tty: BKL pushdown

		return -EFAULT;

		return -EFAULT;

	}

	}

	lock_kernel();

	for (;;) {

	for (;;) {

		if (test_bit(TTY_OTHER_CLOSED, &tty->flags))

		if (test_bit(TTY_OTHER_CLOSED, &tty->flags)) {

			unlock_kernel();

			return -EIO;

			return -EIO;

		}

		n_hdlc = tty2n_hdlc (tty);

		n_hdlc = tty2n_hdlc (tty);

		if (!n_hdlc || n_hdlc->magic != HDLC_MAGIC ||

		if (!n_hdlc || n_hdlc->magic != HDLC_MAGIC ||

			 tty != n_hdlc->tty)

			 tty != n_hdlc->tty) {

			unlock_kernel();

			return 0;

			return 0;

		}

		rbuf = n_hdlc_buf_get(&n_hdlc->rx_buf_list);

		rbuf = n_hdlc_buf_get(&n_hdlc->rx_buf_list);

		if (rbuf)

		if (rbuf)

			break;

			break;

		/* no data */

		/* no data */

		if (file->f_flags & O_NONBLOCK)

		if (file->f_flags & O_NONBLOCK) {

			unlock_kernel();

			return -EAGAIN;

			return -EAGAIN;

		}

		interruptible_sleep_on (&tty->read_wait);

		interruptible_sleep_on (&tty->read_wait);

		if (signal_pending(current))

		if (signal_pending(current)) {

			unlock_kernel();

			return -EINTR;

			return -EINTR;

		}

		}

	}

	if (rbuf->count > nr)

	if (rbuf->count > nr)

		/* frame too large for caller's buffer (discard frame) */

		/* frame too large for caller's buffer (discard frame) */

		kfree(rbuf);

		kfree(rbuf);

	else	

	else	

		n_hdlc_buf_put(&n_hdlc->rx_free_buf_list,rbuf);

		n_hdlc_buf_put(&n_hdlc->rx_free_buf_list,rbuf);

	unlock_kernel();

	return ret;

	return ret;

}	/* end of n_hdlc_tty_read() */

}	/* end of n_hdlc_tty_read() */

		count = maxframe;

		count = maxframe;

	}

	}

	lock_kernel();

	add_wait_queue(&tty->write_wait, &wait);

	add_wait_queue(&tty->write_wait, &wait);

	set_current_state(TASK_INTERRUPTIBLE);

	set_current_state(TASK_INTERRUPTIBLE);

		n_hdlc_buf_put(&n_hdlc->tx_buf_list,tbuf);

		n_hdlc_buf_put(&n_hdlc->tx_buf_list,tbuf);

		n_hdlc_send_frames(n_hdlc,tty);

		n_hdlc_send_frames(n_hdlc,tty);

	}

	}

	unlock_kernel();

	return error;

	return error;

}	/* end of n_hdlc_tty_write() */

}	/* end of n_hdlc_tty_write() */

	TRACE_L("read()");

	TRACE_L("read()");

	lock_kernel();

	pClient = findClient(pInfo, task_pid(current));

	pClient = findClient(pInfo, task_pid(current));

	if (pClient) {

	if (pClient) {

		pMsg = remove_msg(pInfo, pClient);

		pMsg = remove_msg(pInfo, pClient);

		if (pMsg == NULL) {

		if (pMsg == NULL) {

			/* no messages available. */

			/* no messages available. */

			if (file->f_flags & O_NONBLOCK) {

			if (file->f_flags & O_NONBLOCK) {

				unlock_kernel();

				return -EAGAIN;

				return -EAGAIN;

			}

			}

			/* block until there is a message: */

			/* block until there is a message: */

		/* If we still haven't got a message, we must have been signalled */

		/* If we still haven't got a message, we must have been signalled */

		if (!pMsg)

		if (!pMsg) {

			unlock_kernel();

			return -EINTR;

			return -EINTR;

		}

		/* deliver msg to client process: */

		/* deliver msg to client process: */

		theMsg.msg_id = pMsg->msg_id;

		theMsg.msg_id = pMsg->msg_id;

		kfree(pMsg);

		kfree(pMsg);

		TRACE_M("r3964_read - msg kfree %p", pMsg);

		TRACE_M("r3964_read - msg kfree %p", pMsg);

		if (copy_to_user(buf, &theMsg, count))

		if (copy_to_user(buf, &theMsg, count)) {

			unlock_kernel();

			return -EFAULT;

			return -EFAULT;

		}

		TRACE_PS("read - return %d", count);

		TRACE_PS("read - return %d", count);

		return count;

		return count;

	}

	}

	unlock_kernel();

	return -EPERM;

	return -EPERM;

}

}

	pHeader->locks = 0;

	pHeader->locks = 0;

	pHeader->owner = NULL;

	pHeader->owner = NULL;

	lock_kernel();

	pClient = findClient(pInfo, task_pid(current));

	pClient = findClient(pInfo, task_pid(current));

	if (pClient) {

	if (pClient) {

		pHeader->owner = pClient;

		pHeader->owner = pClient;

	add_tx_queue(pInfo, pHeader);

	add_tx_queue(pInfo, pHeader);

	trigger_transmit(pInfo);

	trigger_transmit(pInfo);

	unlock_kernel();

	return 0;

	return 0;

}

}

 *	at hangup) or when the N_TTY line discipline internally has to

 *	at hangup) or when the N_TTY line discipline internally has to

 *	clean the pending queue (for example some signals).

 *	clean the pending queue (for example some signals).

 *

 *

 *	FIXME: tty->ctrl_status is not spinlocked and relies on

 *	Locking: ctrl_lock

 *	lock_kernel() still.

 */

 */

static void n_tty_flush_buffer(struct tty_struct *tty)

static void n_tty_flush_buffer(struct tty_struct *tty)

{

{

	unsigned long flags;

	/* clear everything and unthrottle the driver */

	/* clear everything and unthrottle the driver */

	reset_buffer_flags(tty);

	reset_buffer_flags(tty);

	if (!tty->link)

	if (!tty->link)

		return;

		return;

	spin_lock_irqsave(&tty->ctrl_lock, flags);

	if (tty->link->packet) {

	if (tty->link->packet) {

		tty->ctrl_status |= TIOCPKT_FLUSHREAD;

		tty->ctrl_status |= TIOCPKT_FLUSHREAD;

		wake_up_interruptible(&tty->link->read_wait);

		wake_up_interruptible(&tty->link->read_wait);

	}

	}

	spin_unlock_irqrestore(&tty->ctrl_lock, flags);

}

}

/**

/**

 *	relevant in the world today. If you ever need them, add them here.

 *	relevant in the world today. If you ever need them, add them here.

 *

 *

 *	Called from both the receive and transmit sides and can be called

 *	Called from both the receive and transmit sides and can be called

 *	re-entrantly. Relies on lock_kernel() still.

 *	re-entrantly. Relies on lock_kernel() for tty->column state.

 */

 */

static int opost(unsigned char c, struct tty_struct *tty)

static int opost(unsigned char c, struct tty_struct *tty)

	if (!space)

	if (!space)

		return -1;

		return -1;

	lock_kernel();

	if (O_OPOST(tty)) {

	if (O_OPOST(tty)) {

		switch (c) {

		switch (c) {

		case '\n':

		case '\n':

		}

		}

	}

	}

	tty->driver->put_char(tty, c);

	tty->driver->put_char(tty, c);

	unlock_kernel();

	return 0;

	return 0;

}

}

 *	the simple cases normally found and helps to generate blocks of

 *	the simple cases normally found and helps to generate blocks of

 *	symbols for the console driver and thus improve performance.

 *	symbols for the console driver and thus improve performance.

 *

 *

 *	Called from write_chan under the tty layer write lock.

 *	Called from write_chan under the tty layer write lock. Relies

 *	on lock_kernel for the tty->column state.

 */

 */

static ssize_t opost_block(struct tty_struct *tty,

static ssize_t opost_block(struct tty_struct *tty,

	if (nr > space)

	if (nr > space)

		nr = space;

		nr = space;

	lock_kernel();

	for (i = 0, cp = buf; i < nr; i++, cp++) {

	for (i = 0, cp = buf; i < nr; i++, cp++) {

		switch (*cp) {

		switch (*cp) {

		case '\n':

		case '\n':

	if (tty->driver->flush_chars)

	if (tty->driver->flush_chars)

		tty->driver->flush_chars(tty);

		tty->driver->flush_chars(tty);

	i = tty->driver->write(tty, buf, i);

	i = tty->driver->write(tty, buf, i);

	unlock_kernel();

	return i;

	return i;

}

}

 *	Perform job control management checks on this file/tty descriptor

 *	Perform job control management checks on this file/tty descriptor

 *	and if appropriate send any needed signals and return a negative

 *	and if appropriate send any needed signals and return a negative

 *	error code if action should be taken.

 *	error code if action should be taken.

 *

 *	FIXME:

 *	Locking: None - redirected write test is safe, testing

 *	current->signal should possibly lock current->sighand

 *	pgrp locking ?

 */

 */

static int job_control(struct tty_struct *tty, struct file *file)

static int job_control(struct tty_struct *tty, struct file *file)

	ssize_t size;

	ssize_t size;

	long timeout;

	long timeout;

	unsigned long flags;

	unsigned long flags;

	int packet;

do_it_again:

do_it_again:

		if (mutex_lock_interruptible(&tty->atomic_read_lock))

		if (mutex_lock_interruptible(&tty->atomic_read_lock))

			return -ERESTARTSYS;

			return -ERESTARTSYS;

	}

	}

	packet = tty->packet;

	add_wait_queue(&tty->read_wait, &wait);

	add_wait_queue(&tty->read_wait, &wait);

	while (nr) {

	while (nr) {

		/* First test for status change. */

		/* First test for status change. */

		if (tty->packet && tty->link->ctrl_status) {

		if (packet && tty->link->ctrl_status) {

			unsigned char cs;

			unsigned char cs;

			if (b != buf)

			if (b != buf)

				break;

				break;

			spin_lock_irqsave(&tty->link->ctrl_lock, flags);

			cs = tty->link->ctrl_status;

			cs = tty->link->ctrl_status;

			tty->link->ctrl_status = 0;

			tty->link->ctrl_status = 0;

			spin_unlock_irqrestore(&tty->link->ctrl_lock, flags);

			if (tty_put_user(tty, cs, b++)) {

			if (tty_put_user(tty, cs, b++)) {

				retval = -EFAULT;

				retval = -EFAULT;

				b--;

				b--;

				retval = -ERESTARTSYS;

				retval = -ERESTARTSYS;

				break;

				break;

			}

			}

			/* FIXME: does n_tty_set_room need locking ? */

			n_tty_set_room(tty);

			n_tty_set_room(tty);

			timeout = schedule_timeout(timeout);

			timeout = schedule_timeout(timeout);

			continue;

			continue;

		__set_current_state(TASK_RUNNING);

		__set_current_state(TASK_RUNNING);

		/* Deal with packet mode. */

		/* Deal with packet mode. */

		if (tty->packet && b == buf) {

		if (packet && b == buf) {

			if (tty_put_user(tty, TIOCPKT_DATA, b++)) {

			if (tty_put_user(tty, TIOCPKT_DATA, b++)) {

				retval = -EFAULT;

				retval = -EFAULT;

				b--;

				b--;

				break;

				break;

		} else {

		} else {

			int uncopied;

			int uncopied;

			/* The copy function takes the read lock and handles

			   locking internally for this case */

			uncopied = copy_from_read_buf(tty, &b, &nr);

			uncopied = copy_from_read_buf(tty, &b, &nr);

			uncopied += copy_from_read_buf(tty, &b, &nr);

			uncopied += copy_from_read_buf(tty, &b, &nr);

			if (uncopied) {

			if (uncopied) {

		 goto do_it_again;

		 goto do_it_again;

	n_tty_set_room(tty);

	n_tty_set_room(tty);

	return retval;

	return retval;

}

}

static void pty_flush_buffer(struct tty_struct *tty)

static void pty_flush_buffer(struct tty_struct *tty)

{

{

	struct tty_struct *to = tty->link;

	struct tty_struct *to = tty->link;

	unsigned long flags;

	if (!to)

	if (!to)

		return;

		return;

		to->ldisc.flush_buffer(to);

		to->ldisc.flush_buffer(to);

	if (to->packet) {

	if (to->packet) {

		spin_lock_irqsave(&tty->ctrl_lock, flags);

		tty->ctrl_status |= TIOCPKT_FLUSHWRITE;

		tty->ctrl_status |= TIOCPKT_FLUSHWRITE;

		wake_up_interruptible(&to->read_wait);

		wake_up_interruptible(&to->read_wait);

		spin_unlock_irqrestore(&tty->ctrl_lock, flags);

	}

	}

}

}

static unsigned int tty_poll(struct file *, poll_table *);

static unsigned int tty_poll(struct file *, poll_table *);

static int tty_open(struct inode *, struct file *);

static int tty_open(struct inode *, struct file *);

static int tty_release(struct inode *, struct file *);

static int tty_release(struct inode *, struct file *);

int tty_ioctl(struct inode *inode, struct file *file,

long tty_ioctl(struct file *file, unsigned int cmd, unsigned long arg);

	      unsigned int cmd, unsigned long arg);

#ifdef CONFIG_COMPAT

#ifdef CONFIG_COMPAT

static long tty_compat_ioctl(struct file *file, unsigned int cmd,

static long tty_compat_ioctl(struct file *file, unsigned int cmd,

				unsigned long arg);

				unsigned long arg);

 *	not in the foreground, send a SIGTTOU.  If the signal is blocked or

 *	not in the foreground, send a SIGTTOU.  If the signal is blocked or

 *	ignored, go ahead and perform the operation.  (POSIX 7.2)

 *	ignored, go ahead and perform the operation.  (POSIX 7.2)

 *

 *

 *	Locking: none

 *	Locking: none - FIXME: review this

 */

 */

int tty_check_change(struct tty_struct *tty)

int tty_check_change(struct tty_struct *tty)

	return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;

	return POLLIN | POLLOUT | POLLERR | POLLHUP | POLLRDNORM | POLLWRNORM;

}

}

static int hung_up_tty_ioctl(struct inode *inode, struct file *file,

static long hung_up_tty_ioctl(struct file *file, unsigned int cmd,

			     unsigned int cmd, unsigned long arg)

		unsigned long arg)

{

{

	return cmd == TIOCSPGRP ? -ENOTTY : -EIO;

	return cmd == TIOCSPGRP ? -ENOTTY : -EIO;

}

}

	.read		= tty_read,

	.read		= tty_read,

	.write		= tty_write,

	.write		= tty_write,

	.poll		= tty_poll,

	.poll		= tty_poll,

	.ioctl		= tty_ioctl,

	.unlocked_ioctl	= tty_ioctl,

	.compat_ioctl	= tty_compat_ioctl,

	.compat_ioctl	= tty_compat_ioctl,

	.open		= tty_open,

	.open		= tty_open,

	.release	= tty_release,

	.release	= tty_release,

	.read		= tty_read,

	.read		= tty_read,

	.write		= tty_write,

	.write		= tty_write,

	.poll		= tty_poll,

	.poll		= tty_poll,

	.ioctl		= tty_ioctl,

	.unlocked_ioctl	= tty_ioctl,

	.compat_ioctl	= tty_compat_ioctl,

	.compat_ioctl	= tty_compat_ioctl,

	.open		= ptmx_open,

	.open		= ptmx_open,

	.release	= tty_release,

	.release	= tty_release,

	.read		= tty_read,

	.read		= tty_read,

	.write		= redirected_tty_write,

	.write		= redirected_tty_write,

	.poll		= tty_poll,

	.poll		= tty_poll,

	.ioctl		= tty_ioctl,

	.unlocked_ioctl	= tty_ioctl,

	.compat_ioctl	= tty_compat_ioctl,

	.compat_ioctl	= tty_compat_ioctl,

	.open		= tty_open,

	.open		= tty_open,

	.release	= tty_release,

	.release	= tty_release,

	.read		= hung_up_tty_read,

	.read		= hung_up_tty_read,

	.write		= hung_up_tty_write,

	.write		= hung_up_tty_write,

	.poll		= hung_up_tty_poll,

	.poll		= hung_up_tty_poll,

	.ioctl		= hung_up_tty_ioctl,

	.unlocked_ioctl	= hung_up_tty_ioctl,

	.compat_ioctl	= hung_up_tty_compat_ioctl,

	.compat_ioctl	= hung_up_tty_compat_ioctl,

	.release	= tty_release,

	.release	= tty_release,

};

};

	struct tty_struct *tty;

	struct tty_struct *tty;

	struct pid *tty_pgrp = NULL;

	struct pid *tty_pgrp = NULL;

	lock_kernel();

	mutex_lock(&tty_mutex);

	mutex_lock(&tty_mutex);

	tty = get_current_tty();

	tty = get_current_tty();

	if (tty) {

	if (tty) {

		tty_pgrp = get_pid(tty->pgrp);

		tty_pgrp = get_pid(tty->pgrp);

		mutex_unlock(&tty_mutex);

		mutex_unlock(&tty_mutex);

		lock_kernel();

		/* XXX: here we race, there is nothing protecting tty */

		/* XXX: here we race, there is nothing protecting tty */

		if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY)

		if (on_exit && tty->driver->type != TTY_DRIVER_TYPE_PTY)

			tty_vhangup(tty);

			tty_vhangup(tty);

		unlock_kernel();

	} else if (on_exit) {

	} else if (on_exit) {

		struct pid *old_pgrp;

		struct pid *old_pgrp;

		spin_lock_irq(&current->sighand->siglock);

		spin_lock_irq(&current->sighand->siglock);

			put_pid(old_pgrp);

			put_pid(old_pgrp);

		}

		}

		mutex_unlock(&tty_mutex);

		mutex_unlock(&tty_mutex);

		unlock_kernel();

		return;

		return;

	}

	}

	if (tty_pgrp) {

	if (tty_pgrp) {

	read_lock(&tasklist_lock);

	read_lock(&tasklist_lock);

	session_clear_tty(task_session(current));

	session_clear_tty(task_session(current));

	read_unlock(&tasklist_lock);

	read_unlock(&tasklist_lock);

	unlock_kernel();

}

}

/**

/**

void no_tty(void)

void no_tty(void)

{

{

	struct task_struct *tsk = current;

	struct task_struct *tsk = current;

	lock_kernel();

	if (tsk->signal->leader)

	if (tsk->signal->leader)

		disassociate_ctty(0);

		disassociate_ctty(0);

	unlock_kernel();

	proc_clear_tty(tsk);

	proc_clear_tty(tsk);

}

}

 *	but not always.

 *	but not always.

 *

 *

 *	Locking:

 *	Locking:

 *		Broken. Relies on BKL which is unsafe here.

 *		Uses the tty control lock internally

 */

 */

void stop_tty(struct tty_struct *tty)

void stop_tty(struct tty_struct *tty)

{

{

	if (tty->stopped)

	unsigned long flags;

	spin_lock_irqsave(&tty->ctrl_lock, flags);

	if (tty->stopped) {

		spin_unlock_irqrestore(&tty->ctrl_lock, flags);

		return;

		return;

	}

	tty->stopped = 1;

	tty->stopped = 1;

	if (tty->link && tty->link->packet) {

	if (tty->link && tty->link->packet) {

		tty->ctrl_status &= ~TIOCPKT_START;

		tty->ctrl_status &= ~TIOCPKT_START;

		tty->ctrl_status |= TIOCPKT_STOP;

		tty->ctrl_status |= TIOCPKT_STOP;

		wake_up_interruptible(&tty->link->read_wait);

		wake_up_interruptible(&tty->link->read_wait);

	}

	}

	spin_unlock_irqrestore(&tty->ctrl_lock, flags);

	if (tty->driver->stop)

	if (tty->driver->stop)

		(tty->driver->stop)(tty);

		(tty->driver->stop)(tty);

}

}

 *	driver start method is invoked and the line discipline woken.

 *	driver start method is invoked and the line discipline woken.

 *

 *

 *	Locking:

 *	Locking:

 *		Broken. Relies on BKL which is unsafe here.

 *		ctrl_lock

 */

 */

void start_tty(struct tty_struct *tty)

void start_tty(struct tty_struct *tty)

{

{

	if (!tty->stopped || tty->flow_stopped)

	unsigned long flags;

	spin_lock_irqsave(&tty->ctrl_lock, flags);

	if (!tty->stopped || tty->flow_stopped) {

		spin_unlock_irqrestore(&tty->ctrl_lock, flags);

		return;

		return;

	}

	tty->stopped = 0;

	tty->stopped = 0;

	if (tty->link && tty->link->packet) {