xref: /openbmc/linux/drivers/tty/tty_io.c (revision df2634f43f5106947f3735a0b61a6527a4b278cd)
1 /*
2  *  linux/drivers/char/tty_io.c
3  *
4  *  Copyright (C) 1991, 1992  Linus Torvalds
5  */
6 
7 /*
8  * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
9  * or rs-channels. It also implements echoing, cooked mode etc.
10  *
11  * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
12  *
13  * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
14  * tty_struct and tty_queue structures.  Previously there was an array
15  * of 256 tty_struct's which was statically allocated, and the
16  * tty_queue structures were allocated at boot time.  Both are now
17  * dynamically allocated only when the tty is open.
18  *
19  * Also restructured routines so that there is more of a separation
20  * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
21  * the low-level tty routines (serial.c, pty.c, console.c).  This
22  * makes for cleaner and more compact code.  -TYT, 9/17/92
23  *
24  * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
25  * which can be dynamically activated and de-activated by the line
26  * discipline handling modules (like SLIP).
27  *
28  * NOTE: pay no attention to the line discipline code (yet); its
29  * interface is still subject to change in this version...
30  * -- TYT, 1/31/92
31  *
32  * Added functionality to the OPOST tty handling.  No delays, but all
33  * other bits should be there.
34  *	-- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
35  *
36  * Rewrote canonical mode and added more termios flags.
37  * 	-- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
38  *
39  * Reorganized FASYNC support so mouse code can share it.
40  *	-- ctm@ardi.com, 9Sep95
41  *
42  * New TIOCLINUX variants added.
43  *	-- mj@k332.feld.cvut.cz, 19-Nov-95
44  *
45  * Restrict vt switching via ioctl()
46  *      -- grif@cs.ucr.edu, 5-Dec-95
47  *
48  * Move console and virtual terminal code to more appropriate files,
49  * implement CONFIG_VT and generalize console device interface.
50  *	-- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
51  *
52  * Rewrote tty_init_dev and tty_release_dev to eliminate races.
53  *	-- Bill Hawes <whawes@star.net>, June 97
54  *
55  * Added devfs support.
56  *      -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
57  *
58  * Added support for a Unix98-style ptmx device.
59  *      -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
60  *
61  * Reduced memory usage for older ARM systems
62  *      -- Russell King <rmk@arm.linux.org.uk>
63  *
64  * Move do_SAK() into process context.  Less stack use in devfs functions.
65  * alloc_tty_struct() always uses kmalloc()
66  *			 -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
67  */
68 
69 #include <linux/types.h>
70 #include <linux/major.h>
71 #include <linux/errno.h>
72 #include <linux/signal.h>
73 #include <linux/fcntl.h>
74 #include <linux/sched.h>
75 #include <linux/interrupt.h>
76 #include <linux/tty.h>
77 #include <linux/tty_driver.h>
78 #include <linux/tty_flip.h>
79 #include <linux/devpts_fs.h>
80 #include <linux/file.h>
81 #include <linux/fdtable.h>
82 #include <linux/console.h>
83 #include <linux/timer.h>
84 #include <linux/ctype.h>
85 #include <linux/kd.h>
86 #include <linux/mm.h>
87 #include <linux/string.h>
88 #include <linux/slab.h>
89 #include <linux/poll.h>
90 #include <linux/proc_fs.h>
91 #include <linux/init.h>
92 #include <linux/module.h>
93 #include <linux/smp_lock.h>
94 #include <linux/device.h>
95 #include <linux/wait.h>
96 #include <linux/bitops.h>
97 #include <linux/delay.h>
98 #include <linux/seq_file.h>
99 #include <linux/serial.h>
100 
101 #include <linux/uaccess.h>
102 #include <asm/system.h>
103 
104 #include <linux/kbd_kern.h>
105 #include <linux/vt_kern.h>
106 #include <linux/selection.h>
107 
108 #include <linux/kmod.h>
109 #include <linux/nsproxy.h>
110 
111 #undef TTY_DEBUG_HANGUP
112 
113 #define TTY_PARANOIA_CHECK 1
114 #define CHECK_TTY_COUNT 1
115 
116 struct ktermios tty_std_termios = {	/* for the benefit of tty drivers  */
117 	.c_iflag = ICRNL | IXON,
118 	.c_oflag = OPOST | ONLCR,
119 	.c_cflag = B38400 | CS8 | CREAD | HUPCL,
120 	.c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
121 		   ECHOCTL | ECHOKE | IEXTEN,
122 	.c_cc = INIT_C_CC,
123 	.c_ispeed = 38400,
124 	.c_ospeed = 38400
125 };
126 
127 EXPORT_SYMBOL(tty_std_termios);
128 
129 /* This list gets poked at by procfs and various bits of boot up code. This
130    could do with some rationalisation such as pulling the tty proc function
131    into this file */
132 
133 LIST_HEAD(tty_drivers);			/* linked list of tty drivers */
134 
135 /* Mutex to protect creating and releasing a tty. This is shared with
136    vt.c for deeply disgusting hack reasons */
137 DEFINE_MUTEX(tty_mutex);
138 EXPORT_SYMBOL(tty_mutex);
139 
140 /* Spinlock to protect the tty->tty_files list */
141 DEFINE_SPINLOCK(tty_files_lock);
142 
143 static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
144 static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
145 ssize_t redirected_tty_write(struct file *, const char __user *,
146 							size_t, loff_t *);
147 static unsigned int tty_poll(struct file *, poll_table *);
148 static int tty_open(struct inode *, struct file *);
149 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
150 #ifdef CONFIG_COMPAT
151 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
152 				unsigned long arg);
153 #else
154 #define tty_compat_ioctl NULL
155 #endif
156 static int __tty_fasync(int fd, struct file *filp, int on);
157 static int tty_fasync(int fd, struct file *filp, int on);
158 static void release_tty(struct tty_struct *tty, int idx);
159 static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
160 static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
161 
162 /**
163  *	alloc_tty_struct	-	allocate a tty object
164  *
165  *	Return a new empty tty structure. The data fields have not
166  *	been initialized in any way but has been zeroed
167  *
168  *	Locking: none
169  */
170 
171 struct tty_struct *alloc_tty_struct(void)
172 {
173 	return kzalloc(sizeof(struct tty_struct), GFP_KERNEL);
174 }
175 
176 /**
177  *	free_tty_struct		-	free a disused tty
178  *	@tty: tty struct to free
179  *
180  *	Free the write buffers, tty queue and tty memory itself.
181  *
182  *	Locking: none. Must be called after tty is definitely unused
183  */
184 
185 void free_tty_struct(struct tty_struct *tty)
186 {
187 	if (tty->dev)
188 		put_device(tty->dev);
189 	kfree(tty->write_buf);
190 	tty_buffer_free_all(tty);
191 	kfree(tty);
192 }
193 
194 static inline struct tty_struct *file_tty(struct file *file)
195 {
196 	return ((struct tty_file_private *)file->private_data)->tty;
197 }
198 
199 /* Associate a new file with the tty structure */
200 int tty_add_file(struct tty_struct *tty, struct file *file)
201 {
202 	struct tty_file_private *priv;
203 
204 	priv = kmalloc(sizeof(*priv), GFP_KERNEL);
205 	if (!priv)
206 		return -ENOMEM;
207 
208 	priv->tty = tty;
209 	priv->file = file;
210 	file->private_data = priv;
211 
212 	spin_lock(&tty_files_lock);
213 	list_add(&priv->list, &tty->tty_files);
214 	spin_unlock(&tty_files_lock);
215 
216 	return 0;
217 }
218 
219 /* Delete file from its tty */
220 void tty_del_file(struct file *file)
221 {
222 	struct tty_file_private *priv = file->private_data;
223 
224 	spin_lock(&tty_files_lock);
225 	list_del(&priv->list);
226 	spin_unlock(&tty_files_lock);
227 	file->private_data = NULL;
228 	kfree(priv);
229 }
230 
231 
232 #define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
233 
234 /**
235  *	tty_name	-	return tty naming
236  *	@tty: tty structure
237  *	@buf: buffer for output
238  *
239  *	Convert a tty structure into a name. The name reflects the kernel
240  *	naming policy and if udev is in use may not reflect user space
241  *
242  *	Locking: none
243  */
244 
245 char *tty_name(struct tty_struct *tty, char *buf)
246 {
247 	if (!tty) /* Hmm.  NULL pointer.  That's fun. */
248 		strcpy(buf, "NULL tty");
249 	else
250 		strcpy(buf, tty->name);
251 	return buf;
252 }
253 
254 EXPORT_SYMBOL(tty_name);
255 
256 int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
257 			      const char *routine)
258 {
259 #ifdef TTY_PARANOIA_CHECK
260 	if (!tty) {
261 		printk(KERN_WARNING
262 			"null TTY for (%d:%d) in %s\n",
263 			imajor(inode), iminor(inode), routine);
264 		return 1;
265 	}
266 	if (tty->magic != TTY_MAGIC) {
267 		printk(KERN_WARNING
268 			"bad magic number for tty struct (%d:%d) in %s\n",
269 			imajor(inode), iminor(inode), routine);
270 		return 1;
271 	}
272 #endif
273 	return 0;
274 }
275 
276 static int check_tty_count(struct tty_struct *tty, const char *routine)
277 {
278 #ifdef CHECK_TTY_COUNT
279 	struct list_head *p;
280 	int count = 0;
281 
282 	spin_lock(&tty_files_lock);
283 	list_for_each(p, &tty->tty_files) {
284 		count++;
285 	}
286 	spin_unlock(&tty_files_lock);
287 	if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
288 	    tty->driver->subtype == PTY_TYPE_SLAVE &&
289 	    tty->link && tty->link->count)
290 		count++;
291 	if (tty->count != count) {
292 		printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
293 				    "!= #fd's(%d) in %s\n",
294 		       tty->name, tty->count, count, routine);
295 		return count;
296 	}
297 #endif
298 	return 0;
299 }
300 
301 /**
302  *	get_tty_driver		-	find device of a tty
303  *	@dev_t: device identifier
304  *	@index: returns the index of the tty
305  *
306  *	This routine returns a tty driver structure, given a device number
307  *	and also passes back the index number.
308  *
309  *	Locking: caller must hold tty_mutex
310  */
311 
312 static struct tty_driver *get_tty_driver(dev_t device, int *index)
313 {
314 	struct tty_driver *p;
315 
316 	list_for_each_entry(p, &tty_drivers, tty_drivers) {
317 		dev_t base = MKDEV(p->major, p->minor_start);
318 		if (device < base || device >= base + p->num)
319 			continue;
320 		*index = device - base;
321 		return tty_driver_kref_get(p);
322 	}
323 	return NULL;
324 }
325 
326 #ifdef CONFIG_CONSOLE_POLL
327 
328 /**
329  *	tty_find_polling_driver	-	find device of a polled tty
330  *	@name: name string to match
331  *	@line: pointer to resulting tty line nr
332  *
333  *	This routine returns a tty driver structure, given a name
334  *	and the condition that the tty driver is capable of polled
335  *	operation.
336  */
337 struct tty_driver *tty_find_polling_driver(char *name, int *line)
338 {
339 	struct tty_driver *p, *res = NULL;
340 	int tty_line = 0;
341 	int len;
342 	char *str, *stp;
343 
344 	for (str = name; *str; str++)
345 		if ((*str >= '0' && *str <= '9') || *str == ',')
346 			break;
347 	if (!*str)
348 		return NULL;
349 
350 	len = str - name;
351 	tty_line = simple_strtoul(str, &str, 10);
352 
353 	mutex_lock(&tty_mutex);
354 	/* Search through the tty devices to look for a match */
355 	list_for_each_entry(p, &tty_drivers, tty_drivers) {
356 		if (strncmp(name, p->name, len) != 0)
357 			continue;
358 		stp = str;
359 		if (*stp == ',')
360 			stp++;
361 		if (*stp == '\0')
362 			stp = NULL;
363 
364 		if (tty_line >= 0 && tty_line < p->num && p->ops &&
365 		    p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) {
366 			res = tty_driver_kref_get(p);
367 			*line = tty_line;
368 			break;
369 		}
370 	}
371 	mutex_unlock(&tty_mutex);
372 
373 	return res;
374 }
375 EXPORT_SYMBOL_GPL(tty_find_polling_driver);
376 #endif
377 
378 /**
379  *	tty_check_change	-	check for POSIX terminal changes
380  *	@tty: tty to check
381  *
382  *	If we try to write to, or set the state of, a terminal and we're
383  *	not in the foreground, send a SIGTTOU.  If the signal is blocked or
384  *	ignored, go ahead and perform the operation.  (POSIX 7.2)
385  *
386  *	Locking: ctrl_lock
387  */
388 
389 int tty_check_change(struct tty_struct *tty)
390 {
391 	unsigned long flags;
392 	int ret = 0;
393 
394 	if (current->signal->tty != tty)
395 		return 0;
396 
397 	spin_lock_irqsave(&tty->ctrl_lock, flags);
398 
399 	if (!tty->pgrp) {
400 		printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n");
401 		goto out_unlock;
402 	}
403 	if (task_pgrp(current) == tty->pgrp)
404 		goto out_unlock;
405 	spin_unlock_irqrestore(&tty->ctrl_lock, flags);
406 	if (is_ignored(SIGTTOU))
407 		goto out;
408 	if (is_current_pgrp_orphaned()) {
409 		ret = -EIO;
410 		goto out;
411 	}
412 	kill_pgrp(task_pgrp(current), SIGTTOU, 1);
413 	set_thread_flag(TIF_SIGPENDING);
414 	ret = -ERESTARTSYS;
415 out:
416 	return ret;
417 out_unlock:
418 	spin_unlock_irqrestore(&tty->ctrl_lock, flags);
419 	return ret;
420 }
421 
422 EXPORT_SYMBOL(tty_check_change);
423 
424 static ssize_t hung_up_tty_read(struct file *file, char __user *buf,
425 				size_t count, loff_t *ppos)
426 {
427 	return 0;
428 }
429 
430 static ssize_t hung_up_tty_write(struct file *file, const char __user *buf,
431 				 size_t count, loff_t *ppos)
432 {
433 	return -EIO;
434 }
435 
436 /* No kernel lock held - none needed ;) */
437 static unsigned int hung_up_tty_poll(struct file *filp, poll_table *wait)
438 {
439 	return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
440 }
441 
442 static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
443 		unsigned long arg)
444 {
445 	return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
446 }
447 
448 static long hung_up_tty_compat_ioctl(struct file *file,
449 				     unsigned int cmd, unsigned long arg)
450 {
451 	return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
452 }
453 
454 static const struct file_operations tty_fops = {
455 	.llseek		= no_llseek,
456 	.read		= tty_read,
457 	.write		= tty_write,
458 	.poll		= tty_poll,
459 	.unlocked_ioctl	= tty_ioctl,
460 	.compat_ioctl	= tty_compat_ioctl,
461 	.open		= tty_open,
462 	.release	= tty_release,
463 	.fasync		= tty_fasync,
464 };
465 
466 static const struct file_operations console_fops = {
467 	.llseek		= no_llseek,
468 	.read		= tty_read,
469 	.write		= redirected_tty_write,
470 	.poll		= tty_poll,
471 	.unlocked_ioctl	= tty_ioctl,
472 	.compat_ioctl	= tty_compat_ioctl,
473 	.open		= tty_open,
474 	.release	= tty_release,
475 	.fasync		= tty_fasync,
476 };
477 
478 static const struct file_operations hung_up_tty_fops = {
479 	.llseek		= no_llseek,
480 	.read		= hung_up_tty_read,
481 	.write		= hung_up_tty_write,
482 	.poll		= hung_up_tty_poll,
483 	.unlocked_ioctl	= hung_up_tty_ioctl,
484 	.compat_ioctl	= hung_up_tty_compat_ioctl,
485 	.release	= tty_release,
486 };
487 
488 static DEFINE_SPINLOCK(redirect_lock);
489 static struct file *redirect;
490 
491 /**
492  *	tty_wakeup	-	request more data
493  *	@tty: terminal
494  *
495  *	Internal and external helper for wakeups of tty. This function
496  *	informs the line discipline if present that the driver is ready
497  *	to receive more output data.
498  */
499 
500 void tty_wakeup(struct tty_struct *tty)
501 {
502 	struct tty_ldisc *ld;
503 
504 	if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
505 		ld = tty_ldisc_ref(tty);
506 		if (ld) {
507 			if (ld->ops->write_wakeup)
508 				ld->ops->write_wakeup(tty);
509 			tty_ldisc_deref(ld);
510 		}
511 	}
512 	wake_up_interruptible_poll(&tty->write_wait, POLLOUT);
513 }
514 
515 EXPORT_SYMBOL_GPL(tty_wakeup);
516 
517 /**
518  *	__tty_hangup		-	actual handler for hangup events
519  *	@work: tty device
520  *
521  *	This can be called by the "eventd" kernel thread.  That is process
522  *	synchronous but doesn't hold any locks, so we need to make sure we
523  *	have the appropriate locks for what we're doing.
524  *
525  *	The hangup event clears any pending redirections onto the hung up
526  *	device. It ensures future writes will error and it does the needed
527  *	line discipline hangup and signal delivery. The tty object itself
528  *	remains intact.
529  *
530  *	Locking:
531  *		BTM
532  *		  redirect lock for undoing redirection
533  *		  file list lock for manipulating list of ttys
534  *		  tty_ldisc_lock from called functions
535  *		  termios_mutex resetting termios data
536  *		  tasklist_lock to walk task list for hangup event
537  *		    ->siglock to protect ->signal/->sighand
538  */
539 void __tty_hangup(struct tty_struct *tty)
540 {
541 	struct file *cons_filp = NULL;
542 	struct file *filp, *f = NULL;
543 	struct task_struct *p;
544 	struct tty_file_private *priv;
545 	int    closecount = 0, n;
546 	unsigned long flags;
547 	int refs = 0;
548 
549 	if (!tty)
550 		return;
551 
552 
553 	spin_lock(&redirect_lock);
554 	if (redirect && file_tty(redirect) == tty) {
555 		f = redirect;
556 		redirect = NULL;
557 	}
558 	spin_unlock(&redirect_lock);
559 
560 	tty_lock();
561 
562 	/* some functions below drop BTM, so we need this bit */
563 	set_bit(TTY_HUPPING, &tty->flags);
564 
565 	/* inuse_filps is protected by the single tty lock,
566 	   this really needs to change if we want to flush the
567 	   workqueue with the lock held */
568 	check_tty_count(tty, "tty_hangup");
569 
570 	spin_lock(&tty_files_lock);
571 	/* This breaks for file handles being sent over AF_UNIX sockets ? */
572 	list_for_each_entry(priv, &tty->tty_files, list) {
573 		filp = priv->file;
574 		if (filp->f_op->write == redirected_tty_write)
575 			cons_filp = filp;
576 		if (filp->f_op->write != tty_write)
577 			continue;
578 		closecount++;
579 		__tty_fasync(-1, filp, 0);	/* can't block */
580 		filp->f_op = &hung_up_tty_fops;
581 	}
582 	spin_unlock(&tty_files_lock);
583 
584 	/*
585 	 * it drops BTM and thus races with reopen
586 	 * we protect the race by TTY_HUPPING
587 	 */
588 	tty_ldisc_hangup(tty);
589 
590 	read_lock(&tasklist_lock);
591 	if (tty->session) {
592 		do_each_pid_task(tty->session, PIDTYPE_SID, p) {
593 			spin_lock_irq(&p->sighand->siglock);
594 			if (p->signal->tty == tty) {
595 				p->signal->tty = NULL;
596 				/* We defer the dereferences outside fo
597 				   the tasklist lock */
598 				refs++;
599 			}
600 			if (!p->signal->leader) {
601 				spin_unlock_irq(&p->sighand->siglock);
602 				continue;
603 			}
604 			__group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
605 			__group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
606 			put_pid(p->signal->tty_old_pgrp);  /* A noop */
607 			spin_lock_irqsave(&tty->ctrl_lock, flags);
608 			if (tty->pgrp)
609 				p->signal->tty_old_pgrp = get_pid(tty->pgrp);
610 			spin_unlock_irqrestore(&tty->ctrl_lock, flags);
611 			spin_unlock_irq(&p->sighand->siglock);
612 		} while_each_pid_task(tty->session, PIDTYPE_SID, p);
613 	}
614 	read_unlock(&tasklist_lock);
615 
616 	spin_lock_irqsave(&tty->ctrl_lock, flags);
617 	clear_bit(TTY_THROTTLED, &tty->flags);
618 	clear_bit(TTY_PUSH, &tty->flags);
619 	clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
620 	put_pid(tty->session);
621 	put_pid(tty->pgrp);
622 	tty->session = NULL;
623 	tty->pgrp = NULL;
624 	tty->ctrl_status = 0;
625 	spin_unlock_irqrestore(&tty->ctrl_lock, flags);
626 
627 	/* Account for the p->signal references we killed */
628 	while (refs--)
629 		tty_kref_put(tty);
630 
631 	/*
632 	 * If one of the devices matches a console pointer, we
633 	 * cannot just call hangup() because that will cause
634 	 * tty->count and state->count to go out of sync.
635 	 * So we just call close() the right number of times.
636 	 */
637 	if (cons_filp) {
638 		if (tty->ops->close)
639 			for (n = 0; n < closecount; n++)
640 				tty->ops->close(tty, cons_filp);
641 	} else if (tty->ops->hangup)
642 		(tty->ops->hangup)(tty);
643 	/*
644 	 * We don't want to have driver/ldisc interactions beyond
645 	 * the ones we did here. The driver layer expects no
646 	 * calls after ->hangup() from the ldisc side. However we
647 	 * can't yet guarantee all that.
648 	 */
649 	set_bit(TTY_HUPPED, &tty->flags);
650 	clear_bit(TTY_HUPPING, &tty->flags);
651 	tty_ldisc_enable(tty);
652 
653 	tty_unlock();
654 
655 	if (f)
656 		fput(f);
657 }
658 
659 static void do_tty_hangup(struct work_struct *work)
660 {
661 	struct tty_struct *tty =
662 		container_of(work, struct tty_struct, hangup_work);
663 
664 	__tty_hangup(tty);
665 }
666 
667 /**
668  *	tty_hangup		-	trigger a hangup event
669  *	@tty: tty to hangup
670  *
671  *	A carrier loss (virtual or otherwise) has occurred on this like
672  *	schedule a hangup sequence to run after this event.
673  */
674 
675 void tty_hangup(struct tty_struct *tty)
676 {
677 #ifdef TTY_DEBUG_HANGUP
678 	char	buf[64];
679 	printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
680 #endif
681 	schedule_work(&tty->hangup_work);
682 }
683 
684 EXPORT_SYMBOL(tty_hangup);
685 
686 /**
687  *	tty_vhangup		-	process vhangup
688  *	@tty: tty to hangup
689  *
690  *	The user has asked via system call for the terminal to be hung up.
691  *	We do this synchronously so that when the syscall returns the process
692  *	is complete. That guarantee is necessary for security reasons.
693  */
694 
695 void tty_vhangup(struct tty_struct *tty)
696 {
697 #ifdef TTY_DEBUG_HANGUP
698 	char	buf[64];
699 
700 	printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
701 #endif
702 	__tty_hangup(tty);
703 }
704 
705 EXPORT_SYMBOL(tty_vhangup);
706 
707 
708 /**
709  *	tty_vhangup_self	-	process vhangup for own ctty
710  *
711  *	Perform a vhangup on the current controlling tty
712  */
713 
714 void tty_vhangup_self(void)
715 {
716 	struct tty_struct *tty;
717 
718 	tty = get_current_tty();
719 	if (tty) {
720 		tty_vhangup(tty);
721 		tty_kref_put(tty);
722 	}
723 }
724 
725 /**
726  *	tty_hung_up_p		-	was tty hung up
727  *	@filp: file pointer of tty
728  *
729  *	Return true if the tty has been subject to a vhangup or a carrier
730  *	loss
731  */
732 
733 int tty_hung_up_p(struct file *filp)
734 {
735 	return (filp->f_op == &hung_up_tty_fops);
736 }
737 
738 EXPORT_SYMBOL(tty_hung_up_p);
739 
740 static void session_clear_tty(struct pid *session)
741 {
742 	struct task_struct *p;
743 	do_each_pid_task(session, PIDTYPE_SID, p) {
744 		proc_clear_tty(p);
745 	} while_each_pid_task(session, PIDTYPE_SID, p);
746 }
747 
748 /**
749  *	disassociate_ctty	-	disconnect controlling tty
750  *	@on_exit: true if exiting so need to "hang up" the session
751  *
752  *	This function is typically called only by the session leader, when
753  *	it wants to disassociate itself from its controlling tty.
754  *
755  *	It performs the following functions:
756  * 	(1)  Sends a SIGHUP and SIGCONT to the foreground process group
757  * 	(2)  Clears the tty from being controlling the session
758  * 	(3)  Clears the controlling tty for all processes in the
759  * 		session group.
760  *
761  *	The argument on_exit is set to 1 if called when a process is
762  *	exiting; it is 0 if called by the ioctl TIOCNOTTY.
763  *
764  *	Locking:
765  *		BTM is taken for hysterical raisins, and held when
766  *		  called from no_tty().
767  *		  tty_mutex is taken to protect tty
768  *		  ->siglock is taken to protect ->signal/->sighand
769  *		  tasklist_lock is taken to walk process list for sessions
770  *		    ->siglock is taken to protect ->signal/->sighand
771  */
772 
773 void disassociate_ctty(int on_exit)
774 {
775 	struct tty_struct *tty;
776 	struct pid *tty_pgrp = NULL;
777 
778 	if (!current->signal->leader)
779 		return;
780 
781 	tty = get_current_tty();
782 	if (tty) {
783 		tty_pgrp = get_pid(tty->pgrp);
784 		if (on_exit) {
785 			if (tty->driver->type != TTY_DRIVER_TYPE_PTY)
786 				tty_vhangup(tty);
787 		}
788 		tty_kref_put(tty);
789 	} else if (on_exit) {
790 		struct pid *old_pgrp;
791 		spin_lock_irq(&current->sighand->siglock);
792 		old_pgrp = current->signal->tty_old_pgrp;
793 		current->signal->tty_old_pgrp = NULL;
794 		spin_unlock_irq(&current->sighand->siglock);
795 		if (old_pgrp) {
796 			kill_pgrp(old_pgrp, SIGHUP, on_exit);
797 			kill_pgrp(old_pgrp, SIGCONT, on_exit);
798 			put_pid(old_pgrp);
799 		}
800 		return;
801 	}
802 	if (tty_pgrp) {
803 		kill_pgrp(tty_pgrp, SIGHUP, on_exit);
804 		if (!on_exit)
805 			kill_pgrp(tty_pgrp, SIGCONT, on_exit);
806 		put_pid(tty_pgrp);
807 	}
808 
809 	spin_lock_irq(&current->sighand->siglock);
810 	put_pid(current->signal->tty_old_pgrp);
811 	current->signal->tty_old_pgrp = NULL;
812 	spin_unlock_irq(&current->sighand->siglock);
813 
814 	tty = get_current_tty();
815 	if (tty) {
816 		unsigned long flags;
817 		spin_lock_irqsave(&tty->ctrl_lock, flags);
818 		put_pid(tty->session);
819 		put_pid(tty->pgrp);
820 		tty->session = NULL;
821 		tty->pgrp = NULL;
822 		spin_unlock_irqrestore(&tty->ctrl_lock, flags);
823 		tty_kref_put(tty);
824 	} else {
825 #ifdef TTY_DEBUG_HANGUP
826 		printk(KERN_DEBUG "error attempted to write to tty [0x%p]"
827 		       " = NULL", tty);
828 #endif
829 	}
830 
831 	/* Now clear signal->tty under the lock */
832 	read_lock(&tasklist_lock);
833 	session_clear_tty(task_session(current));
834 	read_unlock(&tasklist_lock);
835 }
836 
837 /**
838  *
839  *	no_tty	- Ensure the current process does not have a controlling tty
840  */
841 void no_tty(void)
842 {
843 	struct task_struct *tsk = current;
844 	tty_lock();
845 	disassociate_ctty(0);
846 	tty_unlock();
847 	proc_clear_tty(tsk);
848 }
849 
850 
851 /**
852  *	stop_tty	-	propagate flow control
853  *	@tty: tty to stop
854  *
855  *	Perform flow control to the driver. For PTY/TTY pairs we
856  *	must also propagate the TIOCKPKT status. May be called
857  *	on an already stopped device and will not re-call the driver
858  *	method.
859  *
860  *	This functionality is used by both the line disciplines for
861  *	halting incoming flow and by the driver. It may therefore be
862  *	called from any context, may be under the tty atomic_write_lock
863  *	but not always.
864  *
865  *	Locking:
866  *		Uses the tty control lock internally
867  */
868 
869 void stop_tty(struct tty_struct *tty)
870 {
871 	unsigned long flags;
872 	spin_lock_irqsave(&tty->ctrl_lock, flags);
873 	if (tty->stopped) {
874 		spin_unlock_irqrestore(&tty->ctrl_lock, flags);
875 		return;
876 	}
877 	tty->stopped = 1;
878 	if (tty->link && tty->link->packet) {
879 		tty->ctrl_status &= ~TIOCPKT_START;
880 		tty->ctrl_status |= TIOCPKT_STOP;
881 		wake_up_interruptible_poll(&tty->link->read_wait, POLLIN);
882 	}
883 	spin_unlock_irqrestore(&tty->ctrl_lock, flags);
884 	if (tty->ops->stop)
885 		(tty->ops->stop)(tty);
886 }
887 
888 EXPORT_SYMBOL(stop_tty);
889 
890 /**
891  *	start_tty	-	propagate flow control
892  *	@tty: tty to start
893  *
894  *	Start a tty that has been stopped if at all possible. Perform
895  *	any necessary wakeups and propagate the TIOCPKT status. If this
896  *	is the tty was previous stopped and is being started then the
897  *	driver start method is invoked and the line discipline woken.
898  *
899  *	Locking:
900  *		ctrl_lock
901  */
902 
903 void start_tty(struct tty_struct *tty)
904 {
905 	unsigned long flags;
906 	spin_lock_irqsave(&tty->ctrl_lock, flags);
907 	if (!tty->stopped || tty->flow_stopped) {
908 		spin_unlock_irqrestore(&tty->ctrl_lock, flags);
909 		return;
910 	}
911 	tty->stopped = 0;
912 	if (tty->link && tty->link->packet) {
913 		tty->ctrl_status &= ~TIOCPKT_STOP;
914 		tty->ctrl_status |= TIOCPKT_START;
915 		wake_up_interruptible_poll(&tty->link->read_wait, POLLIN);
916 	}
917 	spin_unlock_irqrestore(&tty->ctrl_lock, flags);
918 	if (tty->ops->start)
919 		(tty->ops->start)(tty);
920 	/* If we have a running line discipline it may need kicking */
921 	tty_wakeup(tty);
922 }
923 
924 EXPORT_SYMBOL(start_tty);
925 
926 /**
927  *	tty_read	-	read method for tty device files
928  *	@file: pointer to tty file
929  *	@buf: user buffer
930  *	@count: size of user buffer
931  *	@ppos: unused
932  *
933  *	Perform the read system call function on this terminal device. Checks
934  *	for hung up devices before calling the line discipline method.
935  *
936  *	Locking:
937  *		Locks the line discipline internally while needed. Multiple
938  *	read calls may be outstanding in parallel.
939  */
940 
941 static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
942 			loff_t *ppos)
943 {
944 	int i;
945 	struct inode *inode = file->f_path.dentry->d_inode;
946 	struct tty_struct *tty = file_tty(file);
947 	struct tty_ldisc *ld;
948 
949 	if (tty_paranoia_check(tty, inode, "tty_read"))
950 		return -EIO;
951 	if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
952 		return -EIO;
953 
954 	/* We want to wait for the line discipline to sort out in this
955 	   situation */
956 	ld = tty_ldisc_ref_wait(tty);
957 	if (ld->ops->read)
958 		i = (ld->ops->read)(tty, file, buf, count);
959 	else
960 		i = -EIO;
961 	tty_ldisc_deref(ld);
962 	if (i > 0)
963 		inode->i_atime = current_fs_time(inode->i_sb);
964 	return i;
965 }
966 
967 void tty_write_unlock(struct tty_struct *tty)
968 {
969 	mutex_unlock(&tty->atomic_write_lock);
970 	wake_up_interruptible_poll(&tty->write_wait, POLLOUT);
971 }
972 
973 int tty_write_lock(struct tty_struct *tty, int ndelay)
974 {
975 	if (!mutex_trylock(&tty->atomic_write_lock)) {
976 		if (ndelay)
977 			return -EAGAIN;
978 		if (mutex_lock_interruptible(&tty->atomic_write_lock))
979 			return -ERESTARTSYS;
980 	}
981 	return 0;
982 }
983 
984 /*
985  * Split writes up in sane blocksizes to avoid
986  * denial-of-service type attacks
987  */
988 static inline ssize_t do_tty_write(
989 	ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
990 	struct tty_struct *tty,
991 	struct file *file,
992 	const char __user *buf,
993 	size_t count)
994 {
995 	ssize_t ret, written = 0;
996 	unsigned int chunk;
997 
998 	ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
999 	if (ret < 0)
1000 		return ret;
1001 
1002 	/*
1003 	 * We chunk up writes into a temporary buffer. This
1004 	 * simplifies low-level drivers immensely, since they
1005 	 * don't have locking issues and user mode accesses.
1006 	 *
1007 	 * But if TTY_NO_WRITE_SPLIT is set, we should use a
1008 	 * big chunk-size..
1009 	 *
1010 	 * The default chunk-size is 2kB, because the NTTY
1011 	 * layer has problems with bigger chunks. It will
1012 	 * claim to be able to handle more characters than
1013 	 * it actually does.
1014 	 *
1015 	 * FIXME: This can probably go away now except that 64K chunks
1016 	 * are too likely to fail unless switched to vmalloc...
1017 	 */
1018 	chunk = 2048;
1019 	if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1020 		chunk = 65536;
1021 	if (count < chunk)
1022 		chunk = count;
1023 
1024 	/* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1025 	if (tty->write_cnt < chunk) {
1026 		unsigned char *buf_chunk;
1027 
1028 		if (chunk < 1024)
1029 			chunk = 1024;
1030 
1031 		buf_chunk = kmalloc(chunk, GFP_KERNEL);
1032 		if (!buf_chunk) {
1033 			ret = -ENOMEM;
1034 			goto out;
1035 		}
1036 		kfree(tty->write_buf);
1037 		tty->write_cnt = chunk;
1038 		tty->write_buf = buf_chunk;
1039 	}
1040 
1041 	/* Do the write .. */
1042 	for (;;) {
1043 		size_t size = count;
1044 		if (size > chunk)
1045 			size = chunk;
1046 		ret = -EFAULT;
1047 		if (copy_from_user(tty->write_buf, buf, size))
1048 			break;
1049 		ret = write(tty, file, tty->write_buf, size);
1050 		if (ret <= 0)
1051 			break;
1052 		written += ret;
1053 		buf += ret;
1054 		count -= ret;
1055 		if (!count)
1056 			break;
1057 		ret = -ERESTARTSYS;
1058 		if (signal_pending(current))
1059 			break;
1060 		cond_resched();
1061 	}
1062 	if (written) {
1063 		struct inode *inode = file->f_path.dentry->d_inode;
1064 		inode->i_mtime = current_fs_time(inode->i_sb);
1065 		ret = written;
1066 	}
1067 out:
1068 	tty_write_unlock(tty);
1069 	return ret;
1070 }
1071 
1072 /**
1073  * tty_write_message - write a message to a certain tty, not just the console.
1074  * @tty: the destination tty_struct
1075  * @msg: the message to write
1076  *
1077  * This is used for messages that need to be redirected to a specific tty.
1078  * We don't put it into the syslog queue right now maybe in the future if
1079  * really needed.
1080  *
1081  * We must still hold the BTM and test the CLOSING flag for the moment.
1082  */
1083 
1084 void tty_write_message(struct tty_struct *tty, char *msg)
1085 {
1086 	if (tty) {
1087 		mutex_lock(&tty->atomic_write_lock);
1088 		tty_lock();
1089 		if (tty->ops->write && !test_bit(TTY_CLOSING, &tty->flags)) {
1090 			tty_unlock();
1091 			tty->ops->write(tty, msg, strlen(msg));
1092 		} else
1093 			tty_unlock();
1094 		tty_write_unlock(tty);
1095 	}
1096 	return;
1097 }
1098 
1099 
1100 /**
1101  *	tty_write		-	write method for tty device file
1102  *	@file: tty file pointer
1103  *	@buf: user data to write
1104  *	@count: bytes to write
1105  *	@ppos: unused
1106  *
1107  *	Write data to a tty device via the line discipline.
1108  *
1109  *	Locking:
1110  *		Locks the line discipline as required
1111  *		Writes to the tty driver are serialized by the atomic_write_lock
1112  *	and are then processed in chunks to the device. The line discipline
1113  *	write method will not be invoked in parallel for each device.
1114  */
1115 
1116 static ssize_t tty_write(struct file *file, const char __user *buf,
1117 						size_t count, loff_t *ppos)
1118 {
1119 	struct inode *inode = file->f_path.dentry->d_inode;
1120 	struct tty_struct *tty = file_tty(file);
1121  	struct tty_ldisc *ld;
1122 	ssize_t ret;
1123 
1124 	if (tty_paranoia_check(tty, inode, "tty_write"))
1125 		return -EIO;
1126 	if (!tty || !tty->ops->write ||
1127 		(test_bit(TTY_IO_ERROR, &tty->flags)))
1128 			return -EIO;
1129 	/* Short term debug to catch buggy drivers */
1130 	if (tty->ops->write_room == NULL)
1131 		printk(KERN_ERR "tty driver %s lacks a write_room method.\n",
1132 			tty->driver->name);
1133 	ld = tty_ldisc_ref_wait(tty);
1134 	if (!ld->ops->write)
1135 		ret = -EIO;
1136 	else
1137 		ret = do_tty_write(ld->ops->write, tty, file, buf, count);
1138 	tty_ldisc_deref(ld);
1139 	return ret;
1140 }
1141 
1142 ssize_t redirected_tty_write(struct file *file, const char __user *buf,
1143 						size_t count, loff_t *ppos)
1144 {
1145 	struct file *p = NULL;
1146 
1147 	spin_lock(&redirect_lock);
1148 	if (redirect) {
1149 		get_file(redirect);
1150 		p = redirect;
1151 	}
1152 	spin_unlock(&redirect_lock);
1153 
1154 	if (p) {
1155 		ssize_t res;
1156 		res = vfs_write(p, buf, count, &p->f_pos);
1157 		fput(p);
1158 		return res;
1159 	}
1160 	return tty_write(file, buf, count, ppos);
1161 }
1162 
1163 static char ptychar[] = "pqrstuvwxyzabcde";
1164 
1165 /**
1166  *	pty_line_name	-	generate name for a pty
1167  *	@driver: the tty driver in use
1168  *	@index: the minor number
1169  *	@p: output buffer of at least 6 bytes
1170  *
1171  *	Generate a name from a driver reference and write it to the output
1172  *	buffer.
1173  *
1174  *	Locking: None
1175  */
1176 static void pty_line_name(struct tty_driver *driver, int index, char *p)
1177 {
1178 	int i = index + driver->name_base;
1179 	/* ->name is initialized to "ttyp", but "tty" is expected */
1180 	sprintf(p, "%s%c%x",
1181 		driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1182 		ptychar[i >> 4 & 0xf], i & 0xf);
1183 }
1184 
1185 /**
1186  *	tty_line_name	-	generate name for a tty
1187  *	@driver: the tty driver in use
1188  *	@index: the minor number
1189  *	@p: output buffer of at least 7 bytes
1190  *
1191  *	Generate a name from a driver reference and write it to the output
1192  *	buffer.
1193  *
1194  *	Locking: None
1195  */
1196 static void tty_line_name(struct tty_driver *driver, int index, char *p)
1197 {
1198 	sprintf(p, "%s%d", driver->name, index + driver->name_base);
1199 }
1200 
1201 /**
1202  *	tty_driver_lookup_tty() - find an existing tty, if any
1203  *	@driver: the driver for the tty
1204  *	@idx:	 the minor number
1205  *
1206  *	Return the tty, if found or ERR_PTR() otherwise.
1207  *
1208  *	Locking: tty_mutex must be held. If tty is found, the mutex must
1209  *	be held until the 'fast-open' is also done. Will change once we
1210  *	have refcounting in the driver and per driver locking
1211  */
1212 static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver,
1213 		struct inode *inode, int idx)
1214 {
1215 	struct tty_struct *tty;
1216 
1217 	if (driver->ops->lookup)
1218 		return driver->ops->lookup(driver, inode, idx);
1219 
1220 	tty = driver->ttys[idx];
1221 	return tty;
1222 }
1223 
1224 /**
1225  *	tty_init_termios	-  helper for termios setup
1226  *	@tty: the tty to set up
1227  *
1228  *	Initialise the termios structures for this tty. Thus runs under
1229  *	the tty_mutex currently so we can be relaxed about ordering.
1230  */
1231 
1232 int tty_init_termios(struct tty_struct *tty)
1233 {
1234 	struct ktermios *tp;
1235 	int idx = tty->index;
1236 
1237 	tp = tty->driver->termios[idx];
1238 	if (tp == NULL) {
1239 		tp = kzalloc(sizeof(struct ktermios[2]), GFP_KERNEL);
1240 		if (tp == NULL)
1241 			return -ENOMEM;
1242 		memcpy(tp, &tty->driver->init_termios,
1243 						sizeof(struct ktermios));
1244 		tty->driver->termios[idx] = tp;
1245 	}
1246 	tty->termios = tp;
1247 	tty->termios_locked = tp + 1;
1248 
1249 	/* Compatibility until drivers always set this */
1250 	tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
1251 	tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
1252 	return 0;
1253 }
1254 EXPORT_SYMBOL_GPL(tty_init_termios);
1255 
1256 /**
1257  *	tty_driver_install_tty() - install a tty entry in the driver
1258  *	@driver: the driver for the tty
1259  *	@tty: the tty
1260  *
1261  *	Install a tty object into the driver tables. The tty->index field
1262  *	will be set by the time this is called. This method is responsible
1263  *	for ensuring any need additional structures are allocated and
1264  *	configured.
1265  *
1266  *	Locking: tty_mutex for now
1267  */
1268 static int tty_driver_install_tty(struct tty_driver *driver,
1269 						struct tty_struct *tty)
1270 {
1271 	int idx = tty->index;
1272 	int ret;
1273 
1274 	if (driver->ops->install) {
1275 		ret = driver->ops->install(driver, tty);
1276 		return ret;
1277 	}
1278 
1279 	if (tty_init_termios(tty) == 0) {
1280 		tty_driver_kref_get(driver);
1281 		tty->count++;
1282 		driver->ttys[idx] = tty;
1283 		return 0;
1284 	}
1285 	return -ENOMEM;
1286 }
1287 
1288 /**
1289  *	tty_driver_remove_tty() - remove a tty from the driver tables
1290  *	@driver: the driver for the tty
1291  *	@idx:	 the minor number
1292  *
1293  *	Remvoe a tty object from the driver tables. The tty->index field
1294  *	will be set by the time this is called.
1295  *
1296  *	Locking: tty_mutex for now
1297  */
1298 static void tty_driver_remove_tty(struct tty_driver *driver,
1299 						struct tty_struct *tty)
1300 {
1301 	if (driver->ops->remove)
1302 		driver->ops->remove(driver, tty);
1303 	else
1304 		driver->ttys[tty->index] = NULL;
1305 }
1306 
1307 /*
1308  * 	tty_reopen()	- fast re-open of an open tty
1309  * 	@tty	- the tty to open
1310  *
1311  *	Return 0 on success, -errno on error.
1312  *
1313  *	Locking: tty_mutex must be held from the time the tty was found
1314  *		 till this open completes.
1315  */
1316 static int tty_reopen(struct tty_struct *tty)
1317 {
1318 	struct tty_driver *driver = tty->driver;
1319 
1320 	if (test_bit(TTY_CLOSING, &tty->flags) ||
1321 			test_bit(TTY_HUPPING, &tty->flags) ||
1322 			test_bit(TTY_LDISC_CHANGING, &tty->flags))
1323 		return -EIO;
1324 
1325 	if (driver->type == TTY_DRIVER_TYPE_PTY &&
1326 	    driver->subtype == PTY_TYPE_MASTER) {
1327 		/*
1328 		 * special case for PTY masters: only one open permitted,
1329 		 * and the slave side open count is incremented as well.
1330 		 */
1331 		if (tty->count)
1332 			return -EIO;
1333 
1334 		tty->link->count++;
1335 	}
1336 	tty->count++;
1337 	tty->driver = driver; /* N.B. why do this every time?? */
1338 
1339 	mutex_lock(&tty->ldisc_mutex);
1340 	WARN_ON(!test_bit(TTY_LDISC, &tty->flags));
1341 	mutex_unlock(&tty->ldisc_mutex);
1342 
1343 	return 0;
1344 }
1345 
1346 /**
1347  *	tty_init_dev		-	initialise a tty device
1348  *	@driver: tty driver we are opening a device on
1349  *	@idx: device index
1350  *	@ret_tty: returned tty structure
1351  *	@first_ok: ok to open a new device (used by ptmx)
1352  *
1353  *	Prepare a tty device. This may not be a "new" clean device but
1354  *	could also be an active device. The pty drivers require special
1355  *	handling because of this.
1356  *
1357  *	Locking:
1358  *		The function is called under the tty_mutex, which
1359  *	protects us from the tty struct or driver itself going away.
1360  *
1361  *	On exit the tty device has the line discipline attached and
1362  *	a reference count of 1. If a pair was created for pty/tty use
1363  *	and the other was a pty master then it too has a reference count of 1.
1364  *
1365  * WSH 06/09/97: Rewritten to remove races and properly clean up after a
1366  * failed open.  The new code protects the open with a mutex, so it's
1367  * really quite straightforward.  The mutex locking can probably be
1368  * relaxed for the (most common) case of reopening a tty.
1369  */
1370 
1371 struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx,
1372 								int first_ok)
1373 {
1374 	struct tty_struct *tty;
1375 	int retval;
1376 
1377 	/* Check if pty master is being opened multiple times */
1378 	if (driver->subtype == PTY_TYPE_MASTER &&
1379 		(driver->flags & TTY_DRIVER_DEVPTS_MEM) && !first_ok) {
1380 		return ERR_PTR(-EIO);
1381 	}
1382 
1383 	/*
1384 	 * First time open is complex, especially for PTY devices.
1385 	 * This code guarantees that either everything succeeds and the
1386 	 * TTY is ready for operation, or else the table slots are vacated
1387 	 * and the allocated memory released.  (Except that the termios
1388 	 * and locked termios may be retained.)
1389 	 */
1390 
1391 	if (!try_module_get(driver->owner))
1392 		return ERR_PTR(-ENODEV);
1393 
1394 	tty = alloc_tty_struct();
1395 	if (!tty)
1396 		goto fail_no_mem;
1397 	initialize_tty_struct(tty, driver, idx);
1398 
1399 	retval = tty_driver_install_tty(driver, tty);
1400 	if (retval < 0) {
1401 		free_tty_struct(tty);
1402 		module_put(driver->owner);
1403 		return ERR_PTR(retval);
1404 	}
1405 
1406 	/*
1407 	 * Structures all installed ... call the ldisc open routines.
1408 	 * If we fail here just call release_tty to clean up.  No need
1409 	 * to decrement the use counts, as release_tty doesn't care.
1410 	 */
1411 	retval = tty_ldisc_setup(tty, tty->link);
1412 	if (retval)
1413 		goto release_mem_out;
1414 	return tty;
1415 
1416 fail_no_mem:
1417 	module_put(driver->owner);
1418 	return ERR_PTR(-ENOMEM);
1419 
1420 	/* call the tty release_tty routine to clean out this slot */
1421 release_mem_out:
1422 	if (printk_ratelimit())
1423 		printk(KERN_INFO "tty_init_dev: ldisc open failed, "
1424 				 "clearing slot %d\n", idx);
1425 	release_tty(tty, idx);
1426 	return ERR_PTR(retval);
1427 }
1428 
1429 void tty_free_termios(struct tty_struct *tty)
1430 {
1431 	struct ktermios *tp;
1432 	int idx = tty->index;
1433 	/* Kill this flag and push into drivers for locking etc */
1434 	if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
1435 		/* FIXME: Locking on ->termios array */
1436 		tp = tty->termios;
1437 		tty->driver->termios[idx] = NULL;
1438 		kfree(tp);
1439 	}
1440 }
1441 EXPORT_SYMBOL(tty_free_termios);
1442 
1443 void tty_shutdown(struct tty_struct *tty)
1444 {
1445 	tty_driver_remove_tty(tty->driver, tty);
1446 	tty_free_termios(tty);
1447 }
1448 EXPORT_SYMBOL(tty_shutdown);
1449 
1450 /**
1451  *	release_one_tty		-	release tty structure memory
1452  *	@kref: kref of tty we are obliterating
1453  *
1454  *	Releases memory associated with a tty structure, and clears out the
1455  *	driver table slots. This function is called when a device is no longer
1456  *	in use. It also gets called when setup of a device fails.
1457  *
1458  *	Locking:
1459  *		tty_mutex - sometimes only
1460  *		takes the file list lock internally when working on the list
1461  *	of ttys that the driver keeps.
1462  *
1463  *	This method gets called from a work queue so that the driver private
1464  *	cleanup ops can sleep (needed for USB at least)
1465  */
1466 static void release_one_tty(struct work_struct *work)
1467 {
1468 	struct tty_struct *tty =
1469 		container_of(work, struct tty_struct, hangup_work);
1470 	struct tty_driver *driver = tty->driver;
1471 
1472 	if (tty->ops->cleanup)
1473 		tty->ops->cleanup(tty);
1474 
1475 	tty->magic = 0;
1476 	tty_driver_kref_put(driver);
1477 	module_put(driver->owner);
1478 
1479 	spin_lock(&tty_files_lock);
1480 	list_del_init(&tty->tty_files);
1481 	spin_unlock(&tty_files_lock);
1482 
1483 	put_pid(tty->pgrp);
1484 	put_pid(tty->session);
1485 	free_tty_struct(tty);
1486 }
1487 
1488 static void queue_release_one_tty(struct kref *kref)
1489 {
1490 	struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
1491 
1492 	if (tty->ops->shutdown)
1493 		tty->ops->shutdown(tty);
1494 	else
1495 		tty_shutdown(tty);
1496 
1497 	/* The hangup queue is now free so we can reuse it rather than
1498 	   waste a chunk of memory for each port */
1499 	INIT_WORK(&tty->hangup_work, release_one_tty);
1500 	schedule_work(&tty->hangup_work);
1501 }
1502 
1503 /**
1504  *	tty_kref_put		-	release a tty kref
1505  *	@tty: tty device
1506  *
1507  *	Release a reference to a tty device and if need be let the kref
1508  *	layer destruct the object for us
1509  */
1510 
1511 void tty_kref_put(struct tty_struct *tty)
1512 {
1513 	if (tty)
1514 		kref_put(&tty->kref, queue_release_one_tty);
1515 }
1516 EXPORT_SYMBOL(tty_kref_put);
1517 
1518 /**
1519  *	release_tty		-	release tty structure memory
1520  *
1521  *	Release both @tty and a possible linked partner (think pty pair),
1522  *	and decrement the refcount of the backing module.
1523  *
1524  *	Locking:
1525  *		tty_mutex - sometimes only
1526  *		takes the file list lock internally when working on the list
1527  *	of ttys that the driver keeps.
1528  *		FIXME: should we require tty_mutex is held here ??
1529  *
1530  */
1531 static void release_tty(struct tty_struct *tty, int idx)
1532 {
1533 	/* This should always be true but check for the moment */
1534 	WARN_ON(tty->index != idx);
1535 
1536 	if (tty->link)
1537 		tty_kref_put(tty->link);
1538 	tty_kref_put(tty);
1539 }
1540 
1541 /**
1542  *	tty_release		-	vfs callback for close
1543  *	@inode: inode of tty
1544  *	@filp: file pointer for handle to tty
1545  *
1546  *	Called the last time each file handle is closed that references
1547  *	this tty. There may however be several such references.
1548  *
1549  *	Locking:
1550  *		Takes bkl. See tty_release_dev
1551  *
1552  * Even releasing the tty structures is a tricky business.. We have
1553  * to be very careful that the structures are all released at the
1554  * same time, as interrupts might otherwise get the wrong pointers.
1555  *
1556  * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1557  * lead to double frees or releasing memory still in use.
1558  */
1559 
1560 int tty_release(struct inode *inode, struct file *filp)
1561 {
1562 	struct tty_struct *tty = file_tty(filp);
1563 	struct tty_struct *o_tty;
1564 	int	pty_master, tty_closing, o_tty_closing, do_sleep;
1565 	int	devpts;
1566 	int	idx;
1567 	char	buf[64];
1568 
1569 	if (tty_paranoia_check(tty, inode, "tty_release_dev"))
1570 		return 0;
1571 
1572 	tty_lock();
1573 	check_tty_count(tty, "tty_release_dev");
1574 
1575 	__tty_fasync(-1, filp, 0);
1576 
1577 	idx = tty->index;
1578 	pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1579 		      tty->driver->subtype == PTY_TYPE_MASTER);
1580 	devpts = (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) != 0;
1581 	o_tty = tty->link;
1582 
1583 #ifdef TTY_PARANOIA_CHECK
1584 	if (idx < 0 || idx >= tty->driver->num) {
1585 		printk(KERN_DEBUG "tty_release_dev: bad idx when trying to "
1586 				  "free (%s)\n", tty->name);
1587 		tty_unlock();
1588 		return 0;
1589 	}
1590 	if (!devpts) {
1591 		if (tty != tty->driver->ttys[idx]) {
1592 			tty_unlock();
1593 			printk(KERN_DEBUG "tty_release_dev: driver.table[%d] not tty "
1594 			       "for (%s)\n", idx, tty->name);
1595 			return 0;
1596 		}
1597 		if (tty->termios != tty->driver->termios[idx]) {
1598 			tty_unlock();
1599 			printk(KERN_DEBUG "tty_release_dev: driver.termios[%d] not termios "
1600 			       "for (%s)\n",
1601 			       idx, tty->name);
1602 			return 0;
1603 		}
1604 	}
1605 #endif
1606 
1607 #ifdef TTY_DEBUG_HANGUP
1608 	printk(KERN_DEBUG "tty_release_dev of %s (tty count=%d)...",
1609 	       tty_name(tty, buf), tty->count);
1610 #endif
1611 
1612 #ifdef TTY_PARANOIA_CHECK
1613 	if (tty->driver->other &&
1614 	     !(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
1615 		if (o_tty != tty->driver->other->ttys[idx]) {
1616 			tty_unlock();
1617 			printk(KERN_DEBUG "tty_release_dev: other->table[%d] "
1618 					  "not o_tty for (%s)\n",
1619 			       idx, tty->name);
1620 			return 0 ;
1621 		}
1622 		if (o_tty->termios != tty->driver->other->termios[idx]) {
1623 			tty_unlock();
1624 			printk(KERN_DEBUG "tty_release_dev: other->termios[%d] "
1625 					  "not o_termios for (%s)\n",
1626 			       idx, tty->name);
1627 			return 0;
1628 		}
1629 		if (o_tty->link != tty) {
1630 			tty_unlock();
1631 			printk(KERN_DEBUG "tty_release_dev: bad pty pointers\n");
1632 			return 0;
1633 		}
1634 	}
1635 #endif
1636 	if (tty->ops->close)
1637 		tty->ops->close(tty, filp);
1638 
1639 	tty_unlock();
1640 	/*
1641 	 * Sanity check: if tty->count is going to zero, there shouldn't be
1642 	 * any waiters on tty->read_wait or tty->write_wait.  We test the
1643 	 * wait queues and kick everyone out _before_ actually starting to
1644 	 * close.  This ensures that we won't block while releasing the tty
1645 	 * structure.
1646 	 *
1647 	 * The test for the o_tty closing is necessary, since the master and
1648 	 * slave sides may close in any order.  If the slave side closes out
1649 	 * first, its count will be one, since the master side holds an open.
1650 	 * Thus this test wouldn't be triggered at the time the slave closes,
1651 	 * so we do it now.
1652 	 *
1653 	 * Note that it's possible for the tty to be opened again while we're
1654 	 * flushing out waiters.  By recalculating the closing flags before
1655 	 * each iteration we avoid any problems.
1656 	 */
1657 	while (1) {
1658 		/* Guard against races with tty->count changes elsewhere and
1659 		   opens on /dev/tty */
1660 
1661 		mutex_lock(&tty_mutex);
1662 		tty_lock();
1663 		tty_closing = tty->count <= 1;
1664 		o_tty_closing = o_tty &&
1665 			(o_tty->count <= (pty_master ? 1 : 0));
1666 		do_sleep = 0;
1667 
1668 		if (tty_closing) {
1669 			if (waitqueue_active(&tty->read_wait)) {
1670 				wake_up_poll(&tty->read_wait, POLLIN);
1671 				do_sleep++;
1672 			}
1673 			if (waitqueue_active(&tty->write_wait)) {
1674 				wake_up_poll(&tty->write_wait, POLLOUT);
1675 				do_sleep++;
1676 			}
1677 		}
1678 		if (o_tty_closing) {
1679 			if (waitqueue_active(&o_tty->read_wait)) {
1680 				wake_up_poll(&o_tty->read_wait, POLLIN);
1681 				do_sleep++;
1682 			}
1683 			if (waitqueue_active(&o_tty->write_wait)) {
1684 				wake_up_poll(&o_tty->write_wait, POLLOUT);
1685 				do_sleep++;
1686 			}
1687 		}
1688 		if (!do_sleep)
1689 			break;
1690 
1691 		printk(KERN_WARNING "tty_release_dev: %s: read/write wait queue "
1692 				    "active!\n", tty_name(tty, buf));
1693 		tty_unlock();
1694 		mutex_unlock(&tty_mutex);
1695 		schedule();
1696 	}
1697 
1698 	/*
1699 	 * The closing flags are now consistent with the open counts on
1700 	 * both sides, and we've completed the last operation that could
1701 	 * block, so it's safe to proceed with closing.
1702 	 */
1703 	if (pty_master) {
1704 		if (--o_tty->count < 0) {
1705 			printk(KERN_WARNING "tty_release_dev: bad pty slave count "
1706 					    "(%d) for %s\n",
1707 			       o_tty->count, tty_name(o_tty, buf));
1708 			o_tty->count = 0;
1709 		}
1710 	}
1711 	if (--tty->count < 0) {
1712 		printk(KERN_WARNING "tty_release_dev: bad tty->count (%d) for %s\n",
1713 		       tty->count, tty_name(tty, buf));
1714 		tty->count = 0;
1715 	}
1716 
1717 	/*
1718 	 * We've decremented tty->count, so we need to remove this file
1719 	 * descriptor off the tty->tty_files list; this serves two
1720 	 * purposes:
1721 	 *  - check_tty_count sees the correct number of file descriptors
1722 	 *    associated with this tty.
1723 	 *  - do_tty_hangup no longer sees this file descriptor as
1724 	 *    something that needs to be handled for hangups.
1725 	 */
1726 	tty_del_file(filp);
1727 
1728 	/*
1729 	 * Perform some housekeeping before deciding whether to return.
1730 	 *
1731 	 * Set the TTY_CLOSING flag if this was the last open.  In the
1732 	 * case of a pty we may have to wait around for the other side
1733 	 * to close, and TTY_CLOSING makes sure we can't be reopened.
1734 	 */
1735 	if (tty_closing)
1736 		set_bit(TTY_CLOSING, &tty->flags);
1737 	if (o_tty_closing)
1738 		set_bit(TTY_CLOSING, &o_tty->flags);
1739 
1740 	/*
1741 	 * If _either_ side is closing, make sure there aren't any
1742 	 * processes that still think tty or o_tty is their controlling
1743 	 * tty.
1744 	 */
1745 	if (tty_closing || o_tty_closing) {
1746 		read_lock(&tasklist_lock);
1747 		session_clear_tty(tty->session);
1748 		if (o_tty)
1749 			session_clear_tty(o_tty->session);
1750 		read_unlock(&tasklist_lock);
1751 	}
1752 
1753 	mutex_unlock(&tty_mutex);
1754 
1755 	/* check whether both sides are closing ... */
1756 	if (!tty_closing || (o_tty && !o_tty_closing)) {
1757 		tty_unlock();
1758 		return 0;
1759 	}
1760 
1761 #ifdef TTY_DEBUG_HANGUP
1762 	printk(KERN_DEBUG "freeing tty structure...");
1763 #endif
1764 	/*
1765 	 * Ask the line discipline code to release its structures
1766 	 */
1767 	tty_ldisc_release(tty, o_tty);
1768 	/*
1769 	 * The release_tty function takes care of the details of clearing
1770 	 * the slots and preserving the termios structure.
1771 	 */
1772 	release_tty(tty, idx);
1773 
1774 	/* Make this pty number available for reallocation */
1775 	if (devpts)
1776 		devpts_kill_index(inode, idx);
1777 	tty_unlock();
1778 	return 0;
1779 }
1780 
1781 /**
1782  *	tty_open		-	open a tty device
1783  *	@inode: inode of device file
1784  *	@filp: file pointer to tty
1785  *
1786  *	tty_open and tty_release keep up the tty count that contains the
1787  *	number of opens done on a tty. We cannot use the inode-count, as
1788  *	different inodes might point to the same tty.
1789  *
1790  *	Open-counting is needed for pty masters, as well as for keeping
1791  *	track of serial lines: DTR is dropped when the last close happens.
1792  *	(This is not done solely through tty->count, now.  - Ted 1/27/92)
1793  *
1794  *	The termios state of a pty is reset on first open so that
1795  *	settings don't persist across reuse.
1796  *
1797  *	Locking: tty_mutex protects tty, get_tty_driver and tty_init_dev work.
1798  *		 tty->count should protect the rest.
1799  *		 ->siglock protects ->signal/->sighand
1800  */
1801 
1802 static int tty_open(struct inode *inode, struct file *filp)
1803 {
1804 	struct tty_struct *tty = NULL;
1805 	int noctty, retval;
1806 	struct tty_driver *driver;
1807 	int index;
1808 	dev_t device = inode->i_rdev;
1809 	unsigned saved_flags = filp->f_flags;
1810 
1811 	nonseekable_open(inode, filp);
1812 
1813 retry_open:
1814 	noctty = filp->f_flags & O_NOCTTY;
1815 	index  = -1;
1816 	retval = 0;
1817 
1818 	mutex_lock(&tty_mutex);
1819 	tty_lock();
1820 
1821 	if (device == MKDEV(TTYAUX_MAJOR, 0)) {
1822 		tty = get_current_tty();
1823 		if (!tty) {
1824 			tty_unlock();
1825 			mutex_unlock(&tty_mutex);
1826 			return -ENXIO;
1827 		}
1828 		driver = tty_driver_kref_get(tty->driver);
1829 		index = tty->index;
1830 		filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
1831 		/* noctty = 1; */
1832 		/* FIXME: Should we take a driver reference ? */
1833 		tty_kref_put(tty);
1834 		goto got_driver;
1835 	}
1836 #ifdef CONFIG_VT
1837 	if (device == MKDEV(TTY_MAJOR, 0)) {
1838 		extern struct tty_driver *console_driver;
1839 		driver = tty_driver_kref_get(console_driver);
1840 		index = fg_console;
1841 		noctty = 1;
1842 		goto got_driver;
1843 	}
1844 #endif
1845 	if (device == MKDEV(TTYAUX_MAJOR, 1)) {
1846 		struct tty_driver *console_driver = console_device(&index);
1847 		if (console_driver) {
1848 			driver = tty_driver_kref_get(console_driver);
1849 			if (driver) {
1850 				/* Don't let /dev/console block */
1851 				filp->f_flags |= O_NONBLOCK;
1852 				noctty = 1;
1853 				goto got_driver;
1854 			}
1855 		}
1856 		tty_unlock();
1857 		mutex_unlock(&tty_mutex);
1858 		return -ENODEV;
1859 	}
1860 
1861 	driver = get_tty_driver(device, &index);
1862 	if (!driver) {
1863 		tty_unlock();
1864 		mutex_unlock(&tty_mutex);
1865 		return -ENODEV;
1866 	}
1867 got_driver:
1868 	if (!tty) {
1869 		/* check whether we're reopening an existing tty */
1870 		tty = tty_driver_lookup_tty(driver, inode, index);
1871 
1872 		if (IS_ERR(tty)) {
1873 			tty_unlock();
1874 			mutex_unlock(&tty_mutex);
1875 			return PTR_ERR(tty);
1876 		}
1877 	}
1878 
1879 	if (tty) {
1880 		retval = tty_reopen(tty);
1881 		if (retval)
1882 			tty = ERR_PTR(retval);
1883 	} else
1884 		tty = tty_init_dev(driver, index, 0);
1885 
1886 	mutex_unlock(&tty_mutex);
1887 	tty_driver_kref_put(driver);
1888 	if (IS_ERR(tty)) {
1889 		tty_unlock();
1890 		return PTR_ERR(tty);
1891 	}
1892 
1893 	retval = tty_add_file(tty, filp);
1894 	if (retval) {
1895 		tty_unlock();
1896 		return retval;
1897 	}
1898 
1899 	check_tty_count(tty, "tty_open");
1900 	if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1901 	    tty->driver->subtype == PTY_TYPE_MASTER)
1902 		noctty = 1;
1903 #ifdef TTY_DEBUG_HANGUP
1904 	printk(KERN_DEBUG "opening %s...", tty->name);
1905 #endif
1906 	if (!retval) {
1907 		if (tty->ops->open)
1908 			retval = tty->ops->open(tty, filp);
1909 		else
1910 			retval = -ENODEV;
1911 	}
1912 	filp->f_flags = saved_flags;
1913 
1914 	if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) &&
1915 						!capable(CAP_SYS_ADMIN))
1916 		retval = -EBUSY;
1917 
1918 	if (retval) {
1919 #ifdef TTY_DEBUG_HANGUP
1920 		printk(KERN_DEBUG "error %d in opening %s...", retval,
1921 		       tty->name);
1922 #endif
1923 		tty_unlock(); /* need to call tty_release without BTM */
1924 		tty_release(inode, filp);
1925 		if (retval != -ERESTARTSYS)
1926 			return retval;
1927 
1928 		if (signal_pending(current))
1929 			return retval;
1930 
1931 		schedule();
1932 		/*
1933 		 * Need to reset f_op in case a hangup happened.
1934 		 */
1935 		tty_lock();
1936 		if (filp->f_op == &hung_up_tty_fops)
1937 			filp->f_op = &tty_fops;
1938 		tty_unlock();
1939 		goto retry_open;
1940 	}
1941 	tty_unlock();
1942 
1943 
1944 	mutex_lock(&tty_mutex);
1945 	tty_lock();
1946 	spin_lock_irq(&current->sighand->siglock);
1947 	if (!noctty &&
1948 	    current->signal->leader &&
1949 	    !current->signal->tty &&
1950 	    tty->session == NULL)
1951 		__proc_set_tty(current, tty);
1952 	spin_unlock_irq(&current->sighand->siglock);
1953 	tty_unlock();
1954 	mutex_unlock(&tty_mutex);
1955 	return 0;
1956 }
1957 
1958 
1959 
1960 /**
1961  *	tty_poll	-	check tty status
1962  *	@filp: file being polled
1963  *	@wait: poll wait structures to update
1964  *
1965  *	Call the line discipline polling method to obtain the poll
1966  *	status of the device.
1967  *
1968  *	Locking: locks called line discipline but ldisc poll method
1969  *	may be re-entered freely by other callers.
1970  */
1971 
1972 static unsigned int tty_poll(struct file *filp, poll_table *wait)
1973 {
1974 	struct tty_struct *tty = file_tty(filp);
1975 	struct tty_ldisc *ld;
1976 	int ret = 0;
1977 
1978 	if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_poll"))
1979 		return 0;
1980 
1981 	ld = tty_ldisc_ref_wait(tty);
1982 	if (ld->ops->poll)
1983 		ret = (ld->ops->poll)(tty, filp, wait);
1984 	tty_ldisc_deref(ld);
1985 	return ret;
1986 }
1987 
1988 static int __tty_fasync(int fd, struct file *filp, int on)
1989 {
1990 	struct tty_struct *tty = file_tty(filp);
1991 	unsigned long flags;
1992 	int retval = 0;
1993 
1994 	if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_fasync"))
1995 		goto out;
1996 
1997 	retval = fasync_helper(fd, filp, on, &tty->fasync);
1998 	if (retval <= 0)
1999 		goto out;
2000 
2001 	if (on) {
2002 		enum pid_type type;
2003 		struct pid *pid;
2004 		if (!waitqueue_active(&tty->read_wait))
2005 			tty->minimum_to_wake = 1;
2006 		spin_lock_irqsave(&tty->ctrl_lock, flags);
2007 		if (tty->pgrp) {
2008 			pid = tty->pgrp;
2009 			type = PIDTYPE_PGID;
2010 		} else {
2011 			pid = task_pid(current);
2012 			type = PIDTYPE_PID;
2013 		}
2014 		get_pid(pid);
2015 		spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2016 		retval = __f_setown(filp, pid, type, 0);
2017 		put_pid(pid);
2018 		if (retval)
2019 			goto out;
2020 	} else {
2021 		if (!tty->fasync && !waitqueue_active(&tty->read_wait))
2022 			tty->minimum_to_wake = N_TTY_BUF_SIZE;
2023 	}
2024 	retval = 0;
2025 out:
2026 	return retval;
2027 }
2028 
2029 static int tty_fasync(int fd, struct file *filp, int on)
2030 {
2031 	int retval;
2032 	tty_lock();
2033 	retval = __tty_fasync(fd, filp, on);
2034 	tty_unlock();
2035 	return retval;
2036 }
2037 
2038 /**
2039  *	tiocsti			-	fake input character
2040  *	@tty: tty to fake input into
2041  *	@p: pointer to character
2042  *
2043  *	Fake input to a tty device. Does the necessary locking and
2044  *	input management.
2045  *
2046  *	FIXME: does not honour flow control ??
2047  *
2048  *	Locking:
2049  *		Called functions take tty_ldisc_lock
2050  *		current->signal->tty check is safe without locks
2051  *
2052  *	FIXME: may race normal receive processing
2053  */
2054 
2055 static int tiocsti(struct tty_struct *tty, char __user *p)
2056 {
2057 	char ch, mbz = 0;
2058 	struct tty_ldisc *ld;
2059 
2060 	if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2061 		return -EPERM;
2062 	if (get_user(ch, p))
2063 		return -EFAULT;
2064 	tty_audit_tiocsti(tty, ch);
2065 	ld = tty_ldisc_ref_wait(tty);
2066 	ld->ops->receive_buf(tty, &ch, &mbz, 1);
2067 	tty_ldisc_deref(ld);
2068 	return 0;
2069 }
2070 
2071 /**
2072  *	tiocgwinsz		-	implement window query ioctl
2073  *	@tty; tty
2074  *	@arg: user buffer for result
2075  *
2076  *	Copies the kernel idea of the window size into the user buffer.
2077  *
2078  *	Locking: tty->termios_mutex is taken to ensure the winsize data
2079  *		is consistent.
2080  */
2081 
2082 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2083 {
2084 	int err;
2085 
2086 	mutex_lock(&tty->termios_mutex);
2087 	err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2088 	mutex_unlock(&tty->termios_mutex);
2089 
2090 	return err ? -EFAULT: 0;
2091 }
2092 
2093 /**
2094  *	tty_do_resize		-	resize event
2095  *	@tty: tty being resized
2096  *	@rows: rows (character)
2097  *	@cols: cols (character)
2098  *
2099  *	Update the termios variables and send the necessary signals to
2100  *	peform a terminal resize correctly
2101  */
2102 
2103 int tty_do_resize(struct tty_struct *tty, struct winsize *ws)
2104 {
2105 	struct pid *pgrp;
2106 	unsigned long flags;
2107 
2108 	/* Lock the tty */
2109 	mutex_lock(&tty->termios_mutex);
2110 	if (!memcmp(ws, &tty->winsize, sizeof(*ws)))
2111 		goto done;
2112 	/* Get the PID values and reference them so we can
2113 	   avoid holding the tty ctrl lock while sending signals */
2114 	spin_lock_irqsave(&tty->ctrl_lock, flags);
2115 	pgrp = get_pid(tty->pgrp);
2116 	spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2117 
2118 	if (pgrp)
2119 		kill_pgrp(pgrp, SIGWINCH, 1);
2120 	put_pid(pgrp);
2121 
2122 	tty->winsize = *ws;
2123 done:
2124 	mutex_unlock(&tty->termios_mutex);
2125 	return 0;
2126 }
2127 
2128 /**
2129  *	tiocswinsz		-	implement window size set ioctl
2130  *	@tty; tty side of tty
2131  *	@arg: user buffer for result
2132  *
2133  *	Copies the user idea of the window size to the kernel. Traditionally
2134  *	this is just advisory information but for the Linux console it
2135  *	actually has driver level meaning and triggers a VC resize.
2136  *
2137  *	Locking:
2138  *		Driver dependant. The default do_resize method takes the
2139  *	tty termios mutex and ctrl_lock. The console takes its own lock
2140  *	then calls into the default method.
2141  */
2142 
2143 static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg)
2144 {
2145 	struct winsize tmp_ws;
2146 	if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2147 		return -EFAULT;
2148 
2149 	if (tty->ops->resize)
2150 		return tty->ops->resize(tty, &tmp_ws);
2151 	else
2152 		return tty_do_resize(tty, &tmp_ws);
2153 }
2154 
2155 /**
2156  *	tioccons	-	allow admin to move logical console
2157  *	@file: the file to become console
2158  *
2159  *	Allow the adminstrator to move the redirected console device
2160  *
2161  *	Locking: uses redirect_lock to guard the redirect information
2162  */
2163 
2164 static int tioccons(struct file *file)
2165 {
2166 	if (!capable(CAP_SYS_ADMIN))
2167 		return -EPERM;
2168 	if (file->f_op->write == redirected_tty_write) {
2169 		struct file *f;
2170 		spin_lock(&redirect_lock);
2171 		f = redirect;
2172 		redirect = NULL;
2173 		spin_unlock(&redirect_lock);
2174 		if (f)
2175 			fput(f);
2176 		return 0;
2177 	}
2178 	spin_lock(&redirect_lock);
2179 	if (redirect) {
2180 		spin_unlock(&redirect_lock);
2181 		return -EBUSY;
2182 	}
2183 	get_file(file);
2184 	redirect = file;
2185 	spin_unlock(&redirect_lock);
2186 	return 0;
2187 }
2188 
2189 /**
2190  *	fionbio		-	non blocking ioctl
2191  *	@file: file to set blocking value
2192  *	@p: user parameter
2193  *
2194  *	Historical tty interfaces had a blocking control ioctl before
2195  *	the generic functionality existed. This piece of history is preserved
2196  *	in the expected tty API of posix OS's.
2197  *
2198  *	Locking: none, the open file handle ensures it won't go away.
2199  */
2200 
2201 static int fionbio(struct file *file, int __user *p)
2202 {
2203 	int nonblock;
2204 
2205 	if (get_user(nonblock, p))
2206 		return -EFAULT;
2207 
2208 	spin_lock(&file->f_lock);
2209 	if (nonblock)
2210 		file->f_flags |= O_NONBLOCK;
2211 	else
2212 		file->f_flags &= ~O_NONBLOCK;
2213 	spin_unlock(&file->f_lock);
2214 	return 0;
2215 }
2216 
2217 /**
2218  *	tiocsctty	-	set controlling tty
2219  *	@tty: tty structure
2220  *	@arg: user argument
2221  *
2222  *	This ioctl is used to manage job control. It permits a session
2223  *	leader to set this tty as the controlling tty for the session.
2224  *
2225  *	Locking:
2226  *		Takes tty_mutex() to protect tty instance
2227  *		Takes tasklist_lock internally to walk sessions
2228  *		Takes ->siglock() when updating signal->tty
2229  */
2230 
2231 static int tiocsctty(struct tty_struct *tty, int arg)
2232 {
2233 	int ret = 0;
2234 	if (current->signal->leader && (task_session(current) == tty->session))
2235 		return ret;
2236 
2237 	mutex_lock(&tty_mutex);
2238 	/*
2239 	 * The process must be a session leader and
2240 	 * not have a controlling tty already.
2241 	 */
2242 	if (!current->signal->leader || current->signal->tty) {
2243 		ret = -EPERM;
2244 		goto unlock;
2245 	}
2246 
2247 	if (tty->session) {
2248 		/*
2249 		 * This tty is already the controlling
2250 		 * tty for another session group!
2251 		 */
2252 		if (arg == 1 && capable(CAP_SYS_ADMIN)) {
2253 			/*
2254 			 * Steal it away
2255 			 */
2256 			read_lock(&tasklist_lock);
2257 			session_clear_tty(tty->session);
2258 			read_unlock(&tasklist_lock);
2259 		} else {
2260 			ret = -EPERM;
2261 			goto unlock;
2262 		}
2263 	}
2264 	proc_set_tty(current, tty);
2265 unlock:
2266 	mutex_unlock(&tty_mutex);
2267 	return ret;
2268 }
2269 
2270 /**
2271  *	tty_get_pgrp	-	return a ref counted pgrp pid
2272  *	@tty: tty to read
2273  *
2274  *	Returns a refcounted instance of the pid struct for the process
2275  *	group controlling the tty.
2276  */
2277 
2278 struct pid *tty_get_pgrp(struct tty_struct *tty)
2279 {
2280 	unsigned long flags;
2281 	struct pid *pgrp;
2282 
2283 	spin_lock_irqsave(&tty->ctrl_lock, flags);
2284 	pgrp = get_pid(tty->pgrp);
2285 	spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2286 
2287 	return pgrp;
2288 }
2289 EXPORT_SYMBOL_GPL(tty_get_pgrp);
2290 
2291 /**
2292  *	tiocgpgrp		-	get process group
2293  *	@tty: tty passed by user
2294  *	@real_tty: tty side of the tty pased by the user if a pty else the tty
2295  *	@p: returned pid
2296  *
2297  *	Obtain the process group of the tty. If there is no process group
2298  *	return an error.
2299  *
2300  *	Locking: none. Reference to current->signal->tty is safe.
2301  */
2302 
2303 static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2304 {
2305 	struct pid *pid;
2306 	int ret;
2307 	/*
2308 	 * (tty == real_tty) is a cheap way of
2309 	 * testing if the tty is NOT a master pty.
2310 	 */
2311 	if (tty == real_tty && current->signal->tty != real_tty)
2312 		return -ENOTTY;
2313 	pid = tty_get_pgrp(real_tty);
2314 	ret =  put_user(pid_vnr(pid), p);
2315 	put_pid(pid);
2316 	return ret;
2317 }
2318 
2319 /**
2320  *	tiocspgrp		-	attempt to set process group
2321  *	@tty: tty passed by user
2322  *	@real_tty: tty side device matching tty passed by user
2323  *	@p: pid pointer
2324  *
2325  *	Set the process group of the tty to the session passed. Only
2326  *	permitted where the tty session is our session.
2327  *
2328  *	Locking: RCU, ctrl lock
2329  */
2330 
2331 static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2332 {
2333 	struct pid *pgrp;
2334 	pid_t pgrp_nr;
2335 	int retval = tty_check_change(real_tty);
2336 	unsigned long flags;
2337 
2338 	if (retval == -EIO)
2339 		return -ENOTTY;
2340 	if (retval)
2341 		return retval;
2342 	if (!current->signal->tty ||
2343 	    (current->signal->tty != real_tty) ||
2344 	    (real_tty->session != task_session(current)))
2345 		return -ENOTTY;
2346 	if (get_user(pgrp_nr, p))
2347 		return -EFAULT;
2348 	if (pgrp_nr < 0)
2349 		return -EINVAL;
2350 	rcu_read_lock();
2351 	pgrp = find_vpid(pgrp_nr);
2352 	retval = -ESRCH;
2353 	if (!pgrp)
2354 		goto out_unlock;
2355 	retval = -EPERM;
2356 	if (session_of_pgrp(pgrp) != task_session(current))
2357 		goto out_unlock;
2358 	retval = 0;
2359 	spin_lock_irqsave(&tty->ctrl_lock, flags);
2360 	put_pid(real_tty->pgrp);
2361 	real_tty->pgrp = get_pid(pgrp);
2362 	spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2363 out_unlock:
2364 	rcu_read_unlock();
2365 	return retval;
2366 }
2367 
2368 /**
2369  *	tiocgsid		-	get session id
2370  *	@tty: tty passed by user
2371  *	@real_tty: tty side of the tty pased by the user if a pty else the tty
2372  *	@p: pointer to returned session id
2373  *
2374  *	Obtain the session id of the tty. If there is no session
2375  *	return an error.
2376  *
2377  *	Locking: none. Reference to current->signal->tty is safe.
2378  */
2379 
2380 static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2381 {
2382 	/*
2383 	 * (tty == real_tty) is a cheap way of
2384 	 * testing if the tty is NOT a master pty.
2385 	*/
2386 	if (tty == real_tty && current->signal->tty != real_tty)
2387 		return -ENOTTY;
2388 	if (!real_tty->session)
2389 		return -ENOTTY;
2390 	return put_user(pid_vnr(real_tty->session), p);
2391 }
2392 
2393 /**
2394  *	tiocsetd	-	set line discipline
2395  *	@tty: tty device
2396  *	@p: pointer to user data
2397  *
2398  *	Set the line discipline according to user request.
2399  *
2400  *	Locking: see tty_set_ldisc, this function is just a helper
2401  */
2402 
2403 static int tiocsetd(struct tty_struct *tty, int __user *p)
2404 {
2405 	int ldisc;
2406 	int ret;
2407 
2408 	if (get_user(ldisc, p))
2409 		return -EFAULT;
2410 
2411 	ret = tty_set_ldisc(tty, ldisc);
2412 
2413 	return ret;
2414 }
2415 
2416 /**
2417  *	send_break	-	performed time break
2418  *	@tty: device to break on
2419  *	@duration: timeout in mS
2420  *
2421  *	Perform a timed break on hardware that lacks its own driver level
2422  *	timed break functionality.
2423  *
2424  *	Locking:
2425  *		atomic_write_lock serializes
2426  *
2427  */
2428 
2429 static int send_break(struct tty_struct *tty, unsigned int duration)
2430 {
2431 	int retval;
2432 
2433 	if (tty->ops->break_ctl == NULL)
2434 		return 0;
2435 
2436 	if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
2437 		retval = tty->ops->break_ctl(tty, duration);
2438 	else {
2439 		/* Do the work ourselves */
2440 		if (tty_write_lock(tty, 0) < 0)
2441 			return -EINTR;
2442 		retval = tty->ops->break_ctl(tty, -1);
2443 		if (retval)
2444 			goto out;
2445 		if (!signal_pending(current))
2446 			msleep_interruptible(duration);
2447 		retval = tty->ops->break_ctl(tty, 0);
2448 out:
2449 		tty_write_unlock(tty);
2450 		if (signal_pending(current))
2451 			retval = -EINTR;
2452 	}
2453 	return retval;
2454 }
2455 
2456 /**
2457  *	tty_tiocmget		-	get modem status
2458  *	@tty: tty device
2459  *	@file: user file pointer
2460  *	@p: pointer to result
2461  *
2462  *	Obtain the modem status bits from the tty driver if the feature
2463  *	is supported. Return -EINVAL if it is not available.
2464  *
2465  *	Locking: none (up to the driver)
2466  */
2467 
2468 static int tty_tiocmget(struct tty_struct *tty, struct file *file, int __user *p)
2469 {
2470 	int retval = -EINVAL;
2471 
2472 	if (tty->ops->tiocmget) {
2473 		retval = tty->ops->tiocmget(tty, file);
2474 
2475 		if (retval >= 0)
2476 			retval = put_user(retval, p);
2477 	}
2478 	return retval;
2479 }
2480 
2481 /**
2482  *	tty_tiocmset		-	set modem status
2483  *	@tty: tty device
2484  *	@file: user file pointer
2485  *	@cmd: command - clear bits, set bits or set all
2486  *	@p: pointer to desired bits
2487  *
2488  *	Set the modem status bits from the tty driver if the feature
2489  *	is supported. Return -EINVAL if it is not available.
2490  *
2491  *	Locking: none (up to the driver)
2492  */
2493 
2494 static int tty_tiocmset(struct tty_struct *tty, struct file *file, unsigned int cmd,
2495 	     unsigned __user *p)
2496 {
2497 	int retval;
2498 	unsigned int set, clear, val;
2499 
2500 	if (tty->ops->tiocmset == NULL)
2501 		return -EINVAL;
2502 
2503 	retval = get_user(val, p);
2504 	if (retval)
2505 		return retval;
2506 	set = clear = 0;
2507 	switch (cmd) {
2508 	case TIOCMBIS:
2509 		set = val;
2510 		break;
2511 	case TIOCMBIC:
2512 		clear = val;
2513 		break;
2514 	case TIOCMSET:
2515 		set = val;
2516 		clear = ~val;
2517 		break;
2518 	}
2519 	set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2520 	clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2521 	return tty->ops->tiocmset(tty, file, set, clear);
2522 }
2523 
2524 static int tty_tiocgicount(struct tty_struct *tty, void __user *arg)
2525 {
2526 	int retval = -EINVAL;
2527 	struct serial_icounter_struct icount;
2528 	memset(&icount, 0, sizeof(icount));
2529 	if (tty->ops->get_icount)
2530 		retval = tty->ops->get_icount(tty, &icount);
2531 	if (retval != 0)
2532 		return retval;
2533 	if (copy_to_user(arg, &icount, sizeof(icount)))
2534 		return -EFAULT;
2535 	return 0;
2536 }
2537 
2538 struct tty_struct *tty_pair_get_tty(struct tty_struct *tty)
2539 {
2540 	if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2541 	    tty->driver->subtype == PTY_TYPE_MASTER)
2542 		tty = tty->link;
2543 	return tty;
2544 }
2545 EXPORT_SYMBOL(tty_pair_get_tty);
2546 
2547 struct tty_struct *tty_pair_get_pty(struct tty_struct *tty)
2548 {
2549 	if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2550 	    tty->driver->subtype == PTY_TYPE_MASTER)
2551 	    return tty;
2552 	return tty->link;
2553 }
2554 EXPORT_SYMBOL(tty_pair_get_pty);
2555 
2556 /*
2557  * Split this up, as gcc can choke on it otherwise..
2558  */
2559 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2560 {
2561 	struct tty_struct *tty = file_tty(file);
2562 	struct tty_struct *real_tty;
2563 	void __user *p = (void __user *)arg;
2564 	int retval;
2565 	struct tty_ldisc *ld;
2566 	struct inode *inode = file->f_dentry->d_inode;
2567 
2568 	if (tty_paranoia_check(tty, inode, "tty_ioctl"))
2569 		return -EINVAL;
2570 
2571 	real_tty = tty_pair_get_tty(tty);
2572 
2573 	/*
2574 	 * Factor out some common prep work
2575 	 */
2576 	switch (cmd) {
2577 	case TIOCSETD:
2578 	case TIOCSBRK:
2579 	case TIOCCBRK:
2580 	case TCSBRK:
2581 	case TCSBRKP:
2582 		retval = tty_check_change(tty);
2583 		if (retval)
2584 			return retval;
2585 		if (cmd != TIOCCBRK) {
2586 			tty_wait_until_sent(tty, 0);
2587 			if (signal_pending(current))
2588 				return -EINTR;
2589 		}
2590 		break;
2591 	}
2592 
2593 	/*
2594 	 *	Now do the stuff.
2595 	 */
2596 	switch (cmd) {
2597 	case TIOCSTI:
2598 		return tiocsti(tty, p);
2599 	case TIOCGWINSZ:
2600 		return tiocgwinsz(real_tty, p);
2601 	case TIOCSWINSZ:
2602 		return tiocswinsz(real_tty, p);
2603 	case TIOCCONS:
2604 		return real_tty != tty ? -EINVAL : tioccons(file);
2605 	case FIONBIO:
2606 		return fionbio(file, p);
2607 	case TIOCEXCL:
2608 		set_bit(TTY_EXCLUSIVE, &tty->flags);
2609 		return 0;
2610 	case TIOCNXCL:
2611 		clear_bit(TTY_EXCLUSIVE, &tty->flags);
2612 		return 0;
2613 	case TIOCNOTTY:
2614 		if (current->signal->tty != tty)
2615 			return -ENOTTY;
2616 		no_tty();
2617 		return 0;
2618 	case TIOCSCTTY:
2619 		return tiocsctty(tty, arg);
2620 	case TIOCGPGRP:
2621 		return tiocgpgrp(tty, real_tty, p);
2622 	case TIOCSPGRP:
2623 		return tiocspgrp(tty, real_tty, p);
2624 	case TIOCGSID:
2625 		return tiocgsid(tty, real_tty, p);
2626 	case TIOCGETD:
2627 		return put_user(tty->ldisc->ops->num, (int __user *)p);
2628 	case TIOCSETD:
2629 		return tiocsetd(tty, p);
2630 	case TIOCGDEV:
2631 	{
2632 		unsigned int ret = new_encode_dev(tty_devnum(real_tty));
2633 		return put_user(ret, (unsigned int __user *)p);
2634 	}
2635 	/*
2636 	 * Break handling
2637 	 */
2638 	case TIOCSBRK:	/* Turn break on, unconditionally */
2639 		if (tty->ops->break_ctl)
2640 			return tty->ops->break_ctl(tty, -1);
2641 		return 0;
2642 	case TIOCCBRK:	/* Turn break off, unconditionally */
2643 		if (tty->ops->break_ctl)
2644 			return tty->ops->break_ctl(tty, 0);
2645 		return 0;
2646 	case TCSBRK:   /* SVID version: non-zero arg --> no break */
2647 		/* non-zero arg means wait for all output data
2648 		 * to be sent (performed above) but don't send break.
2649 		 * This is used by the tcdrain() termios function.
2650 		 */
2651 		if (!arg)
2652 			return send_break(tty, 250);
2653 		return 0;
2654 	case TCSBRKP:	/* support for POSIX tcsendbreak() */
2655 		return send_break(tty, arg ? arg*100 : 250);
2656 
2657 	case TIOCMGET:
2658 		return tty_tiocmget(tty, file, p);
2659 	case TIOCMSET:
2660 	case TIOCMBIC:
2661 	case TIOCMBIS:
2662 		return tty_tiocmset(tty, file, cmd, p);
2663 	case TIOCGICOUNT:
2664 		retval = tty_tiocgicount(tty, p);
2665 		/* For the moment allow fall through to the old method */
2666         	if (retval != -EINVAL)
2667 			return retval;
2668 		break;
2669 	case TCFLSH:
2670 		switch (arg) {
2671 		case TCIFLUSH:
2672 		case TCIOFLUSH:
2673 		/* flush tty buffer and allow ldisc to process ioctl */
2674 			tty_buffer_flush(tty);
2675 			break;
2676 		}
2677 		break;
2678 	}
2679 	if (tty->ops->ioctl) {
2680 		retval = (tty->ops->ioctl)(tty, file, cmd, arg);
2681 		if (retval != -ENOIOCTLCMD)
2682 			return retval;
2683 	}
2684 	ld = tty_ldisc_ref_wait(tty);
2685 	retval = -EINVAL;
2686 	if (ld->ops->ioctl) {
2687 		retval = ld->ops->ioctl(tty, file, cmd, arg);
2688 		if (retval == -ENOIOCTLCMD)
2689 			retval = -EINVAL;
2690 	}
2691 	tty_ldisc_deref(ld);
2692 	return retval;
2693 }
2694 
2695 #ifdef CONFIG_COMPAT
2696 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
2697 				unsigned long arg)
2698 {
2699 	struct inode *inode = file->f_dentry->d_inode;
2700 	struct tty_struct *tty = file_tty(file);
2701 	struct tty_ldisc *ld;
2702 	int retval = -ENOIOCTLCMD;
2703 
2704 	if (tty_paranoia_check(tty, inode, "tty_ioctl"))
2705 		return -EINVAL;
2706 
2707 	if (tty->ops->compat_ioctl) {
2708 		retval = (tty->ops->compat_ioctl)(tty, file, cmd, arg);
2709 		if (retval != -ENOIOCTLCMD)
2710 			return retval;
2711 	}
2712 
2713 	ld = tty_ldisc_ref_wait(tty);
2714 	if (ld->ops->compat_ioctl)
2715 		retval = ld->ops->compat_ioctl(tty, file, cmd, arg);
2716 	tty_ldisc_deref(ld);
2717 
2718 	return retval;
2719 }
2720 #endif
2721 
2722 /*
2723  * This implements the "Secure Attention Key" ---  the idea is to
2724  * prevent trojan horses by killing all processes associated with this
2725  * tty when the user hits the "Secure Attention Key".  Required for
2726  * super-paranoid applications --- see the Orange Book for more details.
2727  *
2728  * This code could be nicer; ideally it should send a HUP, wait a few
2729  * seconds, then send a INT, and then a KILL signal.  But you then
2730  * have to coordinate with the init process, since all processes associated
2731  * with the current tty must be dead before the new getty is allowed
2732  * to spawn.
2733  *
2734  * Now, if it would be correct ;-/ The current code has a nasty hole -
2735  * it doesn't catch files in flight. We may send the descriptor to ourselves
2736  * via AF_UNIX socket, close it and later fetch from socket. FIXME.
2737  *
2738  * Nasty bug: do_SAK is being called in interrupt context.  This can
2739  * deadlock.  We punt it up to process context.  AKPM - 16Mar2001
2740  */
2741 void __do_SAK(struct tty_struct *tty)
2742 {
2743 #ifdef TTY_SOFT_SAK
2744 	tty_hangup(tty);
2745 #else
2746 	struct task_struct *g, *p;
2747 	struct pid *session;
2748 	int		i;
2749 	struct file	*filp;
2750 	struct fdtable *fdt;
2751 
2752 	if (!tty)
2753 		return;
2754 	session = tty->session;
2755 
2756 	tty_ldisc_flush(tty);
2757 
2758 	tty_driver_flush_buffer(tty);
2759 
2760 	read_lock(&tasklist_lock);
2761 	/* Kill the entire session */
2762 	do_each_pid_task(session, PIDTYPE_SID, p) {
2763 		printk(KERN_NOTICE "SAK: killed process %d"
2764 			" (%s): task_session(p)==tty->session\n",
2765 			task_pid_nr(p), p->comm);
2766 		send_sig(SIGKILL, p, 1);
2767 	} while_each_pid_task(session, PIDTYPE_SID, p);
2768 	/* Now kill any processes that happen to have the
2769 	 * tty open.
2770 	 */
2771 	do_each_thread(g, p) {
2772 		if (p->signal->tty == tty) {
2773 			printk(KERN_NOTICE "SAK: killed process %d"
2774 			    " (%s): task_session(p)==tty->session\n",
2775 			    task_pid_nr(p), p->comm);
2776 			send_sig(SIGKILL, p, 1);
2777 			continue;
2778 		}
2779 		task_lock(p);
2780 		if (p->files) {
2781 			/*
2782 			 * We don't take a ref to the file, so we must
2783 			 * hold ->file_lock instead.
2784 			 */
2785 			spin_lock(&p->files->file_lock);
2786 			fdt = files_fdtable(p->files);
2787 			for (i = 0; i < fdt->max_fds; i++) {
2788 				filp = fcheck_files(p->files, i);
2789 				if (!filp)
2790 					continue;
2791 				if (filp->f_op->read == tty_read &&
2792 				    file_tty(filp) == tty) {
2793 					printk(KERN_NOTICE "SAK: killed process %d"
2794 					    " (%s): fd#%d opened to the tty\n",
2795 					    task_pid_nr(p), p->comm, i);
2796 					force_sig(SIGKILL, p);
2797 					break;
2798 				}
2799 			}
2800 			spin_unlock(&p->files->file_lock);
2801 		}
2802 		task_unlock(p);
2803 	} while_each_thread(g, p);
2804 	read_unlock(&tasklist_lock);
2805 #endif
2806 }
2807 
2808 static void do_SAK_work(struct work_struct *work)
2809 {
2810 	struct tty_struct *tty =
2811 		container_of(work, struct tty_struct, SAK_work);
2812 	__do_SAK(tty);
2813 }
2814 
2815 /*
2816  * The tq handling here is a little racy - tty->SAK_work may already be queued.
2817  * Fortunately we don't need to worry, because if ->SAK_work is already queued,
2818  * the values which we write to it will be identical to the values which it
2819  * already has. --akpm
2820  */
2821 void do_SAK(struct tty_struct *tty)
2822 {
2823 	if (!tty)
2824 		return;
2825 	schedule_work(&tty->SAK_work);
2826 }
2827 
2828 EXPORT_SYMBOL(do_SAK);
2829 
2830 static int dev_match_devt(struct device *dev, void *data)
2831 {
2832 	dev_t *devt = data;
2833 	return dev->devt == *devt;
2834 }
2835 
2836 /* Must put_device() after it's unused! */
2837 static struct device *tty_get_device(struct tty_struct *tty)
2838 {
2839 	dev_t devt = tty_devnum(tty);
2840 	return class_find_device(tty_class, NULL, &devt, dev_match_devt);
2841 }
2842 
2843 
2844 /**
2845  *	initialize_tty_struct
2846  *	@tty: tty to initialize
2847  *
2848  *	This subroutine initializes a tty structure that has been newly
2849  *	allocated.
2850  *
2851  *	Locking: none - tty in question must not be exposed at this point
2852  */
2853 
2854 void initialize_tty_struct(struct tty_struct *tty,
2855 		struct tty_driver *driver, int idx)
2856 {
2857 	memset(tty, 0, sizeof(struct tty_struct));
2858 	kref_init(&tty->kref);
2859 	tty->magic = TTY_MAGIC;
2860 	tty_ldisc_init(tty);
2861 	tty->session = NULL;
2862 	tty->pgrp = NULL;
2863 	tty->overrun_time = jiffies;
2864 	tty->buf.head = tty->buf.tail = NULL;
2865 	tty_buffer_init(tty);
2866 	mutex_init(&tty->termios_mutex);
2867 	mutex_init(&tty->ldisc_mutex);
2868 	init_waitqueue_head(&tty->write_wait);
2869 	init_waitqueue_head(&tty->read_wait);
2870 	INIT_WORK(&tty->hangup_work, do_tty_hangup);
2871 	mutex_init(&tty->atomic_read_lock);
2872 	mutex_init(&tty->atomic_write_lock);
2873 	mutex_init(&tty->output_lock);
2874 	mutex_init(&tty->echo_lock);
2875 	spin_lock_init(&tty->read_lock);
2876 	spin_lock_init(&tty->ctrl_lock);
2877 	INIT_LIST_HEAD(&tty->tty_files);
2878 	INIT_WORK(&tty->SAK_work, do_SAK_work);
2879 
2880 	tty->driver = driver;
2881 	tty->ops = driver->ops;
2882 	tty->index = idx;
2883 	tty_line_name(driver, idx, tty->name);
2884 	tty->dev = tty_get_device(tty);
2885 }
2886 
2887 /**
2888  *	tty_put_char	-	write one character to a tty
2889  *	@tty: tty
2890  *	@ch: character
2891  *
2892  *	Write one byte to the tty using the provided put_char method
2893  *	if present. Returns the number of characters successfully output.
2894  *
2895  *	Note: the specific put_char operation in the driver layer may go
2896  *	away soon. Don't call it directly, use this method
2897  */
2898 
2899 int tty_put_char(struct tty_struct *tty, unsigned char ch)
2900 {
2901 	if (tty->ops->put_char)
2902 		return tty->ops->put_char(tty, ch);
2903 	return tty->ops->write(tty, &ch, 1);
2904 }
2905 EXPORT_SYMBOL_GPL(tty_put_char);
2906 
2907 struct class *tty_class;
2908 
2909 /**
2910  *	tty_register_device - register a tty device
2911  *	@driver: the tty driver that describes the tty device
2912  *	@index: the index in the tty driver for this tty device
2913  *	@device: a struct device that is associated with this tty device.
2914  *		This field is optional, if there is no known struct device
2915  *		for this tty device it can be set to NULL safely.
2916  *
2917  *	Returns a pointer to the struct device for this tty device
2918  *	(or ERR_PTR(-EFOO) on error).
2919  *
2920  *	This call is required to be made to register an individual tty device
2921  *	if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set.  If
2922  *	that bit is not set, this function should not be called by a tty
2923  *	driver.
2924  *
2925  *	Locking: ??
2926  */
2927 
2928 struct device *tty_register_device(struct tty_driver *driver, unsigned index,
2929 				   struct device *device)
2930 {
2931 	char name[64];
2932 	dev_t dev = MKDEV(driver->major, driver->minor_start) + index;
2933 
2934 	if (index >= driver->num) {
2935 		printk(KERN_ERR "Attempt to register invalid tty line number "
2936 		       " (%d).\n", index);
2937 		return ERR_PTR(-EINVAL);
2938 	}
2939 
2940 	if (driver->type == TTY_DRIVER_TYPE_PTY)
2941 		pty_line_name(driver, index, name);
2942 	else
2943 		tty_line_name(driver, index, name);
2944 
2945 	return device_create(tty_class, device, dev, NULL, name);
2946 }
2947 EXPORT_SYMBOL(tty_register_device);
2948 
2949 /**
2950  * 	tty_unregister_device - unregister a tty device
2951  * 	@driver: the tty driver that describes the tty device
2952  * 	@index: the index in the tty driver for this tty device
2953  *
2954  * 	If a tty device is registered with a call to tty_register_device() then
2955  *	this function must be called when the tty device is gone.
2956  *
2957  *	Locking: ??
2958  */
2959 
2960 void tty_unregister_device(struct tty_driver *driver, unsigned index)
2961 {
2962 	device_destroy(tty_class,
2963 		MKDEV(driver->major, driver->minor_start) + index);
2964 }
2965 EXPORT_SYMBOL(tty_unregister_device);
2966 
2967 struct tty_driver *alloc_tty_driver(int lines)
2968 {
2969 	struct tty_driver *driver;
2970 
2971 	driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL);
2972 	if (driver) {
2973 		kref_init(&driver->kref);
2974 		driver->magic = TTY_DRIVER_MAGIC;
2975 		driver->num = lines;
2976 		/* later we'll move allocation of tables here */
2977 	}
2978 	return driver;
2979 }
2980 EXPORT_SYMBOL(alloc_tty_driver);
2981 
2982 static void destruct_tty_driver(struct kref *kref)
2983 {
2984 	struct tty_driver *driver = container_of(kref, struct tty_driver, kref);
2985 	int i;
2986 	struct ktermios *tp;
2987 	void *p;
2988 
2989 	if (driver->flags & TTY_DRIVER_INSTALLED) {
2990 		/*
2991 		 * Free the termios and termios_locked structures because
2992 		 * we don't want to get memory leaks when modular tty
2993 		 * drivers are removed from the kernel.
2994 		 */
2995 		for (i = 0; i < driver->num; i++) {
2996 			tp = driver->termios[i];
2997 			if (tp) {
2998 				driver->termios[i] = NULL;
2999 				kfree(tp);
3000 			}
3001 			if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
3002 				tty_unregister_device(driver, i);
3003 		}
3004 		p = driver->ttys;
3005 		proc_tty_unregister_driver(driver);
3006 		driver->ttys = NULL;
3007 		driver->termios = NULL;
3008 		kfree(p);
3009 		cdev_del(&driver->cdev);
3010 	}
3011 	kfree(driver);
3012 }
3013 
3014 void tty_driver_kref_put(struct tty_driver *driver)
3015 {
3016 	kref_put(&driver->kref, destruct_tty_driver);
3017 }
3018 EXPORT_SYMBOL(tty_driver_kref_put);
3019 
3020 void tty_set_operations(struct tty_driver *driver,
3021 			const struct tty_operations *op)
3022 {
3023 	driver->ops = op;
3024 };
3025 EXPORT_SYMBOL(tty_set_operations);
3026 
3027 void put_tty_driver(struct tty_driver *d)
3028 {
3029 	tty_driver_kref_put(d);
3030 }
3031 EXPORT_SYMBOL(put_tty_driver);
3032 
3033 /*
3034  * Called by a tty driver to register itself.
3035  */
3036 int tty_register_driver(struct tty_driver *driver)
3037 {
3038 	int error;
3039 	int i;
3040 	dev_t dev;
3041 	void **p = NULL;
3042 	struct device *d;
3043 
3044 	if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM) && driver->num) {
3045 		p = kzalloc(driver->num * 2 * sizeof(void *), GFP_KERNEL);
3046 		if (!p)
3047 			return -ENOMEM;
3048 	}
3049 
3050 	if (!driver->major) {
3051 		error = alloc_chrdev_region(&dev, driver->minor_start,
3052 						driver->num, driver->name);
3053 		if (!error) {
3054 			driver->major = MAJOR(dev);
3055 			driver->minor_start = MINOR(dev);
3056 		}
3057 	} else {
3058 		dev = MKDEV(driver->major, driver->minor_start);
3059 		error = register_chrdev_region(dev, driver->num, driver->name);
3060 	}
3061 	if (error < 0) {
3062 		kfree(p);
3063 		return error;
3064 	}
3065 
3066 	if (p) {
3067 		driver->ttys = (struct tty_struct **)p;
3068 		driver->termios = (struct ktermios **)(p + driver->num);
3069 	} else {
3070 		driver->ttys = NULL;
3071 		driver->termios = NULL;
3072 	}
3073 
3074 	cdev_init(&driver->cdev, &tty_fops);
3075 	driver->cdev.owner = driver->owner;
3076 	error = cdev_add(&driver->cdev, dev, driver->num);
3077 	if (error) {
3078 		unregister_chrdev_region(dev, driver->num);
3079 		driver->ttys = NULL;
3080 		driver->termios = NULL;
3081 		kfree(p);
3082 		return error;
3083 	}
3084 
3085 	mutex_lock(&tty_mutex);
3086 	list_add(&driver->tty_drivers, &tty_drivers);
3087 	mutex_unlock(&tty_mutex);
3088 
3089 	if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
3090 		for (i = 0; i < driver->num; i++) {
3091 			d = tty_register_device(driver, i, NULL);
3092 			if (IS_ERR(d)) {
3093 				error = PTR_ERR(d);
3094 				goto err;
3095 			}
3096 		}
3097 	}
3098 	proc_tty_register_driver(driver);
3099 	driver->flags |= TTY_DRIVER_INSTALLED;
3100 	return 0;
3101 
3102 err:
3103 	for (i--; i >= 0; i--)
3104 		tty_unregister_device(driver, i);
3105 
3106 	mutex_lock(&tty_mutex);
3107 	list_del(&driver->tty_drivers);
3108 	mutex_unlock(&tty_mutex);
3109 
3110 	unregister_chrdev_region(dev, driver->num);
3111 	driver->ttys = NULL;
3112 	driver->termios = NULL;
3113 	kfree(p);
3114 	return error;
3115 }
3116 
3117 EXPORT_SYMBOL(tty_register_driver);
3118 
3119 /*
3120  * Called by a tty driver to unregister itself.
3121  */
3122 int tty_unregister_driver(struct tty_driver *driver)
3123 {
3124 #if 0
3125 	/* FIXME */
3126 	if (driver->refcount)
3127 		return -EBUSY;
3128 #endif
3129 	unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3130 				driver->num);
3131 	mutex_lock(&tty_mutex);
3132 	list_del(&driver->tty_drivers);
3133 	mutex_unlock(&tty_mutex);
3134 	return 0;
3135 }
3136 
3137 EXPORT_SYMBOL(tty_unregister_driver);
3138 
3139 dev_t tty_devnum(struct tty_struct *tty)
3140 {
3141 	return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3142 }
3143 EXPORT_SYMBOL(tty_devnum);
3144 
3145 void proc_clear_tty(struct task_struct *p)
3146 {
3147 	unsigned long flags;
3148 	struct tty_struct *tty;
3149 	spin_lock_irqsave(&p->sighand->siglock, flags);
3150 	tty = p->signal->tty;
3151 	p->signal->tty = NULL;
3152 	spin_unlock_irqrestore(&p->sighand->siglock, flags);
3153 	tty_kref_put(tty);
3154 }
3155 
3156 /* Called under the sighand lock */
3157 
3158 static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
3159 {
3160 	if (tty) {
3161 		unsigned long flags;
3162 		/* We should not have a session or pgrp to put here but.... */
3163 		spin_lock_irqsave(&tty->ctrl_lock, flags);
3164 		put_pid(tty->session);
3165 		put_pid(tty->pgrp);
3166 		tty->pgrp = get_pid(task_pgrp(tsk));
3167 		spin_unlock_irqrestore(&tty->ctrl_lock, flags);
3168 		tty->session = get_pid(task_session(tsk));
3169 		if (tsk->signal->tty) {
3170 			printk(KERN_DEBUG "tty not NULL!!\n");
3171 			tty_kref_put(tsk->signal->tty);
3172 		}
3173 	}
3174 	put_pid(tsk->signal->tty_old_pgrp);
3175 	tsk->signal->tty = tty_kref_get(tty);
3176 	tsk->signal->tty_old_pgrp = NULL;
3177 }
3178 
3179 static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
3180 {
3181 	spin_lock_irq(&tsk->sighand->siglock);
3182 	__proc_set_tty(tsk, tty);
3183 	spin_unlock_irq(&tsk->sighand->siglock);
3184 }
3185 
3186 struct tty_struct *get_current_tty(void)
3187 {
3188 	struct tty_struct *tty;
3189 	unsigned long flags;
3190 
3191 	spin_lock_irqsave(&current->sighand->siglock, flags);
3192 	tty = tty_kref_get(current->signal->tty);
3193 	spin_unlock_irqrestore(&current->sighand->siglock, flags);
3194 	return tty;
3195 }
3196 EXPORT_SYMBOL_GPL(get_current_tty);
3197 
3198 void tty_default_fops(struct file_operations *fops)
3199 {
3200 	*fops = tty_fops;
3201 }
3202 
3203 /*
3204  * Initialize the console device. This is called *early*, so
3205  * we can't necessarily depend on lots of kernel help here.
3206  * Just do some early initializations, and do the complex setup
3207  * later.
3208  */
3209 void __init console_init(void)
3210 {
3211 	initcall_t *call;
3212 
3213 	/* Setup the default TTY line discipline. */
3214 	tty_ldisc_begin();
3215 
3216 	/*
3217 	 * set up the console device so that later boot sequences can
3218 	 * inform about problems etc..
3219 	 */
3220 	call = __con_initcall_start;
3221 	while (call < __con_initcall_end) {
3222 		(*call)();
3223 		call++;
3224 	}
3225 }
3226 
3227 static char *tty_devnode(struct device *dev, mode_t *mode)
3228 {
3229 	if (!mode)
3230 		return NULL;
3231 	if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) ||
3232 	    dev->devt == MKDEV(TTYAUX_MAJOR, 2))
3233 		*mode = 0666;
3234 	return NULL;
3235 }
3236 
3237 static int __init tty_class_init(void)
3238 {
3239 	tty_class = class_create(THIS_MODULE, "tty");
3240 	if (IS_ERR(tty_class))
3241 		return PTR_ERR(tty_class);
3242 	tty_class->devnode = tty_devnode;
3243 	return 0;
3244 }
3245 
3246 postcore_initcall(tty_class_init);
3247 
3248 /* 3/2004 jmc: why do these devices exist? */
3249 static struct cdev tty_cdev, console_cdev;
3250 
3251 static ssize_t show_cons_active(struct device *dev,
3252 				struct device_attribute *attr, char *buf)
3253 {
3254 	struct console *cs[16];
3255 	int i = 0;
3256 	struct console *c;
3257 	ssize_t count = 0;
3258 
3259 	console_lock();
3260 	for_each_console(c) {
3261 		if (!c->device)
3262 			continue;
3263 		if (!c->write)
3264 			continue;
3265 		if ((c->flags & CON_ENABLED) == 0)
3266 			continue;
3267 		cs[i++] = c;
3268 		if (i >= ARRAY_SIZE(cs))
3269 			break;
3270 	}
3271 	while (i--)
3272 		count += sprintf(buf + count, "%s%d%c",
3273 				 cs[i]->name, cs[i]->index, i ? ' ':'\n');
3274 	console_unlock();
3275 
3276 	return count;
3277 }
3278 static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL);
3279 
3280 static struct device *consdev;
3281 
3282 void console_sysfs_notify(void)
3283 {
3284 	if (consdev)
3285 		sysfs_notify(&consdev->kobj, NULL, "active");
3286 }
3287 
3288 /*
3289  * Ok, now we can initialize the rest of the tty devices and can count
3290  * on memory allocations, interrupts etc..
3291  */
3292 int __init tty_init(void)
3293 {
3294 	cdev_init(&tty_cdev, &tty_fops);
3295 	if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3296 	    register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3297 		panic("Couldn't register /dev/tty driver\n");
3298 	device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty");
3299 
3300 	cdev_init(&console_cdev, &console_fops);
3301 	if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3302 	    register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3303 		panic("Couldn't register /dev/console driver\n");
3304 	consdev = device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), NULL,
3305 			      "console");
3306 	if (IS_ERR(consdev))
3307 		consdev = NULL;
3308 	else
3309 		WARN_ON(device_create_file(consdev, &dev_attr_active) < 0);
3310 
3311 #ifdef CONFIG_VT
3312 	vty_init(&console_fops);
3313 #endif
3314 	return 0;
3315 }
3316 
3317