PageRenderTime 269ms CodeModel.GetById 15ms app.highlight 203ms RepoModel.GetById 5ms app.codeStats 3ms

/drivers/tty/tty_io.c

https://bitbucket.org/slukk/jb-tsm-kernel-4.2
C | 3357 lines | 2057 code | 367 blank | 933 comment | 378 complexity | 6ecc1c9b9f67f4bbb78c995a054161ca MD5 | raw file
Possible License(s): GPL-2.0, LGPL-2.0, AGPL-1.0

Large files files are truncated, but you can click here to view the full file

   1/*
   2 *  Copyright (C) 1991, 1992  Linus Torvalds
   3 */
   4
   5/*
   6 * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
   7 * or rs-channels. It also implements echoing, cooked mode etc.
   8 *
   9 * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
  10 *
  11 * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
  12 * tty_struct and tty_queue structures.  Previously there was an array
  13 * of 256 tty_struct's which was statically allocated, and the
  14 * tty_queue structures were allocated at boot time.  Both are now
  15 * dynamically allocated only when the tty is open.
  16 *
  17 * Also restructured routines so that there is more of a separation
  18 * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
  19 * the low-level tty routines (serial.c, pty.c, console.c).  This
  20 * makes for cleaner and more compact code.  -TYT, 9/17/92
  21 *
  22 * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
  23 * which can be dynamically activated and de-activated by the line
  24 * discipline handling modules (like SLIP).
  25 *
  26 * NOTE: pay no attention to the line discipline code (yet); its
  27 * interface is still subject to change in this version...
  28 * -- TYT, 1/31/92
  29 *
  30 * Added functionality to the OPOST tty handling.  No delays, but all
  31 * other bits should be there.
  32 *	-- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
  33 *
  34 * Rewrote canonical mode and added more termios flags.
  35 * 	-- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
  36 *
  37 * Reorganized FASYNC support so mouse code can share it.
  38 *	-- ctm@ardi.com, 9Sep95
  39 *
  40 * New TIOCLINUX variants added.
  41 *	-- mj@k332.feld.cvut.cz, 19-Nov-95
  42 *
  43 * Restrict vt switching via ioctl()
  44 *      -- grif@cs.ucr.edu, 5-Dec-95
  45 *
  46 * Move console and virtual terminal code to more appropriate files,
  47 * implement CONFIG_VT and generalize console device interface.
  48 *	-- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
  49 *
  50 * Rewrote tty_init_dev and tty_release_dev to eliminate races.
  51 *	-- Bill Hawes <whawes@star.net>, June 97
  52 *
  53 * Added devfs support.
  54 *      -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
  55 *
  56 * Added support for a Unix98-style ptmx device.
  57 *      -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
  58 *
  59 * Reduced memory usage for older ARM systems
  60 *      -- Russell King <rmk@arm.linux.org.uk>
  61 *
  62 * Move do_SAK() into process context.  Less stack use in devfs functions.
  63 * alloc_tty_struct() always uses kmalloc()
  64 *			 -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
  65 */
  66
  67#include <linux/types.h>
  68#include <linux/major.h>
  69#include <linux/errno.h>
  70#include <linux/signal.h>
  71#include <linux/fcntl.h>
  72#include <linux/sched.h>
  73#include <linux/interrupt.h>
  74#include <linux/tty.h>
  75#include <linux/tty_driver.h>
  76#include <linux/tty_flip.h>
  77#include <linux/devpts_fs.h>
  78#include <linux/file.h>
  79#include <linux/fdtable.h>
  80#include <linux/console.h>
  81#include <linux/timer.h>
  82#include <linux/ctype.h>
  83#include <linux/kd.h>
  84#include <linux/mm.h>
  85#include <linux/string.h>
  86#include <linux/slab.h>
  87#include <linux/poll.h>
  88#include <linux/proc_fs.h>
  89#include <linux/init.h>
  90#include <linux/module.h>
  91#include <linux/device.h>
  92#include <linux/wait.h>
  93#include <linux/bitops.h>
  94#include <linux/delay.h>
  95#include <linux/seq_file.h>
  96#include <linux/serial.h>
  97
  98#include <linux/uaccess.h>
  99#include <asm/system.h>
 100
 101#include <linux/kbd_kern.h>
 102#include <linux/vt_kern.h>
 103#include <linux/selection.h>
 104
 105#include <linux/kmod.h>
 106#include <linux/nsproxy.h>
 107
 108#undef TTY_DEBUG_HANGUP
 109
 110#define TTY_PARANOIA_CHECK 1
 111#define CHECK_TTY_COUNT 1
 112
 113struct ktermios tty_std_termios = {	/* for the benefit of tty drivers  */
 114	.c_iflag = ICRNL | IXON,
 115	.c_oflag = OPOST | ONLCR,
 116	.c_cflag = B38400 | CS8 | CREAD | HUPCL,
 117	.c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
 118		   ECHOCTL | ECHOKE | IEXTEN,
 119	.c_cc = INIT_C_CC,
 120	.c_ispeed = 38400,
 121	.c_ospeed = 38400
 122};
 123
 124EXPORT_SYMBOL(tty_std_termios);
 125
 126/* This list gets poked at by procfs and various bits of boot up code. This
 127   could do with some rationalisation such as pulling the tty proc function
 128   into this file */
 129
 130LIST_HEAD(tty_drivers);			/* linked list of tty drivers */
 131
 132/* Mutex to protect creating and releasing a tty. This is shared with
 133   vt.c for deeply disgusting hack reasons */
 134DEFINE_MUTEX(tty_mutex);
 135EXPORT_SYMBOL(tty_mutex);
 136
 137/* Spinlock to protect the tty->tty_files list */
 138DEFINE_SPINLOCK(tty_files_lock);
 139
 140static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
 141static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
 142ssize_t redirected_tty_write(struct file *, const char __user *,
 143							size_t, loff_t *);
 144static unsigned int tty_poll(struct file *, poll_table *);
 145static int tty_open(struct inode *, struct file *);
 146long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
 147#ifdef CONFIG_COMPAT
 148static long tty_compat_ioctl(struct file *file, unsigned int cmd,
 149				unsigned long arg);
 150#else
 151#define tty_compat_ioctl NULL
 152#endif
 153static int __tty_fasync(int fd, struct file *filp, int on);
 154static int tty_fasync(int fd, struct file *filp, int on);
 155static void release_tty(struct tty_struct *tty, int idx);
 156static void __proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
 157static void proc_set_tty(struct task_struct *tsk, struct tty_struct *tty);
 158
 159/**
 160 *	alloc_tty_struct	-	allocate a tty object
 161 *
 162 *	Return a new empty tty structure. The data fields have not
 163 *	been initialized in any way but has been zeroed
 164 *
 165 *	Locking: none
 166 */
 167
 168struct tty_struct *alloc_tty_struct(void)
 169{
 170	return kzalloc(sizeof(struct tty_struct), GFP_KERNEL);
 171}
 172
 173/**
 174 *	free_tty_struct		-	free a disused tty
 175 *	@tty: tty struct to free
 176 *
 177 *	Free the write buffers, tty queue and tty memory itself.
 178 *
 179 *	Locking: none. Must be called after tty is definitely unused
 180 */
 181
 182void free_tty_struct(struct tty_struct *tty)
 183{
 184	if (tty->dev)
 185		put_device(tty->dev);
 186	kfree(tty->write_buf);
 187	tty_buffer_free_all(tty);
 188	kfree(tty);
 189}
 190
 191static inline struct tty_struct *file_tty(struct file *file)
 192{
 193	return ((struct tty_file_private *)file->private_data)->tty;
 194}
 195
 196int tty_alloc_file(struct file *file)
 197{
 198	struct tty_file_private *priv;
 199
 200	priv = kmalloc(sizeof(*priv), GFP_KERNEL);
 201	if (!priv)
 202		return -ENOMEM;
 203
 204	file->private_data = priv;
 205
 206	return 0;
 207}
 208
 209/* Associate a new file with the tty structure */
 210void tty_add_file(struct tty_struct *tty, struct file *file)
 211{
 212	struct tty_file_private *priv = file->private_data;
 213
 214	priv->tty = tty;
 215	priv->file = file;
 216
 217	spin_lock(&tty_files_lock);
 218	list_add(&priv->list, &tty->tty_files);
 219	spin_unlock(&tty_files_lock);
 220}
 221
 222/**
 223 * tty_free_file - free file->private_data
 224 *
 225 * This shall be used only for fail path handling when tty_add_file was not
 226 * called yet.
 227 */
 228void tty_free_file(struct file *file)
 229{
 230	struct tty_file_private *priv = file->private_data;
 231
 232	file->private_data = NULL;
 233	kfree(priv);
 234}
 235
 236/* Delete file from its tty */
 237void tty_del_file(struct file *file)
 238{
 239	struct tty_file_private *priv = file->private_data;
 240
 241	spin_lock(&tty_files_lock);
 242	list_del(&priv->list);
 243	spin_unlock(&tty_files_lock);
 244	tty_free_file(file);
 245}
 246
 247
 248#define TTY_NUMBER(tty) ((tty)->index + (tty)->driver->name_base)
 249
 250/**
 251 *	tty_name	-	return tty naming
 252 *	@tty: tty structure
 253 *	@buf: buffer for output
 254 *
 255 *	Convert a tty structure into a name. The name reflects the kernel
 256 *	naming policy and if udev is in use may not reflect user space
 257 *
 258 *	Locking: none
 259 */
 260
 261char *tty_name(struct tty_struct *tty, char *buf)
 262{
 263	if (!tty) /* Hmm.  NULL pointer.  That's fun. */
 264		strcpy(buf, "NULL tty");
 265	else
 266		strcpy(buf, tty->name);
 267	return buf;
 268}
 269
 270EXPORT_SYMBOL(tty_name);
 271
 272int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
 273			      const char *routine)
 274{
 275#ifdef TTY_PARANOIA_CHECK
 276	if (!tty) {
 277		printk(KERN_WARNING
 278			"null TTY for (%d:%d) in %s\n",
 279			imajor(inode), iminor(inode), routine);
 280		return 1;
 281	}
 282	if (tty->magic != TTY_MAGIC) {
 283		printk(KERN_WARNING
 284			"bad magic number for tty struct (%d:%d) in %s\n",
 285			imajor(inode), iminor(inode), routine);
 286		return 1;
 287	}
 288#endif
 289	return 0;
 290}
 291
 292static int check_tty_count(struct tty_struct *tty, const char *routine)
 293{
 294#ifdef CHECK_TTY_COUNT
 295	struct list_head *p;
 296	int count = 0;
 297
 298	spin_lock(&tty_files_lock);
 299	list_for_each(p, &tty->tty_files) {
 300		count++;
 301	}
 302	spin_unlock(&tty_files_lock);
 303	if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
 304	    tty->driver->subtype == PTY_TYPE_SLAVE &&
 305	    tty->link && tty->link->count)
 306		count++;
 307	if (tty->count != count) {
 308		printk(KERN_WARNING "Warning: dev (%s) tty->count(%d) "
 309				    "!= #fd's(%d) in %s\n",
 310		       tty->name, tty->count, count, routine);
 311		return count;
 312	}
 313#endif
 314	return 0;
 315}
 316
 317/**
 318 *	get_tty_driver		-	find device of a tty
 319 *	@dev_t: device identifier
 320 *	@index: returns the index of the tty
 321 *
 322 *	This routine returns a tty driver structure, given a device number
 323 *	and also passes back the index number.
 324 *
 325 *	Locking: caller must hold tty_mutex
 326 */
 327
 328static struct tty_driver *get_tty_driver(dev_t device, int *index)
 329{
 330	struct tty_driver *p;
 331
 332	list_for_each_entry(p, &tty_drivers, tty_drivers) {
 333		dev_t base = MKDEV(p->major, p->minor_start);
 334		if (device < base || device >= base + p->num)
 335			continue;
 336		*index = device - base;
 337		return tty_driver_kref_get(p);
 338	}
 339	return NULL;
 340}
 341
 342#ifdef CONFIG_CONSOLE_POLL
 343
 344/**
 345 *	tty_find_polling_driver	-	find device of a polled tty
 346 *	@name: name string to match
 347 *	@line: pointer to resulting tty line nr
 348 *
 349 *	This routine returns a tty driver structure, given a name
 350 *	and the condition that the tty driver is capable of polled
 351 *	operation.
 352 */
 353struct tty_driver *tty_find_polling_driver(char *name, int *line)
 354{
 355	struct tty_driver *p, *res = NULL;
 356	int tty_line = 0;
 357	int len;
 358	char *str, *stp;
 359
 360	for (str = name; *str; str++)
 361		if ((*str >= '0' && *str <= '9') || *str == ',')
 362			break;
 363	if (!*str)
 364		return NULL;
 365
 366	len = str - name;
 367	tty_line = simple_strtoul(str, &str, 10);
 368
 369	mutex_lock(&tty_mutex);
 370	/* Search through the tty devices to look for a match */
 371	list_for_each_entry(p, &tty_drivers, tty_drivers) {
 372		if (strncmp(name, p->name, len) != 0)
 373			continue;
 374		stp = str;
 375		if (*stp == ',')
 376			stp++;
 377		if (*stp == '\0')
 378			stp = NULL;
 379
 380		if (tty_line >= 0 && tty_line < p->num && p->ops &&
 381		    p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) {
 382			res = tty_driver_kref_get(p);
 383			*line = tty_line;
 384			break;
 385		}
 386	}
 387	mutex_unlock(&tty_mutex);
 388
 389	return res;
 390}
 391EXPORT_SYMBOL_GPL(tty_find_polling_driver);
 392#endif
 393
 394/**
 395 *	tty_check_change	-	check for POSIX terminal changes
 396 *	@tty: tty to check
 397 *
 398 *	If we try to write to, or set the state of, a terminal and we're
 399 *	not in the foreground, send a SIGTTOU.  If the signal is blocked or
 400 *	ignored, go ahead and perform the operation.  (POSIX 7.2)
 401 *
 402 *	Locking: ctrl_lock
 403 */
 404
 405int tty_check_change(struct tty_struct *tty)
 406{
 407	unsigned long flags;
 408	int ret = 0;
 409
 410	if (current->signal->tty != tty)
 411		return 0;
 412
 413	spin_lock_irqsave(&tty->ctrl_lock, flags);
 414
 415	if (!tty->pgrp) {
 416		printk(KERN_WARNING "tty_check_change: tty->pgrp == NULL!\n");
 417		goto out_unlock;
 418	}
 419	if (task_pgrp(current) == tty->pgrp)
 420		goto out_unlock;
 421	spin_unlock_irqrestore(&tty->ctrl_lock, flags);
 422	if (is_ignored(SIGTTOU))
 423		goto out;
 424	if (is_current_pgrp_orphaned()) {
 425		ret = -EIO;
 426		goto out;
 427	}
 428	kill_pgrp(task_pgrp(current), SIGTTOU, 1);
 429	set_thread_flag(TIF_SIGPENDING);
 430	ret = -ERESTARTSYS;
 431out:
 432	return ret;
 433out_unlock:
 434	spin_unlock_irqrestore(&tty->ctrl_lock, flags);
 435	return ret;
 436}
 437
 438EXPORT_SYMBOL(tty_check_change);
 439
 440static ssize_t hung_up_tty_read(struct file *file, char __user *buf,
 441				size_t count, loff_t *ppos)
 442{
 443	return 0;
 444}
 445
 446static ssize_t hung_up_tty_write(struct file *file, const char __user *buf,
 447				 size_t count, loff_t *ppos)
 448{
 449	return -EIO;
 450}
 451
 452/* No kernel lock held - none needed ;) */
 453static unsigned int hung_up_tty_poll(struct file *filp, poll_table *wait)
 454{
 455	return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
 456}
 457
 458static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
 459		unsigned long arg)
 460{
 461	return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
 462}
 463
 464static long hung_up_tty_compat_ioctl(struct file *file,
 465				     unsigned int cmd, unsigned long arg)
 466{
 467	return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
 468}
 469
 470static const struct file_operations tty_fops = {
 471	.llseek		= no_llseek,
 472	.read		= tty_read,
 473	.write		= tty_write,
 474	.poll		= tty_poll,
 475	.unlocked_ioctl	= tty_ioctl,
 476	.compat_ioctl	= tty_compat_ioctl,
 477	.open		= tty_open,
 478	.release	= tty_release,
 479	.fasync		= tty_fasync,
 480};
 481
 482static const struct file_operations console_fops = {
 483	.llseek		= no_llseek,
 484	.read		= tty_read,
 485	.write		= redirected_tty_write,
 486	.poll		= tty_poll,
 487	.unlocked_ioctl	= tty_ioctl,
 488	.compat_ioctl	= tty_compat_ioctl,
 489	.open		= tty_open,
 490	.release	= tty_release,
 491	.fasync		= tty_fasync,
 492};
 493
 494static const struct file_operations hung_up_tty_fops = {
 495	.llseek		= no_llseek,
 496	.read		= hung_up_tty_read,
 497	.write		= hung_up_tty_write,
 498	.poll		= hung_up_tty_poll,
 499	.unlocked_ioctl	= hung_up_tty_ioctl,
 500	.compat_ioctl	= hung_up_tty_compat_ioctl,
 501	.release	= tty_release,
 502};
 503
 504static DEFINE_SPINLOCK(redirect_lock);
 505static struct file *redirect;
 506
 507/**
 508 *	tty_wakeup	-	request more data
 509 *	@tty: terminal
 510 *
 511 *	Internal and external helper for wakeups of tty. This function
 512 *	informs the line discipline if present that the driver is ready
 513 *	to receive more output data.
 514 */
 515
 516void tty_wakeup(struct tty_struct *tty)
 517{
 518	struct tty_ldisc *ld;
 519
 520	if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
 521		ld = tty_ldisc_ref(tty);
 522		if (ld) {
 523			if (ld->ops->write_wakeup)
 524				ld->ops->write_wakeup(tty);
 525			tty_ldisc_deref(ld);
 526		}
 527	}
 528	wake_up_interruptible_poll(&tty->write_wait, POLLOUT);
 529}
 530
 531EXPORT_SYMBOL_GPL(tty_wakeup);
 532
 533/**
 534 *	__tty_hangup		-	actual handler for hangup events
 535 *	@work: tty device
 536 *
 537 *	This can be called by the "eventd" kernel thread.  That is process
 538 *	synchronous but doesn't hold any locks, so we need to make sure we
 539 *	have the appropriate locks for what we're doing.
 540 *
 541 *	The hangup event clears any pending redirections onto the hung up
 542 *	device. It ensures future writes will error and it does the needed
 543 *	line discipline hangup and signal delivery. The tty object itself
 544 *	remains intact.
 545 *
 546 *	Locking:
 547 *		BTM
 548 *		  redirect lock for undoing redirection
 549 *		  file list lock for manipulating list of ttys
 550 *		  tty_ldisc_lock from called functions
 551 *		  termios_mutex resetting termios data
 552 *		  tasklist_lock to walk task list for hangup event
 553 *		    ->siglock to protect ->signal/->sighand
 554 */
 555void __tty_hangup(struct tty_struct *tty)
 556{
 557	struct file *cons_filp = NULL;
 558	struct file *filp, *f = NULL;
 559	struct task_struct *p;
 560	struct tty_file_private *priv;
 561	int    closecount = 0, n;
 562	unsigned long flags;
 563	int refs = 0;
 564
 565	if (!tty)
 566		return;
 567
 568
 569	spin_lock(&redirect_lock);
 570	if (redirect && file_tty(redirect) == tty) {
 571		f = redirect;
 572		redirect = NULL;
 573	}
 574	spin_unlock(&redirect_lock);
 575
 576	tty_lock();
 577
 578	/* some functions below drop BTM, so we need this bit */
 579	set_bit(TTY_HUPPING, &tty->flags);
 580
 581	/* inuse_filps is protected by the single tty lock,
 582	   this really needs to change if we want to flush the
 583	   workqueue with the lock held */
 584	check_tty_count(tty, "tty_hangup");
 585
 586	spin_lock(&tty_files_lock);
 587	/* This breaks for file handles being sent over AF_UNIX sockets ? */
 588	list_for_each_entry(priv, &tty->tty_files, list) {
 589		filp = priv->file;
 590		if (filp->f_op->write == redirected_tty_write)
 591			cons_filp = filp;
 592		if (filp->f_op->write != tty_write)
 593			continue;
 594		closecount++;
 595		__tty_fasync(-1, filp, 0);	/* can't block */
 596		filp->f_op = &hung_up_tty_fops;
 597	}
 598	spin_unlock(&tty_files_lock);
 599
 600	/*
 601	 * it drops BTM and thus races with reopen
 602	 * we protect the race by TTY_HUPPING
 603	 */
 604	tty_ldisc_hangup(tty);
 605
 606	read_lock(&tasklist_lock);
 607	if (tty->session) {
 608		do_each_pid_task(tty->session, PIDTYPE_SID, p) {
 609			spin_lock_irq(&p->sighand->siglock);
 610			if (p->signal->tty == tty) {
 611				p->signal->tty = NULL;
 612				/* We defer the dereferences outside fo
 613				   the tasklist lock */
 614				refs++;
 615			}
 616			if (!p->signal->leader) {
 617				spin_unlock_irq(&p->sighand->siglock);
 618				continue;
 619			}
 620			__group_send_sig_info(SIGHUP, SEND_SIG_PRIV, p);
 621			__group_send_sig_info(SIGCONT, SEND_SIG_PRIV, p);
 622			put_pid(p->signal->tty_old_pgrp);  /* A noop */
 623			spin_lock_irqsave(&tty->ctrl_lock, flags);
 624			if (tty->pgrp)
 625				p->signal->tty_old_pgrp = get_pid(tty->pgrp);
 626			spin_unlock_irqrestore(&tty->ctrl_lock, flags);
 627			spin_unlock_irq(&p->sighand->siglock);
 628		} while_each_pid_task(tty->session, PIDTYPE_SID, p);
 629	}
 630	read_unlock(&tasklist_lock);
 631
 632	spin_lock_irqsave(&tty->ctrl_lock, flags);
 633	clear_bit(TTY_THROTTLED, &tty->flags);
 634	clear_bit(TTY_PUSH, &tty->flags);
 635	clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
 636	put_pid(tty->session);
 637	put_pid(tty->pgrp);
 638	tty->session = NULL;
 639	tty->pgrp = NULL;
 640	tty->ctrl_status = 0;
 641	spin_unlock_irqrestore(&tty->ctrl_lock, flags);
 642
 643	/* Account for the p->signal references we killed */
 644	while (refs--)
 645		tty_kref_put(tty);
 646
 647	/*
 648	 * If one of the devices matches a console pointer, we
 649	 * cannot just call hangup() because that will cause
 650	 * tty->count and state->count to go out of sync.
 651	 * So we just call close() the right number of times.
 652	 */
 653	if (cons_filp) {
 654		if (tty->ops->close)
 655			for (n = 0; n < closecount; n++)
 656				tty->ops->close(tty, cons_filp);
 657	} else if (tty->ops->hangup)
 658		(tty->ops->hangup)(tty);
 659	/*
 660	 * We don't want to have driver/ldisc interactions beyond
 661	 * the ones we did here. The driver layer expects no
 662	 * calls after ->hangup() from the ldisc side. However we
 663	 * can't yet guarantee all that.
 664	 */
 665	set_bit(TTY_HUPPED, &tty->flags);
 666	clear_bit(TTY_HUPPING, &tty->flags);
 667	tty_ldisc_enable(tty);
 668
 669	tty_unlock();
 670
 671	if (f)
 672		fput(f);
 673}
 674
 675static void do_tty_hangup(struct work_struct *work)
 676{
 677	struct tty_struct *tty =
 678		container_of(work, struct tty_struct, hangup_work);
 679
 680	__tty_hangup(tty);
 681}
 682
 683/**
 684 *	tty_hangup		-	trigger a hangup event
 685 *	@tty: tty to hangup
 686 *
 687 *	A carrier loss (virtual or otherwise) has occurred on this like
 688 *	schedule a hangup sequence to run after this event.
 689 */
 690
 691void tty_hangup(struct tty_struct *tty)
 692{
 693#ifdef TTY_DEBUG_HANGUP
 694	char	buf[64];
 695	printk(KERN_DEBUG "%s hangup...\n", tty_name(tty, buf));
 696#endif
 697	schedule_work(&tty->hangup_work);
 698}
 699
 700EXPORT_SYMBOL(tty_hangup);
 701
 702/**
 703 *	tty_vhangup		-	process vhangup
 704 *	@tty: tty to hangup
 705 *
 706 *	The user has asked via system call for the terminal to be hung up.
 707 *	We do this synchronously so that when the syscall returns the process
 708 *	is complete. That guarantee is necessary for security reasons.
 709 */
 710
 711void tty_vhangup(struct tty_struct *tty)
 712{
 713#ifdef TTY_DEBUG_HANGUP
 714	char	buf[64];
 715
 716	printk(KERN_DEBUG "%s vhangup...\n", tty_name(tty, buf));
 717#endif
 718	__tty_hangup(tty);
 719}
 720
 721EXPORT_SYMBOL(tty_vhangup);
 722
 723
 724/**
 725 *	tty_vhangup_self	-	process vhangup for own ctty
 726 *
 727 *	Perform a vhangup on the current controlling tty
 728 */
 729
 730void tty_vhangup_self(void)
 731{
 732	struct tty_struct *tty;
 733
 734	tty = get_current_tty();
 735	if (tty) {
 736		tty_vhangup(tty);
 737		tty_kref_put(tty);
 738	}
 739}
 740
 741/**
 742 *	tty_hung_up_p		-	was tty hung up
 743 *	@filp: file pointer of tty
 744 *
 745 *	Return true if the tty has been subject to a vhangup or a carrier
 746 *	loss
 747 */
 748
 749int tty_hung_up_p(struct file *filp)
 750{
 751	return (filp->f_op == &hung_up_tty_fops);
 752}
 753
 754EXPORT_SYMBOL(tty_hung_up_p);
 755
 756static void session_clear_tty(struct pid *session)
 757{
 758	struct task_struct *p;
 759	do_each_pid_task(session, PIDTYPE_SID, p) {
 760		proc_clear_tty(p);
 761	} while_each_pid_task(session, PIDTYPE_SID, p);
 762}
 763
 764/**
 765 *	disassociate_ctty	-	disconnect controlling tty
 766 *	@on_exit: true if exiting so need to "hang up" the session
 767 *
 768 *	This function is typically called only by the session leader, when
 769 *	it wants to disassociate itself from its controlling tty.
 770 *
 771 *	It performs the following functions:
 772 * 	(1)  Sends a SIGHUP and SIGCONT to the foreground process group
 773 * 	(2)  Clears the tty from being controlling the session
 774 * 	(3)  Clears the controlling tty for all processes in the
 775 * 		session group.
 776 *
 777 *	The argument on_exit is set to 1 if called when a process is
 778 *	exiting; it is 0 if called by the ioctl TIOCNOTTY.
 779 *
 780 *	Locking:
 781 *		BTM is taken for hysterical raisins, and held when
 782 *		  called from no_tty().
 783 *		  tty_mutex is taken to protect tty
 784 *		  ->siglock is taken to protect ->signal/->sighand
 785 *		  tasklist_lock is taken to walk process list for sessions
 786 *		    ->siglock is taken to protect ->signal/->sighand
 787 */
 788
 789void disassociate_ctty(int on_exit)
 790{
 791	struct tty_struct *tty;
 792	struct pid *tty_pgrp = NULL;
 793
 794	if (!current->signal->leader)
 795		return;
 796
 797	tty = get_current_tty();
 798	if (tty) {
 799		tty_pgrp = get_pid(tty->pgrp);
 800		if (on_exit) {
 801			if (tty->driver->type != TTY_DRIVER_TYPE_PTY)
 802				tty_vhangup(tty);
 803		}
 804		tty_kref_put(tty);
 805	} else if (on_exit) {
 806		struct pid *old_pgrp;
 807		spin_lock_irq(&current->sighand->siglock);
 808		old_pgrp = current->signal->tty_old_pgrp;
 809		current->signal->tty_old_pgrp = NULL;
 810		spin_unlock_irq(&current->sighand->siglock);
 811		if (old_pgrp) {
 812			kill_pgrp(old_pgrp, SIGHUP, on_exit);
 813			kill_pgrp(old_pgrp, SIGCONT, on_exit);
 814			put_pid(old_pgrp);
 815		}
 816		return;
 817	}
 818	if (tty_pgrp) {
 819		kill_pgrp(tty_pgrp, SIGHUP, on_exit);
 820		if (!on_exit)
 821			kill_pgrp(tty_pgrp, SIGCONT, on_exit);
 822		put_pid(tty_pgrp);
 823	}
 824
 825	spin_lock_irq(&current->sighand->siglock);
 826	put_pid(current->signal->tty_old_pgrp);
 827	current->signal->tty_old_pgrp = NULL;
 828	spin_unlock_irq(&current->sighand->siglock);
 829
 830	tty = get_current_tty();
 831	if (tty) {
 832		unsigned long flags;
 833		spin_lock_irqsave(&tty->ctrl_lock, flags);
 834		put_pid(tty->session);
 835		put_pid(tty->pgrp);
 836		tty->session = NULL;
 837		tty->pgrp = NULL;
 838		spin_unlock_irqrestore(&tty->ctrl_lock, flags);
 839		tty_kref_put(tty);
 840	} else {
 841#ifdef TTY_DEBUG_HANGUP
 842		printk(KERN_DEBUG "error attempted to write to tty [0x%p]"
 843		       " = NULL", tty);
 844#endif
 845	}
 846
 847	/* Now clear signal->tty under the lock */
 848	read_lock(&tasklist_lock);
 849	session_clear_tty(task_session(current));
 850	read_unlock(&tasklist_lock);
 851}
 852
 853/**
 854 *
 855 *	no_tty	- Ensure the current process does not have a controlling tty
 856 */
 857void no_tty(void)
 858{
 859	struct task_struct *tsk = current;
 860	tty_lock();
 861	disassociate_ctty(0);
 862	tty_unlock();
 863	proc_clear_tty(tsk);
 864}
 865
 866
 867/**
 868 *	stop_tty	-	propagate flow control
 869 *	@tty: tty to stop
 870 *
 871 *	Perform flow control to the driver. For PTY/TTY pairs we
 872 *	must also propagate the TIOCKPKT status. May be called
 873 *	on an already stopped device and will not re-call the driver
 874 *	method.
 875 *
 876 *	This functionality is used by both the line disciplines for
 877 *	halting incoming flow and by the driver. It may therefore be
 878 *	called from any context, may be under the tty atomic_write_lock
 879 *	but not always.
 880 *
 881 *	Locking:
 882 *		Uses the tty control lock internally
 883 */
 884
 885void stop_tty(struct tty_struct *tty)
 886{
 887	unsigned long flags;
 888	spin_lock_irqsave(&tty->ctrl_lock, flags);
 889	if (tty->stopped) {
 890		spin_unlock_irqrestore(&tty->ctrl_lock, flags);
 891		return;
 892	}
 893	tty->stopped = 1;
 894	if (tty->link && tty->link->packet) {
 895		tty->ctrl_status &= ~TIOCPKT_START;
 896		tty->ctrl_status |= TIOCPKT_STOP;
 897		wake_up_interruptible_poll(&tty->link->read_wait, POLLIN);
 898	}
 899	spin_unlock_irqrestore(&tty->ctrl_lock, flags);
 900	if (tty->ops->stop)
 901		(tty->ops->stop)(tty);
 902}
 903
 904EXPORT_SYMBOL(stop_tty);
 905
 906/**
 907 *	start_tty	-	propagate flow control
 908 *	@tty: tty to start
 909 *
 910 *	Start a tty that has been stopped if at all possible. Perform
 911 *	any necessary wakeups and propagate the TIOCPKT status. If this
 912 *	is the tty was previous stopped and is being started then the
 913 *	driver start method is invoked and the line discipline woken.
 914 *
 915 *	Locking:
 916 *		ctrl_lock
 917 */
 918
 919void start_tty(struct tty_struct *tty)
 920{
 921	unsigned long flags;
 922	spin_lock_irqsave(&tty->ctrl_lock, flags);
 923	if (!tty->stopped || tty->flow_stopped) {
 924		spin_unlock_irqrestore(&tty->ctrl_lock, flags);
 925		return;
 926	}
 927	tty->stopped = 0;
 928	if (tty->link && tty->link->packet) {
 929		tty->ctrl_status &= ~TIOCPKT_STOP;
 930		tty->ctrl_status |= TIOCPKT_START;
 931		wake_up_interruptible_poll(&tty->link->read_wait, POLLIN);
 932	}
 933	spin_unlock_irqrestore(&tty->ctrl_lock, flags);
 934	if (tty->ops->start)
 935		(tty->ops->start)(tty);
 936	/* If we have a running line discipline it may need kicking */
 937	tty_wakeup(tty);
 938}
 939
 940EXPORT_SYMBOL(start_tty);
 941
 942/**
 943 *	tty_read	-	read method for tty device files
 944 *	@file: pointer to tty file
 945 *	@buf: user buffer
 946 *	@count: size of user buffer
 947 *	@ppos: unused
 948 *
 949 *	Perform the read system call function on this terminal device. Checks
 950 *	for hung up devices before calling the line discipline method.
 951 *
 952 *	Locking:
 953 *		Locks the line discipline internally while needed. Multiple
 954 *	read calls may be outstanding in parallel.
 955 */
 956
 957static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
 958			loff_t *ppos)
 959{
 960	int i;
 961	struct inode *inode = file->f_path.dentry->d_inode;
 962	struct tty_struct *tty = file_tty(file);
 963	struct tty_ldisc *ld;
 964
 965	if (tty_paranoia_check(tty, inode, "tty_read"))
 966		return -EIO;
 967	if (!tty || (test_bit(TTY_IO_ERROR, &tty->flags)))
 968		return -EIO;
 969
 970	/* We want to wait for the line discipline to sort out in this
 971	   situation */
 972	ld = tty_ldisc_ref_wait(tty);
 973	if (ld->ops->read)
 974		i = (ld->ops->read)(tty, file, buf, count);
 975	else
 976		i = -EIO;
 977	tty_ldisc_deref(ld);
 978	if (i > 0)
 979		inode->i_atime = current_fs_time(inode->i_sb);
 980	return i;
 981}
 982
 983void tty_write_unlock(struct tty_struct *tty)
 984	__releases(&tty->atomic_write_lock)
 985{
 986	mutex_unlock(&tty->atomic_write_lock);
 987	wake_up_interruptible_poll(&tty->write_wait, POLLOUT);
 988}
 989
 990int tty_write_lock(struct tty_struct *tty, int ndelay)
 991	__acquires(&tty->atomic_write_lock)
 992{
 993	if (!mutex_trylock(&tty->atomic_write_lock)) {
 994		if (ndelay)
 995			return -EAGAIN;
 996		if (mutex_lock_interruptible(&tty->atomic_write_lock))
 997			return -ERESTARTSYS;
 998	}
 999	return 0;
1000}
1001
1002/*
1003 * Split writes up in sane blocksizes to avoid
1004 * denial-of-service type attacks
1005 */
1006static inline ssize_t do_tty_write(
1007	ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
1008	struct tty_struct *tty,
1009	struct file *file,
1010	const char __user *buf,
1011	size_t count)
1012{
1013	ssize_t ret, written = 0;
1014	unsigned int chunk;
1015
1016	ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
1017	if (ret < 0)
1018		return ret;
1019
1020	/*
1021	 * We chunk up writes into a temporary buffer. This
1022	 * simplifies low-level drivers immensely, since they
1023	 * don't have locking issues and user mode accesses.
1024	 *
1025	 * But if TTY_NO_WRITE_SPLIT is set, we should use a
1026	 * big chunk-size..
1027	 *
1028	 * The default chunk-size is 2kB, because the NTTY
1029	 * layer has problems with bigger chunks. It will
1030	 * claim to be able to handle more characters than
1031	 * it actually does.
1032	 *
1033	 * FIXME: This can probably go away now except that 64K chunks
1034	 * are too likely to fail unless switched to vmalloc...
1035	 */
1036	chunk = 2048;
1037	if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
1038		chunk = 65536;
1039	if (count < chunk)
1040		chunk = count;
1041
1042	/* write_buf/write_cnt is protected by the atomic_write_lock mutex */
1043	if (tty->write_cnt < chunk) {
1044		unsigned char *buf_chunk;
1045
1046		if (chunk < 1024)
1047			chunk = 1024;
1048
1049		buf_chunk = kmalloc(chunk, GFP_KERNEL);
1050		if (!buf_chunk) {
1051			ret = -ENOMEM;
1052			goto out;
1053		}
1054		kfree(tty->write_buf);
1055		tty->write_cnt = chunk;
1056		tty->write_buf = buf_chunk;
1057	}
1058
1059	/* Do the write .. */
1060	for (;;) {
1061		size_t size = count;
1062		if (size > chunk)
1063			size = chunk;
1064		ret = -EFAULT;
1065		if (copy_from_user(tty->write_buf, buf, size))
1066			break;
1067		ret = write(tty, file, tty->write_buf, size);
1068		if (ret <= 0)
1069			break;
1070		written += ret;
1071		buf += ret;
1072		count -= ret;
1073		if (!count)
1074			break;
1075		ret = -ERESTARTSYS;
1076		if (signal_pending(current))
1077			break;
1078		cond_resched();
1079	}
1080	if (written) {
1081		struct inode *inode = file->f_path.dentry->d_inode;
1082		inode->i_mtime = current_fs_time(inode->i_sb);
1083		ret = written;
1084	}
1085out:
1086	tty_write_unlock(tty);
1087	return ret;
1088}
1089
1090/**
1091 * tty_write_message - write a message to a certain tty, not just the console.
1092 * @tty: the destination tty_struct
1093 * @msg: the message to write
1094 *
1095 * This is used for messages that need to be redirected to a specific tty.
1096 * We don't put it into the syslog queue right now maybe in the future if
1097 * really needed.
1098 *
1099 * We must still hold the BTM and test the CLOSING flag for the moment.
1100 */
1101
1102void tty_write_message(struct tty_struct *tty, char *msg)
1103{
1104	if (tty) {
1105		mutex_lock(&tty->atomic_write_lock);
1106		tty_lock();
1107		if (tty->ops->write && !test_bit(TTY_CLOSING, &tty->flags)) {
1108			tty_unlock();
1109			tty->ops->write(tty, msg, strlen(msg));
1110		} else
1111			tty_unlock();
1112		tty_write_unlock(tty);
1113	}
1114	return;
1115}
1116
1117
1118/**
1119 *	tty_write		-	write method for tty device file
1120 *	@file: tty file pointer
1121 *	@buf: user data to write
1122 *	@count: bytes to write
1123 *	@ppos: unused
1124 *
1125 *	Write data to a tty device via the line discipline.
1126 *
1127 *	Locking:
1128 *		Locks the line discipline as required
1129 *		Writes to the tty driver are serialized by the atomic_write_lock
1130 *	and are then processed in chunks to the device. The line discipline
1131 *	write method will not be invoked in parallel for each device.
1132 */
1133
1134static ssize_t tty_write(struct file *file, const char __user *buf,
1135						size_t count, loff_t *ppos)
1136{
1137	struct inode *inode = file->f_path.dentry->d_inode;
1138	struct tty_struct *tty = file_tty(file);
1139 	struct tty_ldisc *ld;
1140	ssize_t ret;
1141
1142	if (tty_paranoia_check(tty, inode, "tty_write"))
1143		return -EIO;
1144	if (!tty || !tty->ops->write ||
1145		(test_bit(TTY_IO_ERROR, &tty->flags)))
1146			return -EIO;
1147	/* Short term debug to catch buggy drivers */
1148	if (tty->ops->write_room == NULL)
1149		printk(KERN_ERR "tty driver %s lacks a write_room method.\n",
1150			tty->driver->name);
1151	ld = tty_ldisc_ref_wait(tty);
1152	if (!ld->ops->write)
1153		ret = -EIO;
1154	else
1155		ret = do_tty_write(ld->ops->write, tty, file, buf, count);
1156	tty_ldisc_deref(ld);
1157	return ret;
1158}
1159
1160ssize_t redirected_tty_write(struct file *file, const char __user *buf,
1161						size_t count, loff_t *ppos)
1162{
1163	struct file *p = NULL;
1164
1165	spin_lock(&redirect_lock);
1166	if (redirect) {
1167		get_file(redirect);
1168		p = redirect;
1169	}
1170	spin_unlock(&redirect_lock);
1171
1172	if (p) {
1173		ssize_t res;
1174		res = vfs_write(p, buf, count, &p->f_pos);
1175		fput(p);
1176		return res;
1177	}
1178	return tty_write(file, buf, count, ppos);
1179}
1180
1181static char ptychar[] = "pqrstuvwxyzabcde";
1182
1183/**
1184 *	pty_line_name	-	generate name for a pty
1185 *	@driver: the tty driver in use
1186 *	@index: the minor number
1187 *	@p: output buffer of at least 6 bytes
1188 *
1189 *	Generate a name from a driver reference and write it to the output
1190 *	buffer.
1191 *
1192 *	Locking: None
1193 */
1194static void pty_line_name(struct tty_driver *driver, int index, char *p)
1195{
1196	int i = index + driver->name_base;
1197	/* ->name is initialized to "ttyp", but "tty" is expected */
1198	sprintf(p, "%s%c%x",
1199		driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1200		ptychar[i >> 4 & 0xf], i & 0xf);
1201}
1202
1203/**
1204 *	tty_line_name	-	generate name for a tty
1205 *	@driver: the tty driver in use
1206 *	@index: the minor number
1207 *	@p: output buffer of at least 7 bytes
1208 *
1209 *	Generate a name from a driver reference and write it to the output
1210 *	buffer.
1211 *
1212 *	Locking: None
1213 */
1214static void tty_line_name(struct tty_driver *driver, int index, char *p)
1215{
1216	sprintf(p, "%s%d", driver->name, index + driver->name_base);
1217}
1218
1219/**
1220 *	tty_driver_lookup_tty() - find an existing tty, if any
1221 *	@driver: the driver for the tty
1222 *	@idx:	 the minor number
1223 *
1224 *	Return the tty, if found or ERR_PTR() otherwise.
1225 *
1226 *	Locking: tty_mutex must be held. If tty is found, the mutex must
1227 *	be held until the 'fast-open' is also done. Will change once we
1228 *	have refcounting in the driver and per driver locking
1229 */
1230static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver,
1231		struct inode *inode, int idx)
1232{
1233	struct tty_struct *tty;
1234
1235	if (driver->ops->lookup)
1236		return driver->ops->lookup(driver, inode, idx);
1237
1238	tty = driver->ttys[idx];
1239	return tty;
1240}
1241
1242/**
1243 *	tty_init_termios	-  helper for termios setup
1244 *	@tty: the tty to set up
1245 *
1246 *	Initialise the termios structures for this tty. Thus runs under
1247 *	the tty_mutex currently so we can be relaxed about ordering.
1248 */
1249
1250int tty_init_termios(struct tty_struct *tty)
1251{
1252	struct ktermios *tp;
1253	int idx = tty->index;
1254
1255	tp = tty->driver->termios[idx];
1256	if (tp == NULL) {
1257		tp = kzalloc(sizeof(struct ktermios[2]), GFP_KERNEL);
1258		if (tp == NULL)
1259			return -ENOMEM;
1260		memcpy(tp, &tty->driver->init_termios,
1261						sizeof(struct ktermios));
1262		tty->driver->termios[idx] = tp;
1263	}
1264	tty->termios = tp;
1265	tty->termios_locked = tp + 1;
1266
1267	/* Compatibility until drivers always set this */
1268	tty->termios->c_ispeed = tty_termios_input_baud_rate(tty->termios);
1269	tty->termios->c_ospeed = tty_termios_baud_rate(tty->termios);
1270	return 0;
1271}
1272EXPORT_SYMBOL_GPL(tty_init_termios);
1273
1274/**
1275 *	tty_driver_install_tty() - install a tty entry in the driver
1276 *	@driver: the driver for the tty
1277 *	@tty: the tty
1278 *
1279 *	Install a tty object into the driver tables. The tty->index field
1280 *	will be set by the time this is called. This method is responsible
1281 *	for ensuring any need additional structures are allocated and
1282 *	configured.
1283 *
1284 *	Locking: tty_mutex for now
1285 */
1286static int tty_driver_install_tty(struct tty_driver *driver,
1287						struct tty_struct *tty)
1288{
1289	int idx = tty->index;
1290	int ret;
1291
1292	if (driver->ops->install) {
1293		ret = driver->ops->install(driver, tty);
1294		return ret;
1295	}
1296
1297	if (tty_init_termios(tty) == 0) {
1298		tty_driver_kref_get(driver);
1299		tty->count++;
1300		driver->ttys[idx] = tty;
1301		return 0;
1302	}
1303	return -ENOMEM;
1304}
1305
1306/**
1307 *	tty_driver_remove_tty() - remove a tty from the driver tables
1308 *	@driver: the driver for the tty
1309 *	@idx:	 the minor number
1310 *
1311 *	Remvoe a tty object from the driver tables. The tty->index field
1312 *	will be set by the time this is called.
1313 *
1314 *	Locking: tty_mutex for now
1315 */
1316void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty)
1317{
1318	if (driver->ops->remove)
1319		driver->ops->remove(driver, tty);
1320	else
1321		driver->ttys[tty->index] = NULL;
1322}
1323
1324/*
1325 * 	tty_reopen()	- fast re-open of an open tty
1326 * 	@tty	- the tty to open
1327 *
1328 *	Return 0 on success, -errno on error.
1329 *
1330 *	Locking: tty_mutex must be held from the time the tty was found
1331 *		 till this open completes.
1332 */
1333static int tty_reopen(struct tty_struct *tty)
1334{
1335	struct tty_driver *driver = tty->driver;
1336
1337	if (test_bit(TTY_CLOSING, &tty->flags) ||
1338			test_bit(TTY_HUPPING, &tty->flags) ||
1339			test_bit(TTY_LDISC_CHANGING, &tty->flags))
1340		return -EIO;
1341
1342	if (driver->type == TTY_DRIVER_TYPE_PTY &&
1343	    driver->subtype == PTY_TYPE_MASTER) {
1344		/*
1345		 * special case for PTY masters: only one open permitted,
1346		 * and the slave side open count is incremented as well.
1347		 */
1348		if (tty->count)
1349			return -EIO;
1350
1351		tty->link->count++;
1352	}
1353	tty->count++;
1354	tty->driver = driver; /* N.B. why do this every time?? */
1355
1356	mutex_lock(&tty->ldisc_mutex);
1357	WARN_ON(!test_bit(TTY_LDISC, &tty->flags));
1358	mutex_unlock(&tty->ldisc_mutex);
1359
1360	return 0;
1361}
1362
1363/**
1364 *	tty_init_dev		-	initialise a tty device
1365 *	@driver: tty driver we are opening a device on
1366 *	@idx: device index
1367 *	@ret_tty: returned tty structure
1368 *	@first_ok: ok to open a new device (used by ptmx)
1369 *
1370 *	Prepare a tty device. This may not be a "new" clean device but
1371 *	could also be an active device. The pty drivers require special
1372 *	handling because of this.
1373 *
1374 *	Locking:
1375 *		The function is called under the tty_mutex, which
1376 *	protects us from the tty struct or driver itself going away.
1377 *
1378 *	On exit the tty device has the line discipline attached and
1379 *	a reference count of 1. If a pair was created for pty/tty use
1380 *	and the other was a pty master then it too has a reference count of 1.
1381 *
1382 * WSH 06/09/97: Rewritten to remove races and properly clean up after a
1383 * failed open.  The new code protects the open with a mutex, so it's
1384 * really quite straightforward.  The mutex locking can probably be
1385 * relaxed for the (most common) case of reopening a tty.
1386 */
1387
1388struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx,
1389								int first_ok)
1390{
1391	struct tty_struct *tty;
1392	int retval;
1393
1394	/* Check if pty master is being opened multiple times */
1395	if (driver->subtype == PTY_TYPE_MASTER &&
1396		(driver->flags & TTY_DRIVER_DEVPTS_MEM) && !first_ok) {
1397		return ERR_PTR(-EIO);
1398	}
1399
1400	/*
1401	 * First time open is complex, especially for PTY devices.
1402	 * This code guarantees that either everything succeeds and the
1403	 * TTY is ready for operation, or else the table slots are vacated
1404	 * and the allocated memory released.  (Except that the termios
1405	 * and locked termios may be retained.)
1406	 */
1407
1408	if (!try_module_get(driver->owner))
1409		return ERR_PTR(-ENODEV);
1410
1411	tty = alloc_tty_struct();
1412	if (!tty) {
1413		retval = -ENOMEM;
1414		goto err_module_put;
1415	}
1416	initialize_tty_struct(tty, driver, idx);
1417
1418	retval = tty_driver_install_tty(driver, tty);
1419	if (retval < 0)
1420		goto err_deinit_tty;
1421
1422	/*
1423	 * Structures all installed ... call the ldisc open routines.
1424	 * If we fail here just call release_tty to clean up.  No need
1425	 * to decrement the use counts, as release_tty doesn't care.
1426	 */
1427	retval = tty_ldisc_setup(tty, tty->link);
1428	if (retval)
1429		goto err_release_tty;
1430	return tty;
1431
1432err_deinit_tty:
1433	deinitialize_tty_struct(tty);
1434	free_tty_struct(tty);
1435err_module_put:
1436	module_put(driver->owner);
1437	return ERR_PTR(retval);
1438
1439	/* call the tty release_tty routine to clean out this slot */
1440err_release_tty:
1441	if (printk_ratelimit())
1442		printk(KERN_INFO "tty_init_dev: ldisc open failed, "
1443				 "clearing slot %d\n", idx);
1444	release_tty(tty, idx);
1445	return ERR_PTR(retval);
1446}
1447
1448void tty_free_termios(struct tty_struct *tty)
1449{
1450	struct ktermios *tp;
1451	int idx = tty->index;
1452	/* Kill this flag and push into drivers for locking etc */
1453	if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {
1454		/* FIXME: Locking on ->termios array */
1455		tp = tty->termios;
1456		tty->driver->termios[idx] = NULL;
1457		kfree(tp);
1458	}
1459}
1460EXPORT_SYMBOL(tty_free_termios);
1461
1462void tty_shutdown(struct tty_struct *tty)
1463{
1464	tty_driver_remove_tty(tty->driver, tty);
1465	tty_free_termios(tty);
1466}
1467EXPORT_SYMBOL(tty_shutdown);
1468
1469/**
1470 *	release_one_tty		-	release tty structure memory
1471 *	@kref: kref of tty we are obliterating
1472 *
1473 *	Releases memory associated with a tty structure, and clears out the
1474 *	driver table slots. This function is called when a device is no longer
1475 *	in use. It also gets called when setup of a device fails.
1476 *
1477 *	Locking:
1478 *		tty_mutex - sometimes only
1479 *		takes the file list lock internally when working on the list
1480 *	of ttys that the driver keeps.
1481 *
1482 *	This method gets called from a work queue so that the driver private
1483 *	cleanup ops can sleep (needed for USB at least)
1484 */
1485static void release_one_tty(struct work_struct *work)
1486{
1487	struct tty_struct *tty =
1488		container_of(work, struct tty_struct, hangup_work);
1489	struct tty_driver *driver = tty->driver;
1490
1491	if (tty->ops->cleanup)
1492		tty->ops->cleanup(tty);
1493
1494	tty->magic = 0;
1495	tty_driver_kref_put(driver);
1496	module_put(driver->owner);
1497
1498	spin_lock(&tty_files_lock);
1499	list_del_init(&tty->tty_files);
1500	spin_unlock(&tty_files_lock);
1501
1502	put_pid(tty->pgrp);
1503	put_pid(tty->session);
1504	free_tty_struct(tty);
1505}
1506
1507static void queue_release_one_tty(struct kref *kref)
1508{
1509	struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
1510
1511	if (tty->ops->shutdown)
1512		tty->ops->shutdown(tty);
1513	else
1514		tty_shutdown(tty);
1515
1516	/* The hangup queue is now free so we can reuse it rather than
1517	   waste a chunk of memory for each port */
1518	INIT_WORK(&tty->hangup_work, release_one_tty);
1519	schedule_work(&tty->hangup_work);
1520}
1521
1522/**
1523 *	tty_kref_put		-	release a tty kref
1524 *	@tty: tty device
1525 *
1526 *	Release a reference to a tty device and if need be let the kref
1527 *	layer destruct the object for us
1528 */
1529
1530void tty_kref_put(struct tty_struct *tty)
1531{
1532	if (tty)
1533		kref_put(&tty->kref, queue_release_one_tty);
1534}
1535EXPORT_SYMBOL(tty_kref_put);
1536
1537/**
1538 *	release_tty		-	release tty structure memory
1539 *
1540 *	Release both @tty and a possible linked partner (think pty pair),
1541 *	and decrement the refcount of the backing module.
1542 *
1543 *	Locking:
1544 *		tty_mutex - sometimes only
1545 *		takes the file list lock internally when working on the list
1546 *	of ttys that the driver keeps.
1547 *		FIXME: should we require tty_mutex is held here ??
1548 *
1549 */
1550static void release_tty(struct tty_struct *tty, int idx)
1551{
1552	/* This should always be true but check for the moment */
1553	WARN_ON(tty->index != idx);
1554
1555	if (tty->link)
1556		tty_kref_put(tty->link);
1557	tty_kref_put(tty);
1558}
1559
1560/**
1561 *	tty_release		-	vfs callback for close
1562 *	@inode: inode of tty
1563 *	@filp: file pointer for handle to tty
1564 *
1565 *	Called the last time each file handle is closed that references
1566 *	this tty. There may however be several such references.
1567 *
1568 *	Locking:
1569 *		Takes bkl. See tty_release_dev
1570 *
1571 * Even releasing the tty structures is a tricky business.. We have
1572 * to be very careful that the structures are all released at the
1573 * same time, as interrupts might otherwise get the wrong pointers.
1574 *
1575 * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1576 * lead to double frees or releasing memory still in use.
1577 */
1578
1579int tty_release(struct inode *inode, struct file *filp)
1580{
1581	struct tty_struct *tty = file_tty(filp);
1582	struct tty_struct *o_tty;
1583	int	pty_master, tty_closing, o_tty_closing, do_sleep;
1584	int	devpts;
1585	int	idx;
1586	char	buf[64];
1587
1588	if (tty_paranoia_check(tty, inode, "tty_release_dev"))
1589		return 0;
1590
1591	tty_lock();
1592	check_tty_count(tty, "tty_release_dev");
1593
1594	__tty_fasync(-1, filp, 0);
1595
1596	idx = tty->index;
1597	pty_master = (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1598		      tty->driver->subtype == PTY_TYPE_MASTER);
1599	devpts = (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM) != 0;
1600	o_tty = tty->link;
1601
1602#ifdef TTY_PARANOIA_CHECK
1603	if (idx < 0 || idx >= tty->driver->num) {
1604		printk(KERN_DEBUG "tty_release_dev: bad idx when trying to "
1605				  "free (%s)\n", tty->name);
1606		tty_unlock();
1607		return 0;
1608	}
1609	if (!devpts) {
1610		if (tty != tty->driver->ttys[idx]) {
1611			tty_unlock();
1612			printk(KERN_DEBUG "tty_release_dev: driver.table[%d] not tty "
1613			       "for (%s)\n", idx, tty->name);
1614			return 0;
1615		}
1616		if (tty->termios != tty->driver->termios[idx]) {
1617			tty_unlock();
1618			printk(KERN_DEBUG "tty_release_dev: driver.termios[%d] not termios "
1619			       "for (%s)\n",
1620			       idx, tty->name);
1621			return 0;
1622		}
1623	}
1624#endif
1625
1626#ifdef TTY_DEBUG_HANGUP
1627	printk(KERN_DEBUG "tty_release_dev of %s (tty count=%d)...",
1628	       tty_name(tty, buf), tty->count);
1629#endif
1630
1631#ifdef TTY_PARANOIA_CHECK
1632	if (tty->driver->other &&
1633	     !(tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)) {
1634		if (o_tty != tty->driver->other->ttys[idx]) {
1635			tty_unlock();
1636			printk(KERN_DEBUG "tty_release_dev: other->table[%d] "
1637					  "not o_tty for (%s)\n",
1638			       idx, tty->name);
1639			return 0 ;
1640		}
1641		if (o_tty->termios != tty->driver->other->termios[idx]) {
1642			tty_unlock();
1643			printk(KERN_DEBUG "tty_release_dev: other->termios[%d] "
1644					  "not o_termios for (%s)\n",
1645			       idx, tty->name);
1646			return 0;
1647		}
1648		if (o_tty->link != tty) {
1649			tty_unlock();
1650			printk(KERN_DEBUG "tty_release_dev: bad pty pointers\n");
1651			return 0;
1652		}
1653	}
1654#endif
1655	if (tty->ops->close)
1656		tty->ops->close(tty, filp);
1657
1658	tty_unlock();
1659	/*
1660	 * Sanity check: if tty->count is going to zero, there shouldn't be
1661	 * any waiters on tty->read_wait or tty->write_wait.  We test the
1662	 * wait queues and kick everyone out _before_ actually starting to
1663	 * close.  This ensures that we won't block while releasing the tty
1664	 * structure.
1665	 *
1666	 * The test for the o_tty closing is necessary, since the master and
1667	 * slave sides may close in any order.  If the slave side closes out
1668	 * first, its count will be one, since the master side holds an open.
1669	 * Thus this test wouldn't be triggered at the time the slave closes,
1670	 * so we do it now.
1671	 *
1672	 * Note that it's possible for the tty to be opened again while we're
1673	 * flushing out waiters.  By recalculating the closing flags before
1674	 * each iteration we avoid any problems.
1675	 */
1676	while (1) {
1677		/* Guard against races with tty->count changes elsewhere and
1678		   opens on /dev/tty */
1679
1680		mutex_lock(&tty_mutex);
1681		tty_lock();
1682		tty_closing = tty->count <= 1;
1683		o_tty_closing = o_tty &&
1684			(o_tty->count <= (pty_master ? 1 : 0));
1685		do_sleep = 0;
1686
1687		if (tty_closing) {
1688			if (waitqueue_active(&tty->read_wait)) {
1689				wake_up_poll(&tty->read_wait, POLLIN);
1690				do_sleep++;
1691			}
1692			if (waitqueue_active(&tty->write_wait)) {
1693				wake_up_poll(&tty->write_wait, POLLOUT);
1694				do_sleep++;
1695			}
1696		}
1697		if (o_tty_closing) {
1698			if (waitqueue_active(&o_tty->read_wait)) {
1699				wake_up_poll(&o_tty->read_wait, POLLIN);
1700				do_sleep++;
1701			}
1702			if (waitqueue_active(&o_tty->write_wait)) {
1703				wake_up_poll(&o_tty->write_wait, POLLOUT);
1704				do_sleep++;
1705			}
1706		}
1707		if (!do_sleep)
1708			break;
1709
1710		printk(KERN_WARNING "tty_release_dev: %s: read/write wait queue "
1711				    "active!\n", tty_name(tty, buf));
1712		tty_unlock();
1713		mutex_unlock(&tty_mutex);
1714		schedule();
1715	}
1716
1717	/*
1718	 * The closing flags are now consistent with the open counts on
1719	 * both sides, and we've completed the last operation that could
1720	 * block, so it's safe to proceed with closing.
1721	 */
1722	if (pty_master) {
1723		if (--o_tty->count < 0) {
1724			printk(KERN_WARNING "tty_release_dev: bad pty slave count "
1725					    "(%d) for %s\n",
1726			       o_tty->count, tty_name(o_tty, buf));
1727			o_tty->count = 0;
1728		}
1729	}
1730	if (--tty->count < 0) {
1731		printk(KERN_WARNING "tty_release_dev: bad tty->count (%d) for %s\n",
1732		       tty->count, tty_name(tty, buf));
1733		tty->count = 0;
1734	}
1735
1736	/*
1737	 * We've decremented tty->count, so we need to remove this file
1738	 * descriptor off the tty->tty_files list; this serves two
1739	 * purposes:
1740	 *  - check_tty_count sees the correct number of file descriptors
1741	 *    associated with this tty.
1742	 *  - do_tty_hangup no longer sees this file descriptor as
1743	 *    something that needs to be handled for hangups.
1744	 */
1745	tty_del_file(filp);
1746
1747	/*
1748	 * Perform some housekeeping before deciding whether to return.
1749	 *
1750	 * Set the TTY_CLOSING flag if this was the last open.  In the
1751	 * case of a pty we may have to wait around for the other side
1752	 * to close, and TTY_CLOSING makes sure we can't be reopened.
1753	 */
1754	if (tty_closing)
1755		set_bit(TTY_CLOSING, &tty->flags);
1756	if (o_tty_closing)
1757		set_bit(TTY_CLOSING, &o_tty->flags);
1758
1759	/*
1760	 * If _either_ side is closing, make sure there aren't any
1761	 * processes that still think tty or o_tty is their controlling
1762	 * tty.
1763	 */
1764	if (tty_closing || o_tty_closing) {
1765		read_lock(&tasklist_lock);
1766		session_clear_tty(tty->session);
1767		if (o_tty)
1768			session_clear_tty(o_tty->session);
1769		read_unlock(&tasklist_lock);
1770	}
1771
1772	mutex_unlock(&tty_mutex);
1773
1774	/* check whether both sides are closing ... */
1775	if (!tty_closing || (o_tty && !o_tty_closing)) {
1776		tty_unlock();
1777		return 0;
1778	}
1779
1780#ifdef TTY_DEBUG_HANGUP
1781	printk(KERN_DEBUG "freeing tty structure...");
1782#endif
1783	/*
1784	 * Ask the line discipline code to release its structures
1785	 */
1786	tty_ldisc_release(tty, o_tty);
1787	/*
1788	 * The release_tty function takes care of the details of clearing
1789	 * the slots and preserving the termios structure.
1790	 */
1791	release_tty(tty, idx);
1792
1793	/* Make this pty number available for reallocation */
1794	if (devpts)
1795		devpts_kill_index(inode, idx);
1796	tty_unlock();
1797	return 0;
1798}
1799
1800/**
1801 *	tty_open		-	open a tty device
1802 *	@inode: inode of device file
1803 *	@filp: file pointer to tty
1804 *
1805 *	tty_open and tty_release keep up the tty count that contains the
1806 *	number of opens done on a tty. We cannot use the inode-count, as
1807 *	different inodes might point to the same tty.
1808 *
1809 *	Open-counting is needed for pty masters, as well as for keeping
1810 *	track of serial lines: DTR is dropped when the last close happens.
1811 *	(This is not done solely through tty->count, now.  - Ted 1/27/92)
1812 *
1813 *	The termios state of a pty is reset on first open so that
1814 *	settings don't persist across reuse.
1815 *
1816 *	Locking: tty_mutex protects tty, get_tty_driver and tty_init_dev work.
1817 *		 tty->count should protect the rest.
1818 *		 ->siglock protects ->signal/->sighand
1819 */
1820
1821static int tty_open(struct inode *inode, struct file *filp)
1822{
1823	struct tty_struct *tty = NULL;
1824	int noctty, retval;
1825	struct tty_driver *driver;
1826	int index;
1827	dev_t device = inode->i_rdev;
1828	unsigned saved_flags = filp->f_flags;
1829
1830	nonseekable_open(inode, filp);
1831
1832retry_open:
1833	retval = tty_alloc_file(filp);
1834	if (retval)
1835		return -ENOMEM;
1836
1837	noctty = filp->f_flags & O_NOCTTY;
1838	index  = -1;
1839	retval = 0;
1840
1841	mutex_lock(&tty_mutex);
1842	tty_lock();
1843
1844	if (device == MKDEV(TTYAUX_MAJOR, 0)) {
1845		tty = get_current_tty();
1846		if (!tty) {
1847			tty_unlock();
1848			mutex_unlock(&tty_mutex);
1849			tty_free_file(filp);
1850			return -ENXIO;
1851		}
1852		driver = tty_driver_kref_get(tty->driver);
1853		index = tty->index;
1854		filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
1855		/* noctty = 1; */
1856		/* FIXME: Should we take a driver reference ? */
1857		tty_kref_put(tty);
1858		goto got_driver;
1859	}
1860#ifdef CONFIG_VT
1861	if (device == MKDEV(TTY_MAJOR, 0)) {
1862		extern struct tty_driver *console_driver;
1863		driver = tty_driver_kref_get(console_driver);
1864		index = fg_console;
1865		noctty = 1;
1866		goto got_driver;
1867	}
1868#endif
1869	if (device == MKDEV(TTYAUX_MAJOR, 1)) {
1870		struct tty_driver *console_driver = console_device(&index);
1871		if (console_driver) {
1872			driver = tty_driver_kref_get(console_driver);
1873			if (driver) {
1874				/* Don't let /dev/console block */
1875				filp->f_flags |= O_NONBLOCK;
1876				noctty = 1;
1877				goto got_driver;
1878			}
1879		}
1880		tty_unlock();
1881		mutex_unlock(&tty_mutex);
1882		tty_free_file(filp);
1883		return -ENODEV;
1884	}
1885
1886	driver = get_tty_driver(device, &index);
1887	if (!driver) {
1888		tty_unlock();
1889		mutex_unlock(&tty_mutex);
1890		tty_free_file(filp);
1891		return -ENODEV;
1892	}
1893got_driver:
1894	if (!tty) {
1895		/* check whether we're reopening an existing tty */
1896		tty = tty_driver_lookup_tty(driver, inode, index);
1897
1898		if (IS_ERR(tty)) {
1899			tty_unlock();
1900			mutex_unlock(&tty_mutex);
1901			tty_driver_kref_put(driver);
1902			tty_free_file(filp);
1903			return PTR_ERR(tty);
1904		}
1905	}
1906
1907	if (tty) {
1908		retval = tty_reopen(tty);
1909		if (retval)
1910			tty = ERR_PTR(retval);
1911	} else
1912		tty = tty_init_dev(driver, index, 0);
1913
1914	mutex_unlock(&tty_mutex);
1915	tty_driver_kref_put(driver);
1916	if (IS_ERR(tty)) {
1917		tty_unlock();
1918		tty_free_file(filp);
1919		return PTR_ERR(tty);
1920	}
1921
1922	tty_add_file(tty, filp);
1923
1924	check_tty_count(tty, "tty_open");
1925	if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1926	    tty->driver->subtype == PTY_TYPE_MASTER)
1927		noctty = 1;
1928#ifdef TTY_DEBUG_HANG…

Large files files are truncated, but you can click here to view the full file