ClabureDB: Classified Bug-Reports Database

Project: Linux Kernel

Showing error 939

User:	Jiri Slaby
Error type:	Leaving function in locked state
Error type description:	Some lock is not unlocked on all paths of a function, so it is leaked
File location:	drivers/char/tty_io.c
Line in file:	1898
Project:	Linux Kernel
Project version:	2.6.28
Confirmation:	Fixed by 808ffa3d302257b9dc37b1412c1fcdf976fcddac
Tools:	Stanse (1.2)
Entered:	2012-03-02 21:35:17 UTC
Source:

   1/*
   2 *  linux/drivers/char/tty_io.c
   3 *
   4 *  Copyright (C) 1991, 1992  Linus Torvalds
   5 */
   6
   7/*
   8 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
   9 * or rs-channels. It also implements echoing, cooked mode etc.
  10 *
  11 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
  12 *
  13 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
  14 * tty_struct and tty_queue structures.  Previously there was an array
  15 * of 256 tty_struct's which was statically allocated, and the
  16 * tty_queue structures were allocated at boot time.  Both are now
  17 * dynamically allocated only when the tty is open.
  18 *
  19 * Also restructured routines so that there is more of a separation
  20 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
  21 * the low-level tty routines (serial.c, pty.c, console.c).  This
  22 * makes for cleaner and more compact code.  -TYT, 9/17/92
  23 *
  24 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
  25 * which can be dynamically activated and de-activated by the line
  26 * discipline handling modules (like SLIP).
  27 *
  28 * NOTE: pay no attention to the line discipline code (yet); its
  29 * interface is still subject to change in this version...
  30 * -- TYT, 1/31/92
  31 *
  32 * Added functionality to the OPOST tty handling.  No delays, but all
  33 * other bits should be there.
  34 *        -- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
  35 *
  36 * Rewrote canonical mode and added more termios flags.
  37 *         -- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
  38 *
  39 * Reorganized FASYNC support so mouse code can share it.
  40 *        -- ctm@ardi.com, 9Sep95
  41 *
  42 * New TIOCLINUX variants added.
  43 *        -- mj@k332.feld.cvut.cz, 19-Nov-95
  44 *
  45 * Restrict vt switching via ioctl()
  46 *      -- grif@cs.ucr.edu, 5-Dec-95
  47 *
  48 * Move console and virtual terminal code to more appropriate files,
  49 * implement CONFIG_VT and generalize console device interface.
  50 *        -- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
  51 *
  52 * Rewrote tty_init_dev and tty_release_dev to eliminate races.
  53 *        -- Bill Hawes <whawes@star.net>, June 97
  54 *
  55 * Added devfs support.
  56 *      -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
  57 *
  58 * Added support for a Unix98-style ptmx device.
  59 *      -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
  60 *
  61 * Reduced memory usage for older ARM systems
  62 *      -- Russell King <rmk@arm.linux.org.uk>
  63 *
  64 * Move do_SAK() into process context.  Less stack use in devfs functions.
  65 * alloc_tty_struct() always uses kmalloc()
  66 *                         -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
  67 */
  68
  69#include <linux/types.h>
  70#include <linux/major.h>
  71#include <linux/errno.h>
  72#include <linux/signal.h>
  73#include <linux/fcntl.h>
  74#include <linux/sched.h>
  75#include <linux/interrupt.h>
  76#include <linux/tty.h>
  77#include <linux/tty_driver.h>
  78#include <linux/tty_flip.h>
  79#include <linux/devpts_fs.h>
  80#include <linux/file.h>
  81#include <linux/fdtable.h>
  82#include <linux/console.h>
  83#include <linux/timer.h>
  84#include <linux/ctype.h>
  85#include <linux/kd.h>
  86#include <linux/mm.h>
  87#include <linux/string.h>
  88#include <linux/slab.h>
  89#include <linux/poll.h>
  90#include <linux/proc_fs.h>
  91#include <linux/init.h>
  92#include <linux/module.h>
  93#include <linux/smp_lock.h>
  94#include <linux/device.h>
  95#include <linux/wait.h>
  96#include <linux/bitops.h>
  97#include <linux/delay.h>
  98#include <linux/seq_file.h>
  99
 100#include <linux/uaccess.h>
 101#include <asm/system.h>
 102
 103#include <linux/kbd_kern.h>
 104#include <linux/vt_kern.h>
 105#include <linux/selection.h>
 106
 107#include <linux/kmod.h>
 108#include <linux/nsproxy.h>
 109
 110#undef TTY_DEBUG_HANGUP
 111
 112#define TTY_PARANOIA_CHECK 1
 113#define CHECK_TTY_COUNT 1
 114
 115struct ktermios tty_std_termios = {        /* for the benefit of tty drivers  */
 116        .c_iflag = ICRNL | IXON,
 117        .c_oflag = OPOST | ONLCR,
 118        .c_cflag = B38400 | CS8 | CREAD | HUPCL,
 119        .c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
 120                   ECHOCTL | ECHOKE | IEXTEN,
 121        .c_cc = INIT_C_CC,
 122        .c_ispeed = 38400,
 123        .c_ospeed = 38400
 124};
 125
 126EXPORT_SYMBOL(tty_std_termios);
 127
 128/* This list gets poked at by procfs and various bits of boot up code. This
 129   could do with some rationalisation such as pulling the tty proc function
 130   into this file */
 131
 132LIST_HEAD(tty_drivers);                        /* linked list of tty drivers */
 133
 134/* Mutex to protect creating and releasing a tty. This is shared with
 135   vt.c for deeply disgusting hack reasons */
 136DEFINE_MUTEX(tty_mutex);
 137EXPORT_SYMBOL(tty_mutex);
 138
 139static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
 140static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
 141ssize_t redirected_tty_write(struct file *, const char __user *,
 142                                                        size_t, loff_t *);
 143static unsigned int tty_poll(struct file *, poll_table *);
 144static int tty_open(struct inode *, struct file *);
 145static int tty_release(struct inode *, struct file *);
 146long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
 147#ifdef CONFIG_COMPAT
 148static long tty_compat_ioctl(struct file *file, unsigned int cmd,
 149                                unsigned long arg);
 150#else
 151#define tty_compat_ioctl NULL
 152#endif
 153static int tty_fasync(int fd, struct file *filp, int on);
 154static void release_tty(struct tty_struct *tty, int idx);
 155static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
 156static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
 157
 158/**
 159 *        alloc_tty_struct        -        allocate a tty object
 160 *
 161 *        Return a new empty tty structure. The data fields have not
 162 *        been initialized in any way but has been zeroed
 163 *
 164 *        Locking: none
 165 */
 166
 167struct tty_struct *alloc_tty_struct(void)
 168{
 169        return kzalloc(sizeof(struct tty_struct), GFP_KERNEL);
 170}
 171
 172/**
 173 *        free_tty_struct                -        free a disused tty
 174 *        @tty: tty struct to free
 175 *
 176 *        Free the write buffers, tty queue and tty memory itself.
 177 *
 178 *        Locking: none. Must be called after tty is definitely unused
 179 */
 180
 181void free_tty_struct(struct tty_struct *tty)
 182{
 183        kfree(tty->write_buf);
 184        tty_buffer_free_all(tty);
 185        kfree(tty);
 186}
 187
 188#define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
 189
 190/**
 191 *        tty_name        -        return tty naming
 192 *        @tty: tty structure
 193 *        @buf: buffer for output
 194 *
 195 *        Convert a tty structure into a name. The name reflects the kernel
 196 *        naming policy and if udev is in use may not reflect user space
 197 *
 198 *        Locking: none
 199 */
 200
 201char *tty_name(struct tty_struct *tty, char *buf)
 202{
 203        if (!tty) /* Hmm.  NULL pointer.  That's fun. */
 204                strcpy(buf, "NULL tty");
 205        else
 206                strcpy(buf, tty->name);
 207        return buf;
 208}
 209
 210EXPORT_SYMBOL(tty_name);
 211
 212int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
 213                              const char *routine)
 214{
 215#ifdef TTY_PARANOIA_CHECK
 216        if (!tty) {
 217                printk(KERN_WARNING
 218                        "null TTY for (%d:%d) in %s\n",
 219                        imajor(inode), iminor(inode), routine);
 220                return 1;
 221        }
 222        if (tty->magic != TTY_MAGIC) {
 223                printk(KERN_WARNING
 224                        "bad magic number for tty struct (%d:%d) in %s\n",
 225                        imajor(inode), iminor(inode), routine);
 226                return 1;
 227        }
 228#endif
 229        return 0;
 230}
 231
 232static int check_tty_count(struct tty_struct *tty, const char *routine)
 233{
 234#ifdef CHECK_TTY_COUNT
 235        struct list_head *p;
 236        int count = 0;
 237
 238        file_list_lock();
 239        list_for_each(p, &tty->tty_files) {
 240                count++;
 241        }
 242        file_list_unlock();
 243        if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
 244            tty->driver->subtype == PTY_TYPE_SLAVE &&
 245            tty->link && tty->link->count)
 246                count++;
 247        if (tty->count != count) {
 248                printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
 249                                    "!= #fd's(%d) in %s\n",
 250                       tty->name, tty->count, count, routine);
 251                return count;
 252        }
 253#endif
 254        return 0;
 255}
 256
 257/**
 258 *        get_tty_driver                -        find device of a tty
 259 *        @dev_t: device identifier
 260 *        @index: returns the index of the tty
 261 *
 262 *        This routine returns a tty driver structure, given a device number
 263 *        and also passes back the index number.
 264 *
 265 *        Locking: caller must hold tty_mutex
 266 */
 267
 268static struct tty_driver *get_tty_driver(dev_t device, int *index)
 269{
 270        struct tty_driver *p;
 271
 272        list_for_each_entry(p, &tty_drivers, tty_drivers) {
 273                dev_t base = MKDEV(p->major, p->minor_start);
 274                if (device < base || device >= base + p->num)
 275                        continue;
 276                *index = device - base;
 277                return tty_driver_kref_get(p);
 278        }
 279        return NULL;
 280}
 281
 282#ifdef CONFIG_CONSOLE_POLL
 283
 284/**
 285 *        tty_find_polling_driver        -        find device of a polled tty
 286 *        @name: name string to match
 287 *        @line: pointer to resulting tty line nr
 288 *
 289 *        This routine returns a tty driver structure, given a name
 290 *        and the condition that the tty driver is capable of polled
 291 *        operation.
 292 */
 293struct tty_driver *tty_find_polling_driver(char *name, int *line)
 294{
 295        struct tty_driver *p, *res = NULL;
 296        int tty_line = 0;
 297        int len;
 298        char *str;
 299
 300        for (str = name; *str; str++)
 301                if ((*str >= '0' && *str <= '9') || *str == ',')
 302                        break;
 303        if (!*str)
 304                return NULL;
 305
 306        len = str - name;
 307        tty_line = simple_strtoul(str, &str, 10);
 308
 309        mutex_lock(&tty_mutex);
 310        /* Search through the tty devices to look for a match */
 311        list_for_each_entry(p, &tty_drivers, tty_drivers) {
 312                if (strncmp(name, p->name, len) != 0)
 313                        continue;
 314                if (*str == ',')
 315                        str++;
 316                if (*str == '\0')
 317                        str = NULL;
 318
 319                if (tty_line >= 0 && tty_line <= p->num && p->ops &&
 320                    p->ops->poll_init && !p->ops->poll_init(p, tty_line, str)) {
 321                        res = tty_driver_kref_get(p);
 322                        *line = tty_line;
 323                        break;
 324                }
 325        }
 326        mutex_unlock(&tty_mutex);
 327
 328        return res;
 329}
 330EXPORT_SYMBOL_GPL(tty_find_polling_driver);
 331#endif
 332
 333/**
 334 *        tty_check_change        -        check for POSIX terminal changes
 335 *        @tty: tty to check
 336 *
 337 *        If we try to write to, or set the state of, a terminal and we're
 338 *        not in the foreground, send a SIGTTOU.  If the signal is blocked or
 339 *        ignored, go ahead and perform the operation.  (POSIX 7.2)
 340 *
 341 *        Locking: ctrl_lock
 342 */
 343
 344int tty_check_change(struct tty_struct *tty)
 345{
 346        unsigned long flags;
 347        int ret = 0;
 348
 349        if (current->signal->tty != tty)
 350                return 0;
 351
 352        spin_lock_irqsave(&tty->ctrl_lock, flags);
 353
 354        if (!tty->pgrp) {
 355                printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n");
 356                goto out_unlock;
 357        }
 358        if (task_pgrp(current) == tty->pgrp)
 359                goto out_unlock;
 360        spin_unlock_irqrestore(&tty->ctrl_lock, flags);
 361        if (is_ignored(SIGTTOU))
 362                goto out;
 363        if (is_current_pgrp_orphaned()) {
 364                ret = -EIO;
 365                goto out;
 366        }
 367        kill_pgrp(task_pgrp(current), SIGTTOU, 1);
 368        set_thread_flag(TIF_SIGPENDING);
 369        ret = -ERESTARTSYS;
 370out:
 371        return ret;
 372out_unlock:
 373        spin_unlock_irqrestore(&tty->ctrl_lock, flags);
 374        return ret;
 375}
 376
 377EXPORT_SYMBOL(tty_check_change);
 378
 379static ssize_t hung_up_tty_read(struct file *file, char __user *buf,
 380                                size_t count, loff_t *ppos)
 381{
 382        return 0;
 383}
 384
 385static ssize_t hung_up_tty_write(struct file *file, const char __user *buf,
 386                                 size_t count, loff_t *ppos)
 387{
 388        return -EIO;
 389}
 390
 391/* No kernel lock held - none needed ;) */
 392static unsigned int hung_up_tty_poll(struct file *filp, poll_table *wait)
 393{
 394        return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
 395}
 396
 397static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
 398                unsigned long arg)
 399{
 400        return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
 401}
 402
 403static long hung_up_tty_compat_ioctl(struct file *file,
 404                                     unsigned int cmd, unsigned long arg)
 405{
 406        return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
 407}
 408
 409static const struct file_operations tty_fops = {
 410        .llseek                = no_llseek,
 411        .read                = tty_read,
 412        .write                = tty_write,
 413        .poll                = tty_poll,
 414        .unlocked_ioctl        = tty_ioctl,
 415        .compat_ioctl        = tty_compat_ioctl,
 416        .open                = tty_open,
 417        .release        = tty_release,
 418        .fasync                = tty_fasync,
 419};
 420
 421static const struct file_operations console_fops = {
 422        .llseek                = no_llseek,
 423        .read                = tty_read,
 424        .write                = redirected_tty_write,
 425        .poll                = tty_poll,
 426        .unlocked_ioctl        = tty_ioctl,
 427        .compat_ioctl        = tty_compat_ioctl,
 428        .open                = tty_open,
 429        .release        = tty_release,
 430        .fasync                = tty_fasync,
 431};
 432
 433static const struct file_operations hung_up_tty_fops = {
 434        .llseek                = no_llseek,
 435        .read                = hung_up_tty_read,
 436        .write                = hung_up_tty_write,
 437        .poll                = hung_up_tty_poll,
 438        .unlocked_ioctl        = hung_up_tty_ioctl,
 439        .compat_ioctl        = hung_up_tty_compat_ioctl,
 440        .release        = tty_release,
 441};
 442
 443static DEFINE_SPINLOCK(redirect_lock);
 444static struct file *redirect;
 445
 446/**
 447 *        tty_wakeup        -        request more data
 448 *        @tty: terminal
 449 *
 450 *        Internal and external helper for wakeups of tty. This function
 451 *        informs the line discipline if present that the driver is ready
 452 *        to receive more output data.
 453 */
 454
 455void tty_wakeup(struct tty_struct *tty)
 456{
 457        struct tty_ldisc *ld;
 458
 459        if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
 460                ld = tty_ldisc_ref(tty);
 461                if (ld) {
 462                        if (ld->ops->write_wakeup)
 463                                ld->ops->write_wakeup(tty);
 464                        tty_ldisc_deref(ld);
 465                }
 466        }
 467        wake_up_interruptible(&tty->write_wait);
 468}
 469
 470EXPORT_SYMBOL_GPL(tty_wakeup);
 471
 472/**
 473 *        tty_ldisc_flush        -        flush line discipline queue
 474 *        @tty: tty
 475 *
 476 *        Flush the line discipline queue (if any) for this tty. If there
 477 *        is no line discipline active this is a no-op.
 478 */
 479
 480void tty_ldisc_flush(struct tty_struct *tty)
 481{
 482        struct tty_ldisc *ld = tty_ldisc_ref(tty);
 483        if (ld) {
 484                if (ld->ops->flush_buffer)
 485                        ld->ops->flush_buffer(tty);
 486                tty_ldisc_deref(ld);
 487        }
 488        tty_buffer_flush(tty);
 489}
 490
 491EXPORT_SYMBOL_GPL(tty_ldisc_flush);
 492
 493/**
 494 *        tty_reset_termios        -        reset terminal state
 495 *        @tty: tty to reset
 496 *
 497 *        Restore a terminal to the driver default state
 498 */
 499
 500static void tty_reset_termios(struct tty_struct *tty)
 501{
 502        mutex_lock(&tty->termios_mutex);
 503        *tty->termios = tty->driver->init_termios;
 504        tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
 505        tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
 506        mutex_unlock(&tty->termios_mutex);
 507}
 508
 509/**
 510 *        do_tty_hangup                -        actual handler for hangup events
 511 *        @work: tty device
 512 *
 513 *        This can be called by the "eventd" kernel thread.  That is process
 514 *        synchronous but doesn't hold any locks, so we need to make sure we
 515 *        have the appropriate locks for what we're doing.
 516 *
 517 *        The hangup event clears any pending redirections onto the hung up
 518 *        device. It ensures future writes will error and it does the needed
 519 *        line discipline hangup and signal delivery. The tty object itself
 520 *        remains intact.
 521 *
 522 *        Locking:
 523 *                BKL
 524 *                  redirect lock for undoing redirection
 525 *                  file list lock for manipulating list of ttys
 526 *                  tty_ldisc_lock from called functions
 527 *                  termios_mutex resetting termios data
 528 *                  tasklist_lock to walk task list for hangup event
 529 *                    ->siglock to protect ->signal/->sighand
 530 */
 531static void do_tty_hangup(struct work_struct *work)
 532{
 533        struct tty_struct *tty =
 534                container_of(work, struct tty_struct, hangup_work);
 535        struct file *cons_filp = NULL;
 536        struct file *filp, *f = NULL;
 537        struct task_struct *p;
 538        struct tty_ldisc *ld;
 539        int    closecount = 0, n;
 540        unsigned long flags;
 541        int refs = 0;
 542
 543        if (!tty)
 544                return;
 545
 546        /* inuse_filps is protected by the single kernel lock */
 547        lock_kernel();
 548
 549        spin_lock(&redirect_lock);
 550        if (redirect && redirect->private_data == tty) {
 551                f = redirect;
 552                redirect = NULL;
 553        }
 554        spin_unlock(&redirect_lock);
 555
 556        check_tty_count(tty, "do_tty_hangup");
 557        file_list_lock();
 558        /* This breaks for file handles being sent over AF_UNIX sockets ? */
 559        list_for_each_entry(filp, &tty->tty_files, f_u.fu_list) {
 560                if (filp->f_op->write == redirected_tty_write)
 561                        cons_filp = filp;
 562                if (filp->f_op->write != tty_write)
 563                        continue;
 564                closecount++;
 565                tty_fasync(-1, filp, 0);        /* can't block */
 566                filp->f_op = &hung_up_tty_fops;
 567        }
 568        file_list_unlock();
 569        /*
 570         * FIXME! What are the locking issues here? This may me overdoing
 571         * things... This question is especially important now that we've
 572         * removed the irqlock.
 573         */
 574        ld = tty_ldisc_ref(tty);
 575        if (ld != NULL) {
 576                /* We may have no line discipline at this point */
 577                if (ld->ops->flush_buffer)
 578                        ld->ops->flush_buffer(tty);
 579                tty_driver_flush_buffer(tty);
 580                if ((test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) &&
 581                    ld->ops->write_wakeup)
 582                        ld->ops->write_wakeup(tty);
 583                if (ld->ops->hangup)
 584                        ld->ops->hangup(tty);
 585        }
 586        /*
 587         * FIXME: Once we trust the LDISC code better we can wait here for
 588         * ldisc completion and fix the driver call race
 589         */
 590        wake_up_interruptible(&tty->write_wait);
 591        wake_up_interruptible(&tty->read_wait);
 592        /*
 593         * Shutdown the current line discipline, and reset it to
 594         * N_TTY.
 595         */
 596        if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
 597                tty_reset_termios(tty);
 598        /* Defer ldisc switch */
 599        /* tty_deferred_ldisc_switch(N_TTY);
 600
 601          This should get done automatically when the port closes and
 602          tty_release is called */
 603
 604        read_lock(&tasklist_lock);
 605        if (tty->session) {
 606                do_each_pid_task(tty->session, PIDTYPE_SID, p) {
 607                        spin_lock_irq(&p->sighand->siglock);
 608                        if (p->signal->tty == tty) {
 609                                p->signal->tty = NULL;
 610                                /* We defer the dereferences outside fo
 611                                   the tasklist lock */
 612                                refs++;
 613                        }
 614                        if (!p->signal->leader) {
 615                                spin_unlock_irq(&p->sighand->siglock);
 616                                continue;
 617                        }
 618                        __group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
 619                        __group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
 620                        put_pid(p->signal->tty_old_pgrp);  /* A noop */
 621                        spin_lock_irqsave(&tty->ctrl_lock, flags);
 622                        if (tty->pgrp)
 623                                p->signal->tty_old_pgrp = get_pid(tty->pgrp);
 624                        spin_unlock_irqrestore(&tty->ctrl_lock, flags);
 625                        spin_unlock_irq(&p->sighand->siglock);
 626                } while_each_pid_task(tty->session, PIDTYPE_SID, p);
 627        }
 628        read_unlock(&tasklist_lock);
 629
 630        spin_lock_irqsave(&tty->ctrl_lock, flags);
 631        tty->flags = 0;
 632        put_pid(tty->session);
 633        put_pid(tty->pgrp);
 634        tty->session = NULL;
 635        tty->pgrp = NULL;
 636        tty->ctrl_status = 0;
 637        spin_unlock_irqrestore(&tty->ctrl_lock, flags);
 638
 639        /* Account for the p->signal references we killed */
 640        while (refs--)
 641                tty_kref_put(tty);
 642
 643        /*
 644         * If one of the devices matches a console pointer, we
 645         * cannot just call hangup() because that will cause
 646         * tty->count and state->count to go out of sync.
 647         * So we just call close() the right number of times.
 648         */
 649        if (cons_filp) {
 650                if (tty->ops->close)
 651                        for (n = 0; n < closecount; n++)
 652                                tty->ops->close(tty, cons_filp);
 653        } else if (tty->ops->hangup)
 654                (tty->ops->hangup)(tty);
 655        /*
 656         * We don't want to have driver/ldisc interactions beyond
 657         * the ones we did here. The driver layer expects no
 658         * calls after ->hangup() from the ldisc side. However we
 659         * can't yet guarantee all that.
 660         */
 661        set_bit(TTY_HUPPED, &tty->flags);
 662        if (ld) {
 663                tty_ldisc_enable(tty);
 664                tty_ldisc_deref(ld);
 665        }
 666        unlock_kernel();
 667        if (f)
 668                fput(f);
 669}
 670
 671/**
 672 *        tty_hangup                -        trigger a hangup event
 673 *        @tty: tty to hangup
 674 *
 675 *        A carrier loss (virtual or otherwise) has occurred on this like
 676 *        schedule a hangup sequence to run after this event.
 677 */
 678
 679void tty_hangup(struct tty_struct *tty)
 680{
 681#ifdef TTY_DEBUG_HANGUP
 682        char        buf[64];
 683        printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
 684#endif
 685        schedule_work(&tty->hangup_work);
 686}
 687
 688EXPORT_SYMBOL(tty_hangup);
 689
 690/**
 691 *        tty_vhangup                -        process vhangup
 692 *        @tty: tty to hangup
 693 *
 694 *        The user has asked via system call for the terminal to be hung up.
 695 *        We do this synchronously so that when the syscall returns the process
 696 *        is complete. That guarantee is necessary for security reasons.
 697 */
 698
 699void tty_vhangup(struct tty_struct *tty)
 700{
 701#ifdef TTY_DEBUG_HANGUP
 702        char        buf[64];
 703
 704        printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
 705#endif
 706        do_tty_hangup(&tty->hangup_work);
 707}
 708
 709EXPORT_SYMBOL(tty_vhangup);
 710
 711/**
 712 *        tty_vhangup_self        -        process vhangup for own ctty
 713 *
 714 *        Perform a vhangup on the current controlling tty
 715 */
 716
 717void tty_vhangup_self(void)
 718{
 719        struct tty_struct *tty;
 720
 721        tty = get_current_tty();
 722        if (tty) {
 723                tty_vhangup(tty);
 724                tty_kref_put(tty);
 725        }
 726}
 727
 728/**
 729 *        tty_hung_up_p                -        was tty hung up
 730 *        @filp: file pointer of tty
 731 *
 732 *        Return true if the tty has been subject to a vhangup or a carrier
 733 *        loss
 734 */
 735
 736int tty_hung_up_p(struct file *filp)
 737{
 738        return (filp->f_op == &hung_up_tty_fops);
 739}
 740
 741EXPORT_SYMBOL(tty_hung_up_p);
 742
 743static void session_clear_tty(struct pid *session)
 744{
 745        struct task_struct *p;
 746        do_each_pid_task(session, PIDTYPE_SID, p) {
 747                proc_clear_tty(p);
 748        } while_each_pid_task(session, PIDTYPE_SID, p);
 749}
 750
 751/**
 752 *        disassociate_ctty        -        disconnect controlling tty
 753 *        @on_exit: true if exiting so need to "hang up" the session
 754 *
 755 *        This function is typically called only by the session leader, when
 756 *        it wants to disassociate itself from its controlling tty.
 757 *
 758 *        It performs the following functions:
 759 *         (1)  Sends a SIGHUP and SIGCONT to the foreground process group
 760 *         (2)  Clears the tty from being controlling the session
 761 *         (3)  Clears the controlling tty for all processes in the
 762 *                 session group.
 763 *
 764 *        The argument on_exit is set to 1 if called when a process is
 765 *        exiting; it is 0 if called by the ioctl TIOCNOTTY.
 766 *
 767 *        Locking:
 768 *                BKL is taken for hysterical raisins
 769 *                  tty_mutex is taken to protect tty
 770 *                  ->siglock is taken to protect ->signal/->sighand
 771 *                  tasklist_lock is taken to walk process list for sessions
 772 *                    ->siglock is taken to protect ->signal/->sighand
 773 */
 774
 775void disassociate_ctty(int on_exit)
 776{
 777        struct tty_struct *tty;
 778        struct pid *tty_pgrp = NULL;
 779
 780
 781        tty = get_current_tty();
 782        if (tty) {
 783                tty_pgrp = get_pid(tty->pgrp);
 784                lock_kernel();
 785                if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY)
 786                        tty_vhangup(tty);
 787                unlock_kernel();
 788                tty_kref_put(tty);
 789        } else if (on_exit) {
 790                struct pid *old_pgrp;
 791                spin_lock_irq(&current->sighand->siglock);
 792                old_pgrp = current->signal->tty_old_pgrp;
 793                current->signal->tty_old_pgrp = NULL;
 794                spin_unlock_irq(&current->sighand->siglock);
 795                if (old_pgrp) {
 796                        kill_pgrp(old_pgrp, SIGHUP, on_exit);
 797                        kill_pgrp(old_pgrp, SIGCONT, on_exit);
 798                        put_pid(old_pgrp);
 799                }
 800                return;
 801        }
 802        if (tty_pgrp) {
 803                kill_pgrp(tty_pgrp, SIGHUP, on_exit);
 804                if (!on_exit)
 805                        kill_pgrp(tty_pgrp, SIGCONT, on_exit);
 806                put_pid(tty_pgrp);
 807        }
 808
 809        spin_lock_irq(&current->sighand->siglock);
 810        put_pid(current->signal->tty_old_pgrp);
 811        current->signal->tty_old_pgrp = NULL;
 812        spin_unlock_irq(&current->sighand->siglock);
 813
 814        tty = get_current_tty();
 815        if (tty) {
 816                unsigned long flags;
 817                spin_lock_irqsave(&tty->ctrl_lock, flags);
 818                put_pid(tty->session);
 819                put_pid(tty->pgrp);
 820                tty->session = NULL;
 821                tty->pgrp = NULL;
 822                spin_unlock_irqrestore(&tty->ctrl_lock, flags);
 823                tty_kref_put(tty);
 824        } else {
 825#ifdef TTY_DEBUG_HANGUP
 826                printk(KERN_DEBUG "error attempted to write to tty [0x%p]"
 827                       " = NULL", tty);
 828#endif
 829        }
 830
 831        /* Now clear signal->tty under the lock */
 832        read_lock(&tasklist_lock);
 833        session_clear_tty(task_session(current));
 834        read_unlock(&tasklist_lock);
 835}
 836
 837/**
 838 *
 839 *        no_tty        - Ensure the current process does not have a controlling tty
 840 */
 841void no_tty(void)
 842{
 843        struct task_struct *tsk = current;
 844        lock_kernel();
 845        if (tsk->signal->leader)
 846                disassociate_ctty(0);
 847        unlock_kernel();
 848        proc_clear_tty(tsk);
 849}
 850
 851
 852/**
 853 *        stop_tty        -        propagate flow control
 854 *        @tty: tty to stop
 855 *
 856 *        Perform flow control to the driver. For PTY/TTY pairs we
 857 *        must also propagate the TIOCKPKT status. May be called
 858 *        on an already stopped device and will not re-call the driver
 859 *        method.
 860 *
 861 *        This functionality is used by both the line disciplines for
 862 *        halting incoming flow and by the driver. It may therefore be
 863 *        called from any context, may be under the tty atomic_write_lock
 864 *        but not always.
 865 *
 866 *        Locking:
 867 *                Uses the tty control lock internally
 868 */
 869
 870void stop_tty(struct tty_struct *tty)
 871{
 872        unsigned long flags;
 873        spin_lock_irqsave(&tty->ctrl_lock, flags);
 874        if (tty->stopped) {
 875                spin_unlock_irqrestore(&tty->ctrl_lock, flags);
 876                return;
 877        }
 878        tty->stopped = 1;
 879        if (tty->link && tty->link->packet) {
 880                tty->ctrl_status &= ~TIOCPKT_START;
 881                tty->ctrl_status |= TIOCPKT_STOP;
 882                wake_up_interruptible(&tty->link->read_wait);
 883        }
 884        spin_unlock_irqrestore(&tty->ctrl_lock, flags);
 885        if (tty->ops->stop)
 886                (tty->ops->stop)(tty);
 887}
 888
 889EXPORT_SYMBOL(stop_tty);
 890
 891/**
 892 *        start_tty        -        propagate flow control
 893 *        @tty: tty to start
 894 *
 895 *        Start a tty that has been stopped if at all possible. Perform
 896 *        any necessary wakeups and propagate the TIOCPKT status. If this
 897 *        is the tty was previous stopped and is being started then the
 898 *        driver start method is invoked and the line discipline woken.
 899 *
 900 *        Locking:
 901 *                ctrl_lock
 902 */
 903
 904void start_tty(struct tty_struct *tty)
 905{
 906        unsigned long flags;
 907        spin_lock_irqsave(&tty->ctrl_lock, flags);
 908        if (!tty->stopped || tty->flow_stopped) {
 909                spin_unlock_irqrestore(&tty->ctrl_lock, flags);
 910                return;
 911        }
 912        tty->stopped = 0;
 913        if (tty->link && tty->link->packet) {
 914                tty->ctrl_status &= ~TIOCPKT_STOP;
 915                tty->ctrl_status |= TIOCPKT_START;
 916                wake_up_interruptible(&tty->link->read_wait);
 917        }
 918        spin_unlock_irqrestore(&tty->ctrl_lock, flags);
 919        if (tty->ops->start)
 920                (tty->ops->start)(tty);
 921        /* If we have a running line discipline it may need kicking */
 922        tty_wakeup(tty);
 923}
 924
 925EXPORT_SYMBOL(start_tty);
 926
 927/**
 928 *        tty_read        -        read method for tty device files
 929 *        @file: pointer to tty file
 930 *        @buf: user buffer
 931 *        @count: size of user buffer
 932 *        @ppos: unused
 933 *
 934 *        Perform the read system call function on this terminal device. Checks
 935 *        for hung up devices before calling the line discipline method.
 936 *
 937 *        Locking:
 938 *                Locks the line discipline internally while needed. Multiple
 939 *        read calls may be outstanding in parallel.
 940 */
 941
 942static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
 943                        loff_t *ppos)
 944{
 945        int i;
 946        struct tty_struct *tty;
 947        struct inode *inode;
 948        struct tty_ldisc *ld;
 949
 950        tty = (struct tty_struct *)file->private_data;
 951        inode = file->f_path.dentry->d_inode;
 952        if (tty_paranoia_check(tty, inode, "tty_read"))
 953                return -EIO;
 954        if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
 955                return -EIO;
 956
 957        /* We want to wait for the line discipline to sort out in this
 958           situation */
 959        ld = tty_ldisc_ref_wait(tty);
 960        if (ld->ops->read)
 961                i = (ld->ops->read)(tty, file, buf, count);
 962        else
 963                i = -EIO;
 964        tty_ldisc_deref(ld);
 965        if (i > 0)
 966                inode->i_atime = current_fs_time(inode->i_sb);
 967        return i;
 968}
 969
 970void tty_write_unlock(struct tty_struct *tty)
 971{
 972        mutex_unlock(&tty->atomic_write_lock);
 973        wake_up_interruptible(&tty->write_wait);
 974}
 975
 976int tty_write_lock(struct tty_struct *tty, int ndelay)
 977{
 978        if (!mutex_trylock(&tty->atomic_write_lock)) {
 979                if (ndelay)
 980                        return -EAGAIN;
 981                if (mutex_lock_interruptible(&tty->atomic_write_lock))
 982                        return -ERESTARTSYS;
 983        }
 984        return 0;
 985}
 986
 987/*
 988 * Split writes up in sane blocksizes to avoid
 989 * denial-of-service type attacks
 990 */
 991static inline ssize_t do_tty_write(
 992        ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
 993        struct tty_struct *tty,
 994        struct file *file,
 995        const char __user *buf,
 996        size_t count)
 997{
 998        ssize_t ret, written = 0;
 999        unsigned int chunk;
1000
1001        ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
1002        if (ret < 0)
1003                return ret;
1004
1005        /*
1006         * We chunk up writes into a temporary buffer. This
1007         * simplifies low-level drivers immensely, since they
1008         * don't have locking issues and user mode accesses.
1009         *
1010         * But if TTY_NO_WRITE_SPLIT is set, we should use a
1011         * big chunk-size..
1012         *
1013         * The default chunk-size is 2kB, because the NTTY
1014         * layer has problems with bigger chunks. It will
1015         * claim to be able to handle more characters than
1016         * it actually does.
1017         *
1018         * FIXME: This can probably go away now except that 64K chunks
1019         * are too likely to fail unless switched to vmalloc...
1020         */
1021        chunk = 2048;
1022        if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1023                chunk = 65536;
1024        if (count < chunk)
1025                chunk = count;
1026
1027        /* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1028        if (tty->write_cnt < chunk) {
1029                unsigned char *buf_chunk;
1030
1031                if (chunk < 1024)
1032                        chunk = 1024;
1033
1034                buf_chunk = kmalloc(chunk, GFP_KERNEL);
1035                if (!buf_chunk) {
1036                        ret = -ENOMEM;
1037                        goto out;
1038                }
1039                kfree(tty->write_buf);
1040                tty->write_cnt = chunk;
1041                tty->write_buf = buf_chunk;
1042        }
1043
1044        /* Do the write .. */
1045        for (;;) {
1046                size_t size = count;
1047                if (size > chunk)
1048                        size = chunk;
1049                ret = -EFAULT;
1050                if (copy_from_user(tty->write_buf, buf, size))
1051                        break;
1052                ret = write(tty, file, tty->write_buf, size);
1053                if (ret <= 0)
1054                        break;
1055                written += ret;
1056                buf += ret;
1057                count -= ret;
1058                if (!count)
1059                        break;
1060                ret = -ERESTARTSYS;
1061                if (signal_pending(current))
1062                        break;
1063                cond_resched();
1064        }
1065        if (written) {
1066                struct inode *inode = file->f_path.dentry->d_inode;
1067                inode->i_mtime = current_fs_time(inode->i_sb);
1068                ret = written;
1069        }
1070out:
1071        tty_write_unlock(tty);
1072        return ret;
1073}
1074
1075/**
1076 * tty_write_message - write a message to a certain tty, not just the console.
1077 * @tty: the destination tty_struct
1078 * @msg: the message to write
1079 *
1080 * This is used for messages that need to be redirected to a specific tty.
1081 * We don't put it into the syslog queue right now maybe in the future if
1082 * really needed.
1083 *
1084 * We must still hold the BKL and test the CLOSING flag for the moment.
1085 */
1086
1087void tty_write_message(struct tty_struct *tty, char *msg)
1088{
1089        lock_kernel();
1090        if (tty) {
1091                mutex_lock(&tty->atomic_write_lock);
1092                if (tty->ops->write && !test_bit(TTY_CLOSING, &tty->flags))
1093                        tty->ops->write(tty, msg, strlen(msg));
1094                tty_write_unlock(tty);
1095        }
1096        unlock_kernel();
1097        return;
1098}
1099
1100
1101/**
1102 *        tty_write                -        write method for tty device file
1103 *        @file: tty file pointer
1104 *        @buf: user data to write
1105 *        @count: bytes to write
1106 *        @ppos: unused
1107 *
1108 *        Write data to a tty device via the line discipline.
1109 *
1110 *        Locking:
1111 *                Locks the line discipline as required
1112 *                Writes to the tty driver are serialized by the atomic_write_lock
1113 *        and are then processed in chunks to the device. The line discipline
1114 *        write method will not be involked in parallel for each device
1115 *                The line discipline write method is called under the big
1116 *        kernel lock for historical reasons. New code should not rely on this.
1117 */
1118
1119static ssize_t tty_write(struct file *file, const char __user *buf,
1120                                                size_t count, loff_t *ppos)
1121{
1122        struct tty_struct *tty;
1123        struct inode *inode = file->f_path.dentry->d_inode;
1124        ssize_t ret;
1125        struct tty_ldisc *ld;
1126
1127        tty = (struct tty_struct *)file->private_data;
1128        if (tty_paranoia_check(tty, inode, "tty_write"))
1129                return -EIO;
1130        if (!tty || !tty->ops->write ||
1131                (test_bit(TTY_IO_ERROR, &tty->flags)))
1132                        return -EIO;
1133        /* Short term debug to catch buggy drivers */
1134        if (tty->ops->write_room == NULL)
1135                printk(KERN_ERR "tty driver %s lacks a write_room method.\n",
1136                        tty->driver->name);
1137        ld = tty_ldisc_ref_wait(tty);
1138        if (!ld->ops->write)
1139                ret = -EIO;
1140        else
1141                ret = do_tty_write(ld->ops->write, tty, file, buf, count);
1142        tty_ldisc_deref(ld);
1143        return ret;
1144}
1145
1146ssize_t redirected_tty_write(struct file *file, const char __user *buf,
1147                                                size_t count, loff_t *ppos)
1148{
1149        struct file *p = NULL;
1150
1151        spin_lock(&redirect_lock);
1152        if (redirect) {
1153                get_file(redirect);
1154                p = redirect;
1155        }
1156        spin_unlock(&redirect_lock);
1157
1158        if (p) {
1159                ssize_t res;
1160                res = vfs_write(p, buf, count, &p->f_pos);
1161                fput(p);
1162                return res;
1163        }
1164        return tty_write(file, buf, count, ppos);
1165}
1166
1167static char ptychar[] = "pqrstuvwxyzabcde";
1168
1169/**
1170 *        pty_line_name        -        generate name for a pty
1171 *        @driver: the tty driver in use
1172 *        @index: the minor number
1173 *        @p: output buffer of at least 6 bytes
1174 *
1175 *        Generate a name from a driver reference and write it to the output
1176 *        buffer.
1177 *
1178 *        Locking: None
1179 */
1180static void pty_line_name(struct tty_driver *driver, int index, char *p)
1181{
1182        int i = index + driver->name_base;
1183        /* ->name is initialized to "ttyp", but "tty" is expected */
1184        sprintf(p, "%s%c%x",
1185                driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1186                ptychar[i >> 4 & 0xf], i & 0xf);
1187}
1188
1189/**
1190 *        tty_line_name        -        generate name for a tty
1191 *        @driver: the tty driver in use
1192 *        @index: the minor number
1193 *        @p: output buffer of at least 7 bytes
1194 *
1195 *        Generate a name from a driver reference and write it to the output
1196 *        buffer.
1197 *
1198 *        Locking: None
1199 */
1200static void tty_line_name(struct tty_driver *driver, int index, char *p)
1201{
1202        sprintf(p, "%s%d", driver->name, index + driver->name_base);
1203}
1204
1205/**
1206 *        tty_driver_lookup_tty() - find an existing tty, if any
1207 *        @driver: the driver for the tty
1208 *        @idx:         the minor number
1209 *
1210 *        Return the tty, if found or ERR_PTR() otherwise.
1211 *
1212 *        Locking: tty_mutex must be held. If tty is found, the mutex must
1213 *        be held until the 'fast-open' is also done. Will change once we
1214 *        have refcounting in the driver and per driver locking
1215 */
1216struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver,
1217                struct inode *inode, int idx)
1218{
1219        struct tty_struct *tty;
1220
1221        if (driver->ops->lookup)
1222                return driver->ops->lookup(driver, inode, idx);
1223
1224        tty = driver->ttys[idx];
1225        return tty;
1226}
1227
1228/**
1229 *        tty_init_termios        -  helper for termios setup
1230 *        @tty: the tty to set up
1231 *
1232 *        Initialise the termios structures for this tty. Thus runs under
1233 *        the tty_mutex currently so we can be relaxed about ordering.
1234 */
1235
1236int tty_init_termios(struct tty_struct *tty)
1237{
1238        struct ktermios *tp;
1239        int idx = tty->index;
1240
1241        tp = tty->driver->termios[idx];
1242        if (tp == NULL) {
1243                tp = kzalloc(sizeof(struct ktermios[2]), GFP_KERNEL);
1244                if (tp == NULL)
1245                        return -ENOMEM;
1246                memcpy(tp, &tty->driver->init_termios,
1247                                                sizeof(struct ktermios));
1248                tty->driver->termios[idx] = tp;
1249        }
1250        tty->termios = tp;
1251        tty->termios_locked = tp + 1;
1252
1253        /* Compatibility until drivers always set this */
1254        tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
1255        tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
1256        return 0;
1257}
1258
1259/**
1260 *        tty_driver_install_tty() - install a tty entry in the driver
1261 *        @driver: the driver for the tty
1262 *        @tty: the tty
1263 *
1264 *        Install a tty object into the driver tables. The tty->index field
1265 *        will be set by the time this is called. This method is responsible
1266 *        for ensuring any need additional structures are allocated and
1267 *        configured.
1268 *
1269 *        Locking: tty_mutex for now
1270 */
1271static int tty_driver_install_tty(struct tty_driver *driver,
1272                                                struct tty_struct *tty)
1273{
1274        int idx = tty->index;
1275
1276        if (driver->ops->install)
1277                return driver->ops->install(driver, tty);
1278
1279        if (tty_init_termios(tty) == 0) {
1280                tty_driver_kref_get(driver);
1281                tty->count++;
1282                driver->ttys[idx] = tty;
1283                return 0;
1284        }
1285        return -ENOMEM;
1286}
1287
1288/**
1289 *        tty_driver_remove_tty() - remove a tty from the driver tables
1290 *        @driver: the driver for the tty
1291 *        @idx:         the minor number
1292 *
1293 *        Remvoe a tty object from the driver tables. The tty->index field
1294 *        will be set by the time this is called.
1295 *
1296 *        Locking: tty_mutex for now
1297 */
1298static void tty_driver_remove_tty(struct tty_driver *driver,
1299                                                struct tty_struct *tty)
1300{
1301        if (driver->ops->remove)
1302                driver->ops->remove(driver, tty);
1303        else
1304                driver->ttys[tty->index] = NULL;
1305}
1306
1307/*
1308 *         tty_reopen()        - fast re-open of an open tty
1309 *         @tty        - the tty to open
1310 *
1311 *        Return 0 on success, -errno on error.
1312 *
1313 *        Locking: tty_mutex must be held from the time the tty was found
1314 *                 till this open completes.
1315 */
1316static int tty_reopen(struct tty_struct *tty)
1317{
1318        struct tty_driver *driver = tty->driver;
1319
1320        if (test_bit(TTY_CLOSING, &tty->flags))
1321                return -EIO;
1322
1323        if (driver->type == TTY_DRIVER_TYPE_PTY &&
1324            driver->subtype == PTY_TYPE_MASTER) {
1325                /*
1326                 * special case for PTY masters: only one open permitted,
1327                 * and the slave side open count is incremented as well.
1328                 */
1329                if (tty->count)
1330                        return -EIO;
1331
1332                tty->link->count++;
1333        }
1334        tty->count++;
1335        tty->driver = driver; /* N.B. why do this every time?? */
1336
1337        WARN_ON(!test_bit(TTY_LDISC, &tty->flags));
1338
1339        return 0;
1340}
1341
1342/**
1343 *        tty_init_dev                -        initialise a tty device
1344 *        @driver: tty driver we are opening a device on
1345 *        @idx: device index
1346 *        @ret_tty: returned tty structure
1347 *        @first_ok: ok to open a new device (used by ptmx)
1348 *
1349 *        Prepare a tty device. This may not be a "new" clean device but
1350 *        could also be an active device. The pty drivers require special
1351 *        handling because of this.
1352 *
1353 *        Locking:
1354 *                The function is called under the tty_mutex, which
1355 *        protects us from the tty struct or driver itself going away.
1356 *
1357 *        On exit the tty device has the line discipline attached and
1358 *        a reference count of 1. If a pair was created for pty/tty use
1359 *        and the other was a pty master then it too has a reference count of 1.
1360 *
1361 * WSH 06/09/97: Rewritten to remove races and properly clean up after a
1362 * failed open.  The new code protects the open with a mutex, so it's
1363 * really quite straightforward.  The mutex locking can probably be
1364 * relaxed for the (most common) case of reopening a tty.
1365 */
1366
1367struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx,
1368                                                                int first_ok)
1369{
1370        struct tty_struct *tty;
1371        int retval;
1372
1373        /* Check if pty master is being opened multiple times */
1374        if (driver->subtype == PTY_TYPE_MASTER &&
1375                (driver->flags & TTY_DRIVER_DEVPTS_MEM) && !first_ok)
1376                return ERR_PTR(-EIO);
1377
1378        /*
1379         * First time open is complex, especially for PTY devices.
1380         * This code guarantees that either everything succeeds and the
1381         * TTY is ready for operation, or else the table slots are vacated
1382         * and the allocated memory released.  (Except that the termios
1383         * and locked termios may be retained.)
1384         */
1385
1386        if (!try_module_get(driver->owner))
1387                return ERR_PTR(-ENODEV);
1388
1389        tty = alloc_tty_struct();
1390        if (!tty)
1391                goto fail_no_mem;
1392        initialize_tty_struct(tty, driver, idx);
1393
1394        retval = tty_driver_install_tty(driver, tty);
1395        if (retval < 0) {
1396                free_tty_struct(tty);
1397                module_put(driver->owner);
1398                return ERR_PTR(retval);
1399        }
1400
1401        /*
1402         * Structures all installed ... call the ldisc open routines.
1403         * If we fail here just call release_tty to clean up.  No need
1404         * to decrement the use counts, as release_tty doesn't care.
1405         */
1406
1407        retval = tty_ldisc_setup(tty, tty->link);
1408        if (retval)
1409                goto release_mem_out;
1410        return tty;
1411
1412fail_no_mem:
1413        module_put(driver->owner);
1414        return ERR_PTR(-ENOMEM);
1415
1416        /* call the tty release_tty routine to clean out this slot */
1417release_mem_out:
1418        if (printk_ratelimit())
1419                printk(KERN_INFO "tty_init_dev: ldisc open failed, "
1420                                 "clearing slot %d\n", idx);
1421        release_tty(tty, idx);
1422        return ERR_PTR(retval);
1423}
1424
1425void tty_free_termios(struct tty_struct *tty)
1426{
1427        struct ktermios *tp;
1428        int idx = tty->index;
1429        /* Kill this flag and push into drivers for locking etc */
1430        if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
1431                /* FIXME: Locking on ->termios array */
1432                tp = tty->termios;
1433                tty->driver->termios[idx] = NULL;
1434                kfree(tp);
1435        }
1436}
1437EXPORT_SYMBOL(tty_free_termios);
1438
1439void tty_shutdown(struct tty_struct *tty)
1440{
1441        tty_driver_remove_tty(tty->driver, tty);
1442        tty_free_termios(tty);
1443}
1444EXPORT_SYMBOL(tty_shutdown);
1445
1446/**
1447 *        release_one_tty                -        release tty structure memory
1448 *        @kref: kref of tty we are obliterating
1449 *
1450 *        Releases memory associated with a tty structure, and clears out the
1451 *        driver table slots. This function is called when a device is no longer
1452 *        in use. It also gets called when setup of a device fails.
1453 *
1454 *        Locking:
1455 *                tty_mutex - sometimes only
1456 *                takes the file list lock internally when working on the list
1457 *        of ttys that the driver keeps.
1458 */
1459static void release_one_tty(struct kref *kref)
1460{
1461        struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
1462        struct tty_driver *driver = tty->driver;
1463
1464        if (tty->ops->shutdown)
1465                tty->ops->shutdown(tty);
1466        else
1467                tty_shutdown(tty);
1468        tty->magic = 0;
1469        tty_driver_kref_put(driver);
1470        module_put(driver->owner);
1471
1472        file_list_lock();
1473        list_del_init(&tty->tty_files);
1474        file_list_unlock();
1475
1476        free_tty_struct(tty);
1477}
1478
1479/**
1480 *        tty_kref_put                -        release a tty kref
1481 *        @tty: tty device
1482 *
1483 *        Release a reference to a tty device and if need be let the kref
1484 *        layer destruct the object for us
1485 */
1486
1487void tty_kref_put(struct tty_struct *tty)
1488{
1489        if (tty)
1490                kref_put(&tty->kref, release_one_tty);
1491}
1492EXPORT_SYMBOL(tty_kref_put);
1493
1494/**
1495 *        release_tty                -        release tty structure memory
1496 *
1497 *        Release both @tty and a possible linked partner (think pty pair),
1498 *        and decrement the refcount of the backing module.
1499 *
1500 *        Locking:
1501 *                tty_mutex - sometimes only
1502 *                takes the file list lock internally when working on the list
1503 *        of ttys that the driver keeps.
1504 *                FIXME: should we require tty_mutex is held here ??
1505 *
1506 */
1507static void release_tty(struct tty_struct *tty, int idx)
1508{
1509        /* This should always be true but check for the moment */
1510        WARN_ON(tty->index != idx);
1511
1512        if (tty->link)
1513                tty_kref_put(tty->link);
1514        tty_kref_put(tty);
1515}
1516
1517/*
1518 * Even releasing the tty structures is a tricky business.. We have
1519 * to be very careful that the structures are all released at the
1520 * same time, as interrupts might otherwise get the wrong pointers.
1521 *
1522 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1523 * lead to double frees or releasing memory still in use.
1524 */
1525void tty_release_dev(struct file *filp)
1526{
1527        struct tty_struct *tty, *o_tty;
1528        int        pty_master, tty_closing, o_tty_closing, do_sleep;
1529        int        devpts;
1530        int        idx;
1531        char        buf[64];
1532        struct         inode *inode;
1533
1534        inode = filp->f_path.dentry->d_inode;
1535        tty = (struct tty_struct *)filp->private_data;
1536        if (tty_paranoia_check(tty, inode, "tty_release_dev"))
1537                return;
1538
1539        check_tty_count(tty, "tty_release_dev");
1540
1541        tty_fasync(-1, filp, 0);
1542
1543        idx = tty->index;
1544        pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1545                      tty->driver->subtype == PTY_TYPE_MASTER);
1546        devpts = (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) != 0;
1547        o_tty = tty->link;
1548
1549#ifdef TTY_PARANOIA_CHECK
1550        if (idx < 0 || idx >= tty->driver->num) {
1551                printk(KERN_DEBUG "tty_release_dev: bad idx when trying to "
1552                                  "free (%s)\n", tty->name);
1553                return;
1554        }
1555        if (!devpts) {
1556                if (tty != tty->driver->ttys[idx]) {
1557                        printk(KERN_DEBUG "tty_release_dev: driver.table[%d] not tty "
1558                               "for (%s)\n", idx, tty->name);
1559                        return;
1560                }
1561                if (tty->termios != tty->driver->termios[idx]) {
1562                        printk(KERN_DEBUG "tty_release_dev: driver.termios[%d] not termios "
1563                               "for (%s)\n",
1564                               idx, tty->name);
1565                        return;
1566                }
1567        }
1568#endif
1569
1570#ifdef TTY_DEBUG_HANGUP
1571        printk(KERN_DEBUG "tty_release_dev of %s (tty count=%d)...",
1572               tty_name(tty, buf), tty->count);
1573#endif
1574
1575#ifdef TTY_PARANOIA_CHECK
1576        if (tty->driver->other &&
1577             !(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
1578                if (o_tty != tty->driver->other->ttys[idx]) {
1579                        printk(KERN_DEBUG "tty_release_dev: other->table[%d] "
1580                                          "not o_tty for (%s)\n",
1581                               idx, tty->name);
1582                        return;
1583                }
1584                if (o_tty->termios != tty->driver->other->termios[idx]) {
1585                        printk(KERN_DEBUG "tty_release_dev: other->termios[%d] "
1586                                          "not o_termios for (%s)\n",
1587                               idx, tty->name);
1588                        return;
1589                }
1590                if (o_tty->link != tty) {
1591                        printk(KERN_DEBUG "tty_release_dev: bad pty pointers\n");
1592                        return;
1593                }
1594        }
1595#endif
1596        if (tty->ops->close)
1597                tty->ops->close(tty, filp);
1598
1599        /*
1600         * Sanity check: if tty->count is going to zero, there shouldn't be
1601         * any waiters on tty->read_wait or tty->write_wait.  We test the
1602         * wait queues and kick everyone out _before_ actually starting to
1603         * close.  This ensures that we won't block while releasing the tty
1604         * structure.
1605         *
1606         * The test for the o_tty closing is necessary, since the master and
1607         * slave sides may close in any order.  If the slave side closes out
1608         * first, its count will be one, since the master side holds an open.
1609         * Thus this test wouldn't be triggered at the time the slave closes,
1610         * so we do it now.
1611         *
1612         * Note that it's possible for the tty to be opened again while we're
1613         * flushing out waiters.  By recalculating the closing flags before
1614         * each iteration we avoid any problems.
1615         */
1616        while (1) {
1617                /* Guard against races with tty->count changes elsewhere and
1618                   opens on /dev/tty */
1619
1620                mutex_lock(&tty_mutex);
1621                tty_closing = tty->count <= 1;
1622                o_tty_closing = o_tty &&
1623                        (o_tty->count <= (pty_master ? 1 : 0));
1624                do_sleep = 0;
1625
1626                if (tty_closing) {
1627                        if (waitqueue_active(&tty->read_wait)) {
1628                                wake_up(&tty->read_wait);
1629                                do_sleep++;
1630                        }
1631                        if (waitqueue_active(&tty->write_wait)) {
1632                                wake_up(&tty->write_wait);
1633                                do_sleep++;
1634                        }
1635                }
1636                if (o_tty_closing) {
1637                        if (waitqueue_active(&o_tty->read_wait)) {
1638                                wake_up(&o_tty->read_wait);
1639                                do_sleep++;
1640                        }
1641                        if (waitqueue_active(&o_tty->write_wait)) {
1642                                wake_up(&o_tty->write_wait);
1643                                do_sleep++;
1644                        }
1645                }
1646                if (!do_sleep)
1647                        break;
1648
1649                printk(KERN_WARNING "tty_release_dev: %s: read/write wait queue "
1650                                    "active!\n", tty_name(tty, buf));
1651                mutex_unlock(&tty_mutex);
1652                schedule();
1653        }
1654
1655        /*
1656         * The closing flags are now consistent with the open counts on
1657         * both sides, and we've completed the last operation that could
1658         * block, so it's safe to proceed with closing.
1659         */
1660        if (pty_master) {
1661                if (--o_tty->count < 0) {
1662                        printk(KERN_WARNING "tty_release_dev: bad pty slave count "
1663                                            "(%d) for %s\n",
1664                               o_tty->count, tty_name(o_tty, buf));
1665                        o_tty->count = 0;
1666                }
1667        }
1668        if (--tty->count < 0) {
1669                printk(KERN_WARNING "tty_release_dev: bad tty->count (%d) for %s\n",
1670                       tty->count, tty_name(tty, buf));
1671                tty->count = 0;
1672        }
1673
1674        /*
1675         * We've decremented tty->count, so we need to remove this file
1676         * descriptor off the tty->tty_files list; this serves two
1677         * purposes:
1678         *  - check_tty_count sees the correct number of file descriptors
1679         *    associated with this tty.
1680         *  - do_tty_hangup no longer sees this file descriptor as
1681         *    something that needs to be handled for hangups.
1682         */
1683        file_kill(filp);
1684        filp->private_data = NULL;
1685
1686        /*
1687         * Perform some housekeeping before deciding whether to return.
1688         *
1689         * Set the TTY_CLOSING flag if this was the last open.  In the
1690         * case of a pty we may have to wait around for the other side
1691         * to close, and TTY_CLOSING makes sure we can't be reopened.
1692         */
1693        if (tty_closing)
1694                set_bit(TTY_CLOSING, &tty->flags);
1695        if (o_tty_closing)
1696                set_bit(TTY_CLOSING, &o_tty->flags);
1697
1698        /*
1699         * If _either_ side is closing, make sure there aren't any
1700         * processes that still think tty or o_tty is their controlling
1701         * tty.
1702         */
1703        if (tty_closing || o_tty_closing) {
1704                read_lock(&tasklist_lock);
1705                session_clear_tty(tty->session);
1706                if (o_tty)
1707                        session_clear_tty(o_tty->session);
1708                read_unlock(&tasklist_lock);
1709        }
1710
1711        mutex_unlock(&tty_mutex);
1712
1713        /* check whether both sides are closing ... */
1714        if (!tty_closing || (o_tty && !o_tty_closing))
1715                return;
1716
1717#ifdef TTY_DEBUG_HANGUP
1718        printk(KERN_DEBUG "freeing tty structure...");
1719#endif
1720        /*
1721         * Ask the line discipline code to release its structures
1722         */
1723        tty_ldisc_release(tty, o_tty);
1724        /*
1725         * The release_tty function takes care of the details of clearing
1726         * the slots and preserving the termios structure.
1727         */
1728        release_tty(tty, idx);
1729
1730        /* Make this pty number available for reallocation */
1731        if (devpts)
1732                devpts_kill_index(inode, idx);
1733}
1734
1735/**
1736 *        __tty_open                -        open a tty device
1737 *        @inode: inode of device file
1738 *        @filp: file pointer to tty
1739 *
1740 *        tty_open and tty_release keep up the tty count that contains the
1741 *        number of opens done on a tty. We cannot use the inode-count, as
1742 *        different inodes might point to the same tty.
1743 *
1744 *        Open-counting is needed for pty masters, as well as for keeping
1745 *        track of serial lines: DTR is dropped when the last close happens.
1746 *        (This is not done solely through tty->count, now.  - Ted 1/27/92)
1747 *
1748 *        The termios state of a pty is reset on first open so that
1749 *        settings don't persist across reuse.
1750 *
1751 *        Locking: tty_mutex protects tty, get_tty_driver and tty_init_dev work.
1752 *                 tty->count should protect the rest.
1753 *                 ->siglock protects ->signal/->sighand
1754 */
1755
1756static int __tty_open(struct inode *inode, struct file *filp)
1757{
1758        struct tty_struct *tty = NULL;
1759        int noctty, retval;
1760        struct tty_driver *driver;
1761        int index;
1762        dev_t device = inode->i_rdev;
1763        unsigned short saved_flags = filp->f_flags;
1764
1765        nonseekable_open(inode, filp);
1766
1767retry_open:
1768        noctty = filp->f_flags & O_NOCTTY;
1769        index  = -1;
1770        retval = 0;
1771
1772        mutex_lock(&tty_mutex);
1773
1774        if (device == MKDEV(TTYAUX_MAJOR, 0)) {
1775                tty = get_current_tty();
1776                if (!tty) {
1777                        mutex_unlock(&tty_mutex);
1778                        return -ENXIO;
1779                }
1780                driver = tty_driver_kref_get(tty->driver);
1781                index = tty->index;
1782                filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
1783                /* noctty = 1; */
1784                /* FIXME: Should we take a driver reference ? */
1785                tty_kref_put(tty);
1786                goto got_driver;
1787        }
1788#ifdef CONFIG_VT
1789        if (device == MKDEV(TTY_MAJOR, 0)) {
1790                extern struct tty_driver *console_driver;
1791                driver = tty_driver_kref_get(console_driver);
1792                index = fg_console;
1793                noctty = 1;
1794                goto got_driver;
1795        }
1796#endif
1797        if (device == MKDEV(TTYAUX_MAJOR, 1)) {
1798                struct tty_driver *console_driver = console_device(&index);
1799                if (console_driver) {
1800                        driver = tty_driver_kref_get(console_driver);
1801                        if (driver) {
1802                                /* Don't let /dev/console block */
1803                                filp->f_flags |= O_NONBLOCK;
1804                                noctty = 1;
1805                                goto got_driver;
1806                        }
1807                }
1808                mutex_unlock(&tty_mutex);
1809                return -ENODEV;
1810        }
1811
1812        driver = get_tty_driver(device, &index);
1813        if (!driver) {
1814                mutex_unlock(&tty_mutex);
1815                return -ENODEV;
1816        }
1817got_driver:
1818        if (!tty) {
1819                /* check whether we're reopening an existing tty */
1820                tty = tty_driver_lookup_tty(driver, inode, index);
1821
1822                if (IS_ERR(tty))
1823                        return PTR_ERR(tty);
1824        }
1825
1826        if (tty) {
1827                retval = tty_reopen(tty);
1828                if (retval)
1829                        tty = ERR_PTR(retval);
1830        } else
1831                tty = tty_init_dev(driver, index, 0);
1832
1833        mutex_unlock(&tty_mutex);
1834        tty_driver_kref_put(driver);
1835        if (IS_ERR(tty))
1836                return PTR_ERR(tty);
1837
1838        filp->private_data = tty;
1839        file_move(filp, &tty->tty_files);
1840        check_tty_count(tty, "tty_open");
1841        if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1842            tty->driver->subtype == PTY_TYPE_MASTER)
1843                noctty = 1;
1844#ifdef TTY_DEBUG_HANGUP
1845        printk(KERN_DEBUG "opening %s...", tty->name);
1846#endif
1847        if (!retval) {
1848                if (tty->ops->open)
1849                        retval = tty->ops->open(tty, filp);
1850                else
1851                        retval = -ENODEV;
1852        }
1853        filp->f_flags = saved_flags;
1854
1855        if (!retval && test_bit(TTY_EXCLUSIVE, &tty->flags) &&
1856                                                !capable(CAP_SYS_ADMIN))
1857                retval = -EBUSY;
1858
1859        if (retval) {
1860#ifdef TTY_DEBUG_HANGUP
1861                printk(KERN_DEBUG "error %d in opening %s...", retval,
1862                       tty->name);
1863#endif
1864                tty_release_dev(filp);
1865                if (retval != -ERESTARTSYS)
1866                        return retval;
1867                if (signal_pending(current))
1868                        return retval;
1869                schedule();
1870                /*
1871                 * Need to reset f_op in case a hangup happened.
1872                 */
1873                if (filp->f_op == &hung_up_tty_fops)
1874                        filp->f_op = &tty_fops;
1875                goto retry_open;
1876        }
1877
1878        mutex_lock(&tty_mutex);
1879        spin_lock_irq(&current->sighand->siglock);
1880        if (!noctty &&
1881            current->signal->leader &&
1882            !current->signal->tty &&
1883            tty->session == NULL)
1884                __proc_set_tty(current, tty);
1885        spin_unlock_irq(&current->sighand->siglock);
1886        mutex_unlock(&tty_mutex);
1887        return 0;
1888}
1889
1890/* BKL pushdown: scary code avoidance wrapper */
1891static int tty_open(struct inode *inode, struct file *filp)
1892{
1893        int ret;
1894
1895        lock_kernel();
1896        ret = __tty_open(inode, filp);
1897        unlock_kernel();
1898        return ret;
1899}
1900
1901
1902
1903
1904/**
1905 *        tty_release                -        vfs callback for close
1906 *        @inode: inode of tty
1907 *        @filp: file pointer for handle to tty
1908 *
1909 *        Called the last time each file handle is closed that references
1910 *        this tty. There may however be several such references.
1911 *
1912 *        Locking:
1913 *                Takes bkl. See tty_release_dev
1914 */
1915
1916static int tty_release(struct inode *inode, struct file *filp)
1917{
1918        lock_kernel();
1919        tty_release_dev(filp);
1920        unlock_kernel();
1921        return 0;
1922}
1923
1924/**
1925 *        tty_poll        -        check tty status
1926 *        @filp: file being polled
1927 *        @wait: poll wait structures to update
1928 *
1929 *        Call the line discipline polling method to obtain the poll
1930 *        status of the device.
1931 *
1932 *        Locking: locks called line discipline but ldisc poll method
1933 *        may be re-entered freely by other callers.
1934 */
1935
1936static unsigned int tty_poll(struct file *filp, poll_table *wait)
1937{
1938        struct tty_struct *tty;
1939        struct tty_ldisc *ld;
1940        int ret = 0;
1941
1942        tty = (struct tty_struct *)filp->private_data;
1943        if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_poll"))
1944                return 0;
1945
1946        ld = tty_ldisc_ref_wait(tty);
1947        if (ld->ops->poll)
1948                ret = (ld->ops->poll)(tty, filp, wait);
1949        tty_ldisc_deref(ld);
1950        return ret;
1951}
1952
1953static int tty_fasync(int fd, struct file *filp, int on)
1954{
1955        struct tty_struct *tty;
1956        unsigned long flags;
1957        int retval = 0;
1958
1959        lock_kernel();
1960        tty = (struct tty_struct *)filp->private_data;
1961        if (tty_paranoia_check(tty, filp->f_path.dentry->d_inode, "tty_fasync"))
1962                goto out;
1963
1964        retval = fasync_helper(fd, filp, on, &tty->fasync);
1965        if (retval <= 0)
1966                goto out;
1967
1968        if (on) {
1969                enum pid_type type;
1970                struct pid *pid;
1971                if (!waitqueue_active(&tty->read_wait))
1972                        tty->minimum_to_wake = 1;
1973                spin_lock_irqsave(&tty->ctrl_lock, flags);
1974                if (tty->pgrp) {
1975                        pid = tty->pgrp;
1976                        type = PIDTYPE_PGID;
1977                } else {
1978                        pid = task_pid(current);
1979                        type = PIDTYPE_PID;
1980                }
1981                spin_unlock_irqrestore(&tty->ctrl_lock, flags);
1982                retval = __f_setown(filp, pid, type, 0);
1983                if (retval)
1984                        goto out;
1985        } else {
1986                if (!tty->fasync && !waitqueue_active(&tty->read_wait))
1987                        tty->minimum_to_wake = N_TTY_BUF_SIZE;
1988        }
1989        retval = 0;
1990out:
1991        unlock_kernel();
1992        return retval;
1993}
1994
1995/**
1996 *        tiocsti                        -        fake input character
1997 *        @tty: tty to fake input into
1998 *        @p: pointer to character
1999 *
2000 *        Fake input to a tty device. Does the necessary locking and
2001 *        input management.
2002 *
2003 *        FIXME: does not honour flow control ??
2004 *
2005 *        Locking:
2006 *                Called functions take tty_ldisc_lock
2007 *                current->signal->tty check is safe without locks
2008 *
2009 *        FIXME: may race normal receive processing
2010 */
2011
2012static int tiocsti(struct tty_struct *tty, char __user *p)
2013{
2014        char ch, mbz = 0;
2015        struct tty_ldisc *ld;
2016
2017        if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2018                return -EPERM;
2019        if (get_user(ch, p))
2020                return -EFAULT;
2021        ld = tty_ldisc_ref_wait(tty);
2022        ld->ops->receive_buf(tty, &ch, &mbz, 1);
2023        tty_ldisc_deref(ld);
2024        return 0;
2025}
2026
2027/**
2028 *        tiocgwinsz                -        implement window query ioctl
2029 *        @tty; tty
2030 *        @arg: user buffer for result
2031 *
2032 *        Copies the kernel idea of the window size into the user buffer.
2033 *
2034 *        Locking: tty->termios_mutex is taken to ensure the winsize data
2035 *                is consistent.
2036 */
2037
2038static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2039{
2040        int err;
2041
2042        mutex_lock(&tty->termios_mutex);
2043        err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2044        mutex_unlock(&tty->termios_mutex);
2045
2046        return err ? -EFAULT: 0;
2047}
2048
2049/**
2050 *        tty_do_resize                -        resize event
2051 *        @tty: tty being resized
2052 *        @real_tty: real tty (not the same as tty if using a pty/tty pair)
2053 *        @rows: rows (character)
2054 *        @cols: cols (character)
2055 *
2056 *        Update the termios variables and send the neccessary signals to
2057 *        peform a terminal resize correctly
2058 */
2059
2060int tty_do_resize(struct tty_struct *tty, struct tty_struct *real_tty,
2061                                        struct winsize *ws)
2062{
2063        struct pid *pgrp, *rpgrp;
2064        unsigned long flags;
2065
2066        /* For a PTY we need to lock the tty side */
2067        mutex_lock(&real_tty->termios_mutex);
2068        if (!memcmp(ws, &real_tty->winsize, sizeof(*ws)))
2069                goto done;
2070        /* Get the PID values and reference them so we can
2071           avoid holding the tty ctrl lock while sending signals */
2072        spin_lock_irqsave(&tty->ctrl_lock, flags);
2073        pgrp = get_pid(tty->pgrp);
2074        rpgrp = get_pid(real_tty->pgrp);
2075        spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2076
2077        if (pgrp)
2078                kill_pgrp(pgrp, SIGWINCH, 1);
2079        if (rpgrp != pgrp && rpgrp)
2080                kill_pgrp(rpgrp, SIGWINCH, 1);
2081
2082        put_pid(pgrp);
2083        put_pid(rpgrp);
2084
2085        tty->winsize = *ws;
2086        real_tty->winsize = *ws;
2087done:
2088        mutex_unlock(&real_tty->termios_mutex);
2089        return 0;
2090}
2091
2092/**
2093 *        tiocswinsz                -        implement window size set ioctl
2094 *        @tty; tty
2095 *        @arg: user buffer for result
2096 *
2097 *        Copies the user idea of the window size to the kernel. Traditionally
2098 *        this is just advisory information but for the Linux console it
2099 *        actually has driver level meaning and triggers a VC resize.
2100 *
2101 *        Locking:
2102 *                Driver dependant. The default do_resize method takes the
2103 *        tty termios mutex and ctrl_lock. The console takes its own lock
2104 *        then calls into the default method.
2105 */
2106
2107static int tiocswinsz(struct tty_struct *tty, struct tty_struct *real_tty,
2108        struct winsize __user *arg)
2109{
2110        struct winsize tmp_ws;
2111        if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2112                return -EFAULT;
2113
2114        if (tty->ops->resize)
2115                return tty->ops->resize(tty, real_tty, &tmp_ws);
2116        else
2117                return tty_do_resize(tty, real_tty, &tmp_ws);
2118}
2119
2120/**
2121 *        tioccons        -        allow admin to move logical console
2122 *        @file: the file to become console
2123 *
2124 *        Allow the adminstrator to move the redirected console device
2125 *
2126 *        Locking: uses redirect_lock to guard the redirect information
2127 */
2128
2129static int tioccons(struct file *file)
2130{
2131        if (!capable(CAP_SYS_ADMIN))
2132                return -EPERM;
2133        if (file->f_op->write == redirected_tty_write) {
2134                struct file *f;
2135                spin_lock(&redirect_lock);
2136                f = redirect;
2137                redirect = NULL;
2138                spin_unlock(&redirect_lock);
2139                if (f)
2140                        fput(f);
2141                return 0;
2142        }
2143        spin_lock(&redirect_lock);
2144        if (redirect) {
2145                spin_unlock(&redirect_lock);
2146                return -EBUSY;
2147        }
2148        get_file(file);
2149        redirect = file;
2150        spin_unlock(&redirect_lock);
2151        return 0;
2152}
2153
2154/**
2155 *        fionbio                -        non blocking ioctl
2156 *        @file: file to set blocking value
2157 *        @p: user parameter
2158 *
2159 *        Historical tty interfaces had a blocking control ioctl before
2160 *        the generic functionality existed. This piece of history is preserved
2161 *        in the expected tty API of posix OS's.
2162 *
2163 *        Locking: none, the open fle handle ensures it won't go away.
2164 */
2165
2166static int fionbio(struct file *file, int __user *p)
2167{
2168        int nonblock;
2169
2170        if (get_user(nonblock, p))
2171                return -EFAULT;
2172
2173        /* file->f_flags is still BKL protected in the fs layer - vomit */
2174        lock_kernel();
2175        if (nonblock)
2176                file->f_flags |= O_NONBLOCK;
2177        else
2178                file->f_flags &= ~O_NONBLOCK;
2179        unlock_kernel();
2180        return 0;
2181}
2182
2183/**
2184 *        tiocsctty        -        set controlling tty
2185 *        @tty: tty structure
2186 *        @arg: user argument
2187 *
2188 *        This ioctl is used to manage job control. It permits a session
2189 *        leader to set this tty as the controlling tty for the session.
2190 *
2191 *        Locking:
2192 *                Takes tty_mutex() to protect tty instance
2193 *                Takes tasklist_lock internally to walk sessions
2194 *                Takes ->siglock() when updating signal->tty
2195 */
2196
2197static int tiocsctty(struct tty_struct *tty, int arg)
2198{
2199        int ret = 0;
2200        if (current->signal->leader && (task_session(current) == tty->session))
2201                return ret;
2202
2203        mutex_lock(&tty_mutex);
2204        /*
2205         * The process must be a session leader and
2206         * not have a controlling tty already.
2207         */
2208        if (!current->signal->leader || current->signal->tty) {
2209                ret = -EPERM;
2210                goto unlock;
2211        }
2212
2213        if (tty->session) {
2214                /*
2215                 * This tty is already the controlling
2216                 * tty for another session group!
2217                 */
2218                if (arg == 1 && capable(CAP_SYS_ADMIN)) {
2219                        /*
2220                         * Steal it away
2221                         */
2222                        read_lock(&tasklist_lock);
2223                        session_clear_tty(tty->session);
2224                        read_unlock(&tasklist_lock);
2225                } else {
2226                        ret = -EPERM;
2227                        goto unlock;
2228                }
2229        }
2230        proc_set_tty(current, tty);
2231unlock:
2232        mutex_unlock(&tty_mutex);
2233        return ret;
2234}
2235
2236/**
2237 *        tty_get_pgrp        -        return a ref counted pgrp pid
2238 *        @tty: tty to read
2239 *
2240 *        Returns a refcounted instance of the pid struct for the process
2241 *        group controlling the tty.
2242 */
2243
2244struct pid *tty_get_pgrp(struct tty_struct *tty)
2245{
2246        unsigned long flags;
2247        struct pid *pgrp;
2248
2249        spin_lock_irqsave(&tty->ctrl_lock, flags);
2250        pgrp = get_pid(tty->pgrp);
2251        spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2252
2253        return pgrp;
2254}
2255EXPORT_SYMBOL_GPL(tty_get_pgrp);
2256
2257/**
2258 *        tiocgpgrp                -        get process group
2259 *        @tty: tty passed by user
2260 *        @real_tty: tty side of the tty pased by the user if a pty else the tty
2261 *        @p: returned pid
2262 *
2263 *        Obtain the process group of the tty. If there is no process group
2264 *        return an error.
2265 *
2266 *        Locking: none. Reference to current->signal->tty is safe.
2267 */
2268
2269static int tiocgpgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2270{
2271        struct pid *pid;
2272        int ret;
2273        /*
2274         * (tty == real_tty) is a cheap way of
2275         * testing if the tty is NOT a master pty.
2276         */
2277        if (tty == real_tty && current->signal->tty != real_tty)
2278                return -ENOTTY;
2279        pid = tty_get_pgrp(real_tty);
2280        ret =  put_user(pid_vnr(pid), p);
2281        put_pid(pid);
2282        return ret;
2283}
2284
2285/**
2286 *        tiocspgrp                -        attempt to set process group
2287 *        @tty: tty passed by user
2288 *        @real_tty: tty side device matching tty passed by user
2289 *        @p: pid pointer
2290 *
2291 *        Set the process group of the tty to the session passed. Only
2292 *        permitted where the tty session is our session.
2293 *
2294 *        Locking: RCU, ctrl lock
2295 */
2296
2297static int tiocspgrp(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2298{
2299        struct pid *pgrp;
2300        pid_t pgrp_nr;
2301        int retval = tty_check_change(real_tty);
2302        unsigned long flags;
2303
2304        if (retval == -EIO)
2305                return -ENOTTY;
2306        if (retval)
2307                return retval;
2308        if (!current->signal->tty ||
2309            (current->signal->tty != real_tty) ||
2310            (real_tty->session != task_session(current)))
2311                return -ENOTTY;
2312        if (get_user(pgrp_nr, p))
2313                return -EFAULT;
2314        if (pgrp_nr < 0)
2315                return -EINVAL;
2316        rcu_read_lock();
2317        pgrp = find_vpid(pgrp_nr);
2318        retval = -ESRCH;
2319        if (!pgrp)
2320                goto out_unlock;
2321        retval = -EPERM;
2322        if (session_of_pgrp(pgrp) != task_session(current))
2323                goto out_unlock;
2324        retval = 0;
2325        spin_lock_irqsave(&tty->ctrl_lock, flags);
2326        put_pid(real_tty->pgrp);
2327        real_tty->pgrp = get_pid(pgrp);
2328        spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2329out_unlock:
2330        rcu_read_unlock();
2331        return retval;
2332}
2333
2334/**
2335 *        tiocgsid                -        get session id
2336 *        @tty: tty passed by user
2337 *        @real_tty: tty side of the tty pased by the user if a pty else the tty
2338 *        @p: pointer to returned session id
2339 *
2340 *        Obtain the session id of the tty. If there is no session
2341 *        return an error.
2342 *
2343 *        Locking: none. Reference to current->signal->tty is safe.
2344 */
2345
2346static int tiocgsid(struct tty_struct *tty, struct tty_struct *real_tty, pid_t __user *p)
2347{
2348        /*
2349         * (tty == real_tty) is a cheap way of
2350         * testing if the tty is NOT a master pty.
2351        */
2352        if (tty == real_tty && current->signal->tty != real_tty)
2353                return -ENOTTY;
2354        if (!real_tty->session)
2355                return -ENOTTY;
2356        return put_user(pid_vnr(real_tty->session), p);
2357}
2358
2359/**
2360 *        tiocsetd        -        set line discipline
2361 *        @tty: tty device
2362 *        @p: pointer to user data
2363 *
2364 *        Set the line discipline according to user request.
2365 *
2366 *        Locking: see tty_set_ldisc, this function is just a helper
2367 */
2368
2369static int tiocsetd(struct tty_struct *tty, int __user *p)
2370{
2371        int ldisc;
2372        int ret;
2373
2374        if (get_user(ldisc, p))
2375                return -EFAULT;
2376
2377        lock_kernel();
2378        ret = tty_set_ldisc(tty, ldisc);
2379        unlock_kernel();
2380
2381        return ret;
2382}
2383
2384/**
2385 *        send_break        -        performed time break
2386 *        @tty: device to break on
2387 *        @duration: timeout in mS
2388 *
2389 *        Perform a timed break on hardware that lacks its own driver level
2390 *        timed break functionality.
2391 *
2392 *        Locking:
2393 *                atomic_write_lock serializes
2394 *
2395 */
2396
2397static int send_break(struct tty_struct *tty, unsigned int duration)
2398{
2399        int retval;
2400
2401        if (tty->ops->break_ctl == NULL)
2402                return 0;
2403
2404        if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
2405                retval = tty->ops->break_ctl(tty, duration);
2406        else {
2407                /* Do the work ourselves */
2408                if (tty_write_lock(tty, 0) < 0)
2409                        return -EINTR;
2410                retval = tty->ops->break_ctl(tty, -1);
2411                if (retval)
2412                        goto out;
2413                if (!signal_pending(current))
2414                        msleep_interruptible(duration);
2415                retval = tty->ops->break_ctl(tty, 0);
2416out:
2417                tty_write_unlock(tty);
2418                if (signal_pending(current))
2419                        retval = -EINTR;
2420        }
2421        return retval;
2422}
2423
2424/**
2425 *        tty_tiocmget                -        get modem status
2426 *        @tty: tty device
2427 *        @file: user file pointer
2428 *        @p: pointer to result
2429 *
2430 *        Obtain the modem status bits from the tty driver if the feature
2431 *        is supported. Return -EINVAL if it is not available.
2432 *
2433 *        Locking: none (up to the driver)
2434 */
2435
2436static int tty_tiocmget(struct tty_struct *tty, struct file *file, int __user *p)
2437{
2438        int retval = -EINVAL;
2439
2440        if (tty->ops->tiocmget) {
2441                retval = tty->ops->tiocmget(tty, file);
2442
2443                if (retval >= 0)
2444                        retval = put_user(retval, p);
2445        }
2446        return retval;
2447}
2448
2449/**
2450 *        tty_tiocmset                -        set modem status
2451 *        @tty: tty device
2452 *        @file: user file pointer
2453 *        @cmd: command - clear bits, set bits or set all
2454 *        @p: pointer to desired bits
2455 *
2456 *        Set the modem status bits from the tty driver if the feature
2457 *        is supported. Return -EINVAL if it is not available.
2458 *
2459 *        Locking: none (up to the driver)
2460 */
2461
2462static int tty_tiocmset(struct tty_struct *tty, struct file *file, unsigned int cmd,
2463             unsigned __user *p)
2464{
2465        int retval;
2466        unsigned int set, clear, val;
2467
2468        if (tty->ops->tiocmset == NULL)
2469                return -EINVAL;
2470
2471        retval = get_user(val, p);
2472        if (retval)
2473                return retval;
2474        set = clear = 0;
2475        switch (cmd) {
2476        case TIOCMBIS:
2477                set = val;
2478                break;
2479        case TIOCMBIC:
2480                clear = val;
2481                break;
2482        case TIOCMSET:
2483                set = val;
2484                clear = ~val;
2485                break;
2486        }
2487        set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2488        clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2489        return tty->ops->tiocmset(tty, file, set, clear);
2490}
2491
2492/*
2493 * Split this up, as gcc can choke on it otherwise..
2494 */
2495long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2496{
2497        struct tty_struct *tty, *real_tty;
2498        void __user *p = (void __user *)arg;
2499        int retval;
2500        struct tty_ldisc *ld;
2501        struct inode *inode = file->f_dentry->d_inode;
2502
2503        tty = (struct tty_struct *)file->private_data;
2504        if (tty_paranoia_check(tty, inode, "tty_ioctl"))
2505                return -EINVAL;
2506
2507        real_tty = tty;
2508        if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2509            tty->driver->subtype == PTY_TYPE_MASTER)
2510                real_tty = tty->link;
2511
2512
2513        /*
2514         * Factor out some common prep work
2515         */
2516        switch (cmd) {
2517        case TIOCSETD:
2518        case TIOCSBRK:
2519        case TIOCCBRK:
2520        case TCSBRK:
2521        case TCSBRKP:
2522                retval = tty_check_change(tty);
2523                if (retval)
2524                        return retval;
2525                if (cmd != TIOCCBRK) {
2526                        tty_wait_until_sent(tty, 0);
2527                        if (signal_pending(current))
2528                                return -EINTR;
2529                }
2530                break;
2531        }
2532
2533        /*
2534         *        Now do the stuff.
2535         */
2536        switch (cmd) {
2537        case TIOCSTI:
2538                return tiocsti(tty, p);
2539        case TIOCGWINSZ:
2540                return tiocgwinsz(real_tty, p);
2541        case TIOCSWINSZ:
2542                return tiocswinsz(tty, real_tty, p);
2543        case TIOCCONS:
2544                return real_tty != tty ? -EINVAL : tioccons(file);
2545        case FIONBIO:
2546                return fionbio(file, p);
2547        case TIOCEXCL:
2548                set_bit(TTY_EXCLUSIVE, &tty->flags);
2549                return 0;
2550        case TIOCNXCL:
2551                clear_bit(TTY_EXCLUSIVE, &tty->flags);
2552                return 0;
2553        case TIOCNOTTY:
2554                if (current->signal->tty != tty)
2555                        return -ENOTTY;
2556                no_tty();
2557                return 0;
2558        case TIOCSCTTY:
2559                return tiocsctty(tty, arg);
2560        case TIOCGPGRP:
2561                return tiocgpgrp(tty, real_tty, p);
2562        case TIOCSPGRP:
2563                return tiocspgrp(tty, real_tty, p);
2564        case TIOCGSID:
2565                return tiocgsid(tty, real_tty, p);
2566        case TIOCGETD:
2567                return put_user(tty->ldisc.ops->num, (int __user *)p);
2568        case TIOCSETD:
2569                return tiocsetd(tty, p);
2570        /*
2571         * Break handling
2572         */
2573        case TIOCSBRK:        /* Turn break on, unconditionally */
2574                if (tty->ops->break_ctl)
2575                        return tty->ops->break_ctl(tty, -1);
2576                return 0;
2577        case TIOCCBRK:        /* Turn break off, unconditionally */
2578                if (tty->ops->break_ctl)
2579                        return tty->ops->break_ctl(tty, 0);
2580                return 0;
2581        case TCSBRK:   /* SVID version: non-zero arg --> no break */
2582                /* non-zero arg means wait for all output data
2583                 * to be sent (performed above) but don't send break.
2584                 * This is used by the tcdrain() termios function.
2585                 */
2586                if (!arg)
2587                        return send_break(tty, 250);
2588                return 0;
2589        case TCSBRKP:        /* support for POSIX tcsendbreak() */
2590                return send_break(tty, arg ? arg*100 : 250);
2591
2592        case TIOCMGET:
2593                return tty_tiocmget(tty, file, p);
2594        case TIOCMSET:
2595        case TIOCMBIC:
2596        case TIOCMBIS:
2597                return tty_tiocmset(tty, file, cmd, p);
2598        case TCFLSH:
2599                switch (arg) {
2600                case TCIFLUSH:
2601                case TCIOFLUSH:
2602                /* flush tty buffer and allow ldisc to process ioctl */
2603                        tty_buffer_flush(tty);
2604                        break;
2605                }
2606                break;
2607        }
2608        if (tty->ops->ioctl) {
2609                retval = (tty->ops->ioctl)(tty, file, cmd, arg);
2610                if (retval != -ENOIOCTLCMD)
2611                        return retval;
2612        }
2613        ld = tty_ldisc_ref_wait(tty);
2614        retval = -EINVAL;
2615        if (ld->ops->ioctl) {
2616                retval = ld->ops->ioctl(tty, file, cmd, arg);
2617                if (retval == -ENOIOCTLCMD)
2618                        retval = -EINVAL;
2619        }
2620        tty_ldisc_deref(ld);
2621        return retval;
2622}
2623
2624#ifdef CONFIG_COMPAT
2625static long tty_compat_ioctl(struct file *file, unsigned int cmd,
2626                                unsigned long arg)
2627{
2628        struct inode *inode = file->f_dentry->d_inode;
2629        struct tty_struct *tty = file->private_data;
2630        struct tty_ldisc *ld;
2631        int retval = -ENOIOCTLCMD;
2632
2633        if (tty_paranoia_check(tty, inode, "tty_ioctl"))
2634                return -EINVAL;
2635
2636        if (tty->ops->compat_ioctl) {
2637                retval = (tty->ops->compat_ioctl)(tty, file, cmd, arg);
2638                if (retval != -ENOIOCTLCMD)
2639                        return retval;
2640        }
2641
2642        ld = tty_ldisc_ref_wait(tty);
2643        if (ld->ops->compat_ioctl)
2644                retval = ld->ops->compat_ioctl(tty, file, cmd, arg);
2645        tty_ldisc_deref(ld);
2646
2647        return retval;
2648}
2649#endif
2650
2651/*
2652 * This implements the "Secure Attention Key" ---  the idea is to
2653 * prevent trojan horses by killing all processes associated with this
2654 * tty when the user hits the "Secure Attention Key".  Required for
2655 * super-paranoid applications --- see the Orange Book for more details.
2656 *
2657 * This code could be nicer; ideally it should send a HUP, wait a few
2658 * seconds, then send a INT, and then a KILL signal.  But you then
2659 * have to coordinate with the init process, since all processes associated
2660 * with the current tty must be dead before the new getty is allowed
2661 * to spawn.
2662 *
2663 * Now, if it would be correct ;-/ The current code has a nasty hole -
2664 * it doesn't catch files in flight. We may send the descriptor to ourselves
2665 * via AF_UNIX socket, close it and later fetch from socket. FIXME.
2666 *
2667 * Nasty bug: do_SAK is being called in interrupt context.  This can
2668 * deadlock.  We punt it up to process context.  AKPM - 16Mar2001
2669 */
2670void __do_SAK(struct tty_struct *tty)
2671{
2672#ifdef TTY_SOFT_SAK
2673        tty_hangup(tty);
2674#else
2675        struct task_struct *g, *p;
2676        struct pid *session;
2677        int                i;
2678        struct file        *filp;
2679        struct fdtable *fdt;
2680
2681        if (!tty)
2682                return;
2683        session = tty->session;
2684
2685        tty_ldisc_flush(tty);
2686
2687        tty_driver_flush_buffer(tty);
2688
2689        read_lock(&tasklist_lock);
2690        /* Kill the entire session */
2691        do_each_pid_task(session, PIDTYPE_SID, p) {
2692                printk(KERN_NOTICE "SAK: killed process %d"
2693                        " (%s): task_session_nr(p)==tty->session\n",
2694                        task_pid_nr(p), p->comm);
2695                send_sig(SIGKILL, p, 1);
2696        } while_each_pid_task(session, PIDTYPE_SID, p);
2697        /* Now kill any processes that happen to have the
2698         * tty open.
2699         */
2700        do_each_thread(g, p) {
2701                if (p->signal->tty == tty) {
2702                        printk(KERN_NOTICE "SAK: killed process %d"
2703                            " (%s): task_session_nr(p)==tty->session\n",
2704                            task_pid_nr(p), p->comm);
2705                        send_sig(SIGKILL, p, 1);
2706                        continue;
2707                }
2708                task_lock(p);
2709                if (p->files) {
2710                        /*
2711                         * We don't take a ref to the file, so we must
2712                         * hold ->file_lock instead.
2713                         */
2714                        spin_lock(&p->files->file_lock);
2715                        fdt = files_fdtable(p->files);
2716                        for (i = 0; i < fdt->max_fds; i++) {
2717                                filp = fcheck_files(p->files, i);
2718                                if (!filp)
2719                                        continue;
2720                                if (filp->f_op->read == tty_read &&
2721                                    filp->private_data == tty) {
2722                                        printk(KERN_NOTICE "SAK: killed process %d"
2723                                            " (%s): fd#%d opened to the tty\n",
2724                                            task_pid_nr(p), p->comm, i);
2725                                        force_sig(SIGKILL, p);
2726                                        break;
2727                                }
2728                        }
2729                        spin_unlock(&p->files->file_lock);
2730                }
2731                task_unlock(p);
2732        } while_each_thread(g, p);
2733        read_unlock(&tasklist_lock);
2734#endif
2735}
2736
2737static void do_SAK_work(struct work_struct *work)
2738{
2739        struct tty_struct *tty =
2740                container_of(work, struct tty_struct, SAK_work);
2741        __do_SAK(tty);
2742}
2743
2744/*
2745 * The tq handling here is a little racy - tty->SAK_work may already be queued.
2746 * Fortunately we don't need to worry, because if ->SAK_work is already queued,
2747 * the values which we write to it will be identical to the values which it
2748 * already has. --akpm
2749 */
2750void do_SAK(struct tty_struct *tty)
2751{
2752        if (!tty)
2753                return;
2754        schedule_work(&tty->SAK_work);
2755}
2756
2757EXPORT_SYMBOL(do_SAK);
2758
2759/**
2760 *        initialize_tty_struct
2761 *        @tty: tty to initialize
2762 *
2763 *        This subroutine initializes a tty structure that has been newly
2764 *        allocated.
2765 *
2766 *        Locking: none - tty in question must not be exposed at this point
2767 */
2768
2769void initialize_tty_struct(struct tty_struct *tty,
2770                struct tty_driver *driver, int idx)
2771{
2772        memset(tty, 0, sizeof(struct tty_struct));
2773        kref_init(&tty->kref);
2774        tty->magic = TTY_MAGIC;
2775        tty_ldisc_init(tty);
2776        tty->session = NULL;
2777        tty->pgrp = NULL;
2778        tty->overrun_time = jiffies;
2779        tty->buf.head = tty->buf.tail = NULL;
2780        tty_buffer_init(tty);
2781        mutex_init(&tty->termios_mutex);
2782        init_waitqueue_head(&tty->write_wait);
2783        init_waitqueue_head(&tty->read_wait);
2784        INIT_WORK(&tty->hangup_work, do_tty_hangup);
2785        mutex_init(&tty->atomic_read_lock);
2786        mutex_init(&tty->atomic_write_lock);
2787        spin_lock_init(&tty->read_lock);
2788        spin_lock_init(&tty->ctrl_lock);
2789        INIT_LIST_HEAD(&tty->tty_files);
2790        INIT_WORK(&tty->SAK_work, do_SAK_work);
2791
2792        tty->driver = driver;
2793        tty->ops = driver->ops;
2794        tty->index = idx;
2795        tty_line_name(driver, idx, tty->name);
2796}
2797
2798/**
2799 *        tty_put_char        -        write one character to a tty
2800 *        @tty: tty
2801 *        @ch: character
2802 *
2803 *        Write one byte to the tty using the provided put_char method
2804 *        if present. Returns the number of characters successfully output.
2805 *
2806 *        Note: the specific put_char operation in the driver layer may go
2807 *        away soon. Don't call it directly, use this method
2808 */
2809
2810int tty_put_char(struct tty_struct *tty, unsigned char ch)
2811{
2812        if (tty->ops->put_char)
2813                return tty->ops->put_char(tty, ch);
2814        return tty->ops->write(tty, &ch, 1);
2815}
2816EXPORT_SYMBOL_GPL(tty_put_char);
2817
2818struct class *tty_class;
2819
2820/**
2821 *        tty_register_device - register a tty device
2822 *        @driver: the tty driver that describes the tty device
2823 *        @index: the index in the tty driver for this tty device
2824 *        @device: a struct device that is associated with this tty device.
2825 *                This field is optional, if there is no known struct device
2826 *                for this tty device it can be set to NULL safely.
2827 *
2828 *        Returns a pointer to the struct device for this tty device
2829 *        (or ERR_PTR(-EFOO) on error).
2830 *
2831 *        This call is required to be made to register an individual tty device
2832 *        if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set.  If
2833 *        that bit is not set, this function should not be called by a tty
2834 *        driver.
2835 *
2836 *        Locking: ??
2837 */
2838
2839struct device *tty_register_device(struct tty_driver *driver, unsigned index,
2840                                   struct device *device)
2841{
2842        char name[64];
2843        dev_t dev = MKDEV(driver->major, driver->minor_start) + index;
2844
2845        if (index >= driver->num) {
2846                printk(KERN_ERR "Attempt to register invalid tty line number "
2847                       " (%d).\n", index);
2848                return ERR_PTR(-EINVAL);
2849        }
2850
2851        if (driver->type == TTY_DRIVER_TYPE_PTY)
2852                pty_line_name(driver, index, name);
2853        else
2854                tty_line_name(driver, index, name);
2855
2856        return device_create(tty_class, device, dev, NULL, name);
2857}
2858EXPORT_SYMBOL(tty_register_device);
2859
2860/**
2861 *         tty_unregister_device - unregister a tty device
2862 *         @driver: the tty driver that describes the tty device
2863 *         @index: the index in the tty driver for this tty device
2864 *
2865 *         If a tty device is registered with a call to tty_register_device() then
2866 *        this function must be called when the tty device is gone.
2867 *
2868 *        Locking: ??
2869 */
2870
2871void tty_unregister_device(struct tty_driver *driver, unsigned index)
2872{
2873        device_destroy(tty_class,
2874                MKDEV(driver->major, driver->minor_start) + index);
2875}
2876EXPORT_SYMBOL(tty_unregister_device);
2877
2878struct tty_driver *alloc_tty_driver(int lines)
2879{
2880        struct tty_driver *driver;
2881
2882        driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL);
2883        if (driver) {
2884                kref_init(&driver->kref);
2885                driver->magic = TTY_DRIVER_MAGIC;
2886                driver->num = lines;
2887                /* later we'll move allocation of tables here */
2888        }
2889        return driver;
2890}
2891EXPORT_SYMBOL(alloc_tty_driver);
2892
2893static void destruct_tty_driver(struct kref *kref)
2894{
2895        struct tty_driver *driver = container_of(kref, struct tty_driver, kref);
2896        int i;
2897        struct ktermios *tp;
2898        void *p;
2899
2900        if (driver->flags & TTY_DRIVER_INSTALLED) {
2901                /*
2902                 * Free the termios and termios_locked structures because
2903                 * we don't want to get memory leaks when modular tty
2904                 * drivers are removed from the kernel.
2905                 */
2906                for (i = 0; i < driver->num; i++) {
2907                        tp = driver->termios[i];
2908                        if (tp) {
2909                                driver->termios[i] = NULL;
2910                                kfree(tp);
2911                        }
2912                        if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
2913                                tty_unregister_device(driver, i);
2914                }
2915                p = driver->ttys;
2916                proc_tty_unregister_driver(driver);
2917                driver->ttys = NULL;
2918                driver->termios = NULL;
2919                kfree(p);
2920                cdev_del(&driver->cdev);
2921        }
2922        kfree(driver);
2923}
2924
2925void tty_driver_kref_put(struct tty_driver *driver)
2926{
2927        kref_put(&driver->kref, destruct_tty_driver);
2928}
2929EXPORT_SYMBOL(tty_driver_kref_put);
2930
2931void tty_set_operations(struct tty_driver *driver,
2932                        const struct tty_operations *op)
2933{
2934        driver->ops = op;
2935};
2936EXPORT_SYMBOL(tty_set_operations);
2937
2938void put_tty_driver(struct tty_driver *d)
2939{
2940        tty_driver_kref_put(d);
2941}
2942EXPORT_SYMBOL(put_tty_driver);
2943
2944/*
2945 * Called by a tty driver to register itself.
2946 */
2947int tty_register_driver(struct tty_driver *driver)
2948{
2949        int error;
2950        int i;
2951        dev_t dev;
2952        void **p = NULL;
2953
2954        if (!(driver->flags & TTY_DRIVER_DEVPTS_MEM) && driver->num) {
2955                p = kzalloc(driver->num * 2 * sizeof(void *), GFP_KERNEL);
2956                if (!p)
2957                        return -ENOMEM;
2958        }
2959
2960        if (!driver->major) {
2961                error = alloc_chrdev_region(&dev, driver->minor_start,
2962                                                driver->num, driver->name);
2963                if (!error) {
2964                        driver->major = MAJOR(dev);
2965                        driver->minor_start = MINOR(dev);
2966                }
2967        } else {
2968                dev = MKDEV(driver->major, driver->minor_start);
2969                error = register_chrdev_region(dev, driver->num, driver->name);
2970        }
2971        if (error < 0) {
2972                kfree(p);
2973                return error;
2974        }
2975
2976        if (p) {
2977                driver->ttys = (struct tty_struct **)p;
2978                driver->termios = (struct ktermios **)(p + driver->num);
2979        } else {
2980                driver->ttys = NULL;
2981                driver->termios = NULL;
2982        }
2983
2984        cdev_init(&driver->cdev, &tty_fops);
2985        driver->cdev.owner = driver->owner;
2986        error = cdev_add(&driver->cdev, dev, driver->num);
2987        if (error) {
2988                unregister_chrdev_region(dev, driver->num);
2989                driver->ttys = NULL;
2990                driver->termios = NULL;
2991                kfree(p);
2992                return error;
2993        }
2994
2995        mutex_lock(&tty_mutex);
2996        list_add(&driver->tty_drivers, &tty_drivers);
2997        mutex_unlock(&tty_mutex);
2998
2999        if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
3000                for (i = 0; i < driver->num; i++)
3001                    tty_register_device(driver, i, NULL);
3002        }
3003        proc_tty_register_driver(driver);
3004        driver->flags |= TTY_DRIVER_INSTALLED;
3005        return 0;
3006}
3007
3008EXPORT_SYMBOL(tty_register_driver);
3009
3010/*
3011 * Called by a tty driver to unregister itself.
3012 */
3013int tty_unregister_driver(struct tty_driver *driver)
3014{
3015#if 0
3016        /* FIXME */
3017        if (driver->refcount)
3018                return -EBUSY;
3019#endif
3020        unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3021                                driver->num);
3022        mutex_lock(&tty_mutex);
3023        list_del(&driver->tty_drivers);
3024        mutex_unlock(&tty_mutex);
3025        return 0;
3026}
3027
3028EXPORT_SYMBOL(tty_unregister_driver);
3029
3030dev_t tty_devnum(struct tty_struct *tty)
3031{
3032        return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3033}
3034EXPORT_SYMBOL(tty_devnum);
3035
3036void proc_clear_tty(struct task_struct *p)
3037{
3038        unsigned long flags;
3039        struct tty_struct *tty;
3040        spin_lock_irqsave(&p->sighand->siglock, flags);
3041        tty = p->signal->tty;
3042        p->signal->tty = NULL;
3043        spin_unlock_irqrestore(&p->sighand->siglock, flags);
3044        tty_kref_put(tty);
3045}
3046
3047/* Called under the sighand lock */
3048
3049static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
3050{
3051        if (tty) {
3052                unsigned long flags;
3053                /* We should not have a session or pgrp to put here but.... */
3054                spin_lock_irqsave(&tty->ctrl_lock, flags);
3055                put_pid(tty->session);
3056                put_pid(tty->pgrp);
3057                tty->pgrp = get_pid(task_pgrp(tsk));
3058                spin_unlock_irqrestore(&tty->ctrl_lock, flags);
3059                tty->session = get_pid(task_session(tsk));
3060                if (tsk->signal->tty) {
3061                        printk(KERN_DEBUG "tty not NULL!!\n");
3062                        tty_kref_put(tsk->signal->tty);
3063                }
3064        }
3065        put_pid(tsk->signal->tty_old_pgrp);
3066        tsk->signal->tty = tty_kref_get(tty);
3067        tsk->signal->tty_old_pgrp = NULL;
3068}
3069
3070static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty)
3071{
3072        spin_lock_irq(&tsk->sighand->siglock);
3073        __proc_set_tty(tsk, tty);
3074        spin_unlock_irq(&tsk->sighand->siglock);
3075}
3076
3077struct tty_struct *get_current_tty(void)
3078{
3079        struct tty_struct *tty;
3080        unsigned long flags;
3081
3082        spin_lock_irqsave(&current->sighand->siglock, flags);
3083        tty = tty_kref_get(current->signal->tty);
3084        spin_unlock_irqrestore(&current->sighand->siglock, flags);
3085        return tty;
3086}
3087EXPORT_SYMBOL_GPL(get_current_tty);
3088
3089void tty_default_fops(struct file_operations *fops)
3090{
3091        *fops = tty_fops;
3092}
3093
3094/*
3095 * Initialize the console device. This is called *early*, so
3096 * we can't necessarily depend on lots of kernel help here.
3097 * Just do some early initializations, and do the complex setup
3098 * later.
3099 */
3100void __init console_init(void)
3101{
3102        initcall_t *call;
3103
3104        /* Setup the default TTY line discipline. */
3105        tty_ldisc_begin();
3106
3107        /*
3108         * set up the console device so that later boot sequences can
3109         * inform about problems etc..
3110         */
3111        call = __con_initcall_start;
3112        while (call < __con_initcall_end) {
3113                (*call)();
3114                call++;
3115        }
3116}
3117
3118static int __init tty_class_init(void)
3119{
3120        tty_class = class_create(THIS_MODULE, "tty");
3121        if (IS_ERR(tty_class))
3122                return PTR_ERR(tty_class);
3123        return 0;
3124}
3125
3126postcore_initcall(tty_class_init);
3127
3128/* 3/2004 jmc: why do these devices exist? */
3129
3130static struct cdev tty_cdev, console_cdev;
3131
3132/*
3133 * Ok, now we can initialize the rest of the tty devices and can count
3134 * on memory allocations, interrupts etc..
3135 */
3136static int __init tty_init(void)
3137{
3138        cdev_init(&tty_cdev, &tty_fops);
3139        if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3140            register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3141                panic("Couldn't register /dev/tty driver\n");
3142        device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL,
3143                              "tty");
3144
3145        cdev_init(&console_cdev, &console_fops);
3146        if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3147            register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3148                panic("Couldn't register /dev/console driver\n");
3149        device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 1), NULL,
3150                              "console");
3151
3152#ifdef CONFIG_VT
3153        vty_init(&console_fops);
3154#endif
3155        return 0;
3156}
3157module_init(tty_init);