tty: Add a kref count

	struct tty_ldisc *ld;

	int    closecount = 0, n;

	unsigned long flags;

	int refs = 0;

	if (!tty)

		return;

	if (tty->session) {

		do_each_pid_task(tty->session, PIDTYPE_SID, p) {

			spin_lock_irq(&p->sighand->siglock);

			if (p->signal->tty == tty)

			if (p->signal->tty == tty) {

				p->signal->tty = NULL;

				/* We defer the dereferences outside fo

				   the tasklist lock */

				refs++;

			}

			if (!p->signal->leader) {

				spin_unlock_irq(&p->sighand->siglock);

				continue;

	tty->ctrl_status = 0;

	spin_unlock_irqrestore(&tty->ctrl_lock, flags);

	/* Account for the p->signal references we killed */

	while (refs--)

		tty_kref_put(tty);

	/*

	 * If one of the devices matches a console pointer, we

	 * cannot just call hangup() because that will cause

/**

 *	release_one_tty		-	release tty structure memory

 *	@kref: kref of tty we are obliterating

 *

 *	Releases memory associated with a tty structure, and clears out the

 *	driver table slots. This function is called when a device is no longer

 *		tty_mutex - sometimes only

 *		takes the file list lock internally when working on the list

 *	of ttys that the driver keeps.

 *		FIXME: should we require tty_mutex is held here ??

 */

static void release_one_tty(struct tty_struct *tty, int idx)

static void release_one_tty(struct kref *kref)

{

	struct tty_struct *tty = container_of(kref, struct tty_struct, kref);

	int devpts = tty->driver->flags & TTY_DRIVER_DEVPTS_MEM;

	struct ktermios *tp;

	int idx = tty->index;

	if (!devpts)

		tty->driver->ttys[idx] = NULL;

	if (tty->driver->flags & TTY_DRIVER_RESET_TERMIOS) {

		/* FIXME: Locking on ->termios array */

		tp = tty->termios;

		if (!devpts)

			tty->driver->termios[idx] = NULL;

	tty->magic = 0;

	/* FIXME: locking on tty->driver->refcount */

	tty->driver->refcount--;

	file_list_lock();

	free_tty_struct(tty);

}

/**

 *	tty_kref_put		-	release a tty kref

 *	@tty: tty device

 *

 *	Release a reference to a tty device and if need be let the kref

 *	layer destruct the object for us

 */

void tty_kref_put(struct tty_struct *tty)

{

	if (tty)

		kref_put(&tty->kref, release_one_tty);

}

EXPORT_SYMBOL(tty_kref_put);

/**

 *	release_tty		-	release tty structure memory

 *

 *		takes the file list lock internally when working on the list

 *	of ttys that the driver keeps.

 *		FIXME: should we require tty_mutex is held here ??

 *

 *	FIXME: We want to defer the module put of the driver to the

 *	destructor.

 */

static void release_tty(struct tty_struct *tty, int idx)

{

	struct tty_driver *driver = tty->driver;

	/* This should always be true but check for the moment */

	WARN_ON(tty->index != idx);

	if (tty->link)

		release_one_tty(tty->link, idx);

	release_one_tty(tty, idx);

		tty_kref_put(tty->link);

	tty_kref_put(tty);

	module_put(driver->owner);

}

static void initialize_tty_struct(struct tty_struct *tty)

{

	memset(tty, 0, sizeof(struct tty_struct));

	kref_init(&tty->kref);

	tty->magic = TTY_MAGIC;

	tty_ldisc_init(tty);

	tty->session = NULL;

void proc_clear_tty(struct task_struct *p)

{

	struct tty_struct *tty;

	spin_lock_irq(&p->sighand->siglock);

	tty = p->signal->tty;

	p->signal->tty = NULL;

	spin_unlock_irq(&p->sighand->siglock);

	tty_kref_put(tty);

}

/* Called under the sighand lock */

		tty->pgrp = get_pid(task_pgrp(tsk));

		spin_unlock_irqrestore(&tty->ctrl_lock, flags);

		tty->session = get_pid(task_session(tsk));

		if (tsk->signal->tty) {

			printk(KERN_DEBUG "tty not NULL!!\n");

			tty_kref_put(tsk->signal->tty);

		}

	}

	put_pid(tsk->signal->tty_old_pgrp);

	tsk->signal->tty = tty;

	tsk->signal->tty = tty_kref_get(tty);

	tsk->signal->tty_old_pgrp = NULL;

}

struct tty_struct {

	int	magic;

	struct kref kref;

	struct tty_driver *driver;

	const struct tty_operations *ops;

	int index;

extern void console_init(void);

extern int vcs_init(void);

/**

 *	tty_kref_get		-	get a tty reference

 *	@tty: tty device

 *

 *	Return a new reference to a tty object. The caller must hold

 *	sufficient locks/counts to ensure that their existing reference cannot

 *	go away

 */

extern inline struct tty_struct *tty_kref_get(struct tty_struct *tty)

{

	if (tty)

		kref_get(&tty->kref);

	return tty;

}

extern void tty_kref_put(struct tty_struct *tty);

extern int tty_paranoia_check(struct tty_struct *tty, struct inode *inode,

			      const char *routine);

extern char *tty_name(struct tty_struct *tty, char *buf);

	sig->leader = 0;	/* session leadership doesn't inherit */

	sig->tty_old_pgrp = NULL;

	sig->tty = NULL;

	sig->utime = sig->stime = sig->cutime = sig->cstime = cputime_zero;

	sig->gtime = cputime_zero;

void __cleanup_signal(struct signal_struct *sig)

{

	exit_thread_group_keys(sig);

	tty_kref_put(sig->tty);

	kmem_cache_free(signal_cachep, sig);

}

				p->nsproxy->pid_ns->child_reaper = p;

			p->signal->leader_pid = pid;

			p->signal->tty = current->signal->tty;

			tty_kref_put(p->signal->tty);

			p->signal->tty = tty_kref_get(current->signal->tty);

			set_task_pgrp(p, task_pgrp_nr(current));

			set_task_session(p, task_session_nr(current));

			attach_pid(p, PIDTYPE_PGID, task_pgrp(current));

	group_leader->signal->leader = 1;

	__set_special_pids(sid);

	spin_lock(&group_leader->sighand->siglock);

	group_leader->signal->tty = NULL;

	spin_unlock(&group_leader->sighand->siglock);

	proc_clear_tty(group_leader);

	err = session;

out: