xref: /openbmc/linux/drivers/tty/tty_io.c (revision 05bcf503)
1 /*
2  *  Copyright (C) 1991, 1992  Linus Torvalds
3  */
4 
5 /*
6  * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
7  * or rs-channels. It also implements echoing, cooked mode etc.
8  *
9  * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
10  *
11  * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
12  * tty_struct and tty_queue structures.  Previously there was an array
13  * of 256 tty_struct's which was statically allocated, and the
14  * tty_queue structures were allocated at boot time.  Both are now
15  * dynamically allocated only when the tty is open.
16  *
17  * Also restructured routines so that there is more of a separation
18  * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
19  * the low-level tty routines (serial.c, pty.c, console.c).  This
20  * makes for cleaner and more compact code.  -TYT, 9/17/92
21  *
22  * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
23  * which can be dynamically activated and de-activated by the line
24  * discipline handling modules (like SLIP).
25  *
26  * NOTE: pay no attention to the line discipline code (yet); its
27  * interface is still subject to change in this version...
28  * -- TYT, 1/31/92
29  *
30  * Added functionality to the OPOST tty handling.  No delays, but all
31  * other bits should be there.
32  *	-- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
33  *
34  * Rewrote canonical mode and added more termios flags.
35  * 	-- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
36  *
37  * Reorganized FASYNC support so mouse code can share it.
38  *	-- ctm@ardi.com, 9Sep95
39  *
40  * New TIOCLINUX variants added.
41  *	-- mj@k332.feld.cvut.cz, 19-Nov-95
42  *
43  * Restrict vt switching via ioctl()
44  *      -- grif@cs.ucr.edu, 5-Dec-95
45  *
46  * Move console and virtual terminal code to more appropriate files,
47  * implement CONFIG_VT and generalize console device interface.
48  *	-- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
49  *
50  * Rewrote tty_init_dev and tty_release_dev to eliminate races.
51  *	-- Bill Hawes <whawes@star.net>, June 97
52  *
53  * Added devfs support.
54  *      -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
55  *
56  * Added support for a Unix98-style ptmx device.
57  *      -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
58  *
59  * Reduced memory usage for older ARM systems
60  *      -- Russell King <rmk@arm.linux.org.uk>
61  *
62  * Move do_SAK() into process context.  Less stack use in devfs functions.
63  * alloc_tty_struct() always uses kmalloc()
64  *			 -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
65  */
66 
67 #include <linux/types.h>
68 #include <linux/major.h>
69 #include <linux/errno.h>
70 #include <linux/signal.h>
71 #include <linux/fcntl.h>
72 #include <linux/sched.h>
73 #include <linux/interrupt.h>
74 #include <linux/tty.h>
75 #include <linux/tty_driver.h>
76 #include <linux/tty_flip.h>
77 #include <linux/devpts_fs.h>
78 #include <linux/file.h>
79 #include <linux/fdtable.h>
80 #include <linux/console.h>
81 #include <linux/timer.h>
82 #include <linux/ctype.h>
83 #include <linux/kd.h>
84 #include <linux/mm.h>
85 #include <linux/string.h>
86 #include <linux/slab.h>
87 #include <linux/poll.h>
88 #include <linux/proc_fs.h>
89 #include <linux/init.h>
90 #include <linux/module.h>
91 #include <linux/device.h>
92 #include <linux/wait.h>
93 #include <linux/bitops.h>
94 #include <linux/delay.h>
95 #include <linux/seq_file.h>
96 #include <linux/serial.h>
97 #include <linux/ratelimit.h>
98 
99 #include <linux/uaccess.h>
100 
101 #include <linux/kbd_kern.h>
102 #include <linux/vt_kern.h>
103 #include <linux/selection.h>
104 
105 #include <linux/kmod.h>
106 #include <linux/nsproxy.h>
107 
108 #undef TTY_DEBUG_HANGUP
109 
110 #define TTY_PARANOIA_CHECK 1
111 #define CHECK_TTY_COUNT 1
112 
113 struct ktermios tty_std_termios = {	/* for the benefit of tty drivers  */
114 	.c_iflag = ICRNL | IXON,
115 	.c_oflag = OPOST | ONLCR,
116 	.c_cflag = B38400 | CS8 | CREAD | HUPCL,
117 	.c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
118 		   ECHOCTL | ECHOKE | IEXTEN,
119 	.c_cc = INIT_C_CC,
120 	.c_ispeed = 38400,
121 	.c_ospeed = 38400
122 };
123 
124 EXPORT_SYMBOL(tty_std_termios);
125 
126 /* This list gets poked at by procfs and various bits of boot up code. This
127    could do with some rationalisation such as pulling the tty proc function
128    into this file */
129 
130 LIST_HEAD(tty_drivers);			/* linked list of tty drivers */
131 
132 /* Mutex to protect creating and releasing a tty. This is shared with
133    vt.c for deeply disgusting hack reasons */
134 DEFINE_MUTEX(tty_mutex);
135 EXPORT_SYMBOL(tty_mutex);
136 
137 /* Spinlock to protect the tty->tty_files list */
138 DEFINE_SPINLOCK(tty_files_lock);
139 
140 static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
141 static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
142 ssize_t redirected_tty_write(struct file *, const char __user *,
143 							size_t, loff_t *);
144 static unsigned int tty_poll(struct file *, poll_table *);
145 static int tty_open(struct inode *, struct file *);
146 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
147 #ifdef CONFIG_COMPAT
148 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
149 				unsigned long arg);
150 #else
151 #define tty_compat_ioctl NULL
152 #endif
153 static int __tty_fasync(int fd, struct file *filp, int on);
154 static int tty_fasync(int fd, struct file *filp, int on);
155 static void release_tty(struct tty_struct *tty, int idx);
156 static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
157 static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
158 
159 /**
160  *	alloc_tty_struct	-	allocate a tty object
161  *
162  *	Return a new empty tty structure. The data fields have not
163  *	been initialized in any way but has been zeroed
164  *
165  *	Locking: none
166  */
167 
168 struct tty_struct *alloc_tty_struct(void)
169 {
170 	return kzalloc(sizeof(struct tty_struct), GFP_KERNEL);
171 }
172 
173 /**
174  *	free_tty_struct		-	free a disused tty
175  *	@tty: tty struct to free
176  *
177  *	Free the write buffers, tty queue and tty memory itself.
178  *
179  *	Locking: none. Must be called after tty is definitely unused
180  */
181 
182 void free_tty_struct(struct tty_struct *tty)
183 {
184 	if (!tty)
185 		return;
186 	if (tty->dev)
187 		put_device(tty->dev);
188 	kfree(tty->write_buf);
189 	tty_buffer_free_all(tty);
190 	tty->magic = 0xDEADDEAD;
191 	kfree(tty);
192 }
193 
194 static inline struct tty_struct *file_tty(struct file *file)
195 {
196 	return ((struct tty_file_private *)file->private_data)->tty;
197 }
198 
199 int tty_alloc_file(struct file *file)
200 {
201 	struct tty_file_private *priv;
202 
203 	priv = kmalloc(sizeof(*priv), GFP_KERNEL);
204 	if (!priv)
205 		return -ENOMEM;
206 
207 	file->private_data = priv;
208 
209 	return 0;
210 }
211 
212 /* Associate a new file with the tty structure */
213 void tty_add_file(struct tty_struct *tty, struct file *file)
214 {
215 	struct tty_file_private *priv = file->private_data;
216 
217 	priv->tty = tty;
218 	priv->file = file;
219 
220 	spin_lock(&tty_files_lock);
221 	list_add(&priv->list, &tty->tty_files);
222 	spin_unlock(&tty_files_lock);
223 }
224 
225 /**
226  * tty_free_file - free file->private_data
227  *
228  * This shall be used only for fail path handling when tty_add_file was not
229  * called yet.
230  */
231 void tty_free_file(struct file *file)
232 {
233 	struct tty_file_private *priv = file->private_data;
234 
235 	file->private_data = NULL;
236 	kfree(priv);
237 }
238 
239 /* Delete file from its tty */
240 void tty_del_file(struct file *file)
241 {
242 	struct tty_file_private *priv = file->private_data;
243 
244 	spin_lock(&tty_files_lock);
245 	list_del(&priv->list);
246 	spin_unlock(&tty_files_lock);
247 	tty_free_file(file);
248 }
249 
250 
251 #define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
252 
253 /**
254  *	tty_name	-	return tty naming
255  *	@tty: tty structure
256  *	@buf: buffer for output
257  *
258  *	Convert a tty structure into a name. The name reflects the kernel
259  *	naming policy and if udev is in use may not reflect user space
260  *
261  *	Locking: none
262  */
263 
264 char *tty_name(struct tty_struct *tty, char *buf)
265 {
266 	if (!tty) /* Hmm.  NULL pointer.  That's fun. */
267 		strcpy(buf, "NULL tty");
268 	else
269 		strcpy(buf, tty->name);
270 	return buf;
271 }
272 
273 EXPORT_SYMBOL(tty_name);
274 
275 int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
276 			      const char *routine)
277 {
278 #ifdef TTY_PARANOIA_CHECK
279 	if (!tty) {
280 		printk(KERN_WARNING
281 			"null TTY for (%d:%d) in %s\n",
282 			imajor(inode), iminor(inode), routine);
283 		return 1;
284 	}
285 	if (tty->magic != TTY_MAGIC) {
286 		printk(KERN_WARNING
287 			"bad magic number for tty struct (%d:%d) in %s\n",
288 			imajor(inode), iminor(inode), routine);
289 		return 1;
290 	}
291 #endif
292 	return 0;
293 }
294 
295 static int check_tty_count(struct tty_struct *tty, const char *routine)
296 {
297 #ifdef CHECK_TTY_COUNT
298 	struct list_head *p;
299 	int count = 0;
300 
301 	spin_lock(&tty_files_lock);
302 	list_for_each(p, &tty->tty_files) {
303 		count++;
304 	}
305 	spin_unlock(&tty_files_lock);
306 	if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
307 	    tty->driver->subtype == PTY_TYPE_SLAVE &&
308 	    tty->link && tty->link->count)
309 		count++;
310 	if (tty->count != count) {
311 		printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
312 				    "!= #fd's(%d) in %s\n",
313 		       tty->name, tty->count, count, routine);
314 		return count;
315 	}
316 #endif
317 	return 0;
318 }
319 
320 /**
321  *	get_tty_driver		-	find device of a tty
322  *	@dev_t: device identifier
323  *	@index: returns the index of the tty
324  *
325  *	This routine returns a tty driver structure, given a device number
326  *	and also passes back the index number.
327  *
328  *	Locking: caller must hold tty_mutex
329  */
330 
331 static struct tty_driver *get_tty_driver(dev_t device, int *index)
332 {
333 	struct tty_driver *p;
334 
335 	list_for_each_entry(p, &tty_drivers, tty_drivers) {
336 		dev_t base = MKDEV(p->major, p->minor_start);
337 		if (device < base || device >= base + p->num)
338 			continue;
339 		*index = device - base;
340 		return tty_driver_kref_get(p);
341 	}
342 	return NULL;
343 }
344 
345 #ifdef CONFIG_CONSOLE_POLL
346 
347 /**
348  *	tty_find_polling_driver	-	find device of a polled tty
349  *	@name: name string to match
350  *	@line: pointer to resulting tty line nr
351  *
352  *	This routine returns a tty driver structure, given a name
353  *	and the condition that the tty driver is capable of polled
354  *	operation.
355  */
356 struct tty_driver *tty_find_polling_driver(char *name, int *line)
357 {
358 	struct tty_driver *p, *res = NULL;
359 	int tty_line = 0;
360 	int len;
361 	char *str, *stp;
362 
363 	for (str = name; *str; str++)
364 		if ((*str >= '0' && *str <= '9') || *str == ',')
365 			break;
366 	if (!*str)
367 		return NULL;
368 
369 	len = str - name;
370 	tty_line = simple_strtoul(str, &str, 10);
371 
372 	mutex_lock(&tty_mutex);
373 	/* Search through the tty devices to look for a match */
374 	list_for_each_entry(p, &tty_drivers, tty_drivers) {
375 		if (strncmp(name, p->name, len) != 0)
376 			continue;
377 		stp = str;
378 		if (*stp == ',')
379 			stp++;
380 		if (*stp == '\0')
381 			stp = NULL;
382 
383 		if (tty_line >= 0 && tty_line < p->num && p->ops &&
384 		    p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) {
385 			res = tty_driver_kref_get(p);
386 			*line = tty_line;
387 			break;
388 		}
389 	}
390 	mutex_unlock(&tty_mutex);
391 
392 	return res;
393 }
394 EXPORT_SYMBOL_GPL(tty_find_polling_driver);
395 #endif
396 
397 /**
398  *	tty_check_change	-	check for POSIX terminal changes
399  *	@tty: tty to check
400  *
401  *	If we try to write to, or set the state of, a terminal and we're
402  *	not in the foreground, send a SIGTTOU.  If the signal is blocked or
403  *	ignored, go ahead and perform the operation.  (POSIX 7.2)
404  *
405  *	Locking: ctrl_lock
406  */
407 
408 int tty_check_change(struct tty_struct *tty)
409 {
410 	unsigned long flags;
411 	int ret = 0;
412 
413 	if (current->signal->tty != tty)
414 		return 0;
415 
416 	spin_lock_irqsave(&tty->ctrl_lock, flags);
417 
418 	if (!tty->pgrp) {
419 		printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n");
420 		goto out_unlock;
421 	}
422 	if (task_pgrp(current) == tty->pgrp)
423 		goto out_unlock;
424 	spin_unlock_irqrestore(&tty->ctrl_lock, flags);
425 	if (is_ignored(SIGTTOU))
426 		goto out;
427 	if (is_current_pgrp_orphaned()) {
428 		ret = -EIO;
429 		goto out;
430 	}
431 	kill_pgrp(task_pgrp(current), SIGTTOU, 1);
432 	set_thread_flag(TIF_SIGPENDING);
433 	ret = -ERESTARTSYS;
434 out:
435 	return ret;
436 out_unlock:
437 	spin_unlock_irqrestore(&tty->ctrl_lock, flags);
438 	return ret;
439 }
440 
441 EXPORT_SYMBOL(tty_check_change);
442 
443 static ssize_t hung_up_tty_read(struct file *file, char __user *buf,
444 				size_t count, loff_t *ppos)
445 {
446 	return 0;
447 }
448 
449 static ssize_t hung_up_tty_write(struct file *file, const char __user *buf,
450 				 size_t count, loff_t *ppos)
451 {
452 	return -EIO;
453 }
454 
455 /* No kernel lock held - none needed ;) */
456 static unsigned int hung_up_tty_poll(struct file *filp, poll_table *wait)
457 {
458 	return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
459 }
460 
461 static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
462 		unsigned long arg)
463 {
464 	return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
465 }
466 
467 static long hung_up_tty_compat_ioctl(struct file *file,
468 				     unsigned int cmd, unsigned long arg)
469 {
470 	return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
471 }
472 
473 static const struct file_operations tty_fops = {
474 	.llseek		= no_llseek,
475 	.read		= tty_read,
476 	.write		= tty_write,
477 	.poll		= tty_poll,
478 	.unlocked_ioctl	= tty_ioctl,
479 	.compat_ioctl	= tty_compat_ioctl,
480 	.open		= tty_open,
481 	.release	= tty_release,
482 	.fasync		= tty_fasync,
483 };
484 
485 static const struct file_operations console_fops = {
486 	.llseek		= no_llseek,
487 	.read		= tty_read,
488 	.write		= redirected_tty_write,
489 	.poll		= tty_poll,
490 	.unlocked_ioctl	= tty_ioctl,
491 	.compat_ioctl	= tty_compat_ioctl,
492 	.open		= tty_open,
493 	.release	= tty_release,
494 	.fasync		= tty_fasync,
495 };
496 
497 static const struct file_operations hung_up_tty_fops = {
498 	.llseek		= no_llseek,
499 	.read		= hung_up_tty_read,
500 	.write		= hung_up_tty_write,
501 	.poll		= hung_up_tty_poll,
502 	.unlocked_ioctl	= hung_up_tty_ioctl,
503 	.compat_ioctl	= hung_up_tty_compat_ioctl,
504 	.release	= tty_release,
505 };
506 
507 static DEFINE_SPINLOCK(redirect_lock);
508 static struct file *redirect;
509 
510 /**
511  *	tty_wakeup	-	request more data
512  *	@tty: terminal
513  *
514  *	Internal and external helper for wakeups of tty. This function
515  *	informs the line discipline if present that the driver is ready
516  *	to receive more output data.
517  */
518 
519 void tty_wakeup(struct tty_struct *tty)
520 {
521 	struct tty_ldisc *ld;
522 
523 	if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
524 		ld = tty_ldisc_ref(tty);
525 		if (ld) {
526 			if (ld->ops->write_wakeup)
527 				ld->ops->write_wakeup(tty);
528 			tty_ldisc_deref(ld);
529 		}
530 	}
531 	wake_up_interruptible_poll(&tty->write_wait, POLLOUT);
532 }
533 
534 EXPORT_SYMBOL_GPL(tty_wakeup);
535 
536 /**
537  *	__tty_hangup		-	actual handler for hangup events
538  *	@work: tty device
539  *
540  *	This can be called by the "eventd" kernel thread.  That is process
541  *	synchronous but doesn't hold any locks, so we need to make sure we
542  *	have the appropriate locks for what we're doing.
543  *
544  *	The hangup event clears any pending redirections onto the hung up
545  *	device. It ensures future writes will error and it does the needed
546  *	line discipline hangup and signal delivery. The tty object itself
547  *	remains intact.
548  *
549  *	Locking:
550  *		BTM
551  *		  redirect lock for undoing redirection
552  *		  file list lock for manipulating list of ttys
553  *		  tty_ldisc_lock from called functions
554  *		  termios_mutex resetting termios data
555  *		  tasklist_lock to walk task list for hangup event
556  *		    ->siglock to protect ->signal/->sighand
557  */
558 void __tty_hangup(struct tty_struct *tty)
559 {
560 	struct file *cons_filp = NULL;
561 	struct file *filp, *f = NULL;
562 	struct task_struct *p;
563 	struct tty_file_private *priv;
564 	int    closecount = 0, n;
565 	unsigned long flags;
566 	int refs = 0;
567 
568 	if (!tty)
569 		return;
570 
571 
572 	spin_lock(&redirect_lock);
573 	if (redirect && file_tty(redirect) == tty) {
574 		f = redirect;
575 		redirect = NULL;
576 	}
577 	spin_unlock(&redirect_lock);
578 
579 	tty_lock(tty);
580 
581 	/* some functions below drop BTM, so we need this bit */
582 	set_bit(TTY_HUPPING, &tty->flags);
583 
584 	/* inuse_filps is protected by the single tty lock,
585 	   this really needs to change if we want to flush the
586 	   workqueue with the lock held */
587 	check_tty_count(tty, "tty_hangup");
588 
589 	spin_lock(&tty_files_lock);
590 	/* This breaks for file handles being sent over AF_UNIX sockets ? */
591 	list_for_each_entry(priv, &tty->tty_files, list) {
592 		filp = priv->file;
593 		if (filp->f_op->write == redirected_tty_write)
594 			cons_filp = filp;
595 		if (filp->f_op->write != tty_write)
596 			continue;
597 		closecount++;
598 		__tty_fasync(-1, filp, 0);	/* can't block */
599 		filp->f_op = &hung_up_tty_fops;
600 	}
601 	spin_unlock(&tty_files_lock);
602 
603 	/*
604 	 * it drops BTM and thus races with reopen
605 	 * we protect the race by TTY_HUPPING
606 	 */
607 	tty_ldisc_hangup(tty);
608 
609 	read_lock(&tasklist_lock);
610 	if (tty->session) {
611 		do_each_pid_task(tty->session, PIDTYPE_SID, p) {
612 			spin_lock_irq(&p->sighand->siglock);
613 			if (p->signal->tty == tty) {
614 				p->signal->tty = NULL;
615 				/* We defer the dereferences outside fo
616 				   the tasklist lock */
617 				refs++;
618 			}
619 			if (!p->signal->leader) {
620 				spin_unlock_irq(&p->sighand->siglock);
621 				continue;
622 			}
623 			__group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
624 			__group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
625 			put_pid(p->signal->tty_old_pgrp);  /* A noop */
626 			spin_lock_irqsave(&tty->ctrl_lock, flags);
627 			if (tty->pgrp)
628 				p->signal->tty_old_pgrp = get_pid(tty->pgrp);
629 			spin_unlock_irqrestore(&tty->ctrl_lock, flags);
630 			spin_unlock_irq(&p->sighand->siglock);
631 		} while_each_pid_task(tty->session, PIDTYPE_SID, p);
632 	}
633 	read_unlock(&tasklist_lock);
634 
635 	spin_lock_irqsave(&tty->ctrl_lock, flags);
636 	clear_bit(TTY_THROTTLED, &tty->flags);
637 	clear_bit(TTY_PUSH, &tty->flags);
638 	clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
639 	put_pid(tty->session);
640 	put_pid(tty->pgrp);
641 	tty->session = NULL;
642 	tty->pgrp = NULL;
643 	tty->ctrl_status = 0;
644 	spin_unlock_irqrestore(&tty->ctrl_lock, flags);
645 
646 	/* Account for the p->signal references we killed */
647 	while (refs--)
648 		tty_kref_put(tty);
649 
650 	/*
651 	 * If one of the devices matches a console pointer, we
652 	 * cannot just call hangup() because that will cause
653 	 * tty->count and state->count to go out of sync.
654 	 * So we just call close() the right number of times.
655 	 */
656 	if (cons_filp) {
657 		if (tty->ops->close)
658 			for (n = 0; n < closecount; n++)
659 				tty->ops->close(tty, cons_filp);
660 	} else if (tty->ops->hangup)
661 		(tty->ops->hangup)(tty);
662 	/*
663 	 * We don't want to have driver/ldisc interactions beyond
664 	 * the ones we did here. The driver layer expects no
665 	 * calls after ->hangup() from the ldisc side. However we
666 	 * can't yet guarantee all that.
667 	 */
668 	set_bit(TTY_HUPPED, &tty->flags);
669 	clear_bit(TTY_HUPPING, &tty->flags);
670 	tty_ldisc_enable(tty);
671 
672 	tty_unlock(tty);
673 
674 	if (f)
675 		fput(f);
676 }
677 
678 static void do_tty_hangup(struct work_struct *work)
679 {
680 	struct tty_struct *tty =
681 		container_of(work, struct tty_struct, hangup_work);
682 
683 	__tty_hangup(tty);
684 }
685 
686 /**
687  *	tty_hangup		-	trigger a hangup event
688  *	@tty: tty to hangup
689  *
690  *	A carrier loss (virtual or otherwise) has occurred on this like
691  *	schedule a hangup sequence to run after this event.
692  */
693 
694 void tty_hangup(struct tty_struct *tty)
695 {
696 #ifdef TTY_DEBUG_HANGUP
697 	char	buf[64];
698 	printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
699 #endif
700 	schedule_work(&tty->hangup_work);
701 }
702 
703 EXPORT_SYMBOL(tty_hangup);
704 
705 /**
706  *	tty_vhangup		-	process vhangup
707  *	@tty: tty to hangup
708  *
709  *	The user has asked via system call for the terminal to be hung up.
710  *	We do this synchronously so that when the syscall returns the process
711  *	is complete. That guarantee is necessary for security reasons.
712  */
713 
714 void tty_vhangup(struct tty_struct *tty)
715 {
716 #ifdef TTY_DEBUG_HANGUP
717 	char	buf[64];
718 
719 	printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
720 #endif
721 	__tty_hangup(tty);
722 }
723 
724 EXPORT_SYMBOL(tty_vhangup);
725 
726 
727 /**
728  *	tty_vhangup_self	-	process vhangup for own ctty
729  *
730  *	Perform a vhangup on the current controlling tty
731  */
732 
733 void tty_vhangup_self(void)
734 {
735 	struct tty_struct *tty;
736 
737 	tty = get_current_tty();
738 	if (tty) {
739 		tty_vhangup(tty);
740 		tty_kref_put(tty);
741 	}
742 }
743 
744 /**
745  *	tty_hung_up_p		-	was tty hung up
746  *	@filp: file pointer of tty
747  *
748  *	Return true if the tty has been subject to a vhangup or a carrier
749  *	loss
750  */
751 
752 int tty_hung_up_p(struct file *filp)
753 {
754 	return (filp->f_op == &hung_up_tty_fops);
755 }
756 
757 EXPORT_SYMBOL(tty_hung_up_p);
758 
759 static void session_clear_tty(struct pid *session)
760 {
761 	struct task_struct *p;
762 	do_each_pid_task(session, PIDTYPE_SID, p) {
763 		proc_clear_tty(p);
764 	} while_each_pid_task(session, PIDTYPE_SID, p);
765 }
766 
767 /**
768  *	disassociate_ctty	-	disconnect controlling tty
769  *	@on_exit: true if exiting so need to "hang up" the session
770  *
771  *	This function is typically called only by the session leader, when
772  *	it wants to disassociate itself from its controlling tty.
773  *
774  *	It performs the following functions:
775  * 	(1)  Sends a SIGHUP and SIGCONT to the foreground process group
776  * 	(2)  Clears the tty from being controlling the session
777  * 	(3)  Clears the controlling tty for all processes in the
778  * 		session group.
779  *
780  *	The argument on_exit is set to 1 if called when a process is
781  *	exiting; it is 0 if called by the ioctl TIOCNOTTY.
782  *
783  *	Locking:
784  *		BTM is taken for hysterical raisins, and held when
785  *		  called from no_tty().
786  *		  tty_mutex is taken to protect tty
787  *		  ->siglock is taken to protect ->signal/->sighand
788  *		  tasklist_lock is taken to walk process list for sessions
789  *		    ->siglock is taken to protect ->signal/->sighand
790  */
791 
792 void disassociate_ctty(int on_exit)
793 {
794 	struct tty_struct *tty;
795 
796 	if (!current->signal->leader)
797 		return;
798 
799 	tty = get_current_tty();
800 	if (tty) {
801 		struct pid *tty_pgrp = get_pid(tty->pgrp);
802 		if (on_exit) {
803 			if (tty->driver->type != TTY_DRIVER_TYPE_PTY)
804 				tty_vhangup(tty);
805 		}
806 		tty_kref_put(tty);
807 		if (tty_pgrp) {
808 			kill_pgrp(tty_pgrp, SIGHUP, on_exit);
809 			if (!on_exit)
810 				kill_pgrp(tty_pgrp, SIGCONT, on_exit);
811 			put_pid(tty_pgrp);
812 		}
813 	} else if (on_exit) {
814 		struct pid *old_pgrp;
815 		spin_lock_irq(&current->sighand->siglock);
816 		old_pgrp = current->signal->tty_old_pgrp;
817 		current->signal->tty_old_pgrp = NULL;
818 		spin_unlock_irq(&current->sighand->siglock);
819 		if (old_pgrp) {
820 			kill_pgrp(old_pgrp, SIGHUP, on_exit);
821 			kill_pgrp(old_pgrp, SIGCONT, on_exit);
822 			put_pid(old_pgrp);
823 		}
824 		return;
825 	}
826 
827 	spin_lock_irq(&current->sighand->siglock);
828 	put_pid(current->signal->tty_old_pgrp);
829 	current->signal->tty_old_pgrp = NULL;
830 	spin_unlock_irq(&current->sighand->siglock);
831 
832 	tty = get_current_tty();
833 	if (tty) {
834 		unsigned long flags;
835 		spin_lock_irqsave(&tty->ctrl_lock, flags);
836 		put_pid(tty->session);
837 		put_pid(tty->pgrp);
838 		tty->session = NULL;
839 		tty->pgrp = NULL;
840 		spin_unlock_irqrestore(&tty->ctrl_lock, flags);
841 		tty_kref_put(tty);
842 	} else {
843 #ifdef TTY_DEBUG_HANGUP
844 		printk(KERN_DEBUG "error attempted to write to tty [0x%p]"
845 		       " = NULL", tty);
846 #endif
847 	}
848 
849 	/* Now clear signal->tty under the lock */
850 	read_lock(&tasklist_lock);
851 	session_clear_tty(task_session(current));
852 	read_unlock(&tasklist_lock);
853 }
854 
855 /**
856  *
857  *	no_tty	- Ensure the current process does not have a controlling tty
858  */
859 void no_tty(void)
860 {
861 	/* FIXME: Review locking here. The tty_lock never covered any race
862 	   between a new association and proc_clear_tty but possible we need
863 	   to protect against this anyway */
864 	struct task_struct *tsk = current;
865 	disassociate_ctty(0);
866 	proc_clear_tty(tsk);
867 }
868 
869 
870 /**
871  *	stop_tty	-	propagate flow control
872  *	@tty: tty to stop
873  *
874  *	Perform flow control to the driver. For PTY/TTY pairs we
875  *	must also propagate the TIOCKPKT status. May be called
876  *	on an already stopped device and will not re-call the driver
877  *	method.
878  *
879  *	This functionality is used by both the line disciplines for
880  *	halting incoming flow and by the driver. It may therefore be
881  *	called from any context, may be under the tty atomic_write_lock
882  *	but not always.
883  *
884  *	Locking:
885  *		Uses the tty control lock internally
886  */
887 
888 void stop_tty(struct tty_struct *tty)
889 {
890 	unsigned long flags;
891 	spin_lock_irqsave(&tty->ctrl_lock, flags);
892 	if (tty->stopped) {
893 		spin_unlock_irqrestore(&tty->ctrl_lock, flags);
894 		return;
895 	}
896 	tty->stopped = 1;
897 	if (tty->link && tty->link->packet) {
898 		tty->ctrl_status &= ~TIOCPKT_START;
899 		tty->ctrl_status |= TIOCPKT_STOP;
900 		wake_up_interruptible_poll(&tty->link->read_wait, POLLIN);
901 	}
902 	spin_unlock_irqrestore(&tty->ctrl_lock, flags);
903 	if (tty->ops->stop)
904 		(tty->ops->stop)(tty);
905 }
906 
907 EXPORT_SYMBOL(stop_tty);
908 
909 /**
910  *	start_tty	-	propagate flow control
911  *	@tty: tty to start
912  *
913  *	Start a tty that has been stopped if at all possible. Perform
914  *	any necessary wakeups and propagate the TIOCPKT status. If this
915  *	is the tty was previous stopped and is being started then the
916  *	driver start method is invoked and the line discipline woken.
917  *
918  *	Locking:
919  *		ctrl_lock
920  */
921 
922 void start_tty(struct tty_struct *tty)
923 {
924 	unsigned long flags;
925 	spin_lock_irqsave(&tty->ctrl_lock, flags);
926 	if (!tty->stopped || tty->flow_stopped) {
927 		spin_unlock_irqrestore(&tty->ctrl_lock, flags);
928 		return;
929 	}
930 	tty->stopped = 0;
931 	if (tty->link && tty->link->packet) {
932 		tty->ctrl_status &= ~TIOCPKT_STOP;
933 		tty->ctrl_status |= TIOCPKT_START;
934 		wake_up_interruptible_poll(&tty->link->read_wait, POLLIN);
935 	}
936 	spin_unlock_irqrestore(&tty->ctrl_lock, flags);
937 	if (tty->ops->start)
938 		(tty->ops->start)(tty);
939 	/* If we have a running line discipline it may need kicking */
940 	tty_wakeup(tty);
941 }
942 
943 EXPORT_SYMBOL(start_tty);
944 
945 /**
946  *	tty_read	-	read method for tty device files
947  *	@file: pointer to tty file
948  *	@buf: user buffer
949  *	@count: size of user buffer
950  *	@ppos: unused
951  *
952  *	Perform the read system call function on this terminal device. Checks
953  *	for hung up devices before calling the line discipline method.
954  *
955  *	Locking:
956  *		Locks the line discipline internally while needed. Multiple
957  *	read calls may be outstanding in parallel.
958  */
959 
960 static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
961 			loff_t *ppos)
962 {
963 	int i;
964 	struct inode *inode = file->f_path.dentry->d_inode;
965 	struct tty_struct *tty = file_tty(file);
966 	struct tty_ldisc *ld;
967 
968 	if (tty_paranoia_check(tty, inode, "tty_read"))
969 		return -EIO;
970 	if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
971 		return -EIO;
972 
973 	/* We want to wait for the line discipline to sort out in this
974 	   situation */
975 	ld = tty_ldisc_ref_wait(tty);
976 	if (ld->ops->read)
977 		i = (ld->ops->read)(tty, file, buf, count);
978 	else
979 		i = -EIO;
980 	tty_ldisc_deref(ld);
981 	if (i > 0)
982 		inode->i_atime = current_fs_time(inode->i_sb);
983 	return i;
984 }
985 
986 void tty_write_unlock(struct tty_struct *tty)
987 	__releases(&tty->atomic_write_lock)
988 {
989 	mutex_unlock(&tty->atomic_write_lock);
990 	wake_up_interruptible_poll(&tty->write_wait, POLLOUT);
991 }
992 
993 int tty_write_lock(struct tty_struct *tty, int ndelay)
994 	__acquires(&tty->atomic_write_lock)
995 {
996 	if (!mutex_trylock(&tty->atomic_write_lock)) {
997 		if (ndelay)
998 			return -EAGAIN;
999 		if (mutex_lock_interruptible(&tty->atomic_write_lock))
1000 			return -ERESTARTSYS;
1001 	}
1002 	return 0;
1003 }
1004 
1005 /*
1006  * Split writes up in sane blocksizes to avoid
1007  * denial-of-service type attacks
1008  */
1009 static inline ssize_t do_tty_write(
1010 	ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1011 	struct tty_struct *tty,
1012 	struct file *file,
1013 	const char __user *buf,
1014 	size_t count)
1015 {
1016 	ssize_t ret, written = 0;
1017 	unsigned int chunk;
1018 
1019 	ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
1020 	if (ret < 0)
1021 		return ret;
1022 
1023 	/*
1024 	 * We chunk up writes into a temporary buffer. This
1025 	 * simplifies low-level drivers immensely, since they
1026 	 * don't have locking issues and user mode accesses.
1027 	 *
1028 	 * But if TTY_NO_WRITE_SPLIT is set, we should use a
1029 	 * big chunk-size..
1030 	 *
1031 	 * The default chunk-size is 2kB, because the NTTY
1032 	 * layer has problems with bigger chunks. It will
1033 	 * claim to be able to handle more characters than
1034 	 * it actually does.
1035 	 *
1036 	 * FIXME: This can probably go away now except that 64K chunks
1037 	 * are too likely to fail unless switched to vmalloc...
1038 	 */
1039 	chunk = 2048;
1040 	if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1041 		chunk = 65536;
1042 	if (count < chunk)
1043 		chunk = count;
1044 
1045 	/* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1046 	if (tty->write_cnt < chunk) {
1047 		unsigned char *buf_chunk;
1048 
1049 		if (chunk < 1024)
1050 			chunk = 1024;
1051 
1052 		buf_chunk = kmalloc(chunk, GFP_KERNEL);
1053 		if (!buf_chunk) {
1054 			ret = -ENOMEM;
1055 			goto out;
1056 		}
1057 		kfree(tty->write_buf);
1058 		tty->write_cnt = chunk;
1059 		tty->write_buf = buf_chunk;
1060 	}
1061 
1062 	/* Do the write .. */
1063 	for (;;) {
1064 		size_t size = count;
1065 		if (size > chunk)
1066 			size = chunk;
1067 		ret = -EFAULT;
1068 		if (copy_from_user(tty->write_buf, buf, size))
1069 			break;
1070 		ret = write(tty, file, tty->write_buf, size);
1071 		if (ret <= 0)
1072 			break;
1073 		written += ret;
1074 		buf += ret;
1075 		count -= ret;
1076 		if (!count)
1077 			break;
1078 		ret = -ERESTARTSYS;
1079 		if (signal_pending(current))
1080 			break;
1081 		cond_resched();
1082 	}
1083 	if (written) {
1084 		struct inode *inode = file->f_path.dentry->d_inode;
1085 		inode->i_mtime = current_fs_time(inode->i_sb);
1086 		ret = written;
1087 	}
1088 out:
1089 	tty_write_unlock(tty);
1090 	return ret;
1091 }
1092 
1093 /**
1094  * tty_write_message - write a message to a certain tty, not just the console.
1095  * @tty: the destination tty_struct
1096  * @msg: the message to write
1097  *
1098  * This is used for messages that need to be redirected to a specific tty.
1099  * We don't put it into the syslog queue right now maybe in the future if
1100  * really needed.
1101  *
1102  * We must still hold the BTM and test the CLOSING flag for the moment.
1103  */
1104 
1105 void tty_write_message(struct tty_struct *tty, char *msg)
1106 {
1107 	if (tty) {
1108 		mutex_lock(&tty->atomic_write_lock);
1109 		tty_lock(tty);
1110 		if (tty->ops->write && !test_bit(TTY_CLOSING, &tty->flags)) {
1111 			tty_unlock(tty);
1112 			tty->ops->write(tty, msg, strlen(msg));
1113 		} else
1114 			tty_unlock(tty);
1115 		tty_write_unlock(tty);
1116 	}
1117 	return;
1118 }
1119 
1120 
1121 /**
1122  *	tty_write		-	write method for tty device file
1123  *	@file: tty file pointer
1124  *	@buf: user data to write
1125  *	@count: bytes to write
1126  *	@ppos: unused
1127  *
1128  *	Write data to a tty device via the line discipline.
1129  *
1130  *	Locking:
1131  *		Locks the line discipline as required
1132  *		Writes to the tty driver are serialized by the atomic_write_lock
1133  *	and are then processed in chunks to the device. The line discipline
1134  *	write method will not be invoked in parallel for each device.
1135  */
1136 
1137 static ssize_t tty_write(struct file *file, const char __user *buf,
1138 						size_t count, loff_t *ppos)
1139 {
1140 	struct inode *inode = file->f_path.dentry->d_inode;
1141 	struct tty_struct *tty = file_tty(file);
1142  	struct tty_ldisc *ld;
1143 	ssize_t ret;
1144 
1145 	if (tty_paranoia_check(tty, inode, "tty_write"))
1146 		return -EIO;
1147 	if (!tty || !tty->ops->write ||
1148 		(test_bit(TTY_IO_ERROR, &tty->flags)))
1149 			return -EIO;
1150 	/* Short term debug to catch buggy drivers */
1151 	if (tty->ops->write_room == NULL)
1152 		printk(KERN_ERR "tty driver %s lacks a write_room method.\n",
1153 			tty->driver->name);
1154 	ld = tty_ldisc_ref_wait(tty);
1155 	if (!ld->ops->write)
1156 		ret = -EIO;
1157 	else
1158 		ret = do_tty_write(ld->ops->write, tty, file, buf, count);
1159 	tty_ldisc_deref(ld);
1160 	return ret;
1161 }
1162 
1163 ssize_t redirected_tty_write(struct file *file, const char __user *buf,
1164 						size_t count, loff_t *ppos)
1165 {
1166 	struct file *p = NULL;
1167 
1168 	spin_lock(&redirect_lock);
1169 	if (redirect)
1170 		p = get_file(redirect);
1171 	spin_unlock(&redirect_lock);
1172 
1173 	if (p) {
1174 		ssize_t res;
1175 		res = vfs_write(p, buf, count, &p->f_pos);
1176 		fput(p);
1177 		return res;
1178 	}
1179 	return tty_write(file, buf, count, ppos);
1180 }
1181 
1182 static char ptychar[] = "pqrstuvwxyzabcde";
1183 
1184 /**
1185  *	pty_line_name	-	generate name for a pty
1186  *	@driver: the tty driver in use
1187  *	@index: the minor number
1188  *	@p: output buffer of at least 6 bytes
1189  *
1190  *	Generate a name from a driver reference and write it to the output
1191  *	buffer.
1192  *
1193  *	Locking: None
1194  */
1195 static void pty_line_name(struct tty_driver *driver, int index, char *p)
1196 {
1197 	int i = index + driver->name_base;
1198 	/* ->name is initialized to "ttyp", but "tty" is expected */
1199 	sprintf(p, "%s%c%x",
1200 		driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1201 		ptychar[i >> 4 & 0xf], i & 0xf);
1202 }
1203 
1204 /**
1205  *	tty_line_name	-	generate name for a tty
1206  *	@driver: the tty driver in use
1207  *	@index: the minor number
1208  *	@p: output buffer of at least 7 bytes
1209  *
1210  *	Generate a name from a driver reference and write it to the output
1211  *	buffer.
1212  *
1213  *	Locking: None
1214  */
1215 static void tty_line_name(struct tty_driver *driver, int index, char *p)
1216 {
1217 	if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE)
1218 		strcpy(p, driver->name);
1219 	else
1220 		sprintf(p, "%s%d", driver->name, index + driver->name_base);
1221 }
1222 
1223 /**
1224  *	tty_driver_lookup_tty() - find an existing tty, if any
1225  *	@driver: the driver for the tty
1226  *	@idx:	 the minor number
1227  *
1228  *	Return the tty, if found or ERR_PTR() otherwise.
1229  *
1230  *	Locking: tty_mutex must be held. If tty is found, the mutex must
1231  *	be held until the 'fast-open' is also done. Will change once we
1232  *	have refcounting in the driver and per driver locking
1233  */
1234 static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver,
1235 		struct inode *inode, int idx)
1236 {
1237 	if (driver->ops->lookup)
1238 		return driver->ops->lookup(driver, inode, idx);
1239 
1240 	return driver->ttys[idx];
1241 }
1242 
1243 /**
1244  *	tty_init_termios	-  helper for termios setup
1245  *	@tty: the tty to set up
1246  *
1247  *	Initialise the termios structures for this tty. Thus runs under
1248  *	the tty_mutex currently so we can be relaxed about ordering.
1249  */
1250 
1251 int tty_init_termios(struct tty_struct *tty)
1252 {
1253 	struct ktermios *tp;
1254 	int idx = tty->index;
1255 
1256 	if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1257 		tty->termios = tty->driver->init_termios;
1258 	else {
1259 		/* Check for lazy saved data */
1260 		tp = tty->driver->termios[idx];
1261 		if (tp != NULL)
1262 			tty->termios = *tp;
1263 		else
1264 			tty->termios = tty->driver->init_termios;
1265 	}
1266 	/* Compatibility until drivers always set this */
1267 	tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios);
1268 	tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios);
1269 	return 0;
1270 }
1271 EXPORT_SYMBOL_GPL(tty_init_termios);
1272 
1273 int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty)
1274 {
1275 	int ret = tty_init_termios(tty);
1276 	if (ret)
1277 		return ret;
1278 
1279 	tty_driver_kref_get(driver);
1280 	tty->count++;
1281 	driver->ttys[tty->index] = tty;
1282 	return 0;
1283 }
1284 EXPORT_SYMBOL_GPL(tty_standard_install);
1285 
1286 /**
1287  *	tty_driver_install_tty() - install a tty entry in the driver
1288  *	@driver: the driver for the tty
1289  *	@tty: the tty
1290  *
1291  *	Install a tty object into the driver tables. The tty->index field
1292  *	will be set by the time this is called. This method is responsible
1293  *	for ensuring any need additional structures are allocated and
1294  *	configured.
1295  *
1296  *	Locking: tty_mutex for now
1297  */
1298 static int tty_driver_install_tty(struct tty_driver *driver,
1299 						struct tty_struct *tty)
1300 {
1301 	return driver->ops->install ? driver->ops->install(driver, tty) :
1302 		tty_standard_install(driver, tty);
1303 }
1304 
1305 /**
1306  *	tty_driver_remove_tty() - remove a tty from the driver tables
1307  *	@driver: the driver for the tty
1308  *	@idx:	 the minor number
1309  *
1310  *	Remvoe a tty object from the driver tables. The tty->index field
1311  *	will be set by the time this is called.
1312  *
1313  *	Locking: tty_mutex for now
1314  */
1315 void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty)
1316 {
1317 	if (driver->ops->remove)
1318 		driver->ops->remove(driver, tty);
1319 	else
1320 		driver->ttys[tty->index] = NULL;
1321 }
1322 
1323 /*
1324  * 	tty_reopen()	- fast re-open of an open tty
1325  * 	@tty	- the tty to open
1326  *
1327  *	Return 0 on success, -errno on error.
1328  *
1329  *	Locking: tty_mutex must be held from the time the tty was found
1330  *		 till this open completes.
1331  */
1332 static int tty_reopen(struct tty_struct *tty)
1333 {
1334 	struct tty_driver *driver = tty->driver;
1335 
1336 	if (test_bit(TTY_CLOSING, &tty->flags) ||
1337 			test_bit(TTY_HUPPING, &tty->flags) ||
1338 			test_bit(TTY_LDISC_CHANGING, &tty->flags))
1339 		return -EIO;
1340 
1341 	if (driver->type == TTY_DRIVER_TYPE_PTY &&
1342 	    driver->subtype == PTY_TYPE_MASTER) {
1343 		/*
1344 		 * special case for PTY masters: only one open permitted,
1345 		 * and the slave side open count is incremented as well.
1346 		 */
1347 		if (tty->count)
1348 			return -EIO;
1349 
1350 		tty->link->count++;
1351 	}
1352 	tty->count++;
1353 
1354 	mutex_lock(&tty->ldisc_mutex);
1355 	WARN_ON(!test_bit(TTY_LDISC, &tty->flags));
1356 	mutex_unlock(&tty->ldisc_mutex);
1357 
1358 	return 0;
1359 }
1360 
1361 /**
1362  *	tty_init_dev		-	initialise a tty device
1363  *	@driver: tty driver we are opening a device on
1364  *	@idx: device index
1365  *	@ret_tty: returned tty structure
1366  *
1367  *	Prepare a tty device. This may not be a "new" clean device but
1368  *	could also be an active device. The pty drivers require special
1369  *	handling because of this.
1370  *
1371  *	Locking:
1372  *		The function is called under the tty_mutex, which
1373  *	protects us from the tty struct or driver itself going away.
1374  *
1375  *	On exit the tty device has the line discipline attached and
1376  *	a reference count of 1. If a pair was created for pty/tty use
1377  *	and the other was a pty master then it too has a reference count of 1.
1378  *
1379  * WSH 06/09/97: Rewritten to remove races and properly clean up after a
1380  * failed open.  The new code protects the open with a mutex, so it's
1381  * really quite straightforward.  The mutex locking can probably be
1382  * relaxed for the (most common) case of reopening a tty.
1383  */
1384 
1385 struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx)
1386 {
1387 	struct tty_struct *tty;
1388 	int retval;
1389 
1390 	/*
1391 	 * First time open is complex, especially for PTY devices.
1392 	 * This code guarantees that either everything succeeds and the
1393 	 * TTY is ready for operation, or else the table slots are vacated
1394 	 * and the allocated memory released.  (Except that the termios
1395 	 * and locked termios may be retained.)
1396 	 */
1397 
1398 	if (!try_module_get(driver->owner))
1399 		return ERR_PTR(-ENODEV);
1400 
1401 	tty = alloc_tty_struct();
1402 	if (!tty) {
1403 		retval = -ENOMEM;
1404 		goto err_module_put;
1405 	}
1406 	initialize_tty_struct(tty, driver, idx);
1407 
1408 	tty_lock(tty);
1409 	retval = tty_driver_install_tty(driver, tty);
1410 	if (retval < 0)
1411 		goto err_deinit_tty;
1412 
1413 	if (!tty->port)
1414 		tty->port = driver->ports[idx];
1415 
1416 	WARN_RATELIMIT(!tty->port,
1417 			"%s: %s driver does not set tty->port. This will crash the kernel later. Fix the driver!\n",
1418 			__func__, tty->driver->name);
1419 
1420 	/*
1421 	 * Structures all installed ... call the ldisc open routines.
1422 	 * If we fail here just call release_tty to clean up.  No need
1423 	 * to decrement the use counts, as release_tty doesn't care.
1424 	 */
1425 	retval = tty_ldisc_setup(tty, tty->link);
1426 	if (retval)
1427 		goto err_release_tty;
1428 	/* Return the tty locked so that it cannot vanish under the caller */
1429 	return tty;
1430 
1431 err_deinit_tty:
1432 	tty_unlock(tty);
1433 	deinitialize_tty_struct(tty);
1434 	free_tty_struct(tty);
1435 err_module_put:
1436 	module_put(driver->owner);
1437 	return ERR_PTR(retval);
1438 
1439 	/* call the tty release_tty routine to clean out this slot */
1440 err_release_tty:
1441 	tty_unlock(tty);
1442 	printk_ratelimited(KERN_INFO "tty_init_dev: ldisc open failed, "
1443 				 "clearing slot %d\n", idx);
1444 	release_tty(tty, idx);
1445 	return ERR_PTR(retval);
1446 }
1447 
1448 void tty_free_termios(struct tty_struct *tty)
1449 {
1450 	struct ktermios *tp;
1451 	int idx = tty->index;
1452 
1453 	/* If the port is going to reset then it has no termios to save */
1454 	if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1455 		return;
1456 
1457 	/* Stash the termios data */
1458 	tp = tty->driver->termios[idx];
1459 	if (tp == NULL) {
1460 		tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
1461 		if (tp == NULL) {
1462 			pr_warn("tty: no memory to save termios state.\n");
1463 			return;
1464 		}
1465 		tty->driver->termios[idx] = tp;
1466 	}
1467 	*tp = tty->termios;
1468 }
1469 EXPORT_SYMBOL(tty_free_termios);
1470 
1471 
1472 /**
1473  *	release_one_tty		-	release tty structure memory
1474  *	@kref: kref of tty we are obliterating
1475  *
1476  *	Releases memory associated with a tty structure, and clears out the
1477  *	driver table slots. This function is called when a device is no longer
1478  *	in use. It also gets called when setup of a device fails.
1479  *
1480  *	Locking:
1481  *		takes the file list lock internally when working on the list
1482  *	of ttys that the driver keeps.
1483  *
1484  *	This method gets called from a work queue so that the driver private
1485  *	cleanup ops can sleep (needed for USB at least)
1486  */
1487 static void release_one_tty(struct work_struct *work)
1488 {
1489 	struct tty_struct *tty =
1490 		container_of(work, struct tty_struct, hangup_work);
1491 	struct tty_driver *driver = tty->driver;
1492 
1493 	if (tty->ops->cleanup)
1494 		tty->ops->cleanup(tty);
1495 
1496 	tty->magic = 0;
1497 	tty_driver_kref_put(driver);
1498 	module_put(driver->owner);
1499 
1500 	spin_lock(&tty_files_lock);
1501 	list_del_init(&tty->tty_files);
1502 	spin_unlock(&tty_files_lock);
1503 
1504 	put_pid(tty->pgrp);
1505 	put_pid(tty->session);
1506 	free_tty_struct(tty);
1507 }
1508 
1509 static void queue_release_one_tty(struct kref *kref)
1510 {
1511 	struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
1512 
1513 	/* The hangup queue is now free so we can reuse it rather than
1514 	   waste a chunk of memory for each port */
1515 	INIT_WORK(&tty->hangup_work, release_one_tty);
1516 	schedule_work(&tty->hangup_work);
1517 }
1518 
1519 /**
1520  *	tty_kref_put		-	release a tty kref
1521  *	@tty: tty device
1522  *
1523  *	Release a reference to a tty device and if need be let the kref
1524  *	layer destruct the object for us
1525  */
1526 
1527 void tty_kref_put(struct tty_struct *tty)
1528 {
1529 	if (tty)
1530 		kref_put(&tty->kref, queue_release_one_tty);
1531 }
1532 EXPORT_SYMBOL(tty_kref_put);
1533 
1534 /**
1535  *	release_tty		-	release tty structure memory
1536  *
1537  *	Release both @tty and a possible linked partner (think pty pair),
1538  *	and decrement the refcount of the backing module.
1539  *
1540  *	Locking:
1541  *		tty_mutex
1542  *		takes the file list lock internally when working on the list
1543  *	of ttys that the driver keeps.
1544  *
1545  */
1546 static void release_tty(struct tty_struct *tty, int idx)
1547 {
1548 	/* This should always be true but check for the moment */
1549 	WARN_ON(tty->index != idx);
1550 	WARN_ON(!mutex_is_locked(&tty_mutex));
1551 	if (tty->ops->shutdown)
1552 		tty->ops->shutdown(tty);
1553 	tty_free_termios(tty);
1554 	tty_driver_remove_tty(tty->driver, tty);
1555 
1556 	if (tty->link)
1557 		tty_kref_put(tty->link);
1558 	tty_kref_put(tty);
1559 }
1560 
1561 /**
1562  *	tty_release_checks - check a tty before real release
1563  *	@tty: tty to check
1564  *	@o_tty: link of @tty (if any)
1565  *	@idx: index of the tty
1566  *
1567  *	Performs some paranoid checking before true release of the @tty.
1568  *	This is a no-op unless TTY_PARANOIA_CHECK is defined.
1569  */
1570 static int tty_release_checks(struct tty_struct *tty, struct tty_struct *o_tty,
1571 		int idx)
1572 {
1573 #ifdef TTY_PARANOIA_CHECK
1574 	if (idx < 0 || idx >= tty->driver->num) {
1575 		printk(KERN_DEBUG "%s: bad idx when trying to free (%s)\n",
1576 				__func__, tty->name);
1577 		return -1;
1578 	}
1579 
1580 	/* not much to check for devpts */
1581 	if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)
1582 		return 0;
1583 
1584 	if (tty != tty->driver->ttys[idx]) {
1585 		printk(KERN_DEBUG "%s: driver.table[%d] not tty for (%s)\n",
1586 				__func__, idx, tty->name);
1587 		return -1;
1588 	}
1589 	if (tty->driver->other) {
1590 		if (o_tty != tty->driver->other->ttys[idx]) {
1591 			printk(KERN_DEBUG "%s: other->table[%d] not o_tty for (%s)\n",
1592 					__func__, idx, tty->name);
1593 			return -1;
1594 		}
1595 		if (o_tty->link != tty) {
1596 			printk(KERN_DEBUG "%s: bad pty pointers\n", __func__);
1597 			return -1;
1598 		}
1599 	}
1600 #endif
1601 	return 0;
1602 }
1603 
1604 /**
1605  *	tty_release		-	vfs callback for close
1606  *	@inode: inode of tty
1607  *	@filp: file pointer for handle to tty
1608  *
1609  *	Called the last time each file handle is closed that references
1610  *	this tty. There may however be several such references.
1611  *
1612  *	Locking:
1613  *		Takes bkl. See tty_release_dev
1614  *
1615  * Even releasing the tty structures is a tricky business.. We have
1616  * to be very careful that the structures are all released at the
1617  * same time, as interrupts might otherwise get the wrong pointers.
1618  *
1619  * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1620  * lead to double frees or releasing memory still in use.
1621  */
1622 
1623 int tty_release(struct inode *inode, struct file *filp)
1624 {
1625 	struct tty_struct *tty = file_tty(filp);
1626 	struct tty_struct *o_tty;
1627 	int	pty_master, tty_closing, o_tty_closing, do_sleep;
1628 	int	devpts;
1629 	int	idx;
1630 	char	buf[64];
1631 
1632 	if (tty_paranoia_check(tty, inode, __func__))
1633 		return 0;
1634 
1635 	tty_lock(tty);
1636 	check_tty_count(tty, __func__);
1637 
1638 	__tty_fasync(-1, filp, 0);
1639 
1640 	idx = tty->index;
1641 	pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1642 		      tty->driver->subtype == PTY_TYPE_MASTER);
1643 	devpts = (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) != 0;
1644 	/* Review: parallel close */
1645 	o_tty = tty->link;
1646 
1647 	if (tty_release_checks(tty, o_tty, idx)) {
1648 		tty_unlock(tty);
1649 		return 0;
1650 	}
1651 
1652 #ifdef TTY_DEBUG_HANGUP
1653 	printk(KERN_DEBUG "%s: %s (tty count=%d)...\n", __func__,
1654 			tty_name(tty, buf), tty->count);
1655 #endif
1656 
1657 	if (tty->ops->close)
1658 		tty->ops->close(tty, filp);
1659 
1660 	tty_unlock(tty);
1661 	/*
1662 	 * Sanity check: if tty->count is going to zero, there shouldn't be
1663 	 * any waiters on tty->read_wait or tty->write_wait.  We test the
1664 	 * wait queues and kick everyone out _before_ actually starting to
1665 	 * close.  This ensures that we won't block while releasing the tty
1666 	 * structure.
1667 	 *
1668 	 * The test for the o_tty closing is necessary, since the master and
1669 	 * slave sides may close in any order.  If the slave side closes out
1670 	 * first, its count will be one, since the master side holds an open.
1671 	 * Thus this test wouldn't be triggered at the time the slave closes,
1672 	 * so we do it now.
1673 	 *
1674 	 * Note that it's possible for the tty to be opened again while we're
1675 	 * flushing out waiters.  By recalculating the closing flags before
1676 	 * each iteration we avoid any problems.
1677 	 */
1678 	while (1) {
1679 		/* Guard against races with tty->count changes elsewhere and
1680 		   opens on /dev/tty */
1681 
1682 		mutex_lock(&tty_mutex);
1683 		tty_lock_pair(tty, o_tty);
1684 		tty_closing = tty->count <= 1;
1685 		o_tty_closing = o_tty &&
1686 			(o_tty->count <= (pty_master ? 1 : 0));
1687 		do_sleep = 0;
1688 
1689 		if (tty_closing) {
1690 			if (waitqueue_active(&tty->read_wait)) {
1691 				wake_up_poll(&tty->read_wait, POLLIN);
1692 				do_sleep++;
1693 			}
1694 			if (waitqueue_active(&tty->write_wait)) {
1695 				wake_up_poll(&tty->write_wait, POLLOUT);
1696 				do_sleep++;
1697 			}
1698 		}
1699 		if (o_tty_closing) {
1700 			if (waitqueue_active(&o_tty->read_wait)) {
1701 				wake_up_poll(&o_tty->read_wait, POLLIN);
1702 				do_sleep++;
1703 			}
1704 			if (waitqueue_active(&o_tty->write_wait)) {
1705 				wake_up_poll(&o_tty->write_wait, POLLOUT);
1706 				do_sleep++;
1707 			}
1708 		}
1709 		if (!do_sleep)
1710 			break;
1711 
1712 		printk(KERN_WARNING "%s: %s: read/write wait queue active!\n",
1713 				__func__, tty_name(tty, buf));
1714 		tty_unlock_pair(tty, o_tty);
1715 		mutex_unlock(&tty_mutex);
1716 		schedule();
1717 	}
1718 
1719 	/*
1720 	 * The closing flags are now consistent with the open counts on
1721 	 * both sides, and we've completed the last operation that could
1722 	 * block, so it's safe to proceed with closing.
1723 	 *
1724 	 * We must *not* drop the tty_mutex until we ensure that a further
1725 	 * entry into tty_open can not pick up this tty.
1726 	 */
1727 	if (pty_master) {
1728 		if (--o_tty->count < 0) {
1729 			printk(KERN_WARNING "%s: bad pty slave count (%d) for %s\n",
1730 				__func__, o_tty->count, tty_name(o_tty, buf));
1731 			o_tty->count = 0;
1732 		}
1733 	}
1734 	if (--tty->count < 0) {
1735 		printk(KERN_WARNING "%s: bad tty->count (%d) for %s\n",
1736 				__func__, tty->count, tty_name(tty, buf));
1737 		tty->count = 0;
1738 	}
1739 
1740 	/*
1741 	 * We've decremented tty->count, so we need to remove this file
1742 	 * descriptor off the tty->tty_files list; this serves two
1743 	 * purposes:
1744 	 *  - check_tty_count sees the correct number of file descriptors
1745 	 *    associated with this tty.
1746 	 *  - do_tty_hangup no longer sees this file descriptor as
1747 	 *    something that needs to be handled for hangups.
1748 	 */
1749 	tty_del_file(filp);
1750 
1751 	/*
1752 	 * Perform some housekeeping before deciding whether to return.
1753 	 *
1754 	 * Set the TTY_CLOSING flag if this was the last open.  In the
1755 	 * case of a pty we may have to wait around for the other side
1756 	 * to close, and TTY_CLOSING makes sure we can't be reopened.
1757 	 */
1758 	if (tty_closing)
1759 		set_bit(TTY_CLOSING, &tty->flags);
1760 	if (o_tty_closing)
1761 		set_bit(TTY_CLOSING, &o_tty->flags);
1762 
1763 	/*
1764 	 * If _either_ side is closing, make sure there aren't any
1765 	 * processes that still think tty or o_tty is their controlling
1766 	 * tty.
1767 	 */
1768 	if (tty_closing || o_tty_closing) {
1769 		read_lock(&tasklist_lock);
1770 		session_clear_tty(tty->session);
1771 		if (o_tty)
1772 			session_clear_tty(o_tty->session);
1773 		read_unlock(&tasklist_lock);
1774 	}
1775 
1776 	mutex_unlock(&tty_mutex);
1777 	tty_unlock_pair(tty, o_tty);
1778 	/* At this point the TTY_CLOSING flag should ensure a dead tty
1779 	   cannot be re-opened by a racing opener */
1780 
1781 	/* check whether both sides are closing ... */
1782 	if (!tty_closing || (o_tty && !o_tty_closing))
1783 		return 0;
1784 
1785 #ifdef TTY_DEBUG_HANGUP
1786 	printk(KERN_DEBUG "%s: freeing tty structure...\n", __func__);
1787 #endif
1788 	/*
1789 	 * Ask the line discipline code to release its structures
1790 	 */
1791 	tty_ldisc_release(tty, o_tty);
1792 	/*
1793 	 * The release_tty function takes care of the details of clearing
1794 	 * the slots and preserving the termios structure. The tty_unlock_pair
1795 	 * should be safe as we keep a kref while the tty is locked (so the
1796 	 * unlock never unlocks a freed tty).
1797 	 */
1798 	mutex_lock(&tty_mutex);
1799 	release_tty(tty, idx);
1800 	mutex_unlock(&tty_mutex);
1801 
1802 	/* Make this pty number available for reallocation */
1803 	if (devpts)
1804 		devpts_kill_index(inode, idx);
1805 	return 0;
1806 }
1807 
1808 /**
1809  *	tty_open_current_tty - get tty of current task for open
1810  *	@device: device number
1811  *	@filp: file pointer to tty
1812  *	@return: tty of the current task iff @device is /dev/tty
1813  *
1814  *	We cannot return driver and index like for the other nodes because
1815  *	devpts will not work then. It expects inodes to be from devpts FS.
1816  *
1817  *	We need to move to returning a refcounted object from all the lookup
1818  *	paths including this one.
1819  */
1820 static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp)
1821 {
1822 	struct tty_struct *tty;
1823 
1824 	if (device != MKDEV(TTYAUX_MAJOR, 0))
1825 		return NULL;
1826 
1827 	tty = get_current_tty();
1828 	if (!tty)
1829 		return ERR_PTR(-ENXIO);
1830 
1831 	filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
1832 	/* noctty = 1; */
1833 	tty_kref_put(tty);
1834 	/* FIXME: we put a reference and return a TTY! */
1835 	/* This is only safe because the caller holds tty_mutex */
1836 	return tty;
1837 }
1838 
1839 /**
1840  *	tty_lookup_driver - lookup a tty driver for a given device file
1841  *	@device: device number
1842  *	@filp: file pointer to tty
1843  *	@noctty: set if the device should not become a controlling tty
1844  *	@index: index for the device in the @return driver
1845  *	@return: driver for this inode (with increased refcount)
1846  *
1847  * 	If @return is not erroneous, the caller is responsible to decrement the
1848  * 	refcount by tty_driver_kref_put.
1849  *
1850  *	Locking: tty_mutex protects get_tty_driver
1851  */
1852 static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp,
1853 		int *noctty, int *index)
1854 {
1855 	struct tty_driver *driver;
1856 
1857 	switch (device) {
1858 #ifdef CONFIG_VT
1859 	case MKDEV(TTY_MAJOR, 0): {
1860 		extern struct tty_driver *console_driver;
1861 		driver = tty_driver_kref_get(console_driver);
1862 		*index = fg_console;
1863 		*noctty = 1;
1864 		break;
1865 	}
1866 #endif
1867 	case MKDEV(TTYAUX_MAJOR, 1): {
1868 		struct tty_driver *console_driver = console_device(index);
1869 		if (console_driver) {
1870 			driver = tty_driver_kref_get(console_driver);
1871 			if (driver) {
1872 				/* Don't let /dev/console block */
1873 				filp->f_flags |= O_NONBLOCK;
1874 				*noctty = 1;
1875 				break;
1876 			}
1877 		}
1878 		return ERR_PTR(-ENODEV);
1879 	}
1880 	default:
1881 		driver = get_tty_driver(device, index);
1882 		if (!driver)
1883 			return ERR_PTR(-ENODEV);
1884 		break;
1885 	}
1886 	return driver;
1887 }
1888 
1889 /**
1890  *	tty_open		-	open a tty device
1891  *	@inode: inode of device file
1892  *	@filp: file pointer to tty
1893  *
1894  *	tty_open and tty_release keep up the tty count that contains the
1895  *	number of opens done on a tty. We cannot use the inode-count, as
1896  *	different inodes might point to the same tty.
1897  *
1898  *	Open-counting is needed for pty masters, as well as for keeping
1899  *	track of serial lines: DTR is dropped when the last close happens.
1900  *	(This is not done solely through tty->count, now.  - Ted 1/27/92)
1901  *
1902  *	The termios state of a pty is reset on first open so that
1903  *	settings don't persist across reuse.
1904  *
1905  *	Locking: tty_mutex protects tty, tty_lookup_driver and tty_init_dev.
1906  *		 tty->count should protect the rest.
1907  *		 ->siglock protects ->signal/->sighand
1908  *
1909  *	Note: the tty_unlock/lock cases without a ref are only safe due to
1910  *	tty_mutex
1911  */
1912 
1913 static int tty_open(struct inode *inode, struct file *filp)
1914 {
1915 	struct tty_struct *tty;
1916 	int noctty, retval;
1917 	struct tty_driver *driver = NULL;
1918 	int index;
1919 	dev_t device = inode->i_rdev;
1920 	unsigned saved_flags = filp->f_flags;
1921 
1922 	nonseekable_open(inode, filp);
1923 
1924 retry_open:
1925 	retval = tty_alloc_file(filp);
1926 	if (retval)
1927 		return -ENOMEM;
1928 
1929 	noctty = filp->f_flags & O_NOCTTY;
1930 	index  = -1;
1931 	retval = 0;
1932 
1933 	mutex_lock(&tty_mutex);
1934 	/* This is protected by the tty_mutex */
1935 	tty = tty_open_current_tty(device, filp);
1936 	if (IS_ERR(tty)) {
1937 		retval = PTR_ERR(tty);
1938 		goto err_unlock;
1939 	} else if (!tty) {
1940 		driver = tty_lookup_driver(device, filp, &noctty, &index);
1941 		if (IS_ERR(driver)) {
1942 			retval = PTR_ERR(driver);
1943 			goto err_unlock;
1944 		}
1945 
1946 		/* check whether we're reopening an existing tty */
1947 		tty = tty_driver_lookup_tty(driver, inode, index);
1948 		if (IS_ERR(tty)) {
1949 			retval = PTR_ERR(tty);
1950 			goto err_unlock;
1951 		}
1952 	}
1953 
1954 	if (tty) {
1955 		tty_lock(tty);
1956 		retval = tty_reopen(tty);
1957 		if (retval < 0) {
1958 			tty_unlock(tty);
1959 			tty = ERR_PTR(retval);
1960 		}
1961 	} else	/* Returns with the tty_lock held for now */
1962 		tty = tty_init_dev(driver, index);
1963 
1964 	mutex_unlock(&tty_mutex);
1965 	if (driver)
1966 		tty_driver_kref_put(driver);
1967 	if (IS_ERR(tty)) {
1968 		retval = PTR_ERR(tty);
1969 		goto err_file;
1970 	}
1971 
1972 	tty_add_file(tty, filp);
1973 
1974 	check_tty_count(tty, __func__);
1975 	if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1976 	    tty->driver->subtype == PTY_TYPE_MASTER)
1977 		noctty = 1;
1978 #ifdef TTY_DEBUG_HANGUP
1979 	printk(KERN_DEBUG "%s: opening %s...\n", __func__, tty->name);
1980 #endif
1981 	if (tty->ops->open)
1982 		retval = tty->ops->open(tty, filp);
1983 	else
1984 		retval = -ENODEV;
1985 	filp->f_flags = saved_flags;
1986 
1987 	if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) &&
1988 						!capable(CAP_SYS_ADMIN))
1989 		retval = -EBUSY;
1990 
1991 	if (retval) {
1992 #ifdef TTY_DEBUG_HANGUP
1993 		printk(KERN_DEBUG "%s: error %d in opening %s...\n", __func__,
1994 				retval, tty->name);
1995 #endif
1996 		tty_unlock(tty); /* need to call tty_release without BTM */
1997 		tty_release(inode, filp);
1998 		if (retval != -ERESTARTSYS)
1999 			return retval;
2000 
2001 		if (signal_pending(current))
2002 			return retval;
2003 
2004 		schedule();
2005 		/*
2006 		 * Need to reset f_op in case a hangup happened.
2007 		 */
2008 		if (filp->f_op == &hung_up_tty_fops)
2009 			filp->f_op = &tty_fops;
2010 		goto retry_open;
2011 	}
2012 	tty_unlock(tty);
2013 
2014 
2015 	mutex_lock(&tty_mutex);
2016 	tty_lock(tty);
2017 	spin_lock_irq(&current->sighand->siglock);
2018 	if (!noctty &&
2019 	    current->signal->leader &&
2020 	    !current->signal->tty &&
2021 	    tty->session == NULL)
2022 		__proc_set_tty(current, tty);
2023 	spin_unlock_irq(&current->sighand->siglock);
2024 	tty_unlock(tty);
2025 	mutex_unlock(&tty_mutex);
2026 	return 0;
2027 err_unlock:
2028 	mutex_unlock(&tty_mutex);
2029 	/* after locks to avoid deadlock */
2030 	if (!IS_ERR_OR_NULL(driver))
2031 		tty_driver_kref_put(driver);
2032 err_file:
2033 	tty_free_file(filp);
2034 	return retval;
2035 }
2036 
2037 
2038 
2039 /**
2040  *	tty_poll	-	check tty status
2041  *	@filp: file being polled
2042  *	@wait: poll wait structures to update
2043  *
2044  *	Call the line discipline polling method to obtain the poll
2045  *	status of the device.
2046  *
2047  *	Locking: locks called line discipline but ldisc poll method
2048  *	may be re-entered freely by other callers.
2049  */
2050 
2051 static unsigned int tty_poll(struct file *filp, poll_table *wait)
2052 {
2053 	struct tty_struct *tty = file_tty(filp);
2054 	struct tty_ldisc *ld;
2055 	int ret = 0;
2056 
2057 	if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_poll"))
2058 		return 0;
2059 
2060 	ld = tty_ldisc_ref_wait(tty);
2061 	if (ld->ops->poll)
2062 		ret = (ld->ops->poll)(tty, filp, wait);
2063 	tty_ldisc_deref(ld);
2064 	return ret;
2065 }
2066 
2067 static int __tty_fasync(int fd, struct file *filp, int on)
2068 {
2069 	struct tty_struct *tty = file_tty(filp);
2070 	unsigned long flags;
2071 	int retval = 0;
2072 
2073 	if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_fasync"))
2074 		goto out;
2075 
2076 	retval = fasync_helper(fd, filp, on, &tty->fasync);
2077 	if (retval <= 0)
2078 		goto out;
2079 
2080 	if (on) {
2081 		enum pid_type type;
2082 		struct pid *pid;
2083 		if (!waitqueue_active(&tty->read_wait))
2084 			tty->minimum_to_wake = 1;
2085 		spin_lock_irqsave(&tty->ctrl_lock, flags);
2086 		if (tty->pgrp) {
2087 			pid = tty->pgrp;
2088 			type = PIDTYPE_PGID;
2089 		} else {
2090 			pid = task_pid(current);
2091 			type = PIDTYPE_PID;
2092 		}
2093 		get_pid(pid);
2094 		spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2095 		retval = __f_setown(filp, pid, type, 0);
2096 		put_pid(pid);
2097 		if (retval)
2098 			goto out;
2099 	} else {
2100 		if (!tty->fasync && !waitqueue_active(&tty->read_wait))
2101 			tty->minimum_to_wake = N_TTY_BUF_SIZE;
2102 	}
2103 	retval = 0;
2104 out:
2105 	return retval;
2106 }
2107 
2108 static int tty_fasync(int fd, struct file *filp, int on)
2109 {
2110 	struct tty_struct *tty = file_tty(filp);
2111 	int retval;
2112 
2113 	tty_lock(tty);
2114 	retval = __tty_fasync(fd, filp, on);
2115 	tty_unlock(tty);
2116 
2117 	return retval;
2118 }
2119 
2120 /**
2121  *	tiocsti			-	fake input character
2122  *	@tty: tty to fake input into
2123  *	@p: pointer to character
2124  *
2125  *	Fake input to a tty device. Does the necessary locking and
2126  *	input management.
2127  *
2128  *	FIXME: does not honour flow control ??
2129  *
2130  *	Locking:
2131  *		Called functions take tty_ldisc_lock
2132  *		current->signal->tty check is safe without locks
2133  *
2134  *	FIXME: may race normal receive processing
2135  */
2136 
2137 static int tiocsti(struct tty_struct *tty, char __user *p)
2138 {
2139 	char ch, mbz = 0;
2140 	struct tty_ldisc *ld;
2141 
2142 	if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2143 		return -EPERM;
2144 	if (get_user(ch, p))
2145 		return -EFAULT;
2146 	tty_audit_tiocsti(tty, ch);
2147 	ld = tty_ldisc_ref_wait(tty);
2148 	ld->ops->receive_buf(tty, &ch, &mbz, 1);
2149 	tty_ldisc_deref(ld);
2150 	return 0;
2151 }
2152 
2153 /**
2154  *	tiocgwinsz		-	implement window query ioctl
2155  *	@tty; tty
2156  *	@arg: user buffer for result
2157  *
2158  *	Copies the kernel idea of the window size into the user buffer.
2159  *
2160  *	Locking: tty->termios_mutex is taken to ensure the winsize data
2161  *		is consistent.
2162  */
2163 
2164 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2165 {
2166 	int err;
2167 
2168 	mutex_lock(&tty->termios_mutex);
2169 	err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2170 	mutex_unlock(&tty->termios_mutex);
2171 
2172 	return err ? -EFAULT: 0;
2173 }
2174 
2175 /**
2176  *	tty_do_resize		-	resize event
2177  *	@tty: tty being resized
2178  *	@rows: rows (character)
2179  *	@cols: cols (character)
2180  *
2181  *	Update the termios variables and send the necessary signals to
2182  *	peform a terminal resize correctly
2183  */
2184 
2185 int tty_do_resize(struct tty_struct *tty, struct winsize *ws)
2186 {
2187 	struct pid *pgrp;
2188 	unsigned long flags;
2189 
2190 	/* Lock the tty */
2191 	mutex_lock(&tty->termios_mutex);
2192 	if (!memcmp(ws, &tty->winsize, sizeof(*ws)))
2193 		goto done;
2194 	/* Get the PID values and reference them so we can
2195 	   avoid holding the tty ctrl lock while sending signals */
2196 	spin_lock_irqsave(&tty->ctrl_lock, flags);
2197 	pgrp = get_pid(tty->pgrp);
2198 	spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2199 
2200 	if (pgrp)
2201 		kill_pgrp(pgrp, SIGWINCH, 1);
2202 	put_pid(pgrp);
2203 
2204 	tty->winsize = *ws;
2205 done:
2206 	mutex_unlock(&tty->termios_mutex);
2207 	return 0;
2208 }
2209 
2210 /**
2211  *	tiocswinsz		-	implement window size set ioctl
2212  *	@tty; tty side of tty
2213  *	@arg: user buffer for result
2214  *
2215  *	Copies the user idea of the window size to the kernel. Traditionally
2216  *	this is just advisory information but for the Linux console it
2217  *	actually has driver level meaning and triggers a VC resize.
2218  *
2219  *	Locking:
2220  *		Driver dependent. The default do_resize method takes the
2221  *	tty termios mutex and ctrl_lock. The console takes its own lock
2222  *	then calls into the default method.
2223  */
2224 
2225 static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg)
2226 {
2227 	struct winsize tmp_ws;
2228 	if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2229 		return -EFAULT;
2230 
2231 	if (tty->ops->resize)
2232 		return tty->ops->resize(tty, &tmp_ws);
2233 	else
2234 		return tty_do_resize(tty, &tmp_ws);
2235 }
2236 
2237 /**
2238  *	tioccons	-	allow admin to move logical console
2239  *	@file: the file to become console
2240  *
2241  *	Allow the administrator to move the redirected console device
2242  *
2243  *	Locking: uses redirect_lock to guard the redirect information
2244  */
2245 
2246 static int tioccons(struct file *file)
2247 {
2248 	if (!capable(CAP_SYS_ADMIN))
2249 		return -EPERM;
2250 	if (file->f_op->write == redirected_tty_write) {
2251 		struct file *f;
2252 		spin_lock(&redirect_lock);
2253 		f = redirect;
2254 		redirect = NULL;
2255 		spin_unlock(&redirect_lock);
2256 		if (f)
2257 			fput(f);
2258 		return 0;
2259 	}
2260 	spin_lock(&redirect_lock);
2261 	if (redirect) {
2262 		spin_unlock(&redirect_lock);
2263 		return -EBUSY;
2264 	}
2265 	redirect = get_file(file);
2266 	spin_unlock(&redirect_lock);
2267 	return 0;
2268 }
2269 
2270 /**
2271  *	fionbio		-	non blocking ioctl
2272  *	@file: file to set blocking value
2273  *	@p: user parameter
2274  *
2275  *	Historical tty interfaces had a blocking control ioctl before
2276  *	the generic functionality existed. This piece of history is preserved
2277  *	in the expected tty API of posix OS's.
2278  *
2279  *	Locking: none, the open file handle ensures it won't go away.
2280  */
2281 
2282 static int fionbio(struct file *file, int __user *p)
2283 {
2284 	int nonblock;
2285 
2286 	if (get_user(nonblock, p))
2287 		return -EFAULT;
2288 
2289 	spin_lock(&file->f_lock);
2290 	if (nonblock)
2291 		file->f_flags |= O_NONBLOCK;
2292 	else
2293 		file->f_flags &= ~O_NONBLOCK;
2294 	spin_unlock(&file->f_lock);
2295 	return 0;
2296 }
2297 
2298 /**
2299  *	tiocsctty	-	set controlling tty
2300  *	@tty: tty structure
2301  *	@arg: user argument
2302  *
2303  *	This ioctl is used to manage job control. It permits a session
2304  *	leader to set this tty as the controlling tty for the session.
2305  *
2306  *	Locking:
2307  *		Takes tty_mutex() to protect tty instance
2308  *		Takes tasklist_lock internally to walk sessions
2309  *		Takes ->siglock() when updating signal->tty
2310  */
2311 
2312 static int tiocsctty(struct tty_struct *tty, int arg)
2313 {
2314 	int ret = 0;
2315 	if (current->signal->leader && (task_session(current) == tty->session))
2316 		return ret;
2317 
2318 	mutex_lock(&tty_mutex);
2319 	/*
2320 	 * The process must be a session leader and
2321 	 * not have a controlling tty already.
2322 	 */
2323 	if (!current->signal->leader || current->signal->tty) {
2324 		ret = -EPERM;
2325 		goto unlock;
2326 	}
2327 
2328 	if (tty->session) {
2329 		/*
2330 		 * This tty is already the controlling
2331 		 * tty for another session group!
2332 		 */
2333 		if (arg == 1 && capable(CAP_SYS_ADMIN)) {
2334 			/*
2335 			 * Steal it away
2336 			 */
2337 			read_lock(&tasklist_lock);
2338 			session_clear_tty(tty->session);
2339 			read_unlock(&tasklist_lock);
2340 		} else {
2341 			ret = -EPERM;
2342 			goto unlock;
2343 		}
2344 	}
2345 	proc_set_tty(current, tty);
2346 unlock:
2347 	mutex_unlock(&tty_mutex);
2348 	return ret;
2349 }
2350 
2351 /**
2352  *	tty_get_pgrp	-	return a ref counted pgrp pid
2353  *	@tty: tty to read
2354  *
2355  *	Returns a refcounted instance of the pid struct for the process
2356  *	group controlling the tty.
2357  */
2358 
2359 struct pid *tty_get_pgrp(struct tty_struct *tty)
2360 {
2361 	unsigned long flags;
2362 	struct pid *pgrp;
2363 
2364 	spin_lock_irqsave(&tty->ctrl_lock, flags);
2365 	pgrp = get_pid(tty->pgrp);
2366 	spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2367 
2368 	return pgrp;
2369 }
2370 EXPORT_SYMBOL_GPL(tty_get_pgrp);
2371 
2372 /**
2373  *	tiocgpgrp		-	get process group
2374  *	@tty: tty passed by user
2375  *	@real_tty: tty side of the tty passed by the user if a pty else the tty
2376  *	@p: returned pid
2377  *
2378  *	Obtain the process group of the tty. If there is no process group
2379  *	return an error.
2380  *
2381  *	Locking: none. Reference to current->signal->tty is safe.
2382  */
2383 
2384 static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2385 {
2386 	struct pid *pid;
2387 	int ret;
2388 	/*
2389 	 * (tty == real_tty) is a cheap way of
2390 	 * testing if the tty is NOT a master pty.
2391 	 */
2392 	if (tty == real_tty && current->signal->tty != real_tty)
2393 		return -ENOTTY;
2394 	pid = tty_get_pgrp(real_tty);
2395 	ret =  put_user(pid_vnr(pid), p);
2396 	put_pid(pid);
2397 	return ret;
2398 }
2399 
2400 /**
2401  *	tiocspgrp		-	attempt to set process group
2402  *	@tty: tty passed by user
2403  *	@real_tty: tty side device matching tty passed by user
2404  *	@p: pid pointer
2405  *
2406  *	Set the process group of the tty to the session passed. Only
2407  *	permitted where the tty session is our session.
2408  *
2409  *	Locking: RCU, ctrl lock
2410  */
2411 
2412 static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2413 {
2414 	struct pid *pgrp;
2415 	pid_t pgrp_nr;
2416 	int retval = tty_check_change(real_tty);
2417 	unsigned long flags;
2418 
2419 	if (retval == -EIO)
2420 		return -ENOTTY;
2421 	if (retval)
2422 		return retval;
2423 	if (!current->signal->tty ||
2424 	    (current->signal->tty != real_tty) ||
2425 	    (real_tty->session != task_session(current)))
2426 		return -ENOTTY;
2427 	if (get_user(pgrp_nr, p))
2428 		return -EFAULT;
2429 	if (pgrp_nr < 0)
2430 		return -EINVAL;
2431 	rcu_read_lock();
2432 	pgrp = find_vpid(pgrp_nr);
2433 	retval = -ESRCH;
2434 	if (!pgrp)
2435 		goto out_unlock;
2436 	retval = -EPERM;
2437 	if (session_of_pgrp(pgrp) != task_session(current))
2438 		goto out_unlock;
2439 	retval = 0;
2440 	spin_lock_irqsave(&tty->ctrl_lock, flags);
2441 	put_pid(real_tty->pgrp);
2442 	real_tty->pgrp = get_pid(pgrp);
2443 	spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2444 out_unlock:
2445 	rcu_read_unlock();
2446 	return retval;
2447 }
2448 
2449 /**
2450  *	tiocgsid		-	get session id
2451  *	@tty: tty passed by user
2452  *	@real_tty: tty side of the tty passed by the user if a pty else the tty
2453  *	@p: pointer to returned session id
2454  *
2455  *	Obtain the session id of the tty. If there is no session
2456  *	return an error.
2457  *
2458  *	Locking: none. Reference to current->signal->tty is safe.
2459  */
2460 
2461 static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2462 {
2463 	/*
2464 	 * (tty == real_tty) is a cheap way of
2465 	 * testing if the tty is NOT a master pty.
2466 	*/
2467 	if (tty == real_tty && current->signal->tty != real_tty)
2468 		return -ENOTTY;
2469 	if (!real_tty->session)
2470 		return -ENOTTY;
2471 	return put_user(pid_vnr(real_tty->session), p);
2472 }
2473 
2474 /**
2475  *	tiocsetd	-	set line discipline
2476  *	@tty: tty device
2477  *	@p: pointer to user data
2478  *
2479  *	Set the line discipline according to user request.
2480  *
2481  *	Locking: see tty_set_ldisc, this function is just a helper
2482  */
2483 
2484 static int tiocsetd(struct tty_struct *tty, int __user *p)
2485 {
2486 	int ldisc;
2487 	int ret;
2488 
2489 	if (get_user(ldisc, p))
2490 		return -EFAULT;
2491 
2492 	ret = tty_set_ldisc(tty, ldisc);
2493 
2494 	return ret;
2495 }
2496 
2497 /**
2498  *	send_break	-	performed time break
2499  *	@tty: device to break on
2500  *	@duration: timeout in mS
2501  *
2502  *	Perform a timed break on hardware that lacks its own driver level
2503  *	timed break functionality.
2504  *
2505  *	Locking:
2506  *		atomic_write_lock serializes
2507  *
2508  */
2509 
2510 static int send_break(struct tty_struct *tty, unsigned int duration)
2511 {
2512 	int retval;
2513 
2514 	if (tty->ops->break_ctl == NULL)
2515 		return 0;
2516 
2517 	if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
2518 		retval = tty->ops->break_ctl(tty, duration);
2519 	else {
2520 		/* Do the work ourselves */
2521 		if (tty_write_lock(tty, 0) < 0)
2522 			return -EINTR;
2523 		retval = tty->ops->break_ctl(tty, -1);
2524 		if (retval)
2525 			goto out;
2526 		if (!signal_pending(current))
2527 			msleep_interruptible(duration);
2528 		retval = tty->ops->break_ctl(tty, 0);
2529 out:
2530 		tty_write_unlock(tty);
2531 		if (signal_pending(current))
2532 			retval = -EINTR;
2533 	}
2534 	return retval;
2535 }
2536 
2537 /**
2538  *	tty_tiocmget		-	get modem status
2539  *	@tty: tty device
2540  *	@file: user file pointer
2541  *	@p: pointer to result
2542  *
2543  *	Obtain the modem status bits from the tty driver if the feature
2544  *	is supported. Return -EINVAL if it is not available.
2545  *
2546  *	Locking: none (up to the driver)
2547  */
2548 
2549 static int tty_tiocmget(struct tty_struct *tty, int __user *p)
2550 {
2551 	int retval = -EINVAL;
2552 
2553 	if (tty->ops->tiocmget) {
2554 		retval = tty->ops->tiocmget(tty);
2555 
2556 		if (retval >= 0)
2557 			retval = put_user(retval, p);
2558 	}
2559 	return retval;
2560 }
2561 
2562 /**
2563  *	tty_tiocmset		-	set modem status
2564  *	@tty: tty device
2565  *	@cmd: command - clear bits, set bits or set all
2566  *	@p: pointer to desired bits
2567  *
2568  *	Set the modem status bits from the tty driver if the feature
2569  *	is supported. Return -EINVAL if it is not available.
2570  *
2571  *	Locking: none (up to the driver)
2572  */
2573 
2574 static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd,
2575 	     unsigned __user *p)
2576 {
2577 	int retval;
2578 	unsigned int set, clear, val;
2579 
2580 	if (tty->ops->tiocmset == NULL)
2581 		return -EINVAL;
2582 
2583 	retval = get_user(val, p);
2584 	if (retval)
2585 		return retval;
2586 	set = clear = 0;
2587 	switch (cmd) {
2588 	case TIOCMBIS:
2589 		set = val;
2590 		break;
2591 	case TIOCMBIC:
2592 		clear = val;
2593 		break;
2594 	case TIOCMSET:
2595 		set = val;
2596 		clear = ~val;
2597 		break;
2598 	}
2599 	set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2600 	clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2601 	return tty->ops->tiocmset(tty, set, clear);
2602 }
2603 
2604 static int tty_tiocgicount(struct tty_struct *tty, void __user *arg)
2605 {
2606 	int retval = -EINVAL;
2607 	struct serial_icounter_struct icount;
2608 	memset(&icount, 0, sizeof(icount));
2609 	if (tty->ops->get_icount)
2610 		retval = tty->ops->get_icount(tty, &icount);
2611 	if (retval != 0)
2612 		return retval;
2613 	if (copy_to_user(arg, &icount, sizeof(icount)))
2614 		return -EFAULT;
2615 	return 0;
2616 }
2617 
2618 struct tty_struct *tty_pair_get_tty(struct tty_struct *tty)
2619 {
2620 	if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2621 	    tty->driver->subtype == PTY_TYPE_MASTER)
2622 		tty = tty->link;
2623 	return tty;
2624 }
2625 EXPORT_SYMBOL(tty_pair_get_tty);
2626 
2627 struct tty_struct *tty_pair_get_pty(struct tty_struct *tty)
2628 {
2629 	if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2630 	    tty->driver->subtype == PTY_TYPE_MASTER)
2631 	    return tty;
2632 	return tty->link;
2633 }
2634 EXPORT_SYMBOL(tty_pair_get_pty);
2635 
2636 /*
2637  * Split this up, as gcc can choke on it otherwise..
2638  */
2639 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2640 {
2641 	struct tty_struct *tty = file_tty(file);
2642 	struct tty_struct *real_tty;
2643 	void __user *p = (void __user *)arg;
2644 	int retval;
2645 	struct tty_ldisc *ld;
2646 	struct inode *inode = file->f_dentry->d_inode;
2647 
2648 	if (tty_paranoia_check(tty, inode, "tty_ioctl"))
2649 		return -EINVAL;
2650 
2651 	real_tty = tty_pair_get_tty(tty);
2652 
2653 	/*
2654 	 * Factor out some common prep work
2655 	 */
2656 	switch (cmd) {
2657 	case TIOCSETD:
2658 	case TIOCSBRK:
2659 	case TIOCCBRK:
2660 	case TCSBRK:
2661 	case TCSBRKP:
2662 		retval = tty_check_change(tty);
2663 		if (retval)
2664 			return retval;
2665 		if (cmd != TIOCCBRK) {
2666 			tty_wait_until_sent(tty, 0);
2667 			if (signal_pending(current))
2668 				return -EINTR;
2669 		}
2670 		break;
2671 	}
2672 
2673 	/*
2674 	 *	Now do the stuff.
2675 	 */
2676 	switch (cmd) {
2677 	case TIOCSTI:
2678 		return tiocsti(tty, p);
2679 	case TIOCGWINSZ:
2680 		return tiocgwinsz(real_tty, p);
2681 	case TIOCSWINSZ:
2682 		return tiocswinsz(real_tty, p);
2683 	case TIOCCONS:
2684 		return real_tty != tty ? -EINVAL : tioccons(file);
2685 	case FIONBIO:
2686 		return fionbio(file, p);
2687 	case TIOCEXCL:
2688 		set_bit(TTY_EXCLUSIVE, &tty->flags);
2689 		return 0;
2690 	case TIOCNXCL:
2691 		clear_bit(TTY_EXCLUSIVE, &tty->flags);
2692 		return 0;
2693 	case TIOCNOTTY:
2694 		if (current->signal->tty != tty)
2695 			return -ENOTTY;
2696 		no_tty();
2697 		return 0;
2698 	case TIOCSCTTY:
2699 		return tiocsctty(tty, arg);
2700 	case TIOCGPGRP:
2701 		return tiocgpgrp(tty, real_tty, p);
2702 	case TIOCSPGRP:
2703 		return tiocspgrp(tty, real_tty, p);
2704 	case TIOCGSID:
2705 		return tiocgsid(tty, real_tty, p);
2706 	case TIOCGETD:
2707 		return put_user(tty->ldisc->ops->num, (int __user *)p);
2708 	case TIOCSETD:
2709 		return tiocsetd(tty, p);
2710 	case TIOCVHANGUP:
2711 		if (!capable(CAP_SYS_ADMIN))
2712 			return -EPERM;
2713 		tty_vhangup(tty);
2714 		return 0;
2715 	case TIOCGDEV:
2716 	{
2717 		unsigned int ret = new_encode_dev(tty_devnum(real_tty));
2718 		return put_user(ret, (unsigned int __user *)p);
2719 	}
2720 	/*
2721 	 * Break handling
2722 	 */
2723 	case TIOCSBRK:	/* Turn break on, unconditionally */
2724 		if (tty->ops->break_ctl)
2725 			return tty->ops->break_ctl(tty, -1);
2726 		return 0;
2727 	case TIOCCBRK:	/* Turn break off, unconditionally */
2728 		if (tty->ops->break_ctl)
2729 			return tty->ops->break_ctl(tty, 0);
2730 		return 0;
2731 	case TCSBRK:   /* SVID version: non-zero arg --> no break */
2732 		/* non-zero arg means wait for all output data
2733 		 * to be sent (performed above) but don't send break.
2734 		 * This is used by the tcdrain() termios function.
2735 		 */
2736 		if (!arg)
2737 			return send_break(tty, 250);
2738 		return 0;
2739 	case TCSBRKP:	/* support for POSIX tcsendbreak() */
2740 		return send_break(tty, arg ? arg*100 : 250);
2741 
2742 	case TIOCMGET:
2743 		return tty_tiocmget(tty, p);
2744 	case TIOCMSET:
2745 	case TIOCMBIC:
2746 	case TIOCMBIS:
2747 		return tty_tiocmset(tty, cmd, p);
2748 	case TIOCGICOUNT:
2749 		retval = tty_tiocgicount(tty, p);
2750 		/* For the moment allow fall through to the old method */
2751         	if (retval != -EINVAL)
2752 			return retval;
2753 		break;
2754 	case TCFLSH:
2755 		switch (arg) {
2756 		case TCIFLUSH:
2757 		case TCIOFLUSH:
2758 		/* flush tty buffer and allow ldisc to process ioctl */
2759 			tty_buffer_flush(tty);
2760 			break;
2761 		}
2762 		break;
2763 	}
2764 	if (tty->ops->ioctl) {
2765 		retval = (tty->ops->ioctl)(tty, cmd, arg);
2766 		if (retval != -ENOIOCTLCMD)
2767 			return retval;
2768 	}
2769 	ld = tty_ldisc_ref_wait(tty);
2770 	retval = -EINVAL;
2771 	if (ld->ops->ioctl) {
2772 		retval = ld->ops->ioctl(tty, file, cmd, arg);
2773 		if (retval == -ENOIOCTLCMD)
2774 			retval = -ENOTTY;
2775 	}
2776 	tty_ldisc_deref(ld);
2777 	return retval;
2778 }
2779 
2780 #ifdef CONFIG_COMPAT
2781 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
2782 				unsigned long arg)
2783 {
2784 	struct inode *inode = file->f_dentry->d_inode;
2785 	struct tty_struct *tty = file_tty(file);
2786 	struct tty_ldisc *ld;
2787 	int retval = -ENOIOCTLCMD;
2788 
2789 	if (tty_paranoia_check(tty, inode, "tty_ioctl"))
2790 		return -EINVAL;
2791 
2792 	if (tty->ops->compat_ioctl) {
2793 		retval = (tty->ops->compat_ioctl)(tty, cmd, arg);
2794 		if (retval != -ENOIOCTLCMD)
2795 			return retval;
2796 	}
2797 
2798 	ld = tty_ldisc_ref_wait(tty);
2799 	if (ld->ops->compat_ioctl)
2800 		retval = ld->ops->compat_ioctl(tty, file, cmd, arg);
2801 	else
2802 		retval = n_tty_compat_ioctl_helper(tty, file, cmd, arg);
2803 	tty_ldisc_deref(ld);
2804 
2805 	return retval;
2806 }
2807 #endif
2808 
2809 static int this_tty(const void *t, struct file *file, unsigned fd)
2810 {
2811 	if (likely(file->f_op->read != tty_read))
2812 		return 0;
2813 	return file_tty(file) != t ? 0 : fd + 1;
2814 }
2815 
2816 /*
2817  * This implements the "Secure Attention Key" ---  the idea is to
2818  * prevent trojan horses by killing all processes associated with this
2819  * tty when the user hits the "Secure Attention Key".  Required for
2820  * super-paranoid applications --- see the Orange Book for more details.
2821  *
2822  * This code could be nicer; ideally it should send a HUP, wait a few
2823  * seconds, then send a INT, and then a KILL signal.  But you then
2824  * have to coordinate with the init process, since all processes associated
2825  * with the current tty must be dead before the new getty is allowed
2826  * to spawn.
2827  *
2828  * Now, if it would be correct ;-/ The current code has a nasty hole -
2829  * it doesn't catch files in flight. We may send the descriptor to ourselves
2830  * via AF_UNIX socket, close it and later fetch from socket. FIXME.
2831  *
2832  * Nasty bug: do_SAK is being called in interrupt context.  This can
2833  * deadlock.  We punt it up to process context.  AKPM - 16Mar2001
2834  */
2835 void __do_SAK(struct tty_struct *tty)
2836 {
2837 #ifdef TTY_SOFT_SAK
2838 	tty_hangup(tty);
2839 #else
2840 	struct task_struct *g, *p;
2841 	struct pid *session;
2842 	int		i;
2843 
2844 	if (!tty)
2845 		return;
2846 	session = tty->session;
2847 
2848 	tty_ldisc_flush(tty);
2849 
2850 	tty_driver_flush_buffer(tty);
2851 
2852 	read_lock(&tasklist_lock);
2853 	/* Kill the entire session */
2854 	do_each_pid_task(session, PIDTYPE_SID, p) {
2855 		printk(KERN_NOTICE "SAK: killed process %d"
2856 			" (%s): task_session(p)==tty->session\n",
2857 			task_pid_nr(p), p->comm);
2858 		send_sig(SIGKILL, p, 1);
2859 	} while_each_pid_task(session, PIDTYPE_SID, p);
2860 	/* Now kill any processes that happen to have the
2861 	 * tty open.
2862 	 */
2863 	do_each_thread(g, p) {
2864 		if (p->signal->tty == tty) {
2865 			printk(KERN_NOTICE "SAK: killed process %d"
2866 			    " (%s): task_session(p)==tty->session\n",
2867 			    task_pid_nr(p), p->comm);
2868 			send_sig(SIGKILL, p, 1);
2869 			continue;
2870 		}
2871 		task_lock(p);
2872 		i = iterate_fd(p->files, 0, this_tty, tty);
2873 		if (i != 0) {
2874 			printk(KERN_NOTICE "SAK: killed process %d"
2875 			    " (%s): fd#%d opened to the tty\n",
2876 				    task_pid_nr(p), p->comm, i - 1);
2877 			force_sig(SIGKILL, p);
2878 		}
2879 		task_unlock(p);
2880 	} while_each_thread(g, p);
2881 	read_unlock(&tasklist_lock);
2882 #endif
2883 }
2884 
2885 static void do_SAK_work(struct work_struct *work)
2886 {
2887 	struct tty_struct *tty =
2888 		container_of(work, struct tty_struct, SAK_work);
2889 	__do_SAK(tty);
2890 }
2891 
2892 /*
2893  * The tq handling here is a little racy - tty->SAK_work may already be queued.
2894  * Fortunately we don't need to worry, because if ->SAK_work is already queued,
2895  * the values which we write to it will be identical to the values which it
2896  * already has. --akpm
2897  */
2898 void do_SAK(struct tty_struct *tty)
2899 {
2900 	if (!tty)
2901 		return;
2902 	schedule_work(&tty->SAK_work);
2903 }
2904 
2905 EXPORT_SYMBOL(do_SAK);
2906 
2907 static int dev_match_devt(struct device *dev, void *data)
2908 {
2909 	dev_t *devt = data;
2910 	return dev->devt == *devt;
2911 }
2912 
2913 /* Must put_device() after it's unused! */
2914 static struct device *tty_get_device(struct tty_struct *tty)
2915 {
2916 	dev_t devt = tty_devnum(tty);
2917 	return class_find_device(tty_class, NULL, &devt, dev_match_devt);
2918 }
2919 
2920 
2921 /**
2922  *	initialize_tty_struct
2923  *	@tty: tty to initialize
2924  *
2925  *	This subroutine initializes a tty structure that has been newly
2926  *	allocated.
2927  *
2928  *	Locking: none - tty in question must not be exposed at this point
2929  */
2930 
2931 void initialize_tty_struct(struct tty_struct *tty,
2932 		struct tty_driver *driver, int idx)
2933 {
2934 	memset(tty, 0, sizeof(struct tty_struct));
2935 	kref_init(&tty->kref);
2936 	tty->magic = TTY_MAGIC;
2937 	tty_ldisc_init(tty);
2938 	tty->session = NULL;
2939 	tty->pgrp = NULL;
2940 	tty->overrun_time = jiffies;
2941 	tty_buffer_init(tty);
2942 	mutex_init(&tty->legacy_mutex);
2943 	mutex_init(&tty->termios_mutex);
2944 	mutex_init(&tty->ldisc_mutex);
2945 	init_waitqueue_head(&tty->write_wait);
2946 	init_waitqueue_head(&tty->read_wait);
2947 	INIT_WORK(&tty->hangup_work, do_tty_hangup);
2948 	mutex_init(&tty->atomic_read_lock);
2949 	mutex_init(&tty->atomic_write_lock);
2950 	mutex_init(&tty->output_lock);
2951 	mutex_init(&tty->echo_lock);
2952 	spin_lock_init(&tty->read_lock);
2953 	spin_lock_init(&tty->ctrl_lock);
2954 	INIT_LIST_HEAD(&tty->tty_files);
2955 	INIT_WORK(&tty->SAK_work, do_SAK_work);
2956 
2957 	tty->driver = driver;
2958 	tty->ops = driver->ops;
2959 	tty->index = idx;
2960 	tty_line_name(driver, idx, tty->name);
2961 	tty->dev = tty_get_device(tty);
2962 }
2963 
2964 /**
2965  *	deinitialize_tty_struct
2966  *	@tty: tty to deinitialize
2967  *
2968  *	This subroutine deinitializes a tty structure that has been newly
2969  *	allocated but tty_release cannot be called on that yet.
2970  *
2971  *	Locking: none - tty in question must not be exposed at this point
2972  */
2973 void deinitialize_tty_struct(struct tty_struct *tty)
2974 {
2975 	tty_ldisc_deinit(tty);
2976 }
2977 
2978 /**
2979  *	tty_put_char	-	write one character to a tty
2980  *	@tty: tty
2981  *	@ch: character
2982  *
2983  *	Write one byte to the tty using the provided put_char method
2984  *	if present. Returns the number of characters successfully output.
2985  *
2986  *	Note: the specific put_char operation in the driver layer may go
2987  *	away soon. Don't call it directly, use this method
2988  */
2989 
2990 int tty_put_char(struct tty_struct *tty, unsigned char ch)
2991 {
2992 	if (tty->ops->put_char)
2993 		return tty->ops->put_char(tty, ch);
2994 	return tty->ops->write(tty, &ch, 1);
2995 }
2996 EXPORT_SYMBOL_GPL(tty_put_char);
2997 
2998 struct class *tty_class;
2999 
3000 static int tty_cdev_add(struct tty_driver *driver, dev_t dev,
3001 		unsigned int index, unsigned int count)
3002 {
3003 	/* init here, since reused cdevs cause crashes */
3004 	cdev_init(&driver->cdevs[index], &tty_fops);
3005 	driver->cdevs[index].owner = driver->owner;
3006 	return cdev_add(&driver->cdevs[index], dev, count);
3007 }
3008 
3009 /**
3010  *	tty_register_device - register a tty device
3011  *	@driver: the tty driver that describes the tty device
3012  *	@index: the index in the tty driver for this tty device
3013  *	@device: a struct device that is associated with this tty device.
3014  *		This field is optional, if there is no known struct device
3015  *		for this tty device it can be set to NULL safely.
3016  *
3017  *	Returns a pointer to the struct device for this tty device
3018  *	(or ERR_PTR(-EFOO) on error).
3019  *
3020  *	This call is required to be made to register an individual tty device
3021  *	if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set.  If
3022  *	that bit is not set, this function should not be called by a tty
3023  *	driver.
3024  *
3025  *	Locking: ??
3026  */
3027 
3028 struct device *tty_register_device(struct tty_driver *driver, unsigned index,
3029 				   struct device *device)
3030 {
3031 	return tty_register_device_attr(driver, index, device, NULL, NULL);
3032 }
3033 EXPORT_SYMBOL(tty_register_device);
3034 
3035 static void tty_device_create_release(struct device *dev)
3036 {
3037 	pr_debug("device: '%s': %s\n", dev_name(dev), __func__);
3038 	kfree(dev);
3039 }
3040 
3041 /**
3042  *	tty_register_device_attr - register a tty device
3043  *	@driver: the tty driver that describes the tty device
3044  *	@index: the index in the tty driver for this tty device
3045  *	@device: a struct device that is associated with this tty device.
3046  *		This field is optional, if there is no known struct device
3047  *		for this tty device it can be set to NULL safely.
3048  *	@drvdata: Driver data to be set to device.
3049  *	@attr_grp: Attribute group to be set on device.
3050  *
3051  *	Returns a pointer to the struct device for this tty device
3052  *	(or ERR_PTR(-EFOO) on error).
3053  *
3054  *	This call is required to be made to register an individual tty device
3055  *	if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set.  If
3056  *	that bit is not set, this function should not be called by a tty
3057  *	driver.
3058  *
3059  *	Locking: ??
3060  */
3061 struct device *tty_register_device_attr(struct tty_driver *driver,
3062 				   unsigned index, struct device *device,
3063 				   void *drvdata,
3064 				   const struct attribute_group **attr_grp)
3065 {
3066 	char name[64];
3067 	dev_t devt = MKDEV(driver->major, driver->minor_start) + index;
3068 	struct device *dev = NULL;
3069 	int retval = -ENODEV;
3070 	bool cdev = false;
3071 
3072 	if (index >= driver->num) {
3073 		printk(KERN_ERR "Attempt to register invalid tty line number "
3074 		       " (%d).\n", index);
3075 		return ERR_PTR(-EINVAL);
3076 	}
3077 
3078 	if (driver->type == TTY_DRIVER_TYPE_PTY)
3079 		pty_line_name(driver, index, name);
3080 	else
3081 		tty_line_name(driver, index, name);
3082 
3083 	if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3084 		retval = tty_cdev_add(driver, devt, index, 1);
3085 		if (retval)
3086 			goto error;
3087 		cdev = true;
3088 	}
3089 
3090 	dev = kzalloc(sizeof(*dev), GFP_KERNEL);
3091 	if (!dev) {
3092 		retval = -ENOMEM;
3093 		goto error;
3094 	}
3095 
3096 	dev->devt = devt;
3097 	dev->class = tty_class;
3098 	dev->parent = device;
3099 	dev->release = tty_device_create_release;
3100 	dev_set_name(dev, "%s", name);
3101 	dev->groups = attr_grp;
3102 	dev_set_drvdata(dev, drvdata);
3103 
3104 	retval = device_register(dev);
3105 	if (retval)
3106 		goto error;
3107 
3108 	return dev;
3109 
3110 error:
3111 	put_device(dev);
3112 	if (cdev)
3113 		cdev_del(&driver->cdevs[index]);
3114 	return ERR_PTR(retval);
3115 }
3116 EXPORT_SYMBOL_GPL(tty_register_device_attr);
3117 
3118 /**
3119  * 	tty_unregister_device - unregister a tty device
3120  * 	@driver: the tty driver that describes the tty device
3121  * 	@index: the index in the tty driver for this tty device
3122  *
3123  * 	If a tty device is registered with a call to tty_register_device() then
3124  *	this function must be called when the tty device is gone.
3125  *
3126  *	Locking: ??
3127  */
3128 
3129 void tty_unregister_device(struct tty_driver *driver, unsigned index)
3130 {
3131 	device_destroy(tty_class,
3132 		MKDEV(driver->major, driver->minor_start) + index);
3133 	if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC))
3134 		cdev_del(&driver->cdevs[index]);
3135 }
3136 EXPORT_SYMBOL(tty_unregister_device);
3137 
3138 /**
3139  * __tty_alloc_driver -- allocate tty driver
3140  * @lines: count of lines this driver can handle at most
3141  * @owner: module which is repsonsible for this driver
3142  * @flags: some of TTY_DRIVER_* flags, will be set in driver->flags
3143  *
3144  * This should not be called directly, some of the provided macros should be
3145  * used instead. Use IS_ERR and friends on @retval.
3146  */
3147 struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner,
3148 		unsigned long flags)
3149 {
3150 	struct tty_driver *driver;
3151 	unsigned int cdevs = 1;
3152 	int err;
3153 
3154 	if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1))
3155 		return ERR_PTR(-EINVAL);
3156 
3157 	driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL);
3158 	if (!driver)
3159 		return ERR_PTR(-ENOMEM);
3160 
3161 	kref_init(&driver->kref);
3162 	driver->magic = TTY_DRIVER_MAGIC;
3163 	driver->num = lines;
3164 	driver->owner = owner;
3165 	driver->flags = flags;
3166 
3167 	if (!(flags & TTY_DRIVER_DEVPTS_MEM)) {
3168 		driver->ttys = kcalloc(lines, sizeof(*driver->ttys),
3169 				GFP_KERNEL);
3170 		driver->termios = kcalloc(lines, sizeof(*driver->termios),
3171 				GFP_KERNEL);
3172 		if (!driver->ttys || !driver->termios) {
3173 			err = -ENOMEM;
3174 			goto err_free_all;
3175 		}
3176 	}
3177 
3178 	if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
3179 		driver->ports = kcalloc(lines, sizeof(*driver->ports),
3180 				GFP_KERNEL);
3181 		if (!driver->ports) {
3182 			err = -ENOMEM;
3183 			goto err_free_all;
3184 		}
3185 		cdevs = lines;
3186 	}
3187 
3188 	driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL);
3189 	if (!driver->cdevs) {
3190 		err = -ENOMEM;
3191 		goto err_free_all;
3192 	}
3193 
3194 	return driver;
3195 err_free_all:
3196 	kfree(driver->ports);
3197 	kfree(driver->ttys);
3198 	kfree(driver->termios);
3199 	kfree(driver);
3200 	return ERR_PTR(err);
3201 }
3202 EXPORT_SYMBOL(__tty_alloc_driver);
3203 
3204 static void destruct_tty_driver(struct kref *kref)
3205 {
3206 	struct tty_driver *driver = container_of(kref, struct tty_driver, kref);
3207 	int i;
3208 	struct ktermios *tp;
3209 
3210 	if (driver->flags & TTY_DRIVER_INSTALLED) {
3211 		/*
3212 		 * Free the termios and termios_locked structures because
3213 		 * we don't want to get memory leaks when modular tty
3214 		 * drivers are removed from the kernel.
3215 		 */
3216 		for (i = 0; i < driver->num; i++) {
3217 			tp = driver->termios[i];
3218 			if (tp) {
3219 				driver->termios[i] = NULL;
3220 				kfree(tp);
3221 			}
3222 			if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3223 				tty_unregister_device(driver, i);
3224 		}
3225 		proc_tty_unregister_driver(driver);
3226 		if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)
3227 			cdev_del(&driver->cdevs[0]);
3228 	}
3229 	kfree(driver->cdevs);
3230 	kfree(driver->ports);
3231 	kfree(driver->termios);
3232 	kfree(driver->ttys);
3233 	kfree(driver);
3234 }
3235 
3236 void tty_driver_kref_put(struct tty_driver *driver)
3237 {
3238 	kref_put(&driver->kref, destruct_tty_driver);
3239 }
3240 EXPORT_SYMBOL(tty_driver_kref_put);
3241 
3242 void tty_set_operations(struct tty_driver *driver,
3243 			const struct tty_operations *op)
3244 {
3245 	driver->ops = op;
3246 };
3247 EXPORT_SYMBOL(tty_set_operations);
3248 
3249 void put_tty_driver(struct tty_driver *d)
3250 {
3251 	tty_driver_kref_put(d);
3252 }
3253 EXPORT_SYMBOL(put_tty_driver);
3254 
3255 /*
3256  * Called by a tty driver to register itself.
3257  */
3258 int tty_register_driver(struct tty_driver *driver)
3259 {
3260 	int error;
3261 	int i;
3262 	dev_t dev;
3263 	struct device *d;
3264 
3265 	if (!driver->major) {
3266 		error = alloc_chrdev_region(&dev, driver->minor_start,
3267 						driver->num, driver->name);
3268 		if (!error) {
3269 			driver->major = MAJOR(dev);
3270 			driver->minor_start = MINOR(dev);
3271 		}
3272 	} else {
3273 		dev = MKDEV(driver->major, driver->minor_start);
3274 		error = register_chrdev_region(dev, driver->num, driver->name);
3275 	}
3276 	if (error < 0)
3277 		goto err;
3278 
3279 	if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) {
3280 		error = tty_cdev_add(driver, dev, 0, driver->num);
3281 		if (error)
3282 			goto err_unreg_char;
3283 	}
3284 
3285 	mutex_lock(&tty_mutex);
3286 	list_add(&driver->tty_drivers, &tty_drivers);
3287 	mutex_unlock(&tty_mutex);
3288 
3289 	if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
3290 		for (i = 0; i < driver->num; i++) {
3291 			d = tty_register_device(driver, i, NULL);
3292 			if (IS_ERR(d)) {
3293 				error = PTR_ERR(d);
3294 				goto err_unreg_devs;
3295 			}
3296 		}
3297 	}
3298 	proc_tty_register_driver(driver);
3299 	driver->flags |= TTY_DRIVER_INSTALLED;
3300 	return 0;
3301 
3302 err_unreg_devs:
3303 	for (i--; i >= 0; i--)
3304 		tty_unregister_device(driver, i);
3305 
3306 	mutex_lock(&tty_mutex);
3307 	list_del(&driver->tty_drivers);
3308 	mutex_unlock(&tty_mutex);
3309 
3310 err_unreg_char:
3311 	unregister_chrdev_region(dev, driver->num);
3312 err:
3313 	return error;
3314 }
3315 EXPORT_SYMBOL(tty_register_driver);
3316 
3317 /*
3318  * Called by a tty driver to unregister itself.
3319  */
3320 int tty_unregister_driver(struct tty_driver *driver)
3321 {
3322 #if 0
3323 	/* FIXME */
3324 	if (driver->refcount)
3325 		return -EBUSY;
3326 #endif
3327 	unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3328 				driver->num);
3329 	mutex_lock(&tty_mutex);
3330 	list_del(&driver->tty_drivers);
3331 	mutex_unlock(&tty_mutex);
3332 	return 0;
3333 }
3334 
3335 EXPORT_SYMBOL(tty_unregister_driver);
3336 
3337 dev_t tty_devnum(struct tty_struct *tty)
3338 {
3339 	return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3340 }
3341 EXPORT_SYMBOL(tty_devnum);
3342 
3343 void proc_clear_tty(struct task_struct *p)
3344 {
3345 	unsigned long flags;
3346 	struct tty_struct *tty;
3347 	spin_lock_irqsave(&p->sighand->siglock, flags);
3348 	tty = p->signal->tty;
3349 	p->signal->tty = NULL;
3350 	spin_unlock_irqrestore(&p->sighand->siglock, flags);
3351 	tty_kref_put(tty);
3352 }
3353 
3354 /* Called under the sighand lock */
3355 
3356 static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
3357 {
3358 	if (tty) {
3359 		unsigned long flags;
3360 		/* We should not have a session or pgrp to put here but.... */
3361 		spin_lock_irqsave(&tty->ctrl_lock, flags);
3362 		put_pid(tty->session);
3363 		put_pid(tty->pgrp);
3364 		tty->pgrp = get_pid(task_pgrp(tsk));
3365 		spin_unlock_irqrestore(&tty->ctrl_lock, flags);
3366 		tty->session = get_pid(task_session(tsk));
3367 		if (tsk->signal->tty) {
3368 			printk(KERN_DEBUG "tty not NULL!!\n");
3369 			tty_kref_put(tsk->signal->tty);
3370 		}
3371 	}
3372 	put_pid(tsk->signal->tty_old_pgrp);
3373 	tsk->signal->tty = tty_kref_get(tty);
3374 	tsk->signal->tty_old_pgrp = NULL;
3375 }
3376 
3377 static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
3378 {
3379 	spin_lock_irq(&tsk->sighand->siglock);
3380 	__proc_set_tty(tsk, tty);
3381 	spin_unlock_irq(&tsk->sighand->siglock);
3382 }
3383 
3384 struct tty_struct *get_current_tty(void)
3385 {
3386 	struct tty_struct *tty;
3387 	unsigned long flags;
3388 
3389 	spin_lock_irqsave(&current->sighand->siglock, flags);
3390 	tty = tty_kref_get(current->signal->tty);
3391 	spin_unlock_irqrestore(&current->sighand->siglock, flags);
3392 	return tty;
3393 }
3394 EXPORT_SYMBOL_GPL(get_current_tty);
3395 
3396 void tty_default_fops(struct file_operations *fops)
3397 {
3398 	*fops = tty_fops;
3399 }
3400 
3401 /*
3402  * Initialize the console device. This is called *early*, so
3403  * we can't necessarily depend on lots of kernel help here.
3404  * Just do some early initializations, and do the complex setup
3405  * later.
3406  */
3407 void __init console_init(void)
3408 {
3409 	initcall_t *call;
3410 
3411 	/* Setup the default TTY line discipline. */
3412 	tty_ldisc_begin();
3413 
3414 	/*
3415 	 * set up the console device so that later boot sequences can
3416 	 * inform about problems etc..
3417 	 */
3418 	call = __con_initcall_start;
3419 	while (call < __con_initcall_end) {
3420 		(*call)();
3421 		call++;
3422 	}
3423 }
3424 
3425 static char *tty_devnode(struct device *dev, umode_t *mode)
3426 {
3427 	if (!mode)
3428 		return NULL;
3429 	if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) ||
3430 	    dev->devt == MKDEV(TTYAUX_MAJOR, 2))
3431 		*mode = 0666;
3432 	return NULL;
3433 }
3434 
3435 static int __init tty_class_init(void)
3436 {
3437 	tty_class = class_create(THIS_MODULE, "tty");
3438 	if (IS_ERR(tty_class))
3439 		return PTR_ERR(tty_class);
3440 	tty_class->devnode = tty_devnode;
3441 	return 0;
3442 }
3443 
3444 postcore_initcall(tty_class_init);
3445 
3446 /* 3/2004 jmc: why do these devices exist? */
3447 static struct cdev tty_cdev, console_cdev;
3448 
3449 static ssize_t show_cons_active(struct device *dev,
3450 				struct device_attribute *attr, char *buf)
3451 {
3452 	struct console *cs[16];
3453 	int i = 0;
3454 	struct console *c;
3455 	ssize_t count = 0;
3456 
3457 	console_lock();
3458 	for_each_console(c) {
3459 		if (!c->device)
3460 			continue;
3461 		if (!c->write)
3462 			continue;
3463 		if ((c->flags & CON_ENABLED) == 0)
3464 			continue;
3465 		cs[i++] = c;
3466 		if (i >= ARRAY_SIZE(cs))
3467 			break;
3468 	}
3469 	while (i--)
3470 		count += sprintf(buf + count, "%s%d%c",
3471 				 cs[i]->name, cs[i]->index, i ? ' ':'\n');
3472 	console_unlock();
3473 
3474 	return count;
3475 }
3476 static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL);
3477 
3478 static struct device *consdev;
3479 
3480 void console_sysfs_notify(void)
3481 {
3482 	if (consdev)
3483 		sysfs_notify(&consdev->kobj, NULL, "active");
3484 }
3485 
3486 /*
3487  * Ok, now we can initialize the rest of the tty devices and can count
3488  * on memory allocations, interrupts etc..
3489  */
3490 int __init tty_init(void)
3491 {
3492 	cdev_init(&tty_cdev, &tty_fops);
3493 	if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3494 	    register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3495 		panic("Couldn't register /dev/tty driver\n");
3496 	device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty");
3497 
3498 	cdev_init(&console_cdev, &console_fops);
3499 	if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3500 	    register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3501 		panic("Couldn't register /dev/console driver\n");
3502 	consdev = device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), NULL,
3503 			      "console");
3504 	if (IS_ERR(consdev))
3505 		consdev = NULL;
3506 	else
3507 		WARN_ON(device_create_file(consdev, &dev_attr_active) < 0);
3508 
3509 #ifdef CONFIG_VT
3510 	vty_init(&console_fops);
3511 #endif
3512 	return 0;
3513 }
3514 
3515