xref: /linux/drivers/tty/tty_io.c (revision 507e190946297c34a27d9366b0661d5e506fdd03)
1 /*
2  *  Copyright (C) 1991, 1992  Linus Torvalds
3  */
4 
5 /*
6  * 'tty_io.c' gives an orthogonal feeling to tty's, be they consoles
7  * or rs-channels. It also implements echoing, cooked mode etc.
8  *
9  * Kill-line thanks to John T Kohl, who also corrected VMIN = VTIME = 0.
10  *
11  * Modified by Theodore Ts'o, 9/14/92, to dynamically allocate the
12  * tty_struct and tty_queue structures.  Previously there was an array
13  * of 256 tty_struct's which was statically allocated, and the
14  * tty_queue structures were allocated at boot time.  Both are now
15  * dynamically allocated only when the tty is open.
16  *
17  * Also restructured routines so that there is more of a separation
18  * between the high-level tty routines (tty_io.c and tty_ioctl.c) and
19  * the low-level tty routines (serial.c, pty.c, console.c).  This
20  * makes for cleaner and more compact code.  -TYT, 9/17/92
21  *
22  * Modified by Fred N. van Kempen, 01/29/93, to add line disciplines
23  * which can be dynamically activated and de-activated by the line
24  * discipline handling modules (like SLIP).
25  *
26  * NOTE: pay no attention to the line discipline code (yet); its
27  * interface is still subject to change in this version...
28  * -- TYT, 1/31/92
29  *
30  * Added functionality to the OPOST tty handling.  No delays, but all
31  * other bits should be there.
32  *	-- Nick Holloway <alfie@dcs.warwick.ac.uk>, 27th May 1993.
33  *
34  * Rewrote canonical mode and added more termios flags.
35  * 	-- julian@uhunix.uhcc.hawaii.edu (J. Cowley), 13Jan94
36  *
37  * Reorganized FASYNC support so mouse code can share it.
38  *	-- ctm@ardi.com, 9Sep95
39  *
40  * New TIOCLINUX variants added.
41  *	-- mj@k332.feld.cvut.cz, 19-Nov-95
42  *
43  * Restrict vt switching via ioctl()
44  *      -- grif@cs.ucr.edu, 5-Dec-95
45  *
46  * Move console and virtual terminal code to more appropriate files,
47  * implement CONFIG_VT and generalize console device interface.
48  *	-- Marko Kohtala <Marko.Kohtala@hut.fi>, March 97
49  *
50  * Rewrote tty_init_dev and tty_release_dev to eliminate races.
51  *	-- Bill Hawes <whawes@star.net>, June 97
52  *
53  * Added devfs support.
54  *      -- C. Scott Ananian <cananian@alumni.princeton.edu>, 13-Jan-1998
55  *
56  * Added support for a Unix98-style ptmx device.
57  *      -- C. Scott Ananian <cananian@alumni.princeton.edu>, 14-Jan-1998
58  *
59  * Reduced memory usage for older ARM systems
60  *      -- Russell King <rmk@arm.linux.org.uk>
61  *
62  * Move do_SAK() into process context.  Less stack use in devfs functions.
63  * alloc_tty_struct() always uses kmalloc()
64  *			 -- Andrew Morton <andrewm@uow.edu.eu> 17Mar01
65  */
66 
67 #include <linux/types.h>
68 #include <linux/major.h>
69 #include <linux/errno.h>
70 #include <linux/signal.h>
71 #include <linux/fcntl.h>
72 #include <linux/sched/signal.h>
73 #include <linux/sched/task.h>
74 #include <linux/interrupt.h>
75 #include <linux/tty.h>
76 #include <linux/tty_driver.h>
77 #include <linux/tty_flip.h>
78 #include <linux/devpts_fs.h>
79 #include <linux/file.h>
80 #include <linux/fdtable.h>
81 #include <linux/console.h>
82 #include <linux/timer.h>
83 #include <linux/ctype.h>
84 #include <linux/kd.h>
85 #include <linux/mm.h>
86 #include <linux/string.h>
87 #include <linux/slab.h>
88 #include <linux/poll.h>
89 #include <linux/proc_fs.h>
90 #include <linux/init.h>
91 #include <linux/module.h>
92 #include <linux/device.h>
93 #include <linux/wait.h>
94 #include <linux/bitops.h>
95 #include <linux/delay.h>
96 #include <linux/seq_file.h>
97 #include <linux/serial.h>
98 #include <linux/ratelimit.h>
99 
100 #include <linux/uaccess.h>
101 
102 #include <linux/kbd_kern.h>
103 #include <linux/vt_kern.h>
104 #include <linux/selection.h>
105 
106 #include <linux/kmod.h>
107 #include <linux/nsproxy.h>
108 
109 #undef TTY_DEBUG_HANGUP
110 #ifdef TTY_DEBUG_HANGUP
111 # define tty_debug_hangup(tty, f, args...)	tty_debug(tty, f, ##args)
112 #else
113 # define tty_debug_hangup(tty, f, args...)	do { } while (0)
114 #endif
115 
116 #define TTY_PARANOIA_CHECK 1
117 #define CHECK_TTY_COUNT 1
118 
119 struct ktermios tty_std_termios = {	/* for the benefit of tty drivers  */
120 	.c_iflag = ICRNL | IXON,
121 	.c_oflag = OPOST | ONLCR,
122 	.c_cflag = B38400 | CS8 | CREAD | HUPCL,
123 	.c_lflag = ISIG | ICANON | ECHO | ECHOE | ECHOK |
124 		   ECHOCTL | ECHOKE | IEXTEN,
125 	.c_cc = INIT_C_CC,
126 	.c_ispeed = 38400,
127 	.c_ospeed = 38400,
128 	/* .c_line = N_TTY, */
129 };
130 
131 EXPORT_SYMBOL(tty_std_termios);
132 
133 /* This list gets poked at by procfs and various bits of boot up code. This
134    could do with some rationalisation such as pulling the tty proc function
135    into this file */
136 
137 LIST_HEAD(tty_drivers);			/* linked list of tty drivers */
138 
139 /* Mutex to protect creating and releasing a tty */
140 DEFINE_MUTEX(tty_mutex);
141 
142 static ssize_t tty_read(struct file *, char __user *, size_t, loff_t *);
143 static ssize_t tty_write(struct file *, const char __user *, size_t, loff_t *);
144 ssize_t redirected_tty_write(struct file *, const char __user *,
145 							size_t, loff_t *);
146 static unsigned int tty_poll(struct file *, poll_table *);
147 static int tty_open(struct inode *, struct file *);
148 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
149 #ifdef CONFIG_COMPAT
150 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
151 				unsigned long arg);
152 #else
153 #define tty_compat_ioctl NULL
154 #endif
155 static int __tty_fasync(int fd, struct file *filp, int on);
156 static int tty_fasync(int fd, struct file *filp, int on);
157 static void release_tty(struct tty_struct *tty, int idx);
158 
159 /**
160  *	free_tty_struct		-	free a disused tty
161  *	@tty: tty struct to free
162  *
163  *	Free the write buffers, tty queue and tty memory itself.
164  *
165  *	Locking: none. Must be called after tty is definitely unused
166  */
167 
168 static void free_tty_struct(struct tty_struct *tty)
169 {
170 	tty_ldisc_deinit(tty);
171 	put_device(tty->dev);
172 	kfree(tty->write_buf);
173 	tty->magic = 0xDEADDEAD;
174 	kfree(tty);
175 }
176 
177 static inline struct tty_struct *file_tty(struct file *file)
178 {
179 	return ((struct tty_file_private *)file->private_data)->tty;
180 }
181 
182 int tty_alloc_file(struct file *file)
183 {
184 	struct tty_file_private *priv;
185 
186 	priv = kmalloc(sizeof(*priv), GFP_KERNEL);
187 	if (!priv)
188 		return -ENOMEM;
189 
190 	file->private_data = priv;
191 
192 	return 0;
193 }
194 
195 /* Associate a new file with the tty structure */
196 void tty_add_file(struct tty_struct *tty, struct file *file)
197 {
198 	struct tty_file_private *priv = file->private_data;
199 
200 	priv->tty = tty;
201 	priv->file = file;
202 
203 	spin_lock(&tty->files_lock);
204 	list_add(&priv->list, &tty->tty_files);
205 	spin_unlock(&tty->files_lock);
206 }
207 
208 /**
209  * tty_free_file - free file->private_data
210  *
211  * This shall be used only for fail path handling when tty_add_file was not
212  * called yet.
213  */
214 void tty_free_file(struct file *file)
215 {
216 	struct tty_file_private *priv = file->private_data;
217 
218 	file->private_data = NULL;
219 	kfree(priv);
220 }
221 
222 /* Delete file from its tty */
223 static void tty_del_file(struct file *file)
224 {
225 	struct tty_file_private *priv = file->private_data;
226 	struct tty_struct *tty = priv->tty;
227 
228 	spin_lock(&tty->files_lock);
229 	list_del(&priv->list);
230 	spin_unlock(&tty->files_lock);
231 	tty_free_file(file);
232 }
233 
234 /**
235  *	tty_name	-	return tty naming
236  *	@tty: tty structure
237  *
238  *	Convert a tty structure into a name. The name reflects the kernel
239  *	naming policy and if udev is in use may not reflect user space
240  *
241  *	Locking: none
242  */
243 
244 const char *tty_name(const struct tty_struct *tty)
245 {
246 	if (!tty) /* Hmm.  NULL pointer.  That's fun. */
247 		return "NULL tty";
248 	return tty->name;
249 }
250 
251 EXPORT_SYMBOL(tty_name);
252 
253 const char *tty_driver_name(const struct tty_struct *tty)
254 {
255 	if (!tty || !tty->driver)
256 		return "";
257 	return tty->driver->name;
258 }
259 
260 static int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,
261 			      const char *routine)
262 {
263 #ifdef TTY_PARANOIA_CHECK
264 	if (!tty) {
265 		pr_warn("(%d:%d): %s: NULL tty\n",
266 			imajor(inode), iminor(inode), routine);
267 		return 1;
268 	}
269 	if (tty->magic != TTY_MAGIC) {
270 		pr_warn("(%d:%d): %s: bad magic number\n",
271 			imajor(inode), iminor(inode), routine);
272 		return 1;
273 	}
274 #endif
275 	return 0;
276 }
277 
278 /* Caller must hold tty_lock */
279 static int check_tty_count(struct tty_struct *tty, const char *routine)
280 {
281 #ifdef CHECK_TTY_COUNT
282 	struct list_head *p;
283 	int count = 0;
284 
285 	spin_lock(&tty->files_lock);
286 	list_for_each(p, &tty->tty_files) {
287 		count++;
288 	}
289 	spin_unlock(&tty->files_lock);
290 	if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
291 	    tty->driver->subtype == PTY_TYPE_SLAVE &&
292 	    tty->link && tty->link->count)
293 		count++;
294 	if (tty->count != count) {
295 		tty_warn(tty, "%s: tty->count(%d) != #fd's(%d)\n",
296 			 routine, tty->count, count);
297 		return count;
298 	}
299 #endif
300 	return 0;
301 }
302 
303 /**
304  *	get_tty_driver		-	find device of a tty
305  *	@dev_t: device identifier
306  *	@index: returns the index of the tty
307  *
308  *	This routine returns a tty driver structure, given a device number
309  *	and also passes back the index number.
310  *
311  *	Locking: caller must hold tty_mutex
312  */
313 
314 static struct tty_driver *get_tty_driver(dev_t device, int *index)
315 {
316 	struct tty_driver *p;
317 
318 	list_for_each_entry(p, &tty_drivers, tty_drivers) {
319 		dev_t base = MKDEV(p->major, p->minor_start);
320 		if (device < base || device >= base + p->num)
321 			continue;
322 		*index = device - base;
323 		return tty_driver_kref_get(p);
324 	}
325 	return NULL;
326 }
327 
328 /**
329  *	tty_dev_name_to_number	-	return dev_t for device name
330  *	@name: user space name of device under /dev
331  *	@number: pointer to dev_t that this function will populate
332  *
333  *	This function converts device names like ttyS0 or ttyUSB1 into dev_t
334  *	like (4, 64) or (188, 1). If no corresponding driver is registered then
335  *	the function returns -ENODEV.
336  *
337  *	Locking: this acquires tty_mutex to protect the tty_drivers list from
338  *		being modified while we are traversing it, and makes sure to
339  *		release it before exiting.
340  */
341 int tty_dev_name_to_number(const char *name, dev_t *number)
342 {
343 	struct tty_driver *p;
344 	int ret;
345 	int index, prefix_length = 0;
346 	const char *str;
347 
348 	for (str = name; *str && !isdigit(*str); str++)
349 		;
350 
351 	if (!*str)
352 		return -EINVAL;
353 
354 	ret = kstrtoint(str, 10, &index);
355 	if (ret)
356 		return ret;
357 
358 	prefix_length = str - name;
359 	mutex_lock(&tty_mutex);
360 
361 	list_for_each_entry(p, &tty_drivers, tty_drivers)
362 		if (prefix_length == strlen(p->name) && strncmp(name,
363 					p->name, prefix_length) == 0) {
364 			if (index < p->num) {
365 				*number = MKDEV(p->major, p->minor_start + index);
366 				goto out;
367 			}
368 		}
369 
370 	/* if here then driver wasn't found */
371 	ret = -ENODEV;
372 out:
373 	mutex_unlock(&tty_mutex);
374 	return ret;
375 }
376 EXPORT_SYMBOL_GPL(tty_dev_name_to_number);
377 
378 #ifdef CONFIG_CONSOLE_POLL
379 
380 /**
381  *	tty_find_polling_driver	-	find device of a polled tty
382  *	@name: name string to match
383  *	@line: pointer to resulting tty line nr
384  *
385  *	This routine returns a tty driver structure, given a name
386  *	and the condition that the tty driver is capable of polled
387  *	operation.
388  */
389 struct tty_driver *tty_find_polling_driver(char *name, int *line)
390 {
391 	struct tty_driver *p, *res = NULL;
392 	int tty_line = 0;
393 	int len;
394 	char *str, *stp;
395 
396 	for (str = name; *str; str++)
397 		if ((*str >= '0' && *str <= '9') || *str == ',')
398 			break;
399 	if (!*str)
400 		return NULL;
401 
402 	len = str - name;
403 	tty_line = simple_strtoul(str, &str, 10);
404 
405 	mutex_lock(&tty_mutex);
406 	/* Search through the tty devices to look for a match */
407 	list_for_each_entry(p, &tty_drivers, tty_drivers) {
408 		if (strncmp(name, p->name, len) != 0)
409 			continue;
410 		stp = str;
411 		if (*stp == ',')
412 			stp++;
413 		if (*stp == '\0')
414 			stp = NULL;
415 
416 		if (tty_line >= 0 && tty_line < p->num && p->ops &&
417 		    p->ops->poll_init && !p->ops->poll_init(p, tty_line, stp)) {
418 			res = tty_driver_kref_get(p);
419 			*line = tty_line;
420 			break;
421 		}
422 	}
423 	mutex_unlock(&tty_mutex);
424 
425 	return res;
426 }
427 EXPORT_SYMBOL_GPL(tty_find_polling_driver);
428 #endif
429 
430 static ssize_t hung_up_tty_read(struct file *file, char __user *buf,
431 				size_t count, loff_t *ppos)
432 {
433 	return 0;
434 }
435 
436 static ssize_t hung_up_tty_write(struct file *file, const char __user *buf,
437 				 size_t count, loff_t *ppos)
438 {
439 	return -EIO;
440 }
441 
442 /* No kernel lock held - none needed ;) */
443 static unsigned int hung_up_tty_poll(struct file *filp, poll_table *wait)
444 {
445 	return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;
446 }
447 
448 static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,
449 		unsigned long arg)
450 {
451 	return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
452 }
453 
454 static long hung_up_tty_compat_ioctl(struct file *file,
455 				     unsigned int cmd, unsigned long arg)
456 {
457 	return cmd == TIOCSPGRP ? -ENOTTY : -EIO;
458 }
459 
460 static int hung_up_tty_fasync(int fd, struct file *file, int on)
461 {
462 	return -ENOTTY;
463 }
464 
465 static const struct file_operations tty_fops = {
466 	.llseek		= no_llseek,
467 	.read		= tty_read,
468 	.write		= tty_write,
469 	.poll		= tty_poll,
470 	.unlocked_ioctl	= tty_ioctl,
471 	.compat_ioctl	= tty_compat_ioctl,
472 	.open		= tty_open,
473 	.release	= tty_release,
474 	.fasync		= tty_fasync,
475 };
476 
477 static const struct file_operations console_fops = {
478 	.llseek		= no_llseek,
479 	.read		= tty_read,
480 	.write		= redirected_tty_write,
481 	.poll		= tty_poll,
482 	.unlocked_ioctl	= tty_ioctl,
483 	.compat_ioctl	= tty_compat_ioctl,
484 	.open		= tty_open,
485 	.release	= tty_release,
486 	.fasync		= tty_fasync,
487 };
488 
489 static const struct file_operations hung_up_tty_fops = {
490 	.llseek		= no_llseek,
491 	.read		= hung_up_tty_read,
492 	.write		= hung_up_tty_write,
493 	.poll		= hung_up_tty_poll,
494 	.unlocked_ioctl	= hung_up_tty_ioctl,
495 	.compat_ioctl	= hung_up_tty_compat_ioctl,
496 	.release	= tty_release,
497 	.fasync		= hung_up_tty_fasync,
498 };
499 
500 static DEFINE_SPINLOCK(redirect_lock);
501 static struct file *redirect;
502 
503 /**
504  *	tty_wakeup	-	request more data
505  *	@tty: terminal
506  *
507  *	Internal and external helper for wakeups of tty. This function
508  *	informs the line discipline if present that the driver is ready
509  *	to receive more output data.
510  */
511 
512 void tty_wakeup(struct tty_struct *tty)
513 {
514 	struct tty_ldisc *ld;
515 
516 	if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) {
517 		ld = tty_ldisc_ref(tty);
518 		if (ld) {
519 			if (ld->ops->write_wakeup)
520 				ld->ops->write_wakeup(tty);
521 			tty_ldisc_deref(ld);
522 		}
523 	}
524 	wake_up_interruptible_poll(&tty->write_wait, POLLOUT);
525 }
526 
527 EXPORT_SYMBOL_GPL(tty_wakeup);
528 
529 /**
530  *	__tty_hangup		-	actual handler for hangup events
531  *	@work: tty device
532  *
533  *	This can be called by a "kworker" kernel thread.  That is process
534  *	synchronous but doesn't hold any locks, so we need to make sure we
535  *	have the appropriate locks for what we're doing.
536  *
537  *	The hangup event clears any pending redirections onto the hung up
538  *	device. It ensures future writes will error and it does the needed
539  *	line discipline hangup and signal delivery. The tty object itself
540  *	remains intact.
541  *
542  *	Locking:
543  *		BTM
544  *		  redirect lock for undoing redirection
545  *		  file list lock for manipulating list of ttys
546  *		  tty_ldiscs_lock from called functions
547  *		  termios_rwsem resetting termios data
548  *		  tasklist_lock to walk task list for hangup event
549  *		    ->siglock to protect ->signal/->sighand
550  */
551 static void __tty_hangup(struct tty_struct *tty, int exit_session)
552 {
553 	struct file *cons_filp = NULL;
554 	struct file *filp, *f = NULL;
555 	struct tty_file_private *priv;
556 	int    closecount = 0, n;
557 	int refs;
558 
559 	if (!tty)
560 		return;
561 
562 
563 	spin_lock(&redirect_lock);
564 	if (redirect && file_tty(redirect) == tty) {
565 		f = redirect;
566 		redirect = NULL;
567 	}
568 	spin_unlock(&redirect_lock);
569 
570 	tty_lock(tty);
571 
572 	if (test_bit(TTY_HUPPED, &tty->flags)) {
573 		tty_unlock(tty);
574 		return;
575 	}
576 
577 	/* inuse_filps is protected by the single tty lock,
578 	   this really needs to change if we want to flush the
579 	   workqueue with the lock held */
580 	check_tty_count(tty, "tty_hangup");
581 
582 	spin_lock(&tty->files_lock);
583 	/* This breaks for file handles being sent over AF_UNIX sockets ? */
584 	list_for_each_entry(priv, &tty->tty_files, list) {
585 		filp = priv->file;
586 		if (filp->f_op->write == redirected_tty_write)
587 			cons_filp = filp;
588 		if (filp->f_op->write != tty_write)
589 			continue;
590 		closecount++;
591 		__tty_fasync(-1, filp, 0);	/* can't block */
592 		filp->f_op = &hung_up_tty_fops;
593 	}
594 	spin_unlock(&tty->files_lock);
595 
596 	refs = tty_signal_session_leader(tty, exit_session);
597 	/* Account for the p->signal references we killed */
598 	while (refs--)
599 		tty_kref_put(tty);
600 
601 	tty_ldisc_hangup(tty, cons_filp != NULL);
602 
603 	spin_lock_irq(&tty->ctrl_lock);
604 	clear_bit(TTY_THROTTLED, &tty->flags);
605 	clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
606 	put_pid(tty->session);
607 	put_pid(tty->pgrp);
608 	tty->session = NULL;
609 	tty->pgrp = NULL;
610 	tty->ctrl_status = 0;
611 	spin_unlock_irq(&tty->ctrl_lock);
612 
613 	/*
614 	 * If one of the devices matches a console pointer, we
615 	 * cannot just call hangup() because that will cause
616 	 * tty->count and state->count to go out of sync.
617 	 * So we just call close() the right number of times.
618 	 */
619 	if (cons_filp) {
620 		if (tty->ops->close)
621 			for (n = 0; n < closecount; n++)
622 				tty->ops->close(tty, cons_filp);
623 	} else if (tty->ops->hangup)
624 		tty->ops->hangup(tty);
625 	/*
626 	 * We don't want to have driver/ldisc interactions beyond the ones
627 	 * we did here. The driver layer expects no calls after ->hangup()
628 	 * from the ldisc side, which is now guaranteed.
629 	 */
630 	set_bit(TTY_HUPPED, &tty->flags);
631 	tty_unlock(tty);
632 
633 	if (f)
634 		fput(f);
635 }
636 
637 static void do_tty_hangup(struct work_struct *work)
638 {
639 	struct tty_struct *tty =
640 		container_of(work, struct tty_struct, hangup_work);
641 
642 	__tty_hangup(tty, 0);
643 }
644 
645 /**
646  *	tty_hangup		-	trigger a hangup event
647  *	@tty: tty to hangup
648  *
649  *	A carrier loss (virtual or otherwise) has occurred on this like
650  *	schedule a hangup sequence to run after this event.
651  */
652 
653 void tty_hangup(struct tty_struct *tty)
654 {
655 	tty_debug_hangup(tty, "hangup\n");
656 	schedule_work(&tty->hangup_work);
657 }
658 
659 EXPORT_SYMBOL(tty_hangup);
660 
661 /**
662  *	tty_vhangup		-	process vhangup
663  *	@tty: tty to hangup
664  *
665  *	The user has asked via system call for the terminal to be hung up.
666  *	We do this synchronously so that when the syscall returns the process
667  *	is complete. That guarantee is necessary for security reasons.
668  */
669 
670 void tty_vhangup(struct tty_struct *tty)
671 {
672 	tty_debug_hangup(tty, "vhangup\n");
673 	__tty_hangup(tty, 0);
674 }
675 
676 EXPORT_SYMBOL(tty_vhangup);
677 
678 
679 /**
680  *	tty_vhangup_self	-	process vhangup for own ctty
681  *
682  *	Perform a vhangup on the current controlling tty
683  */
684 
685 void tty_vhangup_self(void)
686 {
687 	struct tty_struct *tty;
688 
689 	tty = get_current_tty();
690 	if (tty) {
691 		tty_vhangup(tty);
692 		tty_kref_put(tty);
693 	}
694 }
695 
696 /**
697  *	tty_vhangup_session		-	hangup session leader exit
698  *	@tty: tty to hangup
699  *
700  *	The session leader is exiting and hanging up its controlling terminal.
701  *	Every process in the foreground process group is signalled SIGHUP.
702  *
703  *	We do this synchronously so that when the syscall returns the process
704  *	is complete. That guarantee is necessary for security reasons.
705  */
706 
707 void tty_vhangup_session(struct tty_struct *tty)
708 {
709 	tty_debug_hangup(tty, "session hangup\n");
710 	__tty_hangup(tty, 1);
711 }
712 
713 /**
714  *	tty_hung_up_p		-	was tty hung up
715  *	@filp: file pointer of tty
716  *
717  *	Return true if the tty has been subject to a vhangup or a carrier
718  *	loss
719  */
720 
721 int tty_hung_up_p(struct file *filp)
722 {
723 	return (filp && filp->f_op == &hung_up_tty_fops);
724 }
725 
726 EXPORT_SYMBOL(tty_hung_up_p);
727 
728 /**
729  *	stop_tty	-	propagate flow control
730  *	@tty: tty to stop
731  *
732  *	Perform flow control to the driver. May be called
733  *	on an already stopped device and will not re-call the driver
734  *	method.
735  *
736  *	This functionality is used by both the line disciplines for
737  *	halting incoming flow and by the driver. It may therefore be
738  *	called from any context, may be under the tty atomic_write_lock
739  *	but not always.
740  *
741  *	Locking:
742  *		flow_lock
743  */
744 
745 void __stop_tty(struct tty_struct *tty)
746 {
747 	if (tty->stopped)
748 		return;
749 	tty->stopped = 1;
750 	if (tty->ops->stop)
751 		tty->ops->stop(tty);
752 }
753 
754 void stop_tty(struct tty_struct *tty)
755 {
756 	unsigned long flags;
757 
758 	spin_lock_irqsave(&tty->flow_lock, flags);
759 	__stop_tty(tty);
760 	spin_unlock_irqrestore(&tty->flow_lock, flags);
761 }
762 EXPORT_SYMBOL(stop_tty);
763 
764 /**
765  *	start_tty	-	propagate flow control
766  *	@tty: tty to start
767  *
768  *	Start a tty that has been stopped if at all possible. If this
769  *	tty was previous stopped and is now being started, the driver
770  *	start method is invoked and the line discipline woken.
771  *
772  *	Locking:
773  *		flow_lock
774  */
775 
776 void __start_tty(struct tty_struct *tty)
777 {
778 	if (!tty->stopped || tty->flow_stopped)
779 		return;
780 	tty->stopped = 0;
781 	if (tty->ops->start)
782 		tty->ops->start(tty);
783 	tty_wakeup(tty);
784 }
785 
786 void start_tty(struct tty_struct *tty)
787 {
788 	unsigned long flags;
789 
790 	spin_lock_irqsave(&tty->flow_lock, flags);
791 	__start_tty(tty);
792 	spin_unlock_irqrestore(&tty->flow_lock, flags);
793 }
794 EXPORT_SYMBOL(start_tty);
795 
796 static void tty_update_time(struct timespec *time)
797 {
798 	unsigned long sec = get_seconds();
799 
800 	/*
801 	 * We only care if the two values differ in anything other than the
802 	 * lower three bits (i.e every 8 seconds).  If so, then we can update
803 	 * the time of the tty device, otherwise it could be construded as a
804 	 * security leak to let userspace know the exact timing of the tty.
805 	 */
806 	if ((sec ^ time->tv_sec) & ~7)
807 		time->tv_sec = sec;
808 }
809 
810 /**
811  *	tty_read	-	read method for tty device files
812  *	@file: pointer to tty file
813  *	@buf: user buffer
814  *	@count: size of user buffer
815  *	@ppos: unused
816  *
817  *	Perform the read system call function on this terminal device. Checks
818  *	for hung up devices before calling the line discipline method.
819  *
820  *	Locking:
821  *		Locks the line discipline internally while needed. Multiple
822  *	read calls may be outstanding in parallel.
823  */
824 
825 static ssize_t tty_read(struct file *file, char __user *buf, size_t count,
826 			loff_t *ppos)
827 {
828 	int i;
829 	struct inode *inode = file_inode(file);
830 	struct tty_struct *tty = file_tty(file);
831 	struct tty_ldisc *ld;
832 
833 	if (tty_paranoia_check(tty, inode, "tty_read"))
834 		return -EIO;
835 	if (!tty || tty_io_error(tty))
836 		return -EIO;
837 
838 	/* We want to wait for the line discipline to sort out in this
839 	   situation */
840 	ld = tty_ldisc_ref_wait(tty);
841 	if (!ld)
842 		return hung_up_tty_read(file, buf, count, ppos);
843 	if (ld->ops->read)
844 		i = ld->ops->read(tty, file, buf, count);
845 	else
846 		i = -EIO;
847 	tty_ldisc_deref(ld);
848 
849 	if (i > 0)
850 		tty_update_time(&inode->i_atime);
851 
852 	return i;
853 }
854 
855 static void tty_write_unlock(struct tty_struct *tty)
856 {
857 	mutex_unlock(&tty->atomic_write_lock);
858 	wake_up_interruptible_poll(&tty->write_wait, POLLOUT);
859 }
860 
861 static int tty_write_lock(struct tty_struct *tty, int ndelay)
862 {
863 	if (!mutex_trylock(&tty->atomic_write_lock)) {
864 		if (ndelay)
865 			return -EAGAIN;
866 		if (mutex_lock_interruptible(&tty->atomic_write_lock))
867 			return -ERESTARTSYS;
868 	}
869 	return 0;
870 }
871 
872 /*
873  * Split writes up in sane blocksizes to avoid
874  * denial-of-service type attacks
875  */
876 static inline ssize_t do_tty_write(
877 	ssize_t (*write)(struct tty_struct *, struct file *, const unsigned char *, size_t),
878 	struct tty_struct *tty,
879 	struct file *file,
880 	const char __user *buf,
881 	size_t count)
882 {
883 	ssize_t ret, written = 0;
884 	unsigned int chunk;
885 
886 	ret = tty_write_lock(tty, file->f_flags & O_NDELAY);
887 	if (ret < 0)
888 		return ret;
889 
890 	/*
891 	 * We chunk up writes into a temporary buffer. This
892 	 * simplifies low-level drivers immensely, since they
893 	 * don't have locking issues and user mode accesses.
894 	 *
895 	 * But if TTY_NO_WRITE_SPLIT is set, we should use a
896 	 * big chunk-size..
897 	 *
898 	 * The default chunk-size is 2kB, because the NTTY
899 	 * layer has problems with bigger chunks. It will
900 	 * claim to be able to handle more characters than
901 	 * it actually does.
902 	 *
903 	 * FIXME: This can probably go away now except that 64K chunks
904 	 * are too likely to fail unless switched to vmalloc...
905 	 */
906 	chunk = 2048;
907 	if (test_bit(TTY_NO_WRITE_SPLIT, &tty->flags))
908 		chunk = 65536;
909 	if (count < chunk)
910 		chunk = count;
911 
912 	/* write_buf/write_cnt is protected by the atomic_write_lock mutex */
913 	if (tty->write_cnt < chunk) {
914 		unsigned char *buf_chunk;
915 
916 		if (chunk < 1024)
917 			chunk = 1024;
918 
919 		buf_chunk = kmalloc(chunk, GFP_KERNEL);
920 		if (!buf_chunk) {
921 			ret = -ENOMEM;
922 			goto out;
923 		}
924 		kfree(tty->write_buf);
925 		tty->write_cnt = chunk;
926 		tty->write_buf = buf_chunk;
927 	}
928 
929 	/* Do the write .. */
930 	for (;;) {
931 		size_t size = count;
932 		if (size > chunk)
933 			size = chunk;
934 		ret = -EFAULT;
935 		if (copy_from_user(tty->write_buf, buf, size))
936 			break;
937 		ret = write(tty, file, tty->write_buf, size);
938 		if (ret <= 0)
939 			break;
940 		written += ret;
941 		buf += ret;
942 		count -= ret;
943 		if (!count)
944 			break;
945 		ret = -ERESTARTSYS;
946 		if (signal_pending(current))
947 			break;
948 		cond_resched();
949 	}
950 	if (written) {
951 		tty_update_time(&file_inode(file)->i_mtime);
952 		ret = written;
953 	}
954 out:
955 	tty_write_unlock(tty);
956 	return ret;
957 }
958 
959 /**
960  * tty_write_message - write a message to a certain tty, not just the console.
961  * @tty: the destination tty_struct
962  * @msg: the message to write
963  *
964  * This is used for messages that need to be redirected to a specific tty.
965  * We don't put it into the syslog queue right now maybe in the future if
966  * really needed.
967  *
968  * We must still hold the BTM and test the CLOSING flag for the moment.
969  */
970 
971 void tty_write_message(struct tty_struct *tty, char *msg)
972 {
973 	if (tty) {
974 		mutex_lock(&tty->atomic_write_lock);
975 		tty_lock(tty);
976 		if (tty->ops->write && tty->count > 0)
977 			tty->ops->write(tty, msg, strlen(msg));
978 		tty_unlock(tty);
979 		tty_write_unlock(tty);
980 	}
981 	return;
982 }
983 
984 
985 /**
986  *	tty_write		-	write method for tty device file
987  *	@file: tty file pointer
988  *	@buf: user data to write
989  *	@count: bytes to write
990  *	@ppos: unused
991  *
992  *	Write data to a tty device via the line discipline.
993  *
994  *	Locking:
995  *		Locks the line discipline as required
996  *		Writes to the tty driver are serialized by the atomic_write_lock
997  *	and are then processed in chunks to the device. The line discipline
998  *	write method will not be invoked in parallel for each device.
999  */
1000 
1001 static ssize_t tty_write(struct file *file, const char __user *buf,
1002 						size_t count, loff_t *ppos)
1003 {
1004 	struct tty_struct *tty = file_tty(file);
1005  	struct tty_ldisc *ld;
1006 	ssize_t ret;
1007 
1008 	if (tty_paranoia_check(tty, file_inode(file), "tty_write"))
1009 		return -EIO;
1010 	if (!tty || !tty->ops->write ||	tty_io_error(tty))
1011 			return -EIO;
1012 	/* Short term debug to catch buggy drivers */
1013 	if (tty->ops->write_room == NULL)
1014 		tty_err(tty, "missing write_room method\n");
1015 	ld = tty_ldisc_ref_wait(tty);
1016 	if (!ld)
1017 		return hung_up_tty_write(file, buf, count, ppos);
1018 	if (!ld->ops->write)
1019 		ret = -EIO;
1020 	else
1021 		ret = do_tty_write(ld->ops->write, tty, file, buf, count);
1022 	tty_ldisc_deref(ld);
1023 	return ret;
1024 }
1025 
1026 ssize_t redirected_tty_write(struct file *file, const char __user *buf,
1027 						size_t count, loff_t *ppos)
1028 {
1029 	struct file *p = NULL;
1030 
1031 	spin_lock(&redirect_lock);
1032 	if (redirect)
1033 		p = get_file(redirect);
1034 	spin_unlock(&redirect_lock);
1035 
1036 	if (p) {
1037 		ssize_t res;
1038 		res = vfs_write(p, buf, count, &p->f_pos);
1039 		fput(p);
1040 		return res;
1041 	}
1042 	return tty_write(file, buf, count, ppos);
1043 }
1044 
1045 /**
1046  *	tty_send_xchar	-	send priority character
1047  *
1048  *	Send a high priority character to the tty even if stopped
1049  *
1050  *	Locking: none for xchar method, write ordering for write method.
1051  */
1052 
1053 int tty_send_xchar(struct tty_struct *tty, char ch)
1054 {
1055 	int	was_stopped = tty->stopped;
1056 
1057 	if (tty->ops->send_xchar) {
1058 		down_read(&tty->termios_rwsem);
1059 		tty->ops->send_xchar(tty, ch);
1060 		up_read(&tty->termios_rwsem);
1061 		return 0;
1062 	}
1063 
1064 	if (tty_write_lock(tty, 0) < 0)
1065 		return -ERESTARTSYS;
1066 
1067 	down_read(&tty->termios_rwsem);
1068 	if (was_stopped)
1069 		start_tty(tty);
1070 	tty->ops->write(tty, &ch, 1);
1071 	if (was_stopped)
1072 		stop_tty(tty);
1073 	up_read(&tty->termios_rwsem);
1074 	tty_write_unlock(tty);
1075 	return 0;
1076 }
1077 
1078 static char ptychar[] = "pqrstuvwxyzabcde";
1079 
1080 /**
1081  *	pty_line_name	-	generate name for a pty
1082  *	@driver: the tty driver in use
1083  *	@index: the minor number
1084  *	@p: output buffer of at least 6 bytes
1085  *
1086  *	Generate a name from a driver reference and write it to the output
1087  *	buffer.
1088  *
1089  *	Locking: None
1090  */
1091 static void pty_line_name(struct tty_driver *driver, int index, char *p)
1092 {
1093 	int i = index + driver->name_base;
1094 	/* ->name is initialized to "ttyp", but "tty" is expected */
1095 	sprintf(p, "%s%c%x",
1096 		driver->subtype == PTY_TYPE_SLAVE ? "tty" : driver->name,
1097 		ptychar[i >> 4 & 0xf], i & 0xf);
1098 }
1099 
1100 /**
1101  *	tty_line_name	-	generate name for a tty
1102  *	@driver: the tty driver in use
1103  *	@index: the minor number
1104  *	@p: output buffer of at least 7 bytes
1105  *
1106  *	Generate a name from a driver reference and write it to the output
1107  *	buffer.
1108  *
1109  *	Locking: None
1110  */
1111 static ssize_t tty_line_name(struct tty_driver *driver, int index, char *p)
1112 {
1113 	if (driver->flags & TTY_DRIVER_UNNUMBERED_NODE)
1114 		return sprintf(p, "%s", driver->name);
1115 	else
1116 		return sprintf(p, "%s%d", driver->name,
1117 			       index + driver->name_base);
1118 }
1119 
1120 /**
1121  *	tty_driver_lookup_tty() - find an existing tty, if any
1122  *	@driver: the driver for the tty
1123  *	@idx:	 the minor number
1124  *
1125  *	Return the tty, if found. If not found, return NULL or ERR_PTR() if the
1126  *	driver lookup() method returns an error.
1127  *
1128  *	Locking: tty_mutex must be held. If the tty is found, bump the tty kref.
1129  */
1130 static struct tty_struct *tty_driver_lookup_tty(struct tty_driver *driver,
1131 		struct file *file, int idx)
1132 {
1133 	struct tty_struct *tty;
1134 
1135 	if (driver->ops->lookup)
1136 		if (!file)
1137 			tty = ERR_PTR(-EIO);
1138 		else
1139 			tty = driver->ops->lookup(driver, file, idx);
1140 	else
1141 		tty = driver->ttys[idx];
1142 
1143 	if (!IS_ERR(tty))
1144 		tty_kref_get(tty);
1145 	return tty;
1146 }
1147 
1148 /**
1149  *	tty_init_termios	-  helper for termios setup
1150  *	@tty: the tty to set up
1151  *
1152  *	Initialise the termios structures for this tty. Thus runs under
1153  *	the tty_mutex currently so we can be relaxed about ordering.
1154  */
1155 
1156 void tty_init_termios(struct tty_struct *tty)
1157 {
1158 	struct ktermios *tp;
1159 	int idx = tty->index;
1160 
1161 	if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1162 		tty->termios = tty->driver->init_termios;
1163 	else {
1164 		/* Check for lazy saved data */
1165 		tp = tty->driver->termios[idx];
1166 		if (tp != NULL) {
1167 			tty->termios = *tp;
1168 			tty->termios.c_line  = tty->driver->init_termios.c_line;
1169 		} else
1170 			tty->termios = tty->driver->init_termios;
1171 	}
1172 	/* Compatibility until drivers always set this */
1173 	tty->termios.c_ispeed = tty_termios_input_baud_rate(&tty->termios);
1174 	tty->termios.c_ospeed = tty_termios_baud_rate(&tty->termios);
1175 }
1176 EXPORT_SYMBOL_GPL(tty_init_termios);
1177 
1178 int tty_standard_install(struct tty_driver *driver, struct tty_struct *tty)
1179 {
1180 	tty_init_termios(tty);
1181 	tty_driver_kref_get(driver);
1182 	tty->count++;
1183 	driver->ttys[tty->index] = tty;
1184 	return 0;
1185 }
1186 EXPORT_SYMBOL_GPL(tty_standard_install);
1187 
1188 /**
1189  *	tty_driver_install_tty() - install a tty entry in the driver
1190  *	@driver: the driver for the tty
1191  *	@tty: the tty
1192  *
1193  *	Install a tty object into the driver tables. The tty->index field
1194  *	will be set by the time this is called. This method is responsible
1195  *	for ensuring any need additional structures are allocated and
1196  *	configured.
1197  *
1198  *	Locking: tty_mutex for now
1199  */
1200 static int tty_driver_install_tty(struct tty_driver *driver,
1201 						struct tty_struct *tty)
1202 {
1203 	return driver->ops->install ? driver->ops->install(driver, tty) :
1204 		tty_standard_install(driver, tty);
1205 }
1206 
1207 /**
1208  *	tty_driver_remove_tty() - remove a tty from the driver tables
1209  *	@driver: the driver for the tty
1210  *	@idx:	 the minor number
1211  *
1212  *	Remvoe a tty object from the driver tables. The tty->index field
1213  *	will be set by the time this is called.
1214  *
1215  *	Locking: tty_mutex for now
1216  */
1217 static void tty_driver_remove_tty(struct tty_driver *driver, struct tty_struct *tty)
1218 {
1219 	if (driver->ops->remove)
1220 		driver->ops->remove(driver, tty);
1221 	else
1222 		driver->ttys[tty->index] = NULL;
1223 }
1224 
1225 /*
1226  * 	tty_reopen()	- fast re-open of an open tty
1227  * 	@tty	- the tty to open
1228  *
1229  *	Return 0 on success, -errno on error.
1230  *	Re-opens on master ptys are not allowed and return -EIO.
1231  *
1232  *	Locking: Caller must hold tty_lock
1233  */
1234 static int tty_reopen(struct tty_struct *tty)
1235 {
1236 	struct tty_driver *driver = tty->driver;
1237 
1238 	if (driver->type == TTY_DRIVER_TYPE_PTY &&
1239 	    driver->subtype == PTY_TYPE_MASTER)
1240 		return -EIO;
1241 
1242 	if (!tty->count)
1243 		return -EAGAIN;
1244 
1245 	if (test_bit(TTY_EXCLUSIVE, &tty->flags) && !capable(CAP_SYS_ADMIN))
1246 		return -EBUSY;
1247 
1248 	tty->count++;
1249 
1250 	if (!tty->ldisc)
1251 		return tty_ldisc_reinit(tty, tty->termios.c_line);
1252 
1253 	return 0;
1254 }
1255 
1256 /**
1257  *	tty_init_dev		-	initialise a tty device
1258  *	@driver: tty driver we are opening a device on
1259  *	@idx: device index
1260  *	@ret_tty: returned tty structure
1261  *
1262  *	Prepare a tty device. This may not be a "new" clean device but
1263  *	could also be an active device. The pty drivers require special
1264  *	handling because of this.
1265  *
1266  *	Locking:
1267  *		The function is called under the tty_mutex, which
1268  *	protects us from the tty struct or driver itself going away.
1269  *
1270  *	On exit the tty device has the line discipline attached and
1271  *	a reference count of 1. If a pair was created for pty/tty use
1272  *	and the other was a pty master then it too has a reference count of 1.
1273  *
1274  * WSH 06/09/97: Rewritten to remove races and properly clean up after a
1275  * failed open.  The new code protects the open with a mutex, so it's
1276  * really quite straightforward.  The mutex locking can probably be
1277  * relaxed for the (most common) case of reopening a tty.
1278  */
1279 
1280 struct tty_struct *tty_init_dev(struct tty_driver *driver, int idx)
1281 {
1282 	struct tty_struct *tty;
1283 	int retval;
1284 
1285 	/*
1286 	 * First time open is complex, especially for PTY devices.
1287 	 * This code guarantees that either everything succeeds and the
1288 	 * TTY is ready for operation, or else the table slots are vacated
1289 	 * and the allocated memory released.  (Except that the termios
1290 	 * may be retained.)
1291 	 */
1292 
1293 	if (!try_module_get(driver->owner))
1294 		return ERR_PTR(-ENODEV);
1295 
1296 	tty = alloc_tty_struct(driver, idx);
1297 	if (!tty) {
1298 		retval = -ENOMEM;
1299 		goto err_module_put;
1300 	}
1301 
1302 	tty_lock(tty);
1303 	retval = tty_driver_install_tty(driver, tty);
1304 	if (retval < 0)
1305 		goto err_free_tty;
1306 
1307 	if (!tty->port)
1308 		tty->port = driver->ports[idx];
1309 
1310 	WARN_RATELIMIT(!tty->port,
1311 			"%s: %s driver does not set tty->port. This will crash the kernel later. Fix the driver!\n",
1312 			__func__, tty->driver->name);
1313 
1314 	tty->port->itty = tty;
1315 
1316 	/*
1317 	 * Structures all installed ... call the ldisc open routines.
1318 	 * If we fail here just call release_tty to clean up.  No need
1319 	 * to decrement the use counts, as release_tty doesn't care.
1320 	 */
1321 	retval = tty_ldisc_setup(tty, tty->link);
1322 	if (retval)
1323 		goto err_release_tty;
1324 	/* Return the tty locked so that it cannot vanish under the caller */
1325 	return tty;
1326 
1327 err_free_tty:
1328 	tty_unlock(tty);
1329 	free_tty_struct(tty);
1330 err_module_put:
1331 	module_put(driver->owner);
1332 	return ERR_PTR(retval);
1333 
1334 	/* call the tty release_tty routine to clean out this slot */
1335 err_release_tty:
1336 	tty_unlock(tty);
1337 	tty_info_ratelimited(tty, "ldisc open failed (%d), clearing slot %d\n",
1338 			     retval, idx);
1339 	release_tty(tty, idx);
1340 	return ERR_PTR(retval);
1341 }
1342 
1343 static void tty_free_termios(struct tty_struct *tty)
1344 {
1345 	struct ktermios *tp;
1346 	int idx = tty->index;
1347 
1348 	/* If the port is going to reset then it has no termios to save */
1349 	if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS)
1350 		return;
1351 
1352 	/* Stash the termios data */
1353 	tp = tty->driver->termios[idx];
1354 	if (tp == NULL) {
1355 		tp = kmalloc(sizeof(struct ktermios), GFP_KERNEL);
1356 		if (tp == NULL)
1357 			return;
1358 		tty->driver->termios[idx] = tp;
1359 	}
1360 	*tp = tty->termios;
1361 }
1362 
1363 /**
1364  *	tty_flush_works		-	flush all works of a tty/pty pair
1365  *	@tty: tty device to flush works for (or either end of a pty pair)
1366  *
1367  *	Sync flush all works belonging to @tty (and the 'other' tty).
1368  */
1369 static void tty_flush_works(struct tty_struct *tty)
1370 {
1371 	flush_work(&tty->SAK_work);
1372 	flush_work(&tty->hangup_work);
1373 	if (tty->link) {
1374 		flush_work(&tty->link->SAK_work);
1375 		flush_work(&tty->link->hangup_work);
1376 	}
1377 }
1378 
1379 /**
1380  *	release_one_tty		-	release tty structure memory
1381  *	@kref: kref of tty we are obliterating
1382  *
1383  *	Releases memory associated with a tty structure, and clears out the
1384  *	driver table slots. This function is called when a device is no longer
1385  *	in use. It also gets called when setup of a device fails.
1386  *
1387  *	Locking:
1388  *		takes the file list lock internally when working on the list
1389  *	of ttys that the driver keeps.
1390  *
1391  *	This method gets called from a work queue so that the driver private
1392  *	cleanup ops can sleep (needed for USB at least)
1393  */
1394 static void release_one_tty(struct work_struct *work)
1395 {
1396 	struct tty_struct *tty =
1397 		container_of(work, struct tty_struct, hangup_work);
1398 	struct tty_driver *driver = tty->driver;
1399 	struct module *owner = driver->owner;
1400 
1401 	if (tty->ops->cleanup)
1402 		tty->ops->cleanup(tty);
1403 
1404 	tty->magic = 0;
1405 	tty_driver_kref_put(driver);
1406 	module_put(owner);
1407 
1408 	spin_lock(&tty->files_lock);
1409 	list_del_init(&tty->tty_files);
1410 	spin_unlock(&tty->files_lock);
1411 
1412 	put_pid(tty->pgrp);
1413 	put_pid(tty->session);
1414 	free_tty_struct(tty);
1415 }
1416 
1417 static void queue_release_one_tty(struct kref *kref)
1418 {
1419 	struct tty_struct *tty = container_of(kref, struct tty_struct, kref);
1420 
1421 	/* The hangup queue is now free so we can reuse it rather than
1422 	   waste a chunk of memory for each port */
1423 	INIT_WORK(&tty->hangup_work, release_one_tty);
1424 	schedule_work(&tty->hangup_work);
1425 }
1426 
1427 /**
1428  *	tty_kref_put		-	release a tty kref
1429  *	@tty: tty device
1430  *
1431  *	Release a reference to a tty device and if need be let the kref
1432  *	layer destruct the object for us
1433  */
1434 
1435 void tty_kref_put(struct tty_struct *tty)
1436 {
1437 	if (tty)
1438 		kref_put(&tty->kref, queue_release_one_tty);
1439 }
1440 EXPORT_SYMBOL(tty_kref_put);
1441 
1442 /**
1443  *	release_tty		-	release tty structure memory
1444  *
1445  *	Release both @tty and a possible linked partner (think pty pair),
1446  *	and decrement the refcount of the backing module.
1447  *
1448  *	Locking:
1449  *		tty_mutex
1450  *		takes the file list lock internally when working on the list
1451  *	of ttys that the driver keeps.
1452  *
1453  */
1454 static void release_tty(struct tty_struct *tty, int idx)
1455 {
1456 	/* This should always be true but check for the moment */
1457 	WARN_ON(tty->index != idx);
1458 	WARN_ON(!mutex_is_locked(&tty_mutex));
1459 	if (tty->ops->shutdown)
1460 		tty->ops->shutdown(tty);
1461 	tty_free_termios(tty);
1462 	tty_driver_remove_tty(tty->driver, tty);
1463 	tty->port->itty = NULL;
1464 	if (tty->link)
1465 		tty->link->port->itty = NULL;
1466 	tty_buffer_cancel_work(tty->port);
1467 
1468 	tty_kref_put(tty->link);
1469 	tty_kref_put(tty);
1470 }
1471 
1472 /**
1473  *	tty_release_checks - check a tty before real release
1474  *	@tty: tty to check
1475  *	@o_tty: link of @tty (if any)
1476  *	@idx: index of the tty
1477  *
1478  *	Performs some paranoid checking before true release of the @tty.
1479  *	This is a no-op unless TTY_PARANOIA_CHECK is defined.
1480  */
1481 static int tty_release_checks(struct tty_struct *tty, int idx)
1482 {
1483 #ifdef TTY_PARANOIA_CHECK
1484 	if (idx < 0 || idx >= tty->driver->num) {
1485 		tty_debug(tty, "bad idx %d\n", idx);
1486 		return -1;
1487 	}
1488 
1489 	/* not much to check for devpts */
1490 	if (tty->driver->flags & TTY_DRIVER_DEVPTS_MEM)
1491 		return 0;
1492 
1493 	if (tty != tty->driver->ttys[idx]) {
1494 		tty_debug(tty, "bad driver table[%d] = %p\n",
1495 			  idx, tty->driver->ttys[idx]);
1496 		return -1;
1497 	}
1498 	if (tty->driver->other) {
1499 		struct tty_struct *o_tty = tty->link;
1500 
1501 		if (o_tty != tty->driver->other->ttys[idx]) {
1502 			tty_debug(tty, "bad other table[%d] = %p\n",
1503 				  idx, tty->driver->other->ttys[idx]);
1504 			return -1;
1505 		}
1506 		if (o_tty->link != tty) {
1507 			tty_debug(tty, "bad link = %p\n", o_tty->link);
1508 			return -1;
1509 		}
1510 	}
1511 #endif
1512 	return 0;
1513 }
1514 
1515 /**
1516  *	tty_release_struct	-	release a tty struct
1517  *	@tty: tty device
1518  *	@idx: index of the tty
1519  *
1520  *	Performs the final steps to release and free a tty device. It is
1521  *	roughly the reverse of tty_init_dev.
1522  */
1523 void tty_release_struct(struct tty_struct *tty, int idx)
1524 {
1525 	/*
1526 	 * Ask the line discipline code to release its structures
1527 	 */
1528 	tty_ldisc_release(tty);
1529 
1530 	/* Wait for pending work before tty destruction commmences */
1531 	tty_flush_works(tty);
1532 
1533 	tty_debug_hangup(tty, "freeing structure\n");
1534 	/*
1535 	 * The release_tty function takes care of the details of clearing
1536 	 * the slots and preserving the termios structure. The tty_unlock_pair
1537 	 * should be safe as we keep a kref while the tty is locked (so the
1538 	 * unlock never unlocks a freed tty).
1539 	 */
1540 	mutex_lock(&tty_mutex);
1541 	release_tty(tty, idx);
1542 	mutex_unlock(&tty_mutex);
1543 }
1544 EXPORT_SYMBOL_GPL(tty_release_struct);
1545 
1546 /**
1547  *	tty_release		-	vfs callback for close
1548  *	@inode: inode of tty
1549  *	@filp: file pointer for handle to tty
1550  *
1551  *	Called the last time each file handle is closed that references
1552  *	this tty. There may however be several such references.
1553  *
1554  *	Locking:
1555  *		Takes bkl. See tty_release_dev
1556  *
1557  * Even releasing the tty structures is a tricky business.. We have
1558  * to be very careful that the structures are all released at the
1559  * same time, as interrupts might otherwise get the wrong pointers.
1560  *
1561  * WSH 09/09/97: rewritten to avoid some nasty race conditions that could
1562  * lead to double frees or releasing memory still in use.
1563  */
1564 
1565 int tty_release(struct inode *inode, struct file *filp)
1566 {
1567 	struct tty_struct *tty = file_tty(filp);
1568 	struct tty_struct *o_tty = NULL;
1569 	int	do_sleep, final;
1570 	int	idx;
1571 	long	timeout = 0;
1572 	int	once = 1;
1573 
1574 	if (tty_paranoia_check(tty, inode, __func__))
1575 		return 0;
1576 
1577 	tty_lock(tty);
1578 	check_tty_count(tty, __func__);
1579 
1580 	__tty_fasync(-1, filp, 0);
1581 
1582 	idx = tty->index;
1583 	if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1584 	    tty->driver->subtype == PTY_TYPE_MASTER)
1585 		o_tty = tty->link;
1586 
1587 	if (tty_release_checks(tty, idx)) {
1588 		tty_unlock(tty);
1589 		return 0;
1590 	}
1591 
1592 	tty_debug_hangup(tty, "releasing (count=%d)\n", tty->count);
1593 
1594 	if (tty->ops->close)
1595 		tty->ops->close(tty, filp);
1596 
1597 	/* If tty is pty master, lock the slave pty (stable lock order) */
1598 	tty_lock_slave(o_tty);
1599 
1600 	/*
1601 	 * Sanity check: if tty->count is going to zero, there shouldn't be
1602 	 * any waiters on tty->read_wait or tty->write_wait.  We test the
1603 	 * wait queues and kick everyone out _before_ actually starting to
1604 	 * close.  This ensures that we won't block while releasing the tty
1605 	 * structure.
1606 	 *
1607 	 * The test for the o_tty closing is necessary, since the master and
1608 	 * slave sides may close in any order.  If the slave side closes out
1609 	 * first, its count will be one, since the master side holds an open.
1610 	 * Thus this test wouldn't be triggered at the time the slave closed,
1611 	 * so we do it now.
1612 	 */
1613 	while (1) {
1614 		do_sleep = 0;
1615 
1616 		if (tty->count <= 1) {
1617 			if (waitqueue_active(&tty->read_wait)) {
1618 				wake_up_poll(&tty->read_wait, POLLIN);
1619 				do_sleep++;
1620 			}
1621 			if (waitqueue_active(&tty->write_wait)) {
1622 				wake_up_poll(&tty->write_wait, POLLOUT);
1623 				do_sleep++;
1624 			}
1625 		}
1626 		if (o_tty && o_tty->count <= 1) {
1627 			if (waitqueue_active(&o_tty->read_wait)) {
1628 				wake_up_poll(&o_tty->read_wait, POLLIN);
1629 				do_sleep++;
1630 			}
1631 			if (waitqueue_active(&o_tty->write_wait)) {
1632 				wake_up_poll(&o_tty->write_wait, POLLOUT);
1633 				do_sleep++;
1634 			}
1635 		}
1636 		if (!do_sleep)
1637 			break;
1638 
1639 		if (once) {
1640 			once = 0;
1641 			tty_warn(tty, "read/write wait queue active!\n");
1642 		}
1643 		schedule_timeout_killable(timeout);
1644 		if (timeout < 120 * HZ)
1645 			timeout = 2 * timeout + 1;
1646 		else
1647 			timeout = MAX_SCHEDULE_TIMEOUT;
1648 	}
1649 
1650 	if (o_tty) {
1651 		if (--o_tty->count < 0) {
1652 			tty_warn(tty, "bad slave count (%d)\n", o_tty->count);
1653 			o_tty->count = 0;
1654 		}
1655 	}
1656 	if (--tty->count < 0) {
1657 		tty_warn(tty, "bad tty->count (%d)\n", tty->count);
1658 		tty->count = 0;
1659 	}
1660 
1661 	/*
1662 	 * We've decremented tty->count, so we need to remove this file
1663 	 * descriptor off the tty->tty_files list; this serves two
1664 	 * purposes:
1665 	 *  - check_tty_count sees the correct number of file descriptors
1666 	 *    associated with this tty.
1667 	 *  - do_tty_hangup no longer sees this file descriptor as
1668 	 *    something that needs to be handled for hangups.
1669 	 */
1670 	tty_del_file(filp);
1671 
1672 	/*
1673 	 * Perform some housekeeping before deciding whether to return.
1674 	 *
1675 	 * If _either_ side is closing, make sure there aren't any
1676 	 * processes that still think tty or o_tty is their controlling
1677 	 * tty.
1678 	 */
1679 	if (!tty->count) {
1680 		read_lock(&tasklist_lock);
1681 		session_clear_tty(tty->session);
1682 		if (o_tty)
1683 			session_clear_tty(o_tty->session);
1684 		read_unlock(&tasklist_lock);
1685 	}
1686 
1687 	/* check whether both sides are closing ... */
1688 	final = !tty->count && !(o_tty && o_tty->count);
1689 
1690 	tty_unlock_slave(o_tty);
1691 	tty_unlock(tty);
1692 
1693 	/* At this point, the tty->count == 0 should ensure a dead tty
1694 	   cannot be re-opened by a racing opener */
1695 
1696 	if (!final)
1697 		return 0;
1698 
1699 	tty_debug_hangup(tty, "final close\n");
1700 
1701 	tty_release_struct(tty, idx);
1702 	return 0;
1703 }
1704 
1705 /**
1706  *	tty_open_current_tty - get locked tty of current task
1707  *	@device: device number
1708  *	@filp: file pointer to tty
1709  *	@return: locked tty of the current task iff @device is /dev/tty
1710  *
1711  *	Performs a re-open of the current task's controlling tty.
1712  *
1713  *	We cannot return driver and index like for the other nodes because
1714  *	devpts will not work then. It expects inodes to be from devpts FS.
1715  */
1716 static struct tty_struct *tty_open_current_tty(dev_t device, struct file *filp)
1717 {
1718 	struct tty_struct *tty;
1719 	int retval;
1720 
1721 	if (device != MKDEV(TTYAUX_MAJOR, 0))
1722 		return NULL;
1723 
1724 	tty = get_current_tty();
1725 	if (!tty)
1726 		return ERR_PTR(-ENXIO);
1727 
1728 	filp->f_flags |= O_NONBLOCK; /* Don't let /dev/tty block */
1729 	/* noctty = 1; */
1730 	tty_lock(tty);
1731 	tty_kref_put(tty);	/* safe to drop the kref now */
1732 
1733 	retval = tty_reopen(tty);
1734 	if (retval < 0) {
1735 		tty_unlock(tty);
1736 		tty = ERR_PTR(retval);
1737 	}
1738 	return tty;
1739 }
1740 
1741 /**
1742  *	tty_lookup_driver - lookup a tty driver for a given device file
1743  *	@device: device number
1744  *	@filp: file pointer to tty
1745  *	@index: index for the device in the @return driver
1746  *	@return: driver for this inode (with increased refcount)
1747  *
1748  * 	If @return is not erroneous, the caller is responsible to decrement the
1749  * 	refcount by tty_driver_kref_put.
1750  *
1751  *	Locking: tty_mutex protects get_tty_driver
1752  */
1753 static struct tty_driver *tty_lookup_driver(dev_t device, struct file *filp,
1754 		int *index)
1755 {
1756 	struct tty_driver *driver;
1757 
1758 	switch (device) {
1759 #ifdef CONFIG_VT
1760 	case MKDEV(TTY_MAJOR, 0): {
1761 		extern struct tty_driver *console_driver;
1762 		driver = tty_driver_kref_get(console_driver);
1763 		*index = fg_console;
1764 		break;
1765 	}
1766 #endif
1767 	case MKDEV(TTYAUX_MAJOR, 1): {
1768 		struct tty_driver *console_driver = console_device(index);
1769 		if (console_driver) {
1770 			driver = tty_driver_kref_get(console_driver);
1771 			if (driver && filp) {
1772 				/* Don't let /dev/console block */
1773 				filp->f_flags |= O_NONBLOCK;
1774 				break;
1775 			}
1776 		}
1777 		return ERR_PTR(-ENODEV);
1778 	}
1779 	default:
1780 		driver = get_tty_driver(device, index);
1781 		if (!driver)
1782 			return ERR_PTR(-ENODEV);
1783 		break;
1784 	}
1785 	return driver;
1786 }
1787 
1788 /**
1789  *	tty_open_by_driver	-	open a tty device
1790  *	@device: dev_t of device to open
1791  *	@inode: inode of device file
1792  *	@filp: file pointer to tty
1793  *
1794  *	Performs the driver lookup, checks for a reopen, or otherwise
1795  *	performs the first-time tty initialization.
1796  *
1797  *	Returns the locked initialized or re-opened &tty_struct
1798  *
1799  *	Claims the global tty_mutex to serialize:
1800  *	  - concurrent first-time tty initialization
1801  *	  - concurrent tty driver removal w/ lookup
1802  *	  - concurrent tty removal from driver table
1803  */
1804 struct tty_struct *tty_open_by_driver(dev_t device, struct inode *inode,
1805 					     struct file *filp)
1806 {
1807 	struct tty_struct *tty;
1808 	struct tty_driver *driver = NULL;
1809 	int index = -1;
1810 	int retval;
1811 
1812 	mutex_lock(&tty_mutex);
1813 	driver = tty_lookup_driver(device, filp, &index);
1814 	if (IS_ERR(driver)) {
1815 		mutex_unlock(&tty_mutex);
1816 		return ERR_CAST(driver);
1817 	}
1818 
1819 	/* check whether we're reopening an existing tty */
1820 	tty = tty_driver_lookup_tty(driver, filp, index);
1821 	if (IS_ERR(tty)) {
1822 		mutex_unlock(&tty_mutex);
1823 		goto out;
1824 	}
1825 
1826 	if (tty) {
1827 		mutex_unlock(&tty_mutex);
1828 		retval = tty_lock_interruptible(tty);
1829 		tty_kref_put(tty);  /* drop kref from tty_driver_lookup_tty() */
1830 		if (retval) {
1831 			if (retval == -EINTR)
1832 				retval = -ERESTARTSYS;
1833 			tty = ERR_PTR(retval);
1834 			goto out;
1835 		}
1836 		retval = tty_reopen(tty);
1837 		if (retval < 0) {
1838 			tty_unlock(tty);
1839 			tty = ERR_PTR(retval);
1840 		}
1841 	} else { /* Returns with the tty_lock held for now */
1842 		tty = tty_init_dev(driver, index);
1843 		mutex_unlock(&tty_mutex);
1844 	}
1845 out:
1846 	tty_driver_kref_put(driver);
1847 	return tty;
1848 }
1849 EXPORT_SYMBOL_GPL(tty_open_by_driver);
1850 
1851 /**
1852  *	tty_open		-	open a tty device
1853  *	@inode: inode of device file
1854  *	@filp: file pointer to tty
1855  *
1856  *	tty_open and tty_release keep up the tty count that contains the
1857  *	number of opens done on a tty. We cannot use the inode-count, as
1858  *	different inodes might point to the same tty.
1859  *
1860  *	Open-counting is needed for pty masters, as well as for keeping
1861  *	track of serial lines: DTR is dropped when the last close happens.
1862  *	(This is not done solely through tty->count, now.  - Ted 1/27/92)
1863  *
1864  *	The termios state of a pty is reset on first open so that
1865  *	settings don't persist across reuse.
1866  *
1867  *	Locking: tty_mutex protects tty, tty_lookup_driver and tty_init_dev.
1868  *		 tty->count should protect the rest.
1869  *		 ->siglock protects ->signal/->sighand
1870  *
1871  *	Note: the tty_unlock/lock cases without a ref are only safe due to
1872  *	tty_mutex
1873  */
1874 
1875 static int tty_open(struct inode *inode, struct file *filp)
1876 {
1877 	struct tty_struct *tty;
1878 	int noctty, retval;
1879 	dev_t device = inode->i_rdev;
1880 	unsigned saved_flags = filp->f_flags;
1881 
1882 	nonseekable_open(inode, filp);
1883 
1884 retry_open:
1885 	retval = tty_alloc_file(filp);
1886 	if (retval)
1887 		return -ENOMEM;
1888 
1889 	tty = tty_open_current_tty(device, filp);
1890 	if (!tty)
1891 		tty = tty_open_by_driver(device, inode, filp);
1892 
1893 	if (IS_ERR(tty)) {
1894 		tty_free_file(filp);
1895 		retval = PTR_ERR(tty);
1896 		if (retval != -EAGAIN || signal_pending(current))
1897 			return retval;
1898 		schedule();
1899 		goto retry_open;
1900 	}
1901 
1902 	tty_add_file(tty, filp);
1903 
1904 	check_tty_count(tty, __func__);
1905 	tty_debug_hangup(tty, "opening (count=%d)\n", tty->count);
1906 
1907 	if (tty->ops->open)
1908 		retval = tty->ops->open(tty, filp);
1909 	else
1910 		retval = -ENODEV;
1911 	filp->f_flags = saved_flags;
1912 
1913 	if (retval) {
1914 		tty_debug_hangup(tty, "open error %d, releasing\n", retval);
1915 
1916 		tty_unlock(tty); /* need to call tty_release without BTM */
1917 		tty_release(inode, filp);
1918 		if (retval != -ERESTARTSYS)
1919 			return retval;
1920 
1921 		if (signal_pending(current))
1922 			return retval;
1923 
1924 		schedule();
1925 		/*
1926 		 * Need to reset f_op in case a hangup happened.
1927 		 */
1928 		if (tty_hung_up_p(filp))
1929 			filp->f_op = &tty_fops;
1930 		goto retry_open;
1931 	}
1932 	clear_bit(TTY_HUPPED, &tty->flags);
1933 
1934 	noctty = (filp->f_flags & O_NOCTTY) ||
1935 		 (IS_ENABLED(CONFIG_VT) && device == MKDEV(TTY_MAJOR, 0)) ||
1936 		 device == MKDEV(TTYAUX_MAJOR, 1) ||
1937 		 (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
1938 		  tty->driver->subtype == PTY_TYPE_MASTER);
1939 	if (!noctty)
1940 		tty_open_proc_set_tty(filp, tty);
1941 	tty_unlock(tty);
1942 	return 0;
1943 }
1944 
1945 
1946 
1947 /**
1948  *	tty_poll	-	check tty status
1949  *	@filp: file being polled
1950  *	@wait: poll wait structures to update
1951  *
1952  *	Call the line discipline polling method to obtain the poll
1953  *	status of the device.
1954  *
1955  *	Locking: locks called line discipline but ldisc poll method
1956  *	may be re-entered freely by other callers.
1957  */
1958 
1959 static unsigned int tty_poll(struct file *filp, poll_table *wait)
1960 {
1961 	struct tty_struct *tty = file_tty(filp);
1962 	struct tty_ldisc *ld;
1963 	int ret = 0;
1964 
1965 	if (tty_paranoia_check(tty, file_inode(filp), "tty_poll"))
1966 		return 0;
1967 
1968 	ld = tty_ldisc_ref_wait(tty);
1969 	if (!ld)
1970 		return hung_up_tty_poll(filp, wait);
1971 	if (ld->ops->poll)
1972 		ret = ld->ops->poll(tty, filp, wait);
1973 	tty_ldisc_deref(ld);
1974 	return ret;
1975 }
1976 
1977 static int __tty_fasync(int fd, struct file *filp, int on)
1978 {
1979 	struct tty_struct *tty = file_tty(filp);
1980 	unsigned long flags;
1981 	int retval = 0;
1982 
1983 	if (tty_paranoia_check(tty, file_inode(filp), "tty_fasync"))
1984 		goto out;
1985 
1986 	retval = fasync_helper(fd, filp, on, &tty->fasync);
1987 	if (retval <= 0)
1988 		goto out;
1989 
1990 	if (on) {
1991 		enum pid_type type;
1992 		struct pid *pid;
1993 
1994 		spin_lock_irqsave(&tty->ctrl_lock, flags);
1995 		if (tty->pgrp) {
1996 			pid = tty->pgrp;
1997 			type = PIDTYPE_PGID;
1998 		} else {
1999 			pid = task_pid(current);
2000 			type = PIDTYPE_PID;
2001 		}
2002 		get_pid(pid);
2003 		spin_unlock_irqrestore(&tty->ctrl_lock, flags);
2004 		__f_setown(filp, pid, type, 0);
2005 		put_pid(pid);
2006 		retval = 0;
2007 	}
2008 out:
2009 	return retval;
2010 }
2011 
2012 static int tty_fasync(int fd, struct file *filp, int on)
2013 {
2014 	struct tty_struct *tty = file_tty(filp);
2015 	int retval = -ENOTTY;
2016 
2017 	tty_lock(tty);
2018 	if (!tty_hung_up_p(filp))
2019 		retval = __tty_fasync(fd, filp, on);
2020 	tty_unlock(tty);
2021 
2022 	return retval;
2023 }
2024 
2025 /**
2026  *	tiocsti			-	fake input character
2027  *	@tty: tty to fake input into
2028  *	@p: pointer to character
2029  *
2030  *	Fake input to a tty device. Does the necessary locking and
2031  *	input management.
2032  *
2033  *	FIXME: does not honour flow control ??
2034  *
2035  *	Locking:
2036  *		Called functions take tty_ldiscs_lock
2037  *		current->signal->tty check is safe without locks
2038  *
2039  *	FIXME: may race normal receive processing
2040  */
2041 
2042 static int tiocsti(struct tty_struct *tty, char __user *p)
2043 {
2044 	char ch, mbz = 0;
2045 	struct tty_ldisc *ld;
2046 
2047 	if ((current->signal->tty != tty) && !capable(CAP_SYS_ADMIN))
2048 		return -EPERM;
2049 	if (get_user(ch, p))
2050 		return -EFAULT;
2051 	tty_audit_tiocsti(tty, ch);
2052 	ld = tty_ldisc_ref_wait(tty);
2053 	if (!ld)
2054 		return -EIO;
2055 	ld->ops->receive_buf(tty, &ch, &mbz, 1);
2056 	tty_ldisc_deref(ld);
2057 	return 0;
2058 }
2059 
2060 /**
2061  *	tiocgwinsz		-	implement window query ioctl
2062  *	@tty; tty
2063  *	@arg: user buffer for result
2064  *
2065  *	Copies the kernel idea of the window size into the user buffer.
2066  *
2067  *	Locking: tty->winsize_mutex is taken to ensure the winsize data
2068  *		is consistent.
2069  */
2070 
2071 static int tiocgwinsz(struct tty_struct *tty, struct winsize __user *arg)
2072 {
2073 	int err;
2074 
2075 	mutex_lock(&tty->winsize_mutex);
2076 	err = copy_to_user(arg, &tty->winsize, sizeof(*arg));
2077 	mutex_unlock(&tty->winsize_mutex);
2078 
2079 	return err ? -EFAULT: 0;
2080 }
2081 
2082 /**
2083  *	tty_do_resize		-	resize event
2084  *	@tty: tty being resized
2085  *	@rows: rows (character)
2086  *	@cols: cols (character)
2087  *
2088  *	Update the termios variables and send the necessary signals to
2089  *	peform a terminal resize correctly
2090  */
2091 
2092 int tty_do_resize(struct tty_struct *tty, struct winsize *ws)
2093 {
2094 	struct pid *pgrp;
2095 
2096 	/* Lock the tty */
2097 	mutex_lock(&tty->winsize_mutex);
2098 	if (!memcmp(ws, &tty->winsize, sizeof(*ws)))
2099 		goto done;
2100 
2101 	/* Signal the foreground process group */
2102 	pgrp = tty_get_pgrp(tty);
2103 	if (pgrp)
2104 		kill_pgrp(pgrp, SIGWINCH, 1);
2105 	put_pid(pgrp);
2106 
2107 	tty->winsize = *ws;
2108 done:
2109 	mutex_unlock(&tty->winsize_mutex);
2110 	return 0;
2111 }
2112 EXPORT_SYMBOL(tty_do_resize);
2113 
2114 /**
2115  *	tiocswinsz		-	implement window size set ioctl
2116  *	@tty; tty side of tty
2117  *	@arg: user buffer for result
2118  *
2119  *	Copies the user idea of the window size to the kernel. Traditionally
2120  *	this is just advisory information but for the Linux console it
2121  *	actually has driver level meaning and triggers a VC resize.
2122  *
2123  *	Locking:
2124  *		Driver dependent. The default do_resize method takes the
2125  *	tty termios mutex and ctrl_lock. The console takes its own lock
2126  *	then calls into the default method.
2127  */
2128 
2129 static int tiocswinsz(struct tty_struct *tty, struct winsize __user *arg)
2130 {
2131 	struct winsize tmp_ws;
2132 	if (copy_from_user(&tmp_ws, arg, sizeof(*arg)))
2133 		return -EFAULT;
2134 
2135 	if (tty->ops->resize)
2136 		return tty->ops->resize(tty, &tmp_ws);
2137 	else
2138 		return tty_do_resize(tty, &tmp_ws);
2139 }
2140 
2141 /**
2142  *	tioccons	-	allow admin to move logical console
2143  *	@file: the file to become console
2144  *
2145  *	Allow the administrator to move the redirected console device
2146  *
2147  *	Locking: uses redirect_lock to guard the redirect information
2148  */
2149 
2150 static int tioccons(struct file *file)
2151 {
2152 	if (!capable(CAP_SYS_ADMIN))
2153 		return -EPERM;
2154 	if (file->f_op->write == redirected_tty_write) {
2155 		struct file *f;
2156 		spin_lock(&redirect_lock);
2157 		f = redirect;
2158 		redirect = NULL;
2159 		spin_unlock(&redirect_lock);
2160 		if (f)
2161 			fput(f);
2162 		return 0;
2163 	}
2164 	spin_lock(&redirect_lock);
2165 	if (redirect) {
2166 		spin_unlock(&redirect_lock);
2167 		return -EBUSY;
2168 	}
2169 	redirect = get_file(file);
2170 	spin_unlock(&redirect_lock);
2171 	return 0;
2172 }
2173 
2174 /**
2175  *	fionbio		-	non blocking ioctl
2176  *	@file: file to set blocking value
2177  *	@p: user parameter
2178  *
2179  *	Historical tty interfaces had a blocking control ioctl before
2180  *	the generic functionality existed. This piece of history is preserved
2181  *	in the expected tty API of posix OS's.
2182  *
2183  *	Locking: none, the open file handle ensures it won't go away.
2184  */
2185 
2186 static int fionbio(struct file *file, int __user *p)
2187 {
2188 	int nonblock;
2189 
2190 	if (get_user(nonblock, p))
2191 		return -EFAULT;
2192 
2193 	spin_lock(&file->f_lock);
2194 	if (nonblock)
2195 		file->f_flags |= O_NONBLOCK;
2196 	else
2197 		file->f_flags &= ~O_NONBLOCK;
2198 	spin_unlock(&file->f_lock);
2199 	return 0;
2200 }
2201 
2202 /**
2203  *	tiocsetd	-	set line discipline
2204  *	@tty: tty device
2205  *	@p: pointer to user data
2206  *
2207  *	Set the line discipline according to user request.
2208  *
2209  *	Locking: see tty_set_ldisc, this function is just a helper
2210  */
2211 
2212 static int tiocsetd(struct tty_struct *tty, int __user *p)
2213 {
2214 	int disc;
2215 	int ret;
2216 
2217 	if (get_user(disc, p))
2218 		return -EFAULT;
2219 
2220 	ret = tty_set_ldisc(tty, disc);
2221 
2222 	return ret;
2223 }
2224 
2225 /**
2226  *	tiocgetd	-	get line discipline
2227  *	@tty: tty device
2228  *	@p: pointer to user data
2229  *
2230  *	Retrieves the line discipline id directly from the ldisc.
2231  *
2232  *	Locking: waits for ldisc reference (in case the line discipline
2233  *		is changing or the tty is being hungup)
2234  */
2235 
2236 static int tiocgetd(struct tty_struct *tty, int __user *p)
2237 {
2238 	struct tty_ldisc *ld;
2239 	int ret;
2240 
2241 	ld = tty_ldisc_ref_wait(tty);
2242 	if (!ld)
2243 		return -EIO;
2244 	ret = put_user(ld->ops->num, p);
2245 	tty_ldisc_deref(ld);
2246 	return ret;
2247 }
2248 
2249 /**
2250  *	send_break	-	performed time break
2251  *	@tty: device to break on
2252  *	@duration: timeout in mS
2253  *
2254  *	Perform a timed break on hardware that lacks its own driver level
2255  *	timed break functionality.
2256  *
2257  *	Locking:
2258  *		atomic_write_lock serializes
2259  *
2260  */
2261 
2262 static int send_break(struct tty_struct *tty, unsigned int duration)
2263 {
2264 	int retval;
2265 
2266 	if (tty->ops->break_ctl == NULL)
2267 		return 0;
2268 
2269 	if (tty->driver->flags & TTY_DRIVER_HARDWARE_BREAK)
2270 		retval = tty->ops->break_ctl(tty, duration);
2271 	else {
2272 		/* Do the work ourselves */
2273 		if (tty_write_lock(tty, 0) < 0)
2274 			return -EINTR;
2275 		retval = tty->ops->break_ctl(tty, -1);
2276 		if (retval)
2277 			goto out;
2278 		if (!signal_pending(current))
2279 			msleep_interruptible(duration);
2280 		retval = tty->ops->break_ctl(tty, 0);
2281 out:
2282 		tty_write_unlock(tty);
2283 		if (signal_pending(current))
2284 			retval = -EINTR;
2285 	}
2286 	return retval;
2287 }
2288 
2289 /**
2290  *	tty_tiocmget		-	get modem status
2291  *	@tty: tty device
2292  *	@file: user file pointer
2293  *	@p: pointer to result
2294  *
2295  *	Obtain the modem status bits from the tty driver if the feature
2296  *	is supported. Return -EINVAL if it is not available.
2297  *
2298  *	Locking: none (up to the driver)
2299  */
2300 
2301 static int tty_tiocmget(struct tty_struct *tty, int __user *p)
2302 {
2303 	int retval = -EINVAL;
2304 
2305 	if (tty->ops->tiocmget) {
2306 		retval = tty->ops->tiocmget(tty);
2307 
2308 		if (retval >= 0)
2309 			retval = put_user(retval, p);
2310 	}
2311 	return retval;
2312 }
2313 
2314 /**
2315  *	tty_tiocmset		-	set modem status
2316  *	@tty: tty device
2317  *	@cmd: command - clear bits, set bits or set all
2318  *	@p: pointer to desired bits
2319  *
2320  *	Set the modem status bits from the tty driver if the feature
2321  *	is supported. Return -EINVAL if it is not available.
2322  *
2323  *	Locking: none (up to the driver)
2324  */
2325 
2326 static int tty_tiocmset(struct tty_struct *tty, unsigned int cmd,
2327 	     unsigned __user *p)
2328 {
2329 	int retval;
2330 	unsigned int set, clear, val;
2331 
2332 	if (tty->ops->tiocmset == NULL)
2333 		return -EINVAL;
2334 
2335 	retval = get_user(val, p);
2336 	if (retval)
2337 		return retval;
2338 	set = clear = 0;
2339 	switch (cmd) {
2340 	case TIOCMBIS:
2341 		set = val;
2342 		break;
2343 	case TIOCMBIC:
2344 		clear = val;
2345 		break;
2346 	case TIOCMSET:
2347 		set = val;
2348 		clear = ~val;
2349 		break;
2350 	}
2351 	set &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2352 	clear &= TIOCM_DTR|TIOCM_RTS|TIOCM_OUT1|TIOCM_OUT2|TIOCM_LOOP;
2353 	return tty->ops->tiocmset(tty, set, clear);
2354 }
2355 
2356 static int tty_tiocgicount(struct tty_struct *tty, void __user *arg)
2357 {
2358 	int retval = -EINVAL;
2359 	struct serial_icounter_struct icount;
2360 	memset(&icount, 0, sizeof(icount));
2361 	if (tty->ops->get_icount)
2362 		retval = tty->ops->get_icount(tty, &icount);
2363 	if (retval != 0)
2364 		return retval;
2365 	if (copy_to_user(arg, &icount, sizeof(icount)))
2366 		return -EFAULT;
2367 	return 0;
2368 }
2369 
2370 static void tty_warn_deprecated_flags(struct serial_struct __user *ss)
2371 {
2372 	static DEFINE_RATELIMIT_STATE(depr_flags,
2373 			DEFAULT_RATELIMIT_INTERVAL,
2374 			DEFAULT_RATELIMIT_BURST);
2375 	char comm[TASK_COMM_LEN];
2376 	int flags;
2377 
2378 	if (get_user(flags, &ss->flags))
2379 		return;
2380 
2381 	flags &= ASYNC_DEPRECATED;
2382 
2383 	if (flags && __ratelimit(&depr_flags))
2384 		pr_warn("%s: '%s' is using deprecated serial flags (with no effect): %.8x\n",
2385 			__func__, get_task_comm(comm, current), flags);
2386 }
2387 
2388 /*
2389  * if pty, return the slave side (real_tty)
2390  * otherwise, return self
2391  */
2392 static struct tty_struct *tty_pair_get_tty(struct tty_struct *tty)
2393 {
2394 	if (tty->driver->type == TTY_DRIVER_TYPE_PTY &&
2395 	    tty->driver->subtype == PTY_TYPE_MASTER)
2396 		tty = tty->link;
2397 	return tty;
2398 }
2399 
2400 /*
2401  * Split this up, as gcc can choke on it otherwise..
2402  */
2403 long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2404 {
2405 	struct tty_struct *tty = file_tty(file);
2406 	struct tty_struct *real_tty;
2407 	void __user *p = (void __user *)arg;
2408 	int retval;
2409 	struct tty_ldisc *ld;
2410 
2411 	if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2412 		return -EINVAL;
2413 
2414 	real_tty = tty_pair_get_tty(tty);
2415 
2416 	/*
2417 	 * Factor out some common prep work
2418 	 */
2419 	switch (cmd) {
2420 	case TIOCSETD:
2421 	case TIOCSBRK:
2422 	case TIOCCBRK:
2423 	case TCSBRK:
2424 	case TCSBRKP:
2425 		retval = tty_check_change(tty);
2426 		if (retval)
2427 			return retval;
2428 		if (cmd != TIOCCBRK) {
2429 			tty_wait_until_sent(tty, 0);
2430 			if (signal_pending(current))
2431 				return -EINTR;
2432 		}
2433 		break;
2434 	}
2435 
2436 	/*
2437 	 *	Now do the stuff.
2438 	 */
2439 	switch (cmd) {
2440 	case TIOCSTI:
2441 		return tiocsti(tty, p);
2442 	case TIOCGWINSZ:
2443 		return tiocgwinsz(real_tty, p);
2444 	case TIOCSWINSZ:
2445 		return tiocswinsz(real_tty, p);
2446 	case TIOCCONS:
2447 		return real_tty != tty ? -EINVAL : tioccons(file);
2448 	case FIONBIO:
2449 		return fionbio(file, p);
2450 	case TIOCEXCL:
2451 		set_bit(TTY_EXCLUSIVE, &tty->flags);
2452 		return 0;
2453 	case TIOCNXCL:
2454 		clear_bit(TTY_EXCLUSIVE, &tty->flags);
2455 		return 0;
2456 	case TIOCGEXCL:
2457 	{
2458 		int excl = test_bit(TTY_EXCLUSIVE, &tty->flags);
2459 		return put_user(excl, (int __user *)p);
2460 	}
2461 	case TIOCGETD:
2462 		return tiocgetd(tty, p);
2463 	case TIOCSETD:
2464 		return tiocsetd(tty, p);
2465 	case TIOCVHANGUP:
2466 		if (!capable(CAP_SYS_ADMIN))
2467 			return -EPERM;
2468 		tty_vhangup(tty);
2469 		return 0;
2470 	case TIOCGDEV:
2471 	{
2472 		unsigned int ret = new_encode_dev(tty_devnum(real_tty));
2473 		return put_user(ret, (unsigned int __user *)p);
2474 	}
2475 	/*
2476 	 * Break handling
2477 	 */
2478 	case TIOCSBRK:	/* Turn break on, unconditionally */
2479 		if (tty->ops->break_ctl)
2480 			return tty->ops->break_ctl(tty, -1);
2481 		return 0;
2482 	case TIOCCBRK:	/* Turn break off, unconditionally */
2483 		if (tty->ops->break_ctl)
2484 			return tty->ops->break_ctl(tty, 0);
2485 		return 0;
2486 	case TCSBRK:   /* SVID version: non-zero arg --> no break */
2487 		/* non-zero arg means wait for all output data
2488 		 * to be sent (performed above) but don't send break.
2489 		 * This is used by the tcdrain() termios function.
2490 		 */
2491 		if (!arg)
2492 			return send_break(tty, 250);
2493 		return 0;
2494 	case TCSBRKP:	/* support for POSIX tcsendbreak() */
2495 		return send_break(tty, arg ? arg*100 : 250);
2496 
2497 	case TIOCMGET:
2498 		return tty_tiocmget(tty, p);
2499 	case TIOCMSET:
2500 	case TIOCMBIC:
2501 	case TIOCMBIS:
2502 		return tty_tiocmset(tty, cmd, p);
2503 	case TIOCGICOUNT:
2504 		retval = tty_tiocgicount(tty, p);
2505 		/* For the moment allow fall through to the old method */
2506         	if (retval != -EINVAL)
2507 			return retval;
2508 		break;
2509 	case TCFLSH:
2510 		switch (arg) {
2511 		case TCIFLUSH:
2512 		case TCIOFLUSH:
2513 		/* flush tty buffer and allow ldisc to process ioctl */
2514 			tty_buffer_flush(tty, NULL);
2515 			break;
2516 		}
2517 		break;
2518 	case TIOCSSERIAL:
2519 		tty_warn_deprecated_flags(p);
2520 		break;
2521 	default:
2522 		retval = tty_jobctrl_ioctl(tty, real_tty, file, cmd, arg);
2523 		if (retval != -ENOIOCTLCMD)
2524 			return retval;
2525 	}
2526 	if (tty->ops->ioctl) {
2527 		retval = tty->ops->ioctl(tty, cmd, arg);
2528 		if (retval != -ENOIOCTLCMD)
2529 			return retval;
2530 	}
2531 	ld = tty_ldisc_ref_wait(tty);
2532 	if (!ld)
2533 		return hung_up_tty_ioctl(file, cmd, arg);
2534 	retval = -EINVAL;
2535 	if (ld->ops->ioctl) {
2536 		retval = ld->ops->ioctl(tty, file, cmd, arg);
2537 		if (retval == -ENOIOCTLCMD)
2538 			retval = -ENOTTY;
2539 	}
2540 	tty_ldisc_deref(ld);
2541 	return retval;
2542 }
2543 
2544 #ifdef CONFIG_COMPAT
2545 static long tty_compat_ioctl(struct file *file, unsigned int cmd,
2546 				unsigned long arg)
2547 {
2548 	struct tty_struct *tty = file_tty(file);
2549 	struct tty_ldisc *ld;
2550 	int retval = -ENOIOCTLCMD;
2551 
2552 	if (tty_paranoia_check(tty, file_inode(file), "tty_ioctl"))
2553 		return -EINVAL;
2554 
2555 	if (tty->ops->compat_ioctl) {
2556 		retval = tty->ops->compat_ioctl(tty, cmd, arg);
2557 		if (retval != -ENOIOCTLCMD)
2558 			return retval;
2559 	}
2560 
2561 	ld = tty_ldisc_ref_wait(tty);
2562 	if (!ld)
2563 		return hung_up_tty_compat_ioctl(file, cmd, arg);
2564 	if (ld->ops->compat_ioctl)
2565 		retval = ld->ops->compat_ioctl(tty, file, cmd, arg);
2566 	else
2567 		retval = n_tty_compat_ioctl_helper(tty, file, cmd, arg);
2568 	tty_ldisc_deref(ld);
2569 
2570 	return retval;
2571 }
2572 #endif
2573 
2574 static int this_tty(const void *t, struct file *file, unsigned fd)
2575 {
2576 	if (likely(file->f_op->read != tty_read))
2577 		return 0;
2578 	return file_tty(file) != t ? 0 : fd + 1;
2579 }
2580 
2581 /*
2582  * This implements the "Secure Attention Key" ---  the idea is to
2583  * prevent trojan horses by killing all processes associated with this
2584  * tty when the user hits the "Secure Attention Key".  Required for
2585  * super-paranoid applications --- see the Orange Book for more details.
2586  *
2587  * This code could be nicer; ideally it should send a HUP, wait a few
2588  * seconds, then send a INT, and then a KILL signal.  But you then
2589  * have to coordinate with the init process, since all processes associated
2590  * with the current tty must be dead before the new getty is allowed
2591  * to spawn.
2592  *
2593  * Now, if it would be correct ;-/ The current code has a nasty hole -
2594  * it doesn't catch files in flight. We may send the descriptor to ourselves
2595  * via AF_UNIX socket, close it and later fetch from socket. FIXME.
2596  *
2597  * Nasty bug: do_SAK is being called in interrupt context.  This can
2598  * deadlock.  We punt it up to process context.  AKPM - 16Mar2001
2599  */
2600 void __do_SAK(struct tty_struct *tty)
2601 {
2602 #ifdef TTY_SOFT_SAK
2603 	tty_hangup(tty);
2604 #else
2605 	struct task_struct *g, *p;
2606 	struct pid *session;
2607 	int		i;
2608 
2609 	if (!tty)
2610 		return;
2611 	session = tty->session;
2612 
2613 	tty_ldisc_flush(tty);
2614 
2615 	tty_driver_flush_buffer(tty);
2616 
2617 	read_lock(&tasklist_lock);
2618 	/* Kill the entire session */
2619 	do_each_pid_task(session, PIDTYPE_SID, p) {
2620 		tty_notice(tty, "SAK: killed process %d (%s): by session\n",
2621 			   task_pid_nr(p), p->comm);
2622 		send_sig(SIGKILL, p, 1);
2623 	} while_each_pid_task(session, PIDTYPE_SID, p);
2624 
2625 	/* Now kill any processes that happen to have the tty open */
2626 	do_each_thread(g, p) {
2627 		if (p->signal->tty == tty) {
2628 			tty_notice(tty, "SAK: killed process %d (%s): by controlling tty\n",
2629 				   task_pid_nr(p), p->comm);
2630 			send_sig(SIGKILL, p, 1);
2631 			continue;
2632 		}
2633 		task_lock(p);
2634 		i = iterate_fd(p->files, 0, this_tty, tty);
2635 		if (i != 0) {
2636 			tty_notice(tty, "SAK: killed process %d (%s): by fd#%d\n",
2637 				   task_pid_nr(p), p->comm, i - 1);
2638 			force_sig(SIGKILL, p);
2639 		}
2640 		task_unlock(p);
2641 	} while_each_thread(g, p);
2642 	read_unlock(&tasklist_lock);
2643 #endif
2644 }
2645 
2646 static void do_SAK_work(struct work_struct *work)
2647 {
2648 	struct tty_struct *tty =
2649 		container_of(work, struct tty_struct, SAK_work);
2650 	__do_SAK(tty);
2651 }
2652 
2653 /*
2654  * The tq handling here is a little racy - tty->SAK_work may already be queued.
2655  * Fortunately we don't need to worry, because if ->SAK_work is already queued,
2656  * the values which we write to it will be identical to the values which it
2657  * already has. --akpm
2658  */
2659 void do_SAK(struct tty_struct *tty)
2660 {
2661 	if (!tty)
2662 		return;
2663 	schedule_work(&tty->SAK_work);
2664 }
2665 
2666 EXPORT_SYMBOL(do_SAK);
2667 
2668 static int dev_match_devt(struct device *dev, const void *data)
2669 {
2670 	const dev_t *devt = data;
2671 	return dev->devt == *devt;
2672 }
2673 
2674 /* Must put_device() after it's unused! */
2675 static struct device *tty_get_device(struct tty_struct *tty)
2676 {
2677 	dev_t devt = tty_devnum(tty);
2678 	return class_find_device(tty_class, NULL, &devt, dev_match_devt);
2679 }
2680 
2681 
2682 /**
2683  *	alloc_tty_struct
2684  *
2685  *	This subroutine allocates and initializes a tty structure.
2686  *
2687  *	Locking: none - tty in question is not exposed at this point
2688  */
2689 
2690 struct tty_struct *alloc_tty_struct(struct tty_driver *driver, int idx)
2691 {
2692 	struct tty_struct *tty;
2693 
2694 	tty = kzalloc(sizeof(*tty), GFP_KERNEL);
2695 	if (!tty)
2696 		return NULL;
2697 
2698 	kref_init(&tty->kref);
2699 	tty->magic = TTY_MAGIC;
2700 	tty_ldisc_init(tty);
2701 	tty->session = NULL;
2702 	tty->pgrp = NULL;
2703 	mutex_init(&tty->legacy_mutex);
2704 	mutex_init(&tty->throttle_mutex);
2705 	init_rwsem(&tty->termios_rwsem);
2706 	mutex_init(&tty->winsize_mutex);
2707 	init_ldsem(&tty->ldisc_sem);
2708 	init_waitqueue_head(&tty->write_wait);
2709 	init_waitqueue_head(&tty->read_wait);
2710 	INIT_WORK(&tty->hangup_work, do_tty_hangup);
2711 	mutex_init(&tty->atomic_write_lock);
2712 	spin_lock_init(&tty->ctrl_lock);
2713 	spin_lock_init(&tty->flow_lock);
2714 	spin_lock_init(&tty->files_lock);
2715 	INIT_LIST_HEAD(&tty->tty_files);
2716 	INIT_WORK(&tty->SAK_work, do_SAK_work);
2717 
2718 	tty->driver = driver;
2719 	tty->ops = driver->ops;
2720 	tty->index = idx;
2721 	tty_line_name(driver, idx, tty->name);
2722 	tty->dev = tty_get_device(tty);
2723 
2724 	return tty;
2725 }
2726 
2727 /**
2728  *	tty_put_char	-	write one character to a tty
2729  *	@tty: tty
2730  *	@ch: character
2731  *
2732  *	Write one byte to the tty using the provided put_char method
2733  *	if present. Returns the number of characters successfully output.
2734  *
2735  *	Note: the specific put_char operation in the driver layer may go
2736  *	away soon. Don't call it directly, use this method
2737  */
2738 
2739 int tty_put_char(struct tty_struct *tty, unsigned char ch)
2740 {
2741 	if (tty->ops->put_char)
2742 		return tty->ops->put_char(tty, ch);
2743 	return tty->ops->write(tty, &ch, 1);
2744 }
2745 EXPORT_SYMBOL_GPL(tty_put_char);
2746 
2747 struct class *tty_class;
2748 
2749 static int tty_cdev_add(struct tty_driver *driver, dev_t dev,
2750 		unsigned int index, unsigned int count)
2751 {
2752 	int err;
2753 
2754 	/* init here, since reused cdevs cause crashes */
2755 	driver->cdevs[index] = cdev_alloc();
2756 	if (!driver->cdevs[index])
2757 		return -ENOMEM;
2758 	driver->cdevs[index]->ops = &tty_fops;
2759 	driver->cdevs[index]->owner = driver->owner;
2760 	err = cdev_add(driver->cdevs[index], dev, count);
2761 	if (err)
2762 		kobject_put(&driver->cdevs[index]->kobj);
2763 	return err;
2764 }
2765 
2766 /**
2767  *	tty_register_device - register a tty device
2768  *	@driver: the tty driver that describes the tty device
2769  *	@index: the index in the tty driver for this tty device
2770  *	@device: a struct device that is associated with this tty device.
2771  *		This field is optional, if there is no known struct device
2772  *		for this tty device it can be set to NULL safely.
2773  *
2774  *	Returns a pointer to the struct device for this tty device
2775  *	(or ERR_PTR(-EFOO) on error).
2776  *
2777  *	This call is required to be made to register an individual tty device
2778  *	if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set.  If
2779  *	that bit is not set, this function should not be called by a tty
2780  *	driver.
2781  *
2782  *	Locking: ??
2783  */
2784 
2785 struct device *tty_register_device(struct tty_driver *driver, unsigned index,
2786 				   struct device *device)
2787 {
2788 	return tty_register_device_attr(driver, index, device, NULL, NULL);
2789 }
2790 EXPORT_SYMBOL(tty_register_device);
2791 
2792 static void tty_device_create_release(struct device *dev)
2793 {
2794 	dev_dbg(dev, "releasing...\n");
2795 	kfree(dev);
2796 }
2797 
2798 /**
2799  *	tty_register_device_attr - register a tty device
2800  *	@driver: the tty driver that describes the tty device
2801  *	@index: the index in the tty driver for this tty device
2802  *	@device: a struct device that is associated with this tty device.
2803  *		This field is optional, if there is no known struct device
2804  *		for this tty device it can be set to NULL safely.
2805  *	@drvdata: Driver data to be set to device.
2806  *	@attr_grp: Attribute group to be set on device.
2807  *
2808  *	Returns a pointer to the struct device for this tty device
2809  *	(or ERR_PTR(-EFOO) on error).
2810  *
2811  *	This call is required to be made to register an individual tty device
2812  *	if the tty driver's flags have the TTY_DRIVER_DYNAMIC_DEV bit set.  If
2813  *	that bit is not set, this function should not be called by a tty
2814  *	driver.
2815  *
2816  *	Locking: ??
2817  */
2818 struct device *tty_register_device_attr(struct tty_driver *driver,
2819 				   unsigned index, struct device *device,
2820 				   void *drvdata,
2821 				   const struct attribute_group **attr_grp)
2822 {
2823 	char name[64];
2824 	dev_t devt = MKDEV(driver->major, driver->minor_start) + index;
2825 	struct ktermios *tp;
2826 	struct device *dev;
2827 	int retval;
2828 
2829 	if (index >= driver->num) {
2830 		pr_err("%s: Attempt to register invalid tty line number (%d)\n",
2831 		       driver->name, index);
2832 		return ERR_PTR(-EINVAL);
2833 	}
2834 
2835 	if (driver->type == TTY_DRIVER_TYPE_PTY)
2836 		pty_line_name(driver, index, name);
2837 	else
2838 		tty_line_name(driver, index, name);
2839 
2840 	dev = kzalloc(sizeof(*dev), GFP_KERNEL);
2841 	if (!dev)
2842 		return ERR_PTR(-ENOMEM);
2843 
2844 	dev->devt = devt;
2845 	dev->class = tty_class;
2846 	dev->parent = device;
2847 	dev->release = tty_device_create_release;
2848 	dev_set_name(dev, "%s", name);
2849 	dev->groups = attr_grp;
2850 	dev_set_drvdata(dev, drvdata);
2851 
2852 	dev_set_uevent_suppress(dev, 1);
2853 
2854 	retval = device_register(dev);
2855 	if (retval)
2856 		goto err_put;
2857 
2858 	if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
2859 		/*
2860 		 * Free any saved termios data so that the termios state is
2861 		 * reset when reusing a minor number.
2862 		 */
2863 		tp = driver->termios[index];
2864 		if (tp) {
2865 			driver->termios[index] = NULL;
2866 			kfree(tp);
2867 		}
2868 
2869 		retval = tty_cdev_add(driver, devt, index, 1);
2870 		if (retval)
2871 			goto err_del;
2872 	}
2873 
2874 	dev_set_uevent_suppress(dev, 0);
2875 	kobject_uevent(&dev->kobj, KOBJ_ADD);
2876 
2877 	return dev;
2878 
2879 err_del:
2880 	device_del(dev);
2881 err_put:
2882 	put_device(dev);
2883 
2884 	return ERR_PTR(retval);
2885 }
2886 EXPORT_SYMBOL_GPL(tty_register_device_attr);
2887 
2888 /**
2889  * 	tty_unregister_device - unregister a tty device
2890  * 	@driver: the tty driver that describes the tty device
2891  * 	@index: the index in the tty driver for this tty device
2892  *
2893  * 	If a tty device is registered with a call to tty_register_device() then
2894  *	this function must be called when the tty device is gone.
2895  *
2896  *	Locking: ??
2897  */
2898 
2899 void tty_unregister_device(struct tty_driver *driver, unsigned index)
2900 {
2901 	device_destroy(tty_class,
2902 		MKDEV(driver->major, driver->minor_start) + index);
2903 	if (!(driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
2904 		cdev_del(driver->cdevs[index]);
2905 		driver->cdevs[index] = NULL;
2906 	}
2907 }
2908 EXPORT_SYMBOL(tty_unregister_device);
2909 
2910 /**
2911  * __tty_alloc_driver -- allocate tty driver
2912  * @lines: count of lines this driver can handle at most
2913  * @owner: module which is responsible for this driver
2914  * @flags: some of TTY_DRIVER_* flags, will be set in driver->flags
2915  *
2916  * This should not be called directly, some of the provided macros should be
2917  * used instead. Use IS_ERR and friends on @retval.
2918  */
2919 struct tty_driver *__tty_alloc_driver(unsigned int lines, struct module *owner,
2920 		unsigned long flags)
2921 {
2922 	struct tty_driver *driver;
2923 	unsigned int cdevs = 1;
2924 	int err;
2925 
2926 	if (!lines || (flags & TTY_DRIVER_UNNUMBERED_NODE && lines > 1))
2927 		return ERR_PTR(-EINVAL);
2928 
2929 	driver = kzalloc(sizeof(struct tty_driver), GFP_KERNEL);
2930 	if (!driver)
2931 		return ERR_PTR(-ENOMEM);
2932 
2933 	kref_init(&driver->kref);
2934 	driver->magic = TTY_DRIVER_MAGIC;
2935 	driver->num = lines;
2936 	driver->owner = owner;
2937 	driver->flags = flags;
2938 
2939 	if (!(flags & TTY_DRIVER_DEVPTS_MEM)) {
2940 		driver->ttys = kcalloc(lines, sizeof(*driver->ttys),
2941 				GFP_KERNEL);
2942 		driver->termios = kcalloc(lines, sizeof(*driver->termios),
2943 				GFP_KERNEL);
2944 		if (!driver->ttys || !driver->termios) {
2945 			err = -ENOMEM;
2946 			goto err_free_all;
2947 		}
2948 	}
2949 
2950 	if (!(flags & TTY_DRIVER_DYNAMIC_ALLOC)) {
2951 		driver->ports = kcalloc(lines, sizeof(*driver->ports),
2952 				GFP_KERNEL);
2953 		if (!driver->ports) {
2954 			err = -ENOMEM;
2955 			goto err_free_all;
2956 		}
2957 		cdevs = lines;
2958 	}
2959 
2960 	driver->cdevs = kcalloc(cdevs, sizeof(*driver->cdevs), GFP_KERNEL);
2961 	if (!driver->cdevs) {
2962 		err = -ENOMEM;
2963 		goto err_free_all;
2964 	}
2965 
2966 	return driver;
2967 err_free_all:
2968 	kfree(driver->ports);
2969 	kfree(driver->ttys);
2970 	kfree(driver->termios);
2971 	kfree(driver->cdevs);
2972 	kfree(driver);
2973 	return ERR_PTR(err);
2974 }
2975 EXPORT_SYMBOL(__tty_alloc_driver);
2976 
2977 static void destruct_tty_driver(struct kref *kref)
2978 {
2979 	struct tty_driver *driver = container_of(kref, struct tty_driver, kref);
2980 	int i;
2981 	struct ktermios *tp;
2982 
2983 	if (driver->flags & TTY_DRIVER_INSTALLED) {
2984 		for (i = 0; i < driver->num; i++) {
2985 			tp = driver->termios[i];
2986 			if (tp) {
2987 				driver->termios[i] = NULL;
2988 				kfree(tp);
2989 			}
2990 			if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV))
2991 				tty_unregister_device(driver, i);
2992 		}
2993 		proc_tty_unregister_driver(driver);
2994 		if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC)
2995 			cdev_del(driver->cdevs[0]);
2996 	}
2997 	kfree(driver->cdevs);
2998 	kfree(driver->ports);
2999 	kfree(driver->termios);
3000 	kfree(driver->ttys);
3001 	kfree(driver);
3002 }
3003 
3004 void tty_driver_kref_put(struct tty_driver *driver)
3005 {
3006 	kref_put(&driver->kref, destruct_tty_driver);
3007 }
3008 EXPORT_SYMBOL(tty_driver_kref_put);
3009 
3010 void tty_set_operations(struct tty_driver *driver,
3011 			const struct tty_operations *op)
3012 {
3013 	driver->ops = op;
3014 };
3015 EXPORT_SYMBOL(tty_set_operations);
3016 
3017 void put_tty_driver(struct tty_driver *d)
3018 {
3019 	tty_driver_kref_put(d);
3020 }
3021 EXPORT_SYMBOL(put_tty_driver);
3022 
3023 /*
3024  * Called by a tty driver to register itself.
3025  */
3026 int tty_register_driver(struct tty_driver *driver)
3027 {
3028 	int error;
3029 	int i;
3030 	dev_t dev;
3031 	struct device *d;
3032 
3033 	if (!driver->major) {
3034 		error = alloc_chrdev_region(&dev, driver->minor_start,
3035 						driver->num, driver->name);
3036 		if (!error) {
3037 			driver->major = MAJOR(dev);
3038 			driver->minor_start = MINOR(dev);
3039 		}
3040 	} else {
3041 		dev = MKDEV(driver->major, driver->minor_start);
3042 		error = register_chrdev_region(dev, driver->num, driver->name);
3043 	}
3044 	if (error < 0)
3045 		goto err;
3046 
3047 	if (driver->flags & TTY_DRIVER_DYNAMIC_ALLOC) {
3048 		error = tty_cdev_add(driver, dev, 0, driver->num);
3049 		if (error)
3050 			goto err_unreg_char;
3051 	}
3052 
3053 	mutex_lock(&tty_mutex);
3054 	list_add(&driver->tty_drivers, &tty_drivers);
3055 	mutex_unlock(&tty_mutex);
3056 
3057 	if (!(driver->flags & TTY_DRIVER_DYNAMIC_DEV)) {
3058 		for (i = 0; i < driver->num; i++) {
3059 			d = tty_register_device(driver, i, NULL);
3060 			if (IS_ERR(d)) {
3061 				error = PTR_ERR(d);
3062 				goto err_unreg_devs;
3063 			}
3064 		}
3065 	}
3066 	proc_tty_register_driver(driver);
3067 	driver->flags |= TTY_DRIVER_INSTALLED;
3068 	return 0;
3069 
3070 err_unreg_devs:
3071 	for (i--; i >= 0; i--)
3072 		tty_unregister_device(driver, i);
3073 
3074 	mutex_lock(&tty_mutex);
3075 	list_del(&driver->tty_drivers);
3076 	mutex_unlock(&tty_mutex);
3077 
3078 err_unreg_char:
3079 	unregister_chrdev_region(dev, driver->num);
3080 err:
3081 	return error;
3082 }
3083 EXPORT_SYMBOL(tty_register_driver);
3084 
3085 /*
3086  * Called by a tty driver to unregister itself.
3087  */
3088 int tty_unregister_driver(struct tty_driver *driver)
3089 {
3090 #if 0
3091 	/* FIXME */
3092 	if (driver->refcount)
3093 		return -EBUSY;
3094 #endif
3095 	unregister_chrdev_region(MKDEV(driver->major, driver->minor_start),
3096 				driver->num);
3097 	mutex_lock(&tty_mutex);
3098 	list_del(&driver->tty_drivers);
3099 	mutex_unlock(&tty_mutex);
3100 	return 0;
3101 }
3102 
3103 EXPORT_SYMBOL(tty_unregister_driver);
3104 
3105 dev_t tty_devnum(struct tty_struct *tty)
3106 {
3107 	return MKDEV(tty->driver->major, tty->driver->minor_start) + tty->index;
3108 }
3109 EXPORT_SYMBOL(tty_devnum);
3110 
3111 void tty_default_fops(struct file_operations *fops)
3112 {
3113 	*fops = tty_fops;
3114 }
3115 
3116 static char *tty_devnode(struct device *dev, umode_t *mode)
3117 {
3118 	if (!mode)
3119 		return NULL;
3120 	if (dev->devt == MKDEV(TTYAUX_MAJOR, 0) ||
3121 	    dev->devt == MKDEV(TTYAUX_MAJOR, 2))
3122 		*mode = 0666;
3123 	return NULL;
3124 }
3125 
3126 static int __init tty_class_init(void)
3127 {
3128 	tty_class = class_create(THIS_MODULE, "tty");
3129 	if (IS_ERR(tty_class))
3130 		return PTR_ERR(tty_class);
3131 	tty_class->devnode = tty_devnode;
3132 	return 0;
3133 }
3134 
3135 postcore_initcall(tty_class_init);
3136 
3137 /* 3/2004 jmc: why do these devices exist? */
3138 static struct cdev tty_cdev, console_cdev;
3139 
3140 static ssize_t show_cons_active(struct device *dev,
3141 				struct device_attribute *attr, char *buf)
3142 {
3143 	struct console *cs[16];
3144 	int i = 0;
3145 	struct console *c;
3146 	ssize_t count = 0;
3147 
3148 	console_lock();
3149 	for_each_console(c) {
3150 		if (!c->device)
3151 			continue;
3152 		if (!c->write)
3153 			continue;
3154 		if ((c->flags & CON_ENABLED) == 0)
3155 			continue;
3156 		cs[i++] = c;
3157 		if (i >= ARRAY_SIZE(cs))
3158 			break;
3159 	}
3160 	while (i--) {
3161 		int index = cs[i]->index;
3162 		struct tty_driver *drv = cs[i]->device(cs[i], &index);
3163 
3164 		/* don't resolve tty0 as some programs depend on it */
3165 		if (drv && (cs[i]->index > 0 || drv->major != TTY_MAJOR))
3166 			count += tty_line_name(drv, index, buf + count);
3167 		else
3168 			count += sprintf(buf + count, "%s%d",
3169 					 cs[i]->name, cs[i]->index);
3170 
3171 		count += sprintf(buf + count, "%c", i ? ' ':'\n');
3172 	}
3173 	console_unlock();
3174 
3175 	return count;
3176 }
3177 static DEVICE_ATTR(active, S_IRUGO, show_cons_active, NULL);
3178 
3179 static struct attribute *cons_dev_attrs[] = {
3180 	&dev_attr_active.attr,
3181 	NULL
3182 };
3183 
3184 ATTRIBUTE_GROUPS(cons_dev);
3185 
3186 static struct device *consdev;
3187 
3188 void console_sysfs_notify(void)
3189 {
3190 	if (consdev)
3191 		sysfs_notify(&consdev->kobj, NULL, "active");
3192 }
3193 
3194 /*
3195  * Ok, now we can initialize the rest of the tty devices and can count
3196  * on memory allocations, interrupts etc..
3197  */
3198 int __init tty_init(void)
3199 {
3200 	cdev_init(&tty_cdev, &tty_fops);
3201 	if (cdev_add(&tty_cdev, MKDEV(TTYAUX_MAJOR, 0), 1) ||
3202 	    register_chrdev_region(MKDEV(TTYAUX_MAJOR, 0), 1, "/dev/tty") < 0)
3203 		panic("Couldn't register /dev/tty driver\n");
3204 	device_create(tty_class, NULL, MKDEV(TTYAUX_MAJOR, 0), NULL, "tty");
3205 
3206 	cdev_init(&console_cdev, &console_fops);
3207 	if (cdev_add(&console_cdev, MKDEV(TTYAUX_MAJOR, 1), 1) ||
3208 	    register_chrdev_region(MKDEV(TTYAUX_MAJOR, 1), 1, "/dev/console") < 0)
3209 		panic("Couldn't register /dev/console driver\n");
3210 	consdev = device_create_with_groups(tty_class, NULL,
3211 					    MKDEV(TTYAUX_MAJOR, 1), NULL,
3212 					    cons_dev_groups, "console");
3213 	if (IS_ERR(consdev))
3214 		consdev = NULL;
3215 
3216 #ifdef CONFIG_VT
3217 	vty_init(&console_fops);
3218 #endif
3219 	return 0;
3220 }
3221 
3222