361	mutex_lock(&tty->ldisc_mutex);
1362	WARN_ON(!test_bit(TTY_LDISC, &tty->flags));
1363	mutex_unlock(&tty->ldisc_mutex);
1364
1365	return 0;
1366	}
1367
1368	/**
1369	* tty_init_dev - initialise a tty device
1370	* @driver: tty driver we are opening a device on
1371	* @idx: device index
1372	* @ret_tty: returned tty structure
1373	*
1374	* Prepare a tty device. This may not be a "new" clean device but
1375	* could also be an active device. The pty drivers require special
1376	* handling because of this.
1377	*
1378	* Locking:
1379	* The function is called under the tty_mutex, which
1380	* protects us from the tty struct or driver itself going away.
1381	*
1382	* On exit the tty device has the line discipline attached and
1383	* a reference count of 1. If a pair was created for pty/tty use
1384	* and the other was a pty master then it too has a reference count of 1.
1385	*
1386	* WSH 06/09/97: Rewritten to remove races and properly clean up after a
1387	* failed open. The new code protects the open with a mutex, so it's
1388	* really quite straightforward. The mutex locking can probably be
1389	* relaxed for the (most common) case of reopening a tty.
1390	*/
1391
1392	struct tty_struct tty_init_dev(struct tty_driver driver, int idx)
1393	{
1394	struct tty_struct *tty;
1395	int retval;
1396
1397	/*
1398	* First time open is complex, especially for PTY devices.
1399	* This code guarantees that either everything succeeds and the
1400	* TTY is ready for operation, or else the table slots are vacated
1401	* and the allocated memory released. (Except that the termios
1402	* and locked termios may be retained.)
1403	*/
1404
1405	if (!try_module_get(driver->owner))
1406	return ERR_PTR(-ENODEV);
1407
1408	tty = alloc_tty_struct();
1409	if (!tty) {
1410	retval = -ENOMEM;
1411	goto err_module_put;
1412	}
1413	initialize_tty_struct(tty, driver, idx);
1414
1415	tty_lock(tty);
1416	retval = tty_driver_install_tty(driver, tty);
1417	if (retval < 0)
1418	goto err_deinit_tty;
1419
1420	if (!tty->port)
1421	tty->port = driver->ports[idx];
1422
1423	WARN_RATELIMIT(!tty->port,
1424	"%s: %s driver does not set tty->port. This will crash the kernel later. Fix the driver!\n",
1425	__func__, tty->driver->name);
1426
1427	tty->port->itty = tty;
1428
1429	/*
1430	* Structures all installed ... call the ldisc open routines.
1431	* If we fail here just call release_tty to clean up. No need
1432	* to decrement the use counts, as release_tty doesn't care.
1433	*/
1434	retval = tty_ldisc_setup(tty, tty->link);
1435	if (retval)
1436	goto err_release_tty;
1437	/* Return the tty locked so that it cannot vanish under the caller */
1438	return tty;
1439
1440	err_deinit_tty:
1441	tty_unlock(tty);
1442	deinitialize_tty_struct(tty);
1443	free_tty_struct(tty);
1444	err_module_put:
1445	module_put(driver->owner);
1446	return ERR_PTR(retval);
1447
1448	/* call the tty release_tty routine to clean out this slot */
1449	err_release_tty:
1450	tty_unlock(tty);
1451	printk_ratelimited(KERN_INFO "tty_init_dev: ldisc open failed, "
1452	"clearing slot %d\n", idx);
1453	release_tty(tty, idx);
1454	return ERR_PTR(retval);
1455	}
1456
1457	void tty_free_termios(struct tty_struct *tty)
1458	{
1459	struct ktermios *tp;
1460	int idx = tty->index;
1461
1462	/* If the port is going to reset then it has no termios to save */
1463	if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1464	return;
1465
1466	/* Stash the termios data */
1467	tp = tty->driver->termios[idx];
1468	if (tp == NULL) {
1469	tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
1470	if (tp == NULL) {
1471	pr_warn("tty: no memory to save termios state.\n");
1472	return;
1473	}
1474	tty->driver->termios[idx] = tp;
1475	}
1476	*tp = tty->termios;
1477	}
1478	EXPORT_SYMBOL(tty_free_termios);
1479
1480
1481	/**
1482	* release_one_tty - release tty structure memory
1483	* @kref: kref of tty we are obliterating
1484	*
1485	* Releases memory associated with a tty structure, and clears out the
1486	* driver table slots. This function is called when a device is no longer
1487	* in use. It also gets called when setup of a device fails.
1488	*
1489	* Locking:
1490	* takes the file list lock internally when working on the list
1491	* of ttys that the driver keeps.
1492	*
1493	* This method gets called from a work queue so that the driver private
1494	* cleanup ops can sleep (needed for USB at least)
1495	*/
1496	static void release_one_tty(struct work_struct *work)
1497	{
1498	struct tty_struct *tty =
1499	container_of(work, struct tty_struct, hangup_work);
1500	struct tty_driver *driver = tty->driver;
1501
1502	if (tty->ops->cleanup)
1503	tty->ops->cleanup(tty);
1504
1505	tty->magic = 0;
1506	tty_driver_kref_put(driver);
1507	module_put(driver->owner);
1508
1509	spin_lock(&tty_files_lock);
1510	list_del_init(&tty->tty_files);
1511	spin_unlock(&tty_files_lock);
1512
1513	put_pid(tty->pgrp);
1514	put_pid(tty->session);
1515	free_tty_struct(tty);
1516	}
1517
1518	static void queue_release_one_tty(struct kref *kref)
1519	{
1520	struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
1521
1522	/* The hangup queue is now free so we can reuse it rather than
1523	waste a chunk of memory for each port */
1524	INIT_WORK(&tty->hangup_work, release_one_tty);
1525	schedule_work(&tty->hangup_work);
1526	}
1527
1528	/**
1529	* tty_kref_put - release a tty kref
1530	* @tty: tty device
1531	*
1532	* Release a reference to a tty device and if need be let the kref
1533	* layer destruct the object for us
1534	*/
1535
1536	void tty_kref_put(struct tty_struct *tty)
1537	{
1538	if (tty)
1539	kref_put(&tty->kref, queue_release_one_tty);
1540	}
1541	EXPORT_SYMBOL(tty_kref_put);
1542
1543	/**
1544	* release_tty - release tty structure memory
1545	*
1546	* Release both @tty and a possible linked partner (think pty pair),
1547	* and decrement the refcount of the backing module.
1548	*
1549	* Locking:
1550	* tty_mutex
1551	* takes the file list lock internally when working on the list
1552	* of ttys that the driver keeps.
1553	*
1554	*/
1555	static void release_tty(struct tty_struct *tty, int idx)
1556	{
1557	/* This should always be true but check for the moment */
1558	WARN_ON(tty->index != idx);
1559	WARN_ON(!mutex_is_locked(&tty_mutex));
1560	if (tty->ops->shutdown)
1561	tty->ops->shutdown(tty);
1562	tty_free_termios(tty);
1563	tty_driver_remove_tty(tty->driver, tty);
1564	tty->port->itty = NULL;
1565
1566	if (tty->link)
1567	tty_kref_put(tty->link);
1568	tty_kref_put(tty);
1569	}
1570
1571	/**
1572	* tty_release_checks - check a tty before real release
1573	* @tty: tty to check
1574	* @o_tty: link of @tty (if any)
1575	* @idx: index of the tty
1576	*
1577	* Performs some paranoid checking before true release of the @tty.
1578	* This is a no-op unless TTY_PARANOIA_CHECK is defined.
1579	*/
1580	static int tty_release_checks(struct tty_struct tty, struct tty_struct o_tty,
1581	int idx)
1582	{
1583	#ifdef TTY_PARANOIA_CHECK
1584	if (idx < 0 \|\| idx >= tty->driver->num) {
1585	printk(KERN_DEBUG "%s: bad idx when trying to free (%s)\n",
1586	__func__, tty->name);
1587	return -1;
1588	}
1589
1590	/* not much to check for devpts */
1591	if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)
1592	return 0;
1593
1594	if (tty != tty->driver->ttys[idx]) {
1595	printk(KERN_DEBUG "%s: driver.table[%d] not tty for (%s)\n",
1596	__func__, idx, tty->name);
1597	return -1;
1598	}
1599	if (tty->driver->other) {
1600	if (o_tty != tty->driver->other->ttys[idx]) {
1601	printk(KERN_DEBUG "%s: other->table[%d] not o_tty for (%s)\n",
1602	__func__, idx, tty->name);
1603	return -1;
1604	}
1605	if (o_tty->link != tty) {
1606	printk(KERN_DEBUG "%s: bad pty pointers\n", __func__);
1607	return -1;
1608	}
1609	}
1610	#endif
1611	return 0;
1612	}
1613
1614	/**
1615	* tty_release - vfs callback for close
1616	* @inode: inode of tty
1617	* @filp: file pointer for handle to tty
1618	*
1619	* Called the last time each file handle is closed that references
1620	* this tty. There may however be several such references.
1621	*
1622	* Locking:
1623	* Takes bkl. See tty_release_dev
1624	*
1625	* Even releasing the tty structures is a tricky business.. We have
1626	* to be very careful that the structures are all released at the
1627	* same time, as interrupts might otherwise get the wrong pointers.
1628	*
1629	* WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1630	* lead to double frees or releasing memory still in use.
1631	*/
1632
1633	int tty_release(struct inode inode, struct file filp)
1634	{
1635	struct tty_struct *tty = file_tty(filp);
1636	struct tty_struct *o_tty;
1637	int pty_master, tty_closing, o_tty_closing, do_sleep;
1638	int idx;
1639	char buf[64];
1640
1641	if (tty_paranoia_check(tty, inode, __func__))
1642	return 0;
1643
1644	tty_lock(tty);
1645	check_tty_count(tty, __func__);
1646
1647	__tty_fasync(-1, filp, 0);
1648
1649	idx = tty->index;
1650	pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1651	tty->driver->subtype == PTY_TYPE_MASTER);
1652	/* Review: parallel close */
1653	o_tty = tty->link;
1654
1655	if (tty_release_checks(tty, o_tty, idx)) {
1656	tty_unlock(tty);
1657	return 0;
1658	}
1659
1660	#ifdef TTY_DEBUG_HANGUP
1661	printk(KERN_DEBUG "%s: %s (tty count=%d)...\n", __func__,
1662	tty_name(tty, buf), tty->count);
1663	#endif
1664
1665	if (tty->ops->close)
1666	tty->ops->close(tty, filp);
1667
1668	tty_unlock(tty);
1669	/*
1670	* Sanity check: if tty->count is going to zero, there shouldn't be
1671	* any waiters on tty->read_wait or tty->write_wait. We test the
1672	* wait queues and kick everyone out _before_ actually starting to
1673	* close. This ensures that we won't block while releasing the tty
1674	* structure.
1675	*
1676	* The test for the o_tty closing is necessary, since the master and
1677	* slave sides may close in any order. If the slave side closes out
1678	* first, its count will be one, since the master side holds an open.
1679	* Thus this test wouldn't be triggered at the time the slave closes,
1680	* so we do it now.
1681	*
1682	* Note that it's possible for the tty to be opened again while we're
1683	* flushing out waiters. By recalculating the closing flags before
1684	* each iteration we avoid any problems.
1685	*/
1686	while (1) {
1687	/* Guard against races with tty->count changes elsewhere and
1688	opens on /dev/tty */
1689
1690	mutex_lock(&tty_mutex);
1691	tty_lock_pair(tty, o_tty);
1692	tty_closing = tty->count <= 1;
1693	o_tty_closing = o_tty &&
1694	(o_tty->count <= (pty_master ? 1 : 0));
1695	do_sleep = 0;
1696
1697	if (tty_closing) {
1698	if (waitqueue_active(&tty->read_wait)) {
1699	wake_up_poll(&tty->read_wait, POLLIN);
1700	do_sleep++;
1701	}
1702	if (waitqueue_active(&tty->write_wait)) {
1703	wake_up_poll(&tty->write_wait, POLLOUT);
1704	do_sleep++;
1705	}
1706	}
1707	if (o_tty_closing) {
1708	if (waitqueue_active(&o_tty->read_wait)) {
1709	wake_up_poll(&o_tty->read_wait, POLLIN);
1710	do_sleep++;
1711	}
1712	if (waitqueue_active(&o_tty->write_wait)) {
1713	wake_up_poll(&o_tty->write_wait, POLLOUT);
1714	do_sleep++;
1715	}
1716	}
1717	if (!do_sleep)
1718	break;
1719
1720	printk(KERN_WARNING "%s: %s: read/write wait queue active!\n",
1721	__func__, tty_name(tty, buf));
1722	tty_unlock_pair(tty, o_tty);
1723	mutex_unlock(&tty_mutex);
1724	schedule();
1725	}
1726
1727	/*
1728	* The closing flags are now consistent with the open counts on
1729	* both sides, and we've completed the last operation that could
1730	* block, so it's safe to proceed with closing.
1731	*
1732	* We must not drop the tty_mutex until we ensure that a further
1733	* entry into tty_open can not pick up this tty.
1734	*/
1735	if (pty_master) {
1736	if (--o_tty->count < 0) {
1737	printk(KERN_WARNING "%s: bad pty slave count (%d) for %s\n",
1738	__func__, o_tty->count, tty_name(o_tty, buf));
1739	o_tty->count = 0;
1740	}
1741	}
1742	if (--tty->count < 0) {
1743	printk(KERN_WARNING "%s: bad tty->count (%d) for %s\n",
1744	__func__, tty->count, tty_name(tty, buf));
1745	tty->count = 0;
1746	}
1747
1748	/*
1749	* We've decremented tty->count, so we need to remove this file
1750	* descriptor off the tty->tty_files list; this serves two
1751	* purposes:
1752	* - check_tty_count sees the correct number of file descriptors
1753	* associated with this tty.
1754	* - do_tty_hangup no longer sees this file descriptor as
1755	* something that needs to be handled for hangups.
1756	*/
1757	tty_del_file(filp);
1758
1759	/*
1760	* Perform some housekeeping before deciding whether to return.
1761	*
1762	* Set the TTY_CLOSING flag if this was the last open. In the
1763	* case of a pty we may have to wait around for the other side
1764	* to close, and TTY_CLOSING makes sure we can't be reopened.
1765	*/
1766	if (tty_closing)
1767	set_bit(TTY_CLOSING, &tty->flags);
1768	if (o_tty_closing)
1769	set_bit(TTY_CLOSING, &o_tty->flags);
1770
1771	/*
1772	* If _either_ side is closing, make sure there aren't any
1773	* processes that still think tty or o_tty is their controlling
1774	* tty.
1775	*/
1776	if (tty_closing \|\| o_tty_closing) {
1777	read_lock(&tasklist_lock);
1778	session_clear_tty(tty->session);
1779	if (o_tty)
1780	session_clear_tty(o_tty->session);
1781	read_unlock(&tasklist_lock);
1782	}
1783
1784	mutex_unlock(&tty_mutex);
1785	tty_unlock_pair(tty, o_tty);
1786	/* At this point the TTY_CLOSING flag should ensure a dead tty
1787	cannot be re-opened by a racing opener */
1788
1789	/* check whether both sides are closing ... */
1790	if (!tty_closing \|\| (o_tty && !o_tty_closing))
1791	return 0;
1792
1793	#ifdef TTY_DEBUG_HANGUP
1794	printk(KERN_DEBUG "%s: freeing tty structure...\n", __func__);
1795	#endif
1796	/*
1797	* Ask the line discipline code to release its structures
1798	*/
1799	tty_ldisc_release(tty, o_tty);
1800	/*
1801	* The release_tty function takes care of the details of clearing
1802	* the slots and preserving the termios structure. The tty_unlock_pair
1803	* should be safe as we keep a kref while the tty is locked (so the
1804	* unlock never unlocks a freed tty).
1805	*/
1806	mutex_lock(&tty_mutex);
1807	release_tty(tty, idx);
1808	mutex_unlock(&tty_mutex);
1809
1810	return 0;
1811	}
1812
1813	/**
1814	* tty_open_current_tty - get tty of current task for open
1815	* @device: device number
1816	* @filp: file pointer to tty
1817	* @return: tty of the current task iff @device is /dev/tty
1818	*
1819	* We cannot return driver and index like for the other nodes because
1820	* devpts will not work then. It expects inodes to be from devpts FS.
1821	*
1822	* We need to move to returning a refcounted object from all the lookup
1823	* paths including this one.
1824	*/
1825	static struct tty_struct tty_open_current_tty(dev_t device, struct file filp)
1826	{
1827	struct tty_struct *tty;
1828
1829	if (device != MKDEV(TTYAUX_MAJOR, 0))
1830	return NULL;
1831
1832	tty = get_current_tty();
1833	if (!tty)
1834	return ERR_PTR(-ENXIO);
1835
1836	filp->f_flags \|= O_NONBLOCK; /* Don't let /dev/tty block */
1837	/* noctty = 1; */
1838	tty_kref_put(tty);
1839	/* FIXME: we put a reference and return a TTY! */
1840	/* This is only safe because the caller holds tty_mutex */
1841	return tty;
1842	}
1843
1844	/**
1845	* tty_lookup_driver - lookup a tty driver for a given device file
1846	* @device: device number
1847	* @filp: file pointer to tty
1848	* @noctty: set if the device should not become a controlling tty
1849	* @index: index for the device in the @return driver
1850	* @return: driver for this inode (with increased refcount)
1851	*
1852	* If @return is not erroneous, the caller is responsible to decrement the
1853	* refcount by tty_driver_kref_put.
1854	*
1855	* Locking: tty_mutex protects get_tty_driver
1856	*/
1857	static struct tty_driver tty_lookup_driver(dev_t device, struct file filp,
1858	int noctty, int index)
1859	{
1860	struct tty_driver *driver;
1861
1862	switch (device) {
1863	#ifdef CONFIG_VT
1864	case MKDEV(TTY_MAJOR, 0): {
1865	extern struct tty_driver *console_driver;
1866	driver = tty_driver_kref_get(console_driver);
1867	*index = fg_console;
1868	*noctty = 1;
1869	break;
1870	}
1871	#endif
1872	case MKDEV(TTYAUX_MAJOR, 1): {
1873	struct tty_driver *console_driver = console_device(index);
1874	if (console_driver) {
1875	driver = tty_driver_kref_get(console_driver);
1876	if (driver) {
1877	/* Don't let /dev/console block */
1878	filp->f_flags \|= O_NONBLOCK;
1879	*noctty = 1;
1880	break;
1881	}
1882	}
1883	return ERR_PTR(-ENODEV);
1884	}
1885	default:
1886	driver = get_tty_driver(device, index);
1887	if (!driver)
1888	return ERR_PTR(-ENODEV);
1889	break;
1890	}
1891	return driver;
1892	}
1893
1894	/**
1895	* tty_open - open a tty device
1896	* @inode: inode of device file
1897	* @filp: file pointer to tty
1898	*
1899	* tty_open and tty_release keep up the tty count that contains the
1900	* number of opens done on a tty. We cannot use the inode-count, as
1901	* different inodes might point to the same tty.
1902	*
1903	* Open-counting is needed for pty masters, as well as for keeping
1904	* track of serial lines: DTR is dropped when the last close happens.
1905	* (This is not done solely through tty->count, now. - Ted 1/27/92)
1906	*
1907	* The termios state of a pty is reset on first open so that
1908	* settings don't persist across reuse.
1909	*
1910	* Locking: tty_mutex protects tty, tty_lookup_driver and tty_init_dev.
1911	* tty->count should protect the rest.
1912	* ->siglock protects ->signal/->sighand
1913	*
1914	* Note: the tty_unlock/lock cases without a ref are only safe due to
1915	* tty_mutex
1916	*/
1917
1918	static int tty_open(struct inode inode, struct file filp)
1919	{
1920	struct tty_struct *tty;
1921	int noctty, retval;
1922	struct tty_driver *driver = NULL;
1923	int index;
1924	dev_t device = inode->i_rdev;
1925	unsigned saved_flags = filp->f_flags;
1926
1927	nonseekable_open(inode, filp);
1928
1929	retry_open:
1930	retval = tty_alloc_file(filp);
1931	if (retval)
1932	return -ENOMEM;
1933
1934	noctty = filp->f_flags & O_NOCTTY;
1935	index = -1;
1936	retval = 0;
1937
1938	mutex_lock(&tty_mutex);
1939	/* This is protected by the tty_mutex */
1940	tty = tty_open_current_tty(device, filp);
1941	if (IS_ERR(tty)) {
1942	retval = PTR_ERR(tty);
1943	goto err_unlock;
1944	} else if (!tty) {
1945	driver = tty_lookup_driver(device, filp, &noctty, &index);
1946	if (IS_ERR(driver)) {
1947	retval = PTR_ERR(driver);
1948	goto err_unlock;
1949	}
1950
1951	/* check whether we're reopening an existing tty */
1952	tty = tty_driver_lookup_tty(driver, inode, index);
1953	if (IS_ERR(tty)) {
1954	retval = PTR_ERR(tty);
1955	goto err_unlock;
1956	}
1957	}
1958
1959	if (tty) {
1960	tty_lock(tty);
1961	retval = tty_reopen(tty);
1962	if (retval < 0) {
1963	tty_unlock(tty);
1964	tty = ERR_PTR(retval);
1965	}
1966	} else /* Returns with the tty_lock held for now */
1967	tty = tty_init_dev(driver, index);
1968
1969	mutex_unlock(&tty_mutex);
1970	if (driver)
1971	tty_driver_kref_put(driver);
1972	if (IS_ERR(tty)) {
1973	retval = PTR_ERR(tty);
1974	goto err_file;
1975	}
1976
1977	tty_add_file(tty, filp);
1978
1979	check_tty_count(tty, __func__);
1980	if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1981	tty->driver->subtype == PTY_TYPE_MASTER)
1982	noctty = 1;
1983	#ifdef TTY_DEBUG_HANGUP
1984	printk(KERN_DEBUG "%s: opening %s...\n", __func__, tty->name);
1985	#endif
1986	if (tty->ops->open)
1987	retval = tty->ops->open(tty, filp);
1988	else
1989	retval = -ENODEV;
1990	filp->f_flags = saved_flags;
1991
1992	if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) &&
1993	!capable(CAP_SYS_ADMIN))
1994	retval = -EBUSY;
1995
1996	if (retval) {
1997	#ifdef TTY_DEBUG_HANGUP
1998	printk(KERN_DEBUG "%s: error %d in opening %s...\n", __func__,
1999	retval, tty->name);
2000	#endif
2001	tty_unlock(tty); /* need to call tty_release without BTM */
2002	tty_release(inode, filp);
2003	if (retval != -ERESTARTSYS)
2004	return retval;
2005
2006	if (signal_pending(current))
2007	return retval;
2008
2009	schedule();
2010	/*
2011	* Need to reset f_op in case a hangup happened.
2012	*/
2013	if (filp->f_op == &hung_up_tty_fops)
2014	filp->f_op = &tty_fops;
2015	goto retry_open;
2016	}
2017	tty_unlock(tty);
2018
2019
2020	mutex_lock(&tty_mutex);
2021	tty_lock(tty);
2022	spin_lock_irq(&current->sighand->siglock);
2023	if (!noctty &&
2024	current->signal->leader &&
2025	!current->signal->tty &&
2026	tty->session == NULL)
2027	__proc_set_tty(current, tty);
2028	spin_unlock_irq(&current->sighand->siglock);
2029	tty_unlock(tty);
2030	mutex_unlock(&tty_mutex);
2031	return 0;
2032	err_unlock:
2033	mutex_unlock(&tty_mutex);
2034	/* after locks to avoid deadlock */
2035	if (!IS_ERR_OR_NULL(driver))
2036	tty_driver_kref_put(driver);
2037	err_file:
2038	tty_free_file(filp);
2039	return retval;
2040	}
2041
2042
2043
2044	/**
2045	* tty_poll - check tty status
2046	* @filp: file being polled
2047	* @wait: poll wait structures to update
2048	*
2049	* Call the line discipline polling method to obtain the poll
2050	* status of the device.
2051	*
2052	* Locking: locks called line discipline but ldisc poll method
2053	* may be re-entered freely by other callers.
2054	*/
2055
2056	static unsigned int tty_poll(struct file filp, poll_table wait)
2057	{
2058	struct tty_struct *tty = file_tty(filp);
2059	struct tty_ldisc *ld;
2060	int ret = 0;
2061
2062	if (tty_paranoia_check(tty, file_inode(filp), "tty_poll"))
2063	return 0;
2064
2065	ld = tty_ldisc_ref_wait(tty);
2066	if (ld->ops->poll)
2067	ret = (ld->ops->poll)(tty, filp, wait);
2068	tty_ldisc_deref(ld);
2069	return ret;
2070	}
2071
2072	static int __tty_fasync(int fd, struct file *filp, int on)
2073	{
2074	struct tty_struct *tty = file_tty(filp);
2075	unsigned long flags;
2076	int retval = 0;
2077
2078	if (tty_paranoia_check(tty, file_inode(filp), "tty_fasync"))
2079	goto out;
2080
2081	retval = fasync_helper(fd, filp, on, &tty->fasync);
2082	if (retval <= 0)
2083	goto out;
2084
2085	if (on) {
2086	enum pid_type type;
2087	struct pid *pid;
2088	if (!waitqueue_active(&tty->read_wait))
2089	tty->minimum_to_wake = 1;
2090	spin_lock_irqsave(&tty->ctrl_lock, flags);
2091	if (tty->pgrp) {
2092	pid = tty->pgrp;
2093	type = PIDTYPE_PGID;
2094	} else {
2095	pid = task_pid(current);
2096	type = PIDTYPE_PID;
2097	}
2098	get_pid(pid);
2099	spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2100	retval = __f_setown(filp, pid, type, 0);
2101	put_pid(pid);
2102	if (retval)
2103	goto out;
2104	} else {
2105	if (!tty->fasync && !waitqueue_active(&tty->read_wait))
2106	tty->minimum_to_wake = N_TTY_BUF_SIZE;
2107	}
2108	retval = 0;
2109	out:
2110	return retval;
2111	}
2112
2113	static int tty_fasync(int fd, struct file *filp, int on)
2114	{
2115	struct tty_struct *tty = file_tty(filp);
2116	int retval;
2117
2118	tty_lock(tty);
2119	retval = __tty_fasync(fd, filp, on);
2120	tty_unlock(tty);
2121
2122	return retval;
2123	}
2124
2125	/**
2126	* tiocsti - fake input character
2127	* @tty: tty to fake input into
2128	* @p: pointer to character
2129	*
2130	* Fake input to a tty device. Does the necessary locking and
2131	* input management.
2132	*
2133	* FIXME: does not honour flow control ??
2134	*
2135	* Locking:
2136	* Called functions take tty_ldisc_lock
2137	* current->signal->tty check is safe without locks
2138	*
2139	* FIXME: may race normal receive processing
2140	*/
2141
2142	static int tiocsti(struct tty_struct tty, char __user p)
2143	{
2144	char ch, mbz = 0;
2145	struct tty_ldisc *ld;
2146
2147	if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2148	return -EPERM;
2149	if (get_user(ch, p))
2150	return -EFAULT;
2151	tty_audit_tiocsti(tty, ch);
2152	ld = tty_ldisc_ref_wait(tty);
2153	ld->ops->receive_buf(tty, &ch, &mbz, 1);
2154	tty_ldisc_deref(ld);
2155	return 0;
2156	}
2157
2158	/**
2159	* tiocgwinsz - implement window query ioctl
2160	* @tty; tty
2161	* @arg: user buffer for result
2162	*
2163	* Copies the kernel idea of the window size into the user buffer.
2164	*
2165	* Locking: tty->termios_mutex is taken to ensure the winsize data
2166	* is consistent.
2167	*/
2168
2169	static int tiocgwinsz(struct tty_struct tty, struct winsize __user arg)
2170	{
2171	int err;
2172
2173	mutex_lock(&tty->termios_mutex);
2174	err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2175	mutex_unlock(&tty->termios_mutex);
2176
2177	return err ? -EFAULT: 0;
2178	}
2179
2180	/**
2181	* tty_do_resize - resize event
2182	* @tty: tty being resized
2183	* @rows: rows (character)
2184	* @cols: cols (character)
2185	*
2186	* Update the termios variables and send the necessary signals to
2187	* peform a terminal resize correctly
2188	*/
2189
2190	int tty_do_resize(struct tty_struct tty, struct winsize ws)
2191	{
2192	struct pid *pgrp;
2193	unsigned long flags;
2194
2195	/* Lock the tty */
2196	mutex_lock(&tty->termios_mutex);
2197	if (!memcmp(ws, &tty->winsize, sizeof(*ws)))
2198	goto done;
2199	/* Get the PID values and reference them so we can
2200	avoid holding the tty ctrl lock while sending signals */
2201	spin_lock_irqsave(&tty->ctrl_lock, flags);
2202	pgrp = get_pid(tty->pgrp);
2203	spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2204
2205	if (pgrp)
2206	kill_pgrp(pgrp, SIGWINCH, 1);
2207	put_pid(pgrp);
2208
2209	tty->winsize = *ws;
2210	done:
2211	mutex_unlock(&tty->termios_mutex);
2212	return 0;
2213	}
2214	EXPORT_SYMBOL(tty_do_resize);
2215
2216	/**
2217	* tiocswinsz - implement window size set ioctl
2218	* @tty; tty side of tty
2219	* @arg: user buffer for result
2220	*
2221	* Copies the user idea of the window size to the kernel. Traditionally
2222	* this is just advisory information but for the Linux console it
2223	* actually has driver level meaning and triggers a VC resize.
2224	*
2225	* Locking:
2226	* Driver dependent. The default do_resize method takes the
2227	* tty termios mutex and ctrl_lock. The console takes its own lock
2228	* then calls into the default method.
2229	*/
2230
2231	static int tiocswinsz(struct tty_struct tty, struct winsize __user arg)
2232	{
2233	struct winsize tmp_ws;
2234	if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2235	return -EFAULT;
2236
2237	if (tty->ops->resize)
2238	return tty->ops->resize(tty, &tmp_ws);
2239	else
2240	return tty_do_resize(tty, &tmp_ws);
2241	}
2242
2243	/**
2244	* tioccons - allow admin to move logical console
2245	* @file: the file to become console
2246	*
2247	* Allow the administrator to move the redirected console device
2248	*
2249	* Locking: uses redirect_lock to guard the redirect information
2250	*/
2251
2252	static int tioccons(struct file *file)
2253	{
2254	if (!capable(CAP_SYS_ADMIN))
2255	return -EPERM;
2256	if (file->f_op->write == redirected_tty_write) {
2257	struct file *f;
2258	spin_lock(&redirect_lock);
2259	f = redirect;
2260	redirect = NULL;
2261	spin_unlock(&redirect_lock);
2262	if (f)
2263	fput(f);
2264	return 0;
2265	}
2266	spin_lock(&redirect_lock);
2267	if (redirect) {
2268	spin_unlock(&redirect_lock);
2269	return -EBUSY;
2270	}
2271	redirect = get_file(file);
2272	spin_unlock(&redirect_lock);
2273	return 0;
2274	}
2275
2276	/**
2277	* fionbio - non blocking ioctl
2278	* @file: file to set blocking value
2279	* @p: user parameter
2280	*
2281	* Historical tty interfaces had a blocking control ioctl before
2282	* the generic functionality existed. This piece of history is preserved
2283	* in the expected tty API of posix OS's.
2284	*
2285	* Locking: none, the open file handle ensures it won't go away.
2286	*/
2287
2288	static int fionbio(struct file file, int __user p)
2289	{
2290	int nonblock;
2291
2292	if (get_user(nonblock, p))
2293	return -EFAULT;
2294
2295	spin_lock(&file->f_lock);
2296	if (nonblock)
2297	file->f_flags \|= O_NONBLOCK;
2298	else
2299	file->f_flags &= ~O_NONBLOCK;
2300	spin_unlock(&file->f_lock);
2301	return 0;
2302	}
2303
2304	/**
2305	* tiocsctty - set controlling tty
2306	* @tty: tty structure
2307	* @arg: user argument
2308	*
2309	* This ioctl is used to manage job control. It permits a session
2310	* leader to set this tty as the controlling tty for the session.
2311	*
2312	* Locking:
2313	* Takes tty_mutex() to protect tty instance
2314	* Takes tasklist_lock internally to walk sessions
2315	* Takes ->siglock() when updating signal->tty
2316	*/
2317
2318	static int tiocsctty(struct tty_struct *tty, int arg)
2319	{
2320	int ret = 0;
2321	if (current->signal->leader && (task_session(current) == tty->session))
2322	return ret;
2323
2324	mutex_lock(&tty_mutex);
2325	/*
2326	* The process must be a session leader and
2327	* not have a controlling tty already.
2328	*/
2329	if (!current->signal->leader \|\| current->signal->tty) {
2330	ret = -EPERM;
2331	goto unlock;
2332	}
2333
2334	if (tty->session) {
2335	/*
2336	* This tty is already the controlling
2337	* tty for another session group!
2338	*/
2339	if (arg == 1 && capable(CAP_SYS_ADMIN)) {
2340	/*
2341	* Steal it away
2342	*/
2343	read_lock(&tasklist_lock);
2344	session_clear_tty(tty->session);
2345	read_unlock(&tasklist_lock);
2346	} else {
2347	ret = -EPERM;
2348	goto unlock;
2349	}
2350	}
2351	proc_set_tty(current, tty);
2352	unlock:
2353	mutex_unlock(&tty_mutex);
2354	return ret;
2355	}
2356
2357	/**
2358	* tty_get_pgrp - return a ref counted pgrp pid
2359	* @tty: tty to read
2360	*
2361	* Returns a refcounted instance of the pid struct for the process
2362	* group controlling the tty.
2363	*/
2364
2365	struct pid tty_get_pgrp(struct tty_struct tty)
2366	{
2367	unsigned long flags;
2368	struct pid *pgrp;
2369
2370	spin_lock_irqsave(&tty->ctrl_lock, flags);
2371	pgrp = get_pid(tty->pgrp);
2372	spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2373
2374	return pgrp;
2375	}
2376	EXPORT_SYMBOL_GPL(tty_get_pgrp);
2377
2378	/**
2379	* tiocgpgrp - get process group
2380	* @tty: tty passed by user
2381	* @real_tty: tty side of the tty passed by the user if a pty else the tty
2382	* @p: returned pid
2383	*
2384	* Obtain the process group of the tty. If there is no process group
2385	* return an error.
2386	*
2387	* Locking: none. Reference to current->signal->tty is safe.
2388	*/
2389
2390	static int tiocgpgrp(struct tty_struct tty, struct tty_struct real_tty, pid_t __user *p)
2391	{
2392	struct pid *pid;
2393	int ret;
2394	/*
2395	* (tty == real_tty) is a cheap way of
2396	* testing if the tty is NOT a master pty.
2397	*/
2398	if (tty == real_tty && current->signal->tty != real_tty)
2399	return -ENOTTY;
2400	pid = tty_get_pgrp(real_tty);
2401	ret = put_user(pid_vnr(pid), p);
2402	put_pid(pid);
2403	return ret;
2404	}
2405
2406	/**
2407	* tiocspgrp - attempt to set process group
2408	* @tty: tty passed by user
2409	* @real_tty: tty side device matching tty passed by user
2410	* @p: pid pointer
2411	*
2412	* Set the process group of the tty to the session passed. Only
2413	* permitted where the tty session is our session.
2414	*
2415	* Locking: RCU, ctrl lock
2416	*/
2417
2418	static int tiocspgrp(struct tty_struct tty, struct tty_struct real_tty, pid_t __user *p)
2419	{
2420	struct pid *pgrp;
2421	pid_t pgrp_nr;
2422	int retval = tty_check_change(real_tty);
2423	unsigned long flags;
2424
2425	if (retval == -EIO)
2426	return -ENOTTY;
2427	if (retval)
2428	return retval;
2429	if (!current->signal->tty \|\|
2430	(current->signal->tty != real_tty) \|\|
2431	(real_tty->session != task_session(current)))
2432	return -ENOTTY;
2433	if (get_user(pgrp_nr, p))
2434	return -EFAULT;
2435	if (pgrp_nr < 0)
2436	return -EINVAL;
2437	rcu_read_lock();
2438	pgrp = find_vpid(pgrp_nr);
2439	retval = -ESRCH;
2440	if (!pgrp)
2441	goto out_unlock;
2442	retval = -EPERM;
2443	if (session_of_pgrp(pgrp) != task_session(current))
2444	goto out_unlock;
2445	retval = 0;
2446	spin_lock_irqsave(&tty->ctrl_lock, flags);
2447	put_pid(real_tty->pgrp);
2448	real_tty->pgrp = get_pid(pgrp);
2449	spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2450	out_unlock:
2451	rcu_read_unlock();
2452	return retval;
2453	}
2454
2455	/**
2456	* tiocgsid - get session id
2457	* @tty: tty passed by user
2458	* @real_tty: tty side of the tty passed by the user if a pty else the tty
2459	* @p: pointer to returned session id
2460	*
2461	* Obtain the session id of the tty. If there is no session
2462	* return an error.
2463	*
2464	* Locking: none. Reference to current->signal->tty is safe.
2465	*/
2466
2467	static int tiocgsid(struct tty_struct tty, struct tty_struct real_tty, pid_t __user *p)
2468	{
2469	/*
2470	* (tty == real_tty) is a cheap way of
2471	* testing if the tty is NOT a master pty.
2472	*/
2473	if (tty == real_tty && current->signal->tty != real_tty)
2474	return -ENOTTY;
2475	if (!real_tty->session)
2476	return -ENOTTY;
2477	return put_user(pid_vnr(real_tty->session), p);
2478	}
2479
2480	/**
2481	* tiocsetd - set line discipline
2482	* @tty: tty device
2483	* @p: pointer to user data
2484	*
2485	* Set the line discipline according to user request.
2486	*
2487	* Locking: see tty_set_ldisc, this function is just a helper
2488	*/
2489
2490	static int tiocsetd(struct tty_struct tty, int __user p)
2491	{
2492	int ldisc;
2493	int ret;
2494
2495	if (get_user(ldisc, p))
2496	return -EFAULT;
2497
2498	ret = tty_set_ldisc(tty, ldisc);
2499
2500	return ret;
2501	}
2502
2503	/**
2504	* send_break - performed time break
2505	* @tty: device to break on
2506	* @duration: timeout in mS
2507	*
2508	* Perform a timed break on hardware that lacks its own driver level
2509	* timed break functionality.
2510	*
2511	* Locking:
2512	* atomic_write_lock serializes
2513	*
2514	*/
2515
2516	static int send_break(struct tty_struct *tty, unsigned int duration)
2517	{
2518	int retval;
2519
2520	if (tty->ops->break_ctl == NULL)
2521	return 0;
2522
2523	if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
2524	retval = tty->ops->break_ctl(tty, duration);
2525	else {
2526	/* Do the work ourselves */
2527	if (tty_write_lock(tty, 0) < 0)
2528	return -EINTR;
2529	retval = tty->ops->break_ctl(tty, -1);
2530	if (retval)
2531	goto out;
2532	if (!signal_pending(current))
2533	msleep_interruptible(duration);
2534	retval = tty->ops->break_ctl(tty, 0);
2535	out:
2536	tty_write_unlock(tty);
2537	if (signal_pending(current))
2538	retval = -EINTR;
2539	}
2540	return retval;
2541	}
2542
2543	/**
2544	* tty_tiocmget - get modem status
2545	* @tty: tty device
2546	* @file: user file pointer
2547	* @p: pointer to result
2548	*
2549	* Obtain the modem status bits from the tty driver if the feature
2550	* is supported. Return -EINVAL if it is not available.
2551	*
2552	* Locking: none (up to the driver)
2553	*/
2554
2555	static int tty_tiocmget(struct tty_struct tty, int __user p)
2556	{
2557	int retval = -EINVAL;
2558
2559	if (tty->ops->tiocmget) {
2560	retval = tty->ops->tiocmget(tty);
2561
2562	if (retval >= 0)
2563	retval = put_user(retval, p);
2564	}
2565	return retval;
2566	}
2567
2568	/**
2569	* tty_tiocmset - set modem status
2570	* @tty: tty device
2571	* @cmd: command - clear bits, set bits or set all
2572	* @p: pointer to desired bits
2573	*
2574	* Set the modem status bits from the tty driver if the feature
2575	* is supported. Return -EINVAL if it is not available.
2576	*
2577	* Locking: none (up to the driver)
2578	*/
2579
2580	static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd,
2581	unsigned __user *p)
2582	{
2583	int retval;
2584	unsigned int set, clear, val;
2585
2586	if (tty->ops->tiocmset == NULL)
2587	return -EINVAL;
2588
2589	retval = get_user(val, p);
2590	if (retval)
2591	return retval;
2592	set = clear = 0;
2593	switch (cmd) {
2594	case TIOCMBIS:
2595	set = val;
2596	break;
2597	case TIOCMBIC:
2598	clear = val;
2599	break;
2600	case TIOCMSET:
2601	set = val;
2602	clear = ~val;
2603	break;
2604	}
2605	set &= TIOCM_DTR\|TIOCM_RTS\|TIOCM_OUT1\|TIOCM_OUT2\|TIOCM_LOOP;
2606	clear &= TIOCM_DTR\|TIOCM_RTS\|TIOCM_OUT1\|TIOCM_OUT2\|TIOCM_LOOP;
2607	return tty->ops->tiocmset(tty, set, clear);
2608	}
2609
2610	static int tty_tiocgicount(struct tty_struct tty, void __user arg)
2611	{
2612	int retval = -EINVAL;
2613	struct serial_icounter_struct icount;
2614	memset(&icount, 0, sizeof(icount));
2615	if (tty->ops->get_icount)
2616	retval = tty->ops->get_icount(tty, &icount);
2617	if (retval != 0)
2618	return retval;
2619	if (copy_to_user(arg, &icount, sizeof(icount)))
2620	return -EFAULT;
2621	return 0;
2622	}
2623
2624	struct tty_struct tty_pair_get_tty(struct tty_struct tty)
2625	{
2626	if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2627	tty->driver->subtype == PTY_TYPE_MASTER)
2628	tty = tty->link;
2629	return tty;
2630	}
2631	EXPORT_SYMBOL(tty_pair_get_tty);
2632
2633	struct tty_struct tty_pair_get_pty(struct tty_struct tty)
2634	{
2635	if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2636	tty->driver->subtype == PTY_TYPE_MASTER)
2637	return tty;
2638	return tty->link;
2639	}
2640	EXPORT_SYMBOL(tty_pair_get_pty);
2641
2642	/*
2643	* Split this up, as gcc can choke on it otherwise..
2644	*/
2645	long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2646	{
2647	struct tty_struct *tty = file_tty(file);
2648	struct tty_struct *real_tty;
2649	void __user p = (void __user )arg;
2650	int retval;
2651	struct tty_ldisc *ld;
2652
2653	if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2654	return -EINVAL;
2655
2656	real_tty = tty_pair_get_tty(tty);
2657
2658	/*
2659	* Factor out some common prep work
2660	*/
2661	switch (cmd) {
2662	case TIOCSETD:
2663	case TIOCSBRK:
2664	case TIOCCBRK:
2665	case TCSBRK:
2666	case TCSBRKP:
2667	retval = tty_check_change(tty);
2668	if (retval)
2669	return retval;
2670	if (cmd != TIOCCBRK) {
2671	tty_wait_until_sent(tty, 0);
2672	if (signal_pending(current))
2673	return -EINTR;
2674	}
2675	break;
2676	}
2677
2678	/*
2679	* Now do the stuff.
2680	*/
2681	switch (cmd) {
2682	case TIOCSTI:
2683	return tiocsti(tty, p);
2684	case TIOCGWINSZ:
2685	return tiocgwinsz(real_tty, p);
2686	case TIOCSWINSZ:
2687	return tiocswinsz(real_tty, p);
2688	case TIOCCONS:
2689	return real_tty != tty ? -EINVAL : tioccons(file);
2690	case FIONBIO:
2691	return fionbio(file, p);
2692	case TIOCEXCL:
2693	set_bit(TTY_EXCLUSIVE, &tty->flags);
2694	return 0;
2695	case TIOCNXCL:
2696	clear_bit(TTY_EXCLUSIVE, &tty->flags);
2697	return 0;
2698	case TIOCGEXCL:
2699	{
2700	int excl = test_bit(TTY_EXCLUSIVE, &tty->flags);
2701	return put_user(excl, (int __user *)p);
2702	}
2703	case TIOCNOTTY:
2704	if (current->signal->tty != tty)
2705	return -ENOTTY;
2706	no_tty();
2707	return 0;
2708	case TIOCSCTTY:
2709	return tiocsctty(tty, arg);
2710	case TIOCGPGRP:
2711	return tiocgpgrp(tty, real_tty, p);
2712	case TIOCSPGRP:
2713	return tiocspgrp(tty, real_tty, p);
2714	case TIOCGSID:
2715	return tiocgsid(tty, real_tty, p);
2716	case TIOCGETD:
2717	return put_user(tty->ldisc->ops->num, (int __user *)p);
2718	case TIOCSETD:
2719	return tiocsetd(tty, p);
2720	case TIOCVHANGUP:
2721	if (!capable(CAP_SYS_ADMIN))
2722	return -EPERM;
2723	tty_vhangup(tty);
2724	return 0;
2725	case TIOCGDEV:
2726	{
2727	unsigned int ret = new_encode_dev(tty_devnum(real_tty));
2728	return put_user(ret, (unsigned int __user *)p);
2729	}
2730	/*
2731	* Break handling
2732	*/
2733	case TIOCSBRK: /* Turn break on, unconditionally */
2734	if (tty->ops->break_ctl)
2735	return tty->ops->break_ctl(tty, -1);
2736	return 0;
2737	case TIOCCBRK: /* Turn break off, unconditionally */
2738	if (tty->ops->break_ctl)
2739	return tty->ops->break_ctl(tty, 0);
2740	return 0;
2741	case TCSBRK: /* SVID version: non-zero arg --> no break */
2742	/* non-zero arg means wait for all output data
2743	* to be sent (performed above) but don't send break.
2744	* This is used by the tcdrain() termios function.
2745	*/
2746	if (!arg)
2747	return send_break(tty, 250);
2748	return 0;
2749	case TCSBRKP: /* support for POSIX tcsendbreak() */
2750	return send_break(tty, arg ? arg*100 : 250);
2751
2752	case TIOCMGET:
2753	return tty_tiocmget(tty, p);
2754	case TIOCMSET:
2755	case TIOCMBIC:
2756	case TIOCMBIS:
2757	return tty_tiocmset(tty, cmd, p);
2758	case TIOCGICOUNT:
2759	retval = tty_tiocgicount(tty, p);
2760	/* For the moment allow fall through to the old method */
2761	if (retval != -EINVAL)
2762	return retval;
2763	break;
2764	case TCFLSH:
2765	switch (arg) {
2766	case TCIFLUSH:
2767	case TCIOFLUSH:
2768	/* flush tty buffer and allow ldisc to process ioctl */
2769	tty_buffer_flush(tty);
2770	break;
2771	}
2772	break;
2773	}
2774	if (tty->ops->ioctl) {
2775	retval = (tty->ops->ioctl)(tty, cmd, arg);
2776	if (retval != -ENOIOCTLCMD)
2777	return retval;
2778	}
2779	ld = tty_ldisc_ref_wait(tty);
2780	retval = -EINVAL;
2781	if (ld->ops->ioctl) {
2782	retval = ld->ops->ioctl(tty, file, cmd, arg);
2783	if (retval == -ENOIOCTLCMD)
2784	retval = -ENOTTY;
2785	}
2786	tty_ldisc_deref(ld);
2787	return retval;
2788	}
2789
2790	#ifdef CONFIG_COMPAT
2791	static long tty_compat_ioctl(struct file *file, unsigned int cmd,
2792	unsigned long arg)
2793	{
2794	struct tty_struct *tty = file_tty(file);
2795	struct tty_ldisc *ld;
2796	int retval = -ENOIOCTLCMD;
2797
2798	if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2799	return -EINVAL;
2800
2801	if (tty->ops->compat_ioctl) {
2802	retval = (tty->ops->compat_ioctl)(tty, cmd, arg);
2803	if (retval != -ENOIOCTLCMD)
2804	return retval;
2805	}
2806
2807	ld = tty_ldisc_ref_wait(tty);
2808	if (ld->ops->compat_ioctl)
2809	retval = ld->ops->compat_ioctl(tty, file, cmd, arg);
2810	else
2811	retval = n_tty_compat_ioctl_helper(tty, file, cmd, arg);
2812	tty_ldisc_deref(ld);
2813
2814	return retval;
2815	}
2816	#endif
2817
2818	static int this_tty(const void t, struct file file, unsigned fd)
2819	{
2820	if (likely(file->f_op->read != tty_read))
2821	return 0;
2822	return file_tty(file) != t ? 0 : fd + 1;
2823	}
2824
2825	/*
2826	* This implements the "Secure Attention Key" --- the idea is to
2827	* prevent trojan horses by killing all processes associated with this
2828	* tty when the user hits the "Secure Attention Key". Required for
2829	* super-paranoid applications --- see the Orange Book for more details.
2830	*
2831	* This code could be nicer; ideally it should send a HUP, wait a few
2832	* seconds, then send a INT, and then a KILL signal. But you then
2833	* have to coordinate with the init process, since all processes associated
2834	* with the current tty must be dead before the new getty is allowed
2835	* to spawn.
2836	*
2837	* Now, if it would be correct ;-/ The current code has a nasty hole -
2838	* it doesn't catch files in flight. We may send the descriptor to ourselves
2839	* via AF_UNIX socket, close it and later fetch from socket. FIXME.
2840	*
2841	* Nasty bug: do_SAK is being called in interrupt context. This can
2842	* deadlock. We punt it up to process context. AKPM - 16Mar2001
2843	*/
2844	void __do_SAK(struct tty_struct *tty)
2845	{
2846	#ifdef TTY_SOFT_SAK
2847	tty_hangup(tty);
2848	#else
2849	struct task_struct g, p;
2850	struct pid *session;
2851	int i;
2852
2853	if (!tty)
2854	return;
2855	session = tty->session;
2856
2857	tty_ldisc_flush(tty);
2858
2859	tty_driver_flush_buffer(tty);
2860
2861	read_lock(&tasklist_lock);
2862	/* Kill the entire session */
2863	do_each_pid_task(session, PIDTYPE_SID, p) {
2864	printk(KERN_NOTICE "SAK: killed process %d"
2865	" (%s): task_session(p)==tty->session\n",
2866	task_pid_nr(p), p->comm);
2867	send_sig(SIGKILL, p, 1);
2868	} while_each_pid_task(session, PIDTYPE_SID, p);
2869	/* Now kill any processes that happen to have the
2870	* tty open.
2871	*/
2872	do_each_thread(g, p) {
2873	if (p->signal->tty == tty) {
2874	printk(KERN_NOTICE "SAK: killed process %d"
2875	" (%s): task_session(p)==tty->session\n",
2876	task_pid_nr(p), p->comm);
2877	send_sig(SIGKILL, p, 1);
2878	continue;
2879	}
2880	task_lock(p);
2881	i = iterate_fd(p->files, 0, this_tty, tty);
2882	if (i != 0) {
2883	printk(KERN_NOTICE "SAK: killed process %d"
2884	" (%s): fd#%d opened to the tty\n",
2885	task_pid_nr(p), p->comm, i - 1);
2886	force_sig(SIGKILL, p);
2887	}
2888	task_unlock(p);
2889	} while_each_thread(g, p);
2890	read_unlock(&tasklist_lock);
2891	#endif
2892	}
2893
2894	static void do_SAK_work(struct work_struct *work)
2895	{
2896	struct tty_struct *tty =
2897	container_of(work, struct tty_struct, SAK_work);
2898	__do_SAK(tty);
2899	}
2900
2901	/*
2902	* The tq handling here is a little racy - tty->SAK_work may already be queued.
2903	* Fortunately we don't need to worry, because if ->SAK_work is already queued,
2904	* the values which we write to it will be identical to the values which it
2905	* already has. --akpm
2906	*/
2907	void do_SAK(struct tty_struct *tty)
2908	{
2909	if (!tty)
2910	return;
2911	schedule_work(&tty->SAK_work);
2912	}
2913
2914	EXPORT_SYMBOL(do_SAK);
2915
2916	static int dev_match_devt(struct device dev, const void data)
2917	{
2918	const dev_t *devt = data;
2919	return dev->devt == *devt;
2920	}
2921
2922	/* Must put_device() after it's unused! */
2923	static struct device tty_get_device(struct tty_struct tty)
2924	{
2925	dev_t devt = tty_devnum(tty);
2926	return class_find_device(tty_class, NULL, &devt, dev_match_devt);
2927	}
2928
2929
2930	/**
2931	* initialize_tty_struct
2932	* @tty: tty to initialize
2933	*
2934	* This subroutine initializes a tty structure that has been newly
2935	* allocated.
2936	*
2937	* Locking: none - tty in question must not be exposed at this point
2938	*/
2939
2940	void initialize_tty_struct(struct tty_struct *tty,
2941	struct tty_driver *driver, int idx)
2942	{
2943	memset(tty, 0, sizeof(struct tty_struct));
2944	kref_init(&tty->kref);
2945	tty->magic = TTY_MAGIC;
2946	tty_ldisc_init(tty);
2947	tty->session = NULL;
2948	tty->pgrp = NULL;
2949	mutex_init(&tty->legacy_mutex);
2950	mutex_init(&tty->termios_mutex);
2951	mutex_init(&tty->ldisc_mutex);
2952	init_waitqueue_head(&tty->write_wait);
2953	init_waitqueue_head(&tty->read_wait);
2954	INIT_WORK(&tty->hangup_work, do_tty_hangup);
2955	mutex_init(&tty->atomic_write_lock);
2956	spin_lock_init(&tty->ctrl_lock);
2957	INIT_LIST_HEAD(&tty->tty_files);
2958	INIT_WORK(&tty->SAK_work, do_SAK_work);
2959
2960	tty->driver = driver;
2961	tty->ops = driver->ops;
2962	tty->index = idx;
2963	tty_line_name(driver, idx, tty->name);
2964	tty->dev = tty_get_device(tty);
2965	}
2966
2967	/**
2968	* deinitialize_tty_struct
2969	* @tty: tty to deinitialize
2970	*
2971	* This subroutine deinitializes a tty structure that has been newly
2972	* allocated but tty_release cannot be called on that yet.
2973	*
2974	* Locking: none - tty in question must not be exposed at this point
2975	*/
2976	void deinitialize_tty_struct(struct tty_struct *tty)
2977	{
2978	tty_ldisc_deinit(tty);
2979	}
2980
2981	/**
2982	* tty_put_char - write one character to a tty
2983	* @tty: tty
2984	* @ch: character
2985	*
2986	* Write one byte to the tty using the provided put_char method
2987	* if present. Returns the number of characters successfully output.
2988	*
2989	* Note: the specific put_char operation in the driver layer may go
2990	* away soon. Don't call it directly, use this method
2991	*/
2992
2993	int tty_put_char(struct tty_struct *tty, unsigned char ch)
2994	{
2995	if (tty->ops->put_char)
2996	return tty->ops->put_char(tty, ch);
2997	return tty->ops->write(tty, &ch, 1);
2998	}
2999	EXPORT_SYMBOL_GPL(tty_put_char);
3000
3001	struct class *tty_class;
3002
3003	static int tty_cdev_add(struct tty_driver *driver, dev_t dev,
3004	unsigned int index, unsigned int count)
3005	{
3006	/* init here, since reused cdevs cause crashes */
3007	cdev_init(&driver->cdevs[index], &tty_fops);
3008	driver->cdevs[index].owner = driver->owner;
3009	return cdev_add(&driver->cdevs[index], dev, count);
3010	}
3011
3012	/**
3013	* tty_register_device - register a tty device
3014	* @driver: the tty driver that describes the tty device
3015	* @index: the index in the tty driver for this tty device
3016	* @device: a struct device that is associated with this tty device.
3017	* This field is optional, if there is no known struct device
3018	* for this tty device it can be set to NULL safely.
3019	*
3020	* Returns a pointer to the struct device for this tty device
3021	* (or ERR_PTR(-EFOO) on error).
3022	*
3023	* This call is required to be made to register an individual tty device
3024	* if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3025	* that bit is not set, this function should not be called by a tty
3026	* driver.
3027	*
3028	* Locking: ??
3029	*/
3030
3031	struct device tty_register_device(struct tty_driver driver, unsigned index,
3032	struct device *device)
3033	{
3034	return tty_register_device_attr(driver, index, device, NULL, NULL);
3035	}
3036	EXPORT_SYMBOL(tty_register_device);
3037
3038	static void tty_device_create_release(struct device *dev)
3039	{
3040	pr_debug("device: '%s': %s\n", dev_name(dev), __func__);
3041	kfree(dev);
3042	}
3043
3044	/**
3045	* tty_register_device_attr - register a tty device
3046	* @driver: the tty driver that describes the tty device
3047	* @index: the index in the tty driver for this tty device
3048	* @device: a struct device that is associated with this tty device.
3049	* This field is optional, if there is no known struct device
3050	* for this tty device it can be set to NULL safely.
3051	* @drvdata: Driver data to be set to device.
3052	* @attr_grp: Attribute group to be set on device.
3053	*
3054	* Returns a pointer to the struct device for this tty device
3055	* (or ERR_PTR(-EFOO) on error).
3056	*
3057	* This call is required to be made to register an individual tty device
3058	* if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set. If
3059	* that bit is not set, this function should not be called by a tty
3060	* driver.
3061	*
3062	* Locking: ??
3063	*/
3064	struct device tty_register_device_attr(struct tty_driver driver,
3065	unsigned index, struct device *device,
3066	void *drvdata,
3067	const struct attribute_group **attr_grp)
3068	{
3069	char name[64];
3070	dev_t devt = MKDEV(driver->major, driver->minor_start) + index;
3071	struct device *dev = NULL;
3072	int retval = -ENODEV;
3073	bool cdev = false;
3074
3075	if (index >= driver->num) {
3076	printk(KERN_ERR "Attempt to register invalid tty line number "
3077	" (%d).\n", index);
3078	return ERR_PTR(-EINVAL);
3079	}
3080
3081	if (driver->type == TTY_DRIVER_TYPE_PTY)
3082	pty_line_name(driver, index, name);
3083	else
3084	tty_line_name(driver, index, name);
3085
3086	if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3087	retval = tty_cdev_add(driver, devt, index, 1);
3088	if (retval)
3089	goto error;
3090	cdev = true;
3091	}
3092
3093	dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3094	if (!dev) {
3095	retval = -ENOMEM;
3096	goto error;
3097	}
3098
3099	dev->devt = devt;
3100	dev->class = tty_class;
3101	dev->parent = device;
3102	dev->release = tty_device_create_release;
3103	dev_set_name(dev, "%s", name);
3104	dev->groups = attr_grp;
3105	dev_set_drvdata(dev, drvdata);
3106
3107	retval = device_register(dev);
3108	if (retval)
3109	goto error;
3110
3111	return dev;
3112
3113	error:
3114	put_device(dev);
3115	if (cdev)
3116	cdev_del(&driver->cdevs[index]);
3117	return ERR_PTR(retval);
3118	}
3119	EXPORT_SYMBOL_GPL(tty_register_device_attr);
3120
3121	/**
3122	* tty_unregister_device - unregister a tty device
3123	* @driver: the tty driver that describes the tty device
3124	* @index: the index in the tty driver for this tty device
3125	*
3126	* If a tty device is registered with a call to tty_register_device() then
3127	* this function must be called when the tty device is gone.
3128	*
3129	* Locking: ??
3130	*/
3131
3132	void tty_unregister_device(struct tty_driver *driver, unsigned index)
3133	{
3134	device_destroy(tty_class,
3135	MKDEV(driver->major, driver->minor_start) + index);
3136	if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC))
3137	cdev_del(&driver->cdevs[index]);
3138	}
3139	EXPORT_SYMBOL(tty_unregister_device);
3140
3141	/**
3142	* __tty_alloc_driver -- allocate tty driver
3143	* @lines: count of lines this driver can handle at most
3144	* @owner: module which is repsonsible for this driver
3145	* @flags: some of TTY_DRIVER_* flags, will be set in driver->flags
3146	*
3147	* This should not be called directly, some of the provided macros should be
3148	* used instead. Use IS_ERR and friends on @retval.
3149	*/
3150	struct tty_driver __tty_alloc_driver(unsigned int lines, struct module owner,
3151	unsigned long flags)
3152	{
3153	struct tty_driver *driver;
3154	unsigned int cdevs = 1;
3155	int err;
3156
3157	if (!lines \|\| (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1))
3158	return ERR_PTR(-EINVAL);
3159
3160	driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL);
3161	if (!driver)
3162	return ERR_PTR(-ENOMEM);
3163
3164	kref_init(&driver->kref);
3165	driver->magic = TTY_DRIVER_MAGIC;
3166	driver->num = lines;
3167	driver->owner = owner;
3168	driver->flags = flags;
3169
3170	if (!(flags & TTY_DRIVER_DEVPTS_MEM)) {
3171	driver->ttys = kcalloc(lines, sizeof(*driver->ttys),
3172	GFP_KERNEL);
3173	driver->termios = kcalloc(lines, sizeof(*driver->termios),
3174	GFP_KERNEL);
3175	if (!driver->ttys \|\| !driver->termios) {
3176	err = -ENOMEM;
3177	goto err_free_all;
3178	}
3179	}
3180
3181	if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3182	driver->ports = kcalloc(lines, sizeof(*driver->ports),
3183	GFP_KERNEL);
3184	if (!driver->ports) {
3185	err = -ENOMEM;
3186	goto err_free_all;
3187	}
3188	cdevs = lines;
3189	}
3190
3191	driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL);
3192	if (!driver->cdevs) {
3193	err = -ENOMEM;
3194	goto err_free_all;
3195	}
3196
3197	return driver;
3198	err_free_all:
3199	kfree(driver->ports);
3200	kfree(driver->ttys);
3201	kfree(driver->termios);
3202	kfree(driver);
3203	return ERR_PTR(err);
3204	}
3205	EXPORT_SYMBOL(__tty_alloc_driver);
3206
3207	static void destruct_tty_driver(struct kref *kref)
3208	{
3209	struct tty_driver *driver = container_of(kref, struct tty_driver, kref);
3210	int i;
3211	struct ktermios *tp;
3212
3213	if (driver->flags & TTY_DRIVER_INSTALLED) {
3214	/*
3215	* Free the termios and termios_locked structures because
3216	* we don't want to get memory leaks when modular tty
3217	* drivers are removed from the kernel.
3218	*/
3219	for (i = 0; i < driver->num; i++) {
3220	tp = driver->termios[i];
3221	if (tp) {
3222	driver->termios[i] = NULL;
3223	kfree(tp);
3224	}
3225	if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3226	tty_unregister_device(driver, i);
3227	}
3228	proc_tty_unregister_driver(driver);
3229	if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)
3230	cdev_del(&driver->cdevs[0]);
3231	}
3232	kfree(driver->cdevs);
3233	kfree(driver->ports);
3234	kfree(driver->termios);
3235	kfree(driver->ttys);
3236	kfree(driver);
3237	}
3238
3239	void tty_driver_kref_put(struct tty_driver *driver)
3240	{
3241	kref_put(&driver->kref, destruct_tty_driver);
3242	}
3243	EXPORT_SYMBOL(tty_driver_kref_put);
3244
3245	void tty_set_operations(struct tty_driver *driver,
3246	const struct tty_operations *op)
3247	{
3248	driver->ops = op;
3249	};
3250	EXPORT_SYMBOL(tty_set_operations);
3251
3252	void put_tty_driver(struct tty_driver *d)
3253	{
3254	tty_driver_kref_put(d);
3255	}
3256	EXPORT_SYMBOL(put_tty_driver);
3257
3258	/*
3259	* Called by a tty driver to register itself.
3260	*/
3261	int tty_register_driver(struct tty_driver *driver)
3262	{
3263	int error;
3264	int i;
3265	dev_t dev;
3266	struct device *d;
3267
3268	if (!driver->major) {
3269	error = alloc_chrdev_region(&dev, driver->minor_start,
3270	driver->num, driver->name);
3271	if (!error) {
3272	driver->major = MAJOR(dev);
3273	driver->minor_start = MINOR(dev);
3274	}
3275	} else {
3276	dev = MKDEV(driver->major, driver->minor_start);
3277	error = register_chrdev_region(dev, driver->num, driver->name);
3278	}
3279	if (error < 0)
3280	goto err;
3281
3282	if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) {
3283	error = tty_cdev_add(driver, dev, 0, driver->num);
3284	if (error)
3285	goto err_unreg_char;
3286	}
3287
3288	mutex_lock(&tty_mutex);
3289	list_add(&driver->tty_drivers, &tty_drivers);
3290	mutex_unlock(&tty_mutex);
3291
3292	if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
3293	for (i = 0; i < driver->num; i++) {
3294	d = tty_register_device(driver, i, NULL);
3295	if (IS_ERR(d)) {
3296	error = PTR_ERR(d);
3297	goto err_unreg_devs;
3298	}
3299	}
3300	}
3301	proc_tty_register_driver(driver);
3302	driver->flags \|= TTY_DRIVER_INSTALLED;
3303	return 0;
3304
3305	err_unreg_devs:
3306	for (i--; i >= 0; i--)
3307	tty_unregister_device(driver, i);
3308
3309	mutex_lock(&tty_mutex);
3310	list_del(&driver->tty_drivers);
3311	mutex_unlock(&tty_mutex);
3312
3313	err_unreg_char:
3314	unregister_chrdev_region(dev, driver->num);
3315	err:
3316	return error;
3317	}
3318	EXPORT_SYMBOL(tty_register_driver);
3319
3320	/*
3321	* Called by a tty driver to unregister itself.
3322	*/
3323	int tty_unregister_driver(struct tty_driver *driver)
3324	{
3325	#if 0
3326	/* FIXME */
3327	if (driver->refcount)
3328	return -EBUSY;
3329	#endif
3330	unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3331	driver->num);
3332	mutex_lock(&tty_mutex);
3333	list_del(&driver->tty_drivers);
3334	mutex_unlock(&tty_mutex);
3335	return 0;
3336	}
3337
3338	EXPORT_SYMBOL(tty_unregister_driver);
3339
3340	dev_t tty_devnum(struct tty_struct *tty)
3341	{
3342	return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3343	}
3344	EXPORT_SYMBOL(tty_devnum);
3345
3346	void proc_clear_tty(struct task_struct *p)
3347	{
3348	unsigned long flags;
3349	struct tty_struct *tty;
3350	spin_lock_irqsave(&p->sighand->siglock, flags);
3351	tty = p->signal->tty;
3352	p->signal->tty = NULL;
3353	spin_unlock_irqrestore(&p->sighand->siglock, flags);
3354	tty_kref_put(tty);
3355	}
3356
3357	/* Called under the sighand lock */
3358
3359	static void __proc_set_tty(struct task_struct tsk, struct tty_struct tty)
3360	{
3361	if (tty) {
3362	unsigned long flags;
3363	/* We should not have a session or pgrp to put here but.... */
3364	spin_lock_irqsave(&tty->ctrl_lock, flags);
3365	put_pid(tty->session);
3366	put_pid(tty->pgrp);
3367	tty->pgrp = get_pid(task_pgrp(tsk));
3368	spin_unlock_irqrestore(&tty->ctrl_lock, flags);
3369	tty->session = get_pid(task_session(tsk));
3370	if (tsk->signal->tty) {
3371	printk(KERN_DEBUG "tty not NULL!!\n");
3372	tty_kref_put(tsk->signal->tty);
3373	}
3374	}
3375	put_pid(tsk->signal->tty_old_pgrp);
3376	tsk->signal->tty = tty_kref_get(tty);
3377	tsk->signal->tty_old_pgrp = NULL;
3378	}
3379
3380	static void proc_set_tty(struct task_struct tsk, struct tty_struct tty)
3381	{
3382	spin_lock_irq(&tsk->sighand->siglock);
3383	__proc_set_tty(tsk, tty);
3384	spin_unlock_irq(&tsk->sighand->siglock);
3385	}
3386
3387	struct tty_struct *get_current_tty(void)
3388	{
3389	struct tty_struct *tty;
3390	unsigned long flags;
3391
3392	spin_lock_irqsave(&current->sighand->siglock, flags);
3393	tty = tty_kref_get(current->signal->tty);
3394	spin_unlock_irqrestore(&current->sighand->siglock, flags);
3395	return tty;
3396	}
3397	EXPORT_SYMBOL_GPL(get_current_tty);
3398
3399	void tty_default_fops(struct file_operations *fops)
3400	{
3401	*fops = tty_fops;
3402	}
3403
3404	/*
3405	* Initialize the console device. This is called early, so
3406	* we can't necessarily depend on lots of kernel help here.
3407	* Just do some early initializations, and do the complex setup
3408	* later.
3409	*/
3410	void __init console_init(void)
3411	{
3412	initcall_t *call;
3413
3414	/* Setup the default TTY line discipline. */
3415	tty_ldisc_begin();
3416
3417	/*
3418	* set up the console device so that later boot sequences can
3419	* inform about problems etc..
3420	*/
3421	call = __con_initcall_start;
3422	while (call < __con_initcall_end) {
3423	(*call)();
3424	call++;
3425	}
3426	}
3427
3428	static char tty_devnode(struct device dev, umode_t *mode)
3429	{
3430	if (!mode)
3431	return NULL;
3432	if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) \|\|
3433	dev->devt == MKDEV(TTYAUX_MAJOR, 2))
3434	*mode = 0666;
3435	return NULL;
3436	}
3437
3438	static int __init tty_class_init(void)
3439	{
3440	tty_class = class_create(THIS_MODULE, "tty");
3441	if (IS_ERR(tty_class))
3442	return PTR_ERR(tty_class);
3443	tty_class->devnode = tty_devnode;
3444	return 0;
3445	}
3446
3447	postcore_initcall(tty_class_init);
3448
3449	/* 3/2004 jmc: why do these devices exist? */
3450	static struct cdev tty_cdev, console_cdev;
3451
3452	static ssize_t show_cons_active(struct device *dev,
3453	struct device_attribute attr, char buf)
3454	{
3455	struct console *cs[16];
3456	int i = 0;
3457	struct console *c;
3458	ssize_t count = 0;
3459
3460	console_lock();
3461	for_each_console(c) {
3462	if (!c->device)
3463	continue;
3464	if (!c->write)
3465	continue;
3466	if ((c->flags & CON_ENABLED) == 0)
3467	continue;
3468	cs[i++] = c;
3469	if (i >= ARRAY_SIZE(cs))
3470	break;
3471	}
3472	while (i--)
3473	count += sprintf(buf + count, "%s%d%c",
3474	cs[i]->name, cs[i]->index, i ? ' ':'\n');
3475	console_unlock();
3476
3477	return count;
3478	}
3479	static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL);
3480
3481	static struct device *consdev;
3482
3483	void console_sysfs_notify(void)
3484	{
3485	if (consdev)
3486	sysfs_notify(&consdev->kobj, NULL, "active");
3487	}
3488
3489	/*
3490	* Ok, now we can initialize the rest of the tty devices and can count
3491	* on memory allocations, interrupts etc..
3492	*/
3493	int __init tty_init(void)
3494	{
3495	cdev_init(&tty_cdev, &tty_fops);
3496	if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) \|\|
3497	register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3498	panic("Couldn't register /dev/tty driver\n");
3499	device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty");
3500
3501	cdev_init(&console_cdev, &console_fops);
3502	if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) \|\|
3503	register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3504	panic("Couldn't register /dev/console driver\n");
3505	consdev = device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), NULL,
3506	"console");
3507	if (IS_ERR(consdev))
3508	consdev = NULL;
3509	else
3510	WARN_ON(device_create_file(consdev, &dev_attr_active) < 0);
3511
3512	#ifdef CONFIG_VT
3513	vty_init(&console_fops);
3514	#endif
3515	return 0;
3516	}
3517
3518

Download this file

Branches:
ben-wpan
ben-wpan-stefan
javiroman/ks7010
jz-2.6.34
jz-2.6.34-rc5
jz-2.6.34-rc6
jz-2.6.34-rc7
jz-2.6.35
jz-2.6.36
jz-2.6.37
jz-2.6.38
jz-2.6.39
jz-3.0
jz-3.1
jz-3.11
jz-3.12
jz-3.13
jz-3.15
jz-3.16
jz-3.18-dt
jz-3.2
jz-3.3
jz-3.4
jz-3.5
jz-3.6
jz-3.6-rc2-pwm
jz-3.9
jz-3.9-clk
jz-3.9-rc8
jz47xx
jz47xx-2.6.38
master

Tags:
od-2011-09-04
od-2011-09-18
v2.6.34-rc5
v2.6.34-rc6
v2.6.34-rc7
v3.9

Kernel

Kernel Git Source Tree

Root/drivers/tty/tty_io.c

interactive