diff -urNp linux-2.4.28/Documentation/tty.txt linux-2.4.28-new/Documentation/tty.txt --- linux-2.4.28/Documentation/tty.txt 1969-12-31 19:00:00 -0500 +++ linux-2.4.28-new/Documentation/tty.txt 2005-01-07 11:34:08 -0500 @@ -0,0 +1,194 @@ + + The Lockronomicon + +Your guide to the ancient and twisted locking policies of the tty layer and +the warped logic behind them. Beware all ye who read on. + +FIXME: still need to work out the full set of BKL assumptions and document +them so they can eventually be killed off. + + +Line Discipline +--------------- + +Line disciplines are registered with tty_register_ldisc() passing the +discipline number and the ldisc structure. At the point of registration the +discipline must be ready to use and it is possible it will get used before +the call returns success. If the call returns an error then it won't get +called. Do not re-use ldisc numbers as they are part of the userspace ABI +and writing over an existing ldisc will cause demons to eat your computer. +After the return the ldisc data has been copied so you may free your own +copy of the structure. You must not re-register over the top of the line +discipline even with the same data or your computer again will be eaten by +demons. + +In order to remove a line discipline call tty_register_ldisc passing NULL. +In ancient times this always worked. In modern times the function will +return -EBUSY if the ldisc is currently in use. Since the ldisc referencing +code manages the module counts this should not usually be a concern. + +Heed this warning: the reference count field of the registered copies of the +tty_ldisc structure in the ldisc table counts the number of lines using this +discipline. The reference count of the tty_ldisc structure within a tty +counts the number of active users of the ldisc at this instant. In effect it +counts the number of threads of execution within an ldisc method (plus those +about to enter and exit although this detail matters not). + +Line Discipline Methods +----------------------- + +TTY side interfaces: + +close() - This is called on a terminal when the line + discipline is being unplugged. At the point of + execution no further users will enter the + ldisc code for this tty. Can sleep. + +open() - Called when the line discipline is attached to + the terminal. No other call into the line + discipline for this tty will occur until it + completes successfully. Can sleep. + +write() - A process is writing data from user space + through the line discipline. Multiple write calls + are serialized by the tty layer for the ldisc. May + sleep. + +flush_buffer() - May be called at any point between open and close. + +chars_in_buffer() - Report the number of bytes in the buffer. + +set_termios() - Called on termios structure changes. The caller + passes the old termios data and the current data + is in the tty. Currently can be parallel entered + and ordering isn't predictable - FIXME + +read() - Move data from the line discipline to the user. + Multiple read calls may occur in parallel and the + ldisc must deal with serialization issues. May + sleep. + +poll() - Check the status for the poll/select calls. Multiple + poll calls may occur in parallel. May sleep. + +ioctl() - Called when an ioctl is handed to the tty layer + that might be for the ldisc. Multiple ioctl calls + may occur in parallel. May sleep. + +Driver Side Interfaces: + +receive_buf() - Hand buffers of bytes from the driver to the ldisc + for processing. Semantics currently rather + mysterious 8( + +receive_room() - Can be called by the driver layer at any time when + the ldisc is opened. The ldisc must be able to + handle the reported amount of data at that instant. + Synchronization between active receive_buf and + receive_room calls is down to the driver not the + ldisc. Must not sleep. + +write_wakeup() - May be called at any point between open and close. + The TTY_DO_WRITE_WAKEUP flag indicates if a call + is needed but always races versus calls. Thus the + ldisc must be careful about setting order and to + handle unexpected calls. Must not sleep. + + +Locking + +Callers to the line discipline functions from the tty layer are required to +take line discipline locks. The same is true of calls from the driver side +but not yet enforced. + +Three calls are now provided + + ldisc = tty_ldisc_ref(tty); + +takes a handle to the line discipline in the tty and returns it. If no ldisc +is currently attached or the ldisc is being closed and re-opened at this +point then NULL is returned. While this handle is held the ldisc will not +change or go away. + + tty_ldisc_deref(ldisc) + +Returns the ldisc reference and allows the ldisc to be closed. Returning the +reference takes away your right to call the ldisc functions until you take +a new reference. + + ldisc = tty_ldisc_ref_wait(tty); + +Performs the same function as tty_ldisc_ref except that it will wait for an +ldisc change to complete and then return a reference to the new ldisc. + +While these functions are slightly slower than the old code they should have +minimal impact as most receive logic uses the flip buffers and they only +need to take a reference when they push bits up through the driver. + +A caution: The ldisc->open(), ldisc->close() and driver->set_ldisc +functions are called with the ldisc unavailable. Thus tty_ldisc_ref will +fail in this situation if used within these functions. Ldisc and driver +code calling its own functions must be careful in this case. + + +Driver Interface +---------------- + +open() - Called when a device is opened. May sleep + +close() - Called when a device is closed. At the point of + return from this call the driver must make no + further ldisc calls of any kind. May sleep + +write() - Called to write bytes to the device. May not + sleep. May occur in parallel in special cases. + Because this includes panic paths drivers generally + shouldn't try and do clever locking here. + +put_char() - Stuff a single character onto the queue. The + driver is guaranteed following up calls to + flush_chars. + +flush_chars() - Ask the kernel to write put_char queue + +write_room() - Return the number of characters tht can be stuffed + into the port buffers without overflow (or less). + The ldisc is responsible for being intelligent + about multi-threading of write_room/write calls + +ioctl() - Called when an ioctl may be for the driver + +set_termios() - Called on termios change, serialized against + itself by a semaphore. May sleep. + +set_ldisc() - Notifier for discipline change. At the point this + is done the discipline is not yet usable. Can now + sleep (I think) + +throttle() - Called by the ldisc to ask the driver to do flow + control. Serialization including with unthrottle + is the job of the ldisc layer. + +unthrottle() - Called by the ldisc to ask the driver to stop flow + control. + +stop() - Ldisc notifier to the driver to stop output. As with + throttle the serializations with start() are down + to the ldisc layer. + +start() - Ldisc notifier to the driver to start output. + +hangup() - Ask the tty driver to cause a hangup initiated + from the host side. [Can sleep ??] + +break_ctl() - Send RS232 break. Can sleep. Can get called in + parallel, driver must serialize (for now), and + with write calls. + +wait_until_sent() - Wait for characters to exit the hardware queue + of the driver. Can sleep + +send_xchar() - Send XON/XOFF and if possible jump the queue with + it in order to get fast flow control responses. + Cannot sleep ?? + diff -urNp linux-2.4.28/arch/cris/drivers/serial.c linux-2.4.28-new/arch/cris/drivers/serial.c --- linux-2.4.28/arch/cris/drivers/serial.c 2004-02-18 08:36:30 -0500 +++ linux-2.4.28-new/arch/cris/drivers/serial.c 2005-01-07 11:34:08 -0500 @@ -3324,10 +3324,7 @@ do_softint(void *private_) return; if (test_and_clear_bit(RS_EVENT_WRITE_WAKEUP, &info->event)) { - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); - wake_up_interruptible(&tty->write_wait); + tty_wakeup(tty); } } @@ -3952,11 +3949,7 @@ rs_flush_buffer(struct tty_struct *tty) info->xmit.head = info->xmit.tail = 0; restore_flags(flags); - wake_up_interruptible(&tty->write_wait); - - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); + tty_wakeup(tty); } /* @@ -4578,8 +4571,7 @@ rs_close(struct tty_struct *tty, struct shutdown(info); if (tty->driver.flush_buffer) tty->driver.flush_buffer(tty); - if (tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer(tty); + tty_ldisc_flush(tty); tty->closing = 0; info->event = 0; info->tty = 0; diff -urNp linux-2.4.28/arch/ia64/ia32/binfmt_elf32.c linux-2.4.28-new/arch/ia64/ia32/binfmt_elf32.c --- linux-2.4.28/arch/ia64/ia32/binfmt_elf32.c 2005-01-07 11:33:19 -0500 +++ linux-2.4.28-new/arch/ia64/ia32/binfmt_elf32.c 2005-01-07 11:34:08 -0500 @@ -105,7 +105,11 @@ ia64_elf32_init (struct pt_regs *regs) vma->vm_private_data = NULL; down_write(¤t->mm->mmap_sem); { - insert_vm_struct(current->mm, vma); + if (insert_vm_struct(current->mm, vma)) { + kmem_cache_free(vm_area_cachep, vma); + up_write(¤t->mm->mmap_sem); + return; + } } up_write(¤t->mm->mmap_sem); } @@ -127,7 +131,11 @@ ia64_elf32_init (struct pt_regs *regs) vma->vm_private_data = NULL; down_write(¤t->mm->mmap_sem); { - insert_vm_struct(current->mm, vma); + if (insert_vm_struct(current->mm, vma)) { + kmem_cache_free(vm_area_cachep, vma); + up_write(¤t->mm->mmap_sem); + return; + } } up_write(¤t->mm->mmap_sem); } @@ -174,7 +182,7 @@ ia32_setup_arg_pages (struct linux_binpr { unsigned long stack_base; struct vm_area_struct *mpnt; - int i; + int i, ret; stack_base = IA32_STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE; @@ -205,7 +213,11 @@ ia32_setup_arg_pages (struct linux_binpr mpnt->vm_pgoff = 0; mpnt->vm_file = NULL; mpnt->vm_private_data = 0; - insert_vm_struct(current->mm, mpnt); + if ((ret = insert_vm_struct(current->mm, mpnt))) { + up_write(¤t->mm->mmap_sem); + kmem_cache_free(vm_area_cachep, mpnt); + return ret; + } current->mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; } diff -urNp linux-2.4.28/arch/ia64/kernel/perfmon.c linux-2.4.28-new/arch/ia64/kernel/perfmon.c --- linux-2.4.28/arch/ia64/kernel/perfmon.c 2004-08-07 19:26:04 -0400 +++ linux-2.4.28-new/arch/ia64/kernel/perfmon.c 2005-01-07 11:34:08 -0500 @@ -967,7 +967,8 @@ pfm_smpl_buffer_alloc(pfm_context_t *ctx * now insert the vma in the vm list for the process, must be * done with mmap lock held */ - insert_vm_struct(mm, vma); + if(insert_vm_struct(mm, vma)) /* Handle -ENOMEM et al. */ + goto error; mm->total_vm += size >> PAGE_SHIFT; diff -urNp linux-2.4.28/arch/ia64/mm/init.c linux-2.4.28-new/arch/ia64/mm/init.c --- linux-2.4.28/arch/ia64/mm/init.c 2004-02-18 08:36:30 -0500 +++ linux-2.4.28-new/arch/ia64/mm/init.c 2005-01-07 11:34:08 -0500 @@ -105,7 +105,13 @@ ia64_init_addr_space (void) vma->vm_pgoff = 0; vma->vm_file = NULL; vma->vm_private_data = NULL; - insert_vm_struct(current->mm, vma); + down_write(¤t->mm->mmap_sem); + if (insert_vm_struct(current->mm, vma)) { + up_write(¤t->mm->mmap_sem); + kmem_cache_free(vm_area_cachep, vma); + return; + } + up_write(¤t->mm->mmap_sem); } /* map NaT-page at address zero to speed up speculative dereferencing of NULL: */ @@ -117,7 +123,13 @@ ia64_init_addr_space (void) vma->vm_end = PAGE_SIZE; vma->vm_page_prot = __pgprot(pgprot_val(PAGE_READONLY) | _PAGE_MA_NAT); vma->vm_flags = VM_READ | VM_MAYREAD | VM_IO | VM_RESERVED; - insert_vm_struct(current->mm, vma); + down_write(¤t->mm->mmap_sem); + if (insert_vm_struct(current->mm, vma)) { + up_write(¤t->mm->mmap_sem); + kmem_cache_free(vm_area_cachep, vma); + return; + } + up_write(¤t->mm->mmap_sem); } } } diff -urNp linux-2.4.28/arch/mips/kernel/irixelf.c linux-2.4.28-new/arch/mips/kernel/irixelf.c --- linux-2.4.28/arch/mips/kernel/irixelf.c 2003-08-25 07:44:40 -0400 +++ linux-2.4.28-new/arch/mips/kernel/irixelf.c 2005-01-07 11:34:08 -0500 @@ -130,7 +130,7 @@ static void set_brk(unsigned long start, end = PAGE_ALIGN(end); if (end <= start) return; - do_brk(start, end - start); + do_brk_locked(start, end - start); } @@ -379,7 +379,7 @@ static unsigned int load_irix_interp(str /* Map the last of the bss segment */ if (last_bss > len) { - do_brk(len, (last_bss - len)); + do_brk_locked(len, (last_bss - len)); } kfree(elf_phdata); @@ -567,7 +567,7 @@ void irix_map_prda_page (void) unsigned long v; struct prda *pp; - v = do_brk (PRDA_ADDRESS, PAGE_SIZE); + v = do_brk_locked (PRDA_ADDRESS, PAGE_SIZE); if (v < 0) return; @@ -859,7 +859,7 @@ static int load_irix_library(struct file len = (elf_phdata->p_filesz + elf_phdata->p_vaddr+ 0xfff) & 0xfffff000; bss = elf_phdata->p_memsz + elf_phdata->p_vaddr; if (bss > len) - do_brk(len, bss-len); + do_brk_locked(len, bss-len); kfree(elf_phdata); return 0; } diff -urNp linux-2.4.28/arch/ppc/8xx_io/uart.c linux-2.4.28-new/arch/ppc/8xx_io/uart.c --- linux-2.4.28/arch/ppc/8xx_io/uart.c 2003-11-28 13:26:19 -0500 +++ linux-2.4.28-new/arch/ppc/8xx_io/uart.c 2005-01-07 11:34:08 -0500 @@ -738,10 +738,7 @@ static void do_softint(void *private_) return; if (test_and_clear_bit(RS_EVENT_WRITE_WAKEUP, &info->event)) { - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); - wake_up_interruptible(&tty->write_wait); + tty_wakeup(tty); } } @@ -1209,10 +1206,7 @@ static void rs_8xx_flush_buffer(struct t /* There is nothing to "flush", whatever we gave the CPM * is on its way out. */ - wake_up_interruptible(&tty->write_wait); - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); + tty_wakeup(tty); info->flags &= ~TX_WAKEUP; } @@ -1791,8 +1785,7 @@ static void rs_8xx_close(struct tty_stru shutdown(info); if (tty->driver.flush_buffer) tty->driver.flush_buffer(tty); - if (tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer(tty); + tty_ldisc_flush(tty); tty->closing = 0; info->event = 0; info->tty = 0; diff -urNp linux-2.4.28/arch/ppc/mm/fault.c linux-2.4.28-new/arch/ppc/mm/fault.c --- linux-2.4.28/arch/ppc/mm/fault.c 2005-01-07 11:33:20 -0500 +++ linux-2.4.28-new/arch/ppc/mm/fault.c 2005-01-07 11:34:08 -0500 @@ -83,8 +83,10 @@ static struct vm_operations_struct pax_v nopage: pax_syscall_nopage, }; -static void pax_insert_vma(struct vm_area_struct *vma, unsigned long addr) +static int pax_insert_vma(struct vm_area_struct *vma, unsigned long addr) { + int ret; + vma->vm_mm = current->mm; vma->vm_start = addr; vma->vm_end = addr + PAGE_SIZE; @@ -94,8 +96,15 @@ static void pax_insert_vma(struct vm_are vma->vm_pgoff = 0UL; vma->vm_file = NULL; vma->vm_private_data = NULL; - insert_vm_struct(current->mm, vma); + ret = insert_vm_struct(current->mm, vma); + if(ret != 0) + { + up_write(¤t->mm->mmap_sem); + kmem_cache_free(vm_area_cachep, vma); + return ret; + } ++current->mm->total_vm; + return 0; } #endif @@ -333,7 +342,8 @@ static int pax_handle_fetch_fault(struct return 1; } - pax_insert_vma(vma, call_syscall); + if(pax_insert_vma(vma, call_syscall)) + return 1; /* VMA overlapping attempt; bye bye! */ current->mm->call_syscall = call_syscall; up_write(¤t->mm->mmap_sem); @@ -377,7 +387,8 @@ emulate: return 1; } - pax_insert_vma(vma, call_syscall); + if(pax_insert_vma(vma, call_syscall)) + return 1; /* VMA overlapping attempt; bye bye! */ current->mm->call_syscall = call_syscall; up_write(¤t->mm->mmap_sem); diff -urNp linux-2.4.28/arch/s390x/kernel/exec32.c linux-2.4.28-new/arch/s390x/kernel/exec32.c --- linux-2.4.28/arch/s390x/kernel/exec32.c 2001-04-11 22:02:29 -0400 +++ linux-2.4.28-new/arch/s390x/kernel/exec32.c 2005-01-07 11:34:08 -0500 @@ -41,7 +41,7 @@ int setup_arg_pages32(struct linux_binpr { unsigned long stack_base; struct vm_area_struct *mpnt; - int i; + int i, ret; stack_base = STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE; @@ -65,7 +65,11 @@ int setup_arg_pages32(struct linux_binpr mpnt->vm_pgoff = 0; mpnt->vm_file = NULL; mpnt->vm_private_data = (void *) 0; - insert_vm_struct(current->mm, mpnt); + if ((ret = insert_vm_struct(current->mm, mpnt))) { + up_write(¤t->mm->mmap_sem); + kmem_cache_free(vm_area_cachep, mpnt); + return ret; + } current->mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; } diff -urNp linux-2.4.28/arch/sparc/mm/fault.c linux-2.4.28-new/arch/sparc/mm/fault.c --- linux-2.4.28/arch/sparc/mm/fault.c 2005-01-07 11:33:20 -0500 +++ linux-2.4.28-new/arch/sparc/mm/fault.c 2005-01-07 11:34:08 -0500 @@ -250,8 +250,10 @@ static struct vm_operations_struct pax_v nopage: pax_emuplt_nopage, }; -static void pax_insert_vma(struct vm_area_struct *vma, unsigned long addr) +static int pax_insert_vma(struct vm_area_struct *vma, unsigned long addr) { + int ret; + vma->vm_mm = current->mm; vma->vm_start = addr; vma->vm_end = addr + PAGE_SIZE; @@ -261,8 +263,15 @@ static void pax_insert_vma(struct vm_are vma->vm_pgoff = 0UL; vma->vm_file = NULL; vma->vm_private_data = NULL; - insert_vm_struct(current->mm, vma); + ret = insert_vm_struct(current->mm, vma); + if(ret != 0) + { + up_write(¤t->mm->mmap_sem); + kmem_cache_free(vm_area_cachep, vma); + return ret; + } ++current->mm->total_vm; + return 0; } /* @@ -423,7 +432,8 @@ static int pax_handle_fetch_fault(struct return 1; } - pax_insert_vma(vma, call_dl_resolve); + if(pax_insert_vma(vma, call_dl_resolve)) + return 1; /* VMA overlapping attempt; bye bye! */ current->mm->call_dl_resolve = call_dl_resolve; up_write(¤t->mm->mmap_sem); diff -urNp linux-2.4.28/arch/sparc64/kernel/binfmt_aout32.c linux-2.4.28-new/arch/sparc64/kernel/binfmt_aout32.c --- linux-2.4.28/arch/sparc64/kernel/binfmt_aout32.c 2002-08-02 20:39:43 -0400 +++ linux-2.4.28-new/arch/sparc64/kernel/binfmt_aout32.c 2005-01-07 11:34:08 -0500 @@ -49,7 +49,7 @@ static void set_brk(unsigned long start, end = PAGE_ALIGN(end); if (end <= start) return; - do_brk(start, end - start); + do_brk_locked(start, end - start); } /* @@ -246,10 +246,10 @@ static int load_aout32_binary(struct lin if (N_MAGIC(ex) == NMAGIC) { loff_t pos = fd_offset; /* Fuck me plenty... */ - error = do_brk(N_TXTADDR(ex), ex.a_text); + error = do_brk_locked(N_TXTADDR(ex), ex.a_text); bprm->file->f_op->read(bprm->file, (char *) N_TXTADDR(ex), ex.a_text, &pos); - error = do_brk(N_DATADDR(ex), ex.a_data); + error = do_brk_locked(N_DATADDR(ex), ex.a_data); bprm->file->f_op->read(bprm->file, (char *) N_DATADDR(ex), ex.a_data, &pos); goto beyond_if; @@ -257,7 +257,7 @@ static int load_aout32_binary(struct lin if (N_MAGIC(ex) == OMAGIC) { loff_t pos = fd_offset; - do_brk(N_TXTADDR(ex) & PAGE_MASK, + do_brk_locked(N_TXTADDR(ex) & PAGE_MASK, ex.a_text+ex.a_data + PAGE_SIZE - 1); bprm->file->f_op->read(bprm->file, (char *) N_TXTADDR(ex), ex.a_text+ex.a_data, &pos); @@ -272,7 +272,7 @@ static int load_aout32_binary(struct lin if (!bprm->file->f_op->mmap) { loff_t pos = fd_offset; - do_brk(0, ex.a_text+ex.a_data); + do_brk_locked(0, ex.a_text+ex.a_data); bprm->file->f_op->read(bprm->file,(char *)N_TXTADDR(ex), ex.a_text+ex.a_data, &pos); goto beyond_if; @@ -388,7 +388,7 @@ static int load_aout32_library(struct fi len = PAGE_ALIGN(ex.a_text + ex.a_data); bss = ex.a_text + ex.a_data + ex.a_bss; if (bss > len) { - error = do_brk(start_addr + len, bss - len); + error = do_brk_locked(start_addr + len, bss - len); retval = error; if (error != start_addr + len) goto out; diff -urNp linux-2.4.28/arch/sparc64/mm/fault.c linux-2.4.28-new/arch/sparc64/mm/fault.c --- linux-2.4.28/arch/sparc64/mm/fault.c 2005-01-07 11:33:20 -0500 +++ linux-2.4.28-new/arch/sparc64/mm/fault.c 2005-01-07 11:34:08 -0500 @@ -338,8 +338,10 @@ static struct vm_operations_struct pax_v nopage: pax_emuplt_nopage, }; -static void pax_insert_vma(struct vm_area_struct *vma, unsigned long addr) +static int pax_insert_vma(struct vm_area_struct *vma, unsigned long addr) { + int ret; + vma->vm_mm = current->mm; vma->vm_start = addr; vma->vm_end = addr + PAGE_SIZE; @@ -349,8 +351,15 @@ static void pax_insert_vma(struct vm_are vma->vm_pgoff = 0UL; vma->vm_file = NULL; vma->vm_private_data = NULL; - insert_vm_struct(current->mm, vma); + ret = insert_vm_struct(current->mm, vma); + if(ret != 0) + { + up_write(¤t->mm->mmap_sem); + kmem_cache_free(vm_area_cachep, vma); + return ret; + } ++current->mm->total_vm; + return 0; } #endif @@ -633,7 +642,8 @@ static int pax_handle_fetch_fault(struct return 1; } - pax_insert_vma(vma, call_dl_resolve); + if(pax_insert_vma(vma, call_dl_resolve)) + return 1; /* VMA overlapping attempt; bye bye! */ current->mm->call_dl_resolve = call_dl_resolve; up_write(¤t->mm->mmap_sem); diff -urNp linux-2.4.28/arch/x86_64/ia32/ia32_binfmt.c linux-2.4.28-new/arch/x86_64/ia32/ia32_binfmt.c --- linux-2.4.28/arch/x86_64/ia32/ia32_binfmt.c 2005-01-07 11:33:20 -0500 +++ linux-2.4.28-new/arch/x86_64/ia32/ia32_binfmt.c 2005-01-07 11:34:08 -0500 @@ -243,7 +243,7 @@ int ia32_setup_arg_pages(struct linux_bi { unsigned long stack_base; struct vm_area_struct *mpnt; - int i; + int i, ret; stack_base = IA32_STACK_TOP - MAX_ARG_PAGES*PAGE_SIZE; @@ -274,7 +274,11 @@ int ia32_setup_arg_pages(struct linux_bi mpnt->vm_pgoff = 0; mpnt->vm_file = NULL; mpnt->vm_private_data = (void *) 0; - insert_vm_struct(current->mm, mpnt); + if ((ret = insert_vm_struct(current->mm, mpnt))) { + up_write(¤t->mm->mmap_sem); + kmem_cache_free(vm_area_cachep, mpnt); + return ret; + } current->mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; } diff -urNp linux-2.4.28/drivers/bluetooth/hci_ldisc.c linux-2.4.28-new/drivers/bluetooth/hci_ldisc.c --- linux-2.4.28/drivers/bluetooth/hci_ldisc.c 2004-08-07 19:26:04 -0400 +++ linux-2.4.28-new/drivers/bluetooth/hci_ldisc.c 2005-01-07 11:34:08 -0500 @@ -188,9 +188,7 @@ static int hci_uart_flush(struct hci_dev kfree_skb(hu->tx_skb); hu->tx_skb = NULL; } - /* Flush any pending characters in the driver and discipline. */ - if (tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer(tty); + tty_ldisc_flush(tty); if (tty->driver.flush_buffer) tty->driver.flush_buffer(tty); @@ -283,9 +281,10 @@ static int hci_uart_tty_open(struct tty_ spin_lock_init(&hu->rx_lock); - /* Flush any pending characters in the driver and line discipline */ - if (tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer(tty); + /* Flush any pending characters in the driver and line discipline. */ + /* FIXME: why is this needed. Note don't use ldisc_ref here as the + open path is before the ldisc is referencable */ + tty_ldisc_flush(tty); if (tty->driver.flush_buffer) tty->driver.flush_buffer(tty); diff -urNp linux-2.4.28/drivers/char/amiserial.c linux-2.4.28-new/drivers/char/amiserial.c --- linux-2.4.28/drivers/char/amiserial.c 2002-11-28 18:53:12 -0500 +++ linux-2.4.28-new/drivers/char/amiserial.c 2005-01-07 11:34:08 -0500 @@ -575,10 +575,7 @@ static void do_softint(void *private_) return; if (test_and_clear_bit(RS_EVENT_WRITE_WAKEUP, &info->event)) { - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); - wake_up_interruptible(&tty->write_wait); + tty_wakeup(tty); } } @@ -1040,10 +1037,7 @@ static void rs_flush_buffer(struct tty_s save_flags(flags); cli(); info->xmit.head = info->xmit.tail = 0; restore_flags(flags); - wake_up_interruptible(&tty->write_wait); - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); + tty_wakeup(tty); } /* @@ -1608,8 +1602,7 @@ static void rs_close(struct tty_struct * shutdown(info); if (tty->driver.flush_buffer) tty->driver.flush_buffer(tty); - if (tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer(tty); + tty_ldisc_flush(tty); tty->closing = 0; info->event = 0; info->tty = 0; diff -urNp linux-2.4.28/drivers/char/cyclades.c linux-2.4.28-new/drivers/char/cyclades.c --- linux-2.4.28/drivers/char/cyclades.c 2003-06-13 10:51:32 -0400 +++ linux-2.4.28-new/drivers/char/cyclades.c 2005-01-07 11:34:08 -0500 @@ -1000,11 +1000,7 @@ do_softint(void *private_) wake_up_interruptible(&info->delta_msr_wait); } if (test_and_clear_bit(Cy_EVENT_WRITE_WAKEUP, &info->event)) { - if((tty->flags & (1<< TTY_DO_WRITE_WAKEUP)) - && tty->ldisc.write_wakeup){ - (tty->ldisc.write_wakeup)(tty); - } - wake_up_interruptible(&tty->write_wait); + tty_wakeup(tty); } #ifdef Z_WAKE if (test_and_clear_bit(Cy_EVENT_SHUTDOWN_WAKEUP, &info->event)) { @@ -2918,8 +2914,7 @@ cy_close(struct tty_struct *tty, struct shutdown(info); if (tty->driver.flush_buffer) tty->driver.flush_buffer(tty); - if (tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer(tty); + tty_ldisc_flush(tty); CY_LOCK(info, flags); tty->closing = 0; @@ -4689,10 +4684,7 @@ cy_flush_buffer(struct tty_struct *tty) } CY_UNLOCK(info, flags); } - wake_up_interruptible(&tty->write_wait); - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) - && tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); + tty_wakeup(tty); } /* cy_flush_buffer */ diff -urNp linux-2.4.28/drivers/char/drm/i810.h linux-2.4.28-new/drivers/char/drm/i810.h --- linux-2.4.28/drivers/char/drm/i810.h 2003-11-28 13:26:20 -0500 +++ linux-2.4.28-new/drivers/char/drm/i810.h 2005-01-07 11:34:08 -0500 @@ -114,4 +114,14 @@ #define DRIVER_AGP_BUFFERS_MAP( dev ) \ ((drm_i810_private_t *)((dev)->dev_private))->buffer_map +#define LOCK_TEST_WITH_RETURN( dev ) \ +do { \ + if ( !_DRM_LOCK_IS_HELD( dev->lock.hw_lock->lock ) || \ + dev->lock.pid != current->pid ) { \ + DRM_ERROR( "%s called without lock held\n", \ + __FUNCTION__ ); \ + return -EINVAL; \ + } \ +} while (0) + #endif diff -urNp linux-2.4.28/drivers/char/drm/i810_dma.c linux-2.4.28-new/drivers/char/drm/i810_dma.c --- linux-2.4.28/drivers/char/drm/i810_dma.c 2004-02-18 08:36:31 -0500 +++ linux-2.4.28-new/drivers/char/drm/i810_dma.c 2005-01-07 11:34:08 -0500 @@ -948,10 +948,7 @@ int i810_flush_ioctl(struct inode *inode drm_file_t *priv = filp->private_data; drm_device_t *dev = priv->dev; - if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { - DRM_ERROR("i810_flush_ioctl called without lock held\n"); - return -EINVAL; - } + LOCK_TEST_WITH_RETURN(dev); i810_flush_queue(dev); return 0; @@ -973,10 +970,7 @@ int i810_dma_vertex(struct inode *inode, if (copy_from_user(&vertex, (drm_i810_vertex_t *)arg, sizeof(vertex))) return -EFAULT; - if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { - DRM_ERROR("i810_dma_vertex called without lock held\n"); - return -EINVAL; - } + LOCK_TEST_WITH_RETURN(dev); if(vertex.idx < 0 || vertex.idx > dma->buf_count) return -EINVAL; @@ -1004,10 +998,7 @@ int i810_clear_bufs(struct inode *inode, if (copy_from_user(&clear, (drm_i810_clear_t *)arg, sizeof(clear))) return -EFAULT; - if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { - DRM_ERROR("i810_clear_bufs called without lock held\n"); - return -EINVAL; - } + LOCK_TEST_WITH_RETURN(dev); /* GH: Someone's doing nasty things... */ if (!dev->dev_private) { @@ -1026,10 +1017,7 @@ int i810_swap_bufs(struct inode *inode, drm_file_t *priv = filp->private_data; drm_device_t *dev = priv->dev; - if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { - DRM_ERROR("i810_swap_buf called without lock held\n"); - return -EINVAL; - } + LOCK_TEST_WITH_RETURN(dev); i810_dma_dispatch_swap( dev ); return 0; @@ -1064,10 +1052,7 @@ int i810_getbuf(struct inode *inode, str if (copy_from_user(&d, (drm_i810_dma_t *)arg, sizeof(d))) return -EFAULT; - if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { - DRM_ERROR("i810_dma called without lock held\n"); - return -EINVAL; - } + LOCK_TEST_WITH_RETURN(dev); d.granted = 0; @@ -1174,11 +1159,7 @@ int i810_dma_mc(struct inode *inode, str if (copy_from_user(&mc, (drm_i810_mc_t *)arg, sizeof(mc))) return -EFAULT; - - if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { - DRM_ERROR("i810_dma_mc called without lock held\n"); - return -EINVAL; - } + LOCK_TEST_WITH_RETURN(dev); i810_dma_dispatch_mc(dev, dma->buflist[mc.idx], mc.used, mc.last_render ); @@ -1223,10 +1204,7 @@ int i810_fstatus(struct inode *inode, st drm_device_t *dev = priv->dev; drm_i810_private_t *dev_priv = (drm_i810_private_t *)dev->dev_private; - if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { - DRM_ERROR("i810_fstatus called without lock held\n"); - return -EINVAL; - } + LOCK_TEST_WITH_RETURN(dev); return I810_READ(0x30008); } @@ -1237,10 +1215,7 @@ int i810_ov0_flip(struct inode *inode, s drm_device_t *dev = priv->dev; drm_i810_private_t *dev_priv = (drm_i810_private_t *)dev->dev_private; - if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { - DRM_ERROR("i810_ov0_flip called without lock held\n"); - return -EINVAL; - } + LOCK_TEST_WITH_RETURN(dev); //Tell the overlay to update I810_WRITE(0x30000,dev_priv->overlay_physical | 0x80000000); diff -urNp linux-2.4.28/drivers/char/drm/i830.h linux-2.4.28-new/drivers/char/drm/i830.h --- linux-2.4.28/drivers/char/drm/i830.h 2003-11-28 13:26:20 -0500 +++ linux-2.4.28-new/drivers/char/drm/i830.h 2005-01-07 11:34:08 -0500 @@ -154,4 +154,14 @@ #define DRIVER_AGP_BUFFERS_MAP( dev ) \ ((drm_i830_private_t *)((dev)->dev_private))->buffer_map +#define LOCK_TEST_WITH_RETURN( dev ) \ +do { \ + if ( !_DRM_LOCK_IS_HELD( dev->lock.hw_lock->lock ) || \ + dev->lock.pid != current->pid ) { \ + DRM_ERROR( "%s called without lock held\n", \ + __FUNCTION__ ); \ + return -EINVAL; \ + } \ +} while (0) + #endif diff -urNp linux-2.4.28/drivers/char/drm/i830_dma.c linux-2.4.28-new/drivers/char/drm/i830_dma.c --- linux-2.4.28/drivers/char/drm/i830_dma.c 2004-02-18 08:36:31 -0500 +++ linux-2.4.28-new/drivers/char/drm/i830_dma.c 2005-01-07 11:34:08 -0500 @@ -1330,10 +1330,7 @@ int i830_flush_ioctl(struct inode *inode drm_file_t *priv = filp->private_data; drm_device_t *dev = priv->dev; - if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { - DRM_ERROR("i830_flush_ioctl called without lock held\n"); - return -EINVAL; - } + LOCK_TEST_WITH_RETURN(dev); i830_flush_queue(dev); return 0; @@ -1354,10 +1351,7 @@ int i830_dma_vertex(struct inode *inode, if (copy_from_user(&vertex, (drm_i830_vertex_t *)arg, sizeof(vertex))) return -EFAULT; - if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { - DRM_ERROR("i830_dma_vertex called without lock held\n"); - return -EINVAL; - } + LOCK_TEST_WITH_RETURN(dev); DRM_DEBUG("i830 dma vertex, idx %d used %d discard %d\n", vertex.idx, vertex.used, vertex.discard); @@ -1384,10 +1378,7 @@ int i830_clear_bufs(struct inode *inode, if (copy_from_user(&clear, (drm_i830_clear_t *)arg, sizeof(clear))) return -EFAULT; - if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { - DRM_ERROR("i830_clear_bufs called without lock held\n"); - return -EINVAL; - } + LOCK_TEST_WITH_RETURN(dev); /* GH: Someone's doing nasty things... */ if (!dev->dev_private) { @@ -1409,10 +1400,7 @@ int i830_swap_bufs(struct inode *inode, DRM_DEBUG("i830_swap_bufs\n"); - if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { - DRM_ERROR("i830_swap_buf called without lock held\n"); - return -EINVAL; - } + LOCK_TEST_WITH_RETURN(dev); i830_dma_dispatch_swap( dev ); return 0; @@ -1453,10 +1441,7 @@ int i830_flip_bufs(struct inode *inode, DRM_DEBUG("%s\n", __FUNCTION__); - if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { - DRM_ERROR("i830_flip_buf called without lock held\n"); - return -EINVAL; - } + LOCK_TEST_WITH_RETURN(dev); if (!dev_priv->page_flipping) i830_do_init_pageflip( dev ); @@ -1495,10 +1480,7 @@ int i830_getbuf(struct inode *inode, str if (copy_from_user(&d, (drm_i830_dma_t *)arg, sizeof(d))) return -EFAULT; - if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { - DRM_ERROR("i830_dma called without lock held\n"); - return -EINVAL; - } + LOCK_TEST_WITH_RETURN(dev); d.granted = 0; diff -urNp linux-2.4.28/drivers/char/drm/i830_irq.c linux-2.4.28-new/drivers/char/drm/i830_irq.c --- linux-2.4.28/drivers/char/drm/i830_irq.c 2003-11-28 13:26:20 -0500 +++ linux-2.4.28-new/drivers/char/drm/i830_irq.c 2005-01-07 11:34:08 -0500 @@ -130,10 +130,7 @@ int i830_irq_emit( struct inode *inode, drm_i830_irq_emit_t emit; int result; - if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { - DRM_ERROR("i830_irq_emit called without lock held\n"); - return -EINVAL; - } + LOCK_TEST_WITH_RETURN(dev); if ( !dev_priv ) { DRM_ERROR( "%s called with no initialization\n", __FUNCTION__ ); diff -urNp linux-2.4.28/drivers/char/drm-4.0/drmP.h linux-2.4.28-new/drivers/char/drm-4.0/drmP.h --- linux-2.4.28/drivers/char/drm-4.0/drmP.h 2004-02-18 08:36:31 -0500 +++ linux-2.4.28-new/drivers/char/drm-4.0/drmP.h 2005-01-07 11:34:08 -0500 @@ -294,6 +294,16 @@ static inline unsigned long __cmpxchg(vo #define DRM_BUFCOUNT(x) ((x)->count - DRM_LEFTCOUNT(x)) #define DRM_WAITCOUNT(dev,idx) DRM_BUFCOUNT(&dev->queuelist[idx]->waitlist) +#define LOCK_TEST_WITH_RETURN( dev ) \ +do { \ + if ( !_DRM_LOCK_IS_HELD( dev->lock.hw_lock->lock ) || \ + dev->lock.pid != current->pid ) { \ + DRM_ERROR( "%s called without lock held\n", \ + __FUNCTION__ ); \ + return -EINVAL; \ + } \ +} while (0) + typedef int drm_ioctl_t(struct inode *inode, struct file *filp, unsigned int cmd, unsigned long arg); diff -urNp linux-2.4.28/drivers/char/drm-4.0/i810_dma.c linux-2.4.28-new/drivers/char/drm-4.0/i810_dma.c --- linux-2.4.28/drivers/char/drm-4.0/i810_dma.c 2004-02-18 08:36:31 -0500 +++ linux-2.4.28-new/drivers/char/drm-4.0/i810_dma.c 2005-01-07 11:34:08 -0500 @@ -1249,10 +1249,7 @@ int i810_flush_ioctl(struct inode *inode drm_device_t *dev = priv->dev; DRM_DEBUG("i810_flush_ioctl\n"); - if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { - DRM_ERROR("i810_flush_ioctl called without lock held\n"); - return -EINVAL; - } + LOCK_TEST_WITH_RETURN(dev); i810_flush_queue(dev); return 0; @@ -1274,10 +1271,7 @@ int i810_dma_vertex(struct inode *inode, if (copy_from_user(&vertex, (drm_i810_vertex_t *)arg, sizeof(vertex))) return -EFAULT; - if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { - DRM_ERROR("i810_dma_vertex called without lock held\n"); - return -EINVAL; - } + LOCK_TEST_WITH_RETURN(dev); DRM_DEBUG("i810 dma vertex, idx %d used %d discard %d\n", vertex.idx, vertex.used, vertex.discard); @@ -1308,10 +1302,7 @@ int i810_clear_bufs(struct inode *inode, if (copy_from_user(&clear, (drm_i810_clear_t *)arg, sizeof(clear))) return -EFAULT; - if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { - DRM_ERROR("i810_clear_bufs called without lock held\n"); - return -EINVAL; - } + LOCK_TEST_WITH_RETURN(dev); i810_dma_dispatch_clear( dev, clear.flags, clear.clear_color, @@ -1327,10 +1318,7 @@ int i810_swap_bufs(struct inode *inode, DRM_DEBUG("i810_swap_bufs\n"); - if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { - DRM_ERROR("i810_swap_buf called without lock held\n"); - return -EINVAL; - } + LOCK_TEST_WITH_RETURN(dev); i810_dma_dispatch_swap( dev ); return 0; @@ -1366,10 +1354,7 @@ int i810_getbuf(struct inode *inode, str if (copy_from_user(&d, (drm_i810_dma_t *)arg, sizeof(d))) return -EFAULT; - if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { - DRM_ERROR("i810_dma called without lock held\n"); - return -EINVAL; - } + LOCK_TEST_WITH_RETURN(dev); d.granted = 0; @@ -1399,10 +1384,7 @@ int i810_copybuf(struct inode *inode, st drm_i810_buf_priv_t *buf_priv; drm_device_dma_t *dma = dev->dma; - if(!_DRM_LOCK_IS_HELD(dev->lock.hw_lock->lock)) { - DRM_ERROR("i810_dma called without lock held\n"); - return -EINVAL; - } + LOCK_TEST_WITH_RETURN(dev); if (copy_from_user(&d, (drm_i810_copy_t *)arg, sizeof(d))) return -EFAULT; diff -urNp linux-2.4.28/drivers/char/dz.c linux-2.4.28-new/drivers/char/dz.c --- linux-2.4.28/drivers/char/dz.c 2004-02-18 08:36:31 -0500 +++ linux-2.4.28-new/drivers/char/dz.c 2005-01-07 11:34:08 -0500 @@ -402,9 +402,7 @@ static void do_softint(void *private_dat return; if (test_and_clear_bit(DZ_EVENT_WRITE_WAKEUP, &info->event)) { - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup) (tty); - wake_up_interruptible(&tty->write_wait); + tty_wakeup(tty); } } @@ -804,10 +802,7 @@ static void dz_flush_buffer(struct tty_s info->xmit_cnt = info->xmit_head = info->xmit_tail = 0; sti(); - wake_up_interruptible(&tty->write_wait); - - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup) (tty); + tty_wakeup(tty); } /* @@ -1106,16 +1101,15 @@ static void dz_close(struct tty_struct * if (tty->driver.flush_buffer) tty->driver.flush_buffer(tty); - if (tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer(tty); + tty_ldisc_flush(tty); tty->closing = 0; info->event = 0; info->tty = 0; - if (tty->ldisc.num != ldiscs[N_TTY].num) { + if (tty->ldisc.num != N_TTY) { if (tty->ldisc.close) (tty->ldisc.close) (tty); - tty->ldisc = ldiscs[N_TTY]; + tty->ldisc = *(tty_ldisc_get(N_TTY)); tty->termios->c_line = N_TTY; if (tty->ldisc.open) (tty->ldisc.open) (tty); diff -urNp linux-2.4.28/drivers/char/epca.c linux-2.4.28-new/drivers/char/epca.c --- linux-2.4.28/drivers/char/epca.c 2003-06-13 10:51:33 -0400 +++ linux-2.4.28-new/drivers/char/epca.c 2005-01-07 11:34:08 -0500 @@ -585,9 +585,7 @@ static void pc_close(struct tty_struct * if (tty->driver.flush_buffer) tty->driver.flush_buffer(tty); - if (tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer(tty); - + tty_ldisc_flush(tty); shutdown(ch); tty->closing = 0; ch->event = 0; @@ -692,15 +690,13 @@ static void pc_hangup(struct tty_struct cli(); if (tty->driver.flush_buffer) tty->driver.flush_buffer(tty); - - if (tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer(tty); - + + tty_ldisc_flush(tty); + shutdown(ch); if (ch->count) MOD_DEC_USE_COUNT; - ch->tty = NULL; ch->event = 0; @@ -1175,9 +1171,7 @@ static void pc_flush_buffer(struct tty_s memoff(ch); restore_flags(flags); - wake_up_interruptible(&tty->write_wait); - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); + tty_wakeup(tty); } /* End pc_flush_buffer */ @@ -2383,10 +2377,7 @@ static void doevent(int crd) { /* Begin if LOWWAIT */ ch->statusflags &= ~LOWWAIT; - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); - wake_up_interruptible(&tty->write_wait); + tty_wakeup(tty); } /* End if LOWWAIT */ @@ -2402,11 +2393,7 @@ static void doevent(int crd) { /* Begin if EMPTYWAIT */ ch->statusflags &= ~EMPTYWAIT; - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); - - wake_up_interruptible(&tty->write_wait); + tty_wakeup(tty); } /* End if EMPTYWAIT */ @@ -3255,8 +3242,8 @@ static int pc_ioctl(struct tty_struct *t } else { - if (tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer(tty); + /* ldisc lock already held in ioctl */ + tty_ldisc_flush(tty); } /* Fall Thru */ diff -urNp linux-2.4.28/drivers/char/esp.c linux-2.4.28-new/drivers/char/esp.c --- linux-2.4.28/drivers/char/esp.c 2002-08-02 20:39:43 -0400 +++ linux-2.4.28-new/drivers/char/esp.c 2005-01-07 11:34:08 -0500 @@ -786,10 +786,7 @@ static void do_softint(void *private_) return; if (test_and_clear_bit(ESP_EVENT_WRITE_WAKEUP, &info->event)) { - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); - wake_up_interruptible(&tty->write_wait); + tty_wakeup(tty); } } @@ -1395,10 +1392,7 @@ static void rs_flush_buffer(struct tty_s cli(); info->xmit_cnt = info->xmit_head = info->xmit_tail = 0; sti(); - wake_up_interruptible(&tty->write_wait); - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); + tty_wakeup(tty); } /* @@ -2115,8 +2109,7 @@ static void rs_close(struct tty_struct * shutdown(info); if (tty->driver.flush_buffer) tty->driver.flush_buffer(tty); - if (tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer(tty); + tty_ldisc_flush(tty); tty->closing = 0; info->event = 0; info->tty = 0; diff -urNp linux-2.4.28/drivers/char/generic_serial.c linux-2.4.28-new/drivers/char/generic_serial.c --- linux-2.4.28/drivers/char/generic_serial.c 2002-11-28 18:53:12 -0500 +++ linux-2.4.28-new/drivers/char/generic_serial.c 2005-01-07 11:34:08 -0500 @@ -439,10 +439,7 @@ void gs_flush_buffer(struct tty_struct * port->xmit_cnt = port->xmit_head = port->xmit_tail = 0; restore_flags(flags); - wake_up_interruptible(&tty->write_wait); - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); + tty_wakeup(tty); func_exit (); } @@ -582,10 +579,7 @@ void gs_do_softint(void *private_) if (!tty) return; if (test_and_clear_bit(RS_EVENT_WRITE_WAKEUP, &port->event)) { - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); - wake_up_interruptible(&tty->write_wait); + tty_wakeup(tty); } func_exit (); } @@ -729,8 +723,8 @@ void gs_close(struct tty_struct * tty, s { unsigned long flags; struct gs_port *port; - - func_enter (); + + func_enter(); if (!tty) return; @@ -803,8 +797,7 @@ void gs_close(struct tty_struct * tty, s if (tty->driver.flush_buffer) tty->driver.flush_buffer(tty); - if (tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer(tty); + tty_ldisc_flush(tty); tty->closing = 0; port->event = 0; diff -urNp linux-2.4.28/drivers/char/hvc_console.c linux-2.4.28-new/drivers/char/hvc_console.c --- linux-2.4.28/drivers/char/hvc_console.c 2004-02-18 08:36:31 -0500 +++ linux-2.4.28-new/drivers/char/hvc_console.c 2005-01-07 11:34:08 -0500 @@ -217,10 +217,7 @@ static void hvc_poll(int index) if (hp->do_wakeup) { hp->do_wakeup = 0; - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) - && tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); - wake_up_interruptible(&tty->write_wait); + tty_wakeup(tty); } } diff -urNp linux-2.4.28/drivers/char/ip2/i2lib.c linux-2.4.28-new/drivers/char/ip2/i2lib.c --- linux-2.4.28/drivers/char/ip2/i2lib.c 2002-08-02 20:39:43 -0400 +++ linux-2.4.28-new/drivers/char/ip2/i2lib.c 2005-01-07 11:34:08 -0500 @@ -1385,15 +1385,9 @@ ip2_owake( PTTY tp) ip2trace (CHANN, ITRC_SICMD, 10, 2, tp->flags, (1 << TTY_DO_WRITE_WAKEUP) ); - wake_up_interruptible ( &tp->write_wait ); - if ( ( tp->flags & (1 << TTY_DO_WRITE_WAKEUP) ) - && tp->ldisc.write_wakeup ) - { - (tp->ldisc.write_wakeup) ( tp ); - - ip2trace (CHANN, ITRC_SICMD, 11, 0 ); + tty_wakeup(tp); + ip2trace (CHANN, ITRC_SICMD, 11, 0 ); - } } static inline void diff -urNp linux-2.4.28/drivers/char/ip2main.c linux-2.4.28-new/drivers/char/ip2main.c --- linux-2.4.28/drivers/char/ip2main.c 2004-11-17 06:54:21 -0500 +++ linux-2.4.28-new/drivers/char/ip2main.c 2005-01-07 11:34:08 -0500 @@ -1462,8 +1462,7 @@ isig(int sig, struct tty_struct *tty, in if (tty->pgrp > 0) kill_pg(tty->pgrp, sig, 1); if (flush || !L_NOFLSH(tty)) { - if ( tty->ldisc.flush_buffer ) - tty->ldisc.flush_buffer(tty); + tty_ldisc_flush(tty); i2InputFlush( tty->driver_data ); } } @@ -1853,8 +1852,7 @@ ip2_close( PTTY tty, struct file *pFile if ( tty->driver.flush_buffer ) tty->driver.flush_buffer(tty); - if ( tty->ldisc.flush_buffer ) - tty->ldisc.flush_buffer(tty); + tty_ldisc_flush(tty); tty->closing = 0; pCh->pTTY = NULL; diff -urNp linux-2.4.28/drivers/char/isicom.c linux-2.4.28-new/drivers/char/isicom.c --- linux-2.4.28/drivers/char/isicom.c 2003-06-13 10:51:33 -0400 +++ linux-2.4.28-new/drivers/char/isicom.c 2005-01-07 11:34:08 -0500 @@ -502,11 +502,8 @@ static void isicom_bottomhalf(void * dat if (!tty) return; - - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); - wake_up_interruptible(&tty->write_wait); + + tty_wakeup(tty); } /* main interrupt handler routine */ @@ -1199,8 +1196,8 @@ static void isicom_close(struct tty_stru isicom_shutdown_port(port); if (tty->driver.flush_buffer) tty->driver.flush_buffer(tty); - if (tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer(tty); + + tty_ldisc_flush(tty); tty->closing = 0; port->tty = 0; if (port->blocked_open) { @@ -1670,10 +1667,7 @@ static void isicom_flush_buffer(struct t port->xmit_cnt = port->xmit_head = port->xmit_tail = 0; restore_flags(flags); - wake_up_interruptible(&tty->write_wait); - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); + tty_wakeup(tty); } diff -urNp linux-2.4.28/drivers/char/istallion.c linux-2.4.28-new/drivers/char/istallion.c --- linux-2.4.28/drivers/char/istallion.c 2004-11-17 06:54:21 -0500 +++ linux-2.4.28-new/drivers/char/istallion.c 2005-01-07 11:34:08 -0500 @@ -1214,8 +1214,7 @@ static void stli_close(struct tty_struct clear_bit(ST_TXBUSY, &portp->state); clear_bit(ST_RXSTOP, &portp->state); set_bit(TTY_IO_ERROR, &tty->flags); - if (tty->ldisc.flush_buffer) - (tty->ldisc.flush_buffer)(tty); + tty_ldisc_flush(tty); set_bit(ST_DOFLUSHRX, &portp->state); stli_flushbuffer(tty); @@ -2477,10 +2476,7 @@ static void stli_flushbuffer(struct tty_ } restore_flags(flags); - wake_up_interruptible(&tty->write_wait); - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); + tty_wakeup(tty); } /*****************************************************************************/ @@ -2915,6 +2911,7 @@ static inline int stli_hostcmd(stlibrd_t asynotify_t nt; unsigned long oldsigs; int rc, donerx; + struct tty_ldisc *ld; #if DEBUG printk(KERN_DEBUG "stli_hostcmd(brdp=%x,channr=%d)\n", @@ -3014,10 +3011,15 @@ static inline int stli_hostcmd(stlibrd_t clear_bit(ST_TXBUSY, &portp->state); if (nt.data & (DT_TXEMPTY | DT_TXLOW)) { if (tty != (struct tty_struct *) NULL) { - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) { - (tty->ldisc.write_wakeup)(tty); - EBRDENABLE(brdp); + if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP))) { + ld = tty_ldisc_ref(tty); + if(ld) { + if(ld->write_wakeup) { + ld->write_wakeup(tty); + EBRDENABLE(brdp); + } + tty_ldisc_deref(ld); + } } wake_up_interruptible(&tty->write_wait); } diff -urNp linux-2.4.28/drivers/char/moxa.c linux-2.4.28-new/drivers/char/moxa.c --- linux-2.4.28/drivers/char/moxa.c 2001-10-25 16:53:47 -0400 +++ linux-2.4.28-new/drivers/char/moxa.c 2005-01-07 11:34:08 -0500 @@ -677,8 +677,8 @@ static void moxa_close(struct tty_struct if (tty->driver.flush_buffer) tty->driver.flush_buffer(tty); - if (tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer(tty); + tty_ldisc_flush(tty); + tty->closing = 0; ch->event = 0; ch->tty = 0; @@ -754,10 +754,7 @@ static void moxa_flush_buffer(struct tty if (ch == NULL) return; MoxaPortFlushData(ch->port, 1); - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup) (tty); - wake_up_interruptible(&tty->write_wait); + tty_wakeup(tty); } static int moxa_chars_in_buffer(struct tty_struct *tty) @@ -1011,10 +1008,7 @@ static void moxa_poll(unsigned long igno if (MoxaPortTxQueue(ch->port) <= WAKEUP_CHARS) { if (!tp->stopped) { ch->statusflags &= ~LOWWAIT; - if ((tp->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tp->ldisc.write_wakeup) - (tp->ldisc.write_wakeup) (tp); - wake_up_interruptible(&tp->write_wait); + tty_wakeup(tp); } } } @@ -1203,10 +1197,7 @@ static void check_xmit_empty(unsigned lo if (ch->tty && (ch->statusflags & EMPTYWAIT)) { if (MoxaPortTxQueue(ch->port) == 0) { ch->statusflags &= ~EMPTYWAIT; - if ((ch->tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - ch->tty->ldisc.write_wakeup) - (ch->tty->ldisc.write_wakeup) (ch->tty); - wake_up_interruptible(&ch->tty->write_wait); + tty_wakeup(ch->tty); return; } moxaEmptyTimer[ch->port].expires = jiffies + HZ; @@ -1771,6 +1762,8 @@ int MoxaDriverIoctl(unsigned int cmd, un return -EFAULT; if(dltmp.cardno < 0 || dltmp.cardno >= MAX_BOARDS) return -EINVAL; + if(dltmp.len < 0 || dltmp.len > sizeof(moxaBuff)) + return -EINVAL; switch(cmd) { @@ -2927,8 +2920,6 @@ static int moxaload320b(int cardno, unsi unsigned long baseAddr; int i; - if(len > sizeof(moxaBuff)) - return -EINVAL; if(copy_from_user(moxaBuff, tmp, len)) return -EFAULT; baseAddr = moxaBaseAddr[cardno]; diff -urNp linux-2.4.28/drivers/char/mux.c linux-2.4.28-new/drivers/char/mux.c --- linux-2.4.28/drivers/char/mux.c 2003-06-13 10:51:33 -0400 +++ linux-2.4.28-new/drivers/char/mux.c 2005-01-07 11:34:08 -0500 @@ -429,8 +429,7 @@ mux_close(struct tty_struct *tty, struct if (tty->driver.flush_buffer) tty->driver.flush_buffer(tty); - if (tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer(tty); + tty_ldisc_flush(tty); tty->closing = 0; info->event = 0; info->tty = 0; diff -urNp linux-2.4.28/drivers/char/mxser.c linux-2.4.28-new/drivers/char/mxser.c --- linux-2.4.28/drivers/char/mxser.c 2004-11-17 06:54:21 -0500 +++ linux-2.4.28-new/drivers/char/mxser.c 2005-01-07 11:34:08 -0500 @@ -725,10 +725,7 @@ static void mxser_do_softint(void *priva tty = info->tty; if (tty) { if (test_and_clear_bit(MXSER_EVENT_TXLOW, &info->event)) { - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup) (tty); - wake_up_interruptible(&tty->write_wait); + tty_wakeup(tty); } if (test_and_clear_bit(MXSER_EVENT_HANGUP, &info->event)) { tty_hangup(tty); /* FIXME: module removal race here - AKPM */ @@ -890,8 +887,8 @@ static void mxser_close(struct tty_struc mxser_shutdown(info); if (tty->driver.flush_buffer) tty->driver.flush_buffer(tty); - if (tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer(tty); + tty_ldisc_flush(tty); + tty->closing = 0; info->event = 0; info->tty = 0; @@ -1050,10 +1047,7 @@ static void mxser_flush_buffer(struct tt cli(); info->xmit_cnt = info->xmit_head = info->xmit_tail = 0; restore_flags(flags); - wake_up_interruptible(&tty->write_wait); - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup) (tty); + tty_wakeup(tty); } static int mxser_ioctl(struct tty_struct *tty, struct file *file, diff -urNp linux-2.4.28/drivers/char/n_hdlc.c linux-2.4.28-new/drivers/char/n_hdlc.c --- linux-2.4.28/drivers/char/n_hdlc.c 2003-11-28 13:26:20 -0500 +++ linux-2.4.28-new/drivers/char/n_hdlc.c 2005-01-07 11:34:08 -0500 @@ -351,9 +351,8 @@ static int n_hdlc_tty_open (struct tty_s #endif /* Flush any pending characters in the driver and discipline. */ - - if (tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer (tty); + + tty_ldisc_flush(tty); if (tty->driver.flush_buffer) tty->driver.flush_buffer (tty); diff -urNp linux-2.4.28/drivers/char/n_r3964.c linux-2.4.28-new/drivers/char/n_r3964.c --- linux-2.4.28/drivers/char/n_r3964.c 2003-06-13 10:51:33 -0400 +++ linux-2.4.28-new/drivers/char/n_r3964.c 2005-01-07 11:34:08 -0500 @@ -158,7 +158,8 @@ static struct tty_ldisc tty_ldisc_N_R396 r3964_write, /* write */ r3964_ioctl, /* ioctl */ r3964_set_termios, /* set_termios */ - r3964_poll, /* poll */ + r3964_poll, /* poll */ + NULL, /* hangup */ r3964_receive_buf, /* receive_buf */ r3964_receive_room, /* receive_room */ 0 /* write_wakeup */ diff -urNp linux-2.4.28/drivers/char/n_tty.c linux-2.4.28-new/drivers/char/n_tty.c --- linux-2.4.28/drivers/char/n_tty.c 2003-08-25 07:44:41 -0400 +++ linux-2.4.28-new/drivers/char/n_tty.c 2005-01-07 11:34:08 -0500 @@ -112,11 +112,18 @@ static inline void put_tty_queue(unsigne spin_unlock_irqrestore(&tty->read_lock, flags); } -/* - * Check whether to call the driver.unthrottle function. - * We test the TTY_THROTTLED bit first so that it always - * indicates the current state. +/** + * check_unthrottle - allow new receive data + * @tty; tty device + * + * Check whether to call the driver.unthrottle function. + * We test the TTY_THROTTLED bit first so that it always + * indicates the current state. The decision about whether + * it is worth allowing more input has been taken by the caller. + * Can sleep, may be called under the atomic_read semaphore but + * this is not guaranteed. */ + static void check_unthrottle(struct tty_struct * tty) { if (tty->count && @@ -125,10 +132,13 @@ static void check_unthrottle(struct tty_ tty->driver.unthrottle(tty); } -/* - * Reset the read buffer counters, clear the flags, - * and make sure the driver is unthrottled. Called - * from n_tty_open() and n_tty_flush_buffer(). +/** + * reset_buffer_flags - reset buffer state + * @tty: terminal to reset + * + * Reset the read buffer counters, clear the flags, + * and make sure the driver is unthrottled. Called + * from n_tty_open() and n_tty_flush_buffer(). */ static void reset_buffer_flags(struct tty_struct *tty) { @@ -142,9 +152,19 @@ static void reset_buffer_flags(struct tt check_unthrottle(tty); } -/* - * Flush the input buffer +/** + * n_tty_flush_buffer - clean input queue + * @tty: terminal device + * + * Flush the input buffer. Called when the line discipline is + * being closed, when the tty layer wants the buffer flushed (eg + * at hangup) or when the N_TTY line discipline internally has to + * clean the pending queue (for example some signals). + * + * FIXME: tty->ctrl_status is not spinlocked and relies on + * lock_kernel() still. */ + void n_tty_flush_buffer(struct tty_struct * tty) { /* clear everything and unthrottle the driver */ @@ -159,9 +179,14 @@ void n_tty_flush_buffer(struct tty_struc } } -/* - * Return number of characters buffered to be delivered to user +/** + * n_tty_chars_in_buffer - report available bytes + * @tty: tty device + * + * Report the number of characters buffered to be delivered to user + * at this instant in time. */ + ssize_t n_tty_chars_in_buffer(struct tty_struct *tty) { unsigned long flags; @@ -242,10 +267,20 @@ static int opost(unsigned char c, struct return 0; } -/* - * opost_block --- to speed up block console writes, among other - * things. +/** + * opost_block - block postprocess + * @tty: terminal device + * @inbuf: user buffer + * @nr: number of bytes + * + * This path is used to speed up block console writes, among other + * things when processing blocks of output data. It handles only + * the simple cases normally found and helps to generate blocks of + * symbols for the console driver and thus improve performance. + * + * Called from write_chan under the tty layer write lock. */ + static ssize_t opost_block(struct tty_struct * tty, const unsigned char * inbuf, unsigned int nr) { @@ -334,6 +369,16 @@ static inline void finish_erasing(struct } } +/** + * eraser - handle erase function + * @c: character input + * @tty: terminal device + * + * Perform erase and neccessary output when an erase character is + * present in the stream from the driver layer. Handles the complexities + * of UTF-8 multibyte symbols. + */ + static void eraser(unsigned char c, struct tty_struct *tty) { enum { ERASE, WERASE, KILL } kill_type; @@ -450,6 +495,18 @@ static void eraser(unsigned char c, stru finish_erasing(tty); } +/** + * isig - handle the ISIG optio + * @sig: signal + * @tty: terminal + * @flush: force flush + * + * Called when a signal is being sent due to terminal input. This + * may caus terminal flushing to take place according to the termios + * settings and character used. Called from the driver receive_buf + * path so serialized. + */ + static inline void isig(int sig, struct tty_struct *tty, int flush) { if (tty->pgrp > 0) @@ -461,6 +518,16 @@ static inline void isig(int sig, struct } } +/** + * n_tty_receive_break - handle break + * @tty: terminal + * + * An RS232 break event has been hit in the incoming bitstream. This + * can cause a variety of events depending upon the termios settings. + * + * Called from the receive_buf path so single threaded. + */ + static inline void n_tty_receive_break(struct tty_struct *tty) { if (I_IGNBRK(tty)) @@ -477,19 +544,40 @@ static inline void n_tty_receive_break(s wake_up_interruptible(&tty->read_wait); } +/** + * n_tty_receive_overrun - handle overrun reporting + * @tty: terminal + * + * Data arrived faster than we could process it. While the tty + * driver has flagged this the bits that were missed are gone + * forever. + * + * Called from the receive_buf path so single threaded. Does not + * need locking as num_overrun and overrun_time are function + * private. + */ + static inline void n_tty_receive_overrun(struct tty_struct *tty) { char buf[64]; tty->num_overrun++; if (time_before(tty->overrun_time, jiffies - HZ)) { - printk("%s: %d input overrun(s)\n", tty_name(tty, buf), + printk(KERN_WARNING "%s: %d input overrun(s)\n", tty_name(tty, buf), tty->num_overrun); tty->overrun_time = jiffies; tty->num_overrun = 0; } } +/** + * n_tty_receive_parity_error - error notifier + * @tty: terminal device + * @c: character + * + * Process a parity error and queue the right data to indicate + * the error case if neccessary. Locking as per n_tty_receive_buf. + */ static inline void n_tty_receive_parity_error(struct tty_struct *tty, unsigned char c) { @@ -507,6 +595,16 @@ static inline void n_tty_receive_parity_ wake_up_interruptible(&tty->read_wait); } +/** + * n_tty_receive_char - perform processing + * @tty: terminal device + * @c: character + * + * Process an individual character of input received from the driver. + * This is serialized with respect to itself by the rules for the + * driver above. + */ + static inline void n_tty_receive_char(struct tty_struct *tty, unsigned char c) { unsigned long flags; @@ -698,6 +796,16 @@ send_signal: put_tty_queue(c, tty); } +/** + * n_tty_receive_room - receive space + * @tty: terminal + * + * Called by the driver to find out how much data it is + * permitted to feed to the line discipline without any being lost + * and thus to manage flow control. Not serialized. Answers for the + * "instant". + */ + static int n_tty_receive_room(struct tty_struct *tty) { int left = N_TTY_BUF_SIZE - tty->read_cnt - 1; @@ -716,10 +824,13 @@ static int n_tty_receive_room(struct tty return 0; } -/* - * Required for the ptys, serial driver etc. since processes - * that attach themselves to the master and rely on ASYNC - * IO must be woken up +/** + * n_tty_write_wakeup - asynchronous I/O notifier + * @tty: tty device + * + * Required for the ptys, serial driver etc. since processes + * that attach themselves to the master and rely on ASYNC + * IO must be woken up */ static void n_tty_write_wakeup(struct tty_struct *tty) @@ -732,6 +843,19 @@ static void n_tty_write_wakeup(struct tt return; } +/** + * n_tty_receive_buf - data receive + * @tty: terminal device + * @cp: buffer + * @fp: flag buffer + * @count: characters + * + * Called by the terminal driver when a block of characters has + * been received. This function must be called from soft contexts + * not from interrupt context. The driver is responsible for making + * calls one at a time and in order (or using queue_ldisc) + */ + static void n_tty_receive_buf(struct tty_struct *tty, const unsigned char *cp, char *fp, int count) { @@ -813,6 +937,18 @@ int is_ignored(int sig) current->sig->action[sig-1].sa.sa_handler == SIG_IGN); } +/** + * n_tty_set_termios - termios data changed + * @tty: terminal + * @old: previous data + * + * Called by the tty layer when the user changes termios flags so + * that the line discipline can plan ahead. This function cannot sleep + * and is protected from re-entry by the tty layer. The user is + * guaranteed that this function will not be re-entered or in progress + * when the ldisc is closed. + */ + static void n_tty_set_termios(struct tty_struct *tty, struct termios * old) { if (!tty) @@ -828,7 +964,6 @@ static void n_tty_set_termios(struct tty I_ICRNL(tty) || I_INLCR(tty) || L_ICANON(tty) || I_IXON(tty) || L_ISIG(tty) || L_ECHO(tty) || I_PARMRK(tty)) { - cli(); memset(tty->process_char_map, 0, 256/8); if (I_IGNCR(tty) || I_ICRNL(tty)) @@ -864,7 +999,6 @@ static void n_tty_set_termios(struct tty set_bit(SUSP_CHAR(tty), &tty->process_char_map); } clear_bit(__DISABLED_CHAR, &tty->process_char_map); - sti(); tty->raw = 0; tty->real_raw = 0; } else { @@ -878,6 +1012,16 @@ static void n_tty_set_termios(struct tty } } +/** + * n_tty_close - close the ldisc for this tty + * @tty: device + * + * Called from the terminal layer when this line discipline is + * being shut down, either because of a close or becsuse of a + * discipline change. The function will not be called while other + * ldisc methods are in progress. + */ + static void n_tty_close(struct tty_struct *tty) { n_tty_flush_buffer(tty); @@ -887,11 +1031,22 @@ static void n_tty_close(struct tty_struc } } +/** + * n_tty_open - open an ldisc + * @tty: terminal to open + * + * Called when this line discipline is being attached to the + * terminal device. Can sleep. Called serialized so that no + * other events will occur in parallel. No further open will occur + * until a close. + */ + static int n_tty_open(struct tty_struct *tty) { if (!tty) return -EINVAL; + /* This one is ugly. Currently a malloc failure here can panic */ if (!tty->read_buf) { tty->read_buf = alloc_buf(); if (!tty->read_buf) @@ -917,14 +1072,23 @@ static inline int input_available_p(stru return 0; } -/* - * Helper function to speed up read_chan. It is only called when - * ICANON is off; it copies characters straight from the tty queue to - * user space directly. It can be profitably called twice; once to - * drain the space from the tail pointer to the (physical) end of the - * buffer, and once to drain the space from the (physical) beginning of - * the buffer to head pointer. +/** + * copy_from_read_buf - copy read data directly + * @tty: terminal device + * @b: user data + * @nr: size of data + * + * Helper function to speed up read_chan. It is only called when + * ICANON is off; it copies characters straight from the tty queue to + * user space directly. It can be profitably called twice; once to + * drain the space from the tail pointer to the (physical) end of the + * buffer, and once to drain the space from the (physical) beginning of + * the buffer to head pointer. + * + * Called under the tty->atomic_read sem and with TTY_DONT_FLIP set + * */ + static inline int copy_from_read_buf(struct tty_struct *tty, unsigned char **b, size_t *nr) @@ -952,25 +1116,18 @@ static inline int copy_from_read_buf(str return retval; } -static ssize_t read_chan(struct tty_struct *tty, struct file *file, - unsigned char *buf, size_t nr) -{ - unsigned char *b = buf; - DECLARE_WAITQUEUE(wait, current); - int c; - int minimum, time; - ssize_t retval = 0; - ssize_t size; - long timeout; - unsigned long flags; - -do_it_again: - - if (!tty->read_buf) { - printk("n_tty_read_chan: called with read_buf == NULL?!?\n"); - return -EIO; - } +/** + * job_control - check job control + * @tty: tty + * @file: file handle + * + * Perform job control management checks on this file/tty descriptor + * and if appropriate send any needed signals and return a negative + * error code if action should be taken. + */ +static int job_control(struct tty_struct *tty, struct file *file) +{ /* Job control check -- must be done at start and after every sleep (POSIX.1 7.1.1.4). */ /* NOTE: not yet done after every sleep pending a thorough @@ -989,7 +1146,48 @@ do_it_again: return -ERESTARTSYS; } } + return 0; +} + +/** + * read_chan - read function for tty + * @tty: tty device + * @file: file object + * @buf: userspace buffer pointer + * @nr: size of I/O + * + * Perform reads for the line discipline. We are guaranteed that the + * line discipline will not be closed under us but we may get multiple + * parallel readers and must handle this ourselves. We may also get + * a hangup. Always called in user context, may sleep. + * + * This code must be sure never to sleep through a hangup. + */ + +static ssize_t read_chan(struct tty_struct *tty, struct file *file, + unsigned char __user *buf, size_t nr) +{ + unsigned char __user *b = buf; + DECLARE_WAITQUEUE(wait, current); + int c; + int minimum, time; + ssize_t retval = 0; + ssize_t size; + long timeout; + unsigned long flags; + +do_it_again: + + if (!tty->read_buf) { + printk("n_tty_read_chan: called with read_buf == NULL?!?\n"); + return -EIO; + } + + c = job_control(tty, file); + if(c < 0) + return c; + minimum = time = 0; timeout = MAX_SCHEDULE_TIMEOUT; if (!tty->icanon) { @@ -1011,6 +1209,9 @@ do_it_again: } } + /* + * Internal serialization of reads. + */ if (file->f_flags & O_NONBLOCK) { if (down_trylock(&tty->atomic_read)) return -EAGAIN; @@ -1146,6 +1347,21 @@ do_it_again: return retval; } +/** + * write_chan - write function for tty + * @tty: tty device + * @file: file object + * @buf: userspace buffer pointer + * @nr: size of I/O + * + * Write function of the terminal device. This is serialized with + * respect to other write callers but not to termios changes, reads + * and other such events. We must be careful with N_TTY as the receive + * code will echo characters, thus calling driver write methods. + * + * This code must be sure never to sleep through a hangup. + */ + static ssize_t write_chan(struct tty_struct * tty, struct file * file, const unsigned char * buf, size_t nr) { @@ -1217,7 +1433,25 @@ break_out: return (b - buf) ? b - buf : retval; } -/* Called without the kernel lock held - fine */ +/** + * normal_poll - poll method for N_TTY + * @tty: terminal device + * @file: file accessing it + * @wait: poll table + * + * Called when the line discipline is asked to poll() for data or + * for special events. This code is not serialized with respect to + * other events save open/close. + * + * This code must be sure never to sleep through a hangup. + * Called without the kernel lock held - fine + * + * FIXME: if someone changes the VMIN or discipline settings for the + * terminal while another process is in poll() the poll does not + * recompute the new limits. Possibly set_termios should issue + * a read wakeup to fix this bug. + */ + static unsigned int normal_poll(struct tty_struct * tty, struct file * file, poll_table *wait) { unsigned int mask = 0; @@ -1258,6 +1492,7 @@ struct tty_ldisc tty_ldisc_N_TTY = { n_tty_ioctl, /* ioctl */ n_tty_set_termios, /* set_termios */ normal_poll, /* poll */ + NULL, /* hangup */ n_tty_receive_buf, /* receive_buf */ n_tty_receive_room, /* receive_room */ n_tty_write_wakeup /* write_wakeup */ diff -urNp linux-2.4.28/drivers/char/pcmcia/synclink_cs.c linux-2.4.28-new/drivers/char/pcmcia/synclink_cs.c --- linux-2.4.28/drivers/char/pcmcia/synclink_cs.c 2003-11-28 13:26:20 -0500 +++ linux-2.4.28-new/drivers/char/pcmcia/synclink_cs.c 2005-01-07 11:34:08 -0500 @@ -553,6 +553,29 @@ static void cs_error(client_handle_t han static void* mgslpc_get_text_ptr(void); static void* mgslpc_get_text_ptr() {return mgslpc_get_text_ptr;} +/** + * line discipline callback wrappers + * + * The wrappers maintain line discipline references + * while calling into the line discipline. + * + * ldisc_receive_buf - pass receive data to line discipline + */ + +static void ldisc_receive_buf(struct tty_struct *tty, + const __u8 *data, char *flags, int count) +{ + struct tty_ldisc *ld; + if (!tty) + return; + ld = tty_ldisc_ref(tty); + if (ld) { + if (ld->receive_buf) + ld->receive_buf(tty, data, flags, count); + tty_ldisc_deref(ld); + } +} + static dev_link_t *mgslpc_attach(void) { MGSLPC_INFO *info; @@ -1027,13 +1050,7 @@ void bh_transmit(MGSLPC_INFO *info) printk("bh_transmit() entry on %s\n", info->device_name); if (tty) { - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) { - if ( debug_level >= DEBUG_LEVEL_BH ) - printk( "%s(%d):calling ldisc.write_wakeup on %s\n", - __FILE__,__LINE__,info->device_name); - (tty->ldisc.write_wakeup)(tty); - } + tty_wakeup(tty); wake_up_interruptible(&tty->write_wait); } } @@ -1917,11 +1934,9 @@ static void mgslpc_flush_buffer(struct t info->tx_count = info->tx_put = info->tx_get = 0; del_timer(&info->tx_timer); spin_unlock_irqrestore(&info->lock,flags); - + wake_up_interruptible(&tty->write_wait); - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); + tty_wakeup(tty); } /* Send a high-priority XON/XOFF character @@ -2685,9 +2700,8 @@ static void mgslpc_close(struct tty_stru if (tty->driver.flush_buffer) tty->driver.flush_buffer(tty); - - if (tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer(tty); + + tty_ldisc_flush(tty); shutdown(info); @@ -4199,11 +4213,7 @@ int rx_get_frame(MGSLPC_INFO *info) } else #endif - { - /* Call the line discipline receive callback directly. */ - if (tty && tty->ldisc.receive_buf) - tty->ldisc.receive_buf(tty, buf->data, info->flag_buf, framesize); - } + ldisc_receive_buf(tty, buf->data, info->flag_buf, framesize); } } diff -urNp linux-2.4.28/drivers/char/pcxx.c linux-2.4.28-new/drivers/char/pcxx.c --- linux-2.4.28/drivers/char/pcxx.c 2002-11-28 18:53:12 -0500 +++ linux-2.4.28-new/drivers/char/pcxx.c 2005-01-07 11:34:08 -0500 @@ -619,28 +619,11 @@ static void pcxe_close(struct tty_struct if(tty->driver.flush_buffer) tty->driver.flush_buffer(tty); - if(tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer(tty); + tty_ldisc_flush(tty); shutdown(info); tty->closing = 0; info->event = 0; info->tty = NULL; -#ifndef MODULE -/* ldiscs[] is not available in a MODULE -** worth noting that while I'm not sure what this hunk of code is supposed -** to do, it is not present in the serial.c driver. Hmmm. If you know, -** please send me a note. brian@ilinx.com -** Don't know either what this is supposed to do christoph@lameter.com. -*/ - if(tty->ldisc.num != ldiscs[N_TTY].num) { - if(tty->ldisc.close) - (tty->ldisc.close)(tty); - tty->ldisc = ldiscs[N_TTY]; - tty->termios->c_line = N_TTY; - if(tty->ldisc.open) - (tty->ldisc.open)(tty); - } -#endif if(info->blocked_open) { if(info->close_delay) { current->state = TASK_INTERRUPTIBLE; @@ -883,9 +866,7 @@ static void pcxe_flush_buffer(struct tty memoff(ch); restore_flags(flags); - wake_up_interruptible(&tty->write_wait); - if((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); + tty_wakeup(tty); } static void pcxe_flush_chars(struct tty_struct *tty) @@ -1793,10 +1774,7 @@ static void doevent(int crd) if (event & LOWTX_IND) { if (ch->statusflags & LOWWAIT) { ch->statusflags &= ~LOWWAIT; - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); - wake_up_interruptible(&tty->write_wait); + tty_wakeup(tty); } } @@ -1804,10 +1782,7 @@ static void doevent(int crd) ch->statusflags &= ~TXBUSY; if (ch->statusflags & EMPTYWAIT) { ch->statusflags &= ~EMPTYWAIT; - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); - wake_up_interruptible(&tty->write_wait); + tty_wakeup(tty); } } } @@ -2254,8 +2229,7 @@ static int pcxe_ioctl(struct tty_struct tty_wait_until_sent(tty, 0); } else { - if(tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer(tty); + tty_ldisc_flush(tty); } /* Fall Thru */ diff -urNp linux-2.4.28/drivers/char/pdc_console.c linux-2.4.28-new/drivers/char/pdc_console.c --- linux-2.4.28/drivers/char/pdc_console.c 2003-06-13 10:51:33 -0400 +++ linux-2.4.28-new/drivers/char/pdc_console.c 2005-01-07 11:34:08 -0500 @@ -463,8 +463,7 @@ pdc_close(struct tty_struct *tty, struct if (tty->driver.flush_buffer) tty->driver.flush_buffer(tty); - if (tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer(tty); + tty_ldisc_flush(tty); tty->closing = 0; info->event = 0; info->tty = 0; diff -urNp linux-2.4.28/drivers/char/pty.c linux-2.4.28-new/drivers/char/pty.c --- linux-2.4.28/drivers/char/pty.c 2002-08-02 20:39:43 -0400 +++ linux-2.4.28-new/drivers/char/pty.c 2005-01-07 11:34:08 -0500 @@ -121,10 +121,7 @@ static void pty_unthrottle(struct tty_st if (!o_tty) return; - if ((o_tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - o_tty->ldisc.write_wakeup) - (o_tty->ldisc.write_wakeup)(o_tty); - wake_up_interruptible(&o_tty->write_wait); + tty_wakeup(o_tty); set_bit(TTY_THROTTLED, &tty->flags); } @@ -137,6 +134,10 @@ static void pty_unthrottle(struct tty_st * (2) avoid redundant copying for cases where count >> receive_room * N.B. Calls from user space may now return an error code instead of * a count. + * + * FIXME: Our pty_write method is called with our ldisc lock held but + * not our partners. We can't just take the other one blindly without + * risking deadlocks. There is also the small matter of TTY_DONT_FLIP */ static int pty_write(struct tty_struct * tty, int from_user, const unsigned char *buf, int count) @@ -299,9 +300,8 @@ static void pty_flush_buffer(struct tty_ if (!to) return; - - if (to->ldisc.flush_buffer) - to->ldisc.flush_buffer(to); + + tty_ldisc_flush(to); if (to->packet) { tty->ctrl_status |= TIOCPKT_FLUSHWRITE; diff -urNp linux-2.4.28/drivers/char/random.c linux-2.4.28-new/drivers/char/random.c --- linux-2.4.28/drivers/char/random.c 2005-01-07 11:33:20 -0500 +++ linux-2.4.28-new/drivers/char/random.c 2005-01-07 11:34:08 -0500 @@ -1794,7 +1794,7 @@ static int poolsize_strategy(ctl_table * void *oldval, size_t *oldlenp, void *newval, size_t newlen, void **context) { - int len; + size_t len; sysctl_poolsize = random_state->poolinfo.POOLBYTES; diff -urNp linux-2.4.28/drivers/char/rio/riointr.c linux-2.4.28-new/drivers/char/rio/riointr.c --- linux-2.4.28/drivers/char/rio/riointr.c 2001-09-10 12:04:53 -0400 +++ linux-2.4.28-new/drivers/char/rio/riointr.c 2005-01-07 11:34:08 -0500 @@ -248,12 +248,9 @@ char * en; rio_dprintk (RIO_DEBUG_INTR, "Waking up.... ldisc:%d (%d/%d)....", (int)(PortP->gs.tty->flags & (1 << TTY_DO_WRITE_WAKEUP)), PortP->gs.wakeup_chars, PortP->gs.xmit_cnt); - if ((PortP->gs.tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - PortP->gs.tty->ldisc.write_wakeup) - (PortP->gs.tty->ldisc.write_wakeup)(PortP->gs.tty); + tty_wakeup(PortP->gs.tty); rio_dprintk (RIO_DEBUG_INTR, "(%d/%d)\n", PortP->gs.wakeup_chars, PortP->gs.xmit_cnt); - wake_up_interruptible(&PortP->gs.tty->write_wait); } } diff -urNp linux-2.4.28/drivers/char/riscom8.c linux-2.4.28-new/drivers/char/riscom8.c --- linux-2.4.28/drivers/char/riscom8.c 2001-09-13 18:21:32 -0400 +++ linux-2.4.28-new/drivers/char/riscom8.c 2005-01-07 11:34:08 -0500 @@ -1200,8 +1200,7 @@ static void rc_close(struct tty_struct * rc_shutdown_port(bp, port); if (tty->driver.flush_buffer) tty->driver.flush_buffer(tty); - if (tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer(tty); + tty_ldisc_flush(tty); tty->closing = 0; port->event = 0; port->tty = 0; @@ -1375,9 +1374,7 @@ static void rc_flush_buffer(struct tty_s restore_flags(flags); wake_up_interruptible(&tty->write_wait); - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); + tty_wakeup(tty); } static int rc_get_modem_info(struct riscom_port * port, unsigned int *value) @@ -1734,10 +1731,7 @@ static void do_softint(void *private_) return; if (test_and_clear_bit(RS_EVENT_WRITE_WAKEUP, &port->event)) { - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); - wake_up_interruptible(&tty->write_wait); + tty_wakeup(tty); } } diff -urNp linux-2.4.28/drivers/char/rocket.c linux-2.4.28-new/drivers/char/rocket.c --- linux-2.4.28/drivers/char/rocket.c 2003-11-28 13:26:20 -0500 +++ linux-2.4.28-new/drivers/char/rocket.c 2005-01-07 11:34:08 -0500 @@ -241,9 +241,12 @@ static _INLINE_ void rp_do_receive(struc CHANNEL_t *cp, unsigned int ChanStatus) { unsigned int CharNStat; - int ToRecv, wRecv, space, count; + int ToRecv, wRecv, space = 0, count; unsigned char *cbuf; char *fbuf; + struct tty_ldisc *ld; + + ld = tty_ldisc_ref(tty); ToRecv= sGetRxCnt(cp); space = 2*TTY_FLIPBUF_SIZE; @@ -348,8 +351,8 @@ static _INLINE_ void rp_do_receive(struc fbuf += ToRecv; count += ToRecv; } - tty->ldisc.receive_buf(tty, tty->flip.char_buf, - tty->flip.flag_buf, count); + ld->receive_buf(tty, tty->flip.char_buf, tty->flip.flag_buf, count); + tty_ldisc_deref(ld); } /* @@ -400,10 +403,7 @@ static _INLINE_ void rp_do_transmit(stru if (info->xmit_cnt == 0) xmit_flags[info->line >> 5] &= ~(1 << (info->line & 0x1f)); if (info->xmit_cnt < WAKEUP_CHARS) { - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); - wake_up_interruptible(&tty->write_wait); + tty_wakeup(tty); } #ifdef ROCKET_DEBUG_INTR printk("(%d,%d,%d,%d)...", info->xmit_cnt, info->xmit_head, @@ -1128,8 +1128,7 @@ static void rp_close(struct tty_struct * } if (tty->driver.flush_buffer) tty->driver.flush_buffer(tty); - if (tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer(tty); + tty_ldisc_flush(tty); xmit_flags[info->line >> 5] &= ~(1 << (info->line & 0x1f)); if (info->blocked_open) { @@ -1806,10 +1805,7 @@ end_intr: restore_flags(flags); end: if (info->xmit_cnt < WAKEUP_CHARS) { - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); - wake_up_interruptible(&tty->write_wait); + tty_wakeup(tty); } return retval; } @@ -1868,9 +1864,7 @@ static void rp_flush_buffer(struct tty_s info->xmit_cnt = info->xmit_head = info->xmit_tail = 0; sti(); wake_up_interruptible(&tty->write_wait); - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); + tty_wakeup(tty); cp = &info->channel; diff -urNp linux-2.4.28/drivers/char/selection.c linux-2.4.28-new/drivers/char/selection.c --- linux-2.4.28/drivers/char/selection.c 2001-09-07 12:28:38 -0400 +++ linux-2.4.28-new/drivers/char/selection.c 2005-01-07 11:34:08 -0500 @@ -290,9 +290,11 @@ int paste_selection(struct tty_struct *t { struct vt_struct *vt = (struct vt_struct *) tty->driver_data; int pasted = 0, count; + struct tty_ldisc *ld; DECLARE_WAITQUEUE(wait, current); poke_blanked_console(); + ld = tty_ldisc_ref_wait(tty); add_wait_queue(&vt->paste_wait, &wait); while (sel_buffer && sel_buffer_lth > pasted) { set_current_state(TASK_INTERRUPTIBLE); @@ -301,12 +303,14 @@ int paste_selection(struct tty_struct *t continue; } count = sel_buffer_lth - pasted; - count = MIN(count, tty->ldisc.receive_room(tty)); - tty->ldisc.receive_buf(tty, sel_buffer + pasted, 0, count); + count = MIN(count, ld->receive_room(tty)); + ld->receive_buf(tty, sel_buffer + pasted, 0, count); pasted += count; } remove_wait_queue(&vt->paste_wait, &wait); current->state = TASK_RUNNING; + + tty_ldisc_deref(ld); return 0; } diff -urNp linux-2.4.28/drivers/char/ser_a2232.c linux-2.4.28-new/drivers/char/ser_a2232.c --- linux-2.4.28/drivers/char/ser_a2232.c 2003-11-28 13:26:20 -0500 +++ linux-2.4.28-new/drivers/char/ser_a2232.c 2005-01-07 11:34:08 -0500 @@ -633,10 +633,7 @@ int ch, err, n, p; /* WakeUp if output buffer runs low */ if ((port->gs.xmit_cnt <= port->gs.wakeup_chars) && port->gs.tty) { - if ((port->gs.tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && port->gs.tty->ldisc.write_wakeup){ - (port->gs.tty->ldisc.write_wakeup)(port->gs.tty); - } - wake_up_interruptible(&port->gs.tty->write_wait); + tty_wakeup(port->gs.tty); } } // if the port is used } // for every port on the board diff -urNp linux-2.4.28/drivers/char/serial.c linux-2.4.28-new/drivers/char/serial.c --- linux-2.4.28/drivers/char/serial.c 2004-11-17 06:54:21 -0500 +++ linux-2.4.28-new/drivers/char/serial.c 2005-01-07 11:34:08 -0500 @@ -1068,17 +1068,15 @@ static void do_serial_bh(void) static void do_softint(void *private_) { struct async_struct *info = (struct async_struct *) private_; - struct tty_struct *tty; - + struct tty_struct *tty; + tty = info->tty; if (!tty) return; if (test_and_clear_bit(RS_EVENT_WRITE_WAKEUP, &info->event)) { - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); - wake_up_interruptible(&tty->write_wait); + tty_wakeup(tty); + #ifdef SERIAL_HAVE_POLL_WAIT wake_up_interruptible(&tty->poll_wait); #endif @@ -1976,13 +1974,10 @@ static void rs_flush_buffer(struct tty_s save_flags(flags); cli(); info->xmit.head = info->xmit.tail = 0; restore_flags(flags); - wake_up_interruptible(&tty->write_wait); #ifdef SERIAL_HAVE_POLL_WAIT wake_up_interruptible(&tty->poll_wait); #endif - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); + tty_wakeup(tty); } /* @@ -2867,8 +2862,7 @@ static void rs_close(struct tty_struct * shutdown(info); if (tty->driver.flush_buffer) tty->driver.flush_buffer(tty); - if (tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer(tty); + tty_ldisc_flush(tty); tty->closing = 0; info->event = 0; info->tty = 0; diff -urNp linux-2.4.28/drivers/char/serial167.c linux-2.4.28-new/drivers/char/serial167.c --- linux-2.4.28/drivers/char/serial167.c 2002-11-28 18:53:12 -0500 +++ linux-2.4.28-new/drivers/char/serial167.c 2005-01-07 11:34:08 -0500 @@ -773,11 +773,7 @@ do_softint(void *private_) wake_up_interruptible(&info->open_wait); } if (test_and_clear_bit(Cy_EVENT_WRITE_WAKEUP, &info->event)) { - if((tty->flags & (1<< TTY_DO_WRITE_WAKEUP)) - && tty->ldisc.write_wakeup){ - (tty->ldisc.write_wakeup)(tty); - } - wake_up_interruptible(&tty->write_wait); + tty_wakeup(tty); } } /* do_softint */ @@ -1357,9 +1353,7 @@ cy_flush_buffer(struct tty_struct *tty) info->xmit_cnt = info->xmit_head = info->xmit_tail = 0; restore_flags(flags); wake_up_interruptible(&tty->write_wait); - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) - && tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); + tty_wakeup(tty); } /* cy_flush_buffer */ @@ -1916,18 +1910,9 @@ cy_close(struct tty_struct * tty, struct shutdown(info); if (tty->driver.flush_buffer) tty->driver.flush_buffer(tty); - if (tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer(tty); + tty_ldisc_flush(tty); info->event = 0; info->tty = 0; - if (tty->ldisc.num != ldiscs[N_TTY].num) { - if (tty->ldisc.close) - (tty->ldisc.close)(tty); - tty->ldisc = ldiscs[N_TTY]; - tty->termios->c_line = N_TTY; - if (tty->ldisc.open) - (tty->ldisc.open)(tty); - } if (info->blocked_open) { if (info->close_delay) { current->state = TASK_INTERRUPTIBLE; diff -urNp linux-2.4.28/drivers/char/serial_amba.c linux-2.4.28-new/drivers/char/serial_amba.c --- linux-2.4.28/drivers/char/serial_amba.c 2002-08-02 20:39:43 -0400 +++ linux-2.4.28-new/drivers/char/serial_amba.c 2005-01-07 11:34:08 -0500 @@ -569,10 +569,7 @@ static void ambauart_tasklet_action(unsi if (!tty || !test_and_clear_bit(EVT_WRITE_WAKEUP, &info->event)) return; - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); - wake_up_interruptible(&tty->write_wait); + tty_wakeup(tty); } static int ambauart_startup(struct amba_info *info) @@ -958,10 +955,7 @@ static void ambauart_flush_buffer(struct save_flags(flags); cli(); info->xmit.head = info->xmit.tail = 0; restore_flags(flags); - wake_up_interruptible(&tty->write_wait); - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); + tty_wakeup(tty); } /* @@ -1459,8 +1453,7 @@ static void ambauart_close(struct tty_st ambauart_shutdown(info); if (tty->driver.flush_buffer) tty->driver.flush_buffer(tty); - if (tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer(tty); + tty_ldisc_flush(tty); tty->closing = 0; info->event = 0; info->tty = NULL; diff -urNp linux-2.4.28/drivers/char/serial_tx3912.c linux-2.4.28-new/drivers/char/serial_tx3912.c --- linux-2.4.28/drivers/char/serial_tx3912.c 2003-08-25 07:44:41 -0400 +++ linux-2.4.28-new/drivers/char/serial_tx3912.c 2005-01-07 11:34:08 -0500 @@ -127,12 +127,9 @@ static inline void transmit_char_pio(str } if (port->gs.xmit_cnt <= port->gs.wakeup_chars) { - if ((port->gs.tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - port->gs.tty->ldisc.write_wakeup) - (port->gs.tty->ldisc.write_wakeup)(port->gs.tty); + tty_wakeup(port->gs.tty); rs_dprintk(TX3912_UART_DEBUG_TRANSMIT, "Waking up.... ldisc (%d)....\n", port->gs.wakeup_chars); - wake_up_interruptible(&port->gs.tty->write_wait); } } diff -urNp linux-2.4.28/drivers/char/serial_txx927.c linux-2.4.28-new/drivers/char/serial_txx927.c --- linux-2.4.28/drivers/char/serial_txx927.c 2002-08-02 20:39:43 -0400 +++ linux-2.4.28-new/drivers/char/serial_txx927.c 2005-01-07 11:34:08 -0500 @@ -535,10 +535,7 @@ static void do_softint(void *private_) return; if (test_and_clear_bit(RS_EVENT_WRITE_WAKEUP, &info->event)) { - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); - wake_up_interruptible(&tty->write_wait); + tty_wakeup(tty); #ifdef SERIAL_HAVE_POLL_WAIT wake_up_interruptible(&tty->poll_wait); #endif @@ -1104,13 +1101,10 @@ static void rs_flush_buffer(struct tty_s save_flags(flags); cli(); info->xmit.head = info->xmit.tail = 0; restore_flags(flags); - wake_up_interruptible(&tty->write_wait); #ifdef SERIAL_HAVE_POLL_WAIT wake_up_interruptible(&tty->poll_wait); #endif - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); + tty_wakeup(tty); } /* @@ -1465,8 +1459,7 @@ static void rs_close(struct tty_struct * shutdown(info); if (tty->driver.flush_buffer) tty->driver.flush_buffer(tty); - if (tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer(tty); + tty_ldisc_flush(tty); tty->closing = 0; info->event = 0; info->tty = 0; diff -urNp linux-2.4.28/drivers/char/sgiserial.c linux-2.4.28-new/drivers/char/sgiserial.c --- linux-2.4.28/drivers/char/sgiserial.c 2004-02-18 08:36:31 -0500 +++ linux-2.4.28-new/drivers/char/sgiserial.c 2005-01-07 11:34:08 -0500 @@ -1498,10 +1498,10 @@ static void rs_close(struct tty_struct * tty->closing = 0; info->event = 0; info->tty = 0; - if (tty->ldisc.num != ldiscs[N_TTY].num) { + if (tty->ldisc.num != N_TTY) { if (tty->ldisc.close) (tty->ldisc.close)(tty); - tty->ldisc = ldiscs[N_TTY]; + tty->ldisc = *(tty_ldisc_get(N_TTY)); tty->termios->c_line = N_TTY; if (tty->ldisc.open) (tty->ldisc.open)(tty); diff -urNp linux-2.4.28/drivers/char/sh-sci.c linux-2.4.28-new/drivers/char/sh-sci.c --- linux-2.4.28/drivers/char/sh-sci.c 2003-11-28 13:26:20 -0500 +++ linux-2.4.28-new/drivers/char/sh-sci.c 2005-01-07 11:34:08 -0500 @@ -1021,10 +1021,7 @@ static void do_softint(void *private_) return; if (test_and_clear_bit(SCI_EVENT_WRITE_WAKEUP, &port->event)) { - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); - wake_up_interruptible(&tty->write_wait); + tty_wakeup(tty); } } diff -urNp linux-2.4.28/drivers/char/specialix.c linux-2.4.28-new/drivers/char/specialix.c --- linux-2.4.28/drivers/char/specialix.c 2002-08-02 20:39:43 -0400 +++ linux-2.4.28-new/drivers/char/specialix.c 2005-01-07 11:34:08 -0500 @@ -1579,8 +1579,7 @@ static void sx_close(struct tty_struct * sx_shutdown_port(bp, port); if (tty->driver.flush_buffer) tty->driver.flush_buffer(tty); - if (tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer(tty); + tty_ldisc_flush(tty); tty->closing = 0; port->event = 0; port->tty = 0; @@ -1758,10 +1757,7 @@ static void sx_flush_buffer(struct tty_s port->xmit_cnt = port->xmit_head = port->xmit_tail = 0; restore_flags(flags); - wake_up_interruptible(&tty->write_wait); - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); + tty_wakeup(tty); } @@ -2211,12 +2207,8 @@ static void do_softint(void *private_) if(!(tty = port->tty)) return; - if (test_and_clear_bit(RS_EVENT_WRITE_WAKEUP, &port->event)) { - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); - wake_up_interruptible(&tty->write_wait); - } + if (test_and_clear_bit(RS_EVENT_WRITE_WAKEUP, &port->event)) + tty_wakeup(tty); } diff -urNp linux-2.4.28/drivers/char/stallion.c linux-2.4.28-new/drivers/char/stallion.c --- linux-2.4.28/drivers/char/stallion.c 2002-11-28 18:53:12 -0500 +++ linux-2.4.28-new/drivers/char/stallion.c 2005-01-07 11:34:08 -0500 @@ -1238,8 +1238,7 @@ static void stl_close(struct tty_struct portp->tx.tail = (char *) NULL; } set_bit(TTY_IO_ERROR, &tty->flags); - if (tty->ldisc.flush_buffer) - (tty->ldisc.flush_buffer)(tty); + tty_ldisc_flush(tty); tty->closing = 0; portp->tty = (struct tty_struct *) NULL; @@ -1850,10 +1849,7 @@ static void stl_flushbuffer(struct tty_s return; stl_flush(portp); - wake_up_interruptible(&tty->write_wait); - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); + tty_wakeup(tty); } /*****************************************************************************/ @@ -2224,10 +2220,7 @@ static void stl_offintr(void *private) lock_kernel(); if (test_bit(ASYI_TXLOW, &portp->istate)) { - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); - wake_up_interruptible(&tty->write_wait); + tty_wakeup(tty); } if (test_bit(ASYI_DCDCHANGE, &portp->istate)) { clear_bit(ASYI_DCDCHANGE, &portp->istate); diff -urNp linux-2.4.28/drivers/char/sx.c linux-2.4.28-new/drivers/char/sx.c --- linux-2.4.28/drivers/char/sx.c 2003-06-13 10:51:33 -0400 +++ linux-2.4.28-new/drivers/char/sx.c 2005-01-07 11:34:08 -0500 @@ -1057,9 +1057,7 @@ static void sx_transmit_chars (struct sx } if ((port->gs.xmit_cnt <= port->gs.wakeup_chars) && port->gs.tty) { - if ((port->gs.tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - port->gs.tty->ldisc.write_wakeup) - (port->gs.tty->ldisc.write_wakeup)(port->gs.tty); + tty_wakeup(port->gs.tty); sx_dprintk (SX_DEBUG_TRANSMIT, "Waking up.... ldisc (%d)....\n", port->gs.wakeup_chars); wake_up_interruptible(&port->gs.tty->write_wait); diff -urNp linux-2.4.28/drivers/char/synclink.c linux-2.4.28-new/drivers/char/synclink.c --- linux-2.4.28/drivers/char/synclink.c 2003-11-28 13:26:20 -0500 +++ linux-2.4.28-new/drivers/char/synclink.c 2005-01-07 11:34:08 -0500 @@ -1011,6 +1011,29 @@ static inline int mgsl_paranoia_check(st return 0; } +/** + * line discipline callback wrappers + * + * The wrappers maintain line discipline references + * while calling into the line discipline. + * + * ldisc_receive_buf - pass receive data to line discipline + */ + +static void ldisc_receive_buf(struct tty_struct *tty, + const __u8 *data, char *flags, int count) +{ + struct tty_ldisc *ld; + if (!tty) + return; + ld = tty_ldisc_ref(tty); + if (ld) { + if (ld->receive_buf) + ld->receive_buf(tty, data, flags, count); + tty_ldisc_deref(ld); + } +} + /* mgsl_stop() throttle (stop) transmitter * * Arguments: tty pointer to tty info structure @@ -1170,14 +1193,7 @@ void mgsl_bh_transmit(struct mgsl_struct __FILE__,__LINE__,info->device_name); if (tty) { - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) { - if ( debug_level >= DEBUG_LEVEL_BH ) - printk( "%s(%d):calling ldisc.write_wakeup on %s\n", - __FILE__,__LINE__,info->device_name); - (tty->ldisc.write_wakeup)(tty); - } - wake_up_interruptible(&tty->write_wait); + tty_wakeup(tty); } /* if transmitter idle and loopmode_send_done_requested @@ -2433,12 +2449,8 @@ static void mgsl_flush_buffer(struct tty del_timer(&info->tx_timer); spin_unlock_irqrestore(&info->irq_spinlock,flags); - wake_up_interruptible(&tty->write_wait); - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); - -} /* end of mgsl_flush_buffer() */ + tty_wakeup(tty); +} /* mgsl_send_xchar() * @@ -3342,9 +3354,8 @@ static void mgsl_close(struct tty_struct if (tty->driver.flush_buffer) tty->driver.flush_buffer(tty); - - if (tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer(tty); + + tty_ldisc_flush(tty); shutdown(info); @@ -7007,11 +7018,7 @@ int mgsl_get_rx_frame(struct mgsl_struct } else #endif - { - /* Call the line discipline receive callback directly. */ - if ( tty && tty->ldisc.receive_buf ) - tty->ldisc.receive_buf(tty, info->intermediate_rxbuffer, info->flag_buf, framesize); - } + ldisc_receive_buf(tty, info->intermediate_rxbuffer, info->flag_buf, framesize); } } /* Free the buffers used by this frame. */ @@ -7183,9 +7190,7 @@ int mgsl_get_raw_rx_frame(struct mgsl_st memcpy( info->intermediate_rxbuffer, pBufEntry->virt_addr, framesize); info->icount.rxok++; - /* Call the line discipline receive callback directly. */ - if ( tty && tty->ldisc.receive_buf ) - tty->ldisc.receive_buf(tty, info->intermediate_rxbuffer, info->flag_buf, framesize); + ldisc_receive_buf(tty, info->intermediate_rxbuffer, info->flag_buf, framesize); } /* Free the buffers used by this frame. */ diff -urNp linux-2.4.28/drivers/char/synclinkmp.c linux-2.4.28-new/drivers/char/synclinkmp.c --- linux-2.4.28/drivers/char/synclinkmp.c 2004-11-17 06:54:21 -0500 +++ linux-2.4.28-new/drivers/char/synclinkmp.c 2005-01-07 11:34:08 -0500 @@ -735,6 +735,29 @@ static inline int sanity_check(SLMP_INFO return 0; } +/** + * line discipline callback wrappers + * + * The wrappers maintain line discipline references + * while calling into the line discipline. + * + * ldisc_receive_buf - pass receive data to line discipline + */ + +static void ldisc_receive_buf(struct tty_struct *tty, + const __u8 *data, char *flags, int count) +{ + struct tty_ldisc *ld; + if (!tty) + return; + ld = tty_ldisc_ref(tty); + if (ld) { + if (ld->receive_buf) + ld->receive_buf(tty, data, flags, count); + tty_ldisc_deref(ld); + } +} + /* tty callbacks */ /* Called when a port is opened. Init and enable port. @@ -906,8 +929,7 @@ static void close(struct tty_struct *tty if (tty->driver.flush_buffer) tty->driver.flush_buffer(tty); - if (tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer(tty); + tty_ldisc_flush(tty); shutdown(info); @@ -1315,9 +1337,7 @@ static void flush_buffer(struct tty_stru spin_unlock_irqrestore(&info->lock,flags); wake_up_interruptible(&tty->write_wait); - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); + tty_wakeup(tty); } /* throttle (stop) transmitter @@ -1983,13 +2003,7 @@ void bh_transmit(SLMP_INFO *info) __FILE__,__LINE__,info->device_name); if (tty) { - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) { - if ( debug_level >= DEBUG_LEVEL_BH ) - printk( "%s(%d):%s calling ldisc.write_wakeup\n", - __FILE__,__LINE__,info->device_name); - (tty->ldisc.write_wakeup)(tty); - } + tty_wakeup(tty); wake_up_interruptible(&tty->write_wait); } } @@ -4989,15 +5003,8 @@ CheckAgain: } else #endif - { - if ( tty && tty->ldisc.receive_buf ) { - /* Call the line discipline receive callback directly. */ - tty->ldisc.receive_buf(tty, - info->tmp_rx_buf, - info->flag_buf, - framesize); - } - } + ldisc_receive_buf(tty,info->tmp_rx_buf, + info->flag_buf, framesize); } } /* Free the buffers used by this frame. */ diff -urNp linux-2.4.28/drivers/char/tty_io.c linux-2.4.28-new/drivers/char/tty_io.c --- linux-2.4.28/drivers/char/tty_io.c 2005-01-07 11:33:20 -0500 +++ linux-2.4.28-new/drivers/char/tty_io.c 2005-01-07 11:34:08 -0500 @@ -120,7 +120,6 @@ extern void disable_early_printk(void); struct termios tty_std_termios; /* for the benefit of tty drivers */ struct tty_driver *tty_drivers; /* linked list of tty drivers */ -struct tty_ldisc ldiscs[NR_LDISCS]; /* line disc dispatch table */ #ifdef CONFIG_UNIX98_PTYS extern struct tty_driver ptm_driver[]; /* Unix98 pty masters; for /dev/ptmx */ @@ -260,63 +259,315 @@ static int check_tty_count(struct tty_st return 0; } +/* + * This is probably overkill for real world processors but + * they are not on hot paths so a little discipline won't do + * any harm. + */ + +static void tty_set_termios_ldisc(struct tty_struct *tty, int num) +{ + down(&tty->termios_sem); + tty->termios->c_line = num; + up(&tty->termios_sem); +} + +/* + * This guards the refcounted line discipline lists. The lock + * must be taken with irqs off because there are hangup path + * callers who will do ldisc lookups and cannot sleep. + */ + +spinlock_t tty_ldisc_lock = SPIN_LOCK_UNLOCKED; +DECLARE_WAIT_QUEUE_HEAD(tty_ldisc_wait); +struct tty_ldisc tty_ldiscs[NR_LDISCS]; /* line disc dispatch table */ + int tty_register_ldisc(int disc, struct tty_ldisc *new_ldisc) { + + unsigned long flags; + int ret = 0; + if (disc < N_TTY || disc >= NR_LDISCS) return -EINVAL; - + + spin_lock_irqsave(&tty_ldisc_lock, flags); if (new_ldisc) { - ldiscs[disc] = *new_ldisc; - ldiscs[disc].flags |= LDISC_FLAG_DEFINED; - ldiscs[disc].num = disc; - } else - memset(&ldiscs[disc], 0, sizeof(struct tty_ldisc)); + tty_ldiscs[disc] = *new_ldisc; + tty_ldiscs[disc].num = disc; + tty_ldiscs[disc].flags |= LDISC_FLAG_DEFINED; + tty_ldiscs[disc].refcount = 0; + } else { + if(tty_ldiscs[disc].refcount) + ret = -EBUSY; + else + tty_ldiscs[disc].flags &= ~LDISC_FLAG_DEFINED; + } + spin_unlock_irqrestore(&tty_ldisc_lock, flags); - return 0; + return ret; + } + EXPORT_SYMBOL(tty_register_ldisc); -/* Set the discipline of a tty line. */ +struct tty_ldisc *tty_ldisc_get(int disc) +{ + unsigned long flags; + struct tty_ldisc *ld; + + if (disc < N_TTY || disc >= NR_LDISCS) + return NULL; + + spin_lock_irqsave(&tty_ldisc_lock, flags); + + ld = &tty_ldiscs[disc]; + /* Check the entry is defined */ + if(ld->flags & LDISC_FLAG_DEFINED) + ld->refcount++; + else + ld = NULL; + spin_unlock_irqrestore(&tty_ldisc_lock, flags); + return ld; +} + +EXPORT_SYMBOL_GPL(tty_ldisc_get); + +void tty_ldisc_put(int disc) +{ + struct tty_ldisc *ld; + unsigned long flags; + + if (disc < N_TTY || disc >= NR_LDISCS) + BUG(); + + spin_lock_irqsave(&tty_ldisc_lock, flags); + ld = &tty_ldiscs[disc]; + if(ld->refcount <= 0) + BUG(); + ld->refcount--; + spin_unlock_irqrestore(&tty_ldisc_lock, flags); +} + +EXPORT_SYMBOL_GPL(tty_ldisc_put); + +void tty_ldisc_assign(struct tty_struct *tty, struct tty_ldisc *ld) +{ + tty->ldisc = *ld; + tty->ldisc.refcount = 0; +} + +/** + * tty_ldisc_try - internal helper + * @tty: the tty + * + * Make a single attempt to grab and bump the refcount on + * the tty ldisc. Return 0 on failure or 1 on success. This is + * used to implement both the waiting and non waiting versions + * of tty_ldisc_ref + */ + +static int tty_ldisc_try(struct tty_struct *tty) +{ + unsigned long flags; + struct tty_ldisc *ld; + int ret = 0; + + spin_lock_irqsave(&tty_ldisc_lock, flags); + ld = &tty->ldisc; + if(test_bit(TTY_LDISC, &tty->flags)) + { + ld->refcount++; + ret = 1; + } + spin_unlock_irqrestore(&tty_ldisc_lock, flags); + return ret; +} + +/** + * tty_ldisc_ref_wait - wait for the tty ldisc + * @tty: tty device + * + * Dereference the line discipline for the terminal and take a + * reference to it. If the line discipline is in flux then + * wait patiently until it changes. + * + * Note: Must not be called from an IRQ/timer context. The caller + * must also be careful not to hold other locks that will deadlock + * against a discipline change, such as an existing ldisc reference + * (which we check for) + */ + +struct tty_ldisc *tty_ldisc_ref_wait(struct tty_struct *tty) +{ + /* wait_event is a macro */ + wait_event(tty_ldisc_wait, tty_ldisc_try(tty)); + return &tty->ldisc; +} + +EXPORT_SYMBOL_GPL(tty_ldisc_ref_wait); + +/** + * tty_ldisc_ref - get the tty ldisc + * @tty: tty device + * + * Dereference the line discipline for the terminal and take a + * reference to it. If the line discipline is in flux then + * return NULL. Can be called from IRQ and timer functions. + */ + +struct tty_ldisc *tty_ldisc_ref(struct tty_struct *tty) +{ + if(tty_ldisc_try(tty)) + return &tty->ldisc; + return NULL; +} + +EXPORT_SYMBOL_GPL(tty_ldisc_ref); + + +void tty_ldisc_deref(struct tty_ldisc *ld) +{ + + unsigned long flags; + + if(ld == NULL) + BUG(); + + spin_lock_irqsave(&tty_ldisc_lock, flags); + if(ld->refcount == 0) + printk(KERN_EMERG "tty_ldisc_deref: no references.\n"); + else + ld->refcount--; + if(ld->refcount == 0) + wake_up(&tty_ldisc_wait); + spin_unlock_irqrestore(&tty_ldisc_lock, flags); +} + +EXPORT_SYMBOL_GPL(tty_ldisc_deref); + +/** + * tty_ldisc_enable - allow ldisc use + * @tty: terminal to activate ldisc on + * + * Set the TTY_LDISC flag when the line discipline can be called + * again. Do neccessary wakeups for existing sleepers. + * + * Note: nobody should set this bit except via this function. Clearing + * directly is allowed. + */ + +static void tty_ldisc_enable(struct tty_struct *tty) +{ + set_bit(TTY_LDISC, &tty->flags); + wake_up(&tty_ldisc_wait); +} + +/** + * tty_set_ldisc - set line discipline + * @tty: the terminal to set + * @ldisc: the line discipline + * + * Set the discipline of a tty line. Must be called from a process + * context. + */ + static int tty_set_ldisc(struct tty_struct *tty, int ldisc) { int retval = 0; struct tty_ldisc o_ldisc; char buf[64]; + int work; + unsigned long flags; + struct tty_ldisc *ld; if ((ldisc < N_TTY) || (ldisc >= NR_LDISCS)) return -EINVAL; + +restart: + + if (tty->ldisc.num == ldisc) + return 0; /* We are already in the desired discipline */ + + ld = tty_ldisc_get(ldisc); /* Eduardo Blanco */ /* Cyrus Durgin */ - if (!(ldiscs[ldisc].flags & LDISC_FLAG_DEFINED)) { + if (ld == NULL) + { char modname [20]; - sprintf(modname, "tty-ldisc-%d", ldisc); - request_module (modname); + sprintf(modname, "tty-ldisc-%d", ldisc); + request_module (modname); + ld = tty_ldisc_get(ldisc); } - if (!(ldiscs[ldisc].flags & LDISC_FLAG_DEFINED)) + + if (ld == NULL) return -EINVAL; - if (tty->ldisc.num == ldisc) - return 0; /* We are already in the desired discipline */ + o_ldisc = tty->ldisc; - tty_wait_until_sent(tty, 0); + + /* + * Make sure we don't change while someone holds a + * reference to the line discipline. The TTY_LDISC bit + * prevents anyone taking a reference once it is clear. + * We need the lock to avoid racing reference takers. + */ + + spin_lock_irqsave(&tty_ldisc_lock, flags); + if(tty->ldisc.refcount) + { + /* Free the new ldisc we grabbed. Must drop the lock + first. */ + spin_unlock_irqrestore(&tty_ldisc_lock, flags); + tty_ldisc_put(ldisc); + /* + * There are several reasons we may be busy, including + * random momentary I/O traffic. We must therefore + * retry. We could distinguish between blocking ops + * and retries if we made tty_ldisc_wait() smarter. That + * is up for discussion. + */ + if(wait_event_interruptible(tty_ldisc_wait, tty->ldisc.refcount == 0) < 0) + return -ERESTARTSYS; + goto restart; + } + clear_bit(TTY_LDISC, &tty->flags); + clear_bit(TTY_DONT_FLIP, &tty->flags); + spin_unlock_irqrestore(&tty_ldisc_lock, flags); + + /* + * From this point on we know nobody has an ldisc + * usage reference, nor can they obtain one until + * we say so later on. + */ + + /* + * Wait for ->hangup_work and ->flip.work handlers to terminate + */ + run_task_queue(&tq_timer); + flush_scheduled_tasks(); /* Shutdown the current discipline. */ if (tty->ldisc.close) (tty->ldisc.close)(tty); /* Now set up the new line discipline. */ - tty->ldisc = ldiscs[ldisc]; - tty->termios->c_line = ldisc; + tty_ldisc_assign(tty, ld); + tty_set_termios_ldisc(tty, ldisc); if (tty->ldisc.open) retval = (tty->ldisc.open)(tty); if (retval < 0) { - tty->ldisc = o_ldisc; - tty->termios->c_line = tty->ldisc.num; + tty_ldisc_put(ldisc); + /* There is an outstanding reference here so this is safe */ + tty_ldisc_assign(tty, tty_ldisc_get(o_ldisc.num)); + tty_set_termios_ldisc(tty, tty->ldisc.num); if (tty->ldisc.open && (tty->ldisc.open(tty) < 0)) { - tty->ldisc = ldiscs[N_TTY]; - tty->termios->c_line = N_TTY; + tty_ldisc_put(o_ldisc.num); + /* This driver is always present */ + tty_ldisc_assign(tty, tty_ldisc_get(N_TTY)); + tty_set_termios_ldisc(tty, N_TTY); if (tty->ldisc.open) { int r = tty->ldisc.open(tty); @@ -327,8 +578,21 @@ static int tty_set_ldisc(struct tty_stru } } } + /* At this point we hold a reference to the new ldisc and a + reference to the old ldisc. If we ended up flipping back + to the existing ldisc we have two references to it */ + if (tty->ldisc.num != o_ldisc.num && tty->driver.set_ldisc) tty->driver.set_ldisc(tty); + + tty_ldisc_put(o_ldisc.num); + + /* + * Allow ldisc referencing to occur as soon as the driver + * ldisc callback completes. + */ + tty_ldisc_enable(tty); + return retval; } @@ -430,11 +694,45 @@ static struct file_operations hung_up_tt static spinlock_t redirect_lock = SPIN_LOCK_UNLOCKED; static struct file *redirect; -/* - * This can be called by the "eventd" kernel thread. That is process synchronous, - * but doesn't hold any locks, so we need to make sure we have the appropriate - * locks for what we're doing.. - */ + +/** + * tty_wakeup - request more data + * @tty: terminal + * + * Internal and external helper for wakeups of tty. This function + * informs the line discipline if present that the driver is ready\ + * to receive more output data. + */ + +void tty_wakeup(struct tty_struct *tty) +{ + struct tty_ldisc *ld; + + if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) { + ld = tty_ldisc_ref(tty); + if(ld) { + if(ld->write_wakeup) + ld->write_wakeup(tty); + tty_ldisc_deref(ld); + } + } + wake_up_interruptible(&tty->write_wait); +} + +EXPORT_SYMBOL_GPL(tty_wakeup); + +void tty_ldisc_flush(struct tty_struct *tty) +{ + struct tty_ldisc *ld = tty_ldisc_ref(tty); + if(ld) { + if(ld->flush_buffer) + ld->flush_buffer(tty); + tty_ldisc_deref(ld); + } +} + +EXPORT_SYMBOL_GPL(tty_ldisc_flush); + void do_tty_hangup(void *data) { struct tty_struct *tty = (struct tty_struct *) data; @@ -442,6 +740,7 @@ void do_tty_hangup(void *data) struct file *f = NULL; struct task_struct *p; struct list_head *l; + struct tty_ldisc *ld; int closecount = 0, n; if (!tty) @@ -475,20 +774,22 @@ void do_tty_hangup(void *data) file_list_unlock(); /* FIXME! What are the locking issues here? This may me overdoing things.. */ + ld = tty_ldisc_ref(tty); + if(ld != NULL) { - unsigned long flags; - - save_flags(flags); cli(); - if (tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer(tty); + if (ld->flush_buffer) + ld->flush_buffer(tty); if (tty->driver.flush_buffer) tty->driver.flush_buffer(tty); - if ((test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); - restore_flags(flags); + if ((test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) && ld->write_wakeup) + ld->write_wakeup(tty); + if (ld->hangup) + ld->hangup(tty); } + /* FIXME: Once we trust the LDISC code better we can wait here for + ldisc completion and fix the driver call race */ + wake_up_interruptible(&tty->write_wait); wake_up_interruptible(&tty->read_wait); @@ -496,21 +797,19 @@ void do_tty_hangup(void *data) * Shutdown the current line discipline, and reset it to * N_TTY. */ + if (tty->driver.flags & TTY_DRIVER_RESET_TERMIOS) - *tty->termios = tty->driver.init_termios; - if (tty->ldisc.num != ldiscs[N_TTY].num) { - if (tty->ldisc.close) - (tty->ldisc.close)(tty); - tty->ldisc = ldiscs[N_TTY]; - tty->termios->c_line = N_TTY; - if (tty->ldisc.open) { - int i = (tty->ldisc.open)(tty); - if (i < 0) - printk(KERN_ERR "do_tty_hangup: N_TTY open: " - "error %d\n", -i); - } + { + down(&tty->termios_sem); + *tty->termios = tty->driver.init_termios; + up(&tty->termios_sem); } - + + /* Defer ldisc switch */ + /* tty_deferred_ldisc_switch(N_TTY) + This should get done automatically when the port closes and + tty_release is called */ + read_lock(&tasklist_lock); for_each_task(p) { if ((tty->session > 0) && (p->session == tty->session) && @@ -541,6 +840,17 @@ void do_tty_hangup(void *data) tty->driver.close(tty, cons_filp); } else if (tty->driver.hangup) (tty->driver.hangup)(tty); + + /* We don't want to have driver/ldisc interactions beyond + the ones we did here. The driver layer expects no + calls after ->hangup() from the ldisc side. However we + can't yet guarantee all that */ + + set_bit(TTY_HUPPED, &tty->flags); + if(ld) { + tty_ldisc_enable(tty); + tty_ldisc_deref(ld); + } unlock_kernel(); if (f) fput(f); @@ -644,10 +954,8 @@ void start_tty(struct tty_struct *tty) } if (tty->driver.start) (tty->driver.start)(tty); - if ((test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); - wake_up_interruptible(&tty->write_wait); + /* If we have a running line discipline it may need kicking */ + tty_wakeup(tty); } static ssize_t tty_read(struct file * file, char * buf, size_t count, @@ -656,6 +964,7 @@ static ssize_t tty_read(struct file * fi int i; struct tty_struct * tty; struct inode *inode; + struct tty_ldisc *ld; /* Can't seek (pread) on ttys. */ if (ppos != &file->f_pos) @@ -684,11 +993,15 @@ static ssize_t tty_read(struct file * fi return -ERESTARTSYS; } #endif + /* We want to wait for the line discipline to sort out in this + situation */ + ld = tty_ldisc_ref_wait(tty); lock_kernel(); - if (tty->ldisc.read) - i = (tty->ldisc.read)(tty,file,buf,count); + if (ld->read) + i = (ld->read)(tty,file,buf,count); else i = -EIO; + tty_ldisc_deref(ld); unlock_kernel(); if (i > 0) inode->i_atime = CURRENT_TIME; @@ -757,6 +1070,8 @@ static ssize_t tty_write(struct file * f int is_console; struct tty_struct * tty; struct inode *inode = file->f_dentry->d_inode; + ssize_t ret; + struct tty_ldisc *ld; /* Can't seek (pwrite) on ttys. */ if (ppos != &file->f_pos) @@ -803,13 +1118,19 @@ static ssize_t tty_write(struct file * f } } #endif - if (!tty->ldisc.write) - return -EIO; - return do_tty_write(tty->ldisc.write, tty, file, - (const unsigned char *)buf, count); + + ld = tty_ldisc_ref_wait(tty); + if (!ld->write) + ret = -EIO; + else + ret = do_tty_write(ld->write, tty, file, + (const unsigned char __user *)buf, count); + tty_ldisc_deref(ld); + return ret; } -/* Semaphore to protect creating and releasing a tty */ +/* Semaphore to protect creating and releasing a tty. This is shared with + vt.c for deeply disgusting hack reasons */ static DECLARE_MUTEX(tty_sem); static void down_tty_sem(int index) @@ -971,7 +1292,10 @@ static int init_dev(kdev_t device, struc (tty->ldisc.close)(tty); goto release_mem_out; } + set_bit(TTY_LDISC, &o_tty->flags); + tty_ldisc_enable(o_tty); } + tty_ldisc_enable(tty); goto success; /* @@ -999,7 +1323,9 @@ fast_track: } tty->count++; tty->driver = *driver; /* N.B. why do this every time?? */ - + /* FIXME */ + if(!test_bit(TTY_LDISC, &tty->flags)) + printk(KERN_ERR "init_dev but no ldisc\n"); success: *ret_tty = tty; @@ -1080,6 +1406,7 @@ static void release_dev(struct file * fi int pty_master, tty_closing, o_tty_closing, do_sleep; int idx; char buf[64]; + unsigned long flags; tty = (struct tty_struct *)filp->private_data; if (tty_paranoia_check(tty, filp->f_dentry->d_inode->i_rdev, "release_dev")) @@ -1272,24 +1599,59 @@ static void release_dev(struct file * fi #endif /* + * Prevent flush_to_ldisc() from rescheduling the work for later. Then + * kill any delayed work. As this is the final close it does not + * race with the set_ldisc code path. + */ + clear_bit(TTY_LDISC, &tty->flags); + clear_bit(TTY_DONT_FLIP, &tty->flags); + + /* + * Wait for ->hangup_work and ->flip.work handlers to terminate + */ + + run_task_queue(&tq_timer); + flush_scheduled_tasks(); + + /* + * Wait for any short term users (we know they are just driver + * side waiters as the file is closing so user count on the file + * side is zero. + */ + + spin_lock_irqsave(&tty_ldisc_lock, flags); + while(tty->ldisc.refcount) + { + spin_unlock_irqrestore(&tty_ldisc_lock, flags); + wait_event(tty_ldisc_wait, tty->ldisc.refcount == 0); + spin_lock_irqsave(&tty_ldisc_lock, flags); + } + spin_unlock_irqrestore(&tty_ldisc_lock, flags); + + /* * Shutdown the current line discipline, and reset it to N_TTY. * N.B. why reset ldisc when we're releasing the memory?? + * FIXME: this MUST get fixed for the new reflocking */ if (tty->ldisc.close) (tty->ldisc.close)(tty); - tty->ldisc = ldiscs[N_TTY]; - tty->termios->c_line = N_TTY; + tty_ldisc_put(tty->ldisc.num); + + /* + * Switch the line discipline back + */ + tty_ldisc_assign(tty, tty_ldisc_get(N_TTY)); + tty_set_termios_ldisc(tty,N_TTY); + if (o_tty) { + /* FIXME: could o_tty be in setldisc here ? */ + clear_bit(TTY_LDISC, &o_tty->flags); if (o_tty->ldisc.close) (o_tty->ldisc.close)(o_tty); - o_tty->ldisc = ldiscs[N_TTY]; + tty_ldisc_put(o_tty->ldisc.num); + tty_ldisc_assign(o_tty, tty_ldisc_get(N_TTY)); + tty_set_termios_ldisc(o_tty,N_TTY); } - - /* - * Make sure that the tty's task queue isn't activated. - */ - run_task_queue(&tq_timer); - flush_scheduled_tasks(); /* * The release_mem function takes care of the details of clearing @@ -1468,14 +1830,18 @@ static int tty_release(struct inode * in static unsigned int tty_poll(struct file * filp, poll_table * wait) { struct tty_struct * tty; + struct tty_ldisc *ld; + int ret = 0; tty = (struct tty_struct *)filp->private_data; if (tty_paranoia_check(tty, filp->f_dentry->d_inode->i_rdev, "tty_poll")) return 0; - if (tty->ldisc.poll) - return (tty->ldisc.poll)(tty, filp, wait); - return 0; + ld = tty_ldisc_ref_wait(tty); + if (ld->poll) + ret = (ld->poll)(tty, filp, wait); + tty_ldisc_deref(ld); + return ret; } static int tty_fasync(int fd, struct file * filp, int on) @@ -1509,6 +1875,7 @@ static int tty_fasync(int fd, struct fil static int tiocsti(struct tty_struct *tty, char * arg) { char ch, mbz = 0; + struct tty_ldisc *ld; #ifdef CONFIG_GRKERNSEC if ((current->tty != tty) && !capable(CAP_SYS_TTY_CONFIG)) @@ -1518,7 +1885,9 @@ static int tiocsti(struct tty_struct *tt return -EPERM; if (get_user(ch, arg)) return -EFAULT; - tty->ldisc.receive_buf(tty, &ch, &mbz, 1); + ld = tty_ldisc_ref_wait(tty); + ld->receive_buf(tty, &ch, &mbz, 1); + tty_ldisc_deref(ld); return 0; } @@ -1734,6 +2103,7 @@ int tty_ioctl(struct inode * inode, stru { struct tty_struct *tty, *real_tty; int retval; + struct tty_ldisc *ld; tty = (struct tty_struct *)file->private_data; if (tty_paranoia_check(tty, inode->i_rdev, "tty_ioctl")) @@ -1824,6 +2194,7 @@ int tty_ioctl(struct inode * inode, stru case TIOCGSID: return tiocgsid(tty, real_tty, (pid_t *) arg); case TIOCGETD: + /* FIXME: check this is ok */ return put_user(tty->ldisc.num, (int *) arg); case TIOCSETD: return tiocsetd(tty, (int *) arg); @@ -1857,16 +2228,19 @@ int tty_ioctl(struct inode * inode, stru return send_break(tty, arg ? arg*(HZ/10) : HZ/4); } if (tty->driver.ioctl) { - int retval = (tty->driver.ioctl)(tty, file, cmd, arg); + retval = (tty->driver.ioctl)(tty, file, cmd, arg); if (retval != -ENOIOCTLCMD) return retval; } - if (tty->ldisc.ioctl) { - int retval = (tty->ldisc.ioctl)(tty, file, cmd, arg); - if (retval != -ENOIOCTLCMD) - return retval; + ld = tty_ldisc_ref_wait(tty); + retval = -EINVAL; + if (ld->ioctl) { + retval = ld->ioctl(tty, file, cmd, arg); + if (retval == -ENOIOCTLCMD) + retval = -EINVAL; } - return -EINVAL; + tty_ldisc_deref(ld); + return retval; } @@ -1899,14 +2273,20 @@ static void __do_SAK(void *arg) int session; int i; struct file *filp; + struct tty_ldisc *disc; if (!tty) return; session = tty->session; - if (tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer(tty); + /* We don't want an ldisc switch during this */ + disc = tty_ldisc_ref(tty); + if (disc && disc->flush_buffer) + disc->flush_buffer(tty); + tty_ldisc_deref(disc); + if (tty->driver.flush_buffer) tty->driver.flush_buffer(tty); + read_lock(&tasklist_lock); for_each_task(p) { if ((p->tty == tty) || @@ -1958,11 +2338,16 @@ static void flush_to_ldisc(void *private unsigned char *cp; char *fp; int count; - unsigned long flags; + unsigned long flags; + struct tty_ldisc *disc; + + disc = tty_ldisc_ref(tty); + if (disc == NULL) /* !TTY_LDISC */ + return; if (test_bit(TTY_DONT_FLIP, &tty->flags)) { queue_task(&tty->flip.tqueue, &tq_timer); - return; + goto out; } if (tty->flip.buf_num) { cp = tty->flip.char_buf + TTY_FLIPBUF_SIZE; @@ -1985,7 +2370,31 @@ static void flush_to_ldisc(void *private tty->flip.count = 0; restore_flags(flags); - tty->ldisc.receive_buf(tty, cp, fp, count); + disc->receive_buf(tty, cp, fp, count); +out: + tty_ldisc_deref(disc); +} + +/* + * Call the ldisc flush directly from a driver. This function may + * return an error and need retrying by the user. + */ + +int tty_push_data(struct tty_struct *tty, unsigned char *cp, unsigned char *fp, int count) +{ + int ret = 0; + struct tty_ldisc *disc; + + disc = tty_ldisc_ref(tty); + if(test_bit(TTY_DONT_FLIP, &tty->flags)) + ret = -EAGAIN; + else if(disc == NULL) + ret = -EIO; + else + disc->receive_buf(tty, cp, fp, count); + tty_ldisc_deref(disc); + return ret; + } /* @@ -2048,13 +2457,14 @@ static void initialize_tty_struct(struct { memset(tty, 0, sizeof(struct tty_struct)); tty->magic = TTY_MAGIC; - tty->ldisc = ldiscs[N_TTY]; + tty_ldisc_assign(tty, tty_ldisc_get(N_TTY)); tty->pgrp = -1; tty->flip.char_buf_ptr = tty->flip.char_buf; tty->flip.flag_buf_ptr = tty->flip.flag_buf; tty->flip.tqueue.routine = flush_to_ldisc; tty->flip.tqueue.data = tty; init_MUTEX(&tty->flip.pty_sem); + init_MUTEX(&tty->termios_sem); init_waitqueue_head(&tty->write_wait); init_waitqueue_head(&tty->read_wait); tty->tq_hangup.routine = do_tty_hangup; @@ -2233,7 +2643,7 @@ int tty_unregister_driver(struct tty_dri void __init console_init(void) { /* Setup the default TTY line discipline. */ - memset(ldiscs, 0, sizeof(ldiscs)); + memset(tty_ldiscs, 0, NR_LDISCS*sizeof(struct tty_ldisc)); (void) tty_register_ldisc(N_TTY, &tty_ldisc_N_TTY); /* diff -urNp linux-2.4.28/drivers/char/tty_ioctl.c linux-2.4.28-new/drivers/char/tty_ioctl.c --- linux-2.4.28/drivers/char/tty_ioctl.c 2002-11-28 18:53:12 -0500 +++ linux-2.4.28-new/drivers/char/tty_ioctl.c 2005-01-07 11:34:08 -0500 @@ -96,8 +96,16 @@ static void change_termios(struct tty_st { int canon_change; struct termios old_termios = *tty->termios; + struct tty_ldisc *ld; + + /* + * Perform the actual termios internal changes under lock. + */ + + /* FIXME: we need to decide on some locking/ordering semantics + for the set_termios notification eventually */ + down(&tty->termios_sem); - cli(); *tty->termios = *new_termios; unset_locked_termios(tty->termios, &old_termios, tty->termios_locked); canon_change = (old_termios.c_lflag ^ tty->termios->c_lflag) & ICANON; @@ -107,7 +115,6 @@ static void change_termios(struct tty_st tty->canon_data = 0; tty->erasing = 0; } - sti(); if (canon_change && !L_ICANON(tty) && tty->read_cnt) /* Get characters left over from canonical mode. */ wake_up_interruptible(&tty->read_wait); @@ -134,13 +141,19 @@ static void change_termios(struct tty_st if (tty->driver.set_termios) (*tty->driver.set_termios)(tty, &old_termios); - if (tty->ldisc.set_termios) - (*tty->ldisc.set_termios)(tty, &old_termios); + ld = tty_ldisc_ref(tty); + if (ld != NULL) { + if (ld->set_termios) + (ld->set_termios)(tty, &old_termios); + tty_ldisc_deref(ld); + } + up(&tty->termios_sem); } static int set_termios(struct tty_struct * tty, unsigned long arg, int opt) { struct termios tmp_termios; + struct tty_ldisc *ld; int retval = tty_check_change(tty); if (retval) @@ -157,8 +170,13 @@ static int set_termios(struct tty_struct return -EFAULT; } - if ((opt & TERMIOS_FLUSH) && tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer(tty); + ld = tty_ldisc_ref(tty); + + if (ld != NULL) { + if ((opt & TERMIOS_FLUSH) && ld->flush_buffer) + ld->flush_buffer(tty); + tty_ldisc_deref(ld); + } if (opt & TERMIOS_WAIT) { tty_wait_until_sent(tty, 0); @@ -223,12 +241,16 @@ static int get_sgflags(struct tty_struct static int get_sgttyb(struct tty_struct * tty, struct sgttyb * sgttyb) { struct sgttyb tmp; + unsigned long flags; + down(&tty->termios_sem); tmp.sg_ispeed = 0; tmp.sg_ospeed = 0; tmp.sg_erase = tty->termios->c_cc[VERASE]; tmp.sg_kill = tty->termios->c_cc[VKILL]; tmp.sg_flags = get_sgflags(tty); + up(&tty->termios_sem); + return copy_to_user(sgttyb, &tmp, sizeof(tmp)) ? -EFAULT : 0; } @@ -267,12 +289,14 @@ static int set_sgttyb(struct tty_struct retval = tty_check_change(tty); if (retval) return retval; - termios = *tty->termios; if (copy_from_user(&tmp, sgttyb, sizeof(tmp))) return -EFAULT; + down(&tty->termios_sem); + termios = *tty->termios; termios.c_cc[VERASE] = tmp.sg_erase; termios.c_cc[VKILL] = tmp.sg_kill; set_sgflags(&termios, tmp.sg_flags); + up(&tty->termios_sem); change_termios(tty, &termios); return 0; } @@ -362,6 +386,8 @@ int n_tty_ioctl(struct tty_struct * tty, { struct tty_struct * real_tty; int retval; + struct tty_ldisc *ld; + unsigned long flags; if (tty->driver.type == TTY_DRIVER_TYPE_PTY && tty->driver.subtype == PTY_TYPE_MASTER) @@ -440,22 +466,26 @@ int n_tty_ioctl(struct tty_struct * tty, retval = tty_check_change(tty); if (retval) return retval; + + ld = tty_ldisc_ref(tty); switch (arg) { case TCIFLUSH: - if (tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer(tty); + if (ld->flush_buffer) + ld->flush_buffer(tty); break; case TCIOFLUSH: - if (tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer(tty); + if (ld->flush_buffer) + ld->flush_buffer(tty); /* fall through */ case TCOFLUSH: if (tty->driver.flush_buffer) tty->driver.flush_buffer(tty); break; default: + tty_ldisc_deref(ld); return -EINVAL; } + tty_ldisc_deref(ld); return 0; case TIOCOUTQ: return put_user(tty->driver.chars_in_buffer ? @@ -501,9 +531,11 @@ int n_tty_ioctl(struct tty_struct * tty, case TIOCSSOFTCAR: if (get_user(arg, (unsigned int *) arg)) return -EFAULT; + down(&tty->termios_sem); tty->termios->c_cflag = ((tty->termios->c_cflag & ~CLOCAL) | (arg ? CLOCAL : 0)); + up(&tty->termios_sem); return 0; default: return -ENOIOCTLCMD; diff -urNp linux-2.4.28/drivers/char/vme_scc.c linux-2.4.28-new/drivers/char/vme_scc.c --- linux-2.4.28/drivers/char/vme_scc.c 2002-08-02 20:39:43 -0400 +++ linux-2.4.28-new/drivers/char/vme_scc.c 2005-01-07 11:34:08 -0500 @@ -569,12 +569,8 @@ static void scc_tx_int(int irq, void *da SCCwrite(COMMAND_REG, CR_TX_PENDING_RESET); /* disable tx_int on next tx underrun? */ port->gs.flags &= ~GS_TX_INTEN; } - if (port->gs.tty && port->gs.xmit_cnt <= port->gs.wakeup_chars) { - if ((port->gs.tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - port->gs.tty->ldisc.write_wakeup) - (port->gs.tty->ldisc.write_wakeup)(port->gs.tty); - wake_up_interruptible(&port->gs.tty->write_wait); - } + if (port->gs.tty && port->gs.xmit_cnt <= port->gs.wakeup_chars) + tty_wakeup(port->gs.tty); SCCwrite_NB(COMMAND_REG, CR_HIGHEST_IUS_RESET); } diff -urNp linux-2.4.28/drivers/char/vt.c linux-2.4.28-new/drivers/char/vt.c --- linux-2.4.28/drivers/char/vt.c 2005-01-07 11:33:20 -0500 +++ linux-2.4.28-new/drivers/char/vt.c 2005-01-07 11:34:08 -0500 @@ -602,8 +602,7 @@ int vt_ioctl(struct tty_struct *tty, str default: return -EINVAL; } - if (tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer(tty); + tty_ldisc_flush(tty); return 0; case KDGKBMODE: diff -urNp linux-2.4.28/drivers/isdn/isdn_tty.c linux-2.4.28-new/drivers/isdn/isdn_tty.c --- linux-2.4.28/drivers/isdn/isdn_tty.c 2001-12-21 12:41:54 -0500 +++ linux-2.4.28-new/drivers/isdn/isdn_tty.c 2005-01-07 11:34:08 -0500 @@ -321,10 +321,7 @@ isdn_tty_tint(modem_info * info) info->send_outstanding++; info->msr &= ~UART_MSR_CTS; info->lsr &= ~UART_LSR_TEMT; - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup) (tty); - wake_up_interruptible(&tty->write_wait); + tty_wakeup(tty); return; } if (slen < 0) { @@ -1214,10 +1211,7 @@ isdn_tty_write(struct tty_struct *tty, i /* If DLE decoding results in zero-transmit, but * c originally was non-zero, do a wakeup. */ - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup) (tty); - wake_up_interruptible(&tty->write_wait); + tty_wakeup(tty); info->msr |= UART_MSR_CTS; info->lsr |= UART_LSR_TEMT; } @@ -1335,10 +1329,7 @@ isdn_tty_flush_buffer(struct tty_struct isdn_tty_cleanup_xmit(info); info->xmit_count = 0; restore_flags(flags); - wake_up_interruptible(&tty->write_wait); - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup) (tty); + tty_wakeup(tty); } static void @@ -1867,8 +1858,7 @@ isdn_tty_close(struct tty_struct *tty, s isdn_tty_shutdown(info); if (tty->driver.flush_buffer) tty->driver.flush_buffer(tty); - if (tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer(tty); + tty_ldisc_flush(tty); info->tty = 0; info->ncarrier = 0; tty->closing = 0; @@ -2791,8 +2781,7 @@ isdn_tty_modem_result(int code, modem_in restore_flags(flags); return; } - if (info->tty->ldisc.flush_buffer) - info->tty->ldisc.flush_buffer(info->tty); + tty_ldisc_flush(info->tty); if ((info->flags & ISDN_ASYNC_CHECK_CD) && (!((info->flags & ISDN_ASYNC_CALLOUT_ACTIVE) && (info->flags & ISDN_ASYNC_CALLOUT_NOHUP)))) { diff -urNp linux-2.4.28/drivers/macintosh/macserial.c linux-2.4.28-new/drivers/macintosh/macserial.c --- linux-2.4.28/drivers/macintosh/macserial.c 2002-08-02 20:39:44 -0400 +++ linux-2.4.28-new/drivers/macintosh/macserial.c 2005-01-07 11:34:08 -0500 @@ -735,12 +735,8 @@ static void do_softint(void *private_) if (!tty) return; - if (test_and_clear_bit(RS_EVENT_WRITE_WAKEUP, &info->event)) { - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); - wake_up_interruptible(&tty->write_wait); - } + if (test_and_clear_bit(RS_EVENT_WRITE_WAKEUP, &info->event)) + tty_wakeup(tty); } static int startup(struct mac_serial * info) @@ -1595,10 +1591,7 @@ static void rs_flush_buffer(struct tty_s save_flags(flags); cli(); info->xmit_cnt = info->xmit_head = info->xmit_tail = 0; restore_flags(flags); - wake_up_interruptible(&tty->write_wait); - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); + tty_wakeup(tty); } /* @@ -2029,8 +2022,7 @@ static void rs_close(struct tty_struct * if (tty->driver.flush_buffer) tty->driver.flush_buffer(tty); - if (tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer(tty); + tty_ldisc_flush(tty); tty->closing = 0; info->event = 0; info->tty = 0; diff -urNp linux-2.4.28/drivers/net/hamradio/6pack.c linux-2.4.28-new/drivers/net/hamradio/6pack.c --- linux-2.4.28/drivers/net/hamradio/6pack.c 2004-08-07 19:26:05 -0400 +++ linux-2.4.28-new/drivers/net/hamradio/6pack.c 2005-01-07 11:34:08 -0500 @@ -571,8 +571,7 @@ static int sixpack_open(struct tty_struc if (tty->driver.flush_buffer) tty->driver.flush_buffer(tty); - if (tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer(tty); + tty_ldisc_flush(tty); /* Restore default settings */ sp->dev->type = ARPHRD_AX25; diff -urNp linux-2.4.28/drivers/net/hamradio/mkiss.c linux-2.4.28-new/drivers/net/hamradio/mkiss.c --- linux-2.4.28/drivers/net/hamradio/mkiss.c 2003-08-25 07:44:42 -0400 +++ linux-2.4.28-new/drivers/net/hamradio/mkiss.c 2005-01-07 11:34:08 -0500 @@ -654,8 +654,7 @@ static int ax25_open(struct tty_struct * if (tty->driver.flush_buffer) tty->driver.flush_buffer(tty); - if (tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer(tty); + tty_ldisc_flush(tty); /* Restore default settings */ ax->dev->type = ARPHRD_AX25; diff -urNp linux-2.4.28/drivers/net/irda/irtty.c linux-2.4.28-new/drivers/net/irda/irtty.c --- linux-2.4.28/drivers/net/irda/irtty.c 2003-06-13 10:51:35 -0400 +++ linux-2.4.28-new/drivers/net/irda/irtty.c 2005-01-07 11:34:08 -0500 @@ -179,9 +179,8 @@ static int irtty_open(struct tty_struct if (tty->driver.flush_buffer) tty->driver.flush_buffer(tty); - - if (tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer(tty); + + tty_ldisc_flush(tty); self->magic = IRTTY_MAGIC; self->mode = IRDA_IRLAP; diff -urNp linux-2.4.28/drivers/net/ppp_async.c linux-2.4.28-new/drivers/net/ppp_async.c --- linux-2.4.28/drivers/net/ppp_async.c 2002-08-02 20:39:44 -0400 +++ linux-2.4.28-new/drivers/net/ppp_async.c 2005-01-07 11:34:08 -0500 @@ -117,6 +117,9 @@ static struct ppp_channel_ops async_ops * frees the memory that ppp_asynctty_receive is using. The best * way to fix this is to use a rwlock in the tty struct, but for now * we use a single global rwlock for all ttys in ppp line discipline. + * + * FIXME: this is no longer true. The _close path for the ldisc is + * now guaranteed to be sane. */ static rwlock_t disc_data_lock = RW_LOCK_UNLOCKED; @@ -139,7 +142,8 @@ static void ap_put(struct asyncppp *ap) } /* - * Called when a tty is put into PPP line discipline. + * Called when a tty is put into PPP line discipline. Called in process + * context. */ static int ppp_asynctty_open(struct tty_struct *tty) @@ -227,6 +231,18 @@ ppp_asynctty_close(struct tty_struct *tt } /* + * Called on tty hangup in process context. + * + * Wait for I/O to driver to complete and unregister PPP channel. + * This is already done by the close routine, so just call that. + */ +static int ppp_asynctty_hangup(struct tty_struct *tty) +{ + ppp_asynctty_close(tty); + return 0; +} + +/* * Read does nothing - no data is ever available this way. * Pppd reads and writes packets via /dev/ppp instead. */ @@ -248,6 +264,11 @@ ppp_asynctty_write(struct tty_struct *tt return -EAGAIN; } +/* + * Called in process context only. May be re-entered by multiple + * ioctl calling threads. + */ + static int ppp_asynctty_ioctl(struct tty_struct *tty, struct file *file, unsigned int cmd, unsigned long arg) @@ -359,6 +380,7 @@ static struct tty_ldisc ppp_ldisc = { write: ppp_asynctty_write, ioctl: ppp_asynctty_ioctl, poll: ppp_asynctty_poll, + hangup: ppp_asynctty_hangup, receive_room: ppp_asynctty_room, receive_buf: ppp_asynctty_receive, write_wakeup: ppp_asynctty_wakeup, @@ -714,7 +736,8 @@ flush: /* * Flush output from our internal buffers. - * Called for the TCFLSH ioctl. + * Called for the TCFLSH ioctl. Can be entered in parallel + * but this is covered by the xmit_lock. */ static void ppp_async_flush_output(struct asyncppp *ap) @@ -819,7 +842,9 @@ input_error(struct asyncppp *ap, int cod ppp_input_error(&ap->chan, code); } -/* called when the tty driver has data for us. */ +/* Called when the tty driver has data for us. Runs parallel with the + other ldisc functions but will not be re-entered */ + static void ppp_async_input(struct asyncppp *ap, const unsigned char *buf, char *flags, int count) diff -urNp linux-2.4.28/drivers/net/ppp_synctty.c linux-2.4.28-new/drivers/net/ppp_synctty.c --- linux-2.4.28/drivers/net/ppp_synctty.c 2002-08-02 20:39:44 -0400 +++ linux-2.4.28-new/drivers/net/ppp_synctty.c 2005-01-07 11:34:08 -0500 @@ -172,6 +172,8 @@ ppp_print_buffer (const char *name, cons * frees the memory that ppp_synctty_receive is using. The best * way to fix this is to use a rwlock in the tty struct, but for now * we use a single global rwlock for all ttys in ppp line discipline. + * + * FIXME: Fixed in tty_io nowdays. */ static rwlock_t disc_data_lock = RW_LOCK_UNLOCKED; @@ -280,6 +282,18 @@ ppp_sync_close(struct tty_struct *tty) } /* + * Called on tty hangup in process context. + * + * Wait for I/O to driver to complete and unregister PPP channel. + * This is already done by the close routine, so just call that. + */ +static int ppp_sync_hangup(struct tty_struct *tty) +{ + ppp_sync_close(tty); + return 0; +} + +/* * Read does nothing - no data is ever available this way. * Pppd reads and writes packets via /dev/ppp instead. */ @@ -412,6 +426,7 @@ static struct tty_ldisc ppp_sync_ldisc = write: ppp_sync_write, ioctl: ppp_synctty_ioctl, poll: ppp_sync_poll, + hangup: ppp_sync_hangup, receive_room: ppp_sync_room, receive_buf: ppp_sync_receive, write_wakeup: ppp_sync_wakeup, diff -urNp linux-2.4.28/drivers/net/slip.c linux-2.4.28-new/drivers/net/slip.c --- linux-2.4.28/drivers/net/slip.c 2002-11-28 18:53:14 -0500 +++ linux-2.4.28-new/drivers/net/slip.c 2005-01-07 11:34:08 -0500 @@ -670,7 +670,9 @@ static int slip_receive_room(struct tty_ * Handle the 'receiver data ready' interrupt. * This function is called by the 'tty_io' module in the kernel when * a block of SLIP data has been received, which can now be decapsulated - * and sent on to some IP layer for further processing. + * and sent on to some IP layer for further processing. This will not + * be re-entered while running but other ldisc functions may be called + * in parallel */ static void slip_receive_buf(struct tty_struct *tty, const unsigned char *cp, char *fp, int count) @@ -826,9 +828,11 @@ sl_alloc(kdev_t line) * SLIP line discipline is called for. Because we are * sure the tty line exists, we only have to link it to * a free SLIP channel... + * + * Called in process context serialized from other ldisc calls. */ -static int -slip_open(struct tty_struct *tty) + +static int slip_open(struct tty_struct *tty) { struct slip *sl; int err; @@ -865,8 +869,6 @@ slip_open(struct tty_struct *tty) sl->pid = current->pid; if (tty->driver.flush_buffer) tty->driver.flush_buffer(tty); - if (tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer(tty); if (!test_bit(SLF_INUSE, &sl->flags)) { /* Perform the low-level SLIP initialization. */ @@ -910,6 +912,9 @@ err_exit: } /* + + FIXME: 1,2 are fixed 3 was never true anyway. + Let me to blame a bit. 1. TTY module calls this funstion on soft interrupt. 2. TTY module calls this function WITH MASKED INTERRUPTS! @@ -928,9 +933,8 @@ err_exit: /* * Close down a SLIP channel. - * This means flushing out any pending queues, and then restoring the - * TTY line discipline to what it was before it got hooked to SLIP - * (which usually is TTY again). + * This means flushing out any pending queues, and then returning. This + * call is serialized against other ldisc functions. */ static void slip_close(struct tty_struct *tty) diff -urNp linux-2.4.28/drivers/net/strip.c linux-2.4.28-new/drivers/net/strip.c --- linux-2.4.28/drivers/net/strip.c 2001-11-09 17:02:24 -0500 +++ linux-2.4.28-new/drivers/net/strip.c 2005-01-07 11:34:08 -0500 @@ -2706,8 +2706,7 @@ static int strip_open(struct tty_struct tty->disc_data = strip_info; if (tty->driver.flush_buffer) tty->driver.flush_buffer(tty); - if (tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer(tty); + tty_ldisc_flush(tty); /* * Restore default settings diff -urNp linux-2.4.28/drivers/net/wan/8253x/8253xsyn.c linux-2.4.28-new/drivers/net/wan/8253x/8253xsyn.c --- linux-2.4.28/drivers/net/wan/8253x/8253xsyn.c 2002-08-02 20:39:44 -0400 +++ linux-2.4.28-new/drivers/net/wan/8253x/8253xsyn.c 2005-01-07 11:34:08 -0500 @@ -1108,10 +1108,7 @@ void sab8253x_closeS(struct tty_struct * { tty->driver.flush_buffer(tty); } - if (tty->ldisc.flush_buffer) - { - tty->ldisc.flush_buffer(tty); - } + tty_ldisc_flush(tty); tty->closing = 0; port->event = 0; port->tty = 0; diff -urNp linux-2.4.28/drivers/net/wan/8253x/8253xtty.c linux-2.4.28-new/drivers/net/wan/8253x/8253xtty.c --- linux-2.4.28/drivers/net/wan/8253x/8253xtty.c 2003-06-13 10:51:35 -0400 +++ linux-2.4.28-new/drivers/net/wan/8253x/8253xtty.c 2005-01-07 11:34:08 -0500 @@ -691,10 +691,7 @@ static void sab8253x_do_softint(void *pr port->DoingInterrupt = 1; if (test_and_clear_bit(SAB8253X_EVENT_WRITE_WAKEUP, &port->event)) { - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); - wake_up_interruptible(&tty->write_wait); /* in case tty driver waiting on write */ + tty_wakeup(tty); } port->DoingInterrupt = 0; } @@ -2001,10 +1998,7 @@ static void sab8253x_close(struct tty_st { tty->driver.flush_buffer(tty); } - if (tty->ldisc.flush_buffer) - { - tty->ldisc.flush_buffer(tty); - } + tty_ldisc_flush(tty); tty->closing = 0; port->event = 0; port->tty = 0; diff -urNp linux-2.4.28/drivers/net/wan/8253x/8253xutl.c linux-2.4.28-new/drivers/net/wan/8253x/8253xutl.c --- linux-2.4.28/drivers/net/wan/8253x/8253xutl.c 2002-08-02 20:39:44 -0400 +++ linux-2.4.28-new/drivers/net/wan/8253x/8253xutl.c 2005-01-07 11:34:08 -0500 @@ -1412,11 +1412,6 @@ void sab8253x_flush_buffer(struct tty_st WRITEB(port,cmdr,SAB82532_CMDR_XRES); restore_flags(flags); - wake_up_interruptible(&tty->write_wait); /* wake up tty driver */ - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - { - (*tty->ldisc.write_wakeup)(tty); - } + tty_wakeup(tty); } diff -urNp linux-2.4.28/drivers/net/wan/pc300_tty.c linux-2.4.28-new/drivers/net/wan/pc300_tty.c --- linux-2.4.28/drivers/net/wan/pc300_tty.c 2004-11-17 06:54:21 -0500 +++ linux-2.4.28-new/drivers/net/wan/pc300_tty.c 2005-01-07 11:34:08 -0500 @@ -627,14 +627,8 @@ static void cpc_tty_flush_buffer(struct } CPC_TTY_DBG("%s: call wake_up_interruptible\n",cpc_tty->name); - - wake_up_interruptible(&tty->write_wait); - - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && tty->ldisc.write_wakeup){ - CPC_TTY_DBG("%s: call line disc. wake up\n",cpc_tty->name); - tty->ldisc.write_wakeup(tty); - } + tty_wakeup(tty); return; } @@ -699,12 +693,19 @@ static void cpc_tty_rx_task(void * data) cpc_tty = &cpc_tty_area[port]; if ((buf=cpc_tty->buf_rx.first) != 0) { - - if (cpc_tty->tty && (cpc_tty->tty->ldisc.receive_buf)) { - CPC_TTY_DBG("%s: call line disc. receive_buf\n",cpc_tty->name); - cpc_tty->tty->ldisc.receive_buf(cpc_tty->tty, (const unsigned char *)buf->data, - &flags, buf->size); - } + + if(cpc_tty->tty) + { + struct tty_ldisc *ld = tty_ldisc_ref(cpc_tty->tty); + if(ld) + { + if (ld->receive_buf) { + CPC_TTY_DBG("%s: call line disc. receive_buf\n",cpc_tty->name); + ld->receive_buf(cpc_tty->tty, (char *)(buf->data), &flags, buf->size); + } + tty_ldisc_deref(ld); + } + } cpc_tty->buf_rx.first = cpc_tty->buf_rx.first->next; kfree((unsigned char *)buf); buf = cpc_tty->buf_rx.first; @@ -908,12 +909,7 @@ static void cpc_tty_tx_task(void *data) return; } - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && tty->ldisc.write_wakeup){ - CPC_TTY_DBG("%s:call line disc. wakeup\n",cpc_tty->name); - tty->ldisc.write_wakeup (tty); - } - - wake_up_interruptible(&tty->write_wait); + tty_wakeup(tty); } /* diff -urNp linux-2.4.28/drivers/net/wan/sdla_chdlc.c linux-2.4.28-new/drivers/net/wan/sdla_chdlc.c --- linux-2.4.28/drivers/net/wan/sdla_chdlc.c 2003-11-28 13:26:20 -0500 +++ linux-2.4.28-new/drivers/net/wan/sdla_chdlc.c 2005-01-07 11:34:08 -0500 @@ -3868,11 +3868,7 @@ static void tty_poll_task (void* data) if ((tty=card->tty)==NULL) return; - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup){ - (tty->ldisc.write_wakeup)(tty); - } - wake_up_interruptible(&tty->write_wait); + tty_wakeup(tty); #if defined(SERIAL_HAVE_POLL_WAIT) || \ (defined LINUX_2_1 && LINUX_VERSION_CODE >= KERNEL_VERSION(2,2,15)) wake_up_interruptible(&tty->poll_wait); @@ -4098,6 +4094,7 @@ static void wanpipe_tty_receive(sdla_t * char fp=0; struct tty_struct *tty; int i; + struct tty_ldisc *ld; if (!card->tty_open){ dbg_printk(KERN_INFO "%s: TTY not open during receive\n", @@ -4185,8 +4182,11 @@ static void wanpipe_tty_receive(sdla_t * len -= offset; } sdla_peek(&card->hw, addr, card->tty_rx+offset, len); - if (tty->ldisc.receive_buf){ - tty->ldisc.receive_buf(tty,card->tty_rx,&fp,olen); + ld = tty_ldisc_ref(tty); + if (ld) { + if (ld->receive_buf) + ld->receive_buf(tty,card->tty_rx,&fp,olen); + tty_ldisc_deref(ld); }else{ if (net_ratelimit()){ printk(KERN_INFO @@ -4493,14 +4493,11 @@ static void wanpipe_tty_flush_buffer(str if (!tty) return; - wake_up_interruptible(&tty->write_wait); #if defined(SERIAL_HAVE_POLL_WAIT) || \ (defined LINUX_2_1 && LINUX_VERSION_CODE >= KERNEL_VERSION(2,2,15)) wake_up_interruptible(&tty->poll_wait); #endif - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); + tty_wakeup(tty); return; } diff -urNp linux-2.4.28/drivers/net/wan/x25_asy.c linux-2.4.28-new/drivers/net/wan/x25_asy.c --- linux-2.4.28/drivers/net/wan/x25_asy.c 2001-09-13 19:04:43 -0400 +++ linux-2.4.28-new/drivers/net/wan/x25_asy.c 2005-01-07 11:34:08 -0500 @@ -619,9 +619,7 @@ static int x25_asy_open_tty(struct tty_s if (tty->driver.flush_buffer) { tty->driver.flush_buffer(tty); } - if (tty->ldisc.flush_buffer) { - tty->ldisc.flush_buffer(tty); - } + tty_ldisc_flush(tty); /* Restore default settings */ sl->dev->type = ARPHRD_X25; diff -urNp linux-2.4.28/drivers/s390/char/con3215.c linux-2.4.28-new/drivers/s390/char/con3215.c --- linux-2.4.28/drivers/s390/char/con3215.c 2003-08-25 07:44:42 -0400 +++ linux-2.4.28-new/drivers/s390/char/con3215.c 2005-01-07 11:34:08 -0500 @@ -363,10 +363,7 @@ static void raw3215_softint(void *data) tty = raw->tty; if (tty != NULL && RAW3215_BUFFER_SIZE - raw->count >= RAW3215_MIN_SPACE) { - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); - wake_up_interruptible(&tty->write_wait); + tty_wakeup(tty); } } @@ -978,10 +975,7 @@ static void tty3215_flush_buffer(struct raw = (raw3215_info *) tty->driver_data; raw3215_flush_buffer(raw); - wake_up_interruptible(&tty->write_wait); - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); + tty_wakeup(tty); } /* diff -urNp linux-2.4.28/drivers/s390/char/tubtty.c linux-2.4.28-new/drivers/s390/char/tubtty.c --- linux-2.4.28/drivers/s390/char/tubtty.c 2002-11-28 18:53:14 -0500 +++ linux-2.4.28-new/drivers/s390/char/tubtty.c 2005-01-07 11:34:08 -0500 @@ -445,10 +445,7 @@ tty3270_flush_buffer(struct tty_struct * ob->bc_cnt = 0; TUBUNLOCK(tubp->irq, flags); } - wake_up_interruptible(&tty->write_wait); - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); + tty_wakeup(tty); } static int @@ -646,10 +643,7 @@ tty3270_bh(void *data) } if (tty != NULL) { - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup != NULL) - (tty->ldisc.write_wakeup)(tty); - wake_up_interruptible(&tty->write_wait); + tty_wakeup(tty); } do_unlock: TUBUNLOCK(tubp->irq, flags); diff -urNp linux-2.4.28/drivers/s390/net/ctctty.c linux-2.4.28-new/drivers/s390/net/ctctty.c --- linux-2.4.28/drivers/s390/net/ctctty.c 2003-11-28 13:26:20 -0500 +++ linux-2.4.28-new/drivers/s390/net/ctctty.c 2005-01-07 11:34:08 -0500 @@ -362,9 +362,8 @@ ctc_tty_tint(ctc_tty_info * info) info->flags &= ~CTC_ASYNC_TX_LINESTAT; if (tty) { - if (wake && (tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); + if (wake) + tty_wakeup(tty); wake_up_interruptible(&tty->write_wait); } } @@ -655,10 +654,7 @@ ctc_tty_flush_buffer(struct tty_struct * skb_queue_purge(&info->tx_queue); info->lsr |= UART_LSR_TEMT; restore_flags(flags); - wake_up_interruptible(&tty->write_wait); - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup) (tty); + tty_wakeup(tty); } static void @@ -1168,8 +1164,7 @@ ctc_tty_close(struct tty_struct *tty, st ctc_tty_shutdown(info); if (tty->driver.flush_buffer) tty->driver.flush_buffer(tty); - if (tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer(tty); + tty_ldisc_flush(tty); spin_lock_irqsave(&ctc_tty_lock, saveflags); info->tty = 0; spin_unlock_irqrestore(&ctc_tty_lock, saveflags); diff -urNp linux-2.4.28/drivers/sbus/char/aurora.c linux-2.4.28-new/drivers/sbus/char/aurora.c --- linux-2.4.28/drivers/sbus/char/aurora.c 2002-11-28 18:53:14 -0500 +++ linux-2.4.28-new/drivers/sbus/char/aurora.c 2005-01-07 11:34:08 -0500 @@ -1573,8 +1573,7 @@ static void aurora_close(struct tty_stru aurora_shutdown_port(bp, port); if (tty->driver.flush_buffer) tty->driver.flush_buffer(tty); - if (tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer(tty); + tty_ldisc_flush(tty); tty->closing = 0; port->event = 0; port->tty = 0; @@ -1785,11 +1784,8 @@ static void aurora_flush_buffer(struct t save_flags(flags); cli(); port->xmit_cnt = port->xmit_head = port->xmit_tail = 0; restore_flags(flags); - - wake_up_interruptible(&tty->write_wait); - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); + + tty_wakeup(tty); #ifdef AURORA_DEBUG printk("aurora_flush_buffer: end\n"); #endif @@ -2286,10 +2282,7 @@ static void do_softint(void *private_) return; if (test_and_clear_bit(RS_EVENT_WRITE_WAKEUP, &port->event)) { - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); - wake_up_interruptible(&tty->write_wait); + tty_wakeup(tty); } #ifdef AURORA_DEBUG printk("do_softint: end\n"); diff -urNp linux-2.4.28/drivers/sbus/char/sab82532.c linux-2.4.28-new/drivers/sbus/char/sab82532.c --- linux-2.4.28/drivers/sbus/char/sab82532.c 2002-08-02 20:39:44 -0400 +++ linux-2.4.28-new/drivers/sbus/char/sab82532.c 2005-01-07 11:34:08 -0500 @@ -669,10 +669,7 @@ static void do_softint(void *private_) return; if (test_and_clear_bit(RS_EVENT_WRITE_WAKEUP, &info->event)) { - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); - wake_up_interruptible(&tty->write_wait); + tty_wakeup(tty); } } @@ -1206,10 +1203,7 @@ static void sab82532_flush_buffer(struct info->xmit.head = info->xmit.tail = 0; restore_flags(flags); - wake_up_interruptible(&tty->write_wait); - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); + tty_wakeup(tty); } /* @@ -1667,8 +1661,7 @@ static void sab82532_close(struct tty_st shutdown(info); if (tty->driver.flush_buffer) tty->driver.flush_buffer(tty); - if (tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer(tty); + tty_ldisc_flush(tty); tty->closing = 0; info->event = 0; info->tty = 0; diff -urNp linux-2.4.28/drivers/sbus/char/su.c linux-2.4.28-new/drivers/sbus/char/su.c --- linux-2.4.28/drivers/sbus/char/su.c 2002-08-02 20:39:44 -0400 +++ linux-2.4.28-new/drivers/sbus/char/su.c 2005-01-07 11:34:08 -0500 @@ -698,10 +698,7 @@ static void do_softint(void *private_) return; if (test_and_clear_bit(RS_EVENT_WRITE_WAKEUP, &info->event)) { - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); - wake_up_interruptible(&tty->write_wait); + tty_wakeup(tty); } } @@ -1313,10 +1310,7 @@ su_flush_buffer(struct tty_struct *tty) save_flags(flags); cli(); info->xmit_cnt = info->xmit_head = info->xmit_tail = 0; restore_flags(flags); - wake_up_interruptible(&tty->write_wait); - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); + tty_wakeup(tty); } /* @@ -1815,8 +1809,7 @@ su_close(struct tty_struct *tty, struct shutdown(info); if (tty->driver.flush_buffer) tty->driver.flush_buffer(tty); - if (tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer(tty); + tty_ldisc_flush(tty); tty->closing = 0; info->event = 0; info->tty = 0; diff -urNp linux-2.4.28/drivers/sbus/char/zs.c linux-2.4.28-new/drivers/sbus/char/zs.c --- linux-2.4.28/drivers/sbus/char/zs.c 2002-08-02 20:39:44 -0400 +++ linux-2.4.28-new/drivers/sbus/char/zs.c 2005-01-07 11:34:08 -0500 @@ -746,10 +746,7 @@ static void do_softint(void *private_) return; if (test_and_clear_bit(RS_EVENT_WRITE_WAKEUP, &info->event)) { - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); - wake_up_interruptible(&tty->write_wait); + tty_wakeup(tty); } } @@ -1199,10 +1196,7 @@ static void zs_flush_buffer(struct tty_s cli(); info->xmit_cnt = info->xmit_head = info->xmit_tail = 0; sti(); - wake_up_interruptible(&tty->write_wait); - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); + tty_wakeup(tty); } /* @@ -1600,15 +1594,14 @@ static void zs_close(struct tty_struct * shutdown(info); if (tty->driver.flush_buffer) tty->driver.flush_buffer(tty); - if (tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer(tty); + tty_ldisc_flush(tty); tty->closing = 0; info->event = 0; info->tty = 0; - if (tty->ldisc.num != ldiscs[N_TTY].num) { + if (tty->ldisc.num != N_TTY) { if (tty->ldisc.close) (tty->ldisc.close)(tty); - tty->ldisc = ldiscs[N_TTY]; + tty->ldisc = *(tty_ldisc_get(N_TTY)); tty->termios->c_line = N_TTY; if (tty->ldisc.open) (tty->ldisc.open)(tty); diff -urNp linux-2.4.28/drivers/tc/zs.c linux-2.4.28-new/drivers/tc/zs.c --- linux-2.4.28/drivers/tc/zs.c 2004-02-18 08:36:31 -0500 +++ linux-2.4.28-new/drivers/tc/zs.c 2005-01-07 11:34:08 -0500 @@ -695,10 +695,7 @@ static void do_softint(void *private_) return; if (test_and_clear_bit(RS_EVENT_WRITE_WAKEUP, &info->event)) { - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); - wake_up_interruptible(&tty->write_wait); + tty_wakeup(tty); } } @@ -1020,10 +1017,7 @@ static void rs_flush_buffer(struct tty_s cli(); info->xmit_cnt = info->xmit_head = info->xmit_tail = 0; sti(); - wake_up_interruptible(&tty->write_wait); - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); + tty_wakeup(tty); } /* @@ -1429,8 +1423,7 @@ static void rs_close(struct tty_struct * shutdown(info); if (tty->driver.flush_buffer) tty->driver.flush_buffer(tty); - if (tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer(tty); + tty_ldisc_flush(tty); tty->closing = 0; info->event = 0; info->tty = 0; diff -urNp linux-2.4.28/drivers/usb/acm.c linux-2.4.28-new/drivers/usb/acm.c --- linux-2.4.28/drivers/usb/acm.c 2003-11-28 13:26:20 -0500 +++ linux-2.4.28-new/drivers/usb/acm.c 2005-01-07 11:34:08 -0500 @@ -285,10 +285,7 @@ static void acm_softint(void *private) if (!ACM_READY(acm)) return; - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); - - wake_up_interruptible(&tty->write_wait); + tty_wakeup(tty); } /* diff -urNp linux-2.4.28/drivers/usb/bluetooth.c linux-2.4.28-new/drivers/usb/bluetooth.c --- linux-2.4.28/drivers/usb/bluetooth.c 2003-11-28 13:26:20 -0500 +++ linux-2.4.28-new/drivers/usb/bluetooth.c 2005-01-07 11:34:08 -0500 @@ -1017,6 +1017,7 @@ static void bluetooth_softint(void *priv { struct usb_bluetooth *bluetooth = get_usb_bluetooth ((struct usb_bluetooth *)private, __FUNCTION__); struct tty_struct *tty; + struct tty_ldisc *ld; dbg("%s", __FUNCTION__); @@ -1025,9 +1026,15 @@ static void bluetooth_softint(void *priv } tty = bluetooth->tty; - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && tty->ldisc.write_wakeup) { - dbg("%s - write wakeup call.", __FUNCTION__); - (tty->ldisc.write_wakeup)(tty); + if (tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) { + ld = tty_ldisc_ref(tty); + if(ld) { + if(ld->write_wakeup) { + ld->write_wakeup(tty); + dbg("%s - write wakeup call.", __FUNCTION__); + } + tty_ldisc_deref(tty); + } } wake_up_interruptible(&tty->write_wait); diff -urNp linux-2.4.28/drivers/usb/serial/digi_acceleport.c linux-2.4.28-new/drivers/usb/serial/digi_acceleport.c --- linux-2.4.28/drivers/usb/serial/digi_acceleport.c 2002-11-28 18:53:14 -0500 +++ linux-2.4.28-new/drivers/usb/serial/digi_acceleport.c 2005-01-07 11:34:08 -0500 @@ -614,14 +614,7 @@ static void digi_wakeup_write( struct us wake_up_interruptible( &port->write_wait ); /* wake up line discipline */ - if( (tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) - && tty->ldisc.write_wakeup ) - (tty->ldisc.write_wakeup)(tty); - - /* wake up other tty processes */ - wake_up_interruptible( &tty->write_wait ); - /* For 2.2.16 backport -- wake_up_interruptible( &tty->poll_wait ); */ - + tty_wakeup(tty); } @@ -1557,8 +1550,7 @@ dbg( "digi_close: TOP: port=%d, open_cou /* flush driver and line discipline buffers */ if( tty->driver.flush_buffer ) tty->driver.flush_buffer( tty ); - if( tty->ldisc.flush_buffer ) - tty->ldisc.flush_buffer( tty ); + tty_ldisc_flush(tty); if (port->serial->dev) { /* wait for transmit idle */ diff -urNp linux-2.4.28/drivers/usb/serial/io_edgeport.c linux-2.4.28-new/drivers/usb/serial/io_edgeport.c --- linux-2.4.28/drivers/usb/serial/io_edgeport.c 2004-08-07 19:26:05 -0400 +++ linux-2.4.28-new/drivers/usb/serial/io_edgeport.c 2005-01-07 11:34:09 -0500 @@ -902,12 +902,7 @@ static void edge_bulk_out_data_callback if (tty && edge_port->open) { /* let the tty driver wakeup if it has a special write_wakeup function */ - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && tty->ldisc.write_wakeup) { - (tty->ldisc.write_wakeup)(tty); - } - - /* tell the tty driver that something has changed */ - wake_up_interruptible(&tty->write_wait); + tty_wakeup(tty); } // Release the Write URB diff -urNp linux-2.4.28/drivers/usb/serial/io_ti.c linux-2.4.28-new/drivers/usb/serial/io_ti.c --- linux-2.4.28/drivers/usb/serial/io_ti.c 2003-11-28 13:26:20 -0500 +++ linux-2.4.28-new/drivers/usb/serial/io_ti.c 2005-01-07 11:34:09 -0500 @@ -1800,12 +1800,7 @@ static void edge_bulk_out_callback (stru tty = port->tty; if (tty) { /* let the tty driver wakeup if it has a special write_wakeup function */ - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && tty->ldisc.write_wakeup) { - (tty->ldisc.write_wakeup)(tty); - } - - /* tell the tty driver that something has changed */ - wake_up_interruptible(&tty->write_wait); + tty_wakeup(tty); } } diff -urNp linux-2.4.28/drivers/usb/serial/keyspan_pda.c linux-2.4.28-new/drivers/usb/serial/keyspan_pda.c --- linux-2.4.28/drivers/usb/serial/keyspan_pda.c 2003-11-28 13:26:20 -0500 +++ linux-2.4.28-new/drivers/usb/serial/keyspan_pda.c 2005-01-07 11:34:09 -0500 @@ -183,13 +183,7 @@ static void keyspan_pda_wakeup_write( st wake_up_interruptible( &port->write_wait ); /* wake up line discipline */ - if( (tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) - && tty->ldisc.write_wakeup ) - (tty->ldisc.write_wakeup)(tty); - - /* wake up other tty processes */ - wake_up_interruptible( &tty->write_wait ); - /* For 2.2.16 backport -- wake_up_interruptible( &tty->poll_wait ); */ + tty_wakeup(tty); } static void keyspan_pda_request_unthrottle( struct usb_serial *serial ) diff -urNp linux-2.4.28/drivers/usb/serial/mct_u232.c linux-2.4.28-new/drivers/usb/serial/mct_u232.c --- linux-2.4.28/drivers/usb/serial/mct_u232.c 2004-08-07 19:26:05 -0400 +++ linux-2.4.28-new/drivers/usb/serial/mct_u232.c 2005-01-07 11:34:09 -0500 @@ -569,11 +569,7 @@ static void mct_u232_write_bulk_callback if (write_blocking) { wake_up_interruptible(&port->write_wait); - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); - wake_up_interruptible(&tty->write_wait); - + tty_wakeup(tty); } else { /* from generic_write_bulk_callback */ queue_task(&port->tqueue, &tq_immediate); diff -urNp linux-2.4.28/drivers/usb/serial/usbserial.c linux-2.4.28-new/drivers/usb/serial/usbserial.c --- linux-2.4.28/drivers/usb/serial/usbserial.c 2004-11-17 06:54:21 -0500 +++ linux-2.4.28-new/drivers/usb/serial/usbserial.c 2005-01-07 11:34:09 -0500 @@ -1326,6 +1326,7 @@ static void port_softint(void *private) struct usb_serial *serial = get_usb_serial (port, __FUNCTION__); struct tty_struct *tty; unsigned long flags; + struct tty_ldisc *ld; dbg("%s - port %d", __FUNCTION__, port->number); @@ -1341,9 +1342,15 @@ static void port_softint(void *private) if (!tty) return; - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && tty->ldisc.write_wakeup) { - dbg("%s - write wakeup call.", __FUNCTION__); - (tty->ldisc.write_wakeup)(tty); + if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP))) { + ld = tty_ldisc_ref(tty); + if(ld) { + if(ld->write_wakeup) { + ld->write_wakeup(tty); + dbg("%s - write wakeup call.", __FUNCTION__); + } + tty_ldisc_deref(ld); + } } wake_up_interruptible(&tty->write_wait); diff -urNp linux-2.4.28/fs/binfmt_aout.c linux-2.4.28-new/fs/binfmt_aout.c --- linux-2.4.28/fs/binfmt_aout.c 2005-01-07 11:33:20 -0500 +++ linux-2.4.28-new/fs/binfmt_aout.c 2005-01-07 11:34:09 -0500 @@ -39,13 +39,18 @@ static struct linux_binfmt aout_format = NULL, THIS_MODULE, load_aout_binary, load_aout_library, aout_core_dump, PAGE_SIZE }; -static void set_brk(unsigned long start, unsigned long end) +#define BAD_ADDR(x) ((unsigned long)(x) >= TASK_SIZE) + +static int set_brk(unsigned long start, unsigned long end) { start = PAGE_ALIGN(start); end = PAGE_ALIGN(end); - if (end <= start) - return; - do_brk(start, end - start); + if (end > start) { + unsigned long addr = do_brk_locked(start, end - start); + if (BAD_ADDR(addr)) + return addr; + } + return 0; } /* @@ -336,10 +341,10 @@ static int load_aout_binary(struct linux loff_t pos = fd_offset; /* Fuck me plenty... */ /* */ - error = do_brk(N_TXTADDR(ex), ex.a_text); + error = do_brk_locked(N_TXTADDR(ex), ex.a_text); bprm->file->f_op->read(bprm->file, (char *) N_TXTADDR(ex), ex.a_text, &pos); - error = do_brk(N_DATADDR(ex), ex.a_data); + error = do_brk_locked(N_DATADDR(ex), ex.a_data); bprm->file->f_op->read(bprm->file, (char *) N_DATADDR(ex), ex.a_data, &pos); goto beyond_if; @@ -360,7 +365,7 @@ static int load_aout_binary(struct linux map_size = ex.a_text+ex.a_data; #endif - error = do_brk(text_addr & PAGE_MASK, map_size); + error = do_brk_locked(text_addr & PAGE_MASK, map_size); if (error != (text_addr & PAGE_MASK)) { send_sig(SIGKILL, current, 0); return error; @@ -394,7 +399,7 @@ static int load_aout_binary(struct linux if (!bprm->file->f_op->mmap||((fd_offset & ~PAGE_MASK) != 0)) { loff_t pos = fd_offset; - do_brk(N_TXTADDR(ex), ex.a_text+ex.a_data); + do_brk_locked(N_TXTADDR(ex), ex.a_text+ex.a_data); bprm->file->f_op->read(bprm->file,(char *)N_TXTADDR(ex), ex.a_text+ex.a_data, &pos); flush_icache_range((unsigned long) N_TXTADDR(ex), @@ -429,7 +434,11 @@ static int load_aout_binary(struct linux beyond_if: set_binfmt(&aout_format); - set_brk(current->mm->start_brk, current->mm->brk); + retval = set_brk(current->mm->start_brk, current->mm->brk); + if (retval < 0) { + send_sig(SIGKILL, current, 0); + return retval; + } retval = setup_arg_pages(bprm); if (retval < 0) { @@ -491,7 +500,7 @@ static int load_aout_library(struct file error_time = jiffies; } - do_brk(start_addr, ex.a_text + ex.a_data + ex.a_bss); + do_brk_locked(start_addr, ex.a_text + ex.a_data + ex.a_bss); file->f_op->read(file, (char *)start_addr, ex.a_text + ex.a_data, &pos); @@ -515,7 +524,7 @@ static int load_aout_library(struct file len = PAGE_ALIGN(ex.a_text + ex.a_data); bss = ex.a_text + ex.a_data + ex.a_bss; if (bss > len) { - error = do_brk(start_addr + len, bss - len); + error = do_brk_locked(start_addr + len, bss - len); retval = error; if (error != start_addr + len) goto out; diff -urNp linux-2.4.28/fs/binfmt_elf.c linux-2.4.28-new/fs/binfmt_elf.c --- linux-2.4.28/fs/binfmt_elf.c 2005-01-07 11:33:20 -0500 +++ linux-2.4.28-new/fs/binfmt_elf.c 2005-01-07 11:41:09 -0500 @@ -88,6 +88,7 @@ static void set_brk(unsigned long start, end = ELF_PAGEALIGN(end); if (end <= start) return; + down_write(¤t->mm->mmap_sem); do_brk(start, end - start); #ifdef CONFIG_GRKERNSEC_PAX_RANDEXEC @@ -95,6 +96,7 @@ static void set_brk(unsigned long start, __do_mmap_pgoff(NULL, ELF_PAGEALIGN(start + current->mm->delta_exec), 0UL, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_FIXED | MAP_MIRROR, start); #endif + up_write(¤t->mm->mmap_sem); } @@ -295,7 +297,9 @@ static unsigned long load_elf_interp(str */ if (interp_elf_ex->e_phentsize != sizeof(struct elf_phdr)) goto out; - if (interp_elf_ex->e_phnum > 65536U / sizeof(struct elf_phdr)) + + if (interp_elf_ex->e_phnum < 1 || + interp_elf_ex->e_phnum > 65536U / sizeof(struct elf_phdr)) goto out; /* Now read in all of the header information */ @@ -370,7 +374,7 @@ static unsigned long load_elf_interp(str /* Map the last of the bss segment */ if (last_bss > elf_bss) - do_brk(elf_bss, last_bss - elf_bss); + error = do_brk_locked(elf_bss, last_bss - elf_bss); *interp_load_addr = load_addr; error = ((unsigned long) interp_elf_ex->e_entry) + load_addr; @@ -407,7 +411,7 @@ static unsigned long load_aout_interp(st goto out; } - do_brk(0, text_data); + do_brk_locked(0, text_data); if (!interpreter->f_op || !interpreter->f_op->read) goto out; if (interpreter->f_op->read(interpreter, addr, text_data, &offset) < 0) @@ -415,7 +419,7 @@ static unsigned long load_aout_interp(st flush_icache_range((unsigned long)addr, (unsigned long)addr + text_data); - do_brk(ELF_PAGESTART(text_data + ELF_MIN_ALIGN - 1), + do_brk_locked(ELF_PAGESTART(text_data + ELF_MIN_ALIGN - 1), interp_ex->a_bss); elf_entry = interp_ex->a_entry; @@ -1271,7 +1275,7 @@ static int load_elf_library(struct file len = ELF_PAGESTART(elf_phdata->p_filesz + elf_phdata->p_vaddr + ELF_MIN_ALIGN - 1); bss = elf_phdata->p_memsz + elf_phdata->p_vaddr; if (bss > len) - do_brk(len, bss - len); + do_brk_locked(len, bss - len); error = 0; out_free_ph: diff -urNp linux-2.4.28/fs/exec.c linux-2.4.28-new/fs/exec.c --- linux-2.4.28/fs/exec.c 2005-01-07 11:33:20 -0500 +++ linux-2.4.28-new/fs/exec.c 2005-01-07 11:34:09 -0500 @@ -358,7 +358,7 @@ int setup_arg_pages(struct linux_binprm { unsigned long stack_base; struct vm_area_struct *mpnt; - int i; + int i, ret; #ifdef CONFIG_GRKERNSEC_PAX_SEGMEXEC struct vm_area_struct *mpnt_m = NULL; @@ -401,7 +401,11 @@ int setup_arg_pages(struct linux_binprm mpnt->vm_pgoff = 0; mpnt->vm_file = NULL; mpnt->vm_private_data = (void *) 0; - insert_vm_struct(current->mm, mpnt); + if ((ret = insert_vm_struct(current->mm, mpnt))) { + up_write(¤t->mm->mmap_sem); + kmem_cache_free(vm_area_cachep, mpnt); + return ret; + } current->mm->total_vm = (mpnt->vm_end - mpnt->vm_start) >> PAGE_SHIFT; #ifdef CONFIG_GRKERNSEC_PAX_SEGMEXEC diff -urNp linux-2.4.28/fs/proc/base.c linux-2.4.28-new/fs/proc/base.c --- linux-2.4.28/fs/proc/base.c 2005-01-07 11:33:20 -0500 +++ linux-2.4.28-new/fs/proc/base.c 2005-01-07 11:34:09 -0500 @@ -194,7 +194,7 @@ static int proc_pid_cmdline(struct task_ if (mm) atomic_inc(&mm->mm_users); task_unlock(task); - if (mm) { + if (mm && mm->arg_end) { int len = mm->arg_end - mm->arg_start; if (len > PAGE_SIZE) len = PAGE_SIZE; diff -urNp linux-2.4.28/fs/proc/proc_tty.c linux-2.4.28-new/fs/proc/proc_tty.c --- linux-2.4.28/fs/proc/proc_tty.c 2005-01-07 11:33:20 -0500 +++ linux-2.4.28-new/fs/proc/proc_tty.c 2005-01-07 11:34:09 -0500 @@ -15,8 +15,6 @@ #include extern struct tty_driver *tty_drivers; /* linked list of tty drivers */ -extern struct tty_ldisc ldiscs[]; - static int tty_drivers_read_proc(char *page, char **start, off_t off, int count, int *eof, void *data); @@ -106,12 +104,15 @@ static int tty_ldiscs_read_proc(char *pa int i; int len = 0; off_t begin = 0; - + struct tty_ldisc *ld; + for (i=0; i < NR_LDISCS; i++) { - if (!(ldiscs[i].flags & LDISC_FLAG_DEFINED)) + ld = tty_ldisc_get(i); + if (ld == NULL) continue; len += sprintf(page+len, "%-10s %2d\n", - ldiscs[i].name ? ldiscs[i].name : "???", i); + ld->name ? ld->name : "???", i); + tty_ldisc_put(i); if (len+begin > off+count) break; if (len+begin < off) { diff -urNp linux-2.4.28/include/linux/mm.h linux-2.4.28-new/include/linux/mm.h --- linux-2.4.28/include/linux/mm.h 2005-01-07 11:33:20 -0500 +++ linux-2.4.28-new/include/linux/mm.h 2005-01-07 11:34:09 -0500 @@ -568,7 +568,7 @@ extern void __free_pte(pte_t); /* mmap.c */ extern void lock_vma_mappings(struct vm_area_struct *); extern void unlock_vma_mappings(struct vm_area_struct *); -extern void insert_vm_struct(struct mm_struct *, struct vm_area_struct *); +extern int insert_vm_struct(struct mm_struct *, struct vm_area_struct *); extern void __insert_vm_struct(struct mm_struct *, struct vm_area_struct *); extern void build_mmap_rb(struct mm_struct *); extern void exit_mmap(struct mm_struct *); @@ -599,6 +599,7 @@ out: extern int do_munmap(struct mm_struct *, unsigned long, size_t); extern unsigned long do_brk(unsigned long, unsigned long); +extern unsigned long do_brk_locked(unsigned long, unsigned long); static inline void __vma_unlink(struct mm_struct * mm, struct vm_area_struct * vma, struct vm_area_struct * prev) { diff -urNp linux-2.4.28/include/linux/socket.h linux-2.4.28-new/include/linux/socket.h --- linux-2.4.28/include/linux/socket.h 2004-11-17 06:54:22 -0500 +++ linux-2.4.28-new/include/linux/socket.h 2005-01-07 11:34:09 -0500 @@ -87,6 +87,10 @@ struct cmsghdr { (struct cmsghdr *)(ctl) : \ (struct cmsghdr *)NULL) #define CMSG_FIRSTHDR(msg) __CMSG_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen) +#define CMSG_OK(mhdr, cmsg) ((cmsg)->cmsg_len >= sizeof(struct cmsghdr) && \ + (cmsg)->cmsg_len <= (unsigned long) \ + ((mhdr)->msg_controllen - \ + ((char *)(cmsg) - (char *)(mhdr)->msg_control))) /* * This mess will go away with glibc diff -urNp linux-2.4.28/include/linux/tty.h linux-2.4.28-new/include/linux/tty.h --- linux-2.4.28/include/linux/tty.h 2003-06-13 10:51:39 -0400 +++ linux-2.4.28-new/include/linux/tty.h 2005-01-07 11:34:09 -0500 @@ -260,6 +260,7 @@ struct tty_struct { int magic; struct tty_driver driver; struct tty_ldisc ldisc; + struct semaphore termios_sem; struct termios *termios, *termios_locked; int pgrp; int session; @@ -322,26 +323,28 @@ struct tty_struct { * tty->write. Thus, you must use the inline functions set_bit() and * clear_bit() to make things atomic. */ -#define TTY_THROTTLED 0 -#define TTY_IO_ERROR 1 -#define TTY_OTHER_CLOSED 2 -#define TTY_EXCLUSIVE 3 -#define TTY_DEBUG 4 -#define TTY_DO_WRITE_WAKEUP 5 -#define TTY_PUSH 6 -#define TTY_CLOSING 7 -#define TTY_DONT_FLIP 8 -#define TTY_HW_COOK_OUT 14 -#define TTY_HW_COOK_IN 15 -#define TTY_PTY_LOCK 16 -#define TTY_NO_WRITE_SPLIT 17 +#define TTY_THROTTLED 0 /* Call unthrottle() at threshold min */ +#define TTY_IO_ERROR 1 /* Canse an I/O error (may be no ldisc too) */ +#define TTY_OTHER_CLOSED 2 /* Other side (if any) has closed */ +#define TTY_EXCLUSIVE 3 /* Exclusive open mode */ +#define TTY_DEBUG 4 /* Debugging */ +#define TTY_DO_WRITE_WAKEUP 5 /* Call write_wakeup after queuing new */ +#define TTY_PUSH 6 /* n_tty private */ +#define TTY_CLOSING 7 /* ->close() in progress */ +#define TTY_DONT_FLIP 8 /* Defer buffer flip */ +#define TTY_LDISC 9 /* Line discipline attached */ +#define TTY_HW_COOK_OUT 14 /* Hardware can do output cooking */ +#define TTY_HW_COOK_IN 15 /* Hardware can do input cooking */ +#define TTY_PTY_LOCK 16 /* pty private */ +#define TTY_NO_WRITE_SPLIT 17 /* Preserve write boundaries to driver */ +#define TTY_HUPPED 18 /* Post driver->hangup() */ #define TTY_WRITE_FLUSH(tty) tty_write_flush((tty)) extern void tty_write_flush(struct tty_struct *); extern struct termios tty_std_termios; -extern struct tty_ldisc ldiscs[]; +extern struct tty_ldisc tty_ldiscs[]; extern int fg_console, last_console, want_console; extern int kmsg_redirect; @@ -396,6 +399,17 @@ extern void disassociate_ctty(int priv); extern void tty_flip_buffer_push(struct tty_struct *tty); extern int tty_get_baud_rate(struct tty_struct *tty); +extern struct tty_ldisc *tty_ldisc_ref(struct tty_struct *); +extern void tty_ldisc_deref(struct tty_ldisc *); +extern struct tty_ldisc *tty_ldisc_ref_wait(struct tty_struct *); + +extern struct tty_ldisc *tty_ldisc_get(int); +extern void tty_ldisc_put(int); + +extern void tty_wakeup(struct tty_struct *tty); +extern void tty_ldisc_flush(struct tty_struct *tty); + + /* n_tty.c */ extern struct tty_ldisc tty_ldisc_N_TTY; diff -urNp linux-2.4.28/include/linux/tty_ldisc.h linux-2.4.28-new/include/linux/tty_ldisc.h --- linux-2.4.28/include/linux/tty_ldisc.h 2001-11-22 14:46:19 -0500 +++ linux-2.4.28-new/include/linux/tty_ldisc.h 2005-01-07 11:34:09 -0500 @@ -95,6 +95,13 @@ * that line discpline should try to send more characters to the * low-level driver for transmission. If the line discpline does * not have any more data to send, it can just return. + * + * int (*hangup)(struct tty_struct *) + * + * Called on a hangup. Tells the discipline that it should + * cease I/O to the tty driver. Can sleep. The driver should + * seek to perform this action quickly but should wait until + * any pending driver I/O is completed. */ #include @@ -121,6 +128,7 @@ struct tty_ldisc { void (*set_termios)(struct tty_struct *tty, struct termios * old); unsigned int (*poll)(struct tty_struct *, struct file *, struct poll_table_struct *); + int (*hangup)(struct tty_struct *tty); /* * The following routines are called from below. @@ -129,6 +137,7 @@ struct tty_ldisc { char *fp, int count); int (*receive_room)(struct tty_struct *); void (*write_wakeup)(struct tty_struct *); + int refcount; }; #define TTY_LDISC_MAGIC 0x5403 diff -urNp linux-2.4.28/kernel/ksyms.c linux-2.4.28-new/kernel/ksyms.c --- linux-2.4.28/kernel/ksyms.c 2005-01-07 11:33:20 -0500 +++ linux-2.4.28-new/kernel/ksyms.c 2005-01-07 11:34:09 -0500 @@ -90,6 +90,7 @@ EXPORT_SYMBOL(do_mmap_pgoff); EXPORT_SYMBOL(__do_mmap_pgoff); EXPORT_SYMBOL(do_munmap); EXPORT_SYMBOL(do_brk); +EXPORT_SYMBOL(do_brk_locked); EXPORT_SYMBOL(exit_mm); EXPORT_SYMBOL(exit_files); EXPORT_SYMBOL(exit_fs); diff -urNp linux-2.4.28/mm/mmap.c linux-2.4.28-new/mm/mmap.c --- linux-2.4.28/mm/mmap.c 2005-01-07 11:33:20 -0500 +++ linux-2.4.28-new/mm/mmap.c 2005-01-07 11:34:09 -0500 @@ -1401,6 +1401,21 @@ out: return addr; } +/* locking version of do_brk. */ +unsigned long do_brk_locked(unsigned long addr, unsigned long len) +{ + unsigned long ret; + + down_write(¤t->mm->mmap_sem); + ret = do_brk(addr, len); + up_write(¤t->mm->mmap_sem); + + return ret; +} + + + + /* Build the RB tree corresponding to the VMA list. */ void build_mmap_rb(struct mm_struct * mm) { @@ -1478,14 +1493,15 @@ void __insert_vm_struct(struct mm_struct validate_mm(mm); } -void insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma) +int insert_vm_struct(struct mm_struct * mm, struct vm_area_struct * vma) { struct vm_area_struct * __vma, * prev; rb_node_t ** rb_link, * rb_parent; __vma = find_vma_prepare(mm, vma->vm_start, &prev, &rb_link, &rb_parent); if (__vma && __vma->vm_start < vma->vm_end) - BUG(); + return -ENOMEM; vma_link(mm, vma, prev, rb_link, rb_parent); validate_mm(mm); + return 0; } diff -urNp linux-2.4.28/net/bluetooth/rfcomm/tty.c linux-2.4.28-new/net/bluetooth/rfcomm/tty.c --- linux-2.4.28/net/bluetooth/rfcomm/tty.c 2004-08-07 19:26:06 -0400 +++ linux-2.4.28-new/net/bluetooth/rfcomm/tty.c 2005-01-07 11:34:09 -0500 @@ -532,10 +532,8 @@ static void rfcomm_tty_wakeup(unsigned l BT_DBG("dev %p tty %p", dev, tty); - if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags) && tty->ldisc.write_wakeup) - (tty->ldisc.write_wakeup)(tty); + tty_wakeup(tty); - wake_up_interruptible(&tty->write_wait); #ifdef SERIAL_HAVE_POLL_WAIT wake_up_interruptible(&tty->poll_wait); #endif @@ -853,8 +851,7 @@ static void rfcomm_tty_flush_buffer(stru skb_queue_purge(&dev->dlc->tx_queue); - if (test_bit(TTY_DO_WRITE_WAKEUP, &tty->flags) && tty->ldisc.write_wakeup) - tty->ldisc.write_wakeup(tty); + tty_wakeup(tty); } static void rfcomm_tty_send_xchar(struct tty_struct *tty, char ch) diff -urNp linux-2.4.28/net/core/scm.c linux-2.4.28-new/net/core/scm.c --- linux-2.4.28/net/core/scm.c 2001-12-21 12:42:05 -0500 +++ linux-2.4.28-new/net/core/scm.c 2005-01-07 11:34:09 -0500 @@ -124,9 +124,7 @@ int __scm_send(struct socket *sock, stru for too short ancillary data object at all! Oops. OK, let's add it... */ - if (cmsg->cmsg_len < sizeof(struct cmsghdr) || - (unsigned long)(((char*)cmsg - (char*)msg->msg_control) - + cmsg->cmsg_len) > msg->msg_controllen) + if (!CMSG_OK(msg, cmsg)) goto error; if (cmsg->cmsg_level != SOL_SOCKET) diff -urNp linux-2.4.28/net/ipv4/igmp.c linux-2.4.28-new/net/ipv4/igmp.c --- linux-2.4.28/net/ipv4/igmp.c 2004-08-07 19:26:06 -0400 +++ linux-2.4.28-new/net/ipv4/igmp.c 2005-01-07 11:34:09 -0500 @@ -1757,12 +1757,12 @@ int ip_mc_source(int add, int omode, str goto done; rv = !0; for (i=0; isl_count; i++) { - rv = memcmp(&psl->sl_addr, &mreqs->imr_multiaddr, + rv = memcmp(&psl->sl_addr[i], &mreqs->imr_sourceaddr, sizeof(__u32)); - if (rv >= 0) + if (rv == 0) break; } - if (!rv) /* source not found */ + if (rv) /* source not found */ goto done; /* update the interface filter */ @@ -1804,9 +1804,9 @@ int ip_mc_source(int add, int omode, str } rv = 1; /* > 0 for insert logic below if sl_count is 0 */ for (i=0; isl_count; i++) { - rv = memcmp(&psl->sl_addr, &mreqs->imr_multiaddr, + rv = memcmp(&psl->sl_addr[i], &mreqs->imr_sourceaddr, sizeof(__u32)); - if (rv >= 0) + if (rv == 0) break; } if (rv == 0) /* address already there is an error */ diff -urNp linux-2.4.28/net/ipv4/ip_options.c linux-2.4.28-new/net/ipv4/ip_options.c --- linux-2.4.28/net/ipv4/ip_options.c 2002-11-28 18:53:15 -0500 +++ linux-2.4.28-new/net/ipv4/ip_options.c 2005-01-07 11:34:09 -0500 @@ -514,6 +514,8 @@ int ip_options_get(struct ip_options **o kfree(opt); return -EINVAL; } + if (*optp) + kfree(*optp); *optp = opt; return 0; } diff -urNp linux-2.4.28/net/ipv4/ip_sockglue.c linux-2.4.28-new/net/ipv4/ip_sockglue.c --- linux-2.4.28/net/ipv4/ip_sockglue.c 2004-08-07 19:26:06 -0400 +++ linux-2.4.28-new/net/ipv4/ip_sockglue.c 2005-01-07 11:34:09 -0500 @@ -143,11 +143,8 @@ int ip_cmsg_send(struct msghdr *msg, str struct cmsghdr *cmsg; for (cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg)) { - if (cmsg->cmsg_len < sizeof(struct cmsghdr) || - (unsigned long)(((char*)cmsg - (char*)msg->msg_control) - + cmsg->cmsg_len) > msg->msg_controllen) { + if (!CMSG_OK(msg, cmsg)) return -EINVAL; - } if (cmsg->cmsg_level != SOL_IP) continue; switch (cmsg->cmsg_type) { diff -urNp linux-2.4.28/net/ipv6/datagram.c linux-2.4.28-new/net/ipv6/datagram.c --- linux-2.4.28/net/ipv6/datagram.c 2004-11-17 06:54:22 -0500 +++ linux-2.4.28-new/net/ipv6/datagram.c 2005-01-07 11:34:09 -0500 @@ -260,9 +260,7 @@ int datagram_send_ctl(struct msghdr *msg for (cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg)) { - if (cmsg->cmsg_len < sizeof(struct cmsghdr) || - (unsigned long)(((char*)cmsg - (char*)msg->msg_control) - + cmsg->cmsg_len) > msg->msg_controllen) { + if (!CMSG_OK(msg, cmsg)) { err = -EINVAL; goto exit_f; } diff -urNp linux-2.4.28/net/ipv6/mcast.c linux-2.4.28-new/net/ipv6/mcast.c --- linux-2.4.28/net/ipv6/mcast.c 2004-11-17 06:54:22 -0500 +++ linux-2.4.28-new/net/ipv6/mcast.c 2005-01-07 11:34:09 -0500 @@ -386,12 +386,12 @@ int ip6_mc_source(int add, int omode, st goto done; rv = !0; for (i=0; isl_count; i++) { - rv = memcmp(&psl->sl_addr, group, + rv = memcmp(&psl->sl_addr[i], source, sizeof(struct in6_addr)); - if (rv >= 0) + if (rv == 0) break; } - if (!rv) /* source not found */ + if (rv) /* source not found */ goto done; /* update the interface filter */ @@ -432,8 +432,8 @@ int ip6_mc_source(int add, int omode, st } rv = 1; /* > 0 for insert logic below if sl_count is 0 */ for (i=0; isl_count; i++) { - rv = memcmp(&psl->sl_addr, group, sizeof(struct in6_addr)); - if (rv >= 0) + rv = memcmp(&psl->sl_addr[i], source, sizeof(struct in6_addr)); + if (rv == 0) break; } if (rv == 0) /* address already there is an error */ diff -urNp linux-2.4.28/net/irda/ircomm/ircomm_tty.c linux-2.4.28-new/net/irda/ircomm/ircomm_tty.c --- linux-2.4.28/net/irda/ircomm/ircomm_tty.c 2003-08-25 07:44:44 -0400 +++ linux-2.4.28-new/net/irda/ircomm/ircomm_tty.c 2005-01-07 11:34:09 -0500 @@ -566,8 +566,7 @@ static void ircomm_tty_close(struct tty_ if (tty->driver.flush_buffer) tty->driver.flush_buffer(tty); - if (tty->ldisc.flush_buffer) - tty->ldisc.flush_buffer(tty); + tty_ldisc_flush(tty); tty->closing = 0; self->tty = 0; @@ -662,12 +661,7 @@ static void ircomm_tty_do_softint(void * ircomm_tty_do_event(self, IRCOMM_TTY_DATA_REQUEST, skb, NULL); /* Check if user (still) wants to be waken up */ - if ((tty->flags & (1 << TTY_DO_WRITE_WAKEUP)) && - tty->ldisc.write_wakeup) - { - (tty->ldisc.write_wakeup)(tty); - } - wake_up_interruptible(&tty->write_wait); + tty_wakeup(tty); } /* diff -urNp linux-2.4.28/net/sctp/socket.c linux-2.4.28-new/net/sctp/socket.c --- linux-2.4.28/net/sctp/socket.c 2004-11-17 06:54:22 -0500 +++ linux-2.4.28-new/net/sctp/socket.c 2005-01-07 11:34:09 -0500 @@ -4090,12 +4090,8 @@ SCTP_STATIC int sctp_msghdr_parse(const for (cmsg = CMSG_FIRSTHDR(msg); cmsg != NULL; cmsg = CMSG_NXTHDR((struct msghdr*)msg, cmsg)) { - /* Check for minimum length. The SCM code has this check. */ - if (cmsg->cmsg_len < sizeof(struct cmsghdr) || - (unsigned long)(((char*)cmsg - (char*)msg->msg_control) - + cmsg->cmsg_len) > msg->msg_controllen) { + if (!CMSG_OK(msg, cmsg)) return -EINVAL; - } /* Should we parse this header or ignore? */ if (cmsg->cmsg_level != IPPROTO_SCTP)