Loading...
1// SPDX-License-Identifier: GPL-1.0+
2/*
3 * n_tty.c --- implements the N_TTY line discipline.
4 *
5 * This code used to be in tty_io.c, but things are getting hairy
6 * enough that it made sense to split things off. (The N_TTY
7 * processing has changed so much that it's hardly recognizable,
8 * anyway...)
9 *
10 * Note that the open routine for N_TTY is guaranteed never to return
11 * an error. This is because Linux will fall back to setting a line
12 * to N_TTY if it can not switch to any other line discipline.
13 *
14 * Written by Theodore Ts'o, Copyright 1994.
15 *
16 * This file also contains code originally written by Linus Torvalds,
17 * Copyright 1991, 1992, 1993, and by Julian Cowley, Copyright 1994.
18 *
19 * Reduced memory usage for older ARM systems - Russell King.
20 *
21 * 2000/01/20 Fixed SMP locking on put_tty_queue using bits of
22 * the patch by Andrew J. Kroll <ag784@freenet.buffalo.edu>
23 * who actually finally proved there really was a race.
24 *
25 * 2002/03/18 Implemented n_tty_wakeup to send SIGIO POLL_OUTs to
26 * waiting writing processes-Sapan Bhatia <sapan@corewars.org>.
27 * Also fixed a bug in BLOCKING mode where n_tty_write returns
28 * EAGAIN
29 */
30
31#include <linux/types.h>
32#include <linux/major.h>
33#include <linux/errno.h>
34#include <linux/signal.h>
35#include <linux/fcntl.h>
36#include <linux/sched.h>
37#include <linux/interrupt.h>
38#include <linux/tty.h>
39#include <linux/timer.h>
40#include <linux/ctype.h>
41#include <linux/mm.h>
42#include <linux/string.h>
43#include <linux/slab.h>
44#include <linux/poll.h>
45#include <linux/bitops.h>
46#include <linux/audit.h>
47#include <linux/file.h>
48#include <linux/uaccess.h>
49#include <linux/module.h>
50#include <linux/ratelimit.h>
51#include <linux/vmalloc.h>
52
53/*
54 * Until this number of characters is queued in the xmit buffer, select will
55 * return "we have room for writes".
56 */
57#define WAKEUP_CHARS 256
58
59/*
60 * This defines the low- and high-watermarks for throttling and
61 * unthrottling the TTY driver. These watermarks are used for
62 * controlling the space in the read buffer.
63 */
64#define TTY_THRESHOLD_THROTTLE 128 /* now based on remaining room */
65#define TTY_THRESHOLD_UNTHROTTLE 128
66
67/*
68 * Special byte codes used in the echo buffer to represent operations
69 * or special handling of characters. Bytes in the echo buffer that
70 * are not part of such special blocks are treated as normal character
71 * codes.
72 */
73#define ECHO_OP_START 0xff
74#define ECHO_OP_MOVE_BACK_COL 0x80
75#define ECHO_OP_SET_CANON_COL 0x81
76#define ECHO_OP_ERASE_TAB 0x82
77
78#define ECHO_COMMIT_WATERMARK 256
79#define ECHO_BLOCK 256
80#define ECHO_DISCARD_WATERMARK N_TTY_BUF_SIZE - (ECHO_BLOCK + 32)
81
82
83#undef N_TTY_TRACE
84#ifdef N_TTY_TRACE
85# define n_tty_trace(f, args...) trace_printk(f, ##args)
86#else
87# define n_tty_trace(f, args...) no_printk(f, ##args)
88#endif
89
90struct n_tty_data {
91 /* producer-published */
92 size_t read_head;
93 size_t commit_head;
94 size_t canon_head;
95 size_t echo_head;
96 size_t echo_commit;
97 size_t echo_mark;
98 DECLARE_BITMAP(char_map, 256);
99
100 /* private to n_tty_receive_overrun (single-threaded) */
101 unsigned long overrun_time;
102 int num_overrun;
103
104 /* non-atomic */
105 bool no_room;
106
107 /* must hold exclusive termios_rwsem to reset these */
108 unsigned char lnext:1, erasing:1, raw:1, real_raw:1, icanon:1;
109 unsigned char push:1;
110
111 /* shared by producer and consumer */
112 char read_buf[N_TTY_BUF_SIZE];
113 DECLARE_BITMAP(read_flags, N_TTY_BUF_SIZE);
114 unsigned char echo_buf[N_TTY_BUF_SIZE];
115
116 /* consumer-published */
117 size_t read_tail;
118 size_t line_start;
119
120 /* protected by output lock */
121 unsigned int column;
122 unsigned int canon_column;
123 size_t echo_tail;
124
125 struct mutex atomic_read_lock;
126 struct mutex output_lock;
127};
128
129#define MASK(x) ((x) & (N_TTY_BUF_SIZE - 1))
130
131static inline size_t read_cnt(struct n_tty_data *ldata)
132{
133 return ldata->read_head - ldata->read_tail;
134}
135
136static inline unsigned char read_buf(struct n_tty_data *ldata, size_t i)
137{
138 return ldata->read_buf[i & (N_TTY_BUF_SIZE - 1)];
139}
140
141static inline unsigned char *read_buf_addr(struct n_tty_data *ldata, size_t i)
142{
143 return &ldata->read_buf[i & (N_TTY_BUF_SIZE - 1)];
144}
145
146static inline unsigned char echo_buf(struct n_tty_data *ldata, size_t i)
147{
148 smp_rmb(); /* Matches smp_wmb() in add_echo_byte(). */
149 return ldata->echo_buf[i & (N_TTY_BUF_SIZE - 1)];
150}
151
152static inline unsigned char *echo_buf_addr(struct n_tty_data *ldata, size_t i)
153{
154 return &ldata->echo_buf[i & (N_TTY_BUF_SIZE - 1)];
155}
156
157/* If we are not echoing the data, perhaps this is a secret so erase it */
158static void zero_buffer(struct tty_struct *tty, u8 *buffer, int size)
159{
160 bool icanon = !!L_ICANON(tty);
161 bool no_echo = !L_ECHO(tty);
162
163 if (icanon && no_echo)
164 memset(buffer, 0x00, size);
165}
166
167static int tty_copy_to_user(struct tty_struct *tty, void __user *to,
168 size_t tail, size_t n)
169{
170 struct n_tty_data *ldata = tty->disc_data;
171 size_t size = N_TTY_BUF_SIZE - tail;
172 void *from = read_buf_addr(ldata, tail);
173 int uncopied;
174
175 if (n > size) {
176 tty_audit_add_data(tty, from, size);
177 uncopied = copy_to_user(to, from, size);
178 zero_buffer(tty, from, size - uncopied);
179 if (uncopied)
180 return uncopied;
181 to += size;
182 n -= size;
183 from = ldata->read_buf;
184 }
185
186 tty_audit_add_data(tty, from, n);
187 uncopied = copy_to_user(to, from, n);
188 zero_buffer(tty, from, n - uncopied);
189 return uncopied;
190}
191
192/**
193 * n_tty_kick_worker - start input worker (if required)
194 * @tty: terminal
195 *
196 * Re-schedules the flip buffer work if it may have stopped
197 *
198 * Caller holds exclusive termios_rwsem
199 * or
200 * n_tty_read()/consumer path:
201 * holds non-exclusive termios_rwsem
202 */
203
204static void n_tty_kick_worker(struct tty_struct *tty)
205{
206 struct n_tty_data *ldata = tty->disc_data;
207
208 /* Did the input worker stop? Restart it */
209 if (unlikely(ldata->no_room)) {
210 ldata->no_room = 0;
211
212 WARN_RATELIMIT(tty->port->itty == NULL,
213 "scheduling with invalid itty\n");
214 /* see if ldisc has been killed - if so, this means that
215 * even though the ldisc has been halted and ->buf.work
216 * cancelled, ->buf.work is about to be rescheduled
217 */
218 WARN_RATELIMIT(test_bit(TTY_LDISC_HALTED, &tty->flags),
219 "scheduling buffer work for halted ldisc\n");
220 tty_buffer_restart_work(tty->port);
221 }
222}
223
224static ssize_t chars_in_buffer(struct tty_struct *tty)
225{
226 struct n_tty_data *ldata = tty->disc_data;
227 ssize_t n = 0;
228
229 if (!ldata->icanon)
230 n = ldata->commit_head - ldata->read_tail;
231 else
232 n = ldata->canon_head - ldata->read_tail;
233 return n;
234}
235
236/**
237 * n_tty_write_wakeup - asynchronous I/O notifier
238 * @tty: tty device
239 *
240 * Required for the ptys, serial driver etc. since processes
241 * that attach themselves to the master and rely on ASYNC
242 * IO must be woken up
243 */
244
245static void n_tty_write_wakeup(struct tty_struct *tty)
246{
247 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
248 kill_fasync(&tty->fasync, SIGIO, POLL_OUT);
249}
250
251static void n_tty_check_throttle(struct tty_struct *tty)
252{
253 struct n_tty_data *ldata = tty->disc_data;
254
255 /*
256 * Check the remaining room for the input canonicalization
257 * mode. We don't want to throttle the driver if we're in
258 * canonical mode and don't have a newline yet!
259 */
260 if (ldata->icanon && ldata->canon_head == ldata->read_tail)
261 return;
262
263 while (1) {
264 int throttled;
265 tty_set_flow_change(tty, TTY_THROTTLE_SAFE);
266 if (N_TTY_BUF_SIZE - read_cnt(ldata) >= TTY_THRESHOLD_THROTTLE)
267 break;
268 throttled = tty_throttle_safe(tty);
269 if (!throttled)
270 break;
271 }
272 __tty_set_flow_change(tty, 0);
273}
274
275static void n_tty_check_unthrottle(struct tty_struct *tty)
276{
277 if (tty->driver->type == TTY_DRIVER_TYPE_PTY) {
278 if (chars_in_buffer(tty) > TTY_THRESHOLD_UNTHROTTLE)
279 return;
280 n_tty_kick_worker(tty);
281 tty_wakeup(tty->link);
282 return;
283 }
284
285 /* If there is enough space in the read buffer now, let the
286 * low-level driver know. We use chars_in_buffer() to
287 * check the buffer, as it now knows about canonical mode.
288 * Otherwise, if the driver is throttled and the line is
289 * longer than TTY_THRESHOLD_UNTHROTTLE in canonical mode,
290 * we won't get any more characters.
291 */
292
293 while (1) {
294 int unthrottled;
295 tty_set_flow_change(tty, TTY_UNTHROTTLE_SAFE);
296 if (chars_in_buffer(tty) > TTY_THRESHOLD_UNTHROTTLE)
297 break;
298 n_tty_kick_worker(tty);
299 unthrottled = tty_unthrottle_safe(tty);
300 if (!unthrottled)
301 break;
302 }
303 __tty_set_flow_change(tty, 0);
304}
305
306/**
307 * put_tty_queue - add character to tty
308 * @c: character
309 * @ldata: n_tty data
310 *
311 * Add a character to the tty read_buf queue.
312 *
313 * n_tty_receive_buf()/producer path:
314 * caller holds non-exclusive termios_rwsem
315 */
316
317static inline void put_tty_queue(unsigned char c, struct n_tty_data *ldata)
318{
319 *read_buf_addr(ldata, ldata->read_head) = c;
320 ldata->read_head++;
321}
322
323/**
324 * reset_buffer_flags - reset buffer state
325 * @tty: terminal to reset
326 *
327 * Reset the read buffer counters and clear the flags.
328 * Called from n_tty_open() and n_tty_flush_buffer().
329 *
330 * Locking: caller holds exclusive termios_rwsem
331 * (or locking is not required)
332 */
333
334static void reset_buffer_flags(struct n_tty_data *ldata)
335{
336 ldata->read_head = ldata->canon_head = ldata->read_tail = 0;
337 ldata->commit_head = 0;
338 ldata->line_start = 0;
339
340 ldata->erasing = 0;
341 bitmap_zero(ldata->read_flags, N_TTY_BUF_SIZE);
342 ldata->push = 0;
343}
344
345static void n_tty_packet_mode_flush(struct tty_struct *tty)
346{
347 unsigned long flags;
348
349 if (tty->link->packet) {
350 spin_lock_irqsave(&tty->ctrl_lock, flags);
351 tty->ctrl_status |= TIOCPKT_FLUSHREAD;
352 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
353 wake_up_interruptible(&tty->link->read_wait);
354 }
355}
356
357/**
358 * n_tty_flush_buffer - clean input queue
359 * @tty: terminal device
360 *
361 * Flush the input buffer. Called when the tty layer wants the
362 * buffer flushed (eg at hangup) or when the N_TTY line discipline
363 * internally has to clean the pending queue (for example some signals).
364 *
365 * Holds termios_rwsem to exclude producer/consumer while
366 * buffer indices are reset.
367 *
368 * Locking: ctrl_lock, exclusive termios_rwsem
369 */
370
371static void n_tty_flush_buffer(struct tty_struct *tty)
372{
373 down_write(&tty->termios_rwsem);
374 reset_buffer_flags(tty->disc_data);
375 n_tty_kick_worker(tty);
376
377 if (tty->link)
378 n_tty_packet_mode_flush(tty);
379 up_write(&tty->termios_rwsem);
380}
381
382/**
383 * is_utf8_continuation - utf8 multibyte check
384 * @c: byte to check
385 *
386 * Returns true if the utf8 character 'c' is a multibyte continuation
387 * character. We use this to correctly compute the on screen size
388 * of the character when printing
389 */
390
391static inline int is_utf8_continuation(unsigned char c)
392{
393 return (c & 0xc0) == 0x80;
394}
395
396/**
397 * is_continuation - multibyte check
398 * @c: byte to check
399 *
400 * Returns true if the utf8 character 'c' is a multibyte continuation
401 * character and the terminal is in unicode mode.
402 */
403
404static inline int is_continuation(unsigned char c, struct tty_struct *tty)
405{
406 return I_IUTF8(tty) && is_utf8_continuation(c);
407}
408
409/**
410 * do_output_char - output one character
411 * @c: character (or partial unicode symbol)
412 * @tty: terminal device
413 * @space: space available in tty driver write buffer
414 *
415 * This is a helper function that handles one output character
416 * (including special characters like TAB, CR, LF, etc.),
417 * doing OPOST processing and putting the results in the
418 * tty driver's write buffer.
419 *
420 * Note that Linux currently ignores TABDLY, CRDLY, VTDLY, FFDLY
421 * and NLDLY. They simply aren't relevant in the world today.
422 * If you ever need them, add them here.
423 *
424 * Returns the number of bytes of buffer space used or -1 if
425 * no space left.
426 *
427 * Locking: should be called under the output_lock to protect
428 * the column state and space left in the buffer
429 */
430
431static int do_output_char(unsigned char c, struct tty_struct *tty, int space)
432{
433 struct n_tty_data *ldata = tty->disc_data;
434 int spaces;
435
436 if (!space)
437 return -1;
438
439 switch (c) {
440 case '\n':
441 if (O_ONLRET(tty))
442 ldata->column = 0;
443 if (O_ONLCR(tty)) {
444 if (space < 2)
445 return -1;
446 ldata->canon_column = ldata->column = 0;
447 tty->ops->write(tty, "\r\n", 2);
448 return 2;
449 }
450 ldata->canon_column = ldata->column;
451 break;
452 case '\r':
453 if (O_ONOCR(tty) && ldata->column == 0)
454 return 0;
455 if (O_OCRNL(tty)) {
456 c = '\n';
457 if (O_ONLRET(tty))
458 ldata->canon_column = ldata->column = 0;
459 break;
460 }
461 ldata->canon_column = ldata->column = 0;
462 break;
463 case '\t':
464 spaces = 8 - (ldata->column & 7);
465 if (O_TABDLY(tty) == XTABS) {
466 if (space < spaces)
467 return -1;
468 ldata->column += spaces;
469 tty->ops->write(tty, " ", spaces);
470 return spaces;
471 }
472 ldata->column += spaces;
473 break;
474 case '\b':
475 if (ldata->column > 0)
476 ldata->column--;
477 break;
478 default:
479 if (!iscntrl(c)) {
480 if (O_OLCUC(tty))
481 c = toupper(c);
482 if (!is_continuation(c, tty))
483 ldata->column++;
484 }
485 break;
486 }
487
488 tty_put_char(tty, c);
489 return 1;
490}
491
492/**
493 * process_output - output post processor
494 * @c: character (or partial unicode symbol)
495 * @tty: terminal device
496 *
497 * Output one character with OPOST processing.
498 * Returns -1 when the output device is full and the character
499 * must be retried.
500 *
501 * Locking: output_lock to protect column state and space left
502 * (also, this is called from n_tty_write under the
503 * tty layer write lock)
504 */
505
506static int process_output(unsigned char c, struct tty_struct *tty)
507{
508 struct n_tty_data *ldata = tty->disc_data;
509 int space, retval;
510
511 mutex_lock(&ldata->output_lock);
512
513 space = tty_write_room(tty);
514 retval = do_output_char(c, tty, space);
515
516 mutex_unlock(&ldata->output_lock);
517 if (retval < 0)
518 return -1;
519 else
520 return 0;
521}
522
523/**
524 * process_output_block - block post processor
525 * @tty: terminal device
526 * @buf: character buffer
527 * @nr: number of bytes to output
528 *
529 * Output a block of characters with OPOST processing.
530 * Returns the number of characters output.
531 *
532 * This path is used to speed up block console writes, among other
533 * things when processing blocks of output data. It handles only
534 * the simple cases normally found and helps to generate blocks of
535 * symbols for the console driver and thus improve performance.
536 *
537 * Locking: output_lock to protect column state and space left
538 * (also, this is called from n_tty_write under the
539 * tty layer write lock)
540 */
541
542static ssize_t process_output_block(struct tty_struct *tty,
543 const unsigned char *buf, unsigned int nr)
544{
545 struct n_tty_data *ldata = tty->disc_data;
546 int space;
547 int i;
548 const unsigned char *cp;
549
550 mutex_lock(&ldata->output_lock);
551
552 space = tty_write_room(tty);
553 if (space <= 0) {
554 mutex_unlock(&ldata->output_lock);
555 return space;
556 }
557 if (nr > space)
558 nr = space;
559
560 for (i = 0, cp = buf; i < nr; i++, cp++) {
561 unsigned char c = *cp;
562
563 switch (c) {
564 case '\n':
565 if (O_ONLRET(tty))
566 ldata->column = 0;
567 if (O_ONLCR(tty))
568 goto break_out;
569 ldata->canon_column = ldata->column;
570 break;
571 case '\r':
572 if (O_ONOCR(tty) && ldata->column == 0)
573 goto break_out;
574 if (O_OCRNL(tty))
575 goto break_out;
576 ldata->canon_column = ldata->column = 0;
577 break;
578 case '\t':
579 goto break_out;
580 case '\b':
581 if (ldata->column > 0)
582 ldata->column--;
583 break;
584 default:
585 if (!iscntrl(c)) {
586 if (O_OLCUC(tty))
587 goto break_out;
588 if (!is_continuation(c, tty))
589 ldata->column++;
590 }
591 break;
592 }
593 }
594break_out:
595 i = tty->ops->write(tty, buf, i);
596
597 mutex_unlock(&ldata->output_lock);
598 return i;
599}
600
601/**
602 * process_echoes - write pending echo characters
603 * @tty: terminal device
604 *
605 * Write previously buffered echo (and other ldisc-generated)
606 * characters to the tty.
607 *
608 * Characters generated by the ldisc (including echoes) need to
609 * be buffered because the driver's write buffer can fill during
610 * heavy program output. Echoing straight to the driver will
611 * often fail under these conditions, causing lost characters and
612 * resulting mismatches of ldisc state information.
613 *
614 * Since the ldisc state must represent the characters actually sent
615 * to the driver at the time of the write, operations like certain
616 * changes in column state are also saved in the buffer and executed
617 * here.
618 *
619 * A circular fifo buffer is used so that the most recent characters
620 * are prioritized. Also, when control characters are echoed with a
621 * prefixed "^", the pair is treated atomically and thus not separated.
622 *
623 * Locking: callers must hold output_lock
624 */
625
626static size_t __process_echoes(struct tty_struct *tty)
627{
628 struct n_tty_data *ldata = tty->disc_data;
629 int space, old_space;
630 size_t tail;
631 unsigned char c;
632
633 old_space = space = tty_write_room(tty);
634
635 tail = ldata->echo_tail;
636 while (MASK(ldata->echo_commit) != MASK(tail)) {
637 c = echo_buf(ldata, tail);
638 if (c == ECHO_OP_START) {
639 unsigned char op;
640 int no_space_left = 0;
641
642 /*
643 * Since add_echo_byte() is called without holding
644 * output_lock, we might see only portion of multi-byte
645 * operation.
646 */
647 if (MASK(ldata->echo_commit) == MASK(tail + 1))
648 goto not_yet_stored;
649 /*
650 * If the buffer byte is the start of a multi-byte
651 * operation, get the next byte, which is either the
652 * op code or a control character value.
653 */
654 op = echo_buf(ldata, tail + 1);
655
656 switch (op) {
657 case ECHO_OP_ERASE_TAB: {
658 unsigned int num_chars, num_bs;
659
660 if (MASK(ldata->echo_commit) == MASK(tail + 2))
661 goto not_yet_stored;
662 num_chars = echo_buf(ldata, tail + 2);
663
664 /*
665 * Determine how many columns to go back
666 * in order to erase the tab.
667 * This depends on the number of columns
668 * used by other characters within the tab
669 * area. If this (modulo 8) count is from
670 * the start of input rather than from a
671 * previous tab, we offset by canon column.
672 * Otherwise, tab spacing is normal.
673 */
674 if (!(num_chars & 0x80))
675 num_chars += ldata->canon_column;
676 num_bs = 8 - (num_chars & 7);
677
678 if (num_bs > space) {
679 no_space_left = 1;
680 break;
681 }
682 space -= num_bs;
683 while (num_bs--) {
684 tty_put_char(tty, '\b');
685 if (ldata->column > 0)
686 ldata->column--;
687 }
688 tail += 3;
689 break;
690 }
691 case ECHO_OP_SET_CANON_COL:
692 ldata->canon_column = ldata->column;
693 tail += 2;
694 break;
695
696 case ECHO_OP_MOVE_BACK_COL:
697 if (ldata->column > 0)
698 ldata->column--;
699 tail += 2;
700 break;
701
702 case ECHO_OP_START:
703 /* This is an escaped echo op start code */
704 if (!space) {
705 no_space_left = 1;
706 break;
707 }
708 tty_put_char(tty, ECHO_OP_START);
709 ldata->column++;
710 space--;
711 tail += 2;
712 break;
713
714 default:
715 /*
716 * If the op is not a special byte code,
717 * it is a ctrl char tagged to be echoed
718 * as "^X" (where X is the letter
719 * representing the control char).
720 * Note that we must ensure there is
721 * enough space for the whole ctrl pair.
722 *
723 */
724 if (space < 2) {
725 no_space_left = 1;
726 break;
727 }
728 tty_put_char(tty, '^');
729 tty_put_char(tty, op ^ 0100);
730 ldata->column += 2;
731 space -= 2;
732 tail += 2;
733 }
734
735 if (no_space_left)
736 break;
737 } else {
738 if (O_OPOST(tty)) {
739 int retval = do_output_char(c, tty, space);
740 if (retval < 0)
741 break;
742 space -= retval;
743 } else {
744 if (!space)
745 break;
746 tty_put_char(tty, c);
747 space -= 1;
748 }
749 tail += 1;
750 }
751 }
752
753 /* If the echo buffer is nearly full (so that the possibility exists
754 * of echo overrun before the next commit), then discard enough
755 * data at the tail to prevent a subsequent overrun */
756 while (ldata->echo_commit > tail &&
757 ldata->echo_commit - tail >= ECHO_DISCARD_WATERMARK) {
758 if (echo_buf(ldata, tail) == ECHO_OP_START) {
759 if (echo_buf(ldata, tail + 1) == ECHO_OP_ERASE_TAB)
760 tail += 3;
761 else
762 tail += 2;
763 } else
764 tail++;
765 }
766
767 not_yet_stored:
768 ldata->echo_tail = tail;
769 return old_space - space;
770}
771
772static void commit_echoes(struct tty_struct *tty)
773{
774 struct n_tty_data *ldata = tty->disc_data;
775 size_t nr, old, echoed;
776 size_t head;
777
778 mutex_lock(&ldata->output_lock);
779 head = ldata->echo_head;
780 ldata->echo_mark = head;
781 old = ldata->echo_commit - ldata->echo_tail;
782
783 /* Process committed echoes if the accumulated # of bytes
784 * is over the threshold (and try again each time another
785 * block is accumulated) */
786 nr = head - ldata->echo_tail;
787 if (nr < ECHO_COMMIT_WATERMARK ||
788 (nr % ECHO_BLOCK > old % ECHO_BLOCK)) {
789 mutex_unlock(&ldata->output_lock);
790 return;
791 }
792
793 ldata->echo_commit = head;
794 echoed = __process_echoes(tty);
795 mutex_unlock(&ldata->output_lock);
796
797 if (echoed && tty->ops->flush_chars)
798 tty->ops->flush_chars(tty);
799}
800
801static void process_echoes(struct tty_struct *tty)
802{
803 struct n_tty_data *ldata = tty->disc_data;
804 size_t echoed;
805
806 if (ldata->echo_mark == ldata->echo_tail)
807 return;
808
809 mutex_lock(&ldata->output_lock);
810 ldata->echo_commit = ldata->echo_mark;
811 echoed = __process_echoes(tty);
812 mutex_unlock(&ldata->output_lock);
813
814 if (echoed && tty->ops->flush_chars)
815 tty->ops->flush_chars(tty);
816}
817
818/* NB: echo_mark and echo_head should be equivalent here */
819static void flush_echoes(struct tty_struct *tty)
820{
821 struct n_tty_data *ldata = tty->disc_data;
822
823 if ((!L_ECHO(tty) && !L_ECHONL(tty)) ||
824 ldata->echo_commit == ldata->echo_head)
825 return;
826
827 mutex_lock(&ldata->output_lock);
828 ldata->echo_commit = ldata->echo_head;
829 __process_echoes(tty);
830 mutex_unlock(&ldata->output_lock);
831}
832
833/**
834 * add_echo_byte - add a byte to the echo buffer
835 * @c: unicode byte to echo
836 * @ldata: n_tty data
837 *
838 * Add a character or operation byte to the echo buffer.
839 */
840
841static inline void add_echo_byte(unsigned char c, struct n_tty_data *ldata)
842{
843 *echo_buf_addr(ldata, ldata->echo_head) = c;
844 smp_wmb(); /* Matches smp_rmb() in echo_buf(). */
845 ldata->echo_head++;
846}
847
848/**
849 * echo_move_back_col - add operation to move back a column
850 * @ldata: n_tty data
851 *
852 * Add an operation to the echo buffer to move back one column.
853 */
854
855static void echo_move_back_col(struct n_tty_data *ldata)
856{
857 add_echo_byte(ECHO_OP_START, ldata);
858 add_echo_byte(ECHO_OP_MOVE_BACK_COL, ldata);
859}
860
861/**
862 * echo_set_canon_col - add operation to set the canon column
863 * @ldata: n_tty data
864 *
865 * Add an operation to the echo buffer to set the canon column
866 * to the current column.
867 */
868
869static void echo_set_canon_col(struct n_tty_data *ldata)
870{
871 add_echo_byte(ECHO_OP_START, ldata);
872 add_echo_byte(ECHO_OP_SET_CANON_COL, ldata);
873}
874
875/**
876 * echo_erase_tab - add operation to erase a tab
877 * @num_chars: number of character columns already used
878 * @after_tab: true if num_chars starts after a previous tab
879 * @ldata: n_tty data
880 *
881 * Add an operation to the echo buffer to erase a tab.
882 *
883 * Called by the eraser function, which knows how many character
884 * columns have been used since either a previous tab or the start
885 * of input. This information will be used later, along with
886 * canon column (if applicable), to go back the correct number
887 * of columns.
888 */
889
890static void echo_erase_tab(unsigned int num_chars, int after_tab,
891 struct n_tty_data *ldata)
892{
893 add_echo_byte(ECHO_OP_START, ldata);
894 add_echo_byte(ECHO_OP_ERASE_TAB, ldata);
895
896 /* We only need to know this modulo 8 (tab spacing) */
897 num_chars &= 7;
898
899 /* Set the high bit as a flag if num_chars is after a previous tab */
900 if (after_tab)
901 num_chars |= 0x80;
902
903 add_echo_byte(num_chars, ldata);
904}
905
906/**
907 * echo_char_raw - echo a character raw
908 * @c: unicode byte to echo
909 * @tty: terminal device
910 *
911 * Echo user input back onto the screen. This must be called only when
912 * L_ECHO(tty) is true. Called from the driver receive_buf path.
913 *
914 * This variant does not treat control characters specially.
915 */
916
917static void echo_char_raw(unsigned char c, struct n_tty_data *ldata)
918{
919 if (c == ECHO_OP_START) {
920 add_echo_byte(ECHO_OP_START, ldata);
921 add_echo_byte(ECHO_OP_START, ldata);
922 } else {
923 add_echo_byte(c, ldata);
924 }
925}
926
927/**
928 * echo_char - echo a character
929 * @c: unicode byte to echo
930 * @tty: terminal device
931 *
932 * Echo user input back onto the screen. This must be called only when
933 * L_ECHO(tty) is true. Called from the driver receive_buf path.
934 *
935 * This variant tags control characters to be echoed as "^X"
936 * (where X is the letter representing the control char).
937 */
938
939static void echo_char(unsigned char c, struct tty_struct *tty)
940{
941 struct n_tty_data *ldata = tty->disc_data;
942
943 if (c == ECHO_OP_START) {
944 add_echo_byte(ECHO_OP_START, ldata);
945 add_echo_byte(ECHO_OP_START, ldata);
946 } else {
947 if (L_ECHOCTL(tty) && iscntrl(c) && c != '\t')
948 add_echo_byte(ECHO_OP_START, ldata);
949 add_echo_byte(c, ldata);
950 }
951}
952
953/**
954 * finish_erasing - complete erase
955 * @ldata: n_tty data
956 */
957
958static inline void finish_erasing(struct n_tty_data *ldata)
959{
960 if (ldata->erasing) {
961 echo_char_raw('/', ldata);
962 ldata->erasing = 0;
963 }
964}
965
966/**
967 * eraser - handle erase function
968 * @c: character input
969 * @tty: terminal device
970 *
971 * Perform erase and necessary output when an erase character is
972 * present in the stream from the driver layer. Handles the complexities
973 * of UTF-8 multibyte symbols.
974 *
975 * n_tty_receive_buf()/producer path:
976 * caller holds non-exclusive termios_rwsem
977 */
978
979static void eraser(unsigned char c, struct tty_struct *tty)
980{
981 struct n_tty_data *ldata = tty->disc_data;
982 enum { ERASE, WERASE, KILL } kill_type;
983 size_t head;
984 size_t cnt;
985 int seen_alnums;
986
987 if (ldata->read_head == ldata->canon_head) {
988 /* process_output('\a', tty); */ /* what do you think? */
989 return;
990 }
991 if (c == ERASE_CHAR(tty))
992 kill_type = ERASE;
993 else if (c == WERASE_CHAR(tty))
994 kill_type = WERASE;
995 else {
996 if (!L_ECHO(tty)) {
997 ldata->read_head = ldata->canon_head;
998 return;
999 }
1000 if (!L_ECHOK(tty) || !L_ECHOKE(tty) || !L_ECHOE(tty)) {
1001 ldata->read_head = ldata->canon_head;
1002 finish_erasing(ldata);
1003 echo_char(KILL_CHAR(tty), tty);
1004 /* Add a newline if ECHOK is on and ECHOKE is off. */
1005 if (L_ECHOK(tty))
1006 echo_char_raw('\n', ldata);
1007 return;
1008 }
1009 kill_type = KILL;
1010 }
1011
1012 seen_alnums = 0;
1013 while (MASK(ldata->read_head) != MASK(ldata->canon_head)) {
1014 head = ldata->read_head;
1015
1016 /* erase a single possibly multibyte character */
1017 do {
1018 head--;
1019 c = read_buf(ldata, head);
1020 } while (is_continuation(c, tty) &&
1021 MASK(head) != MASK(ldata->canon_head));
1022
1023 /* do not partially erase */
1024 if (is_continuation(c, tty))
1025 break;
1026
1027 if (kill_type == WERASE) {
1028 /* Equivalent to BSD's ALTWERASE. */
1029 if (isalnum(c) || c == '_')
1030 seen_alnums++;
1031 else if (seen_alnums)
1032 break;
1033 }
1034 cnt = ldata->read_head - head;
1035 ldata->read_head = head;
1036 if (L_ECHO(tty)) {
1037 if (L_ECHOPRT(tty)) {
1038 if (!ldata->erasing) {
1039 echo_char_raw('\\', ldata);
1040 ldata->erasing = 1;
1041 }
1042 /* if cnt > 1, output a multi-byte character */
1043 echo_char(c, tty);
1044 while (--cnt > 0) {
1045 head++;
1046 echo_char_raw(read_buf(ldata, head), ldata);
1047 echo_move_back_col(ldata);
1048 }
1049 } else if (kill_type == ERASE && !L_ECHOE(tty)) {
1050 echo_char(ERASE_CHAR(tty), tty);
1051 } else if (c == '\t') {
1052 unsigned int num_chars = 0;
1053 int after_tab = 0;
1054 size_t tail = ldata->read_head;
1055
1056 /*
1057 * Count the columns used for characters
1058 * since the start of input or after a
1059 * previous tab.
1060 * This info is used to go back the correct
1061 * number of columns.
1062 */
1063 while (MASK(tail) != MASK(ldata->canon_head)) {
1064 tail--;
1065 c = read_buf(ldata, tail);
1066 if (c == '\t') {
1067 after_tab = 1;
1068 break;
1069 } else if (iscntrl(c)) {
1070 if (L_ECHOCTL(tty))
1071 num_chars += 2;
1072 } else if (!is_continuation(c, tty)) {
1073 num_chars++;
1074 }
1075 }
1076 echo_erase_tab(num_chars, after_tab, ldata);
1077 } else {
1078 if (iscntrl(c) && L_ECHOCTL(tty)) {
1079 echo_char_raw('\b', ldata);
1080 echo_char_raw(' ', ldata);
1081 echo_char_raw('\b', ldata);
1082 }
1083 if (!iscntrl(c) || L_ECHOCTL(tty)) {
1084 echo_char_raw('\b', ldata);
1085 echo_char_raw(' ', ldata);
1086 echo_char_raw('\b', ldata);
1087 }
1088 }
1089 }
1090 if (kill_type == ERASE)
1091 break;
1092 }
1093 if (ldata->read_head == ldata->canon_head && L_ECHO(tty))
1094 finish_erasing(ldata);
1095}
1096
1097/**
1098 * isig - handle the ISIG optio
1099 * @sig: signal
1100 * @tty: terminal
1101 *
1102 * Called when a signal is being sent due to terminal input.
1103 * Called from the driver receive_buf path so serialized.
1104 *
1105 * Performs input and output flush if !NOFLSH. In this context, the echo
1106 * buffer is 'output'. The signal is processed first to alert any current
1107 * readers or writers to discontinue and exit their i/o loops.
1108 *
1109 * Locking: ctrl_lock
1110 */
1111
1112static void __isig(int sig, struct tty_struct *tty)
1113{
1114 struct pid *tty_pgrp = tty_get_pgrp(tty);
1115 if (tty_pgrp) {
1116 kill_pgrp(tty_pgrp, sig, 1);
1117 put_pid(tty_pgrp);
1118 }
1119}
1120
1121static void isig(int sig, struct tty_struct *tty)
1122{
1123 struct n_tty_data *ldata = tty->disc_data;
1124
1125 if (L_NOFLSH(tty)) {
1126 /* signal only */
1127 __isig(sig, tty);
1128
1129 } else { /* signal and flush */
1130 up_read(&tty->termios_rwsem);
1131 down_write(&tty->termios_rwsem);
1132
1133 __isig(sig, tty);
1134
1135 /* clear echo buffer */
1136 mutex_lock(&ldata->output_lock);
1137 ldata->echo_head = ldata->echo_tail = 0;
1138 ldata->echo_mark = ldata->echo_commit = 0;
1139 mutex_unlock(&ldata->output_lock);
1140
1141 /* clear output buffer */
1142 tty_driver_flush_buffer(tty);
1143
1144 /* clear input buffer */
1145 reset_buffer_flags(tty->disc_data);
1146
1147 /* notify pty master of flush */
1148 if (tty->link)
1149 n_tty_packet_mode_flush(tty);
1150
1151 up_write(&tty->termios_rwsem);
1152 down_read(&tty->termios_rwsem);
1153 }
1154}
1155
1156/**
1157 * n_tty_receive_break - handle break
1158 * @tty: terminal
1159 *
1160 * An RS232 break event has been hit in the incoming bitstream. This
1161 * can cause a variety of events depending upon the termios settings.
1162 *
1163 * n_tty_receive_buf()/producer path:
1164 * caller holds non-exclusive termios_rwsem
1165 *
1166 * Note: may get exclusive termios_rwsem if flushing input buffer
1167 */
1168
1169static void n_tty_receive_break(struct tty_struct *tty)
1170{
1171 struct n_tty_data *ldata = tty->disc_data;
1172
1173 if (I_IGNBRK(tty))
1174 return;
1175 if (I_BRKINT(tty)) {
1176 isig(SIGINT, tty);
1177 return;
1178 }
1179 if (I_PARMRK(tty)) {
1180 put_tty_queue('\377', ldata);
1181 put_tty_queue('\0', ldata);
1182 }
1183 put_tty_queue('\0', ldata);
1184}
1185
1186/**
1187 * n_tty_receive_overrun - handle overrun reporting
1188 * @tty: terminal
1189 *
1190 * Data arrived faster than we could process it. While the tty
1191 * driver has flagged this the bits that were missed are gone
1192 * forever.
1193 *
1194 * Called from the receive_buf path so single threaded. Does not
1195 * need locking as num_overrun and overrun_time are function
1196 * private.
1197 */
1198
1199static void n_tty_receive_overrun(struct tty_struct *tty)
1200{
1201 struct n_tty_data *ldata = tty->disc_data;
1202
1203 ldata->num_overrun++;
1204 if (time_after(jiffies, ldata->overrun_time + HZ) ||
1205 time_after(ldata->overrun_time, jiffies)) {
1206 tty_warn(tty, "%d input overrun(s)\n", ldata->num_overrun);
1207 ldata->overrun_time = jiffies;
1208 ldata->num_overrun = 0;
1209 }
1210}
1211
1212/**
1213 * n_tty_receive_parity_error - error notifier
1214 * @tty: terminal device
1215 * @c: character
1216 *
1217 * Process a parity error and queue the right data to indicate
1218 * the error case if necessary.
1219 *
1220 * n_tty_receive_buf()/producer path:
1221 * caller holds non-exclusive termios_rwsem
1222 */
1223static void n_tty_receive_parity_error(struct tty_struct *tty, unsigned char c)
1224{
1225 struct n_tty_data *ldata = tty->disc_data;
1226
1227 if (I_INPCK(tty)) {
1228 if (I_IGNPAR(tty))
1229 return;
1230 if (I_PARMRK(tty)) {
1231 put_tty_queue('\377', ldata);
1232 put_tty_queue('\0', ldata);
1233 put_tty_queue(c, ldata);
1234 } else
1235 put_tty_queue('\0', ldata);
1236 } else
1237 put_tty_queue(c, ldata);
1238}
1239
1240static void
1241n_tty_receive_signal_char(struct tty_struct *tty, int signal, unsigned char c)
1242{
1243 isig(signal, tty);
1244 if (I_IXON(tty))
1245 start_tty(tty);
1246 if (L_ECHO(tty)) {
1247 echo_char(c, tty);
1248 commit_echoes(tty);
1249 } else
1250 process_echoes(tty);
1251 return;
1252}
1253
1254/**
1255 * n_tty_receive_char - perform processing
1256 * @tty: terminal device
1257 * @c: character
1258 *
1259 * Process an individual character of input received from the driver.
1260 * This is serialized with respect to itself by the rules for the
1261 * driver above.
1262 *
1263 * n_tty_receive_buf()/producer path:
1264 * caller holds non-exclusive termios_rwsem
1265 * publishes canon_head if canonical mode is active
1266 *
1267 * Returns 1 if LNEXT was received, else returns 0
1268 */
1269
1270static int
1271n_tty_receive_char_special(struct tty_struct *tty, unsigned char c)
1272{
1273 struct n_tty_data *ldata = tty->disc_data;
1274
1275 if (I_IXON(tty)) {
1276 if (c == START_CHAR(tty)) {
1277 start_tty(tty);
1278 process_echoes(tty);
1279 return 0;
1280 }
1281 if (c == STOP_CHAR(tty)) {
1282 stop_tty(tty);
1283 return 0;
1284 }
1285 }
1286
1287 if (L_ISIG(tty)) {
1288 if (c == INTR_CHAR(tty)) {
1289 n_tty_receive_signal_char(tty, SIGINT, c);
1290 return 0;
1291 } else if (c == QUIT_CHAR(tty)) {
1292 n_tty_receive_signal_char(tty, SIGQUIT, c);
1293 return 0;
1294 } else if (c == SUSP_CHAR(tty)) {
1295 n_tty_receive_signal_char(tty, SIGTSTP, c);
1296 return 0;
1297 }
1298 }
1299
1300 if (tty->stopped && !tty->flow_stopped && I_IXON(tty) && I_IXANY(tty)) {
1301 start_tty(tty);
1302 process_echoes(tty);
1303 }
1304
1305 if (c == '\r') {
1306 if (I_IGNCR(tty))
1307 return 0;
1308 if (I_ICRNL(tty))
1309 c = '\n';
1310 } else if (c == '\n' && I_INLCR(tty))
1311 c = '\r';
1312
1313 if (ldata->icanon) {
1314 if (c == ERASE_CHAR(tty) || c == KILL_CHAR(tty) ||
1315 (c == WERASE_CHAR(tty) && L_IEXTEN(tty))) {
1316 eraser(c, tty);
1317 commit_echoes(tty);
1318 return 0;
1319 }
1320 if (c == LNEXT_CHAR(tty) && L_IEXTEN(tty)) {
1321 ldata->lnext = 1;
1322 if (L_ECHO(tty)) {
1323 finish_erasing(ldata);
1324 if (L_ECHOCTL(tty)) {
1325 echo_char_raw('^', ldata);
1326 echo_char_raw('\b', ldata);
1327 commit_echoes(tty);
1328 }
1329 }
1330 return 1;
1331 }
1332 if (c == REPRINT_CHAR(tty) && L_ECHO(tty) && L_IEXTEN(tty)) {
1333 size_t tail = ldata->canon_head;
1334
1335 finish_erasing(ldata);
1336 echo_char(c, tty);
1337 echo_char_raw('\n', ldata);
1338 while (MASK(tail) != MASK(ldata->read_head)) {
1339 echo_char(read_buf(ldata, tail), tty);
1340 tail++;
1341 }
1342 commit_echoes(tty);
1343 return 0;
1344 }
1345 if (c == '\n') {
1346 if (L_ECHO(tty) || L_ECHONL(tty)) {
1347 echo_char_raw('\n', ldata);
1348 commit_echoes(tty);
1349 }
1350 goto handle_newline;
1351 }
1352 if (c == EOF_CHAR(tty)) {
1353 c = __DISABLED_CHAR;
1354 goto handle_newline;
1355 }
1356 if ((c == EOL_CHAR(tty)) ||
1357 (c == EOL2_CHAR(tty) && L_IEXTEN(tty))) {
1358 /*
1359 * XXX are EOL_CHAR and EOL2_CHAR echoed?!?
1360 */
1361 if (L_ECHO(tty)) {
1362 /* Record the column of first canon char. */
1363 if (ldata->canon_head == ldata->read_head)
1364 echo_set_canon_col(ldata);
1365 echo_char(c, tty);
1366 commit_echoes(tty);
1367 }
1368 /*
1369 * XXX does PARMRK doubling happen for
1370 * EOL_CHAR and EOL2_CHAR?
1371 */
1372 if (c == (unsigned char) '\377' && I_PARMRK(tty))
1373 put_tty_queue(c, ldata);
1374
1375handle_newline:
1376 set_bit(ldata->read_head & (N_TTY_BUF_SIZE - 1), ldata->read_flags);
1377 put_tty_queue(c, ldata);
1378 smp_store_release(&ldata->canon_head, ldata->read_head);
1379 kill_fasync(&tty->fasync, SIGIO, POLL_IN);
1380 wake_up_interruptible_poll(&tty->read_wait, EPOLLIN);
1381 return 0;
1382 }
1383 }
1384
1385 if (L_ECHO(tty)) {
1386 finish_erasing(ldata);
1387 if (c == '\n')
1388 echo_char_raw('\n', ldata);
1389 else {
1390 /* Record the column of first canon char. */
1391 if (ldata->canon_head == ldata->read_head)
1392 echo_set_canon_col(ldata);
1393 echo_char(c, tty);
1394 }
1395 commit_echoes(tty);
1396 }
1397
1398 /* PARMRK doubling check */
1399 if (c == (unsigned char) '\377' && I_PARMRK(tty))
1400 put_tty_queue(c, ldata);
1401
1402 put_tty_queue(c, ldata);
1403 return 0;
1404}
1405
1406static inline void
1407n_tty_receive_char_inline(struct tty_struct *tty, unsigned char c)
1408{
1409 struct n_tty_data *ldata = tty->disc_data;
1410
1411 if (tty->stopped && !tty->flow_stopped && I_IXON(tty) && I_IXANY(tty)) {
1412 start_tty(tty);
1413 process_echoes(tty);
1414 }
1415 if (L_ECHO(tty)) {
1416 finish_erasing(ldata);
1417 /* Record the column of first canon char. */
1418 if (ldata->canon_head == ldata->read_head)
1419 echo_set_canon_col(ldata);
1420 echo_char(c, tty);
1421 commit_echoes(tty);
1422 }
1423 /* PARMRK doubling check */
1424 if (c == (unsigned char) '\377' && I_PARMRK(tty))
1425 put_tty_queue(c, ldata);
1426 put_tty_queue(c, ldata);
1427}
1428
1429static void n_tty_receive_char(struct tty_struct *tty, unsigned char c)
1430{
1431 n_tty_receive_char_inline(tty, c);
1432}
1433
1434static inline void
1435n_tty_receive_char_fast(struct tty_struct *tty, unsigned char c)
1436{
1437 struct n_tty_data *ldata = tty->disc_data;
1438
1439 if (tty->stopped && !tty->flow_stopped && I_IXON(tty) && I_IXANY(tty)) {
1440 start_tty(tty);
1441 process_echoes(tty);
1442 }
1443 if (L_ECHO(tty)) {
1444 finish_erasing(ldata);
1445 /* Record the column of first canon char. */
1446 if (ldata->canon_head == ldata->read_head)
1447 echo_set_canon_col(ldata);
1448 echo_char(c, tty);
1449 commit_echoes(tty);
1450 }
1451 put_tty_queue(c, ldata);
1452}
1453
1454static void n_tty_receive_char_closing(struct tty_struct *tty, unsigned char c)
1455{
1456 if (I_ISTRIP(tty))
1457 c &= 0x7f;
1458 if (I_IUCLC(tty) && L_IEXTEN(tty))
1459 c = tolower(c);
1460
1461 if (I_IXON(tty)) {
1462 if (c == STOP_CHAR(tty))
1463 stop_tty(tty);
1464 else if (c == START_CHAR(tty) ||
1465 (tty->stopped && !tty->flow_stopped && I_IXANY(tty) &&
1466 c != INTR_CHAR(tty) && c != QUIT_CHAR(tty) &&
1467 c != SUSP_CHAR(tty))) {
1468 start_tty(tty);
1469 process_echoes(tty);
1470 }
1471 }
1472}
1473
1474static void
1475n_tty_receive_char_flagged(struct tty_struct *tty, unsigned char c, char flag)
1476{
1477 switch (flag) {
1478 case TTY_BREAK:
1479 n_tty_receive_break(tty);
1480 break;
1481 case TTY_PARITY:
1482 case TTY_FRAME:
1483 n_tty_receive_parity_error(tty, c);
1484 break;
1485 case TTY_OVERRUN:
1486 n_tty_receive_overrun(tty);
1487 break;
1488 default:
1489 tty_err(tty, "unknown flag %d\n", flag);
1490 break;
1491 }
1492}
1493
1494static void
1495n_tty_receive_char_lnext(struct tty_struct *tty, unsigned char c, char flag)
1496{
1497 struct n_tty_data *ldata = tty->disc_data;
1498
1499 ldata->lnext = 0;
1500 if (likely(flag == TTY_NORMAL)) {
1501 if (I_ISTRIP(tty))
1502 c &= 0x7f;
1503 if (I_IUCLC(tty) && L_IEXTEN(tty))
1504 c = tolower(c);
1505 n_tty_receive_char(tty, c);
1506 } else
1507 n_tty_receive_char_flagged(tty, c, flag);
1508}
1509
1510static void
1511n_tty_receive_buf_real_raw(struct tty_struct *tty, const unsigned char *cp,
1512 char *fp, int count)
1513{
1514 struct n_tty_data *ldata = tty->disc_data;
1515 size_t n, head;
1516
1517 head = ldata->read_head & (N_TTY_BUF_SIZE - 1);
1518 n = min_t(size_t, count, N_TTY_BUF_SIZE - head);
1519 memcpy(read_buf_addr(ldata, head), cp, n);
1520 ldata->read_head += n;
1521 cp += n;
1522 count -= n;
1523
1524 head = ldata->read_head & (N_TTY_BUF_SIZE - 1);
1525 n = min_t(size_t, count, N_TTY_BUF_SIZE - head);
1526 memcpy(read_buf_addr(ldata, head), cp, n);
1527 ldata->read_head += n;
1528}
1529
1530static void
1531n_tty_receive_buf_raw(struct tty_struct *tty, const unsigned char *cp,
1532 char *fp, int count)
1533{
1534 struct n_tty_data *ldata = tty->disc_data;
1535 char flag = TTY_NORMAL;
1536
1537 while (count--) {
1538 if (fp)
1539 flag = *fp++;
1540 if (likely(flag == TTY_NORMAL))
1541 put_tty_queue(*cp++, ldata);
1542 else
1543 n_tty_receive_char_flagged(tty, *cp++, flag);
1544 }
1545}
1546
1547static void
1548n_tty_receive_buf_closing(struct tty_struct *tty, const unsigned char *cp,
1549 char *fp, int count)
1550{
1551 char flag = TTY_NORMAL;
1552
1553 while (count--) {
1554 if (fp)
1555 flag = *fp++;
1556 if (likely(flag == TTY_NORMAL))
1557 n_tty_receive_char_closing(tty, *cp++);
1558 }
1559}
1560
1561static void
1562n_tty_receive_buf_standard(struct tty_struct *tty, const unsigned char *cp,
1563 char *fp, int count)
1564{
1565 struct n_tty_data *ldata = tty->disc_data;
1566 char flag = TTY_NORMAL;
1567
1568 while (count--) {
1569 if (fp)
1570 flag = *fp++;
1571 if (likely(flag == TTY_NORMAL)) {
1572 unsigned char c = *cp++;
1573
1574 if (I_ISTRIP(tty))
1575 c &= 0x7f;
1576 if (I_IUCLC(tty) && L_IEXTEN(tty))
1577 c = tolower(c);
1578 if (L_EXTPROC(tty)) {
1579 put_tty_queue(c, ldata);
1580 continue;
1581 }
1582 if (!test_bit(c, ldata->char_map))
1583 n_tty_receive_char_inline(tty, c);
1584 else if (n_tty_receive_char_special(tty, c) && count) {
1585 if (fp)
1586 flag = *fp++;
1587 n_tty_receive_char_lnext(tty, *cp++, flag);
1588 count--;
1589 }
1590 } else
1591 n_tty_receive_char_flagged(tty, *cp++, flag);
1592 }
1593}
1594
1595static void
1596n_tty_receive_buf_fast(struct tty_struct *tty, const unsigned char *cp,
1597 char *fp, int count)
1598{
1599 struct n_tty_data *ldata = tty->disc_data;
1600 char flag = TTY_NORMAL;
1601
1602 while (count--) {
1603 if (fp)
1604 flag = *fp++;
1605 if (likely(flag == TTY_NORMAL)) {
1606 unsigned char c = *cp++;
1607
1608 if (!test_bit(c, ldata->char_map))
1609 n_tty_receive_char_fast(tty, c);
1610 else if (n_tty_receive_char_special(tty, c) && count) {
1611 if (fp)
1612 flag = *fp++;
1613 n_tty_receive_char_lnext(tty, *cp++, flag);
1614 count--;
1615 }
1616 } else
1617 n_tty_receive_char_flagged(tty, *cp++, flag);
1618 }
1619}
1620
1621static void __receive_buf(struct tty_struct *tty, const unsigned char *cp,
1622 char *fp, int count)
1623{
1624 struct n_tty_data *ldata = tty->disc_data;
1625 bool preops = I_ISTRIP(tty) || (I_IUCLC(tty) && L_IEXTEN(tty));
1626
1627 if (ldata->real_raw)
1628 n_tty_receive_buf_real_raw(tty, cp, fp, count);
1629 else if (ldata->raw || (L_EXTPROC(tty) && !preops))
1630 n_tty_receive_buf_raw(tty, cp, fp, count);
1631 else if (tty->closing && !L_EXTPROC(tty))
1632 n_tty_receive_buf_closing(tty, cp, fp, count);
1633 else {
1634 if (ldata->lnext) {
1635 char flag = TTY_NORMAL;
1636
1637 if (fp)
1638 flag = *fp++;
1639 n_tty_receive_char_lnext(tty, *cp++, flag);
1640 count--;
1641 }
1642
1643 if (!preops && !I_PARMRK(tty))
1644 n_tty_receive_buf_fast(tty, cp, fp, count);
1645 else
1646 n_tty_receive_buf_standard(tty, cp, fp, count);
1647
1648 flush_echoes(tty);
1649 if (tty->ops->flush_chars)
1650 tty->ops->flush_chars(tty);
1651 }
1652
1653 if (ldata->icanon && !L_EXTPROC(tty))
1654 return;
1655
1656 /* publish read_head to consumer */
1657 smp_store_release(&ldata->commit_head, ldata->read_head);
1658
1659 if (read_cnt(ldata)) {
1660 kill_fasync(&tty->fasync, SIGIO, POLL_IN);
1661 wake_up_interruptible_poll(&tty->read_wait, EPOLLIN);
1662 }
1663}
1664
1665/**
1666 * n_tty_receive_buf_common - process input
1667 * @tty: device to receive input
1668 * @cp: input chars
1669 * @fp: flags for each char (if NULL, all chars are TTY_NORMAL)
1670 * @count: number of input chars in @cp
1671 *
1672 * Called by the terminal driver when a block of characters has
1673 * been received. This function must be called from soft contexts
1674 * not from interrupt context. The driver is responsible for making
1675 * calls one at a time and in order (or using flush_to_ldisc)
1676 *
1677 * Returns the # of input chars from @cp which were processed.
1678 *
1679 * In canonical mode, the maximum line length is 4096 chars (including
1680 * the line termination char); lines longer than 4096 chars are
1681 * truncated. After 4095 chars, input data is still processed but
1682 * not stored. Overflow processing ensures the tty can always
1683 * receive more input until at least one line can be read.
1684 *
1685 * In non-canonical mode, the read buffer will only accept 4095 chars;
1686 * this provides the necessary space for a newline char if the input
1687 * mode is switched to canonical.
1688 *
1689 * Note it is possible for the read buffer to _contain_ 4096 chars
1690 * in non-canonical mode: the read buffer could already contain the
1691 * maximum canon line of 4096 chars when the mode is switched to
1692 * non-canonical.
1693 *
1694 * n_tty_receive_buf()/producer path:
1695 * claims non-exclusive termios_rwsem
1696 * publishes commit_head or canon_head
1697 */
1698static int
1699n_tty_receive_buf_common(struct tty_struct *tty, const unsigned char *cp,
1700 char *fp, int count, int flow)
1701{
1702 struct n_tty_data *ldata = tty->disc_data;
1703 int room, n, rcvd = 0, overflow;
1704
1705 down_read(&tty->termios_rwsem);
1706
1707 do {
1708 /*
1709 * When PARMRK is set, each input char may take up to 3 chars
1710 * in the read buf; reduce the buffer space avail by 3x
1711 *
1712 * If we are doing input canonicalization, and there are no
1713 * pending newlines, let characters through without limit, so
1714 * that erase characters will be handled. Other excess
1715 * characters will be beeped.
1716 *
1717 * paired with store in *_copy_from_read_buf() -- guarantees
1718 * the consumer has loaded the data in read_buf up to the new
1719 * read_tail (so this producer will not overwrite unread data)
1720 */
1721 size_t tail = smp_load_acquire(&ldata->read_tail);
1722
1723 room = N_TTY_BUF_SIZE - (ldata->read_head - tail);
1724 if (I_PARMRK(tty))
1725 room = (room + 2) / 3;
1726 room--;
1727 if (room <= 0) {
1728 overflow = ldata->icanon && ldata->canon_head == tail;
1729 if (overflow && room < 0)
1730 ldata->read_head--;
1731 room = overflow;
1732 ldata->no_room = flow && !room;
1733 } else
1734 overflow = 0;
1735
1736 n = min(count, room);
1737 if (!n)
1738 break;
1739
1740 /* ignore parity errors if handling overflow */
1741 if (!overflow || !fp || *fp != TTY_PARITY)
1742 __receive_buf(tty, cp, fp, n);
1743
1744 cp += n;
1745 if (fp)
1746 fp += n;
1747 count -= n;
1748 rcvd += n;
1749 } while (!test_bit(TTY_LDISC_CHANGING, &tty->flags));
1750
1751 tty->receive_room = room;
1752
1753 /* Unthrottle if handling overflow on pty */
1754 if (tty->driver->type == TTY_DRIVER_TYPE_PTY) {
1755 if (overflow) {
1756 tty_set_flow_change(tty, TTY_UNTHROTTLE_SAFE);
1757 tty_unthrottle_safe(tty);
1758 __tty_set_flow_change(tty, 0);
1759 }
1760 } else
1761 n_tty_check_throttle(tty);
1762
1763 up_read(&tty->termios_rwsem);
1764
1765 return rcvd;
1766}
1767
1768static void n_tty_receive_buf(struct tty_struct *tty, const unsigned char *cp,
1769 char *fp, int count)
1770{
1771 n_tty_receive_buf_common(tty, cp, fp, count, 0);
1772}
1773
1774static int n_tty_receive_buf2(struct tty_struct *tty, const unsigned char *cp,
1775 char *fp, int count)
1776{
1777 return n_tty_receive_buf_common(tty, cp, fp, count, 1);
1778}
1779
1780/**
1781 * n_tty_set_termios - termios data changed
1782 * @tty: terminal
1783 * @old: previous data
1784 *
1785 * Called by the tty layer when the user changes termios flags so
1786 * that the line discipline can plan ahead. This function cannot sleep
1787 * and is protected from re-entry by the tty layer. The user is
1788 * guaranteed that this function will not be re-entered or in progress
1789 * when the ldisc is closed.
1790 *
1791 * Locking: Caller holds tty->termios_rwsem
1792 */
1793
1794static void n_tty_set_termios(struct tty_struct *tty, struct ktermios *old)
1795{
1796 struct n_tty_data *ldata = tty->disc_data;
1797
1798 if (!old || (old->c_lflag ^ tty->termios.c_lflag) & (ICANON | EXTPROC)) {
1799 bitmap_zero(ldata->read_flags, N_TTY_BUF_SIZE);
1800 ldata->line_start = ldata->read_tail;
1801 if (!L_ICANON(tty) || !read_cnt(ldata)) {
1802 ldata->canon_head = ldata->read_tail;
1803 ldata->push = 0;
1804 } else {
1805 set_bit((ldata->read_head - 1) & (N_TTY_BUF_SIZE - 1),
1806 ldata->read_flags);
1807 ldata->canon_head = ldata->read_head;
1808 ldata->push = 1;
1809 }
1810 ldata->commit_head = ldata->read_head;
1811 ldata->erasing = 0;
1812 ldata->lnext = 0;
1813 }
1814
1815 ldata->icanon = (L_ICANON(tty) != 0);
1816
1817 if (I_ISTRIP(tty) || I_IUCLC(tty) || I_IGNCR(tty) ||
1818 I_ICRNL(tty) || I_INLCR(tty) || L_ICANON(tty) ||
1819 I_IXON(tty) || L_ISIG(tty) || L_ECHO(tty) ||
1820 I_PARMRK(tty)) {
1821 bitmap_zero(ldata->char_map, 256);
1822
1823 if (I_IGNCR(tty) || I_ICRNL(tty))
1824 set_bit('\r', ldata->char_map);
1825 if (I_INLCR(tty))
1826 set_bit('\n', ldata->char_map);
1827
1828 if (L_ICANON(tty)) {
1829 set_bit(ERASE_CHAR(tty), ldata->char_map);
1830 set_bit(KILL_CHAR(tty), ldata->char_map);
1831 set_bit(EOF_CHAR(tty), ldata->char_map);
1832 set_bit('\n', ldata->char_map);
1833 set_bit(EOL_CHAR(tty), ldata->char_map);
1834 if (L_IEXTEN(tty)) {
1835 set_bit(WERASE_CHAR(tty), ldata->char_map);
1836 set_bit(LNEXT_CHAR(tty), ldata->char_map);
1837 set_bit(EOL2_CHAR(tty), ldata->char_map);
1838 if (L_ECHO(tty))
1839 set_bit(REPRINT_CHAR(tty),
1840 ldata->char_map);
1841 }
1842 }
1843 if (I_IXON(tty)) {
1844 set_bit(START_CHAR(tty), ldata->char_map);
1845 set_bit(STOP_CHAR(tty), ldata->char_map);
1846 }
1847 if (L_ISIG(tty)) {
1848 set_bit(INTR_CHAR(tty), ldata->char_map);
1849 set_bit(QUIT_CHAR(tty), ldata->char_map);
1850 set_bit(SUSP_CHAR(tty), ldata->char_map);
1851 }
1852 clear_bit(__DISABLED_CHAR, ldata->char_map);
1853 ldata->raw = 0;
1854 ldata->real_raw = 0;
1855 } else {
1856 ldata->raw = 1;
1857 if ((I_IGNBRK(tty) || (!I_BRKINT(tty) && !I_PARMRK(tty))) &&
1858 (I_IGNPAR(tty) || !I_INPCK(tty)) &&
1859 (tty->driver->flags & TTY_DRIVER_REAL_RAW))
1860 ldata->real_raw = 1;
1861 else
1862 ldata->real_raw = 0;
1863 }
1864 /*
1865 * Fix tty hang when I_IXON(tty) is cleared, but the tty
1866 * been stopped by STOP_CHAR(tty) before it.
1867 */
1868 if (!I_IXON(tty) && old && (old->c_iflag & IXON) && !tty->flow_stopped) {
1869 start_tty(tty);
1870 process_echoes(tty);
1871 }
1872
1873 /* The termios change make the tty ready for I/O */
1874 wake_up_interruptible(&tty->write_wait);
1875 wake_up_interruptible(&tty->read_wait);
1876}
1877
1878/**
1879 * n_tty_close - close the ldisc for this tty
1880 * @tty: device
1881 *
1882 * Called from the terminal layer when this line discipline is
1883 * being shut down, either because of a close or becsuse of a
1884 * discipline change. The function will not be called while other
1885 * ldisc methods are in progress.
1886 */
1887
1888static void n_tty_close(struct tty_struct *tty)
1889{
1890 struct n_tty_data *ldata = tty->disc_data;
1891
1892 if (tty->link)
1893 n_tty_packet_mode_flush(tty);
1894
1895 vfree(ldata);
1896 tty->disc_data = NULL;
1897}
1898
1899/**
1900 * n_tty_open - open an ldisc
1901 * @tty: terminal to open
1902 *
1903 * Called when this line discipline is being attached to the
1904 * terminal device. Can sleep. Called serialized so that no
1905 * other events will occur in parallel. No further open will occur
1906 * until a close.
1907 */
1908
1909static int n_tty_open(struct tty_struct *tty)
1910{
1911 struct n_tty_data *ldata;
1912
1913 /* Currently a malloc failure here can panic */
1914 ldata = vzalloc(sizeof(*ldata));
1915 if (!ldata)
1916 return -ENOMEM;
1917
1918 ldata->overrun_time = jiffies;
1919 mutex_init(&ldata->atomic_read_lock);
1920 mutex_init(&ldata->output_lock);
1921
1922 tty->disc_data = ldata;
1923 tty->closing = 0;
1924 /* indicate buffer work may resume */
1925 clear_bit(TTY_LDISC_HALTED, &tty->flags);
1926 n_tty_set_termios(tty, NULL);
1927 tty_unthrottle(tty);
1928 return 0;
1929}
1930
1931static inline int input_available_p(struct tty_struct *tty, int poll)
1932{
1933 struct n_tty_data *ldata = tty->disc_data;
1934 int amt = poll && !TIME_CHAR(tty) && MIN_CHAR(tty) ? MIN_CHAR(tty) : 1;
1935
1936 if (ldata->icanon && !L_EXTPROC(tty))
1937 return ldata->canon_head != ldata->read_tail;
1938 else
1939 return ldata->commit_head - ldata->read_tail >= amt;
1940}
1941
1942/**
1943 * copy_from_read_buf - copy read data directly
1944 * @tty: terminal device
1945 * @b: user data
1946 * @nr: size of data
1947 *
1948 * Helper function to speed up n_tty_read. It is only called when
1949 * ICANON is off; it copies characters straight from the tty queue to
1950 * user space directly. It can be profitably called twice; once to
1951 * drain the space from the tail pointer to the (physical) end of the
1952 * buffer, and once to drain the space from the (physical) beginning of
1953 * the buffer to head pointer.
1954 *
1955 * Called under the ldata->atomic_read_lock sem
1956 *
1957 * n_tty_read()/consumer path:
1958 * caller holds non-exclusive termios_rwsem
1959 * read_tail published
1960 */
1961
1962static int copy_from_read_buf(struct tty_struct *tty,
1963 unsigned char __user **b,
1964 size_t *nr)
1965
1966{
1967 struct n_tty_data *ldata = tty->disc_data;
1968 int retval;
1969 size_t n;
1970 bool is_eof;
1971 size_t head = smp_load_acquire(&ldata->commit_head);
1972 size_t tail = ldata->read_tail & (N_TTY_BUF_SIZE - 1);
1973
1974 retval = 0;
1975 n = min(head - ldata->read_tail, N_TTY_BUF_SIZE - tail);
1976 n = min(*nr, n);
1977 if (n) {
1978 unsigned char *from = read_buf_addr(ldata, tail);
1979 retval = copy_to_user(*b, from, n);
1980 n -= retval;
1981 is_eof = n == 1 && *from == EOF_CHAR(tty);
1982 tty_audit_add_data(tty, from, n);
1983 zero_buffer(tty, from, n);
1984 smp_store_release(&ldata->read_tail, ldata->read_tail + n);
1985 /* Turn single EOF into zero-length read */
1986 if (L_EXTPROC(tty) && ldata->icanon && is_eof &&
1987 (head == ldata->read_tail))
1988 n = 0;
1989 *b += n;
1990 *nr -= n;
1991 }
1992 return retval;
1993}
1994
1995/**
1996 * canon_copy_from_read_buf - copy read data in canonical mode
1997 * @tty: terminal device
1998 * @b: user data
1999 * @nr: size of data
2000 *
2001 * Helper function for n_tty_read. It is only called when ICANON is on;
2002 * it copies one line of input up to and including the line-delimiting
2003 * character into the user-space buffer.
2004 *
2005 * NB: When termios is changed from non-canonical to canonical mode and
2006 * the read buffer contains data, n_tty_set_termios() simulates an EOF
2007 * push (as if C-d were input) _without_ the DISABLED_CHAR in the buffer.
2008 * This causes data already processed as input to be immediately available
2009 * as input although a newline has not been received.
2010 *
2011 * Called under the atomic_read_lock mutex
2012 *
2013 * n_tty_read()/consumer path:
2014 * caller holds non-exclusive termios_rwsem
2015 * read_tail published
2016 */
2017
2018static int canon_copy_from_read_buf(struct tty_struct *tty,
2019 unsigned char __user **b,
2020 size_t *nr)
2021{
2022 struct n_tty_data *ldata = tty->disc_data;
2023 size_t n, size, more, c;
2024 size_t eol;
2025 size_t tail;
2026 int ret, found = 0;
2027
2028 /* N.B. avoid overrun if nr == 0 */
2029 if (!*nr)
2030 return 0;
2031
2032 n = min(*nr + 1, smp_load_acquire(&ldata->canon_head) - ldata->read_tail);
2033
2034 tail = ldata->read_tail & (N_TTY_BUF_SIZE - 1);
2035 size = min_t(size_t, tail + n, N_TTY_BUF_SIZE);
2036
2037 n_tty_trace("%s: nr:%zu tail:%zu n:%zu size:%zu\n",
2038 __func__, *nr, tail, n, size);
2039
2040 eol = find_next_bit(ldata->read_flags, size, tail);
2041 more = n - (size - tail);
2042 if (eol == N_TTY_BUF_SIZE && more) {
2043 /* scan wrapped without finding set bit */
2044 eol = find_next_bit(ldata->read_flags, more, 0);
2045 found = eol != more;
2046 } else
2047 found = eol != size;
2048
2049 n = eol - tail;
2050 if (n > N_TTY_BUF_SIZE)
2051 n += N_TTY_BUF_SIZE;
2052 c = n + found;
2053
2054 if (!found || read_buf(ldata, eol) != __DISABLED_CHAR) {
2055 c = min(*nr, c);
2056 n = c;
2057 }
2058
2059 n_tty_trace("%s: eol:%zu found:%d n:%zu c:%zu tail:%zu more:%zu\n",
2060 __func__, eol, found, n, c, tail, more);
2061
2062 ret = tty_copy_to_user(tty, *b, tail, n);
2063 if (ret)
2064 return -EFAULT;
2065 *b += n;
2066 *nr -= n;
2067
2068 if (found)
2069 clear_bit(eol, ldata->read_flags);
2070 smp_store_release(&ldata->read_tail, ldata->read_tail + c);
2071
2072 if (found) {
2073 if (!ldata->push)
2074 ldata->line_start = ldata->read_tail;
2075 else
2076 ldata->push = 0;
2077 tty_audit_push();
2078 }
2079 return 0;
2080}
2081
2082extern ssize_t redirected_tty_write(struct file *, const char __user *,
2083 size_t, loff_t *);
2084
2085/**
2086 * job_control - check job control
2087 * @tty: tty
2088 * @file: file handle
2089 *
2090 * Perform job control management checks on this file/tty descriptor
2091 * and if appropriate send any needed signals and return a negative
2092 * error code if action should be taken.
2093 *
2094 * Locking: redirected write test is safe
2095 * current->signal->tty check is safe
2096 * ctrl_lock to safely reference tty->pgrp
2097 */
2098
2099static int job_control(struct tty_struct *tty, struct file *file)
2100{
2101 /* Job control check -- must be done at start and after
2102 every sleep (POSIX.1 7.1.1.4). */
2103 /* NOTE: not yet done after every sleep pending a thorough
2104 check of the logic of this change. -- jlc */
2105 /* don't stop on /dev/console */
2106 if (file->f_op->write == redirected_tty_write)
2107 return 0;
2108
2109 return __tty_check_change(tty, SIGTTIN);
2110}
2111
2112
2113/**
2114 * n_tty_read - read function for tty
2115 * @tty: tty device
2116 * @file: file object
2117 * @buf: userspace buffer pointer
2118 * @nr: size of I/O
2119 *
2120 * Perform reads for the line discipline. We are guaranteed that the
2121 * line discipline will not be closed under us but we may get multiple
2122 * parallel readers and must handle this ourselves. We may also get
2123 * a hangup. Always called in user context, may sleep.
2124 *
2125 * This code must be sure never to sleep through a hangup.
2126 *
2127 * n_tty_read()/consumer path:
2128 * claims non-exclusive termios_rwsem
2129 * publishes read_tail
2130 */
2131
2132static ssize_t n_tty_read(struct tty_struct *tty, struct file *file,
2133 unsigned char __user *buf, size_t nr)
2134{
2135 struct n_tty_data *ldata = tty->disc_data;
2136 unsigned char __user *b = buf;
2137 DEFINE_WAIT_FUNC(wait, woken_wake_function);
2138 int c;
2139 int minimum, time;
2140 ssize_t retval = 0;
2141 long timeout;
2142 int packet;
2143 size_t tail;
2144
2145 c = job_control(tty, file);
2146 if (c < 0)
2147 return c;
2148
2149 /*
2150 * Internal serialization of reads.
2151 */
2152 if (file->f_flags & O_NONBLOCK) {
2153 if (!mutex_trylock(&ldata->atomic_read_lock))
2154 return -EAGAIN;
2155 } else {
2156 if (mutex_lock_interruptible(&ldata->atomic_read_lock))
2157 return -ERESTARTSYS;
2158 }
2159
2160 down_read(&tty->termios_rwsem);
2161
2162 minimum = time = 0;
2163 timeout = MAX_SCHEDULE_TIMEOUT;
2164 if (!ldata->icanon) {
2165 minimum = MIN_CHAR(tty);
2166 if (minimum) {
2167 time = (HZ / 10) * TIME_CHAR(tty);
2168 } else {
2169 timeout = (HZ / 10) * TIME_CHAR(tty);
2170 minimum = 1;
2171 }
2172 }
2173
2174 packet = tty->packet;
2175 tail = ldata->read_tail;
2176
2177 add_wait_queue(&tty->read_wait, &wait);
2178 while (nr) {
2179 /* First test for status change. */
2180 if (packet && tty->link->ctrl_status) {
2181 unsigned char cs;
2182 if (b != buf)
2183 break;
2184 spin_lock_irq(&tty->link->ctrl_lock);
2185 cs = tty->link->ctrl_status;
2186 tty->link->ctrl_status = 0;
2187 spin_unlock_irq(&tty->link->ctrl_lock);
2188 if (put_user(cs, b)) {
2189 retval = -EFAULT;
2190 break;
2191 }
2192 b++;
2193 nr--;
2194 break;
2195 }
2196
2197 if (!input_available_p(tty, 0)) {
2198 up_read(&tty->termios_rwsem);
2199 tty_buffer_flush_work(tty->port);
2200 down_read(&tty->termios_rwsem);
2201 if (!input_available_p(tty, 0)) {
2202 if (test_bit(TTY_OTHER_CLOSED, &tty->flags)) {
2203 retval = -EIO;
2204 break;
2205 }
2206 if (tty_hung_up_p(file))
2207 break;
2208 /*
2209 * Abort readers for ttys which never actually
2210 * get hung up. See __tty_hangup().
2211 */
2212 if (test_bit(TTY_HUPPING, &tty->flags))
2213 break;
2214 if (!timeout)
2215 break;
2216 if (tty_io_nonblock(tty, file)) {
2217 retval = -EAGAIN;
2218 break;
2219 }
2220 if (signal_pending(current)) {
2221 retval = -ERESTARTSYS;
2222 break;
2223 }
2224 up_read(&tty->termios_rwsem);
2225
2226 timeout = wait_woken(&wait, TASK_INTERRUPTIBLE,
2227 timeout);
2228
2229 down_read(&tty->termios_rwsem);
2230 continue;
2231 }
2232 }
2233
2234 if (ldata->icanon && !L_EXTPROC(tty)) {
2235 retval = canon_copy_from_read_buf(tty, &b, &nr);
2236 if (retval)
2237 break;
2238 } else {
2239 int uncopied;
2240
2241 /* Deal with packet mode. */
2242 if (packet && b == buf) {
2243 if (put_user(TIOCPKT_DATA, b)) {
2244 retval = -EFAULT;
2245 break;
2246 }
2247 b++;
2248 nr--;
2249 }
2250
2251 uncopied = copy_from_read_buf(tty, &b, &nr);
2252 uncopied += copy_from_read_buf(tty, &b, &nr);
2253 if (uncopied) {
2254 retval = -EFAULT;
2255 break;
2256 }
2257 }
2258
2259 n_tty_check_unthrottle(tty);
2260
2261 if (b - buf >= minimum)
2262 break;
2263 if (time)
2264 timeout = time;
2265 }
2266 if (tail != ldata->read_tail)
2267 n_tty_kick_worker(tty);
2268 up_read(&tty->termios_rwsem);
2269
2270 remove_wait_queue(&tty->read_wait, &wait);
2271 mutex_unlock(&ldata->atomic_read_lock);
2272
2273 if (b - buf)
2274 retval = b - buf;
2275
2276 return retval;
2277}
2278
2279/**
2280 * n_tty_write - write function for tty
2281 * @tty: tty device
2282 * @file: file object
2283 * @buf: userspace buffer pointer
2284 * @nr: size of I/O
2285 *
2286 * Write function of the terminal device. This is serialized with
2287 * respect to other write callers but not to termios changes, reads
2288 * and other such events. Since the receive code will echo characters,
2289 * thus calling driver write methods, the output_lock is used in
2290 * the output processing functions called here as well as in the
2291 * echo processing function to protect the column state and space
2292 * left in the buffer.
2293 *
2294 * This code must be sure never to sleep through a hangup.
2295 *
2296 * Locking: output_lock to protect column state and space left
2297 * (note that the process_output*() functions take this
2298 * lock themselves)
2299 */
2300
2301static ssize_t n_tty_write(struct tty_struct *tty, struct file *file,
2302 const unsigned char *buf, size_t nr)
2303{
2304 const unsigned char *b = buf;
2305 DEFINE_WAIT_FUNC(wait, woken_wake_function);
2306 int c;
2307 ssize_t retval = 0;
2308
2309 /* Job control check -- must be done at start (POSIX.1 7.1.1.4). */
2310 if (L_TOSTOP(tty) && file->f_op->write != redirected_tty_write) {
2311 retval = tty_check_change(tty);
2312 if (retval)
2313 return retval;
2314 }
2315
2316 down_read(&tty->termios_rwsem);
2317
2318 /* Write out any echoed characters that are still pending */
2319 process_echoes(tty);
2320
2321 add_wait_queue(&tty->write_wait, &wait);
2322 while (1) {
2323 if (signal_pending(current)) {
2324 retval = -ERESTARTSYS;
2325 break;
2326 }
2327 if (tty_hung_up_p(file) || (tty->link && !tty->link->count)) {
2328 retval = -EIO;
2329 break;
2330 }
2331 if (O_OPOST(tty)) {
2332 while (nr > 0) {
2333 ssize_t num = process_output_block(tty, b, nr);
2334 if (num < 0) {
2335 if (num == -EAGAIN)
2336 break;
2337 retval = num;
2338 goto break_out;
2339 }
2340 b += num;
2341 nr -= num;
2342 if (nr == 0)
2343 break;
2344 c = *b;
2345 if (process_output(c, tty) < 0)
2346 break;
2347 b++; nr--;
2348 }
2349 if (tty->ops->flush_chars)
2350 tty->ops->flush_chars(tty);
2351 } else {
2352 struct n_tty_data *ldata = tty->disc_data;
2353
2354 while (nr > 0) {
2355 mutex_lock(&ldata->output_lock);
2356 c = tty->ops->write(tty, b, nr);
2357 mutex_unlock(&ldata->output_lock);
2358 if (c < 0) {
2359 retval = c;
2360 goto break_out;
2361 }
2362 if (!c)
2363 break;
2364 b += c;
2365 nr -= c;
2366 }
2367 }
2368 if (!nr)
2369 break;
2370 if (tty_io_nonblock(tty, file)) {
2371 retval = -EAGAIN;
2372 break;
2373 }
2374 up_read(&tty->termios_rwsem);
2375
2376 wait_woken(&wait, TASK_INTERRUPTIBLE, MAX_SCHEDULE_TIMEOUT);
2377
2378 down_read(&tty->termios_rwsem);
2379 }
2380break_out:
2381 remove_wait_queue(&tty->write_wait, &wait);
2382 if (nr && tty->fasync)
2383 set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
2384 up_read(&tty->termios_rwsem);
2385 return (b - buf) ? b - buf : retval;
2386}
2387
2388/**
2389 * n_tty_poll - poll method for N_TTY
2390 * @tty: terminal device
2391 * @file: file accessing it
2392 * @wait: poll table
2393 *
2394 * Called when the line discipline is asked to poll() for data or
2395 * for special events. This code is not serialized with respect to
2396 * other events save open/close.
2397 *
2398 * This code must be sure never to sleep through a hangup.
2399 * Called without the kernel lock held - fine
2400 */
2401
2402static __poll_t n_tty_poll(struct tty_struct *tty, struct file *file,
2403 poll_table *wait)
2404{
2405 __poll_t mask = 0;
2406
2407 poll_wait(file, &tty->read_wait, wait);
2408 poll_wait(file, &tty->write_wait, wait);
2409 if (input_available_p(tty, 1))
2410 mask |= EPOLLIN | EPOLLRDNORM;
2411 else {
2412 tty_buffer_flush_work(tty->port);
2413 if (input_available_p(tty, 1))
2414 mask |= EPOLLIN | EPOLLRDNORM;
2415 }
2416 if (tty->packet && tty->link->ctrl_status)
2417 mask |= EPOLLPRI | EPOLLIN | EPOLLRDNORM;
2418 if (test_bit(TTY_OTHER_CLOSED, &tty->flags))
2419 mask |= EPOLLHUP;
2420 if (tty_hung_up_p(file))
2421 mask |= EPOLLHUP;
2422 if (tty->ops->write && !tty_is_writelocked(tty) &&
2423 tty_chars_in_buffer(tty) < WAKEUP_CHARS &&
2424 tty_write_room(tty) > 0)
2425 mask |= EPOLLOUT | EPOLLWRNORM;
2426 return mask;
2427}
2428
2429static unsigned long inq_canon(struct n_tty_data *ldata)
2430{
2431 size_t nr, head, tail;
2432
2433 if (ldata->canon_head == ldata->read_tail)
2434 return 0;
2435 head = ldata->canon_head;
2436 tail = ldata->read_tail;
2437 nr = head - tail;
2438 /* Skip EOF-chars.. */
2439 while (MASK(head) != MASK(tail)) {
2440 if (test_bit(tail & (N_TTY_BUF_SIZE - 1), ldata->read_flags) &&
2441 read_buf(ldata, tail) == __DISABLED_CHAR)
2442 nr--;
2443 tail++;
2444 }
2445 return nr;
2446}
2447
2448static int n_tty_ioctl(struct tty_struct *tty, struct file *file,
2449 unsigned int cmd, unsigned long arg)
2450{
2451 struct n_tty_data *ldata = tty->disc_data;
2452 int retval;
2453
2454 switch (cmd) {
2455 case TIOCOUTQ:
2456 return put_user(tty_chars_in_buffer(tty), (int __user *) arg);
2457 case TIOCINQ:
2458 down_write(&tty->termios_rwsem);
2459 if (L_ICANON(tty) && !L_EXTPROC(tty))
2460 retval = inq_canon(ldata);
2461 else
2462 retval = read_cnt(ldata);
2463 up_write(&tty->termios_rwsem);
2464 return put_user(retval, (unsigned int __user *) arg);
2465 default:
2466 return n_tty_ioctl_helper(tty, file, cmd, arg);
2467 }
2468}
2469
2470static struct tty_ldisc_ops n_tty_ops = {
2471 .magic = TTY_LDISC_MAGIC,
2472 .name = "n_tty",
2473 .open = n_tty_open,
2474 .close = n_tty_close,
2475 .flush_buffer = n_tty_flush_buffer,
2476 .read = n_tty_read,
2477 .write = n_tty_write,
2478 .ioctl = n_tty_ioctl,
2479 .set_termios = n_tty_set_termios,
2480 .poll = n_tty_poll,
2481 .receive_buf = n_tty_receive_buf,
2482 .write_wakeup = n_tty_write_wakeup,
2483 .receive_buf2 = n_tty_receive_buf2,
2484};
2485
2486/**
2487 * n_tty_inherit_ops - inherit N_TTY methods
2488 * @ops: struct tty_ldisc_ops where to save N_TTY methods
2489 *
2490 * Enables a 'subclass' line discipline to 'inherit' N_TTY methods.
2491 */
2492
2493void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
2494{
2495 *ops = n_tty_ops;
2496 ops->owner = NULL;
2497 ops->refcount = ops->flags = 0;
2498}
2499EXPORT_SYMBOL_GPL(n_tty_inherit_ops);
2500
2501void __init n_tty_init(void)
2502{
2503 tty_register_ldisc(N_TTY, &n_tty_ops);
2504}
1// SPDX-License-Identifier: GPL-1.0+
2/*
3 * n_tty.c --- implements the N_TTY line discipline.
4 *
5 * This code used to be in tty_io.c, but things are getting hairy
6 * enough that it made sense to split things off. (The N_TTY
7 * processing has changed so much that it's hardly recognizable,
8 * anyway...)
9 *
10 * Note that the open routine for N_TTY is guaranteed never to return
11 * an error. This is because Linux will fall back to setting a line
12 * to N_TTY if it can not switch to any other line discipline.
13 *
14 * Written by Theodore Ts'o, Copyright 1994.
15 *
16 * This file also contains code originally written by Linus Torvalds,
17 * Copyright 1991, 1992, 1993, and by Julian Cowley, Copyright 1994.
18 *
19 * Reduced memory usage for older ARM systems - Russell King.
20 *
21 * 2000/01/20 Fixed SMP locking on put_tty_queue using bits of
22 * the patch by Andrew J. Kroll <ag784@freenet.buffalo.edu>
23 * who actually finally proved there really was a race.
24 *
25 * 2002/03/18 Implemented n_tty_wakeup to send SIGIO POLL_OUTs to
26 * waiting writing processes-Sapan Bhatia <sapan@corewars.org>.
27 * Also fixed a bug in BLOCKING mode where n_tty_write returns
28 * EAGAIN
29 */
30
31#include <linux/types.h>
32#include <linux/major.h>
33#include <linux/errno.h>
34#include <linux/signal.h>
35#include <linux/fcntl.h>
36#include <linux/sched.h>
37#include <linux/interrupt.h>
38#include <linux/tty.h>
39#include <linux/timer.h>
40#include <linux/ctype.h>
41#include <linux/mm.h>
42#include <linux/string.h>
43#include <linux/slab.h>
44#include <linux/poll.h>
45#include <linux/bitops.h>
46#include <linux/audit.h>
47#include <linux/file.h>
48#include <linux/uaccess.h>
49#include <linux/module.h>
50#include <linux/ratelimit.h>
51#include <linux/vmalloc.h>
52
53
54/* number of characters left in xmit buffer before select has we have room */
55#define WAKEUP_CHARS 256
56
57/*
58 * This defines the low- and high-watermarks for throttling and
59 * unthrottling the TTY driver. These watermarks are used for
60 * controlling the space in the read buffer.
61 */
62#define TTY_THRESHOLD_THROTTLE 128 /* now based on remaining room */
63#define TTY_THRESHOLD_UNTHROTTLE 128
64
65/*
66 * Special byte codes used in the echo buffer to represent operations
67 * or special handling of characters. Bytes in the echo buffer that
68 * are not part of such special blocks are treated as normal character
69 * codes.
70 */
71#define ECHO_OP_START 0xff
72#define ECHO_OP_MOVE_BACK_COL 0x80
73#define ECHO_OP_SET_CANON_COL 0x81
74#define ECHO_OP_ERASE_TAB 0x82
75
76#define ECHO_COMMIT_WATERMARK 256
77#define ECHO_BLOCK 256
78#define ECHO_DISCARD_WATERMARK N_TTY_BUF_SIZE - (ECHO_BLOCK + 32)
79
80
81#undef N_TTY_TRACE
82#ifdef N_TTY_TRACE
83# define n_tty_trace(f, args...) trace_printk(f, ##args)
84#else
85# define n_tty_trace(f, args...)
86#endif
87
88struct n_tty_data {
89 /* producer-published */
90 size_t read_head;
91 size_t commit_head;
92 size_t canon_head;
93 size_t echo_head;
94 size_t echo_commit;
95 size_t echo_mark;
96 DECLARE_BITMAP(char_map, 256);
97
98 /* private to n_tty_receive_overrun (single-threaded) */
99 unsigned long overrun_time;
100 int num_overrun;
101
102 /* non-atomic */
103 bool no_room;
104
105 /* must hold exclusive termios_rwsem to reset these */
106 unsigned char lnext:1, erasing:1, raw:1, real_raw:1, icanon:1;
107 unsigned char push:1;
108
109 /* shared by producer and consumer */
110 char read_buf[N_TTY_BUF_SIZE];
111 DECLARE_BITMAP(read_flags, N_TTY_BUF_SIZE);
112 unsigned char echo_buf[N_TTY_BUF_SIZE];
113
114 /* consumer-published */
115 size_t read_tail;
116 size_t line_start;
117
118 /* protected by output lock */
119 unsigned int column;
120 unsigned int canon_column;
121 size_t echo_tail;
122
123 struct mutex atomic_read_lock;
124 struct mutex output_lock;
125};
126
127static inline size_t read_cnt(struct n_tty_data *ldata)
128{
129 return ldata->read_head - ldata->read_tail;
130}
131
132static inline unsigned char read_buf(struct n_tty_data *ldata, size_t i)
133{
134 return ldata->read_buf[i & (N_TTY_BUF_SIZE - 1)];
135}
136
137static inline unsigned char *read_buf_addr(struct n_tty_data *ldata, size_t i)
138{
139 return &ldata->read_buf[i & (N_TTY_BUF_SIZE - 1)];
140}
141
142static inline unsigned char echo_buf(struct n_tty_data *ldata, size_t i)
143{
144 return ldata->echo_buf[i & (N_TTY_BUF_SIZE - 1)];
145}
146
147static inline unsigned char *echo_buf_addr(struct n_tty_data *ldata, size_t i)
148{
149 return &ldata->echo_buf[i & (N_TTY_BUF_SIZE - 1)];
150}
151
152static int tty_copy_to_user(struct tty_struct *tty, void __user *to,
153 size_t tail, size_t n)
154{
155 struct n_tty_data *ldata = tty->disc_data;
156 size_t size = N_TTY_BUF_SIZE - tail;
157 const void *from = read_buf_addr(ldata, tail);
158 int uncopied;
159
160 if (n > size) {
161 tty_audit_add_data(tty, from, size);
162 uncopied = copy_to_user(to, from, size);
163 if (uncopied)
164 return uncopied;
165 to += size;
166 n -= size;
167 from = ldata->read_buf;
168 }
169
170 tty_audit_add_data(tty, from, n);
171 return copy_to_user(to, from, n);
172}
173
174/**
175 * n_tty_kick_worker - start input worker (if required)
176 * @tty: terminal
177 *
178 * Re-schedules the flip buffer work if it may have stopped
179 *
180 * Caller holds exclusive termios_rwsem
181 * or
182 * n_tty_read()/consumer path:
183 * holds non-exclusive termios_rwsem
184 */
185
186static void n_tty_kick_worker(struct tty_struct *tty)
187{
188 struct n_tty_data *ldata = tty->disc_data;
189
190 /* Did the input worker stop? Restart it */
191 if (unlikely(ldata->no_room)) {
192 ldata->no_room = 0;
193
194 WARN_RATELIMIT(tty->port->itty == NULL,
195 "scheduling with invalid itty\n");
196 /* see if ldisc has been killed - if so, this means that
197 * even though the ldisc has been halted and ->buf.work
198 * cancelled, ->buf.work is about to be rescheduled
199 */
200 WARN_RATELIMIT(test_bit(TTY_LDISC_HALTED, &tty->flags),
201 "scheduling buffer work for halted ldisc\n");
202 tty_buffer_restart_work(tty->port);
203 }
204}
205
206static ssize_t chars_in_buffer(struct tty_struct *tty)
207{
208 struct n_tty_data *ldata = tty->disc_data;
209 ssize_t n = 0;
210
211 if (!ldata->icanon)
212 n = ldata->commit_head - ldata->read_tail;
213 else
214 n = ldata->canon_head - ldata->read_tail;
215 return n;
216}
217
218/**
219 * n_tty_write_wakeup - asynchronous I/O notifier
220 * @tty: tty device
221 *
222 * Required for the ptys, serial driver etc. since processes
223 * that attach themselves to the master and rely on ASYNC
224 * IO must be woken up
225 */
226
227static void n_tty_write_wakeup(struct tty_struct *tty)
228{
229 clear_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
230 kill_fasync(&tty->fasync, SIGIO, POLL_OUT);
231}
232
233static void n_tty_check_throttle(struct tty_struct *tty)
234{
235 struct n_tty_data *ldata = tty->disc_data;
236
237 /*
238 * Check the remaining room for the input canonicalization
239 * mode. We don't want to throttle the driver if we're in
240 * canonical mode and don't have a newline yet!
241 */
242 if (ldata->icanon && ldata->canon_head == ldata->read_tail)
243 return;
244
245 while (1) {
246 int throttled;
247 tty_set_flow_change(tty, TTY_THROTTLE_SAFE);
248 if (N_TTY_BUF_SIZE - read_cnt(ldata) >= TTY_THRESHOLD_THROTTLE)
249 break;
250 throttled = tty_throttle_safe(tty);
251 if (!throttled)
252 break;
253 }
254 __tty_set_flow_change(tty, 0);
255}
256
257static void n_tty_check_unthrottle(struct tty_struct *tty)
258{
259 if (tty->driver->type == TTY_DRIVER_TYPE_PTY) {
260 if (chars_in_buffer(tty) > TTY_THRESHOLD_UNTHROTTLE)
261 return;
262 n_tty_kick_worker(tty);
263 tty_wakeup(tty->link);
264 return;
265 }
266
267 /* If there is enough space in the read buffer now, let the
268 * low-level driver know. We use chars_in_buffer() to
269 * check the buffer, as it now knows about canonical mode.
270 * Otherwise, if the driver is throttled and the line is
271 * longer than TTY_THRESHOLD_UNTHROTTLE in canonical mode,
272 * we won't get any more characters.
273 */
274
275 while (1) {
276 int unthrottled;
277 tty_set_flow_change(tty, TTY_UNTHROTTLE_SAFE);
278 if (chars_in_buffer(tty) > TTY_THRESHOLD_UNTHROTTLE)
279 break;
280 n_tty_kick_worker(tty);
281 unthrottled = tty_unthrottle_safe(tty);
282 if (!unthrottled)
283 break;
284 }
285 __tty_set_flow_change(tty, 0);
286}
287
288/**
289 * put_tty_queue - add character to tty
290 * @c: character
291 * @ldata: n_tty data
292 *
293 * Add a character to the tty read_buf queue.
294 *
295 * n_tty_receive_buf()/producer path:
296 * caller holds non-exclusive termios_rwsem
297 */
298
299static inline void put_tty_queue(unsigned char c, struct n_tty_data *ldata)
300{
301 *read_buf_addr(ldata, ldata->read_head) = c;
302 ldata->read_head++;
303}
304
305/**
306 * reset_buffer_flags - reset buffer state
307 * @tty: terminal to reset
308 *
309 * Reset the read buffer counters and clear the flags.
310 * Called from n_tty_open() and n_tty_flush_buffer().
311 *
312 * Locking: caller holds exclusive termios_rwsem
313 * (or locking is not required)
314 */
315
316static void reset_buffer_flags(struct n_tty_data *ldata)
317{
318 ldata->read_head = ldata->canon_head = ldata->read_tail = 0;
319 ldata->echo_head = ldata->echo_tail = ldata->echo_commit = 0;
320 ldata->commit_head = 0;
321 ldata->echo_mark = 0;
322 ldata->line_start = 0;
323
324 ldata->erasing = 0;
325 bitmap_zero(ldata->read_flags, N_TTY_BUF_SIZE);
326 ldata->push = 0;
327}
328
329static void n_tty_packet_mode_flush(struct tty_struct *tty)
330{
331 unsigned long flags;
332
333 if (tty->link->packet) {
334 spin_lock_irqsave(&tty->ctrl_lock, flags);
335 tty->ctrl_status |= TIOCPKT_FLUSHREAD;
336 spin_unlock_irqrestore(&tty->ctrl_lock, flags);
337 wake_up_interruptible(&tty->link->read_wait);
338 }
339}
340
341/**
342 * n_tty_flush_buffer - clean input queue
343 * @tty: terminal device
344 *
345 * Flush the input buffer. Called when the tty layer wants the
346 * buffer flushed (eg at hangup) or when the N_TTY line discipline
347 * internally has to clean the pending queue (for example some signals).
348 *
349 * Holds termios_rwsem to exclude producer/consumer while
350 * buffer indices are reset.
351 *
352 * Locking: ctrl_lock, exclusive termios_rwsem
353 */
354
355static void n_tty_flush_buffer(struct tty_struct *tty)
356{
357 down_write(&tty->termios_rwsem);
358 reset_buffer_flags(tty->disc_data);
359 n_tty_kick_worker(tty);
360
361 if (tty->link)
362 n_tty_packet_mode_flush(tty);
363 up_write(&tty->termios_rwsem);
364}
365
366/**
367 * is_utf8_continuation - utf8 multibyte check
368 * @c: byte to check
369 *
370 * Returns true if the utf8 character 'c' is a multibyte continuation
371 * character. We use this to correctly compute the on screen size
372 * of the character when printing
373 */
374
375static inline int is_utf8_continuation(unsigned char c)
376{
377 return (c & 0xc0) == 0x80;
378}
379
380/**
381 * is_continuation - multibyte check
382 * @c: byte to check
383 *
384 * Returns true if the utf8 character 'c' is a multibyte continuation
385 * character and the terminal is in unicode mode.
386 */
387
388static inline int is_continuation(unsigned char c, struct tty_struct *tty)
389{
390 return I_IUTF8(tty) && is_utf8_continuation(c);
391}
392
393/**
394 * do_output_char - output one character
395 * @c: character (or partial unicode symbol)
396 * @tty: terminal device
397 * @space: space available in tty driver write buffer
398 *
399 * This is a helper function that handles one output character
400 * (including special characters like TAB, CR, LF, etc.),
401 * doing OPOST processing and putting the results in the
402 * tty driver's write buffer.
403 *
404 * Note that Linux currently ignores TABDLY, CRDLY, VTDLY, FFDLY
405 * and NLDLY. They simply aren't relevant in the world today.
406 * If you ever need them, add them here.
407 *
408 * Returns the number of bytes of buffer space used or -1 if
409 * no space left.
410 *
411 * Locking: should be called under the output_lock to protect
412 * the column state and space left in the buffer
413 */
414
415static int do_output_char(unsigned char c, struct tty_struct *tty, int space)
416{
417 struct n_tty_data *ldata = tty->disc_data;
418 int spaces;
419
420 if (!space)
421 return -1;
422
423 switch (c) {
424 case '\n':
425 if (O_ONLRET(tty))
426 ldata->column = 0;
427 if (O_ONLCR(tty)) {
428 if (space < 2)
429 return -1;
430 ldata->canon_column = ldata->column = 0;
431 tty->ops->write(tty, "\r\n", 2);
432 return 2;
433 }
434 ldata->canon_column = ldata->column;
435 break;
436 case '\r':
437 if (O_ONOCR(tty) && ldata->column == 0)
438 return 0;
439 if (O_OCRNL(tty)) {
440 c = '\n';
441 if (O_ONLRET(tty))
442 ldata->canon_column = ldata->column = 0;
443 break;
444 }
445 ldata->canon_column = ldata->column = 0;
446 break;
447 case '\t':
448 spaces = 8 - (ldata->column & 7);
449 if (O_TABDLY(tty) == XTABS) {
450 if (space < spaces)
451 return -1;
452 ldata->column += spaces;
453 tty->ops->write(tty, " ", spaces);
454 return spaces;
455 }
456 ldata->column += spaces;
457 break;
458 case '\b':
459 if (ldata->column > 0)
460 ldata->column--;
461 break;
462 default:
463 if (!iscntrl(c)) {
464 if (O_OLCUC(tty))
465 c = toupper(c);
466 if (!is_continuation(c, tty))
467 ldata->column++;
468 }
469 break;
470 }
471
472 tty_put_char(tty, c);
473 return 1;
474}
475
476/**
477 * process_output - output post processor
478 * @c: character (or partial unicode symbol)
479 * @tty: terminal device
480 *
481 * Output one character with OPOST processing.
482 * Returns -1 when the output device is full and the character
483 * must be retried.
484 *
485 * Locking: output_lock to protect column state and space left
486 * (also, this is called from n_tty_write under the
487 * tty layer write lock)
488 */
489
490static int process_output(unsigned char c, struct tty_struct *tty)
491{
492 struct n_tty_data *ldata = tty->disc_data;
493 int space, retval;
494
495 mutex_lock(&ldata->output_lock);
496
497 space = tty_write_room(tty);
498 retval = do_output_char(c, tty, space);
499
500 mutex_unlock(&ldata->output_lock);
501 if (retval < 0)
502 return -1;
503 else
504 return 0;
505}
506
507/**
508 * process_output_block - block post processor
509 * @tty: terminal device
510 * @buf: character buffer
511 * @nr: number of bytes to output
512 *
513 * Output a block of characters with OPOST processing.
514 * Returns the number of characters output.
515 *
516 * This path is used to speed up block console writes, among other
517 * things when processing blocks of output data. It handles only
518 * the simple cases normally found and helps to generate blocks of
519 * symbols for the console driver and thus improve performance.
520 *
521 * Locking: output_lock to protect column state and space left
522 * (also, this is called from n_tty_write under the
523 * tty layer write lock)
524 */
525
526static ssize_t process_output_block(struct tty_struct *tty,
527 const unsigned char *buf, unsigned int nr)
528{
529 struct n_tty_data *ldata = tty->disc_data;
530 int space;
531 int i;
532 const unsigned char *cp;
533
534 mutex_lock(&ldata->output_lock);
535
536 space = tty_write_room(tty);
537 if (!space) {
538 mutex_unlock(&ldata->output_lock);
539 return 0;
540 }
541 if (nr > space)
542 nr = space;
543
544 for (i = 0, cp = buf; i < nr; i++, cp++) {
545 unsigned char c = *cp;
546
547 switch (c) {
548 case '\n':
549 if (O_ONLRET(tty))
550 ldata->column = 0;
551 if (O_ONLCR(tty))
552 goto break_out;
553 ldata->canon_column = ldata->column;
554 break;
555 case '\r':
556 if (O_ONOCR(tty) && ldata->column == 0)
557 goto break_out;
558 if (O_OCRNL(tty))
559 goto break_out;
560 ldata->canon_column = ldata->column = 0;
561 break;
562 case '\t':
563 goto break_out;
564 case '\b':
565 if (ldata->column > 0)
566 ldata->column--;
567 break;
568 default:
569 if (!iscntrl(c)) {
570 if (O_OLCUC(tty))
571 goto break_out;
572 if (!is_continuation(c, tty))
573 ldata->column++;
574 }
575 break;
576 }
577 }
578break_out:
579 i = tty->ops->write(tty, buf, i);
580
581 mutex_unlock(&ldata->output_lock);
582 return i;
583}
584
585/**
586 * process_echoes - write pending echo characters
587 * @tty: terminal device
588 *
589 * Write previously buffered echo (and other ldisc-generated)
590 * characters to the tty.
591 *
592 * Characters generated by the ldisc (including echoes) need to
593 * be buffered because the driver's write buffer can fill during
594 * heavy program output. Echoing straight to the driver will
595 * often fail under these conditions, causing lost characters and
596 * resulting mismatches of ldisc state information.
597 *
598 * Since the ldisc state must represent the characters actually sent
599 * to the driver at the time of the write, operations like certain
600 * changes in column state are also saved in the buffer and executed
601 * here.
602 *
603 * A circular fifo buffer is used so that the most recent characters
604 * are prioritized. Also, when control characters are echoed with a
605 * prefixed "^", the pair is treated atomically and thus not separated.
606 *
607 * Locking: callers must hold output_lock
608 */
609
610static size_t __process_echoes(struct tty_struct *tty)
611{
612 struct n_tty_data *ldata = tty->disc_data;
613 int space, old_space;
614 size_t tail;
615 unsigned char c;
616
617 old_space = space = tty_write_room(tty);
618
619 tail = ldata->echo_tail;
620 while (ldata->echo_commit != tail) {
621 c = echo_buf(ldata, tail);
622 if (c == ECHO_OP_START) {
623 unsigned char op;
624 int no_space_left = 0;
625
626 /*
627 * If the buffer byte is the start of a multi-byte
628 * operation, get the next byte, which is either the
629 * op code or a control character value.
630 */
631 op = echo_buf(ldata, tail + 1);
632
633 switch (op) {
634 unsigned int num_chars, num_bs;
635
636 case ECHO_OP_ERASE_TAB:
637 num_chars = echo_buf(ldata, tail + 2);
638
639 /*
640 * Determine how many columns to go back
641 * in order to erase the tab.
642 * This depends on the number of columns
643 * used by other characters within the tab
644 * area. If this (modulo 8) count is from
645 * the start of input rather than from a
646 * previous tab, we offset by canon column.
647 * Otherwise, tab spacing is normal.
648 */
649 if (!(num_chars & 0x80))
650 num_chars += ldata->canon_column;
651 num_bs = 8 - (num_chars & 7);
652
653 if (num_bs > space) {
654 no_space_left = 1;
655 break;
656 }
657 space -= num_bs;
658 while (num_bs--) {
659 tty_put_char(tty, '\b');
660 if (ldata->column > 0)
661 ldata->column--;
662 }
663 tail += 3;
664 break;
665
666 case ECHO_OP_SET_CANON_COL:
667 ldata->canon_column = ldata->column;
668 tail += 2;
669 break;
670
671 case ECHO_OP_MOVE_BACK_COL:
672 if (ldata->column > 0)
673 ldata->column--;
674 tail += 2;
675 break;
676
677 case ECHO_OP_START:
678 /* This is an escaped echo op start code */
679 if (!space) {
680 no_space_left = 1;
681 break;
682 }
683 tty_put_char(tty, ECHO_OP_START);
684 ldata->column++;
685 space--;
686 tail += 2;
687 break;
688
689 default:
690 /*
691 * If the op is not a special byte code,
692 * it is a ctrl char tagged to be echoed
693 * as "^X" (where X is the letter
694 * representing the control char).
695 * Note that we must ensure there is
696 * enough space for the whole ctrl pair.
697 *
698 */
699 if (space < 2) {
700 no_space_left = 1;
701 break;
702 }
703 tty_put_char(tty, '^');
704 tty_put_char(tty, op ^ 0100);
705 ldata->column += 2;
706 space -= 2;
707 tail += 2;
708 }
709
710 if (no_space_left)
711 break;
712 } else {
713 if (O_OPOST(tty)) {
714 int retval = do_output_char(c, tty, space);
715 if (retval < 0)
716 break;
717 space -= retval;
718 } else {
719 if (!space)
720 break;
721 tty_put_char(tty, c);
722 space -= 1;
723 }
724 tail += 1;
725 }
726 }
727
728 /* If the echo buffer is nearly full (so that the possibility exists
729 * of echo overrun before the next commit), then discard enough
730 * data at the tail to prevent a subsequent overrun */
731 while (ldata->echo_commit - tail >= ECHO_DISCARD_WATERMARK) {
732 if (echo_buf(ldata, tail) == ECHO_OP_START) {
733 if (echo_buf(ldata, tail + 1) == ECHO_OP_ERASE_TAB)
734 tail += 3;
735 else
736 tail += 2;
737 } else
738 tail++;
739 }
740
741 ldata->echo_tail = tail;
742 return old_space - space;
743}
744
745static void commit_echoes(struct tty_struct *tty)
746{
747 struct n_tty_data *ldata = tty->disc_data;
748 size_t nr, old, echoed;
749 size_t head;
750
751 head = ldata->echo_head;
752 ldata->echo_mark = head;
753 old = ldata->echo_commit - ldata->echo_tail;
754
755 /* Process committed echoes if the accumulated # of bytes
756 * is over the threshold (and try again each time another
757 * block is accumulated) */
758 nr = head - ldata->echo_tail;
759 if (nr < ECHO_COMMIT_WATERMARK || (nr % ECHO_BLOCK > old % ECHO_BLOCK))
760 return;
761
762 mutex_lock(&ldata->output_lock);
763 ldata->echo_commit = head;
764 echoed = __process_echoes(tty);
765 mutex_unlock(&ldata->output_lock);
766
767 if (echoed && tty->ops->flush_chars)
768 tty->ops->flush_chars(tty);
769}
770
771static void process_echoes(struct tty_struct *tty)
772{
773 struct n_tty_data *ldata = tty->disc_data;
774 size_t echoed;
775
776 if (ldata->echo_mark == ldata->echo_tail)
777 return;
778
779 mutex_lock(&ldata->output_lock);
780 ldata->echo_commit = ldata->echo_mark;
781 echoed = __process_echoes(tty);
782 mutex_unlock(&ldata->output_lock);
783
784 if (echoed && tty->ops->flush_chars)
785 tty->ops->flush_chars(tty);
786}
787
788/* NB: echo_mark and echo_head should be equivalent here */
789static void flush_echoes(struct tty_struct *tty)
790{
791 struct n_tty_data *ldata = tty->disc_data;
792
793 if ((!L_ECHO(tty) && !L_ECHONL(tty)) ||
794 ldata->echo_commit == ldata->echo_head)
795 return;
796
797 mutex_lock(&ldata->output_lock);
798 ldata->echo_commit = ldata->echo_head;
799 __process_echoes(tty);
800 mutex_unlock(&ldata->output_lock);
801}
802
803/**
804 * add_echo_byte - add a byte to the echo buffer
805 * @c: unicode byte to echo
806 * @ldata: n_tty data
807 *
808 * Add a character or operation byte to the echo buffer.
809 */
810
811static inline void add_echo_byte(unsigned char c, struct n_tty_data *ldata)
812{
813 *echo_buf_addr(ldata, ldata->echo_head++) = c;
814}
815
816/**
817 * echo_move_back_col - add operation to move back a column
818 * @ldata: n_tty data
819 *
820 * Add an operation to the echo buffer to move back one column.
821 */
822
823static void echo_move_back_col(struct n_tty_data *ldata)
824{
825 add_echo_byte(ECHO_OP_START, ldata);
826 add_echo_byte(ECHO_OP_MOVE_BACK_COL, ldata);
827}
828
829/**
830 * echo_set_canon_col - add operation to set the canon column
831 * @ldata: n_tty data
832 *
833 * Add an operation to the echo buffer to set the canon column
834 * to the current column.
835 */
836
837static void echo_set_canon_col(struct n_tty_data *ldata)
838{
839 add_echo_byte(ECHO_OP_START, ldata);
840 add_echo_byte(ECHO_OP_SET_CANON_COL, ldata);
841}
842
843/**
844 * echo_erase_tab - add operation to erase a tab
845 * @num_chars: number of character columns already used
846 * @after_tab: true if num_chars starts after a previous tab
847 * @ldata: n_tty data
848 *
849 * Add an operation to the echo buffer to erase a tab.
850 *
851 * Called by the eraser function, which knows how many character
852 * columns have been used since either a previous tab or the start
853 * of input. This information will be used later, along with
854 * canon column (if applicable), to go back the correct number
855 * of columns.
856 */
857
858static void echo_erase_tab(unsigned int num_chars, int after_tab,
859 struct n_tty_data *ldata)
860{
861 add_echo_byte(ECHO_OP_START, ldata);
862 add_echo_byte(ECHO_OP_ERASE_TAB, ldata);
863
864 /* We only need to know this modulo 8 (tab spacing) */
865 num_chars &= 7;
866
867 /* Set the high bit as a flag if num_chars is after a previous tab */
868 if (after_tab)
869 num_chars |= 0x80;
870
871 add_echo_byte(num_chars, ldata);
872}
873
874/**
875 * echo_char_raw - echo a character raw
876 * @c: unicode byte to echo
877 * @tty: terminal device
878 *
879 * Echo user input back onto the screen. This must be called only when
880 * L_ECHO(tty) is true. Called from the driver receive_buf path.
881 *
882 * This variant does not treat control characters specially.
883 */
884
885static void echo_char_raw(unsigned char c, struct n_tty_data *ldata)
886{
887 if (c == ECHO_OP_START) {
888 add_echo_byte(ECHO_OP_START, ldata);
889 add_echo_byte(ECHO_OP_START, ldata);
890 } else {
891 add_echo_byte(c, ldata);
892 }
893}
894
895/**
896 * echo_char - echo a character
897 * @c: unicode byte to echo
898 * @tty: terminal device
899 *
900 * Echo user input back onto the screen. This must be called only when
901 * L_ECHO(tty) is true. Called from the driver receive_buf path.
902 *
903 * This variant tags control characters to be echoed as "^X"
904 * (where X is the letter representing the control char).
905 */
906
907static void echo_char(unsigned char c, struct tty_struct *tty)
908{
909 struct n_tty_data *ldata = tty->disc_data;
910
911 if (c == ECHO_OP_START) {
912 add_echo_byte(ECHO_OP_START, ldata);
913 add_echo_byte(ECHO_OP_START, ldata);
914 } else {
915 if (L_ECHOCTL(tty) && iscntrl(c) && c != '\t')
916 add_echo_byte(ECHO_OP_START, ldata);
917 add_echo_byte(c, ldata);
918 }
919}
920
921/**
922 * finish_erasing - complete erase
923 * @ldata: n_tty data
924 */
925
926static inline void finish_erasing(struct n_tty_data *ldata)
927{
928 if (ldata->erasing) {
929 echo_char_raw('/', ldata);
930 ldata->erasing = 0;
931 }
932}
933
934/**
935 * eraser - handle erase function
936 * @c: character input
937 * @tty: terminal device
938 *
939 * Perform erase and necessary output when an erase character is
940 * present in the stream from the driver layer. Handles the complexities
941 * of UTF-8 multibyte symbols.
942 *
943 * n_tty_receive_buf()/producer path:
944 * caller holds non-exclusive termios_rwsem
945 */
946
947static void eraser(unsigned char c, struct tty_struct *tty)
948{
949 struct n_tty_data *ldata = tty->disc_data;
950 enum { ERASE, WERASE, KILL } kill_type;
951 size_t head;
952 size_t cnt;
953 int seen_alnums;
954
955 if (ldata->read_head == ldata->canon_head) {
956 /* process_output('\a', tty); */ /* what do you think? */
957 return;
958 }
959 if (c == ERASE_CHAR(tty))
960 kill_type = ERASE;
961 else if (c == WERASE_CHAR(tty))
962 kill_type = WERASE;
963 else {
964 if (!L_ECHO(tty)) {
965 ldata->read_head = ldata->canon_head;
966 return;
967 }
968 if (!L_ECHOK(tty) || !L_ECHOKE(tty) || !L_ECHOE(tty)) {
969 ldata->read_head = ldata->canon_head;
970 finish_erasing(ldata);
971 echo_char(KILL_CHAR(tty), tty);
972 /* Add a newline if ECHOK is on and ECHOKE is off. */
973 if (L_ECHOK(tty))
974 echo_char_raw('\n', ldata);
975 return;
976 }
977 kill_type = KILL;
978 }
979
980 seen_alnums = 0;
981 while (ldata->read_head != ldata->canon_head) {
982 head = ldata->read_head;
983
984 /* erase a single possibly multibyte character */
985 do {
986 head--;
987 c = read_buf(ldata, head);
988 } while (is_continuation(c, tty) && head != ldata->canon_head);
989
990 /* do not partially erase */
991 if (is_continuation(c, tty))
992 break;
993
994 if (kill_type == WERASE) {
995 /* Equivalent to BSD's ALTWERASE. */
996 if (isalnum(c) || c == '_')
997 seen_alnums++;
998 else if (seen_alnums)
999 break;
1000 }
1001 cnt = ldata->read_head - head;
1002 ldata->read_head = head;
1003 if (L_ECHO(tty)) {
1004 if (L_ECHOPRT(tty)) {
1005 if (!ldata->erasing) {
1006 echo_char_raw('\\', ldata);
1007 ldata->erasing = 1;
1008 }
1009 /* if cnt > 1, output a multi-byte character */
1010 echo_char(c, tty);
1011 while (--cnt > 0) {
1012 head++;
1013 echo_char_raw(read_buf(ldata, head), ldata);
1014 echo_move_back_col(ldata);
1015 }
1016 } else if (kill_type == ERASE && !L_ECHOE(tty)) {
1017 echo_char(ERASE_CHAR(tty), tty);
1018 } else if (c == '\t') {
1019 unsigned int num_chars = 0;
1020 int after_tab = 0;
1021 size_t tail = ldata->read_head;
1022
1023 /*
1024 * Count the columns used for characters
1025 * since the start of input or after a
1026 * previous tab.
1027 * This info is used to go back the correct
1028 * number of columns.
1029 */
1030 while (tail != ldata->canon_head) {
1031 tail--;
1032 c = read_buf(ldata, tail);
1033 if (c == '\t') {
1034 after_tab = 1;
1035 break;
1036 } else if (iscntrl(c)) {
1037 if (L_ECHOCTL(tty))
1038 num_chars += 2;
1039 } else if (!is_continuation(c, tty)) {
1040 num_chars++;
1041 }
1042 }
1043 echo_erase_tab(num_chars, after_tab, ldata);
1044 } else {
1045 if (iscntrl(c) && L_ECHOCTL(tty)) {
1046 echo_char_raw('\b', ldata);
1047 echo_char_raw(' ', ldata);
1048 echo_char_raw('\b', ldata);
1049 }
1050 if (!iscntrl(c) || L_ECHOCTL(tty)) {
1051 echo_char_raw('\b', ldata);
1052 echo_char_raw(' ', ldata);
1053 echo_char_raw('\b', ldata);
1054 }
1055 }
1056 }
1057 if (kill_type == ERASE)
1058 break;
1059 }
1060 if (ldata->read_head == ldata->canon_head && L_ECHO(tty))
1061 finish_erasing(ldata);
1062}
1063
1064/**
1065 * isig - handle the ISIG optio
1066 * @sig: signal
1067 * @tty: terminal
1068 *
1069 * Called when a signal is being sent due to terminal input.
1070 * Called from the driver receive_buf path so serialized.
1071 *
1072 * Performs input and output flush if !NOFLSH. In this context, the echo
1073 * buffer is 'output'. The signal is processed first to alert any current
1074 * readers or writers to discontinue and exit their i/o loops.
1075 *
1076 * Locking: ctrl_lock
1077 */
1078
1079static void __isig(int sig, struct tty_struct *tty)
1080{
1081 struct pid *tty_pgrp = tty_get_pgrp(tty);
1082 if (tty_pgrp) {
1083 kill_pgrp(tty_pgrp, sig, 1);
1084 put_pid(tty_pgrp);
1085 }
1086}
1087
1088static void isig(int sig, struct tty_struct *tty)
1089{
1090 struct n_tty_data *ldata = tty->disc_data;
1091
1092 if (L_NOFLSH(tty)) {
1093 /* signal only */
1094 __isig(sig, tty);
1095
1096 } else { /* signal and flush */
1097 up_read(&tty->termios_rwsem);
1098 down_write(&tty->termios_rwsem);
1099
1100 __isig(sig, tty);
1101
1102 /* clear echo buffer */
1103 mutex_lock(&ldata->output_lock);
1104 ldata->echo_head = ldata->echo_tail = 0;
1105 ldata->echo_mark = ldata->echo_commit = 0;
1106 mutex_unlock(&ldata->output_lock);
1107
1108 /* clear output buffer */
1109 tty_driver_flush_buffer(tty);
1110
1111 /* clear input buffer */
1112 reset_buffer_flags(tty->disc_data);
1113
1114 /* notify pty master of flush */
1115 if (tty->link)
1116 n_tty_packet_mode_flush(tty);
1117
1118 up_write(&tty->termios_rwsem);
1119 down_read(&tty->termios_rwsem);
1120 }
1121}
1122
1123/**
1124 * n_tty_receive_break - handle break
1125 * @tty: terminal
1126 *
1127 * An RS232 break event has been hit in the incoming bitstream. This
1128 * can cause a variety of events depending upon the termios settings.
1129 *
1130 * n_tty_receive_buf()/producer path:
1131 * caller holds non-exclusive termios_rwsem
1132 *
1133 * Note: may get exclusive termios_rwsem if flushing input buffer
1134 */
1135
1136static void n_tty_receive_break(struct tty_struct *tty)
1137{
1138 struct n_tty_data *ldata = tty->disc_data;
1139
1140 if (I_IGNBRK(tty))
1141 return;
1142 if (I_BRKINT(tty)) {
1143 isig(SIGINT, tty);
1144 return;
1145 }
1146 if (I_PARMRK(tty)) {
1147 put_tty_queue('\377', ldata);
1148 put_tty_queue('\0', ldata);
1149 }
1150 put_tty_queue('\0', ldata);
1151}
1152
1153/**
1154 * n_tty_receive_overrun - handle overrun reporting
1155 * @tty: terminal
1156 *
1157 * Data arrived faster than we could process it. While the tty
1158 * driver has flagged this the bits that were missed are gone
1159 * forever.
1160 *
1161 * Called from the receive_buf path so single threaded. Does not
1162 * need locking as num_overrun and overrun_time are function
1163 * private.
1164 */
1165
1166static void n_tty_receive_overrun(struct tty_struct *tty)
1167{
1168 struct n_tty_data *ldata = tty->disc_data;
1169
1170 ldata->num_overrun++;
1171 if (time_after(jiffies, ldata->overrun_time + HZ) ||
1172 time_after(ldata->overrun_time, jiffies)) {
1173 tty_warn(tty, "%d input overrun(s)\n", ldata->num_overrun);
1174 ldata->overrun_time = jiffies;
1175 ldata->num_overrun = 0;
1176 }
1177}
1178
1179/**
1180 * n_tty_receive_parity_error - error notifier
1181 * @tty: terminal device
1182 * @c: character
1183 *
1184 * Process a parity error and queue the right data to indicate
1185 * the error case if necessary.
1186 *
1187 * n_tty_receive_buf()/producer path:
1188 * caller holds non-exclusive termios_rwsem
1189 */
1190static void n_tty_receive_parity_error(struct tty_struct *tty, unsigned char c)
1191{
1192 struct n_tty_data *ldata = tty->disc_data;
1193
1194 if (I_INPCK(tty)) {
1195 if (I_IGNPAR(tty))
1196 return;
1197 if (I_PARMRK(tty)) {
1198 put_tty_queue('\377', ldata);
1199 put_tty_queue('\0', ldata);
1200 put_tty_queue(c, ldata);
1201 } else
1202 put_tty_queue('\0', ldata);
1203 } else
1204 put_tty_queue(c, ldata);
1205}
1206
1207static void
1208n_tty_receive_signal_char(struct tty_struct *tty, int signal, unsigned char c)
1209{
1210 isig(signal, tty);
1211 if (I_IXON(tty))
1212 start_tty(tty);
1213 if (L_ECHO(tty)) {
1214 echo_char(c, tty);
1215 commit_echoes(tty);
1216 } else
1217 process_echoes(tty);
1218 return;
1219}
1220
1221/**
1222 * n_tty_receive_char - perform processing
1223 * @tty: terminal device
1224 * @c: character
1225 *
1226 * Process an individual character of input received from the driver.
1227 * This is serialized with respect to itself by the rules for the
1228 * driver above.
1229 *
1230 * n_tty_receive_buf()/producer path:
1231 * caller holds non-exclusive termios_rwsem
1232 * publishes canon_head if canonical mode is active
1233 *
1234 * Returns 1 if LNEXT was received, else returns 0
1235 */
1236
1237static int
1238n_tty_receive_char_special(struct tty_struct *tty, unsigned char c)
1239{
1240 struct n_tty_data *ldata = tty->disc_data;
1241
1242 if (I_IXON(tty)) {
1243 if (c == START_CHAR(tty)) {
1244 start_tty(tty);
1245 process_echoes(tty);
1246 return 0;
1247 }
1248 if (c == STOP_CHAR(tty)) {
1249 stop_tty(tty);
1250 return 0;
1251 }
1252 }
1253
1254 if (L_ISIG(tty)) {
1255 if (c == INTR_CHAR(tty)) {
1256 n_tty_receive_signal_char(tty, SIGINT, c);
1257 return 0;
1258 } else if (c == QUIT_CHAR(tty)) {
1259 n_tty_receive_signal_char(tty, SIGQUIT, c);
1260 return 0;
1261 } else if (c == SUSP_CHAR(tty)) {
1262 n_tty_receive_signal_char(tty, SIGTSTP, c);
1263 return 0;
1264 }
1265 }
1266
1267 if (tty->stopped && !tty->flow_stopped && I_IXON(tty) && I_IXANY(tty)) {
1268 start_tty(tty);
1269 process_echoes(tty);
1270 }
1271
1272 if (c == '\r') {
1273 if (I_IGNCR(tty))
1274 return 0;
1275 if (I_ICRNL(tty))
1276 c = '\n';
1277 } else if (c == '\n' && I_INLCR(tty))
1278 c = '\r';
1279
1280 if (ldata->icanon) {
1281 if (c == ERASE_CHAR(tty) || c == KILL_CHAR(tty) ||
1282 (c == WERASE_CHAR(tty) && L_IEXTEN(tty))) {
1283 eraser(c, tty);
1284 commit_echoes(tty);
1285 return 0;
1286 }
1287 if (c == LNEXT_CHAR(tty) && L_IEXTEN(tty)) {
1288 ldata->lnext = 1;
1289 if (L_ECHO(tty)) {
1290 finish_erasing(ldata);
1291 if (L_ECHOCTL(tty)) {
1292 echo_char_raw('^', ldata);
1293 echo_char_raw('\b', ldata);
1294 commit_echoes(tty);
1295 }
1296 }
1297 return 1;
1298 }
1299 if (c == REPRINT_CHAR(tty) && L_ECHO(tty) && L_IEXTEN(tty)) {
1300 size_t tail = ldata->canon_head;
1301
1302 finish_erasing(ldata);
1303 echo_char(c, tty);
1304 echo_char_raw('\n', ldata);
1305 while (tail != ldata->read_head) {
1306 echo_char(read_buf(ldata, tail), tty);
1307 tail++;
1308 }
1309 commit_echoes(tty);
1310 return 0;
1311 }
1312 if (c == '\n') {
1313 if (L_ECHO(tty) || L_ECHONL(tty)) {
1314 echo_char_raw('\n', ldata);
1315 commit_echoes(tty);
1316 }
1317 goto handle_newline;
1318 }
1319 if (c == EOF_CHAR(tty)) {
1320 c = __DISABLED_CHAR;
1321 goto handle_newline;
1322 }
1323 if ((c == EOL_CHAR(tty)) ||
1324 (c == EOL2_CHAR(tty) && L_IEXTEN(tty))) {
1325 /*
1326 * XXX are EOL_CHAR and EOL2_CHAR echoed?!?
1327 */
1328 if (L_ECHO(tty)) {
1329 /* Record the column of first canon char. */
1330 if (ldata->canon_head == ldata->read_head)
1331 echo_set_canon_col(ldata);
1332 echo_char(c, tty);
1333 commit_echoes(tty);
1334 }
1335 /*
1336 * XXX does PARMRK doubling happen for
1337 * EOL_CHAR and EOL2_CHAR?
1338 */
1339 if (c == (unsigned char) '\377' && I_PARMRK(tty))
1340 put_tty_queue(c, ldata);
1341
1342handle_newline:
1343 set_bit(ldata->read_head & (N_TTY_BUF_SIZE - 1), ldata->read_flags);
1344 put_tty_queue(c, ldata);
1345 smp_store_release(&ldata->canon_head, ldata->read_head);
1346 kill_fasync(&tty->fasync, SIGIO, POLL_IN);
1347 wake_up_interruptible_poll(&tty->read_wait, EPOLLIN);
1348 return 0;
1349 }
1350 }
1351
1352 if (L_ECHO(tty)) {
1353 finish_erasing(ldata);
1354 if (c == '\n')
1355 echo_char_raw('\n', ldata);
1356 else {
1357 /* Record the column of first canon char. */
1358 if (ldata->canon_head == ldata->read_head)
1359 echo_set_canon_col(ldata);
1360 echo_char(c, tty);
1361 }
1362 commit_echoes(tty);
1363 }
1364
1365 /* PARMRK doubling check */
1366 if (c == (unsigned char) '\377' && I_PARMRK(tty))
1367 put_tty_queue(c, ldata);
1368
1369 put_tty_queue(c, ldata);
1370 return 0;
1371}
1372
1373static inline void
1374n_tty_receive_char_inline(struct tty_struct *tty, unsigned char c)
1375{
1376 struct n_tty_data *ldata = tty->disc_data;
1377
1378 if (tty->stopped && !tty->flow_stopped && I_IXON(tty) && I_IXANY(tty)) {
1379 start_tty(tty);
1380 process_echoes(tty);
1381 }
1382 if (L_ECHO(tty)) {
1383 finish_erasing(ldata);
1384 /* Record the column of first canon char. */
1385 if (ldata->canon_head == ldata->read_head)
1386 echo_set_canon_col(ldata);
1387 echo_char(c, tty);
1388 commit_echoes(tty);
1389 }
1390 /* PARMRK doubling check */
1391 if (c == (unsigned char) '\377' && I_PARMRK(tty))
1392 put_tty_queue(c, ldata);
1393 put_tty_queue(c, ldata);
1394}
1395
1396static void n_tty_receive_char(struct tty_struct *tty, unsigned char c)
1397{
1398 n_tty_receive_char_inline(tty, c);
1399}
1400
1401static inline void
1402n_tty_receive_char_fast(struct tty_struct *tty, unsigned char c)
1403{
1404 struct n_tty_data *ldata = tty->disc_data;
1405
1406 if (tty->stopped && !tty->flow_stopped && I_IXON(tty) && I_IXANY(tty)) {
1407 start_tty(tty);
1408 process_echoes(tty);
1409 }
1410 if (L_ECHO(tty)) {
1411 finish_erasing(ldata);
1412 /* Record the column of first canon char. */
1413 if (ldata->canon_head == ldata->read_head)
1414 echo_set_canon_col(ldata);
1415 echo_char(c, tty);
1416 commit_echoes(tty);
1417 }
1418 put_tty_queue(c, ldata);
1419}
1420
1421static void n_tty_receive_char_closing(struct tty_struct *tty, unsigned char c)
1422{
1423 if (I_ISTRIP(tty))
1424 c &= 0x7f;
1425 if (I_IUCLC(tty) && L_IEXTEN(tty))
1426 c = tolower(c);
1427
1428 if (I_IXON(tty)) {
1429 if (c == STOP_CHAR(tty))
1430 stop_tty(tty);
1431 else if (c == START_CHAR(tty) ||
1432 (tty->stopped && !tty->flow_stopped && I_IXANY(tty) &&
1433 c != INTR_CHAR(tty) && c != QUIT_CHAR(tty) &&
1434 c != SUSP_CHAR(tty))) {
1435 start_tty(tty);
1436 process_echoes(tty);
1437 }
1438 }
1439}
1440
1441static void
1442n_tty_receive_char_flagged(struct tty_struct *tty, unsigned char c, char flag)
1443{
1444 switch (flag) {
1445 case TTY_BREAK:
1446 n_tty_receive_break(tty);
1447 break;
1448 case TTY_PARITY:
1449 case TTY_FRAME:
1450 n_tty_receive_parity_error(tty, c);
1451 break;
1452 case TTY_OVERRUN:
1453 n_tty_receive_overrun(tty);
1454 break;
1455 default:
1456 tty_err(tty, "unknown flag %d\n", flag);
1457 break;
1458 }
1459}
1460
1461static void
1462n_tty_receive_char_lnext(struct tty_struct *tty, unsigned char c, char flag)
1463{
1464 struct n_tty_data *ldata = tty->disc_data;
1465
1466 ldata->lnext = 0;
1467 if (likely(flag == TTY_NORMAL)) {
1468 if (I_ISTRIP(tty))
1469 c &= 0x7f;
1470 if (I_IUCLC(tty) && L_IEXTEN(tty))
1471 c = tolower(c);
1472 n_tty_receive_char(tty, c);
1473 } else
1474 n_tty_receive_char_flagged(tty, c, flag);
1475}
1476
1477static void
1478n_tty_receive_buf_real_raw(struct tty_struct *tty, const unsigned char *cp,
1479 char *fp, int count)
1480{
1481 struct n_tty_data *ldata = tty->disc_data;
1482 size_t n, head;
1483
1484 head = ldata->read_head & (N_TTY_BUF_SIZE - 1);
1485 n = min_t(size_t, count, N_TTY_BUF_SIZE - head);
1486 memcpy(read_buf_addr(ldata, head), cp, n);
1487 ldata->read_head += n;
1488 cp += n;
1489 count -= n;
1490
1491 head = ldata->read_head & (N_TTY_BUF_SIZE - 1);
1492 n = min_t(size_t, count, N_TTY_BUF_SIZE - head);
1493 memcpy(read_buf_addr(ldata, head), cp, n);
1494 ldata->read_head += n;
1495}
1496
1497static void
1498n_tty_receive_buf_raw(struct tty_struct *tty, const unsigned char *cp,
1499 char *fp, int count)
1500{
1501 struct n_tty_data *ldata = tty->disc_data;
1502 char flag = TTY_NORMAL;
1503
1504 while (count--) {
1505 if (fp)
1506 flag = *fp++;
1507 if (likely(flag == TTY_NORMAL))
1508 put_tty_queue(*cp++, ldata);
1509 else
1510 n_tty_receive_char_flagged(tty, *cp++, flag);
1511 }
1512}
1513
1514static void
1515n_tty_receive_buf_closing(struct tty_struct *tty, const unsigned char *cp,
1516 char *fp, int count)
1517{
1518 char flag = TTY_NORMAL;
1519
1520 while (count--) {
1521 if (fp)
1522 flag = *fp++;
1523 if (likely(flag == TTY_NORMAL))
1524 n_tty_receive_char_closing(tty, *cp++);
1525 }
1526}
1527
1528static void
1529n_tty_receive_buf_standard(struct tty_struct *tty, const unsigned char *cp,
1530 char *fp, int count)
1531{
1532 struct n_tty_data *ldata = tty->disc_data;
1533 char flag = TTY_NORMAL;
1534
1535 while (count--) {
1536 if (fp)
1537 flag = *fp++;
1538 if (likely(flag == TTY_NORMAL)) {
1539 unsigned char c = *cp++;
1540
1541 if (I_ISTRIP(tty))
1542 c &= 0x7f;
1543 if (I_IUCLC(tty) && L_IEXTEN(tty))
1544 c = tolower(c);
1545 if (L_EXTPROC(tty)) {
1546 put_tty_queue(c, ldata);
1547 continue;
1548 }
1549 if (!test_bit(c, ldata->char_map))
1550 n_tty_receive_char_inline(tty, c);
1551 else if (n_tty_receive_char_special(tty, c) && count) {
1552 if (fp)
1553 flag = *fp++;
1554 n_tty_receive_char_lnext(tty, *cp++, flag);
1555 count--;
1556 }
1557 } else
1558 n_tty_receive_char_flagged(tty, *cp++, flag);
1559 }
1560}
1561
1562static void
1563n_tty_receive_buf_fast(struct tty_struct *tty, const unsigned char *cp,
1564 char *fp, int count)
1565{
1566 struct n_tty_data *ldata = tty->disc_data;
1567 char flag = TTY_NORMAL;
1568
1569 while (count--) {
1570 if (fp)
1571 flag = *fp++;
1572 if (likely(flag == TTY_NORMAL)) {
1573 unsigned char c = *cp++;
1574
1575 if (!test_bit(c, ldata->char_map))
1576 n_tty_receive_char_fast(tty, c);
1577 else if (n_tty_receive_char_special(tty, c) && count) {
1578 if (fp)
1579 flag = *fp++;
1580 n_tty_receive_char_lnext(tty, *cp++, flag);
1581 count--;
1582 }
1583 } else
1584 n_tty_receive_char_flagged(tty, *cp++, flag);
1585 }
1586}
1587
1588static void __receive_buf(struct tty_struct *tty, const unsigned char *cp,
1589 char *fp, int count)
1590{
1591 struct n_tty_data *ldata = tty->disc_data;
1592 bool preops = I_ISTRIP(tty) || (I_IUCLC(tty) && L_IEXTEN(tty));
1593
1594 if (ldata->real_raw)
1595 n_tty_receive_buf_real_raw(tty, cp, fp, count);
1596 else if (ldata->raw || (L_EXTPROC(tty) && !preops))
1597 n_tty_receive_buf_raw(tty, cp, fp, count);
1598 else if (tty->closing && !L_EXTPROC(tty))
1599 n_tty_receive_buf_closing(tty, cp, fp, count);
1600 else {
1601 if (ldata->lnext) {
1602 char flag = TTY_NORMAL;
1603
1604 if (fp)
1605 flag = *fp++;
1606 n_tty_receive_char_lnext(tty, *cp++, flag);
1607 count--;
1608 }
1609
1610 if (!preops && !I_PARMRK(tty))
1611 n_tty_receive_buf_fast(tty, cp, fp, count);
1612 else
1613 n_tty_receive_buf_standard(tty, cp, fp, count);
1614
1615 flush_echoes(tty);
1616 if (tty->ops->flush_chars)
1617 tty->ops->flush_chars(tty);
1618 }
1619
1620 if (ldata->icanon && !L_EXTPROC(tty))
1621 return;
1622
1623 /* publish read_head to consumer */
1624 smp_store_release(&ldata->commit_head, ldata->read_head);
1625
1626 if (read_cnt(ldata)) {
1627 kill_fasync(&tty->fasync, SIGIO, POLL_IN);
1628 wake_up_interruptible_poll(&tty->read_wait, EPOLLIN);
1629 }
1630}
1631
1632/**
1633 * n_tty_receive_buf_common - process input
1634 * @tty: device to receive input
1635 * @cp: input chars
1636 * @fp: flags for each char (if NULL, all chars are TTY_NORMAL)
1637 * @count: number of input chars in @cp
1638 *
1639 * Called by the terminal driver when a block of characters has
1640 * been received. This function must be called from soft contexts
1641 * not from interrupt context. The driver is responsible for making
1642 * calls one at a time and in order (or using flush_to_ldisc)
1643 *
1644 * Returns the # of input chars from @cp which were processed.
1645 *
1646 * In canonical mode, the maximum line length is 4096 chars (including
1647 * the line termination char); lines longer than 4096 chars are
1648 * truncated. After 4095 chars, input data is still processed but
1649 * not stored. Overflow processing ensures the tty can always
1650 * receive more input until at least one line can be read.
1651 *
1652 * In non-canonical mode, the read buffer will only accept 4095 chars;
1653 * this provides the necessary space for a newline char if the input
1654 * mode is switched to canonical.
1655 *
1656 * Note it is possible for the read buffer to _contain_ 4096 chars
1657 * in non-canonical mode: the read buffer could already contain the
1658 * maximum canon line of 4096 chars when the mode is switched to
1659 * non-canonical.
1660 *
1661 * n_tty_receive_buf()/producer path:
1662 * claims non-exclusive termios_rwsem
1663 * publishes commit_head or canon_head
1664 */
1665static int
1666n_tty_receive_buf_common(struct tty_struct *tty, const unsigned char *cp,
1667 char *fp, int count, int flow)
1668{
1669 struct n_tty_data *ldata = tty->disc_data;
1670 int room, n, rcvd = 0, overflow;
1671
1672 down_read(&tty->termios_rwsem);
1673
1674 while (1) {
1675 /*
1676 * When PARMRK is set, each input char may take up to 3 chars
1677 * in the read buf; reduce the buffer space avail by 3x
1678 *
1679 * If we are doing input canonicalization, and there are no
1680 * pending newlines, let characters through without limit, so
1681 * that erase characters will be handled. Other excess
1682 * characters will be beeped.
1683 *
1684 * paired with store in *_copy_from_read_buf() -- guarantees
1685 * the consumer has loaded the data in read_buf up to the new
1686 * read_tail (so this producer will not overwrite unread data)
1687 */
1688 size_t tail = smp_load_acquire(&ldata->read_tail);
1689
1690 room = N_TTY_BUF_SIZE - (ldata->read_head - tail);
1691 if (I_PARMRK(tty))
1692 room = (room + 2) / 3;
1693 room--;
1694 if (room <= 0) {
1695 overflow = ldata->icanon && ldata->canon_head == tail;
1696 if (overflow && room < 0)
1697 ldata->read_head--;
1698 room = overflow;
1699 ldata->no_room = flow && !room;
1700 } else
1701 overflow = 0;
1702
1703 n = min(count, room);
1704 if (!n)
1705 break;
1706
1707 /* ignore parity errors if handling overflow */
1708 if (!overflow || !fp || *fp != TTY_PARITY)
1709 __receive_buf(tty, cp, fp, n);
1710
1711 cp += n;
1712 if (fp)
1713 fp += n;
1714 count -= n;
1715 rcvd += n;
1716 }
1717
1718 tty->receive_room = room;
1719
1720 /* Unthrottle if handling overflow on pty */
1721 if (tty->driver->type == TTY_DRIVER_TYPE_PTY) {
1722 if (overflow) {
1723 tty_set_flow_change(tty, TTY_UNTHROTTLE_SAFE);
1724 tty_unthrottle_safe(tty);
1725 __tty_set_flow_change(tty, 0);
1726 }
1727 } else
1728 n_tty_check_throttle(tty);
1729
1730 up_read(&tty->termios_rwsem);
1731
1732 return rcvd;
1733}
1734
1735static void n_tty_receive_buf(struct tty_struct *tty, const unsigned char *cp,
1736 char *fp, int count)
1737{
1738 n_tty_receive_buf_common(tty, cp, fp, count, 0);
1739}
1740
1741static int n_tty_receive_buf2(struct tty_struct *tty, const unsigned char *cp,
1742 char *fp, int count)
1743{
1744 return n_tty_receive_buf_common(tty, cp, fp, count, 1);
1745}
1746
1747/**
1748 * n_tty_set_termios - termios data changed
1749 * @tty: terminal
1750 * @old: previous data
1751 *
1752 * Called by the tty layer when the user changes termios flags so
1753 * that the line discipline can plan ahead. This function cannot sleep
1754 * and is protected from re-entry by the tty layer. The user is
1755 * guaranteed that this function will not be re-entered or in progress
1756 * when the ldisc is closed.
1757 *
1758 * Locking: Caller holds tty->termios_rwsem
1759 */
1760
1761static void n_tty_set_termios(struct tty_struct *tty, struct ktermios *old)
1762{
1763 struct n_tty_data *ldata = tty->disc_data;
1764
1765 if (!old || (old->c_lflag ^ tty->termios.c_lflag) & (ICANON | EXTPROC)) {
1766 bitmap_zero(ldata->read_flags, N_TTY_BUF_SIZE);
1767 ldata->line_start = ldata->read_tail;
1768 if (!L_ICANON(tty) || !read_cnt(ldata)) {
1769 ldata->canon_head = ldata->read_tail;
1770 ldata->push = 0;
1771 } else {
1772 set_bit((ldata->read_head - 1) & (N_TTY_BUF_SIZE - 1),
1773 ldata->read_flags);
1774 ldata->canon_head = ldata->read_head;
1775 ldata->push = 1;
1776 }
1777 ldata->commit_head = ldata->read_head;
1778 ldata->erasing = 0;
1779 ldata->lnext = 0;
1780 }
1781
1782 ldata->icanon = (L_ICANON(tty) != 0);
1783
1784 if (I_ISTRIP(tty) || I_IUCLC(tty) || I_IGNCR(tty) ||
1785 I_ICRNL(tty) || I_INLCR(tty) || L_ICANON(tty) ||
1786 I_IXON(tty) || L_ISIG(tty) || L_ECHO(tty) ||
1787 I_PARMRK(tty)) {
1788 bitmap_zero(ldata->char_map, 256);
1789
1790 if (I_IGNCR(tty) || I_ICRNL(tty))
1791 set_bit('\r', ldata->char_map);
1792 if (I_INLCR(tty))
1793 set_bit('\n', ldata->char_map);
1794
1795 if (L_ICANON(tty)) {
1796 set_bit(ERASE_CHAR(tty), ldata->char_map);
1797 set_bit(KILL_CHAR(tty), ldata->char_map);
1798 set_bit(EOF_CHAR(tty), ldata->char_map);
1799 set_bit('\n', ldata->char_map);
1800 set_bit(EOL_CHAR(tty), ldata->char_map);
1801 if (L_IEXTEN(tty)) {
1802 set_bit(WERASE_CHAR(tty), ldata->char_map);
1803 set_bit(LNEXT_CHAR(tty), ldata->char_map);
1804 set_bit(EOL2_CHAR(tty), ldata->char_map);
1805 if (L_ECHO(tty))
1806 set_bit(REPRINT_CHAR(tty),
1807 ldata->char_map);
1808 }
1809 }
1810 if (I_IXON(tty)) {
1811 set_bit(START_CHAR(tty), ldata->char_map);
1812 set_bit(STOP_CHAR(tty), ldata->char_map);
1813 }
1814 if (L_ISIG(tty)) {
1815 set_bit(INTR_CHAR(tty), ldata->char_map);
1816 set_bit(QUIT_CHAR(tty), ldata->char_map);
1817 set_bit(SUSP_CHAR(tty), ldata->char_map);
1818 }
1819 clear_bit(__DISABLED_CHAR, ldata->char_map);
1820 ldata->raw = 0;
1821 ldata->real_raw = 0;
1822 } else {
1823 ldata->raw = 1;
1824 if ((I_IGNBRK(tty) || (!I_BRKINT(tty) && !I_PARMRK(tty))) &&
1825 (I_IGNPAR(tty) || !I_INPCK(tty)) &&
1826 (tty->driver->flags & TTY_DRIVER_REAL_RAW))
1827 ldata->real_raw = 1;
1828 else
1829 ldata->real_raw = 0;
1830 }
1831 /*
1832 * Fix tty hang when I_IXON(tty) is cleared, but the tty
1833 * been stopped by STOP_CHAR(tty) before it.
1834 */
1835 if (!I_IXON(tty) && old && (old->c_iflag & IXON) && !tty->flow_stopped) {
1836 start_tty(tty);
1837 process_echoes(tty);
1838 }
1839
1840 /* The termios change make the tty ready for I/O */
1841 wake_up_interruptible(&tty->write_wait);
1842 wake_up_interruptible(&tty->read_wait);
1843}
1844
1845/**
1846 * n_tty_close - close the ldisc for this tty
1847 * @tty: device
1848 *
1849 * Called from the terminal layer when this line discipline is
1850 * being shut down, either because of a close or becsuse of a
1851 * discipline change. The function will not be called while other
1852 * ldisc methods are in progress.
1853 */
1854
1855static void n_tty_close(struct tty_struct *tty)
1856{
1857 struct n_tty_data *ldata = tty->disc_data;
1858
1859 if (tty->link)
1860 n_tty_packet_mode_flush(tty);
1861
1862 vfree(ldata);
1863 tty->disc_data = NULL;
1864}
1865
1866/**
1867 * n_tty_open - open an ldisc
1868 * @tty: terminal to open
1869 *
1870 * Called when this line discipline is being attached to the
1871 * terminal device. Can sleep. Called serialized so that no
1872 * other events will occur in parallel. No further open will occur
1873 * until a close.
1874 */
1875
1876static int n_tty_open(struct tty_struct *tty)
1877{
1878 struct n_tty_data *ldata;
1879
1880 /* Currently a malloc failure here can panic */
1881 ldata = vmalloc(sizeof(*ldata));
1882 if (!ldata)
1883 goto err;
1884
1885 ldata->overrun_time = jiffies;
1886 mutex_init(&ldata->atomic_read_lock);
1887 mutex_init(&ldata->output_lock);
1888
1889 tty->disc_data = ldata;
1890 reset_buffer_flags(tty->disc_data);
1891 ldata->column = 0;
1892 ldata->canon_column = 0;
1893 ldata->num_overrun = 0;
1894 ldata->no_room = 0;
1895 ldata->lnext = 0;
1896 tty->closing = 0;
1897 /* indicate buffer work may resume */
1898 clear_bit(TTY_LDISC_HALTED, &tty->flags);
1899 n_tty_set_termios(tty, NULL);
1900 tty_unthrottle(tty);
1901
1902 return 0;
1903err:
1904 return -ENOMEM;
1905}
1906
1907static inline int input_available_p(struct tty_struct *tty, int poll)
1908{
1909 struct n_tty_data *ldata = tty->disc_data;
1910 int amt = poll && !TIME_CHAR(tty) && MIN_CHAR(tty) ? MIN_CHAR(tty) : 1;
1911
1912 if (ldata->icanon && !L_EXTPROC(tty))
1913 return ldata->canon_head != ldata->read_tail;
1914 else
1915 return ldata->commit_head - ldata->read_tail >= amt;
1916}
1917
1918/**
1919 * copy_from_read_buf - copy read data directly
1920 * @tty: terminal device
1921 * @b: user data
1922 * @nr: size of data
1923 *
1924 * Helper function to speed up n_tty_read. It is only called when
1925 * ICANON is off; it copies characters straight from the tty queue to
1926 * user space directly. It can be profitably called twice; once to
1927 * drain the space from the tail pointer to the (physical) end of the
1928 * buffer, and once to drain the space from the (physical) beginning of
1929 * the buffer to head pointer.
1930 *
1931 * Called under the ldata->atomic_read_lock sem
1932 *
1933 * n_tty_read()/consumer path:
1934 * caller holds non-exclusive termios_rwsem
1935 * read_tail published
1936 */
1937
1938static int copy_from_read_buf(struct tty_struct *tty,
1939 unsigned char __user **b,
1940 size_t *nr)
1941
1942{
1943 struct n_tty_data *ldata = tty->disc_data;
1944 int retval;
1945 size_t n;
1946 bool is_eof;
1947 size_t head = smp_load_acquire(&ldata->commit_head);
1948 size_t tail = ldata->read_tail & (N_TTY_BUF_SIZE - 1);
1949
1950 retval = 0;
1951 n = min(head - ldata->read_tail, N_TTY_BUF_SIZE - tail);
1952 n = min(*nr, n);
1953 if (n) {
1954 const unsigned char *from = read_buf_addr(ldata, tail);
1955 retval = copy_to_user(*b, from, n);
1956 n -= retval;
1957 is_eof = n == 1 && *from == EOF_CHAR(tty);
1958 tty_audit_add_data(tty, from, n);
1959 smp_store_release(&ldata->read_tail, ldata->read_tail + n);
1960 /* Turn single EOF into zero-length read */
1961 if (L_EXTPROC(tty) && ldata->icanon && is_eof &&
1962 (head == ldata->read_tail))
1963 n = 0;
1964 *b += n;
1965 *nr -= n;
1966 }
1967 return retval;
1968}
1969
1970/**
1971 * canon_copy_from_read_buf - copy read data in canonical mode
1972 * @tty: terminal device
1973 * @b: user data
1974 * @nr: size of data
1975 *
1976 * Helper function for n_tty_read. It is only called when ICANON is on;
1977 * it copies one line of input up to and including the line-delimiting
1978 * character into the user-space buffer.
1979 *
1980 * NB: When termios is changed from non-canonical to canonical mode and
1981 * the read buffer contains data, n_tty_set_termios() simulates an EOF
1982 * push (as if C-d were input) _without_ the DISABLED_CHAR in the buffer.
1983 * This causes data already processed as input to be immediately available
1984 * as input although a newline has not been received.
1985 *
1986 * Called under the atomic_read_lock mutex
1987 *
1988 * n_tty_read()/consumer path:
1989 * caller holds non-exclusive termios_rwsem
1990 * read_tail published
1991 */
1992
1993static int canon_copy_from_read_buf(struct tty_struct *tty,
1994 unsigned char __user **b,
1995 size_t *nr)
1996{
1997 struct n_tty_data *ldata = tty->disc_data;
1998 size_t n, size, more, c;
1999 size_t eol;
2000 size_t tail;
2001 int ret, found = 0;
2002
2003 /* N.B. avoid overrun if nr == 0 */
2004 if (!*nr)
2005 return 0;
2006
2007 n = min(*nr + 1, smp_load_acquire(&ldata->canon_head) - ldata->read_tail);
2008
2009 tail = ldata->read_tail & (N_TTY_BUF_SIZE - 1);
2010 size = min_t(size_t, tail + n, N_TTY_BUF_SIZE);
2011
2012 n_tty_trace("%s: nr:%zu tail:%zu n:%zu size:%zu\n",
2013 __func__, *nr, tail, n, size);
2014
2015 eol = find_next_bit(ldata->read_flags, size, tail);
2016 more = n - (size - tail);
2017 if (eol == N_TTY_BUF_SIZE && more) {
2018 /* scan wrapped without finding set bit */
2019 eol = find_next_bit(ldata->read_flags, more, 0);
2020 found = eol != more;
2021 } else
2022 found = eol != size;
2023
2024 n = eol - tail;
2025 if (n > N_TTY_BUF_SIZE)
2026 n += N_TTY_BUF_SIZE;
2027 c = n + found;
2028
2029 if (!found || read_buf(ldata, eol) != __DISABLED_CHAR) {
2030 c = min(*nr, c);
2031 n = c;
2032 }
2033
2034 n_tty_trace("%s: eol:%zu found:%d n:%zu c:%zu tail:%zu more:%zu\n",
2035 __func__, eol, found, n, c, tail, more);
2036
2037 ret = tty_copy_to_user(tty, *b, tail, n);
2038 if (ret)
2039 return -EFAULT;
2040 *b += n;
2041 *nr -= n;
2042
2043 if (found)
2044 clear_bit(eol, ldata->read_flags);
2045 smp_store_release(&ldata->read_tail, ldata->read_tail + c);
2046
2047 if (found) {
2048 if (!ldata->push)
2049 ldata->line_start = ldata->read_tail;
2050 else
2051 ldata->push = 0;
2052 tty_audit_push();
2053 }
2054 return 0;
2055}
2056
2057extern ssize_t redirected_tty_write(struct file *, const char __user *,
2058 size_t, loff_t *);
2059
2060/**
2061 * job_control - check job control
2062 * @tty: tty
2063 * @file: file handle
2064 *
2065 * Perform job control management checks on this file/tty descriptor
2066 * and if appropriate send any needed signals and return a negative
2067 * error code if action should be taken.
2068 *
2069 * Locking: redirected write test is safe
2070 * current->signal->tty check is safe
2071 * ctrl_lock to safely reference tty->pgrp
2072 */
2073
2074static int job_control(struct tty_struct *tty, struct file *file)
2075{
2076 /* Job control check -- must be done at start and after
2077 every sleep (POSIX.1 7.1.1.4). */
2078 /* NOTE: not yet done after every sleep pending a thorough
2079 check of the logic of this change. -- jlc */
2080 /* don't stop on /dev/console */
2081 if (file->f_op->write == redirected_tty_write)
2082 return 0;
2083
2084 return __tty_check_change(tty, SIGTTIN);
2085}
2086
2087
2088/**
2089 * n_tty_read - read function for tty
2090 * @tty: tty device
2091 * @file: file object
2092 * @buf: userspace buffer pointer
2093 * @nr: size of I/O
2094 *
2095 * Perform reads for the line discipline. We are guaranteed that the
2096 * line discipline will not be closed under us but we may get multiple
2097 * parallel readers and must handle this ourselves. We may also get
2098 * a hangup. Always called in user context, may sleep.
2099 *
2100 * This code must be sure never to sleep through a hangup.
2101 *
2102 * n_tty_read()/consumer path:
2103 * claims non-exclusive termios_rwsem
2104 * publishes read_tail
2105 */
2106
2107static ssize_t n_tty_read(struct tty_struct *tty, struct file *file,
2108 unsigned char __user *buf, size_t nr)
2109{
2110 struct n_tty_data *ldata = tty->disc_data;
2111 unsigned char __user *b = buf;
2112 DEFINE_WAIT_FUNC(wait, woken_wake_function);
2113 int c;
2114 int minimum, time;
2115 ssize_t retval = 0;
2116 long timeout;
2117 int packet;
2118 size_t tail;
2119
2120 c = job_control(tty, file);
2121 if (c < 0)
2122 return c;
2123
2124 /*
2125 * Internal serialization of reads.
2126 */
2127 if (file->f_flags & O_NONBLOCK) {
2128 if (!mutex_trylock(&ldata->atomic_read_lock))
2129 return -EAGAIN;
2130 } else {
2131 if (mutex_lock_interruptible(&ldata->atomic_read_lock))
2132 return -ERESTARTSYS;
2133 }
2134
2135 down_read(&tty->termios_rwsem);
2136
2137 minimum = time = 0;
2138 timeout = MAX_SCHEDULE_TIMEOUT;
2139 if (!ldata->icanon) {
2140 minimum = MIN_CHAR(tty);
2141 if (minimum) {
2142 time = (HZ / 10) * TIME_CHAR(tty);
2143 } else {
2144 timeout = (HZ / 10) * TIME_CHAR(tty);
2145 minimum = 1;
2146 }
2147 }
2148
2149 packet = tty->packet;
2150 tail = ldata->read_tail;
2151
2152 add_wait_queue(&tty->read_wait, &wait);
2153 while (nr) {
2154 /* First test for status change. */
2155 if (packet && tty->link->ctrl_status) {
2156 unsigned char cs;
2157 if (b != buf)
2158 break;
2159 spin_lock_irq(&tty->link->ctrl_lock);
2160 cs = tty->link->ctrl_status;
2161 tty->link->ctrl_status = 0;
2162 spin_unlock_irq(&tty->link->ctrl_lock);
2163 if (put_user(cs, b)) {
2164 retval = -EFAULT;
2165 break;
2166 }
2167 b++;
2168 nr--;
2169 break;
2170 }
2171
2172 if (!input_available_p(tty, 0)) {
2173 up_read(&tty->termios_rwsem);
2174 tty_buffer_flush_work(tty->port);
2175 down_read(&tty->termios_rwsem);
2176 if (!input_available_p(tty, 0)) {
2177 if (test_bit(TTY_OTHER_CLOSED, &tty->flags)) {
2178 retval = -EIO;
2179 break;
2180 }
2181 if (tty_hung_up_p(file))
2182 break;
2183 /*
2184 * Abort readers for ttys which never actually
2185 * get hung up. See __tty_hangup().
2186 */
2187 if (test_bit(TTY_HUPPING, &tty->flags))
2188 break;
2189 if (!timeout)
2190 break;
2191 if (file->f_flags & O_NONBLOCK) {
2192 retval = -EAGAIN;
2193 break;
2194 }
2195 if (signal_pending(current)) {
2196 retval = -ERESTARTSYS;
2197 break;
2198 }
2199 up_read(&tty->termios_rwsem);
2200
2201 timeout = wait_woken(&wait, TASK_INTERRUPTIBLE,
2202 timeout);
2203
2204 down_read(&tty->termios_rwsem);
2205 continue;
2206 }
2207 }
2208
2209 if (ldata->icanon && !L_EXTPROC(tty)) {
2210 retval = canon_copy_from_read_buf(tty, &b, &nr);
2211 if (retval)
2212 break;
2213 } else {
2214 int uncopied;
2215
2216 /* Deal with packet mode. */
2217 if (packet && b == buf) {
2218 if (put_user(TIOCPKT_DATA, b)) {
2219 retval = -EFAULT;
2220 break;
2221 }
2222 b++;
2223 nr--;
2224 }
2225
2226 uncopied = copy_from_read_buf(tty, &b, &nr);
2227 uncopied += copy_from_read_buf(tty, &b, &nr);
2228 if (uncopied) {
2229 retval = -EFAULT;
2230 break;
2231 }
2232 }
2233
2234 n_tty_check_unthrottle(tty);
2235
2236 if (b - buf >= minimum)
2237 break;
2238 if (time)
2239 timeout = time;
2240 }
2241 if (tail != ldata->read_tail)
2242 n_tty_kick_worker(tty);
2243 up_read(&tty->termios_rwsem);
2244
2245 remove_wait_queue(&tty->read_wait, &wait);
2246 mutex_unlock(&ldata->atomic_read_lock);
2247
2248 if (b - buf)
2249 retval = b - buf;
2250
2251 return retval;
2252}
2253
2254/**
2255 * n_tty_write - write function for tty
2256 * @tty: tty device
2257 * @file: file object
2258 * @buf: userspace buffer pointer
2259 * @nr: size of I/O
2260 *
2261 * Write function of the terminal device. This is serialized with
2262 * respect to other write callers but not to termios changes, reads
2263 * and other such events. Since the receive code will echo characters,
2264 * thus calling driver write methods, the output_lock is used in
2265 * the output processing functions called here as well as in the
2266 * echo processing function to protect the column state and space
2267 * left in the buffer.
2268 *
2269 * This code must be sure never to sleep through a hangup.
2270 *
2271 * Locking: output_lock to protect column state and space left
2272 * (note that the process_output*() functions take this
2273 * lock themselves)
2274 */
2275
2276static ssize_t n_tty_write(struct tty_struct *tty, struct file *file,
2277 const unsigned char *buf, size_t nr)
2278{
2279 const unsigned char *b = buf;
2280 DEFINE_WAIT_FUNC(wait, woken_wake_function);
2281 int c;
2282 ssize_t retval = 0;
2283
2284 /* Job control check -- must be done at start (POSIX.1 7.1.1.4). */
2285 if (L_TOSTOP(tty) && file->f_op->write != redirected_tty_write) {
2286 retval = tty_check_change(tty);
2287 if (retval)
2288 return retval;
2289 }
2290
2291 down_read(&tty->termios_rwsem);
2292
2293 /* Write out any echoed characters that are still pending */
2294 process_echoes(tty);
2295
2296 add_wait_queue(&tty->write_wait, &wait);
2297 while (1) {
2298 if (signal_pending(current)) {
2299 retval = -ERESTARTSYS;
2300 break;
2301 }
2302 if (tty_hung_up_p(file) || (tty->link && !tty->link->count)) {
2303 retval = -EIO;
2304 break;
2305 }
2306 if (O_OPOST(tty)) {
2307 while (nr > 0) {
2308 ssize_t num = process_output_block(tty, b, nr);
2309 if (num < 0) {
2310 if (num == -EAGAIN)
2311 break;
2312 retval = num;
2313 goto break_out;
2314 }
2315 b += num;
2316 nr -= num;
2317 if (nr == 0)
2318 break;
2319 c = *b;
2320 if (process_output(c, tty) < 0)
2321 break;
2322 b++; nr--;
2323 }
2324 if (tty->ops->flush_chars)
2325 tty->ops->flush_chars(tty);
2326 } else {
2327 struct n_tty_data *ldata = tty->disc_data;
2328
2329 while (nr > 0) {
2330 mutex_lock(&ldata->output_lock);
2331 c = tty->ops->write(tty, b, nr);
2332 mutex_unlock(&ldata->output_lock);
2333 if (c < 0) {
2334 retval = c;
2335 goto break_out;
2336 }
2337 if (!c)
2338 break;
2339 b += c;
2340 nr -= c;
2341 }
2342 }
2343 if (!nr)
2344 break;
2345 if (file->f_flags & O_NONBLOCK) {
2346 retval = -EAGAIN;
2347 break;
2348 }
2349 up_read(&tty->termios_rwsem);
2350
2351 wait_woken(&wait, TASK_INTERRUPTIBLE, MAX_SCHEDULE_TIMEOUT);
2352
2353 down_read(&tty->termios_rwsem);
2354 }
2355break_out:
2356 remove_wait_queue(&tty->write_wait, &wait);
2357 if (nr && tty->fasync)
2358 set_bit(TTY_DO_WRITE_WAKEUP, &tty->flags);
2359 up_read(&tty->termios_rwsem);
2360 return (b - buf) ? b - buf : retval;
2361}
2362
2363/**
2364 * n_tty_poll - poll method for N_TTY
2365 * @tty: terminal device
2366 * @file: file accessing it
2367 * @wait: poll table
2368 *
2369 * Called when the line discipline is asked to poll() for data or
2370 * for special events. This code is not serialized with respect to
2371 * other events save open/close.
2372 *
2373 * This code must be sure never to sleep through a hangup.
2374 * Called without the kernel lock held - fine
2375 */
2376
2377static __poll_t n_tty_poll(struct tty_struct *tty, struct file *file,
2378 poll_table *wait)
2379{
2380 __poll_t mask = 0;
2381
2382 poll_wait(file, &tty->read_wait, wait);
2383 poll_wait(file, &tty->write_wait, wait);
2384 if (input_available_p(tty, 1))
2385 mask |= EPOLLIN | EPOLLRDNORM;
2386 else {
2387 tty_buffer_flush_work(tty->port);
2388 if (input_available_p(tty, 1))
2389 mask |= EPOLLIN | EPOLLRDNORM;
2390 }
2391 if (tty->packet && tty->link->ctrl_status)
2392 mask |= EPOLLPRI | EPOLLIN | EPOLLRDNORM;
2393 if (test_bit(TTY_OTHER_CLOSED, &tty->flags))
2394 mask |= EPOLLHUP;
2395 if (tty_hung_up_p(file))
2396 mask |= EPOLLHUP;
2397 if (tty->ops->write && !tty_is_writelocked(tty) &&
2398 tty_chars_in_buffer(tty) < WAKEUP_CHARS &&
2399 tty_write_room(tty) > 0)
2400 mask |= EPOLLOUT | EPOLLWRNORM;
2401 return mask;
2402}
2403
2404static unsigned long inq_canon(struct n_tty_data *ldata)
2405{
2406 size_t nr, head, tail;
2407
2408 if (ldata->canon_head == ldata->read_tail)
2409 return 0;
2410 head = ldata->canon_head;
2411 tail = ldata->read_tail;
2412 nr = head - tail;
2413 /* Skip EOF-chars.. */
2414 while (head != tail) {
2415 if (test_bit(tail & (N_TTY_BUF_SIZE - 1), ldata->read_flags) &&
2416 read_buf(ldata, tail) == __DISABLED_CHAR)
2417 nr--;
2418 tail++;
2419 }
2420 return nr;
2421}
2422
2423static int n_tty_ioctl(struct tty_struct *tty, struct file *file,
2424 unsigned int cmd, unsigned long arg)
2425{
2426 struct n_tty_data *ldata = tty->disc_data;
2427 int retval;
2428
2429 switch (cmd) {
2430 case TIOCOUTQ:
2431 return put_user(tty_chars_in_buffer(tty), (int __user *) arg);
2432 case TIOCINQ:
2433 down_write(&tty->termios_rwsem);
2434 if (L_ICANON(tty) && !L_EXTPROC(tty))
2435 retval = inq_canon(ldata);
2436 else
2437 retval = read_cnt(ldata);
2438 up_write(&tty->termios_rwsem);
2439 return put_user(retval, (unsigned int __user *) arg);
2440 default:
2441 return n_tty_ioctl_helper(tty, file, cmd, arg);
2442 }
2443}
2444
2445static struct tty_ldisc_ops n_tty_ops = {
2446 .magic = TTY_LDISC_MAGIC,
2447 .name = "n_tty",
2448 .open = n_tty_open,
2449 .close = n_tty_close,
2450 .flush_buffer = n_tty_flush_buffer,
2451 .read = n_tty_read,
2452 .write = n_tty_write,
2453 .ioctl = n_tty_ioctl,
2454 .set_termios = n_tty_set_termios,
2455 .poll = n_tty_poll,
2456 .receive_buf = n_tty_receive_buf,
2457 .write_wakeup = n_tty_write_wakeup,
2458 .receive_buf2 = n_tty_receive_buf2,
2459};
2460
2461/**
2462 * n_tty_inherit_ops - inherit N_TTY methods
2463 * @ops: struct tty_ldisc_ops where to save N_TTY methods
2464 *
2465 * Enables a 'subclass' line discipline to 'inherit' N_TTY methods.
2466 */
2467
2468void n_tty_inherit_ops(struct tty_ldisc_ops *ops)
2469{
2470 *ops = n_tty_ops;
2471 ops->owner = NULL;
2472 ops->refcount = ops->flags = 0;
2473}
2474EXPORT_SYMBOL_GPL(n_tty_inherit_ops);
2475
2476void __init n_tty_init(void)
2477{
2478 tty_register_ldisc(N_TTY, &n_tty_ops);
2479}